###### tags: `資安事件新聞週報`
# 資安事件新聞週報 2023/6/5 ~ 2023/6/9
1.重大弱點漏洞/後門/Exploit/Zero Day
想設立漏洞懸賞專案,應界定有機可循的方法,並留意相關的法律要求
https://www.ithome.com.tw/news/157266
微軟修補的Visual Studio漏洞極為容易利用,恐被用於滲透開發環境
https://www.varonis.com/blog/visual-studio-bug
Splunk公告修補高風險漏洞
https://www.securityweek.com/high-severity-vulnerabilities-patched-in-splunk-enterprise/
技嘉公告主機版韌體更新相關事宜
https://www.gigabyte.com/tw/Press/News/2091
針對已被用於攻擊行動的Win32k.sys漏洞,研究人員公布概念性驗證程式
http://www.numencyber.com/cve-2023-29336-win32k-analysis/
Google Chrome 存在一個高風險的零時差弱點
https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.html
Google針對Chrome 114修補零時差漏洞
https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.html
Zero-Day Alert: Google Issues Patch for New Chrome Vulnerability - Update Now!
https://thehackernews.com/2023/06/zero-day-alert-google-issues-patch-for.html
Magento, WooCommerce, WordPress, and Shopify Exploited in Web Skimmer Attack
https://thehackernews.com/2023/06/magento-woocommerce-wordpress-and.html
思科VPN用戶端程式出現漏洞,若不修補恐被用於取得SYSTEM權限
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-csc-privesc-wx4U4Kw
思科修補企業協作系統的重大漏洞
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-priv-esc-Ls2B9t7b
VMware網路分析工具出現重大漏洞
https://kb.vmware.com/s/article/92684
Urgent Security Updates: Cisco and VMware Address Critical Vulnerabilities
https://thehackernews.com/2023/06/urgent-security-updates-cisco-and.html
Barracuda表示遭到零時差漏洞攻擊的郵件安全閘道設備應立即更換
https://www.bleepingcomputer.com/news/security/barracuda-says-hacked-esg-appliances-must-be-replaced-immediately/
Barracuda Urges Immediate Replacement of Hacked ESG Appliances
https://thehackernews.com/2023/06/barracuda-urges-immediate-replacement.html
Experts Unveil Exploit for Recent Windows Vulnerability Under Active Exploitation
https://thehackernews.com/2023/06/experts-unveil-poc-exploit-for-recent.html
中華數位科技 SPAM SQR全方位郵件過濾平台 - Code Injection
https://www.twcert.org.tw/tw/cp-132-6955-c7612-1.html
中華數位科技 Mail SQR Expert 全方位電子郵件管理專家 - Local File Inclusion
https://www.twcert.org.tw/tw/cp-132-6644-d7aac-1.html
中華數位科技 Mail SQR Expert 全方位電子郵件管理專家 - Command Injection
https://www.twcert.org.tw/tw/cp-132-6643-89bfa-1.html
密碼管理器KeePass能從記憶體內竊取主控密碼的漏洞得到修補
https://keepass.info/news/n230603_2.54.html
全景軟體 MOTP行動動態密碼系統 - Path Traversal
https://www.twcert.org.tw/tw/cp-132-7022-2cbe0-1.html
2.銀行/金融/保險/證券/金融監理 新聞及資安
巴西駭客發動寄生攻擊,並搭配命令列指令碼竊取銀行帳戶
https://blogs.blackberry.com/en/2023/05/cmdstealer-targets-portugal-peru-and-mexico
Brazilian Cybercriminals Using LOLBaS and CMD Scripts to Drain Bank Accounts
https://thehackernews.com/2023/06/brazilian-cybercriminals-using-lolbas.html
北韓駭客組織APT38針對日本、越南、美國金融機構而來
https://www.recordedfuture.com/north-korea-aligned-tag-71-spoofs-financial-institutions
駭客組織Asylum Ambuscade鎖定金融機構、政府機關發動攻擊
