###### tags: `資安事件新聞週報` # 資安事件新聞週報 2024/4/29 ~ 2024/5/3 1.重大弱點漏洞/後門/Exploit/Zero Day Cisco Talos 已發現針對影響 CISCO ASA VPN 的網路活動 https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_attacks_event_response https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/ https://www.ithome.com.tw/news/162516 https://www.cyber.gc.ca/en/news-events/cyber-activity-impacting-cisco-asa-vpns#fn5 針對防火牆危急漏洞CVE-2024-3400，Palo Alto Networks證實攻擊者有可能藉此持續存取受害裝置 https://www.ithome.com.tw/news/162590 HPE Aruba Networking修補網路設備作業系統重大漏洞，若不處理恐被用於RCE攻擊 https://www.ithome.com.tw/news/162653 Four Critical Vulnerabilities Expose HPE Aruba Devices to RCE Attacks https://thehackernews.com/2024/05/four-critical-vulnerabilities-expose.html Brocade旗下SAN管理軟體揭露與修補18個漏洞 https://www.ithome.com.tw/news/162600 Brocade儲存區域網路管理軟體發現多個漏洞 https://www.ithome.com.tw/news/162600 烏克蘭遭遇Office已知漏洞攻擊，對方利用PowerPoint檔案散布Cobalt Strike https://www.deepinstinct.com/blog/uncorking-old-wine-zero-day-cobalt-strike-loader 微軟4月Windows更新弄壞了VPN連線 https://www.ithome.com.tw/news/162657 Microsoft says April Windows updates break VPN connections https://www.bleepingcomputer.com/news/microsoft/microsoft-says-april-windows-updates-break-vpn-connections/ Microsoft won't fix Windows 0x80070643 errors, manual fix required https://www.bleepingcomputer.com/news/microsoft/microsoft-wont-fix-windows-0x80070643-errors-manual-fix-required/ 美國針對路徑穿越漏洞提出警告，呼籲軟體供應商出貨前應進行清查 https://reurl.cc/KeXAjy CISA Warns of Active Exploitation of Severe GitLab Password Reset Vulnerability https://thehackernews.com/2024/05/cisa-warns-of-active-exploitation-of.html 美國證實去年底修補的GitLab危急漏洞CVE-2023-7028已出現攻擊行動 http://www.cisa.gov/news-events/alerts/2024/01/10/cisa-adds-one-known-exploited-vulnerability-catalog Security Bulletin: IBM QRadar Assistant App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities https://www.ibm.com/support/pages/node/7149736 IBM QRadar SIEM on Azure Cloud deployed from Azure Marketplace is vulnerable to remote code execution (CVE-2024-21334) https://www.ibm.com/support/pages/node/7149967 Severe Flaws Disclosed in Brocade SANnav SAN Management Software https://thehackernews.com/2024/04/severe-flaws-disclosed-in-brocade.html 10 Critical Endpoint Security Tips You Should Know https://thehackernews.com/2024/04/10-critical-endpoint-security-tips-you.html Palo Alto Networks Outlines Remediation for Critical PAN-OS Flaw Under Attack https://thehackernews.com/2024/04/palo-alto-networks-outlines-remediation.html Hackers Exploiting WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sites https://thehackernews.com/2024/04/hackers-exploiting-wp-automatic-plugin.html WordPress自動化內容匯入外掛程式存在危急漏洞，攻擊者有機會得到管理者權限並植入後門 http://patchstack.com/database/vulnerability/wp-automatic/wordpress-automatic-plugin-3-92-0-unauthenticated-arbitrary-sql-execution-vulnerability 駭客試圖利用WordPress外掛漏洞進行攻擊，該漏洞的非常嚴重可以讓攻擊者完全控制網站 https://www.techbang.com/posts/114987-hackers-the-wordpress-plugin