資安事件新聞週報 2023/2/27 ~ 2023/3/3

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2023/2/27 ~ 2023/3/3 1.重大弱點漏洞/後門/Exploit/Zero Day 思科修補網路電話的命令注入漏洞 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-cmd-inj-KMFynVcP Critical Flaw in Cisco IP Phone Series Exposes Users to Command Injection Attack https://thehackernews.com/2023/03/critical-flaw-in-cisco-ip-phone-series.html Zoho ManageEngine重大漏洞已出現攻擊行動 https://www.bitdefender.com/blog/labs/weaponizing-pocs-a-targeted-attack-using-cve-2022-47966/ Experts Sound Alarm Over Growing Attacks Exploiting Zoho ManageEngine Products https://thehackernews.com/2023/02/experts-sound-alarm-over-growing.html 桓基科技HGiga OAKlouds - Arbitrary File Upload https://www.twcert.org.tw/tw/cp-132-6973-45872-1.html 微軟在去年6月已終止支援IE，但漏洞攻擊套件RIG持續透過該瀏覽器漏洞感染組織 https://www.prodaft.com/resource/detail/rig-rig-exploit-kit-depth-analysis Aruba網路設備作業系統出現重大漏洞，攻擊者可在未通過身分驗證的情況下發動RCE攻擊 https://www.bleepingcomputer.com/news/security/aruba-networks-fixes-six-critical-vulnerabilities-in-arubaos/ 美國警告網頁應用程式框架ZK Framework漏洞被用於攻擊行動 https://thehackernews.com/2023/02/cisa-issues-warning-on-active.html WordPress佈景主題出現重大漏洞，已有人用於挾持網站 https://patchstack.com/articles/psa-houzez-theme-unauthenticated-privilege-escalation-vulnerability-exploited-in-the-wild/ Google修補重大記憶體釋放後濫用漏洞，若不更新恐導致RCE攻擊 https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html 2.銀行/金融/保險/證券/金融監理新聞及資安又有GoAnywhere系統遭駭的組織出現！Fintech業者Hatch Bank近14萬客戶資料外洩 https://techcrunch.com/2023/03/02/hatch-bank-breach-fortra-goanywhere-exploit/ 企業資安事件頻傳金管會規定金融業須於30分鐘內通報 https://udn.com/news/story/7239/6991518 79家金融業被召喚開資安會議，會中聚焦供應鏈資安韌性、聯防效能 https://reurl.cc/0EXvZx 立委籲「金融漢光演習」並確保資安不會成金融戰破口 https://udn.com/news/story/6656/7003376 美眾議院通過4友台法案立委：台應積極推動金融兵推 https://reurl.cc/9VpvRY 金融科技成強勢新顯學　台灣卻潛藏資安風險？立委鍾佳濱：參考GDPR更新《個資法》 https://www.upmedia.mg/news_info.php?Type=252&SerialNo=166964 The Secret Vulnerability Finance Execs are Missing https://thehackernews.com/2023/02/the-secret-vulnerability-finance-execs.html 3.信用卡/電子支付/行動支付/pay/支付系統/資安電子支付之戰韓國推元宇宙聯盟闢新商機 https://ctee.com.tw/news/finance/815803.html 全盈用戶破百萬，為何還撿銀行不做的生意？拆解背後「最強配角」哲學 https://www.bnext.com.tw/article/74189/pluspay-3e-2023 遠通電收電子支付停車費新服務非eTag用戶也適用 https://reurl.cc/a1Gqq9 印星連結電子支付平台莫迪預期將成主流交易模式 https://udn.com/news/story/6811/6986303 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安比特幣開發者新提案「BTC保險庫」，阻止駭客竊走資產 https://www.blocktempo.com/bitcoin-vault-feature-is-coming/ 加密貨幣暴跌原因？某神秘基金從 Circle 提取「3.12億枚USDC」轉至交易所 https://www.blocktempo.com/mysterious-fund-withdrew-312-million-usdc-from-circle/ 多家加密貨幣公司終止與最受歡迎的夥伴銀行Silvergate合作 https://reurl.cc/V81zMy 西班牙稅務局將加密貨幣納入新稅收準則 https://news.cnyes.com/news/id/5103353 那群決定比特幣未來、阻止加密貨幣災難的神秘工程師 https://www.storm.mg/article/4746649?page=1 監管再施壓》SEC主席：加密貨幣交易所「不是合規」資產託管方 https://www.blocktempo.com/us-sec-chairman-cryptocurrency-exchanges-are-not-compliant-asset-custodians/ 避免加密詐騙捲走血汗錢，台灣監管方向出爐：可能朝「特許行業」設規則 https://www.bnext.com.tw/article/74321/fsc-crypto-regulation 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC PlugX 惡意軟體隱藏在USB 設備上以感染新的 Windows 主機 https://www.bleepingcomputer.com/news/security/plugx-malware-hides-on-usb-devices-to-infect-new-windows-hosts/ https://unit42.paloaltonetworks.com/plugx-variants-in-usbs/ 