https://www.welivesecurity.com/2023/06/08/asylum-ambuscade-crimeware-or-cyberespionage/
Asylum Ambuscade: crimeware or cyberespionage
https://www.welivesecurity.com/2023/06/08/asylum-ambuscade-crimeware-or-cyberespionage/
Magecart側錄攻擊出現新手法!駭客利用合法網站攻擊目標
https://www.akamai.com/blog/security-research/new-magecart-hides-behind-legit-domains
西班牙銀行Globalcaja證實遭到勒索軟體Play攻擊
https://securityaffairs.com/147073/cyber-crime/globalcaja-confirms-play-ransomware-attack.html
「偽冒銀行APP」誘下單騙財,臺灣企銀一鍵檢測
https://www.fountmedia.io/article/167125
3.信用卡/電子支付/行動支付/pay/支付系統/資安
行動支付全覆蓋 旅客訪陸步步為營
https://view.ctee.com.tw/video/50431.html
智慧手錶也能用LINE行動支付!LINE Pay正式支援watchOS 及Wear OS雙系統
https://today.line.me/tw/v2/article/3N8ROLE
無現金社會、行動支付不等於進步!揭開你我數位金融迷思
https://www.businessweekly.com.tw/magazine/Article_mag_page.aspx?id=7008142
歐付寶新董座助完成TWQR電子支付佈局
https://reurl.cc/r5RoKZ
台灣電支用戶破2千萬大關,3大龍頭換人了?群雄割據版圖一次看
https://www.bnext.com.tw/article/75537/electronic-payment-internet-banking-map
悠遊付系統故障遭批「最差電子支付」 悠遊卡公司回應了
https://www.chinatimes.com/realtimenews/20230523004771-260405?chdtv
4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安
加密貨幣錢包Atomic Wallet遭駭,駭客轉走3,500萬美元加密貨幣
https://www.bleepingcomputer.com/news/security/atomic-wallet-hacks-lead-to-over-35-million-in-crypto-stolen/
資料流自動化處理系統Apache NiFi遭駭客鎖定,若被滲透恐被用於挖礦
https://isc.sans.edu/diary/Your%20Business%20Data%20and%20Machine%20Learning%20at%20Risk%3A%20Attacks%20Against%20Apache%20NiFi/29900
CZ駁斥「收取120億鎂」幣安客戶資金:假消息,Binance.US 未曾挪用
https://www.blocktempo.com/cz-bombards-coindesk-with-reports/
幣安美國暫停美元入金!趙長鵬駁斥挪用110億客戶資金 比特幣跌不破2.6萬果真「團結」
https://hk.investing.com/news/economic-indicators/article-343781
美國眾議院數字資產市場架構草案提及NFT的風險和優勢|幣安早報
https://news.cnyes.com/news/id/5204940
5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC
惡意軟體Fractureiser透過Minecraft改裝套件散布,攻擊Windows、Linux電腦
https://prismlauncher.org/news/cf-compromised-alert/
惡意軟體TureBot透過稽核軟體Netwrix重大漏洞感染受害電腦
https://blogs.vmware.com/security/2023/06/carbon-blacks-truebot-detection.html
惡意軟體下載器Satacom被用於散布竊取加密貨幣的瀏覽器擴充套件
https://securelist.com/satacom-delivers-cryptocurrency-stealing-browser-extension/109807/
惡意軟體Horabot挾持Gmail、Outlook電子郵件信箱
https://blog.talosintelligence.com/new-horabot-targets-americas/
駭客針對電商網站賣家下手,散布竊資軟體Vidar
https://www.bleepingcomputer.com/news/security/online-sellers-targeted-by-new-information-stealing-malware-campaign/
YKK公司傳出遭到勒索軟體LockBit攻擊
https://therecord.media/ykk-zipper-manufacturer-cyberattack-us-operations
https://cybernews.com/news/ykk-group-data-breach/
https://thecyberexpress.com/lockbit-claims-ykk-ransomware-attack-deadline/
惡意Chrome延伸套件現身市集,已被下載7,500萬次
https://blog.avast.com/malicious-extensions-chrome-web-store
勒索軟體NoEscape透過Windows安全模式植入受害電腦