North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures https://thehackernews.com/2024/04/north-koreas-lazarus-group-deploys-new.html New R Programming Vulnerability Exposes Projects to Supply Chain Attacks https://thehackernews.com/2024/04/new-r-programming-vulnerability-exposes.html 逾1,400臺CruchFTP檔案共享伺服器尚未修補CVE-2024-4040 https://twitter.com/Shadowserver/status/1783399676521168935 程式語言R編譯過程存在高風險漏洞，恐導致供應鏈攻擊 https://www.ithome.com.tw/news/162626 Chrome 及 Edge 124 版加入防量子運算破解技術，反而導致多家網路設備 TLS 解析失敗無法上網 https://netmag.tw/2024/04/30/google-chrome-anti-quantum-computing-jailable-algorithms-interference-some-tls-connections 2.銀行/金融/保險/證券/金融監理 新聞及資安 永豐銀行聯手Gogolook預判詐騙警示帳戶 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11057 美國健康保險巨擘UnitedHealth坦承選擇低頭，向駭客支付贖金 https://www.ithome.com.tw/news/162639 網路報稅 四要四不要 https://today.line.me/tw/v2/article/qoB2MBK 券商資安會議 教戰策略 https://udn.com/news/story/7253/7936175 DORA – Guiding the Resilience of Digital Financial Services https://thehackernews.com/expert-insights/2024/05/dora-guiding-resilience-of-digital.html 3.信用卡/電子支付/行動支付/pay/支付系統/資安 PCI Launches Payment Card Cybersecurity Effort in the Middle East https://www.darkreading.com/cyber-risk/pci-launches-payment-card-cybersecurity-effort-in-middle-east 強化OTP簡訊識別防詐 消費幣別代碼改中文顯示 https://reurl.cc/NQGrl5 印度銀行ICICI行動應用程式配置錯誤，導致逾1.7萬張信用卡資料曝光 https://securityaffairs.com/162479/security/icici-bank-technical-glitch.html 街口、全支付等4家電子支付業者用戶突破250萬，10月底前將設資安專責部門 https://www.cna.com.tw/news/afe/202405020400.aspx 電子支付要設專責資安單位 4家專營先行 https://www.ctee.com.tw/news/20240502701981-430303 街口、全支付等四大電支龍頭 金管會要求強制10月前設資安長 https://reurl.cc/mM328V 中捷綠線行動支付系統啟用 服務便捷 https://www.ydn.com.tw/news/newsInsidePage?chapterID=1670987 新莊棒球場導入ePay多元支付服務 球迷消費便利享優惠 https://www.cna.com.tw/postwrite/chi/369587 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 Bitcoin Forensic Analysis Uncovers Money Laundering Clusters and Criminal Proceeds https://thehackernews.com/2024/05/bitcoin-forensic-analysis-uncovers.html 香港比特幣以太坊現貨ETF首秀遇冷，表現疲倦交易量明顯低於預期 https://hao.cnyes.com/post/83184 VanEck：目前有1750億美元比特幣由 ETF、國家和企業持有，高回報投資者的首選 https://www.blocktempo.com/175-billion-in-bitcoin-is-held-by-etfs-national-entities-and-corporations/ 幣圈牛市還在醞釀 比特幣價守5.7萬美元 今年有望衝上10萬 https://www.chinatimes.com/realtimenews/20240502004578-260410 比特幣、以太幣、瑞波幣預測：一旦比特幣築底反彈，其他貨幣將反彈 https://reurl.cc/LWMgYx 古巴強推數位貨幣釀反效果 民眾排隊數小時領不到現鈔 https://news.pts.org.tw/article/692690 全球最年輕貨幣辛巴威「ZiG」曾一條麵包5億元 盼新幣解決通膨危機 https://reurl.cc/2Yme5a FTX 創辦人判刑 25 年，可能對加密貨幣生態系統造成嚴重打擊 https://technews.tw/2024/04/29/the-cryptocurrency-ecosystem-has-taken-a-serious-hit/ 一文讀懂什麼是web3，元宇宙，數位資產 https://hao.cnyes.com/post/83274?utm_source=cnyes&utm_medium=home&utm_campaign=postid 比特幣現貨 ETF 熱潮燒到澳洲！