1.重大弱點漏洞/後門/Exploit/Zero Day 紅隊演練工具TeamsPhisher鎖定微軟Teams漏洞，能對該項服務的使用者散布惡意軟體 https://www.bleepingcomputer.com/news/security/new-tool-exploits-microsoft-teams-bug-to-send-malware-to-users/ https://github.com/Octoberfest7/TeamsPhisher https://labs.jumpsec.com/advisory-idor-in-microsoft-teams-allows-for-external-tenants-to-introduce-malware/ MITRE 公佈 2023 年 25 個最危險的軟體弱點 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10542 MITRE Unveils Top 25 Most Dangerous Software Weaknesses of 2023: Are You at Risk https://thehackernews.com/2023/06/mitre-unveils-top-25-most-dangerous.html 網路頻寬挾持攻擊鎖定SSH主機而來 https://www.akamai.com/blog/security-research/proxyjacking-new-campaign-cybercriminal-side-hustle Cybercriminals Hijacking Vulnerable SSH Servers in New Proxyjacking Campaign https://thehackernews.com/2023/06/cybercriminals-hijacking-vulnerable-ssh.html 全球還有33萬臺FortiGate防火牆尚未修補遠端程式執行漏洞CVE-2023-27997 https://www.ithome.com.tw/news/157623 Alert: 330,000 FortiGate Firewalls Still Unpatched to CVE-2023-27997 RCE Flaw https://thehackernews.com/2023/07/alert-330000-fortigate-firewalls-still.html WordPress使用者資料設置外掛程式Ultimate Member出現零時差漏洞攻擊，20萬網站曝險 https://www.wordfence.com/blog/2023/06/psa-unpatched-critical-privilege-escalation-vulnerability-in-ultimate-member-plugin-being-actively-exploited/ Hackers Exploiting Unpatched WordPress Plugin Flaw to Create Secret Admin Accounts https://thehackernews.com/2023/07/unpatched-wordpress-plugin-flaw-could.html Improve Your Security WordPress Spam Protection With CleanTalk Anti-Spam https://thehackernews.com/2023/07/improve-your-security-wordpress-spam.html 數聯資安發現Adiscon LogAnalyzer具有高危險弱點 https://www.issdu.com.tw/news_detail.php?id=38&csrt=8883969554017745085 Mozilla發布Firefox 115，修補高風險的記憶體安全漏洞 https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/ 開源軟體Ghostscript出現漏洞，有可能被用於執行系統命令 https://nakedsecurity.sophos.com/2023/07/04/ghostscript-bug-could-allow-rogue-documents-to-run-system-commands/ 2.銀行/金融/保險/證券/金融監理 新聞及資安 Anatsa banking Trojan hits UK, US and DACH with new campaign https://www.threatfabric.com/blogs/anatsa-hits-uk-and-dach-with-new-campaign Mexico-Based Hacker Targets Global Banks with Android Malware https://thehackernews.com/2023/07/mexico-based-hacker-targets-global.html 臺大、北榮等多家醫學中心加入保險理賠醫起通，壽險公會下一步目標年底上線2.0版 https://www.ithome.com.tw/news/157625 臺美金融資安論壇6月底召開，指出資訊安全威脅與氣候變遷、環境永續議題同等重要 https://www.facebook.com/tabf.org/posts/pfbid02dLc5wUUQTrteCnkpHdNwhdN1Yy32Z2qiGjU31f1KmHGQYR1EM1vWNLTQdKWnnvr3l https://www.facebook.com/AIT.Social.Media/posts/pfbid0Dig8wfckGdKMvNbCCshPUZ4ehrQjoNE7cxPwRWa16Se5YS26JUXJctFy1ZFQAHw2l https://www.cna.com.tw/news/afe/202306290062.aspx ID文件身分認證 FIDO聯盟Q3推出 https://ctee.com.tw/news/finance/893300.html 加薪搶才大作戰 主計總處調查：金融保險業最積極 https://money.udn.com/money/story/5612/7270823?from=edn_newest_index 金融卡密碼不小心輸錯被鎖卡？ 台新宣布提供ATM解鎖服務 https://money.udn.com/money/story/5613/7274051?from=edn_subcatelist_cate 開放生成式AI之前 金管會對金融業提出資安五大示警 https://udn.com/news/story/7239/7262260 滙豐銀行倫敦總部測試量子技術，防範未來駭客攻擊 https://technews.tw/2023/07/05/hsbc-tests-quantum-tech-in-uk/ 保險賠償也沒了 癌患逾3萬被盜提 https://reurl.cc/Rz91px 金融卡忘密碼遭鎖怎辦？