https://blog.cyble.com/2023/06/01/noescape-ransomware-as-a-service-raas/
勒索軟體BlackSuit疑從Royal發展而來
https://www.trendmicro.com/en_us/research/23/e/investigating-blacksuit-ransomwares-similarities-to-royal.html
ChatGPT爆紅引發相關資安疑慮!資安業者Palo Alto Networks半年內看到相關域名註冊增178%、每天有118個惡意URL
https://start.paloaltonetworks.com/unit-42-network-threat-trends-report-malware-2023.html
勒索軟體駭客Royal測試新的惡意程式BlackSuit
https://www.bleepingcomputer.com/news/security/royal-ransomware-gang-adds-blacksuit-encryptor-to-their-arsenal/
勒索軟體0mega鎖定企業的SharePoint Online發動攻擊
https://www.obsidiansecurity.com/blog/saas-ransomware-observed-sharepoint-microsoft-365/
惡意軟體LonePage鎖定烏克蘭政府機關及媒體而來
https://cert.gov.ua/article/4818341
日本製藥廠Eisai證實遭到勒索軟體攻擊
https://www.eisai.com/news/2023/news202341.html
微軟指出MOVEit Transfer零時差攻擊由Clop勒索集團駭客主使
https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
勒索軟體駭客Clop濫用MOVEit Transfer零時差漏洞,可追溯至2021年,疑似當時就開始測試
https://www.kroll.com/en/insights/publications/cyber/clop-ransomware-moveit-transfer-vulnerability-cve-2023-34362
因MOVEit Transfer漏洞而遭勒索軟體Clop攻擊的組織,可能有數百家之多
https://therecord.media/clop-extortion-hundreds-organizations-moveit-vulnerability
英國人力資源系統業者Zellis因MOVEit Transfer遭到攻擊,波及BBC、英國航空
https://securityaffairs.com/147119/data-breach/zellis-data-breach-bbc-ba.html
Trustwave Action Response: Zero Day Exploitation of MOVEit (CVE-2023-34362)
https://reurl.cc/VL1nkA
CVE-2023-34362: MOVEit Transfer SQL Injection Vulnerability Threat Brief
https://unit42.paloaltonetworks.com/threat-brief-moveit-cve-2023-34362/
MOVEit Transfer Exploited to Drop File-Stealing SQL Shell
https://www.sentinelone.com/blog/moveit-transfer-exploited-to-drop-file-stealing-sql-shell/
#StopRansomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-158a
Clop Ransomware Gang Likely Aware of MOVEit Transfer Vulnerability Since 2021
https://thehackernews.com/2023/06/clop-ransomware-gang-likely-exploiting.html
Microsoft: Lace Tempest Hackers Behind Active Exploitation of MOVEit Transfer App
https://thehackernews.com/2023/06/microsoft-lace-tempest-hackers-behind.html
北韓駭客Kimsuky鎖定新聞媒體發動攻擊
https://www.sentinelone.com/labs/kimsuky-new-social-engineering-campaign-aims-to-steal-credentials-and-gather-strategic-intelligence/
Kimsuky Strikes Again | New Social Engineering Campaign Aims to Steal Credentials and Gather Strategic Intelligence
https://reurl.cc/RzXRA6
North Korea's Kimsuky Group Mimics Key Figures in Targeted Cyber Attacks
https://thehackernews.com/2023/06/north-koreas-kimsuky-group-mimics-key.html
Kimsuky Targets Think Tanks and News Media with Social Engineering Attacks
https://thehackernews.com/2023/06/kimsuky-targets-think-tanks-and-news.html
ITG10 Likely Targeting South Korean Entities of Interest to the Democratic People’s Republic of Korea (DPRK)