惡意軟體PlugX濫用開源Windows除錯工具在受害電腦運作 https://www.trendmicro.com/en_us/research/23/b/investigating-the-plugx-trojan-disguised-as-a-legitimate-windows.html PlugX Trojan Disguised as Legitimate Windows Debugger Tool in Latest Attacks https://thehackernews.com/2023/02/plugx-trojan-disguised-as-legitimate.html BlackLotus UEFI bootkit: Myth confirmed https://www.welivesecurity.com/2023/03/01/blacklotus-uefi-bootkit-myth-confirmed/ 惡意軟體BlackLotus繞過UEFI安全開機，能在Windows 11電腦上運作 https://www.welivesecurity.com/2023/03/01/blacklotus-uefi-bootkit-myth-confirmed/ BlackLotus Becomes First UEFI Bootkit Malware to Bypass Secure Boot on Windows 11 https://thehackernews.com/2023/03/blacklotus-becomes-first-uefi-bootkit.html 中國駭客TA416利用MQTT通訊協定遠端控制受害電腦，主要目標是臺灣的政府機關 https://www.welivesecurity.com/2023/03/02/mqsttang-mustang-panda-latest-backdoor-treads-new-ground-qt-mqtt/ MQsTTang: Mustang Panda’s latest backdoor treads new ground with Qt and MQTT https://www.welivesecurity.com/2023/03/02/mqsttang-mustang-panda-latest-backdoor-treads-new-ground-qt-mqtt/ Chinese Hackers Targeting European Entities with New MQsTTang Backdoor https://thehackernews.com/2023/03/chinese-hackers-targeting-european.html 加拿大書店Indigo遭勒索軟體攻擊，員工資料外洩 https://therecord.media/indigo-book-seller-employee-data-ransomware-attack/ 勒索軟體LockBit鎖定西班牙語用戶，突破防毒軟體與EDR防護加密檔案 https://www.fortinet.com/blog/threat-research/emerging-lockbit-campaign 惡意軟體下載器PureCrypter鎖定政府機關而來，透過Discord發動攻擊 https://www.menlosecurity.com/blog/purecrypter-targets-government-entities-through-discord/ 駭客組織TA569透過多種注入手法散布SocGholish https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond 美國法警局傳出遭勒索軟體攻擊 https://www.nbcnews.com/politics/politics-news/major-us-marshals-service-hack-compromises-sensitive-info-rcna72581 美國衛星通訊服務業者Dish Network遭到勒索軟體攻擊，旗下服務停擺 https://www.bleepingcomputer.com/news/security/dish-network-confirms-ransomware-attack-behind-multi-day-outage/ IBM：「先部署後門程式再勒索」製造業連續兩年受攻擊最多 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10348 #StopRansomware: Cuba Ransomware https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-335a Hunting for Honkbox | Multistage macOS Cryptominer May Still Be Hiding https://www.sentinelone.com/blog/hunting-for-honkbox-multistage-macos-cryptominer-may-still-be-hiding/ BB17 distribution Qakbot (Qbot) activity https://isc.sans.edu/diary/rss/29592 Active hoze mining Trojan analysis https://mp.weixin.qq.com/s/-mZD0pPbeIgxoTUNNFBnrw Kaiji Botnet Resurfaces, Unmasking Ares Hacking Group https://ti.qianxin.com/blog/articles/Kaiji-Botnet-Resurfaces-Unmasking-Ares-Hacking-Group-EN/ Lumma Stealer targets YouTubers via Spear-phishing Email https://medium.com/s2wblog/lumma-stealer-targets-youtubers-via-spear-phishing-email-ade740d486f7 RIG Exploit Kit In-Depth Analysis https://www.prodaft.com/resource/detail/rig-rig-exploit-kit-depth-analysis Analysis of Attack Activities of APT-C-61 (Tengyun Snake) https://mp.weixin.qq.com/s/s740Y3HaXBXkS5RJi9LaHQ Lazarus attack group attack case using public certificate software vulnerability widely used in public institutions and universities https://asec.ahnlab.com/ko/48416/ Blind Eagle Deploys Fake UUE Files and Fsociety to Target Colombia's Judiciary, Financial, Public, and Law Enforcement