銀行教你解決痛點　並可善用生物辨識 https://www.nownews.com/news/6189294 保險業者怡安傳出遭到MOVEit Transfer零時差漏洞攻擊，導致都柏林機場員工個資外洩 https://www.theregister.com/2023/07/03/dublin_airport_data/ https://www.siliconrepublic.com/enterprise/dublin-airport-employees-daa-cyberattack-moveit-hack-aon-clop 國泰證APP當機要開罰? 證期局這樣說 https://ctee.com.tw/news/stocks/896746.html 3.信用卡/電子支付/行動支付/pay/支付系統/資安 金管會出手 防支付綁卡盜刷 https://reurl.cc/94nLaj 認證不縝密 電子支付帳號易遭冒用 https://reurl.cc/v7L42e 大陸行動支付、門號鬆綁 差旅更便利 https://www.chinatimes.com/newspapers/20230702000585-260303?chdtv 微信支付要支援綁定海外信用卡了！7月起陸續開放 https://www.ettoday.net/news/20230628/2529318.htm 5分鐘帶你認識行動支付背後的技術 https://vocus.cc/article/64a37079fd89780001932db2 通勤月票7月上路！15.7萬人搶先申請　第二階段導入行動支付 https://www.ettoday.net/news/20230629/2530040.htm 支付寶及微信支付可綁境外卡 「有錢花不出」獲解方 https://money.udn.com/money/story/5603/7267808 手機沒 NFC 也可用！Google Wallet 推出掃碼支付功能 https://m.eprice.com.tw/mobile/talk/124/5789414/1 免換電支App，一組QR Code就能掃碼購物！但街口、一卡通等4大業者在猶豫什麼 https://www.bnext.com.tw/article/75839/e-commerce-payment-system-platform 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 竊資軟體Meduza針對近20款密碼管理工具而來 https://www.uptycs.com/blog/what-is-meduza-stealer-and-how-does-it-work Meduza Stealer 針對19 密碼管理器和76個加密錢包進行攻擊 https://www.technice.com.tw/cloudtech/infosecurity/58293/ Evasive Meduza Stealer Targets 19 Password Managers and 76 Crypto Wallets https://thehackernews.com/2023/07/evasive-meduza-stealer-targets-19.html Meduza Stealer or The Return of The Infamous Aurora Stealer https://russianpanda.com/2023/06/28/Meduza-Stealer-or-The-Return-of-The-Infamous-Aurora-Stealer/ Poly Network 再度遭駭！駭客非法鑄造上億顆 BNB 和百億顆 BUSD，帳面價值超 340 億美金 https://zombit.info/poly-network-hacked-again/ Poly Network遭駭！駭客多鏈增發「420億鎂代幣」包括 BNB、SHIB、BUSD、XTM https://www.blocktempo.com/poly-network-was-exploited-again/ MARBLEX推出代幣經濟優化策略，強化透明度和永續性 https://www.techbang.com/posts/107537-marblex-launches-token-economy-optimization-strategy 19 歲的 Euler 駭客：只花 18 分鐘就盜走 2 億美元，猶豫 3 週後全數歸還 https://blockcast.it/2023/07/03/the-hacker-behind-2023s-biggest-crypto-heist-explains-himself/ PeckShield：駭客在6月竊取了價值約227萬美元的NFT，較上月下降23% https://news.cnyes.com/news/id/5238026 2023上半年區塊鏈安全與反洗錢報告 https://www.blocktempo.com/slowmist-blockchain-security-and-anti-money-laundering-report/ 數名以太坊社群成員提出 ERC-7265 標準，緩解 DeFi 駭客攻擊 https://zombit.info/ethereum-community-members-propose-erc-7265-mitigate-defi-hacks/ 幣安CSO：加密貨幣的駭客已將目光轉向加密貨幣最終用戶 https://news.cnyes.com/news/id/5239617?exp=a 幣安CSO：駭客已將目光轉向「安全意識較差」的加密貨幣用戶 https://news.knowing.asia/news/b1940775-e54f-41c9-8da1-02fb6a4a18ba 才不相信「點一下手機就能賺錢」！越南當局對「Pi 幣」發動調查 https://blockcast.it/2023/07/05/vietnam-launches-investigation-into-pi-token/ 第二季Web3協議因駭客和攻擊造成的損失從去年同期略有下降 https://news.cnyes.com/news/id/5240349 ERC-6551爆火！可組合 NFT Sapienz 暴漲10倍、單日新創帳戶破新高 https://www.blocktempo.com/erc-6511-may-become-new-nft-market-topic/ 藍狐筆記 | 比特幣與以太坊的「鐵王座」之爭 https://blockcast.it/2023/07/05/bitcoin-ethereum-who-will-win-the-race/ 將明確公務員持有虛擬資產相關規範！