彭博社：料年底前登澳交所主板 https://blockcast.it/2024/04/29/australia-poised-for-bitcoin-etf-boom-with-asx-expected-to-approve-listings/ 加強去美元化 金磚國家考慮推出國際貿易結算穩定幣 https://news.cnyes.com/news/id/5541315 MistTrack：Poloniex攻擊者向兩個新地址轉移501枚比特幣 https://news.cnyes.com/news/id/5541309 安全 & 監管月報：香港首批虛擬資產現貨 ETF 上市，4 月因駭客攻擊等造成的總損失金額達 1.01 億美元 https://web3caff.com/zh_tc/archives/91626 Pike疑似遭遇駭客攻擊，損失479枚ETH https://news.cnyes.com/news/id/5542734 跨鏈借貸協議Pike疑似再度遭遇駭客攻擊，損失479枚ETH https://news.cnyes.com/news/id/5542733 Curve Finance向披露潛在重入漏洞的安全人員發放25萬美元賞金 https://news.cnyes.com/news/id/5542899 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 瑞典物流業者Skanlog傳出遭遇勒索軟體攻擊，導致當地酒品供應受到衝擊 https://securityaffairs.com/162333/cyber-crime/swedens-liquor-supply-ransomware-attack.html 互動式BI系統Qlik Sense遭勒索軟體Cactus攻擊，3千多臺伺服器曝險 https://www.ithome.com.tw/news/162575 研究人員揭露PlugX惡意程式攻擊行動，半年針對170個國家、近250萬臺電腦下手 https://www.ithome.com.tw/news/162578 中東政府遭到後門程式CR4T鎖定，老牌檔案管理共享軟體Total Commander安裝檔遭改裝夾帶惡意程式下載器 https://www.ithome.com.tw/news/162554 研究人員揭露佯稱提供職缺的攻擊行動Dev Popper，意圖在開發人員電腦植入Python後門 https://www.securonix.com/blog/analysis-of-devpopper-new-attack-campaign-targeting-software-developers-likely-associated-with-north-korean-threat-actors/ 安卓惡意程式Wpeeper利用已遭入侵的WordPress網站接收攻擊命令 https://www.ithome.com.tw/news/162642 Global operation to disrupt the Grandoreiro banking trojan https://www.welivesecurity.com/en/eset-research/eset-takes-part-global-operation-disrupt-grandoreiro-banking-trojan/ From IcedID to Dagon Locker Ransomware in 29 Days https://thedfirreport.com/2024/04/29/from-icedid-to-dagon-locker-ransomware-in-29-days/ 惡意程式Cuttlefish鎖定小型路由器而來，企圖透過監控流量盜取帳密資料 https://www.ithome.com.tw/news/162633 New Cuttlefish Malware Hijacks Router Connections, Sniffs for Cloud Credentials https://thehackernews.com/2024/05/new-cuttlefish-malware-hijacks-router.html ZLoader Malware Evolves with Anti-Analysis Trick from Zeus Banking Trojan https://thehackernews.com/2024/05/zloader-malware-evolves-with-anti.html New Latrodectus malware attacks use Microsoft, Cloudflare themes https://www.bleepingcomputer.com/news/security/new-latrodectus-malware-attacks-use-microsoft-cloudflare-themes/ Bogus npm Packages Used to Trick Software Developers into Installing Malware https://thehackernews.com/2024/04/bogus-npm-packages-used-to-trick.html 金融木馬Brokewell挾持安卓裝置，從而竊取機敏資料、洗劫金融帳戶 https://www.ithome.com.tw/news/162593 New 'Brokewell' Android Malware Spread Through Fake Browser Updates https://thehackernews.com/2024/04/new-brokewell-android-malware-spread.html Google Prevented 2.28 Million Malicious Apps from Reaching Play Store in 2023 https://thehackernews.com/2024/04/google-prevented-228-million-malicious.html Millions of Malicious 'Imageless' Containers Planted on Docker Hub Over 5 Years https://thehackernews.com/2024/04/millions-of-malicious-imageless.html New "Goldoon" Botnet Targets D-Link Routers With Decade-Old Flaw https://thehackernews.com/2024/05/new-goldoon-botnet-targets-d-link.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 就算窮死也不拿意圖分化我們的錢！