https://securityintelligence.com/posts/itg10-targeting-south-korean-entities/?c=Threat%20Research
Scan port 23 Telnet (S3#)
https://otx.alienvault.com/pulse/6481aaa763f28df18b500b16
New Botnet Malware 'Horabot' Targets Spanish-Speaking Users in Latin America
https://thehackernews.com/2023/06/new-botnet-malware-horabot-targets.html
Alarming Surge in TrueBot Activity Revealed with New Delivery Vectors
https://thehackernews.com/2023/06/alarming-surge-in-truebot-activity.html
勒索軟體Cyclops結合以Go語言打造的竊資軟體功能
https://www.uptycs.com/blog/cyclops-ransomware-stealer-combo
Cyclops Ransomware Gang Offers Go-Based Info Stealer to Cybercriminals
https://thehackernews.com/2023/06/cyclops-ransomware-gang-offers-go-based.html
Winning the Mind Game: The Role of the Ransomware Negotiator
https://thehackernews.com/2023/06/winning-mind-game-role-of-ransomware.html
PowerShell惡意軟體PowerDrop鎖定美國航空產業而來
https://adlumin.com/post/powerdrop-a-new-insidious-powershell-script-for-command-and-control-attacks-targets-u-s-aerospace-defense-industry/
New PowerDrop Malware Targeting U.S. Aerospace Industry
https://thehackernews.com/2023/06/new-powerdrop-malware-targeting-us.html
New Malware Campaign Leveraging Satacom Downloader to Steal Cryptocurrency
https://thehackernews.com/2023/06/new-malware-campaign-leveraging-satacom.html
Stealth Soldier: A New Custom Backdoor Targets North Africa with Espionage Attacks
https://thehackernews.com/2023/06/stealth-soldier-new-custom-backdoor.html
New Linux Ransomware Strain BlackSuit Shows Striking Similarities to Royal
https://thehackernews.com/2023/06/new-linux-ransomware-strain-blacksuit.html
DynamicRAT — A full-fledged Java Rat
https://gi7w0rm.medium.com/dynamicrat-a-full-fledged-java-rat-1a2dabb11694
https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/DynamicRAT/IoC.txt
Analysis of the RecordBreaker secret-stealing Trojan spread through video sites
https://mp.weixin.qq.com/s/K8r6ZLC9LX6fRx-zwTR_hw
B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊
Over 60K Adware Apps Posing as Cracked Versions of Popular Apps Target Android Devices
https://thehackernews.com/2023/06/over-60k-adware-apps-posing-as-cracked.html
逾6萬個廣告軟體假冒熱門應用程App破解版,鎖定安卓用戶而來
https://www.bitdefender.com/blog/labs/tens-of-thousands-of-compromised-android-apps-found-by-bitdefender-anomaly-detection-technology/
Google發布6月份Android例行更新,修補遭間諜軟體利用的Mali GPU漏洞
https://www.bleepingcomputer.com/news/security/android-security-update-fixes-mali-gpu-flaw-exploited-by-spyware/
針對iOS裝置的間諜軟體攻擊Operation Triangulation,卡巴斯基提供檢測工具
https://securelist.com/find-the-triangulation-utility/109867/
快刪193款APP!小遊戲、獎勵「病毒恐竊個資」 3000萬人已受騙
https://n.yam.com/Article/20230608875180
Android 藍牙致命漏洞 毋須操作即可遠程執行程式碼
https://www.pcmarket.com.hk/android-critial-vulnerabilities-remotely-execute-codes-via-bluetooth/
