資安事件新聞週報 2024/2/12 ~ 2024/2/16

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2024/2/12 ~ 2024/2/16 1.重大弱點漏洞/後門/Exploit/Zero Day Fortinet 發布 FortiOS 和 FortiProxy 安全更新 https://www.fortiguard.com/psirt/FG-IR-24-029 Fortinet旗下SSL VPN元件存在RCE漏洞，傳出已出現攻擊行動 https://www.bleepingcomputer.com/news/security/new-fortinet-rce-bug-is-actively-exploited-cisa-confirms/ https://www.fortiguard.com/psirt/FG-IR-24-015 https://www.cisa.gov/news-events/alerts/2024/02/09/cisa-adds-one-known-exploited-vulnerability-catalog Fortinet Warns of Critical FortiOS SSL VPN Flaw Likely Under Active Exploitation https://thehackernews.com/2024/02/fortinet-warns-of-critical-fortios-ssl.html Warning: New Ivanti Auth Bypass Flaw Affects Connect Secure and ZTA Gateways https://thehackernews.com/2024/02/warning-new-ivanti-auth-bypass-flaw.html Ivanti Connect Secure的SSRF漏洞已被用於攻擊行動，散布後門程式DSLog https://www.orangecyberdefense.com/fileadmin/general/pdf/Ivanti_Connect_Secure_-_Journey_to_the_core_of_the_DSLog_backdoor.pdf Ivanti Pulse Secure Found Using 11-Year-Old Linux Version and Outdated Libraries https://thehackernews.com/2024/02/ivanti-pulse-secure-found-using-11-year.html Ivanti Vulnerability Exploited to Install 'DSLog' Backdoor on 670+ IT Infrastructures https://thehackernews.com/2024/02/ivanti-vulnerability-exploited-to.html Ivanti Conncet Secure出現XXE漏洞，攻擊者有可能存取系統部分資源 https://forums.ivanti.com/s/article/CVE-2024-22024-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure VPN軟體ExpressVPN存在漏洞，恐洩露DNS請求 https://www.expressvpn.com/blog/windows-app-dns-requests/ Alert: CISA Warns of Active 'Roundcube' Email Attacks - Patch Now https://thehackernews.com/2024/02/alert-cisa-warns-of-active-roundcube.html Exchange伺服器重大漏洞已出現攻擊行動 https://www.bleepingcomputer.com/news/security/microsoft-new-critical-exchange-bug-exploited-as-zero-day/ Critical Exchange Server Flaw (CVE-2024-21410) Under Active Exploitation https://thehackernews.com/2024/02/critical-exchange-server-flaw-cve-2024.html 微軟發布2月例行更新，修補2個零時差漏洞 https://www.bleepingcomputer.com/news/microsoft/microsoft-february-2024-patch-tuesday-fixes-2-zero-days-73-flaws/ https://msrc.microsoft.com/update-guide/releaseNote/2024-Feb https://www.trendmicro.com/en_us/research/24/b/cve202421412-water-hydra-targets-traders-with-windows-defender-s.html Microsoft: February 2024 to be the last Windows 11 22H2 optional preview update https://www.neowin.net/news/microsoft-february-2024-to-be-the-last-windows-11-22h2-optional-preview-update/ Microsoft Rolls Out Patches for 73 Flaws, Including 2 Windows Zero-Days https://thehackernews.com/2024/02/microsoft-rolls-out-patches-for-73.html Microsoft Defender SmartScreen零時差漏洞被用於散布惡意程式DarkMe