3個大男孩如何熬過資金斷炊危機，打造出全球下載逾億次的App https://www.businesstoday.com.tw/article/category/80394/post/202112140021/ Android通用核心將移除RISC-V支援，但Google否認不再支援 https://www.ithome.com.tw/news/162609 Popular Android Apps Like Xiaomi, WPS Office Vulnerable to File Overwrite Flaw https://thehackernews.com/2024/05/popular-android-apps-like-xiaomi-wps.html 如何在 Android 上安裝 Microsoft Defender https://today.line.me/tw/v2/article/3NRO9jZ 韓政府就日方要求LINE雅虎剝離NAVER資本表態 https://cb.yna.co.kr/gate/big5/cn.yna.co.kr/view/ACK20240430002700881?section=politics/index SIM卡換eSIM「訊號變差」？　內行點頭：1情況有影響 https://news.tvbs.com.tw/life/2471717 機場充電個資遭竊取　駭客鎖定公共充電站 https://news.tvbs.com.tw/amp/life/2472233 228萬個APP涉違反政策 遭禁止上架Google Play https://ec.ltn.com.tw/article/breakingnews/4658219 黑客利用山寨版 Chrome 瀏覽器 內藏 Brokewell 木馬 繞過 Andriod 防護機制 https://reurl.cc/nNZor8 C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 針對京鼎1月遭駭，證交所指出該公司延遲發布重大訊息開罰 https://www.ithome.com.tw/news/162574 ChatGPT、Copilot涉侵犯版權 美8家報業告OpenAI和微軟 https://www.cna.com.tw/news/aopl/202405010036.aspx 北韓駭客Kimsuky濫用生成式AI從事網路間諜行動 https://www.ithome.com.tw/news/162515 美國國稅局傳出系統漏洞，恐導致財務報表不準確 https://fedscoop.com/irs-information-systems-security-problems-financial-statements-gao/ 俄羅斯駭客正在尋找水力設施工控系統的遠端存取破口，美國、加拿大、英國發布警告 https://www.ithome.com.tw/news/162661 遭北韓駭客網攻，瑞典酒類公賣局面臨庫存短缺危機 https://www.moneydj.com/kmdj/news/newsviewer.aspx?a=7838372b-45d7-4b7c-bfd4-438422620025 駭客組織Muddling Meerkat利用中國長城防火牆操縱DNS https://www.prnewswire.com/news-releases/infoblox-threat-intel-discovers-muddling-meerkat-a-dns-operation-controlling-chinas-great-firewall-302129471.html 加拿大連鎖藥局London Drugs遭遇網路攻擊，被迫暫停營業 https://www.bleepingcomputer.com/news/security/london-drugs-pharmacy-chain-closes-stores-after-cyberattack/ Google Chrome的新後量子加密機制可能導致TLS連線中斷 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11066 北約新會員國瑞典遭遇大規模DDoS攻擊，在正式加入前達到高峰 https://www.infosecurity-magazine.com/news/nato-sweden-surge-ddos-attacks/ 中共黨魁5月訪歐前 歐洲多國警惕遭共諜滲透嚴重 https://reurl.cc/nNZoDX 間諜式愛情？法上將警告中共「蜜罐」行動 https://renminbao.com/rmb/articles/2024/5/1/82497b.html 中國網絡攻擊：比利時下議院提起司法訴訟 https://reurl.cc/KeXA3j 反擊陸網路攻擊 比利時議員對陸駭客組織提司法訴訟 https://money.udn.com/money/amp/story/5603/7934997 歐盟加強安全保護 將中國快時尚電商希音（Shein）等列入嚴管名單 https://reurl.cc/ezWEDx 加拿大安全局: 中共正加大力度竊取學術界和公司的技術 https://www.soundofhope.org/post/811237?lang=b5 針對俄羅斯駭客接連攻擊水力設施工控系統的現象，美國政府提出警告 https://media.defense.gov/2024/May/01/2003454817/-1/-1/0/DEFENDING-OT-OPERATIONS-AGAINST-ONGOING-PRO-RUSSIA-HACKTIVIST-ACTIVITY.PDF China-Linked 'Muddling Meerkat' Hijacks DNS to Map Internet on Global Scale https://thehackernews.com/2024/04/china-linked-muddling-meerkat-hijacks.html Router Roulette: Cybercriminals and Nation-States Sharing Compromised Networks https://www.trendmicro.com/en_us/research/24/e/router-roulette.html Ukraine Targeted in Cyberattack Exploiting 7-Year-Old Microsoft Office Flaw https://thehackernews.com/2024/04/ukraine-targeted-in-cyberattack.html Ukrainian REvil Hacker Sentenced to 13 Years and Ordered to Pay $16 Million https://thehackernews.com/2024/05/ukrainian-revil-hacker-sentenced-to-13.html U.S. Government Releases New AI Security Guidelines for Critical Infrastructure https://thehackernews.com/2024/04/us-government-releases-new-ai-security.