資安事件新聞週報 2023/6/5 ~ 2023/6/9

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2023/6/5 ~ 2023/6/9 1.重大弱點漏洞/後門/Exploit/Zero Day 想設立漏洞懸賞專案，應界定有機可循的方法，並留意相關的法律要求 https://www.ithome.com.tw/news/157266 微軟修補的Visual Studio漏洞極為容易利用，恐被用於滲透開發環境 https://www.varonis.com/blog/visual-studio-bug Splunk公告修補高風險漏洞 https://www.securityweek.com/high-severity-vulnerabilities-patched-in-splunk-enterprise/ 技嘉公告主機版韌體更新相關事宜 https://www.gigabyte.com/tw/Press/News/2091 針對已被用於攻擊行動的Win32k.sys漏洞，研究人員公布概念性驗證程式 http://www.numencyber.com/cve-2023-29336-win32k-analysis/ Google Chrome 存在一個高風險的零時差弱點 https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.html Google針對Chrome 114修補零時差漏洞 https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.html Zero-Day Alert: Google Issues Patch for New Chrome Vulnerability - Update Now! https://thehackernews.com/2023/06/zero-day-alert-google-issues-patch-for.html Magento, WooCommerce, WordPress, and Shopify Exploited in Web Skimmer Attack https://thehackernews.com/2023/06/magento-woocommerce-wordpress-and.html 思科VPN用戶端程式出現漏洞，若不修補恐被用於取得SYSTEM權限 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-csc-privesc-wx4U4Kw 思科修補企業協作系統的重大漏洞 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-priv-esc-Ls2B9t7b VMware網路分析工具出現重大漏洞 https://kb.vmware.com/s/article/92684 Urgent Security Updates: Cisco and VMware Address Critical Vulnerabilities https://thehackernews.com/2023/06/urgent-security-updates-cisco-and.html Barracuda表示遭到零時差漏洞攻擊的郵件安全閘道設備應立即更換 https://www.bleepingcomputer.com/news/security/barracuda-says-hacked-esg-appliances-must-be-replaced-immediately/ Barracuda Urges Immediate Replacement of Hacked ESG Appliances https://thehackernews.com/2023/06/barracuda-urges-immediate-replacement.html Experts Unveil Exploit for Recent Windows Vulnerability Under Active Exploitation https://thehackernews.com/2023/06/experts-unveil-poc-exploit-for-recent.html 中華數位科技 SPAM SQR全方位郵件過濾平台 - Code Injection https://www.twcert.org.tw/tw/cp-132-6955-c7612-1.html 中華數位科技 Mail SQR Expert 全方位電子郵件管理專家 - Local File Inclusion https://www.twcert.org.tw/tw/cp-132-6644-d7aac-1.html 中華數位科技 Mail SQR Expert 全方位電子郵件管理專家 - Command Injection https://www.twcert.org.tw/tw/cp-132-6643-89bfa-1.html 密碼管理器KeePass能從記憶體內竊取主控密碼的漏洞得到修補 https://keepass.info/news/n230603_2.54.html 全景軟體 MOTP行動動態密碼系統 - Path Traversal https://www.twcert.org.tw/tw/cp-132-7022-2cbe0-1.html 2.銀行/金融/保險/證券/金融監理新聞及資安巴西駭客發動寄生攻擊，並搭配命令列指令碼竊取銀行帳戶 https://blogs.blackberry.com/en/2023/05/cmdstealer-targets-portugal-peru-and-mexico Brazilian Cybercriminals Using LOLBaS and CMD Scripts to Drain Bank Accounts https://thehackernews.com/2023/06/brazilian-cybercriminals-using-lolbas.html 北韓駭客組織APT38針對日本、越南、美國金融機構而來 https://www.recordedfuture.com/north-korea-aligned-tag-71-spoofs-financial-institutions 駭客組織Asylum Ambuscade鎖定金融機構、政府機關發動攻擊 https://www.welivesecurity.com/2023/06/08/asylum-ambuscade-crimeware-or-cyberespionage/ Asylum Ambuscade: crimeware or cyberespionage https://www.welivesecurity.com/2023/06/08/asylum-ambuscade-crimeware-or-cyberespionage/ Magecart側錄攻擊出現新手法！