Entities https://blogs.blackberry.com/en/2023/02/blind-eagle-apt-c-36-targets-colombia Ransomware Attack on IL&FS https://blog.cyble.com/2023/03/01/ransomware-attack-on-ilfs/ Iron Tiger’s SysUpdate Reappears, Adds Linux Targeting https://www.trendmicro.com/en_us/research/23/c/iron-tiger-sysupdate-adds-linux-targeting.html https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/c/iron-tiger-sysupdate-reappears-adds-linux-targeting/IOCs-iron-tiger-sysupdate-reappears-adds-linux-targeting.txt Beware of macOS cryptojacking malware https://www.jamf.com/blog/cryptojacking-macos-malware-discovered-by-jamf-threat-labs/ URL files and WebDAV used for IcedID (Bokbot) infection https://isc.sans.edu/diary/rss/29578 A year of wiper attacks in Ukraine https://www.welivesecurity.com/2023/02/24/year-wiper-attacks-ukraine/ S1deload Stealer – Exploring the Economics of Social Network Account Hijacking https://www.bitdefender.com/files/News/CaseStudies/study/428/Bitdefender-PR-Whitepaper-S1deloadStealer-creat6669-en-EN.pdf Technical Advisory: Various Threat Actors Targeting ManageEngine Exploit CVE-2022-47966 https://businessinsights.bitdefender.com/tech-advisory-manageengine-cve-2022-47966 TA569: SocGholish and Beyond https://www.proofpoint.com/us/blog/threat-insight/ta569-socgholish-and-beyond 駭客兜售惡意框架Exfiltrator-22，並標榜可用於散布勒索軟體 https://www.cyfirma.com/outofband/exfiltrator-22-an-emerging-post-exploitation-framework/ EXFILTRATOR-22 - An Emerging Post-Exploitation Framework https://www.cyfirma.com/outofband/exfiltrator-22-an-emerging-post-exploitation-framework/ Desde Chile con Malware (From Chile with Malware) https://www.team-cymru.com/post/from-chile-with-malware Analysis of phishing activities delivered by AgentTesla using GuLoader https://mp.weixin.qq.com/s/rF4p-PHQrV33svltk44vOg Blackfly: Espionage Group Targets Materials Technology https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/blackfly-espionage-materials Hackers Using Trojanized macOS Apps to Deploy Evasive Cryptocurrency Mining Malware https://thehackernews.com/2023/02/hackers-using-trojanized-macos-apps-to.html 惡意軟體ChromeLoader假借任天堂或Steam攻擊遊戲玩家 https://asec.ahnlab.com/en/48211/ ChromeLoader Malware Targeting Gamers via Fake Nintendo and Steam Game Hacks https://thehackernews.com/2023/02/chromeloader-malware-targeting-gamers.html PureCrypter Malware Targets Government Entities in Asia-Pacific and North America https://thehackernews.com/2023/02/purecrypter-malware-targets-government.html 木馬程式Parallax RAT鎖定加密貨幣業者而來 https://www.uptycs.com/blog/cryptocurrency-entities-at-risk-threat-actor-uses-parallax-rat-for-infiltration Parallax RAT Targeting Cryptocurrency Firms with Sophisticated Injection Techniques https://thehackernews.com/2023/03/parallax-rat-targeting-cryptocurrency.html Bitdefender Releases Free Decryptor for MortalKombat Ransomware Strain https://thehackernews.com/2023/02/bitdefender-releases-free-decryptor-for.html New EX-22 Tool Empowers Hackers with Stealthy Ransomware Attacks on Enterprises https://thehackernews.com/2023/02/new-ex-22-tool-empowers-hackers-with.html Experts Identify Fully-Featured Info Stealer and Trojan in Python Package on PyPI https://thehackernews.com/2023/03/experts-identify-fully-featured-info.html SysUpdate Malware Strikes Again with Linux Version and New Evasion Tactics https://thehackernews.com/2023/03/sysupdate-malware-strikes-again-with.html Cybercriminals Targeting Law Firms with GootLoader and FakeUpdates Malware https://thehackernews.com/2023/03/cybercriminals-targeting-law-firms-with.html U.S. Cybersecurity Agency Raises Alarm Over Royal Ransomware's Deadly Capabilities https://thehackernews.com/2023/03/us-cybersecurity-agency-raises-alarm.