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 福斯汽車傳出資料外洩，駭客疑似竊得逾1.9萬份機密資料 https://www.ithome.com.tw/news/162589 冒牌美國郵局網釣網站流量超越正牌網站 https://www.ithome.com.tw/news/162576 群光電子遭駭事故傳出後續，對方聲稱取得SpaceX相關檔案，該公司表示為非機密資料 https://www.ithome.com.tw/news/162568 員警涉嫌內神通外鬼，查詢165反詐騙平臺示警銀行帳號，將相關資料洩露給詐騙集團 https://www.ithome.com.tw/news/162569 Change Healthcare 駭客使用被盜憑證入侵 - 聯合健康集團 CEO 表示沒有多重因素認證 https://reurl.cc/qVZgrp 駭客入侵恐嚇詐騙 喪偶女痛失2.5萬元 https://reurl.cc/Wxq3R7 美國聯邦調查局：美國老人去年被騙走逾34億美元 http://big5.news.cn/gate/big5/www.news.cn/world/20240501/3c32a91982e14515ac1bcdb5eca62aed/c.html 被AI詐騙看扁，政府束手無策 https://reurl.cc/VzRELR 蘋果開發者網站被駭，6百萬開發者個資有外洩風險 https://ithome.com.tw/news/81585 攻擊者濫用Docker Hub映像檔儲存庫出現新的手法！近3百萬儲存庫被用於推送惡意程式、架設釣魚網站 https://www.ithome.com.tw/news/162636 從雲端服務下載檔案要小心！惡意軟體Latrodectus透過多次回覆釣魚信夾雜此類誘餌，並搭配冒牌Cloudflare圖靈驗證降低心防 https://www.ithome.com.tw/news/162640 網路報稅民眾反詐騙 KPMG提醒「四要四不要」教戰守則 https://www.cna.com.tw/postwrite/chi/369395 南加華男假扮FBI上門取錢 連環詐騙長者大筆現金 https://www.worldjournal.com/wj/story/121471/7936696 LINE個資外洩被要求檢討韓資 日韓關係影響受矚 https://www.cna.com.tw/news/aopl/202404300225.aspx 澳航APP爆個資外洩　可看其他乘客資料甚至「取消別人航班」 https://today.line.me/tw/v2/article/60RNxNa 澳洲航空將旅客敏感資訊及登機證曝露給他人，起因是應用程式配置錯誤 https://www.qantasnewsroom.com.au/qantas-responds/statement-on-qantas-app-issue/ 雲端檔案共享服務Dropbox證實電子簽章服務遭駭，對方竊得身分驗證機密資料 https://www.ithome.com.tw/news/162654 Dropbox Discloses Breach of Digital Signature Service Affecting All Users https://thehackernews.com/2024/05/dropbox-discloses-breach-of-digital.html Phishing Campaigns Targeting USPS See as Much Web Traffic as the USPS Itself https://www.akamai.com/blog/security-research/2024/apr/phishing-usps-malicious-domains-traffic-equal-to-legitimate-traffic 身分驗證解決方案業者Okta提出警告，鎖定該公司用戶的帳號填充攻擊爆增 https://www.ithome.com.tw/news/162598 鎖定Okta用戶的帳號填充攻擊爆增 https://www.bleepingcomputer.com/news/security/okta-warns-of-unprecedented-credential-stuffing-attacks-on-customers/ Okta示警線上服務的憑證填充攻擊規模與頻率大增 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11062 Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing Attacks https://thehackernews.com/2024/04/okta-warns-of-unprecedented-surge-in.html Qantas app exposed sensitive traveler details to random users https://www.bleepingcomputer.com/news/security/qantas-app-exposed-sensitive-traveler-details-to-random-users/ Ex-NSA Employee Sentenced to 22 Years for Trying to Sell U.S. Secrets to Russia https://thehackernews.com/2024/05/ex-nsa-employee-sentenced-to-22-years.html Google Announces Passkeys Adopted by Over 400 Million Accounts https://thehackernews.com/2024/05/google-announces-passkeys-adopted-by.html NSA, FBI Alert on N. Korean Hackers Spoofing Emails from Trusted Sources https://thehackernews.com/2024/05/nsa-fbi-alert-on-n-korean-hackers.html E.