駭客利用合法網站攻擊目標 https://www.akamai.com/blog/security-research/new-magecart-hides-behind-legit-domains 西班牙銀行Globalcaja證實遭到勒索軟體Play攻擊 https://securityaffairs.com/147073/cyber-crime/globalcaja-confirms-play-ransomware-attack.html 「偽冒銀行APP」誘下單騙財，臺灣企銀一鍵檢測 https://www.fountmedia.io/article/167125 3.信用卡/電子支付/行動支付/pay/支付系統/資安行動支付全覆蓋旅客訪陸步步為營 https://view.ctee.com.tw/video/50431.html 智慧手錶也能用LINE行動支付！LINE Pay正式支援watchOS 及Wear OS雙系統 https://today.line.me/tw/v2/article/3N8ROLE 無現金社會、行動支付不等於進步！揭開你我數位金融迷思 https://www.businessweekly.com.tw/magazine/Article_mag_page.aspx?id=7008142 歐付寶新董座助完成TWQR電子支付佈局 https://reurl.cc/r5RoKZ 台灣電支用戶破2千萬大關，3大龍頭換人了？群雄割據版圖一次看 https://www.bnext.com.tw/article/75537/electronic-payment-internet-banking-map 悠遊付系統故障遭批「最差電子支付」悠遊卡公司回應了 https://www.chinatimes.com/realtimenews/20230523004771-260405?chdtv 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安加密貨幣錢包Atomic Wallet遭駭，駭客轉走3,500萬美元加密貨幣 https://www.bleepingcomputer.com/news/security/atomic-wallet-hacks-lead-to-over-35-million-in-crypto-stolen/ 資料流自動化處理系統Apache NiFi遭駭客鎖定，若被滲透恐被用於挖礦 https://isc.sans.edu/diary/Your%20Business%20Data%20and%20Machine%20Learning%20at%20Risk%3A%20Attacks%20Against%20Apache%20NiFi/29900 CZ駁斥「收取120億鎂」幣安客戶資金：假消息，Binance.US 未曾挪用 https://www.blocktempo.com/cz-bombards-coindesk-with-reports/ 幣安美國暫停美元入金！趙長鵬駁斥挪用110億客戶資金比特幣跌不破2.6萬果真「團結」 https://hk.investing.com/news/economic-indicators/article-343781 美國眾議院數字資產市場架構草案提及NFT的風險和優勢|幣安早報 https://news.cnyes.com/news/id/5204940 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 惡意軟體Fractureiser透過Minecraft改裝套件散布，攻擊Windows、Linux電腦 https://prismlauncher.org/news/cf-compromised-alert/ 惡意軟體TureBot透過稽核軟體Netwrix重大漏洞感染受害電腦 https://blogs.vmware.com/security/2023/06/carbon-blacks-truebot-detection.html 惡意軟體下載器Satacom被用於散布竊取加密貨幣的瀏覽器擴充套件 https://securelist.com/satacom-delivers-cryptocurrency-stealing-browser-extension/109807/ 惡意軟體Horabot挾持Gmail、Outlook電子郵件信箱 https://blog.talosintelligence.com/new-horabot-targets-americas/ 駭客針對電商網站賣家下手，散布竊資軟體Vidar https://www.bleepingcomputer.com/news/security/online-sellers-targeted-by-new-information-stealing-malware-campaign/ YKK公司傳出遭到勒索軟體LockBit攻擊 https://therecord.media/ykk-zipper-manufacturer-cyberattack-us-operations https://cybernews.com/news/ykk-group-data-breach/ https://thecyberexpress.com/lockbit-claims-ykk-ransomware-attack-deadline/ 惡意Chrome延伸套件現身市集，已被下載7,500萬次 https://blog.avast.com/malicious-extensions-chrome-web-store 勒索軟體NoEscape透過Windows安全模式植入受害電腦 https://blog.cyble.com/2023/06/01/noescape-ransomware-as-a-service-raas/ 勒索軟體BlackSuit疑從Royal發展而來 https://www.trendmicro.com/en_us/research/23/e/investigating-blacksuit-ransomwares-similarities-to-royal.html ChatGPT爆紅引發相關資安疑慮！