一分鐘看懂韓國最新加密法規 https://news.knowing.asia/news/10a68264-7451-4200-9a89-ccb9c87d7e6e 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 台積電遭LockBit天價勒索7000萬美金 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10540 護國神山遭駭被勒索7千萬美元？台積電：是供應商 https://ec.ltn.com.tw/article/breakingnews/4349777 針對測試環境遭到攻擊，擎昊科技再度發出公告，檢討可能原因與承諾後續改善 https://www.ithome.com.tw/news/157629 供應商傳遭駭客侵害　台積電回應了：無客戶資訊外洩、不影響生產營運 https://www.setn.com/News.aspx?NewsID=1316636 供應商擎昊科技遭LockBit駭客侵害，台積電立即中止資料交換 https://reurl.cc/r5Y4r4 勒索軟體攻擊加密成功率三年來最高、製造業復原時間較去年長 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10541 研究人員警告：Akira勒索軟體出現Linux版 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10536 研究人員分析安卓惡意程式Fluhorse，駭客透過加殼避免遭到逆向工程分析 https://www.fortinet.com/blog/threat-research/fortinet-reverses-flutter-based-android-malware-fluhorse 防毒業者Avast提供勒索軟體Akira檔案復原工具 https://www.bleepingcomputer.com/news/security/free-akira-ransomware-decryptor-helps-recover-your-files/ QBot 木馬升級為勒索工具，暴改 Win10 內建Write執行檔、劫持 DLL 感染裝置 https://www.techbang.com/posts/106687-the-qbot-trojan-is-upgraded-to-a-ransomware-tool-that-abuses 日本名古屋港遭勒索病毒攻擊 將恢復貨櫃裝卸 https://www.rti.org.tw/news/view/id/2172786 日本名古屋港傳出因勒索軟體LockBit 3.0攻擊而癱瘓 https://meikoukyo.com/archives/3281 https://meikoukyo.com/archives/3296 https://www.port-of-nagoya.jp/business/jigyoshashisetsu/1003915.html https://www.japantimes.co.jp/news/2023/07/05/national/nagoya-port-cyberattack/ https://asia.nikkei.com/Business/Technology/Japan-s-biggest-port-Nagoya-hit-by-suspected-cyberattack https://www.asahi.com/ajw/articles/14949157 能源產業與電信業者遭惡意軟體RedEnergy Stealer鎖定，不只竊密檔案還會被加密 https://www.zscaler.com/blogs/security-research/ransomware-redefined-redenergy-stealer-ransomware-attacks 美國法律事務所遭到惡意軟體GuLoader鎖定 https://blog.morphisec.com/guloader-campaign-targets-law-firms-in-the-us 美國2023年已有33家醫院遭到勒索軟體攻擊 https://www.infosecurity-magazine.com/news/thirtythree-us-hospitals/ 三分之二鎖定製造業的勒索軟體攻擊檔案遭到加密 https://news.sophos.com/en-us/2023/06/21/the-state-of-ransomware-in-manufacturing-and-production-2023/ An Overview of the Different Versions of the Trigona Ransomware https://www.trendmicro.com/en_us/research/23/f/an-overview-of-the-trigona-ransomware.html PindOS: New JavaScript Dropper Delivering Bumblebee and IcedID https://www.deepinstinct.com/blog/pindos-new-javascript-dropper-delivering-bumblebee-and-icedid JokerSpy | Unknown Adversary Targeting Organizations with Multi-Stage macOS Malware https://www.sentinelone.com/blog/jokerspy-unknown-adversary-targeting-organizations-with-multi-stage-macos-malware/ GuLoader- or DBatLoader/ModiLoader-style infection for Remcos RAT https://isc.sans.edu/diary/29990 Mac電腦遭惡意軟體RustBucket鎖定 https://www.elastic.co/security-labs/DPRK-strikes-using-a-new-variant-of-rustbucket Rhysida Ransomware RaaS Crawls Out of Crimeware Undergrowth to Attack Chilean Army https://www.sentinelone.com/blog/rhysida-ransomware-raas-crawls-out-of-crimeware-undergrowth-to-attack-chilean-army/ Beware: New 'RustBucket' Malware Variant Targeting macOS Users https://thehackernews.com/2023/07/beware-new-rustbucket-malware-variant.html 