https://www.trendmicro.com/en_us/research/24/b/cve202421412-water-hydra-targets-traders-with-windows-defender-s.html DarkMe Malware Targets Traders Using Microsoft SmartScreen Zero-Day Vulnerability https://thehackernews.com/2024/02/darkme-malware-targets-traders-using.html IBM QRadar SIEM contains multiple vulnerabilities https://www.ibm.com/support/pages/node/7117884 IBM QRadar Use Case Manager app is vulnerable to using components with known vulnerabilities https://www.ibm.com/support/pages/node/7117883 IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities https://www.ibm.com/support/pages/node/7117881 How Nation-State Actors Target Your Business: New Research Exposes Major SaaS Vulnerabilities https://thehackernews.com/2024/02/how-nation-state-actors-target-your.html 開機啟動元件Shim存在重大漏洞，影響多個Linux版本 https://www.bleepingcomputer.com/news/security/critical-flaw-in-shim-bootloader-impacts-major-linux-distros/ Canon修補7個印表機重大漏洞 https://psirt.canon/advisory-information/cp2024-001/ 思科修補協作閘道系統Expressway的CSRF漏洞 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3 美國警告郵件伺服器Roundcube的XSS漏洞已被用於攻擊行動 https://www.cisa.gov/news-events/alerts/2024/02/12/cisa-adds-one-known-exploited-vulnerability-catalog Adobe發布2月例行更新，修補逾30個漏洞 https://www.securityweek.com/patch-tuesday-adobe-warns-of-critical-flaws-in-widely-deployed-software/ https://helpx.adobe.com/security/products/magento/apsb24-03.html https://helpx.adobe.com/security/products/acrobat/apsb24-07.html SAP修補ABA程式碼注入漏洞，若不修補恐曝露業務資料 https://www.securityweek.com/sap-patches-critical-vulnerability-exposing-user-business-data/ AMD、Intel發布2月更新，修補逾100個漏洞 https://www.securityweek.com/chipmaker-patch-tuesday-amd-and-intel-patch-over-100-vulnerabilities/ 2.銀行/金融/保險/證券/金融監理新聞及資安 New Coyote Trojan Targets 61 Brazilian Banks with Nim-Powered Attack https://thehackernews.com/2024/02/new-coyote-trojan-targets-61-brazilian.html Chinese Hackers Using Deepfakes in Advanced Mobile Banking Malware Attacks https://thehackernews.com/2024/02/chinese-hackers-using-deepfakes-in.html Cybersecurity Tactics FinServ Institutions Can Bank On in 2024 https://thehackernews.com/2024/02/cybersecurity-tactics-finserv.html 金融木馬GoldPickaxe鎖定安卓、iOS裝置而來，盜取受害者臉部資訊用於金融詐欺 https://www.group-ib.com/blog/goldfactory-ios-trojan/ 金管會推動「奬勵本國銀行辦理六大核心戰略產業放款方案」成果 https://reurl.cc/K4Emvm 數位金融工程師開啟創新之門 https://udn.com/news/story/7241/7763491 金管會派員實地抽查9縣市ATM 全數合格過關 https://ec.ltn.com.tw/article/breakingnews/4576477 確保春節期間金融穩定金管會成立應變小組 https://www.rti.org.tw/news/view/id/2195514 台灣８成保險業者使用 SaaS 平台帳密外洩，易成駭客社交工程攻擊工具 https://www.techbang.com/posts/112918-8-of-taiwans-insurance-companies-use-saas-platforms-to-leak 銀行啟動徵才全年估招5,000人 https://www.ctee.com.tw/news/20240214700040-439901 保德信金融集團遭駭客入侵，員工及承包商資料恐洩露 