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 Google Teams Up with Ecosystem Partners to Enhance Security of SoC Processors https://thehackernews.com/2023/02/google-teams-up-with-ecosystem-partners.html Gmail and Google Calendar Now Support Client-Side Encryption (CSE) to Boost Data Privacy https://thehackernews.com/2023/03/gmail-and-google-calendar-now-support.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力駭客來襲無煙硝的資安戰爭 https://udn.com/news/story/6851/7003943 Terraform、K8s、AWS遭到鎖定，駭客竊取原始碼等機密資料 https://sysdig.com/blog/cloud-breach-terraform-data-theft/ 新聞媒體集團News Corp去年遭駭調查有新進展，駭客2020年就得到存取權限 https://www.bleepingcomputer.com/news/security/news-corp-says-state-hackers-were-on-its-network-for-two-years/ 台積電加入FIRST國際資安應變組織，成國內第二家高科技製造業會員 https://www.first.org/members/teams/tsmc-circ 國際資安應變組織FIRST發布DNS濫用技術矩陣 https://www.first.org/blog/20230228-DNS_Abuse_Techniques_Matrix 美國速食店Chick-fil-A證實遭到帳號填充攻擊 https://oag.ca.gov/system/files/2023-03-02%20-%20CFA%20-%20Individual%20Notification%20Template.pdf 駭客組織Iron Tiger鎖定Windows、Linux電腦而來，接下來Mac電腦也可能是目標 https://www.trendmicro.com/en_us/research/23/c/iron-tiger-sysupdate-adds-linux-targeting.html 法律事務所員工遭到水坑式攻擊，駭客企圖散布惡意軟體GootLoader和SocGholish https://reurl.cc/1emvQ9 駭客聲稱在2022年入侵電信業者T-Mobile超過100次 https://krebsonsecurity.com/2023/02/hackers-claim-they-breached-t-mobile-more-than-100-times-in-2022/ 9家丹麥醫院傳出遭到Anonymous Sudan發動DDoS攻擊 https://therecord.media/danish-hospitals-hit-by-cyberattack-from-anonymous-sudan/ 中國駭客組織APT41鎖定亞洲材料業者下手 https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/blackfly-espionage-materials CISA局長提出警告，一旦中國對臺灣動武，也有可能同時對西方國家展開大規模網路攻擊 https://www.cisa.gov/cisa-director-easterly-remarks-carnegie-mellon-university 比利時國會議員被駭和中國政府有關連 https://news.ltn.com.tw/news/world/breakingnews/4226158 美網路安全戰略點名中俄伊朗北韓為惡意行為者 https://www.rti.org.tw/news/view/id/2160778 Hackers Exploit Containerized Environments to Steal Proprietary Data and Software https://thehackernews.com/2023/03/hackers-exploit-containerized.html CISA Sounds Alarm on Cybersecurity Threats Amid Russia's Invasion Anniversary https://thehackernews.com/2023/02/cisa-sounds-alarm-on-cybersecurity.html 駭客組織APT-C-36鎖定哥倫比亞公共服務機構下手 https://blogs.blackberry.com/en/2023/02/blind-eagle-apt-c-36-targets-colombia APT-C-36 Strikes Again: Blind Eagle Hackers Target Key Industries in Colombia https://thehackernews.com/2023/02/apt-c-36-strikes-again-blind-eagle.html New Cryptojacking Campaign Leverages Misconfigured Redis Database Servers https://thehackernews.com/2023/03/new-cryptojacking-campaign-leverages.html 資安風險顧問-顧問/資深顧問/經理 https://reurl.cc/pLMrqr 趨勢科技校園徵才開放5大資安職缺 https://www.ptt.cc/bbs/Tech_Job/M.1677717343.A.1EE.html 2024大選防中國認知作戰調查局資安站找外援開6萬月薪 https://news.ltn.com.tw/news/politics/breakingnews/4226510 