資安業者Palo Alto Networks半年內看到相關域名註冊增178%、每天有118個惡意URL https://start.paloaltonetworks.com/unit-42-network-threat-trends-report-malware-2023.html 勒索軟體駭客Royal測試新的惡意程式BlackSuit https://www.bleepingcomputer.com/news/security/royal-ransomware-gang-adds-blacksuit-encryptor-to-their-arsenal/ 勒索軟體0mega鎖定企業的SharePoint Online發動攻擊 https://www.obsidiansecurity.com/blog/saas-ransomware-observed-sharepoint-microsoft-365/ 惡意軟體LonePage鎖定烏克蘭政府機關及媒體而來 https://cert.gov.ua/article/4818341 日本製藥廠Eisai證實遭到勒索軟體攻擊 https://www.eisai.com/news/2023/news202341.html 微軟指出MOVEit Transfer零時差攻擊由Clop勒索集團駭客主使 https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023 勒索軟體駭客Clop濫用MOVEit Transfer零時差漏洞，可追溯至2021年，疑似當時就開始測試 https://www.kroll.com/en/insights/publications/cyber/clop-ransomware-moveit-transfer-vulnerability-cve-2023-34362 因MOVEit Transfer漏洞而遭勒索軟體Clop攻擊的組織，可能有數百家之多 https://therecord.media/clop-extortion-hundreds-organizations-moveit-vulnerability 英國人力資源系統業者Zellis因MOVEit Transfer遭到攻擊，波及BBC、英國航空 https://securityaffairs.com/147119/data-breach/zellis-data-breach-bbc-ba.html Trustwave Action Response: Zero Day Exploitation of MOVEit (CVE-2023-34362) https://reurl.cc/VL1nkA CVE-2023-34362: MOVEit Transfer SQL Injection Vulnerability Threat Brief https://unit42.paloaltonetworks.com/threat-brief-moveit-cve-2023-34362/ MOVEit Transfer Exploited to Drop File-Stealing SQL Shell https://www.sentinelone.com/blog/moveit-transfer-exploited-to-drop-file-stealing-sql-shell/ #StopRansomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-158a Clop Ransomware Gang Likely Aware of MOVEit Transfer Vulnerability Since 2021 https://thehackernews.com/2023/06/clop-ransomware-gang-likely-exploiting.html Microsoft: Lace Tempest Hackers Behind Active Exploitation of MOVEit Transfer App https://thehackernews.com/2023/06/microsoft-lace-tempest-hackers-behind.html 北韓駭客Kimsuky鎖定新聞媒體發動攻擊 https://www.sentinelone.com/labs/kimsuky-new-social-engineering-campaign-aims-to-steal-credentials-and-gather-strategic-intelligence/ Kimsuky Strikes Again | New Social Engineering Campaign Aims to Steal Credentials and Gather Strategic Intelligence https://reurl.cc/RzXRA6 North Korea's Kimsuky Group Mimics Key Figures in Targeted Cyber Attacks https://thehackernews.com/2023/06/north-koreas-kimsuky-group-mimics-key.html Kimsuky Targets Think Tanks and News Media with Social Engineering Attacks https://thehackernews.com/2023/06/kimsuky-targets-think-tanks-and-news.html ITG10 Likely Targeting South Korean Entities of Interest to the Democratic People’s Republic of Korea (DPRK) https://securityintelligence.com/posts/itg10-targeting-south-korean-entities/?c=Threat%20Research Scan port 23 Telnet (S3#) https://otx.alienvault.com/pulse/6481aaa763f28df18b500b16 New Botnet Malware 'Horabot' Targets Spanish-Speaking Users in Latin America