https://hk.xfastest.com/185048/prudential-financial-hackers-breach-systems/ 就近期彩券交易系統發生異常之個案，財政部已責請發行機構檢討改善，維護彩券市場公信力 https://www.mof.gov.tw/singlehtml/384fb3077bb349ea973e7fc6f13b6974?cntId=6d58f8d281974f1db69fecf8ba2f7149 台彩春節出包財部對發行機構中信銀祭年度查核重點 https://www.rti.org.tw/news/view/id/2195904 集保創新金融聚焦3大面向 https://www.cdns.com.tw/articles/960775 券商資料保護先行指標富邦證獲BSI資安認證 https://www.sinotrade.com.tw/richclub/news/65cf2b1907900a8711cfb470 生成式人工智慧對金融服務的價值核心 https://www.ey.com/zh_tw/ai/core-values-in-generative-ai-for-financial-services 3.信用卡/電子支付/行動支付/pay/支付系統/資安法國兩家支付業者外洩客戶個資，波及法國總人口數的一半 https://www.ithome.com.tw/news/161260 美國銀行證實資料外洩，起因是供應商遭駭 https://www.bleepingcomputer.com/news/security/bank-of-america-warns-customers-of-data-breach-after-vendor-hack/ 防新型盜刷手法　銀行傳授口訣「三不」最重要 https://tw.nextapple.com/finance/20240214/54D06B46F181FD175040769EE121ABDB 突收通知！民眾LINE通知信用卡遭盜刷3.4萬 https://news.tvbs.com.tw/life/2396856 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安美銀行CEO「挪用客戶存款」4700萬鎂炒加密貨幣！掏空公司致破產 https://www.blocktempo.com/us-banker-charged-with-embezzling-47-million-to-invest-crypto-pig-butchering-scam/ 比特幣攀漲觸及5萬美元大關 2021年12月以來首見 https://news.cts.com.tw/cna/general/202402/202402132286271.html#google_vignette 被盜 6.24 億美元後捲土重來，Ronin 有哪些經驗值得業界學習 https://blockcast.it/2024/02/08/ronin-is-making-a-big-comeback-after-its-624m-hack-in-2022/ 美國監管機構要求對沖基金揭露加密投資策略細節 https://www.panewslab.com/zh_hk/sqarticledetails/c2n6y5lfFt.html 比特幣突破 44.000 美元並可能進一步上漲：市場成長 60 億美元 https://portalcripto.com.br/zh-TW/%E6%AF%94%E7%89%B9%E5%B9%A3%E7%AA%81%E7%A0%B4-44-%E7%BE%8E%E5%85%83%EF%BC%8C%E4%B8%A6%E5%8F%AF%E8%83%BD%E9%9A%A8%E8%91%97%E5%B8%82%E5%A0%B4%E5%A2%9E%E9%95%B7-000-%E5%84%84%E7%BE%8E%E5%85%83%E8%80%8C%E4%B8%8A%E6%BC%B2/ ERC-7265：新的 ETH 代幣標準 https://portalcripto.com.br/zh-TW/ERC-7265-%E6%96%B0%E7%9A%84-ETH-%E4%BB%A3%E5%B9%A3%E6%A8%99%E6%BA%96/ 幣安賺幣上線15天BNB定期產品，可賺取BNB年化收益及PIXEL代幣獎勵 https://www.panewslab.com/zh_hk/sqarticledetails/1vmm58vsFt.html De.Fi：近75%的頂級代幣存在與治理相關的風險 https://news.cnyes.com/news/id/5451182 區塊鏈分析公司：PlayDapp在兩次駭客攻擊中共損失價值2.9億美元代幣 https://news.cnyes.com/news/id/5452215 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC Rhysida勒索軟體被研究人員破解，將釋出解密金鑰 https://www.ithome.com.tw/news/161270 亞馬遜買到的中國製Mini PC「AceMagic AD08」遭查出廠安裝間諜軟體，利用還原功能也刪不掉 https://www.techbang.com/posts/113099-chinese-made-mini-pcs-sold-on-amazon-have-been-found-to 勒索軟體支付額創歷史新高，駭客 2023 年獲利超過 10 億美元 https://www.enigmasoftware.com/zh-hant/ransomware-payments-reach-record-high-with-hackers-raking-in-over-1-billion-in-2023/ 逾100家羅馬尼亞醫院資訊系統因勒索軟體攻擊而癱瘓 https://securityaffairs.com/159093/cyber-crime/romanian-hospitals-ransomware-attack.html https://www.dnsc.ro/citeste/atac-cibernetic-ransomware-spitale-Romania