D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全英國連鎖超市WH Smith傳出資料外洩 https://www.bleepingcomputer.com/news/security/british-retail-chain-wh-smith-says-data-stolen-in-cyberattack/ 影片行銷軟體Animker洩露用戶個資 https://www.hackread.com/video-marketing-software-animker-data-leak/ 駭客假冒財星百大企業來進行投資詐騙 https://www.resecurity.com/blog/article/resecurity-disrupts-investment-scam-network-digital-smoke LinkedIn短網址遭到濫用，用於Amazon Prime電子郵件網釣攻擊 https://www.malwarebytes.com/blog/news/2023/02/linkedin-slinks-abused-to-phish-email-and-payment-details 加拿大電信業者Telus原始碼、員工資料外洩 https://www.bleepingcomputer.com/news/security/telus-investigating-leak-of-stolen-source-code-employee-data/ 史丹佛大學傳出資料外洩，波及申請博士班的經濟系學生 https://www.bleepingcomputer.com/news/security/stanford-university-discloses-data-breach-affecting-phd-applicants/ 電玩業者Activision資料流入駭客論壇，起因疑為Azure資料庫外洩 https://www.bleepingcomputer.com/news/security/hacker-leaks-alleged-activision-employee-data-on-cybercrime-forum/ 澳洲消費電子連鎖商店The Good Guys傳出資料外洩，起因是第三方供應商遭駭 https://www.zdnet.com/article/australia-retailers-customer-data-compromised-in-third-party-breach/ LastPass透露2022遭駭事件新的發展，駭客利用側錄工具竊取DevOps工程師帳密 https://www.bleepingcomputer.com/news/security/lastpass-devops-engineer-hacked-to-steal-password-vault-data-in-2022-breach/ 員工電腦遭駭！The Sandbox 警告用戶勿點擊釣魚郵件，以免設備遭駭客入侵 https://zombit.info/the-sandbox-notice-of-security-incident/ 嚴防個資外洩政府應多管齊下 https://anntw.com/articles/20230302-tO91 Even Top-Ranked Android Apps in Google Play Store Provide Misleading Data Safety Labels https://thehackernews.com/2023/02/majority-of-android-apps-on-google-play.html Dutch Police Arrest 3 Hackers Involved in Massive Data Theft and Extortion Scheme https://thehackernews.com/2023/02/dutch-police-arrest-3-hackers-involved.html E.研究報告/工具 How to Tackle the Top SaaS Challenges of 2023 https://thehackernews.com/2023/02/how-to-tackle-top-saas-challenges-of.html How to Use AI in Cybersecurity and Avoid Being Trapped https://thehackernews.com/2023/02/how-to-use-ai-in-cybersecurity-and.html CISOs Are Stressed Out and It's Putting Companies at Risk https://thehackernews.com/2023/03/cisos-are-stressed-out-and-its-putting.html Application Security vs. API Security: What is the difference https://thehackernews.com/2023/02/application-security-vs-api-security.html 2023 Browser Security Report Uncovers Major Browsing Risks and Blind Spots https://thehackernews.com/2023/03/2023-browser-security-report-uncovers.html 16 Python Tricks To Learn Before You Write Your Next Code https://medium.com/codex/16-python-tricks-to-learn-before-you-write-your-next-code-bb91dd955f1b ChatGPT Is an Extra-Ordinary Python Programmer https://betterprogramming.pub/chatgpt-is-an-extra-ordinary-python-programmer-386a4081a504 SQL Injection + RCE | How I got a shell on my university website https://systemweakness.com/sql-injection-rce-how-i-got-a-shell-on-my-university-website-b53f84468591 F.商業從駭客變成資安公司CEO！Descope用「無密碼驗證」，獲16億元種子輪募資 https://meet.bnext.com.tw/articles/view/50072? 全景軟體IDExpert實踐零信任網路安全 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=14&cat=60&id=0000657287_WTP3FPIB7RN7ZO89H30OA G.