離線地圖終於上線!果粉自嘲:快追上了
https://www.technice.com.tw/techmanage/smartcity/55934/
C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力
為防範NTLM Relay攻擊,微軟首度在開發版本Windows要求使用SMB簽章
https://www.ithome.com.tw/news/157183
衛星網路沙箱Moonlighter即將升空,成為第一個太空網路安全的測試環境
https://www.ithome.com.tw/news/157186
選前敏感校園資安三連爆 北市大學信箱遭盜「我是翻牆的江蘇人」
https://www.youtube.com/watch?v=Q-6zIIRquKw
五月天演唱會門票遭「劫」 駭客入侵掃票爆賺逾400萬
https://www.youtube.com/watch?v=bB7MGlTevSw
雲端檔案共享服務OneDrive網站發生營運中斷,疑遭到DDoS攻擊
https://www.bleepingcomputer.com/news/microsoft/microsoft-onedrive-down-worldwide-following-claims-of-ddos-attacks/
微軟雲端郵件服務Outlook.com傳出遭DDoS攻擊,導致服務中斷
https://www.ithome.com.tw/news/157216
涉嫌販賣冒牌思科網路設備的人士遭起訴,不法所得逾1億美元
https://www.justice.gov/opa/pr/ceo-dozens-companies-pleads-guilty-massive-scheme-traffic-fraudulent-and-counterfeit-cisco
美國太空總署網站出現開放重新導向漏洞,可被用於將用戶導引至惡意網站
https://cybernews.com/security/nasa-astrobiology-website-flaw/
駭客組織Dark Pink鎖定亞太與歐洲的組織發動攻擊
https://www.group-ib.com/blog/dark-pink-episode-2/
英國資安龐德卸任前,揭網攻能力4大國:中國是最大威脅
https://www.businessweekly.com.tw/Archive/Article?StrId=7008144
G20國家遭到中國駭客SharpPanda鎖定,透過Office方程式編輯工具漏洞發動攻擊
https://blog.cyble.com/2023/06/01/sharppanda-apt-campaign-expands-its-arsenal-targeting-g20-nations/
中國駭客Camaro Dragon利用後門程式TinyNote,鎖定東南亞外交單位收集情報
https://research.checkpoint.com/2023/malware-spotlight-camaro-dragons-tinynote-backdoor/
Camaro Dragon Strikes with New TinyNote Backdoor for Intelligence Gathering
https://thehackernews.com/2023/06/camaro-dragon-strikes-with-new-tinynote.html
資安工程師
https://www.104.com.tw/job/80efb?jobsource=m104
專案工程師-ACSI
https://www.linkedin.com/jobs/view/%E5%B0%88%E6%A1%88%E5%B7%A5%E7%A8%8B%E5%B8%AB-acsi-at-acer-3629317340/?originalSubdomain=tw
證交所徵才開跑 招募五大類別34名缺額
https://www.setn.com/News.aspx?NewsID=1306989
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全
踢爆遠傳續約簡訊驚人漏洞 「499之亂」用戶個資一點就洩 | 蘋果新聞網
https://www.youtube.com/watch?v=Bban76B4Jvo
本田汽車集團API弱點曝露經銷商資料及內部文件
https://eaton-works.com/2023/06/06/honda-ecommerce-hack/
人力資源管理平臺Prosperix的AWS S3儲存桶配置錯誤,曝露4.2萬個求職者檔案
https://cybernews.com/security/prosperix-leaks-drivers-licenses-medical-records/
阿拉伯聯合大公國、星、馬等國遭到中國駭客組織PostalFurious網釣簡訊攻擊,目標可能是竊取個資或支付資料
https://www.group-ib.com/media-center/press-releases/postalfurious/
刑事局針對釣魚簡訊提出警告,駭客以包裹寄送地址有誤為由騙取信用卡資料
https://www.cib.npa.gov.tw/ch/app/news/view?module=news&id=1887&serno=bed71cfe-be00-424d-9e1d-fa4ce127a191
亞洲詐騙轉移陣地 國際刑警發警報
https://www.anntw.com/articles/20230608-vGGx
KakaoTalk遭海外登入?當心北韓駭客釣魚手法
https://reurl.cc/nDOym2
FTC Slams Amazon with $30.8M Fine for Privacy Violations Involving Alexa and Ring
https://thehackernews.com/2023/06/ftc-slams-amazon-with-308m-fine-for.html
Chinese PostalFurious Gang Strikes UAE Users with Sneaky SMS Phishing Scheme