https://www.ms.ro/en/press-center/atac-cibernetic-masiv-de-tip-ransomware-asupra-serverelor-de-produc%C8%9Bie-pe-care-ruleaz%C4%83-sistemul-informatic-his/ 現代汽車歐洲分公司傳出遭到勒索軟體Black Basta攻擊 https://www.bleepingcomputer.com/news/security/hyundai-motor-europe-hit-by-black-basta-ransomware-attack/ 美國搗毀木馬程式Warzone RAT的基礎設施 https://www.justice.gov/opa/pr/international-cybercrime-malware-service-dismantled-federal-authorities-key-malware-sales Rhysida勒索軟體被研究人員破解，將釋出解密金鑰 https://www.ithome.com.tw/news/161270 Ubuntu的「命令找不到」工具有可能被濫用於散布惡意軟體 https://blog.aquasec.com/snap-trap-the-hidden-dangers-within-ubuntus-package-suggestion-system Ubuntu 'command-not-found' Tool Could Trick Users into Installing Rogue Packages https://thehackernews.com/2024/02/ubuntu-command-not-found-tool-could.html Stealthy Zardoor Backdoor Targets Saudi Islamic Charity Organization https://thehackernews.com/2024/02/stealthy-zardoor-backdoor-targets-saudi.html Alert: New Stealthy "RustDoor" Backdoor Targeting Apple macOS Devices https://thehackernews.com/2024/02/alert-new-stealthy-rustdoor-backdoor.html Raspberry Robin Malware Upgrades with Discord Spread and New Exploits https://thehackernews.com/2024/02/raspberry-robin-malware-upgrades-with.html MoqHao Android Malware Evolves with Auto-Execution Capability https://thehackernews.com/2024/02/new-variant-of-moqhao-android-malware.html U.S. Offers $10 Million Bounty for Info Leading to Arrest of Hive Ransomware Leaders https://thehackernews.com/2024/02/us-offers-10-million-bounty-for-info.html U.S. DoJ Dismantles Warzone RAT Infrastructure, Arrests Key Operators https://thehackernews.com/2024/02/us-doj-dismantles-warzone-rat.html Rhysida Ransomware Cracked, Free Decryption Tool Released https://thehackernews.com/2024/02/rhysida-ransomware-cracked-free.html Bumblebee Buzzes Back in Black https://www.proofpoint.com/us/blog/threat-insight/bumblebee-buzzes-back-black Bumblebee Malware Returns with New Tricks, Targeting U.S. Businesses https://thehackernews.com/2024/02/bumblebee-malware-returns-with-new.html Glupteba Botnet Evades Detection with Undocumented UEFI Bootkit https://thehackernews.com/2024/02/glupteba-botnet-evades-detection-with.html PikaBot Resurfaces with Streamlined Code and Deceptive Tactics https://thehackernews.com/2024/02/pikabot-resurfaces-with-streamlined.html Kryptina RaaS | From Underground Commodity to Open Source Threat https://otx.alienvault.com/pulse/65ccf886d4642fa3ca857798 Malicious IP's pulled from Modem logs https://otx.alienvault.com/pulse/65cd33874f16f9771c570300 Face Off https://otx.alienvault.com/pulse/65ce2fbf2d10c7204d57dec2 What is Lumma Stealer https://otx.alienvault.com/pulse/65ce9dc4e2b0c34ea9a1551a B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊蘋果正式允許iOS