https://thehackernews.com/2023/06/new-botnet-malware-horabot-targets.html Alarming Surge in TrueBot Activity Revealed with New Delivery Vectors https://thehackernews.com/2023/06/alarming-surge-in-truebot-activity.html 勒索軟體Cyclops結合以Go語言打造的竊資軟體功能 https://www.uptycs.com/blog/cyclops-ransomware-stealer-combo Cyclops Ransomware Gang Offers Go-Based Info Stealer to Cybercriminals https://thehackernews.com/2023/06/cyclops-ransomware-gang-offers-go-based.html Winning the Mind Game: The Role of the Ransomware Negotiator https://thehackernews.com/2023/06/winning-mind-game-role-of-ransomware.html PowerShell惡意軟體PowerDrop鎖定美國航空產業而來 https://adlumin.com/post/powerdrop-a-new-insidious-powershell-script-for-command-and-control-attacks-targets-u-s-aerospace-defense-industry/ New PowerDrop Malware Targeting U.S. Aerospace Industry https://thehackernews.com/2023/06/new-powerdrop-malware-targeting-us.html New Malware Campaign Leveraging Satacom Downloader to Steal Cryptocurrency https://thehackernews.com/2023/06/new-malware-campaign-leveraging-satacom.html Stealth Soldier: A New Custom Backdoor Targets North Africa with Espionage Attacks https://thehackernews.com/2023/06/stealth-soldier-new-custom-backdoor.html New Linux Ransomware Strain BlackSuit Shows Striking Similarities to Royal https://thehackernews.com/2023/06/new-linux-ransomware-strain-blacksuit.html DynamicRAT — A full-fledged Java Rat https://gi7w0rm.medium.com/dynamicrat-a-full-fledged-java-rat-1a2dabb11694 https://github.com/Gi7w0rm/MalwareConfigLists/blob/main/DynamicRAT/IoC.txt Analysis of the RecordBreaker secret-stealing Trojan spread through video sites https://mp.weixin.qq.com/s/K8r6ZLC9LX6fRx-zwTR_hw B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 Over 60K Adware Apps Posing as Cracked Versions of Popular Apps Target Android Devices https://thehackernews.com/2023/06/over-60k-adware-apps-posing-as-cracked.html 逾6萬個廣告軟體假冒熱門應用程App破解版，鎖定安卓用戶而來 https://www.bitdefender.com/blog/labs/tens-of-thousands-of-compromised-android-apps-found-by-bitdefender-anomaly-detection-technology/ Google發布6月份Android例行更新，修補遭間諜軟體利用的Mali GPU漏洞 https://www.bleepingcomputer.com/news/security/android-security-update-fixes-mali-gpu-flaw-exploited-by-spyware/ 針對iOS裝置的間諜軟體攻擊Operation Triangulation，卡巴斯基提供檢測工具 https://securelist.com/find-the-triangulation-utility/109867/ 快刪193款APP！小遊戲、獎勵「病毒恐竊個資」　3000萬人已受騙 https://n.yam.com/Article/20230608875180 Android 藍牙致命漏洞　毋須操作即可遠程執行程式碼 https://www.pcmarket.com.hk/android-critial-vulnerabilities-remotely-execute-codes-via-bluetooth/ 離線地圖終於上線！