https://thehackernews.com/2023/06/chinese-postalfurious-gang-strikes-uae.html
Microsoft to Pay $20 Million Penalty for Illegally Collecting Kids' Data on Xbox
https://thehackernews.com/2023/06/microsoft-to-pay-20-million-penalty-for.html
E.研究報告/工具
資安人員別怕擁抱AI新科技,老師傅導讀AI技術最新進展,擺脫特徵工程的苦與累
https://www.ithome.com.tw/news/157256
最受渗透测试工程师欢迎的10款漏洞扫描工具(2023版)
https://www.aqniu.com/tools-tech/96753.html
ChatGPT幻觉导致开发人员受到供应链恶意软件攻击
https://www.4hou.com/posts/0o93
响尾蛇组织使用DLL劫持加载Cobalt Strike攻击巴基斯坦政府
https://www.secpulse.com/archives/201630.html
Cloud Security Tops Concerns for Cybersecurity Leaders: EC-Council's Certified CISO Hall of Fame Report 2023
https://thehackernews.com/2023/06/cloud-security-tops-concerns-for.html
The Importance of Managing Your Data Security Posture
https://thehackernews.com/2023/06/the-importance-of-managing-your-data.html
The Annual Report: 2024 Plans and Priorities for SaaS Security
https://thehackernews.com/2023/06/the-annual-report-2024-plans-and.html
How to Improve Your API Security Posture
https://thehackernews.com/2023/06/how-to-improve-your-api-security-posture.html
5 Reasons Why Access Management is the Key to Securing the Modern Workplace
https://thehackernews.com/2023/06/5-reasons-why-access-management-is-key.html
F.商業
Google Cloud、Workspace開始支援Passkey無密碼登入
https://www.ithome.com.tw/news/157209
密碼管理解決方案業者1Password推出瀏覽器Passkey擴充套件公開測試版
https://www.ithome.com.tw/news/157236
ChatGPT帶動企業需求 宏碁資訊瞄準AI、雲端、資安需求
https://ec.ltn.com.tw/article/breakingnews/4328477
Netron網創資訊攜手中華軟協、NTT DATA及鋒形科技,拓展日本雲服務市場
https://www.techbang.com/posts/107063-netron-joined-hands-with-china-soft-association-ntt-data-and
G.政府
去年國慶焰火晚會無人機中製疑慮 監委申請調查
https://www.cna.com.tw/news/aipl/202306090054.aspx
支持沙崙資安聚落成形 盼頂端科研皆在此產生
https://news.586.com.tw/2023/06/488366/
黃偉哲市長全力支持沙崙資安聚落成形 成為國家資安防禦重要後盾
https://www.owlting.com/news/articles/378650
520前總統府遇駭 高虹安:駭客與內鬼的惡意操作
https://www.youtube.com/watch?v=WFIrtESwFgQ
H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安
5 Reasons Why IT Security Tools Don't Work For OT
https://thehackernews.com/2023/06/5-reasons-why-it-security-tools-dont.html
兆勤針對近期修補的防火牆重大漏洞提出警告,並指出有更多漏洞被用於攻擊行動
https://www.zyxel.com/global/en/support/security-advisories/zyxels-guidance-for-the-recent-attacks-on-the-zywall-devices
Zyxel Firewalls Under Attack! Urgent Patching Required
https://thehackernews.com/2023/06/zyxel-firewalls-under-attack-urgent.html
ASUS RT-AC86U - Buffer Overflow
https://www.twcert.org.tw/tw/cp-132-7147-afcf9-1.html
ASUS RT-AC86U - Command Injection
https://www.twcert.org.tw/tw/cp-132-7146-ef92a-1.html
I.教育訓練
iPAS資訊安全工程師中級筆記
https://hackmd.io/@Not/iPASInformationSecuritySpecialist
iPas資安工程師證照考前研習
https://reurl.cc/GEbA3p
Coursera 盤點 7 項雲端資安認證,高薪跳板都在這了!