研究報告/工具 研究人員揭露可針對小米檔案管理工具、WPS Office等安卓應用程式的攻擊手法Dirty Stream https://www.microsoft.com/en-us/security/blog/2024/05/01/dirty-stream-attack-discovering-and-mitigating-a-common-vulnerability-pattern-in-android-apps/ How Artificial Intelligence Powers the Autonomous SOC Platform https://intezer.com/blog/incident-response/artificial-intelligence-powered-autonomous-soc/ New Guide Explains How to Eliminate the Risk of Shadow SaaS and Protect Corporate Data https://thehackernews.com/2024/05/new-guide-explains-how-to-eliminate.html Navigating the Threat Landscape: Understanding Exposure Management, Pentesting, Red Teaming and RBVM https://thehackernews.com/2024/04/navigating-threat-landscape.html Sandbox Escape Vulnerabilities in Judge0 Expose Systems to Complete Takeover https://thehackernews.com/2024/04/sandbox-escape-vulnerabilities-in.html Considerations for Operational Technology Cybersecurity https://thehackernews.com/2024/04/considerations-for-operational.html Everyone's an Expert: How to Empower Your Employees for Cybersecurity Success https://thehackernews.com/2024/05/everyones-expert-how-to-empower-your.html When is One Vulnerability Scanner Not Enough https://thehackernews.com/2024/05/when-is-one-vulnerability-scanner-not.html Nice introduction to Windows kernel exploitation for beginners Part 1: https://mdanilor.github.io/posts/hevd-0/ Part 2: https://mdanilor.github.io/posts/hevd-1/ Part 3: https://mdanilor.github.io/posts/hevd-2/ Part 4: https://mdanilor.github.io/posts/hevd-3/ Part 5: https://mdanilor.github.io/posts/hevd-4/ F.商業 Palo Alto Networks：運用 AI 實現網路安全的秘訣 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11060 威實康科技宣佈與Splunk擴大代理銷售至香港及台灣 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11059 儲存系統廠商CTERA強化勒索軟體防護能力 https://www.ithome.com.tw/news/162396 Commvault併購雲端災難復原軟體新創廠商Appranix https://www.ithome.com.tw/news/162395 備份軟體大廠Commvault推出隔離還原服務 https://www.ithome.com.tw/news/162648 微軟將在印尼投資17億美元 發展雲端和人工智慧 https://news.cnyes.com/news/id/5541483 微軟突襲！Windows 11「開始」功能表推送廣告 https://www.technice.com.tw/techmanage/3c/108643/ 華碩資安長：大廠應帶頭樹立供應鏈資安管理制度 https://www.cna.com.tw/news/afe/202404300147.aspx G.政府 守護關鍵基礎設施今年挑20處演習 油水電、通訊、醫院、科學園區等8大類 不包括個別企業 https://www.chinatimes.com/newspapers/20240501000346-260118?chdtv 行政院提名翁柏宗、陳炳宏擔任NCC下一任正、副主委 https://www.ithome.com.tw/news/162602 立委徐巧芯網路攻擊事件　IP來自社頭鄉立圖書館公用電腦區 https://www.watchmedia01.com/anews-20240430040920.html 金管會公布金融業運用AI指引最新進度，6月發布正式指引 https://www.ithome.com.tw/news/162599 電子簽章法修正法案獲立院三讀通過 https://www.ithome.com.tw/news/162597 社科院行管碩課程講座　簡宏偉分析資安治理趨勢 https://www.nccu.edu.tw/p/405-1000-16629,c87.php?Lang=zh-tw 防範駭客攻擊醫院資料庫｜調查局與義大醫院簽署「資通安全聯防合作備忘錄」 https://www.atanews.net/?Wirenews=S2543 防網路遭駭 台鐵與調查局簽資安聯防合作備忘錄 https://www.cna.com.tw/news/ahel/202404300284.aspx 關鍵設施導入雙備援防護 台國安局：今年擇定40處巡檢 https://www.epochtimes.com/b5/24/5/1/n14238485.htm 男子造假總統大選錯誤計票影片上傳抖音 移送北檢偵辦 https://www.cna.com.tw/news/asoc/202405020060.aspx 數位身分證調閱小組 招標文件及得標廠商合約書等須在5/9前送立院 https://www.rti.org.tw/news/view/id/2204579 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 工控領域的安全開發！