果粉自嘲：快追上了 https://www.technice.com.tw/techmanage/smartcity/55934/ C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力為防範NTLM Relay攻擊，微軟首度在開發版本Windows要求使用SMB簽章 https://www.ithome.com.tw/news/157183 衛星網路沙箱Moonlighter即將升空，成為第一個太空網路安全的測試環境 https://www.ithome.com.tw/news/157186 選前敏感校園資安三連爆　北市大學信箱遭盜「我是翻牆的江蘇人」 https://www.youtube.com/watch?v=Q-6zIIRquKw 五月天演唱會門票遭「劫」　駭客入侵掃票爆賺逾400萬 https://www.youtube.com/watch?v=bB7MGlTevSw 雲端檔案共享服務OneDrive網站發生營運中斷，疑遭到DDoS攻擊 https://www.bleepingcomputer.com/news/microsoft/microsoft-onedrive-down-worldwide-following-claims-of-ddos-attacks/ 微軟雲端郵件服務Outlook.com傳出遭DDoS攻擊，導致服務中斷 https://www.ithome.com.tw/news/157216 涉嫌販賣冒牌思科網路設備的人士遭起訴，不法所得逾1億美元 https://www.justice.gov/opa/pr/ceo-dozens-companies-pleads-guilty-massive-scheme-traffic-fraudulent-and-counterfeit-cisco 美國太空總署網站出現開放重新導向漏洞，可被用於將用戶導引至惡意網站 https://cybernews.com/security/nasa-astrobiology-website-flaw/ 駭客組織Dark Pink鎖定亞太與歐洲的組織發動攻擊 https://www.group-ib.com/blog/dark-pink-episode-2/ 英國資安龐德卸任前，揭網攻能力4大國：中國是最大威脅 https://www.businessweekly.com.tw/Archive/Article?StrId=7008144 G20國家遭到中國駭客SharpPanda鎖定，透過Office方程式編輯工具漏洞發動攻擊 https://blog.cyble.com/2023/06/01/sharppanda-apt-campaign-expands-its-arsenal-targeting-g20-nations/ 中國駭客Camaro Dragon利用後門程式TinyNote，鎖定東南亞外交單位收集情報 https://research.checkpoint.com/2023/malware-spotlight-camaro-dragons-tinynote-backdoor/ Camaro Dragon Strikes with New TinyNote Backdoor for Intelligence Gathering https://thehackernews.com/2023/06/camaro-dragon-strikes-with-new-tinynote.html 資安工程師 https://www.104.com.tw/job/80efb?jobsource=m104 專案工程師-ACSI https://www.linkedin.com/jobs/view/%E5%B0%88%E6%A1%88%E5%B7%A5%E7%A8%8B%E5%B8%AB-acsi-at-acer-3629317340/?originalSubdomain=tw 證交所徵才開跑　招募五大類別34名缺額 https://www.setn.com/News.aspx?NewsID=1306989 D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全踢爆遠傳續約簡訊驚人漏洞　「499之亂」用戶個資一點就洩 | 蘋果新聞網 https://www.youtube.com/watch?v=Bban76B4Jvo 本田汽車集團API弱點曝露經銷商資料及內部文件 https://eaton-works.com/2023/06/06/honda-ecommerce-hack/ 人力資源管理平臺Prosperix的AWS S3儲存桶配置錯誤，曝露4.2萬個求職者檔案 https://cybernews.com/security/prosperix-leaks-drivers-licenses-medical-records/ 阿拉伯聯合大公國、星、馬等國遭到中國駭客組織PostalFurious網釣簡訊攻擊，目標可能是竊取個資或支付資料 https://www.group-ib.com/media-center/press-releases/postalfurious/ 刑事局針對釣魚簡訊提出警告，駭客以包裹寄送地址有誤為由騙取信用卡資料 https://www.cib.npa.gov.tw/ch/app/news/view?module=news&id=1887&serno=bed71cfe-be00-424d-9e1d-fa4ce127a191 亞洲詐騙轉移陣地國際刑警發警報 https://www.anntw.com/articles/20230608-vGGx KakaoTalk遭海外登入？當心北韓駭客釣魚手法 https://reurl.cc/nDOym2 FTC Slams Amazon with $30.8M Fine for Privacy Violations Involving Alexa and Ring https://thehackernews.com/2023/06/ftc-slams-amazon-with-308m-fine-for.html Chinese PostalFurious Gang Strikes UAE Users with Sneaky SMS Phishing Scheme https://thehackernews.com/2023/06/chinese-postalfurious-gang-strikes-uae.html Microsoft to Pay $20 Million Penalty for Illegally Collecting Kids' Data on Xbox https://thehackernews.com/2023/06/microsoft-to-pay-20-million-penalty-for.html E.