伊朗駭客APT35透過後門程式Powerstar發動攻擊 https://www.volexity.com/blog/2023/06/28/charming-kitten-updates-powerstar-with-an-interplanetary-twist/ Iranian Hackers Using POWERSTAR Backdoor in Targeted Espionage Attacks https://thehackernews.com/2023/06/iranian-hackers-charming-kitten-utilize.html ALPHV (BlackCat) ransomware https://otx.alienvault.com/pulse/64a25c53fc2f2e8a5ed8f601 勒索軟體駭客BlackCat藉由提供WinSCP應用程式的名義，透過惡意廣告推送Cobalt Strike https://www.trendmicro.com/en_us/research/23/f/malvertising-used-as-entry-vector-for-blackcat-actors-also-lever.html BlackCat Operators Distributing Ransomware Disguised as WinSCP via Malvertising https://thehackernews.com/2023/07/blackcat-operators-distributing.html The suspected Maha grass organization uses the WarHawk backdoor variant Spyder to spy on many countries https://mp.weixin.qq.com/s/ewGyvlmWUD45XTVsoxeVpg Node.js Users Beware: Manifest Confusion Attack Opens Door to Malware https://thehackernews.com/2023/07/nodejs-users-beware-manifest-confusion.html Crysis Threat Actor Installing Venus Ransomware Through RDP https://asec.ahnlab.com/en/54937/ Honeypot Recon: Enterprise Applications Honeypot - Unveiling Findings from Six Worldwide Locations https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/honeypot-recon-enterprise-applications-honeypot-unveiling-findings-from-six-worldwide-locations/ Researchers Uncover New Linux Kernel 'StackRot' Privilege Escalation Vulnerability https://thehackernews.com/2023/07/researchers-uncover-new-linux-kernel.html RedEnergy Stealer-as-a-Ransomware Threat Targeting Energy and Telecom Sectors https://thehackernews.com/2023/07/redenergy-stealer-as-ransomware-threat.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 美國要求聯邦機構限期修補D-Link路由器、三星手機漏洞 https://www.cisa.gov/news-events/alerts/2023/06/29/cisa-adds-eight-known-exploited-vulnerabilities-catalog 三星手機漏洞被列入CISA 必須修補清單 https://www.technice.com.tw/cloudtech/infosecurity/58124/ CISA Flags 8 Actively Exploited Flaws in Samsung and D-Link Devices https://thehackernews.com/2023/07/cisa-flags-8-actively-exploited-flaws.html 推特限流風波疑始於客戶端自我DDoS攻擊 https://www.ithome.com.tw/news/157602 手機病毒｜5款PDF APP暗藏木馬病毒 3萬用戶或被「盜光銀行存款」 https://reurl.cc/nDY4D6 Twitter 為 iOS 用戶加入畫中畫模式　離開 App 也可看影片 https://www.newmobilelife.com/2023/07/01/twitter-ios-new-pip-mode/ 蘋果關閉iOS 16.5認證通道，封鎖iPhone從iOS 16.5.1降級 https://mrmad.com.tw/apple-stops-signing-ios165-downgrade 你的iPhone會被別人偷看嗎？3招小撇步設定好 照片、密碼統統保密不怕駭 https://tech.udn.com/tech/story/123155/7269597 LetMeSpy Android 手機追蹤 App 遭駭，至少 1.3 萬支手機資料外洩 https://technews.tw/2023/07/04/letmespy-phone-tracking-app-hacked-revealing-user-data/ 絕對有感升級！新iPhone傳有「2大超狂功能」 https://www.setn.com/News.aspx?NewsID=1316782 Android Auto解除限制　手機、儀表板可同步顯示Google Maps https://www.technice.com.tw/techmanage/smartcity/58222/ 安卓「12測試僅2功能」輸iOS 網開戰：蘋果全家餐效率MAX https://www.worldjournal.com/wj/story/122160/7277131 「小黃書」在美爆紅　臉書被盜.