迷思與重要觀念 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11055 英國成為全球首個禁止物聯網裝置使用預設簡單密碼的國家 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11061 New U.K. Law Bans Default Passwords on Smart Devices Starting April 2024 https://thehackernews.com/2024/04/new-uk-law-bans-default-passwords-on.html D-Link家用路由器DIR-645老舊漏洞遭殭屍網路Goldoon鎖定，遭綁架的設備被用來發動DDoS攻擊 https://www.ithome.com.tw/news/162660 I.教育訓練 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 6.近期資安活動及研討會 資安五四三 2024/5/2 https://csa.kktix.cc/events/202405-543 HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會 淡水 2024/5/2 https://www.meetup.com/hackingthursday/events/300368463/ 【安碁學苑】資安職能培訓｜資訊安全工程師 2024/5/4 https://acsiacad.kktix.cc/events/6ebd7fbd-copy-3 Just a chat - with no Expectations 2024/5/4 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/300406369/ Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/5/7 https://www.meetup.com/taiwan-code-camp/events/300468047/ Machine Learning Tech Talks 2024/5/8 https://www.meetup.com/machine-learning-tech-talks/events/300510908/ HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會 淡水 2024/5/9 https://www.meetup.com/hackingthursday/events/300511917/ 企業雲端建設升級關鍵 - 雲端安全與應用加速技術 2024/5/9 https://www.accupass.com/event/2404260716204457786970 Google Cloud Next’24 大會重點搶先看 Microfusion 線上活動2024/5/9 https://www.accupass.com/event/2404190201121429831564 Taipei DevOps User Group 8th Event, supported by Wankuma Alliance 2024/5/10 https://www.meetup.com/taipei-devops-user-group/events/300427952/ 「工業自動化控制系統-資安指引」說明會 2024/5/10 https://www.tairoa.org.tw/column/bnGenerator.aspx?Language=zh-TW&CategoryId=5&ColumnId=13731 Just a chat - with no Expectations 2024/5/11 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/300549690/ 2024 CYBERSEC 資安大會 Jamf 資安體驗館 2024/5/14 https://jamf.kktix.cc/events/jamfxcybersec2024 【資安工作坊】零信任架構(ZTA)：trust me bro! 我不會害你的~ 2024/5/14 https://hackersir.kktix.cc/events/zta-20240514 Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/5/14 https://www.meetup.com/taiwan-code-camp/events/300610702/ vLAB ICT技術群_2024 五月台北實體聚會 2024/5/15 https://vlab.kktix.cc/events/202405 HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會 淡水 2024/5/16 https://www.meetup.com/hackingthursday/events/300654593/ 生成式AI週－Atlassian Taiwan社群AI之夜 2024/5/17 https://www.meetup.com/taipei-atlassian-community-events/events/300422047/ 思科中小企業資安防護座談會 2024/5/17 https://www.accupass.com/event/2404260939032433110730 Just a chat - with no Expectations 2024/5/18 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/300693121/ The 3rd Ann! WordPress Taoyuan 午茶/晚餐小聚三週年！ Linner Meetup #36 2024/5/18 https://www.meetup.com/taoyuan-wordpress-meetup/events/300449447/ 【補助課程諮詢】AIoT智慧物聯網邊緣運算與資安實戰 2024/5/19 https://www.accupass.com/event/2404120334053507827320 Taipei dbt Meetup #24 for all folks working with data! (Hybrid 👫 + 🧑‍💻) 2024/5/19 https://www.meetup.com/taipei-dbt-meetup/events/300586249/ Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/5/21 https://www.meetup.com/taiwan-code-camp/events/xfxtjtygchbcc/ 掌握雲端安全 