研究報告/工具資安人員別怕擁抱AI新科技，老師傅導讀AI技術最新進展，擺脫特徵工程的苦與累 https://www.ithome.com.tw/news/157256 最受渗透测试工程师欢迎的10款漏洞扫描工具（2023版） https://www.aqniu.com/tools-tech/96753.html ChatGPT幻觉导致开发人员受到供应链恶意软件攻击 https://www.4hou.com/posts/0o93 响尾蛇组织使用DLL劫持加载Cobalt Strike攻击巴基斯坦政府 https://www.secpulse.com/archives/201630.html Cloud Security Tops Concerns for Cybersecurity Leaders: EC-Council's Certified CISO Hall of Fame Report 2023 https://thehackernews.com/2023/06/cloud-security-tops-concerns-for.html The Importance of Managing Your Data Security Posture https://thehackernews.com/2023/06/the-importance-of-managing-your-data.html The Annual Report: 2024 Plans and Priorities for SaaS Security https://thehackernews.com/2023/06/the-annual-report-2024-plans-and.html How to Improve Your API Security Posture https://thehackernews.com/2023/06/how-to-improve-your-api-security-posture.html 5 Reasons Why Access Management is the Key to Securing the Modern Workplace https://thehackernews.com/2023/06/5-reasons-why-access-management-is-key.html F.商業 Google Cloud、Workspace開始支援Passkey無密碼登入 https://www.ithome.com.tw/news/157209 密碼管理解決方案業者1Password推出瀏覽器Passkey擴充套件公開測試版 https://www.ithome.com.tw/news/157236 ChatGPT帶動企業需求宏碁資訊瞄準AI、雲端、資安需求 https://ec.ltn.com.tw/article/breakingnews/4328477 Netron網創資訊攜手中華軟協、NTT DATA及鋒形科技，拓展日本雲服務市場 https://www.techbang.com/posts/107063-netron-joined-hands-with-china-soft-association-ntt-data-and G.政府去年國慶焰火晚會無人機中製疑慮監委申請調查 https://www.cna.com.tw/news/aipl/202306090054.aspx 支持沙崙資安聚落成形盼頂端科研皆在此產生 https://news.586.com.tw/2023/06/488366/ 黃偉哲市長全力支持沙崙資安聚落成形成為國家資安防禦重要後盾 https://www.owlting.com/news/articles/378650 520前總統府遇駭　高虹安：駭客與內鬼的惡意操作 https://www.youtube.com/watch?v=WFIrtESwFgQ H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安 5 Reasons Why IT Security Tools Don't Work For OT https://thehackernews.com/2023/06/5-reasons-why-it-security-tools-dont.html 兆勤針對近期修補的防火牆重大漏洞提出警告，並指出有更多漏洞被用於攻擊行動 https://www.zyxel.com/global/en/support/security-advisories/zyxels-guidance-for-the-recent-attacks-on-the-zywall-devices Zyxel Firewalls Under Attack! Urgent Patching Required https://thehackernews.com/2023/06/zyxel-firewalls-under-attack-urgent.html ASUS RT-AC86U - Buffer Overflow https://www.twcert.org.tw/tw/cp-132-7147-afcf9-1.html ASUS RT-AC86U - Command Injection https://www.twcert.org.tw/tw/cp-132-7146-ef92a-1.html I.教育訓練 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 6.近期資安活動及研討會 KaLUG 2306 聚會 - 新世代開源 VPN 伺服器 wireguard 2023/6/10 https://kalug.kktix.cc/events/2306 Drupal Mentoring Taipei - Meet and Code 2023/6/10 https://www.meetup.com/drupal-mentoring-taipei/events/293076527/ 大型語言模型時代下，建置解決方案該有的姿勢/知識 (Building solutions with LLMs) 2023/6/12 https://www.meetup.com/rladies-taipei/events/293170581/ 資安分析新手村：掌握網路封包分析技術（線上課程） 2023/6/13 https://forms.gle/msePzws5GtcDunrc7 SyntaxError 2023/6/14 https://www.meetup.com/pythonhug/events/293758083/ 資安分析新手村：掌握網路封包分析技術（實體課程）2023/6/14 https://forms.gle/mtpZNPCpTVyv97Dr9 台灣專場「Microsoft Build Taiwan」 2023/6/15 https://mktoevents.com/microsoft+event/400676/157-gqe-382?wt.mc_id=AID3059306_QSG_PD_EML_644332 網路自由小聚 [6月] ：AI 法不法 2023/6/15 