App開發商在第三方程式市集上架 https://www.ithome.com.tw/news/161267 NCC：手機打網路電話1天1小時　逾99%民眾都用LINE https://www.setn.com/News.aspx?NewsID=1426261 滑手機也要顧資安資安署：掌握四不六要就安心 https://money.udn.com/money/story/5613/7768212?from=edn_newest_index 密碼管理應用程式LastPass出現冒牌貨，公然在蘋果App Store市集上架 https://blog.lastpass.com/2024/02/warning-fraudulent-app-impersonating-lastpass-currently-available-in-apple-app-store/ C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力開發者對AI興趣大爆發　企業更關注資安風險 https://www.technice.com.tw/techmanage/infosecurity/95098/ CISA、OpenSSF合作套件儲存庫安全框架 https://www.ithome.com.tw/news/161271 報告:倦怠會直接導致網路安全漏洞 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10936 AI深偽詐騙的新興資安隱憂與破解之道 https://udn.com/news/story/6877/7764497 培訓與肯定降低資安人員的壓力與倦怠 https://www.cio.com.tw/the-training-and-training-will-definitely-reduce-the-pressure-and-fatigue-of-the-security-personnel/ 微軟點名四國家支持駭客組織濫用 AI 進化網攻技能 https://news.owlting.com/articles/610156 國家級駭客將AI當作網路攻擊的武器 https://www.ithome.com.tw/news/161281 https://openai.com/blog/disrupting-malicious-uses-of-ai-by-state-affiliated-threat-actors https://www.microsoft.com/en-us/security/blog/2024/02/14/staying-ahead-of-threat-actors-in-the-age-of-ai/ 德國電池製造商Varta遭遇網路攻擊，被迫暫停生產作業 https://www.marketscreener.com/quote/stock/VARTA-AG-646256/news/VARTA-AG-VARTA-affected-by-cyber-attack-45941947/ 駭客協會：看好龐大經濟利益黑色產業鏈成行 https://news.owlting.com/articles/49401 兩的哥與俄國駭客合謀入侵機場出租車調度系統被判刑 https://www.epochtimes.com/b5/24/2/14/n14180576.htm 量子電腦技術各國保密到家台灣為何鉅細靡遺展示成果？(影音) https://www.rti.org.tw/news/view/id/2194855 2024臺灣大選期間曾出現資安危機，中國駭客網路攻擊頻率倍增，可能是為了散布抹黑訊息，以影響選情 https://www.trellix.com/blogs/research/cyberattack-on-democracy-escalating-cyber-threats-immediately-ahead-of-taiwan-2024-presidential-election/ 網攻不斷！台灣平均每秒被攻擊近1.5萬次不明連結恐遭駭 https://reurl.cc/37y1qM 資安報告：台灣大選前24小時與中國有關網攻倍增 https://www.cna.com.tw/news/aipl/202402130173.aspx 日本資安專家:網路攻擊正以前所未有的速度展開 https://www.pourquoi.tw/intlnews-neasia-240202-240208-4/ 涉竊核彈機密美華裔研究員被捕 https://reurl.cc/aLEl7Y 中國政府聯合官方媒體、當地資安業者，散布美國情報單位從事駭客行為的言論 https://www.sentinelone.com/labs/chinas-cyber-revenge-why-the-prc-fails-to-back-its-claims-of-western-espionage/ 中國問題專家：TikTok威脅美國信息網絡應立即被禁 https://www.soundofhope.org/post/791410?lang=b5 中共黑客入侵日本機密網絡近期對多國發動網攻 https://hk.epochtimes.com/news/2024-02-09/22123186#google_vignette 顧不上資安疑慮了？