https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/
全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口
https://reurl.cc/m39MDj
CISSP資安認證的8大領域
https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html
CISSP考試心得
https://reurl.cc/KbY83j
CISSP考試心得 – Benson
https://reurl.cc/GbWvxd
目標導向-20天光速考過CISSP
https://reurl.cc/2Zq6zn
CISSP證照考試實戰心得 第一章:初期準備工作
https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat
CISSP證照考試實戰心得 第二章:規律且有紀律的讀書策略
https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies
CISSP證照考試實戰心得 第三章:終極一戰
https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle
Quick CISSP Infographic for IPSec
https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec
CSSLP Certification - Security models in F#
https://github.com/vbocan/csslp
Certified Secure Software Lifecycle Professional in bullet points
https://github.com/joeyhage/csslp-notes
CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得
https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/
EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022
https://reurl.cc/1oyEM8
CEH v11 考試心得與準備方式
https://blog.sean.taipei/2022/01/ceh
CEH
https://github.com/a3cipher/CEH
CodeRed by EC-Council
https://github.com/codered-by-ec-council
深度解析 CPENT 考試心得、以及與 OSCP 的比較
https://reurl.cc/41eL8v
EC-Council CPENT v1 滲透測試認證 – 內容及心得分享
https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review
[備考心得]CompTIA Security+ (SY0–601) 上篇
https://reurl.cc/M053DK
[備考心得]CompTIA Security+ (SY0–601) 下篇
https://reurl.cc/M053Gv
comptia-security-plus
https://github.com/ajfuto/comptia-security-plus
security-plus
https://github.com/fjavierm/security-plus
CompTIA Security+ Certification Practice Test Questions
https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette
不只是工程師才要懂的 App 資訊安全:取得資安檢測合格證書血淚史(iT邦幫忙鐵人賽系列書)
https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html
Learn NIST Inside Out With 21 Hours of Training @ 86% OFF
https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html
駭客與國家: 網路攻擊與地緣政治新常態
The hacker and the state: cyber attacks and the new normal of geopolitic
https://reurl.cc/D3nKKj
Practical Network Penetration Tester (PNPT) Certification Review
https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df
WUSON常用的基本詞彙
https://choson.lifenet.com.tw/?p=1958
證照仍是學習資安基本功的主要管道,有專家打造「資安證照地圖」
https://www.ithome.com.tw/news/156754
用證照證明自己實力之餘,更應將證照視為督促學習的最大動力
https://www.ithome.com.tw/news/156756
打破證照誤解與迷思,資安專家帶你釐清資安證照的意義
https://www.ithome.com.tw/news/156755
6.近期資安活動及研討會
KaLUG 2306 聚會 - 新世代開源 VPN 伺服器 wireguard 2023/6/10
https://kalug.kktix.cc/events/2306
Drupal Mentoring Taipei - Meet and Code 2023/6/10
https://www.meetup.com/drupal-mentoring-taipei/events/293076527/
大型語言模型時代下,建置解決方案該有的姿勢/知識 (Building solutions with LLMs) 2023/6/12
https://www.meetup.com/rladies-taipei/events/293170581/
資安分析新手村:掌握網路封包分析技術(線上課程) 2023/6/13
https://forms.gle/msePzws5GtcDunrc7
SyntaxError 2023/6/14
https://www.meetup.com/pythonhug/events/293758083/
資安分析新手村:掌握網路封包分析技術(實體課程)2023/6/14
https://forms.gle/mtpZNPCpTVyv97Dr9
台灣專場「Microsoft Build Taiwan」 2023/6/15