政府數位部積極強化公私部門資安保護能力協助各部會個資事件行政調查 https://moda.gov.tw/press/press-releases/3879 資安問題不斷　國民黨團斥數發部：賣麵線比較重要 https://www.nownews.com/news/6069078 駭客去年10月兜售全臺戶政資料，調查局公布最新調查結果 https://www.mjib.gov.tw/news/Details/1/839 民間企業頻傳駭客入侵百萬個資遭竊監委自動調查 https://n.yam.com/Article/20230302157874 資安即國安？政府督管企業個資外洩從嚴卻未納入公務機關 https://www.peoplenews.tw/articles/fd83ed7e31 黃天牧談台灣加密貨幣監理立委郭國文：未來虛擬資產監管可朝5方向研議 https://reurl.cc/RvXqYr 加密產業金管會管定了、可能朝「特許行業」設規則！黃天牧：一個月內給具體進展 https://web3plus.bnext.com.tw/article/421? H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安 TPM 2.0被挖出資安漏洞，有可能因此外洩裝置機密資訊 https://kb.cert.org/vuls/id/782720 New Flaws in TPM 2.0 Library Pose Threat to Billions of IoT and Enterprise Devices https://thehackernews.com/2023/03/new-flaws-in-tpm-20-library-pose-threat.html ThingWorx、Kepware工業物聯網裝置存在重大漏洞 https://www.securityweek.com/critical-vulnerabilities-patched-in-thingworx-kepware-iiot-products/ I.教育訓練 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 6.近期資安活動及研討會 International Women’s Day, IWD 2023 科技女力論壇 2023/3/4 https://wtmtw.kktix.cc/events/wtmiwd23 Taipei dbt Meetup #9 (in-person 👫 & online 👨‍ �2023/3/4 https://www.meetup.com/taipei-dbt-meetup/events/291396868/ Just a chat - with no Expectations 2023/3/4 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/291884257/ ChatGPT 與他們的產地 2023/3/4 https://www.meetup.com/rladies-taipei/events/291384125/ 上市櫃公司資通安全管控指引知識工具包 2023/3/8 03.22 (三) 12:00 此活動為線上活動 https://www.accupass.com/event/2302150850452088142510 翻轉女性職涯！轉職軟體工程師線上分享｜國際婦女節特別場 2023/3/8 此活動為線上活動 https://www.accupass.com/event/2302150237312024755680 Web3 Meetup - 區塊鏈基礎 2023/3/9 https://www.accupass.com/event/2302200853101612307936 ISO 27001:2022 改版有什麼不同 2023/3/9 此活動為線上活動 https://www.accupass.com/event/2302230247019865947670 產業雲集、解密智勝轉型與品牌行銷多元轉型升級工作坊 2023/3/9 https://www.accupass.com/event/2302141159396129924760 【Check Point x 奧義智慧研討會】2023 資安防禦力再升級,AI 賦能建構企業資安韌性 2023/3/10 https://www.twcert.org.tw/tw/cp-105-6936-c367e-1.html DEVCORE Conference 2023 - 3/10 企業場 2023/3/10 https://devcore.kktix.cc/events/devcoreconf2023-0310 DEVCORE Conference 2023 - 3/11 駭客場 2023/3/11 https://devcore.kktix.cc/events/devcoreconf2023 Hugging Face :Zero-Shot Image Classification/OpenAI 2023/3/14 https://www.meetup.com/tensorflow-user-group-taipei/events/290714432/ 佈局雲端資安打造零信任架構 2023/3/15 此活動為線上活動 https://www.accupass.com/event/2302220900331672222575 三月定期聚會-我們對於在花蓮工作的想像與實踐 2023/3/15 https://www.meetup.com/hualien-py/events/291790073/ 掌握資安趨勢讓大數據決策市場研討會 2023/3/16 https://www.accupass.com/event/2212200343421615169635 [Python 入門] 線上 2023/03 月份 2023/3/18 https://www.meetup.com/pyladiestw/events/291843185/ 一鍵完成設備部署、資安、合規的實作秘笈-三月場 | In Taipei Apple Office（商務場）2023/3/23 https://jamf.kktix.cc/events/onetouch2303 落實企業資安防護，強化企業營運韌性＿資安研討會 2023/3/23 https://www.accupass.com/event/2302060303531883855085 用Immersive Open Web 創造您自己的3D世界. 2023/3/23 https://www.meetup.com/hubs-creators-meetup/events/291532452/ 2022 OT 工控資安年會-活動報名 2023/3/24 https://reurl.cc/5Mq327 珈特科技_APPLE資安研討會 2023/3/29 https://gettechnology.kktix.cc/events/1c9146ab 次世代 IT 管理啓動雲端旅程 2023/3/30 此活動為線上活動 https://www.accupass.com/event/2302030247499784123840 iPAS-「初級」資訊安全工程師-能力研習衝刺班 2023/4/15、4/22 https://www.cisanet.org.tw/Course/Detail/3948 iPAS中級資訊安全人員訓練班 2023/5/4 ~ 2023/6/1 https://edu.tcfst.org.tw/web/tw/class/show.asp?courseidori=12C013