拜登競選團隊開TikTok帳號搶年輕選票 https://today.line.me/tw/v2/article/BERp78n 美中雙邊科技協議談判半年續簽還要等 https://reurl.cc/g4Nv1R 北韓網攻籌資發展核武 UN調查 https://reurl.cc/WRz4e7 駭客曝文件證實伊朗售俄無人機 https://reurl.cc/pr8dnd 美國和盟國情報機構：中國針對美國關鍵基礎設施的駭客活動已持續五年之久 https://www.voacantonese.com/a/chinese-hacking-campaign-aimed-at-critical-infrastructure-goes-back-five-years-us-says-20240208/7480746.html 中國電信巨頭華為法國公司遭法國國家金融檢察官突襲搜查 https://www.trade.gov.tw/Pages/Detail.aspx?nodeID=45&pid=778350 Microsoft Introduces Linux-Like 'sudo' Command to Windows 11 https://thehackernews.com/2024/02/microsoft-introduces-linux-like-sudo.html CISA and OpenSSF Release Framework for Package Repository Security https://thehackernews.com/2024/02/cisa-and-openssf-release-framework-for.html Chinese Hackers Operate Undetected in U.S. Critical Infrastructure for Half a Decade https://thehackernews.com/2024/02/chinese-hackers-operate-undetected-in.html Microsoft, OpenAI Warn of Nation-State Hackers Weaponizing AI for Cyber Attacks https://thehackernews.com/2024/02/microsoft-openai-warn-of-nation-state.html U.S. Government Disrupts Russia-Linked Botnet Engaged in Cyber Espionage https://thehackernews.com/2024/02/us-government-disrupts-russian-linked.html Russian Turla Hackers Target Polish NGOs with New TinyTurla-NG Backdoor https://thehackernews.com/2024/02/russian-turla-hackers-target-polish.html 資安合規處-品質管理管理師 https://www.104.com.tw/job/84qyf 資訊安全資深工程師 https://job.taiwanjobs.gov.tw/Internet/index/jobDetail.aspx?R2=&EMPLOYER_ID=44531&HIRE_ID=12551557 正修科技大學圖書資訊處徵聘資訊安全工程師1名 https://visit.csu.edu.tw/UIPWeb/wSite/ct?xItem=339917&ctNode=17306&mp=10001&idPath=17291_17301_17306 資安升級催動徵才需求 https://money.udn.com/money/story/5607/7768962?from=edn_subcatelist_cate 資訊人員 https://job.taiwanjobs.gov.tw/Internet/index/jobDetail.aspx?R2=&EMPLOYER_ID=2521289&HIRE_ID=12545787 D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全全球100多個「假新聞網站」資安機構：背後全與中國這家公司有關 https://news.pchome.com.tw/living/crwant/20240208/index-70738318501270316009.html 全球逾百假媒體助中國大外宣 https://reurl.cc/nrxVR2 「LINE搶紅包」事實查核中心：詐騙訊息.為詐個資 https://reurl.cc/E4YKag 收到別點！LINE瘋傳「龍年領紅包」訊息　專家證實假的：個資恐遭騙光 https://www.mirrormedia.mg/external/tvbs_2392245 【真的假得了】Instagram懶理偽冒帳戶舉報　背後原理同錢有關 https://www.wepro180.com/240209_instagram/ 詐團偽冒身分跨境詐騙把握黃金48小時追回款項 https://reurl.cc/eLQ5Ab Gogolook《亞洲詐騙調查報告》:近3成民眾因「賭博心態」成為詐騙受害者 https://cybersecurenews.com.tw/expert-talk-039/ 不明連結勿亂點！當心個資遭竊、駭客入侵手機 https://www.youtube.com/watch?v=C5lw4WS87AU 越南異議人士家庭遭攝像機監控，憂心駭客入侵，隱私泄露 https://www.rfa.org/cantonese/news/factcheck/vt-02132024125504.html 法國健保業者客戶資料外洩，恐波及該國近半數民眾 https://www.cnil.fr/fr/violation-de-donnees-de-deux-operateurs-de-tiers-payant-la-cnil-ouvre-une-enquete-et-rappelle-aux 美國政府責任署傳出資料外洩，原因是承包商的Confluence伺服器遭駭 https://cyberscoop.com/atlassian-vulnerability-at-fault-in-gao-breach/ 美國國防部證實1年前的資料外洩事故，逾2萬名員工受害 https://defensescoop.com/2024/02/13/dod-notifying-people-year-old-data-breach/ https://techcrunch.com/2024/02/14/department-defense-data-breach-microsoft-cloud-email/ 個資外洩遭詐勝訴首例　買北投麗禧溫泉券被騙近10萬 https://tw.nextapple.com/finance/20240216/EF4892187CBC3E31C5C543A5FFD69CA7 4 Ways Hackers use Social Engineering to Bypass MFA https://thehackernews.com/2024/02/4-ways-hackers-use-social-engineering.html Malicious 'SNS Sender' Script Abuses AWS for Bulk Smishing Attacks https://thehackernews.com/2024/02/malicious-sns-sender-script-abuses-aws.html U.S. State Government Network Breached via Former Employee's Account https://thehackernews.com/2024/02/us-state-government-network-breached.html E.