https://mktoevents.com/microsoft+event/400676/157-gqe-382?wt.mc_id=AID3059306_QSG_PD_EML_644332
網路自由小聚 [6月] :AI 法不法 2023/6/15
https://ocftw.kktix.cc/events/internetfreedom-june2023
Putting Privacy at the Forefront in Automotive 2023/6/16
https://www.meetup.com/automotive-security-research-group-taipei-asrg-%E8%87%BA%E5%8C%97/events/293824870/
思科雲端攻防戰_企業資安人才計畫全面啟動 2023/6/16
https://www.accupass.com/event/2305051229145163809640
線上資安專題講座- Large Language Model帶給供應鏈威脅獵捕的野望 2023/6/17
https://isipevent.kktix.cc/events/6c2fc51b-copy-1
2023 Empowering Yourself, Empowering Others Series: 調出跨文化故事力 2023/6/20
https://www.meetup.com/women-who-code-taipei/events/293462074/
Taipei dbt Meetup #12 (in-person 👫 & online 👨💻) 2023/6/21
https://www.meetup.com/taipei-dbt-meetup/events/293758471/
從「會動就好」到「持續營運」 2023/6/24
https://www.accupass.com/event/2305270631121994465958
Raspberry Pi 樹莓派社群聚會 #38 2023/6/26
https://raspberrypi-tw-bdfa45.kktix.cc/events/meetup38
「以小博大:透過工具及社群提升公民數位韌性」座談會 2023/6/27
https://www.twsig.tw/20230627/
黑客視角:網站漏洞挖掘與防禦 ( 線上課程) 2023/6/27
https://forms.gle/JpThJxMgxZd3uNh39
黑客視角:網站漏洞挖掘與防禦 ( 實體課程) 2023/6/28
https://forms.gle/qQAqx8KZzzntSyLd9
SaaS軟體PM-技術實戰班|AWS雲端架構設計|軟體資安|AWS實作Lab|模擬試題 2023/6/30
https://www.accupass.com/event/2305310854254976071070
SGS汽車供應鏈發展新趨勢 研討會 電動車產業關鍵佈局 迎向智慧 安全新未來 2023/7/4
https://www.accupass.com/event/2304250153518811535560
網路自由小聚 [7月] :數位人權國際會議 會後分享會 2023/7/4
https://ocftw.kktix.cc/events/internetfreedom-july
2023-零信任存取 - APPLE資安研討會 2023/7/5
https://2023gettechnology.kktix.cc/events/48f91757
台灣駭客年會 HITCON Training 2023 2023/7/12 ~ 2023/7/15
https://hitcon.kktix.cc/events/hitcon-training-2023
大數據分析進階班 2023/7/27 ~ 2023/7/28
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=600
【舒虎教育】《區塊鏈初階課程》平日班 2023/7/27 ~ 2023/7/28
https://www.accupass.com/event/2305280843071623542481
【舒虎教育】《區塊鏈初階課程》假日班 2023/7/29 ~ 2023/7/30
https://www.accupass.com/event/2305280843202058678448
COSCUP 2023 2023/07/29 ~ 2023/07/30
https://coscup.org/2023/zh-TW/landing
InfoSec Taiwan 2023 國際資安大會 2023/8/1 ~ 2023/8/3
https://csa.kktix.cc/events/infosectaiwan2023
大數據分析進階班 2023/8/10 ~ 2023/8/11
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=611
DEF CON 32 2023/8/10 ~ 2023/8/13
https://defcon.org/index.html
AIoT應用實作研習班 2023/8/16 ~ 2023/8/17
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=601
HITCON CMT 2023 2023/08/18 ~ 2023/08/19
https://hitcon.org/2023/CMT/
大數據分析進階班 (台中) 2023/8/21 ~ 2023/8/22
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=612
AIoT應用實作研習班 (台中) 2023/8/23 ~ 2023/8/24
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=604
PyCon TW 2023 2023/9/2 ~ 2023/9/3
https://tw.pycon.org/2023/zh-hant/registration/tickets
Web應用滲透測試 2023/9/7 ~ 2023/9/8
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=631
Hou.Sec.Con 2023/10/12 ~ 2023/10/13
https://web.cvent.com/event/76d46ccb-fe00-4fe5-ba46-e4a77c807f21/summary
(ISC)2 SECURITY CONGRESS LEAD WITH CONFINDENCE 2023/10/25 ~ 2023/10/27
https://www.isc2.org/Congress-2023
Sign in via Google
Sign in via Facebook
Sign in via X(Twitter)
Sign in via GitHub
Sign in via Dropbox
Sign in with Wallet
Connect another wallet