https://ocftw.kktix.cc/events/internetfreedom-june2023 Putting Privacy at the Forefront in Automotive 2023/6/16 https://www.meetup.com/automotive-security-research-group-taipei-asrg-%E8%87%BA%E5%8C%97/events/293824870/ 思科雲端攻防戰_企業資安人才計畫全面啟動 2023/6/16 https://www.accupass.com/event/2305051229145163809640 線上資安專題講座- Large Language Model帶給供應鏈威脅獵捕的野望 2023/6/17 https://isipevent.kktix.cc/events/6c2fc51b-copy-1 2023 Empowering Yourself, Empowering Others Series: 調出跨文化故事力 2023/6/20 https://www.meetup.com/women-who-code-taipei/events/293462074/ Taipei dbt Meetup #12 (in-person 👫 & online 👨‍💻) 2023/6/21 https://www.meetup.com/taipei-dbt-meetup/events/293758471/ 從「會動就好」到「持續營運」 2023/6/24 https://www.accupass.com/event/2305270631121994465958 Raspberry Pi 樹莓派社群聚會 #38 2023/6/26 https://raspberrypi-tw-bdfa45.kktix.cc/events/meetup38 「以小博大：透過工具及社群提升公民數位韌性」座談會 2023/6/27 https://www.twsig.tw/20230627/ 黑客視角：網站漏洞挖掘與防禦 ( 線上課程) 2023/6/27 https://forms.gle/JpThJxMgxZd3uNh39 黑客視角：網站漏洞挖掘與防禦 ( 實體課程) 2023/6/28 https://forms.gle/qQAqx8KZzzntSyLd9 SaaS軟體PM-技術實戰班｜AWS雲端架構設計｜軟體資安｜AWS實作Lab｜模擬試題 2023/6/30 https://www.accupass.com/event/2305310854254976071070 SGS汽車供應鏈發展新趨勢研討會電動車產業關鍵佈局迎向智慧安全新未來 2023/7/4 https://www.accupass.com/event/2304250153518811535560 網路自由小聚 [7月] ：數位人權國際會議會後分享會 2023/7/4 https://ocftw.kktix.cc/events/internetfreedom-july 2023-零信任存取 - APPLE資安研討會 2023/7/5 https://2023gettechnology.kktix.cc/events/48f91757 台灣駭客年會 HITCON Training 2023 2023/7/12 ~ 2023/7/15 https://hitcon.kktix.cc/events/hitcon-training-2023 大數據分析進階班 2023/7/27 ~ 2023/7/28 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=600 【舒虎教育】《區塊鏈初階課程》平日班 2023/7/27 ~ 2023/7/28 https://www.accupass.com/event/2305280843071623542481 【舒虎教育】《區塊鏈初階課程》假日班 2023/7/29 ~ 2023/7/30 https://www.accupass.com/event/2305280843202058678448 COSCUP 2023 2023/07/29 ~ 2023/07/30 https://coscup.org/2023/zh-TW/landing InfoSec Taiwan 2023 國際資安大會 2023/8/1 ~ 2023/8/3 https://csa.kktix.cc/events/infosectaiwan2023 大數據分析進階班 2023/8/10 ~ 2023/8/11 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=611 DEF CON 32 2023/8/10 ~ 2023/8/13 https://defcon.org/index.html AIoT應用實作研習班 2023/8/16 ~ 2023/8/17 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=601 HITCON CMT 2023 2023/08/18 ~ 2023/08/19 https://hitcon.org/2023/CMT/ 大數據分析進階班 (台中) 2023/8/21 ~ 2023/8/22 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=612 AIoT應用實作研習班 (台中) 2023/8/23 ~ 2023/8/24 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=604 PyCon TW 2023 2023/9/2 ~ 2023/9/3 https://tw.pycon.org/2023/zh-hant/registration/tickets Web應用滲透測試 2023/9/7 ~ 2023/9/8 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=631 Hou.Sec.Con 2023/10/12 ~ 2023/10/13 https://web.cvent.com/event/76d46ccb-fe00-4fe5-ba46-e4a77c807f21/summary (ISC)2 SECURITY CONGRESS LEAD WITH CONFINDENCE 2023/10/25 ~ 2023/10/27 https://www.isc2.org/Congress-2023