整合AI創新趨勢 - 提升企業資安 全方位高效防護策略 2024/5/22 https://www.accupass.com/event/2404240613046556674540 Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/5/22 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/299702425/ 國家高速網路與計算中心 教育訓練 NVIDIA 物理模擬計算 2024/5/22 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4091&from_course_list_url=homepage HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會 淡水 2024/5/23 https://www.meetup.com/hackingthursday/events/psspctygchbfc/ 資安長零信任的第一堂課（五月場）2024/5/23 https://jamf.kktix.cc/events/applexjamf-2 【安碁學苑】資安職能培訓｜系統網路安全管理師 2024/5/24 https://acsiacad.kktix.cc/events/6ebd7fbd-copy-4 2024離島盃資安競賽 2024/5/25 https://shieldx.kktix.cc/events/outlying 【資安工作坊】數位鑑識工作坊：數位劍士 - 快...還要更快 2024/5/25 https://hackersir.kktix.cc/events/forensics-240525 Just a chat - with no Expectations 2024/5/25 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/lsmkqsygchbhc/ Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/5/28 https://www.meetup.com/taiwan-code-camp/events/xfxtjtygchblc/ Learning Reimagined: AI in Action 2024/5/30 https://www.meetup.com/taipei-education-technology-meetup-group/events/300695401/ HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會 淡水 2024/5/30 https://www.meetup.com/hackingthursday/events/psspctygchbnc/ FineEvent 2024台灣帆軟用戶大會【數智．新趨勢】 2024/5/31 https://www.accupass.com/event/2404100159056749078620 資通安全概論--中區--考前複習班 2024/6/4 https://moltke.nccu.edu.tw/Registration/registration.do?action=conferenceInfo&conferenceID=X22767 國家高速網路與計算中心 教育訓練 粒子式電漿電磁模擬軟體VSim進階課程 2024/6/6 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4104&from_course_list_url=homepage 國家高速網路與計算中心 教育訓練 NVIDIA 大語言應用 2024/6/19 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4093&from_course_list_url=homepage Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/6/26 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/299702428/ AI應用系統開發與生成式AI應用人才培訓班第一梯次 2024/6/27 https://www.accupass.com/event/2401100729511706489107 國家高速網路與計算中心 教育訓練 RSC The Merck Index資料庫中文線上 2024/7/4 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4105&from_course_list_url=homepage 國家高速網路與計算中心 教育訓練 ABAQUS基礎訓練課程 2024/7/9 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4099&from_course_list_url=homepage InfoSec Taiwan 2024 國際資安組織大會 2024/7/9 https://csa.kktix.cc/events/infosectaiwan2024 CraftCon Taiwan 奧義 AI 資安年會 2024/7/12 https://www.accupass.com/event/2404221057531664149101 【第1期】2024企業資訊安全基礎課程 2024/7/17 https://www.accupass.com/event/2402020448251773447860 Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/7/24 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/299702433/ 國家高速網路與計算中心 教育訓練 NVIDIA GPU 計算 2024/7/24 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4094&from_course_list_url=homepage AI應用系統開發與生成式AI應用人才培訓班第一梯次 2024/6/27 ~ 2024/8/9 https://www.accupass.com/event/2401100729511706489107 Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/8/28 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/299702435/