研究報告/工具打造下一代防火牆：ChatGPT運用於資安 - 專為防火牆工程師 https://reurl.cc/A4X1z8 VPN的多種用途：保護隱私、突破地理限制和節省費用 https://vocus.cc/article/65c60519fd89780001202c26 挑戰ChatGPT編程和駭客（我們會被絕望嗎？） https://youtu.be/Fw5ybNwwSbg 打造資通安全韌性防護關鍵基礎設施 https://www.ydn.com.tw/news/newsInsidePage?chapterID=1652373&type=universal 從資安點到面，建構系列防護以應對高變化市場 https://tw.systex.com/case_240216/ 針對中小企業不斷演變的網路威脅 https://blog.twnic.tw/2024/02/16/29527/ 指令、圖片都可以轉檔影片！OpenAI發表模型Sora，影音內容爆發時代來了 https://www.storm.mg/article/5021110 Flipper Zero 和 Raspberry Pi 合作，將Flipper Zero 變成電子遊戲的控制器 https://www.techbang.com/posts/113135-flipper-zero--raspberry-pi-games Cybersecurity Tactics FinServ Institutions Can Bank On in 2024 https://thehackernews.com/2024/02/cybersecurity-tactics-finserv.html Hands-on Review: Myrror Security Code-Aware and Attack-Aware SCA https://thehackernews.com/2024/02/hands-on-review-myrror-security-code.html Wazuh in the Cloud Era: Navigating the Challenges of Cybersecurity https://thehackernews.com/2024/02/wazuh-in-cloud-era-navigating.html Why Are Compromised Identities the Nightmare to IR Speed and Efficiency https://thehackernews.com/2024/02/why-are-compromised-identities.html Midnight Blizzard and Cloudflare-Atlassian Cybersecurity Incidents: What to Know https://thehackernews.com/2024/02/midnight-blizzard-and-cloudflare.html Why We Must Democratize Cybersecurity https://thehackernews.com/2024/02/why-we-must-democratize-cybersecurity.html How Nation-State Actors Target Your Business: New Research Exposes Major SaaS Vulnerabilities https://thehackernews.com/2024/02/how-nation-state-actors-target-your.html F.商業 Google Bard 升級更名「Gemini」，付費可用進階版 Gemini Advanced https://today.line.me/tw/v2/article/yzBwVGG Gemini拒絕執行要求，無法整合自家服務，Google承諾改善 https://www.ithome.com.tw/news/161268 可使用Gemini的Google One AI進階版正式推出，臺灣也已上線 https://www.ithome.com.tw/news/161264 DARPA將繼續資助微軟發展拓撲量子位元電腦 https://www.ithome.com.tw/news/161265 Check Point 網絡安全助理 AI Copilot　直接查問防火牆規則權限 https://www.pcmarket.com.hk/check-point-infinity-ai-copilot-ask-reason-for-firewall-policy-if-user-asked-why-blocked/ 谷歌宣布推出免費人工智慧工具以強化網路安全 https://reurl.cc/VNnrlN 欣新網、安碁資訊打造電商資安防護網 https://www.ctee.com.tw/news/20240216700781-430201 G.政府臺北市政府所屬人員資通安全事項獎懲基準 https://www.laws.taipei.gov.tw/law/LawSearch/LawArticleContent?sysNumber=P34E2011&realID=34-05-2011 拍馬屁？東引營長竟要幹部1人1封「有您真好」簡訊給指揮官 https://www.setn.com/news.aspx?newsid=1425523 資安無假期　資安院成立「警戒專案」守護台灣數位疆土安全 https://finance.ettoday.net/news/2681024 國家防火牆首度曝光！守護台灣數位疆土安全　資安院24hr不斷電全面警戒 https://www.setn.com/News.aspx?NewsID=1422980 資安院春節期間不打烊同仁們輪班堅守崗位 https://www.youtube.com/watch?v=cl8QMSALXd8 TikTok全面禁用有難度立委：在台落地可處置／公部門禁用但無法源禁止民眾下載 https://ec.ltn.com.tw/article/paper/1630487 政府採購強化資安確保人民個資 https://www.pcc.gov.tw/News_Content.aspx?n=C61062639C0CD29F&s=35920C67E440B4F6 資安國造防貼牌立委：先確立MIT標準 https://ec.ltn.com.tw/article/paper/1630531 公務員年終將縮水？銓敘部駁斥「是誤解」：表現突出拿更多 https://www.setn.com/news.aspx?newsid=1425694 中國威脅全球資安唐鳳：採「零信任」方式因應 https://web01.rti.org.tw/news/player/id/2152756 立法院發布資安治理機制之法制研析 https://www.ly.gov.tw/Pages/Detail.aspx?nodeid=5249&pid=236677 成功開發LLM 關貿盼2027年營收達30億 https://ec.ltn.com.tw/article/breakingnews/4579840 中選會：全國性公投電子連署系統4/10上線 https://money.udn.com/money/story/7307/7773119 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安西門子發布2月例行更新，公告270個漏洞 https://www.securityweek.com/ics-patch-tuesday-siemens-addresses-270-vulnerabilities/ I.教育訓練 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 6.近期資安活動及研討會【安碁學苑】IPAS 資訊安全工程師中級證照培訓班 2024/2/20 ~ 2024/7/15 https://acsiacad.kktix.cc/events/6ebd7fbd-copy-1 資安五四三 2024/2/21 https://csa.kktix.cc/events/202402-543 2024 Duet AI for Google Cloud 全新攻略看這邊！手刀報名 2/21 Duet AI 線上研討會 2024/2/21 https://www.accupass.com/event/2401171309569808607700 2024資安365年會 2024/2/22 https://www.informationsecurity.com.tw/seminar/2024_TPinfosecurity365/register.aspx 『數位信任』暨『防詐產業』交流會 2024/2/22 https://www.accupass.com/event/2401190530421788718610 Google Cloud 資安攻略｜Cloud Armor 搭配負載平衡打造資安防護網 2024/2/23 https://www.accupass.com/event/2401150346098763080290 【安碁學苑】IPAS 資訊安全工程師中級證照培訓班 2024/2/20-2024/2/3/5 https://www.accupass.com/event/2312151022301066488466 2024H1資安實戰演練大會AI爆發時代的企業資安聯合軍演 2024/3/6 https://buzzorange.com/techorange/forum/2024h1-cybersecurity-combat-exercise/ 資安事件調查與實務分析 2024/3/6（三） https://docs.google.com/forms/d/1bO_IhZ9gxZ-nFNGVva7ZfRWyX5B3n-sKEdW6nkPtj50/edit .NET / Java 安全程式開發達人集訓班（高雄場） 2024/3/6 ~ 2024/3/8 https://www.accupass.com/event/2401100307112987621850 【安碁學苑】資安技術人才培育｜實戰培訓首發班 2024/3/11 ~ 2024/3/29 https://acsiacad.kktix.cc/events/6ebd7fbd-copy-2 DEVCORE CONFERENCE 2024 2024/3/16 https://devcore.kktix.cc/events/devcoreconf2024 【企業資安講堂】資安教育免費線上課程 2024/3/19 ~ 2024/11/19 https://acercsi.kktix.cc/events/2024csr 黑客視角：網站漏洞挖掘與防禦 2024/3/20 https://docs.google.com/forms/d/1OGcXzbo2vG9_DU5oQ9DCAF2zWJtewqrd4OM28zdatw4/edit 社團法人台灣駭客協會 113 年度會員春酒 2024/3/27 https://hitcon.kktix.cc/events/hit-banquet-113 中區(實體)--校園資安作業與外部審查實務 2024/4/8 https://tp2rc.tanet.edu.tw/node/790 AI應用系統開發與生成式AI應用人才培訓班第一梯次 2024/6/27 ~ 2024/8/9 https://www.accupass.com/event/2401100729511706489107