「買家」找上門 https://news.tvbs.com.tw/focus/2169632 C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 駭客攻擊全球醫療機構 調查局、長庚醫院聯手抵禦 https://health.ltn.com.tw/article/breakingnews/4350633 外媒：美國政府正考慮限制對中國人工智慧公司出租雲端服務 https://www.ttv.com.tw/finance/view/072023031031616BC0350D4C4E64992BFB47041B3462E091/588 擔憂駭客攻擊，美國政府研議對中國出口AI晶片實施新管制措施 https://www.ttv.com.tw/finance/view/062023300952F936EAA1235442A39625B55367F802012183/587 輝達警告美國禁止人工智慧晶片出口到中國將失去商機 https://www.trade.gov.tw/Pages/Detail.aspx?nodeID=45&pid=764362 美國擬禁中國使用亞馬遜等雲端服務 恐重創台灣伺服器業 https://ec.ltn.com.tw/article/breakingnews/4353476 中國駭客發起SmugX攻擊行動，鎖定歐洲國家外交單位而來 https://research.checkpoint.com/2023/chinese-threat-actors-targeting-europe-in-smugx-campaign/ 麻省理工學院發布網路安全評估框架 https://news.mit.edu/2023/mit-researchers-evaluate-cybersecurity-methods-0628 俄軍衛星通信系統 遭網攻癱瘓 https://www.ydn.com.tw/news/newsInsidePage?chapterID=1597263&type=international 美國國家安全局、CISA發布保護CI/CD環境的指引 https://media.defense.gov/2023/Jun/28/2003249466/-1/-1/0/CSI_DEFENDING_CI_CD_ENVIRONMENTS.PDF 美國政府公布2025年網路安全預算優先項目 https://cyberscoop.com/white-house-cybersecurity-budget-2025/ 針對非洲國家的大型網路攻擊顯著增加 https://liquid.tech/wp-content/uploads/2023/06/LIQUID-C2-Report.pdf 伊朗駭客MuddyWater利用PhonyC2框架發動攻擊 https://www.deepinstinct.com/blog/phonyc2-revealing-a-new-malicious-command-control-framework-by-muddywater 俄羅斯衛星電信業者遭到網路攻擊，起因是聲援瓦格納組織軍事行動 https://cyberscoop.com/russia-satellite-hack-wagner/ 傳瓦格納駭襲俄軍通信系統 美擬向烏提供集束彈藥 https://www.soundofhope.org/post/735428?lang=b5 以色列協助阿拉伯聯合大公國緩解DDoS攻擊 https://www.darkreading.com/dr-global/israel-aided-uae-in-defending-against-ddos-attack CISA對於美國企業與政府機關遭到DDoS攻擊提出警告 https://www.cisa.gov/news-events/alerts/2023/06/30/dos-and-ddos-attacks-against-multiple-sectors https://www.bleepingcomputer.com/news/security/cisa-issues-ddos-warning-after-attacks-hit-multiple-us-orgs/ INTERPOL Nabs Hacking Crew OPERA1ER's Leader Behind $11 Million Cybercrime https://thehackernews.com/2023/07/interpol-nabs-hacking-crew-opera1ers.html Chinese Hackers Use HTML Smuggling to Infiltrate European Ministries with PlugX https://thehackernews.com/2023/07/chinese-hackers-use-html-smuggling-to.html Chinese Threat Actors Targeting Europe in SmugX Campaign https://research.checkpoint.com/2023/chinese-threat-actors-targeting-europe-in-smugx-campaign/ DDoSia Attack Tool Evolves with Encryption, Targeting Multiple Sectors https://thehackernews.com/2023/07/ddosia-attack-tool-evolves-with.html Surviving the 800 Gbps Storm: Gain Insights from Gcore's 2023 DDoS Attack Statistics https://thehackernews.com/2023/07/surviving-800-gbps-storm-gain-insights.html Neo_Net | The Kingpin of Spanish eCrime https://www.sentinelone.com/blog/neo_net-the-kingpin-of-spanish-ecrime/ GuLoader Campaign Targets Law Firms in the US https://blog.morphisec.com/guloader-campaign-targets-law-firms-in-the-us Manic Menagerie 2.0: The Evolution of a Highly Motivated Threat Actor https://unit42.paloaltonetworks.com/manic-menagerie-targets-web-hosting-and-it/ Silentbob Campaign: Cloud-Native Environments Under Attack https://thehackernews.com/2023/07/silentbob-campaign-cloud-native.html 【專業支援】資安管理專業人員 https://www.104.com.tw/job/67bcx?jobsource=jolist_b_relevance 資安管理助理 https://www.104.com.tw/job/7owiq?jobsource=jolist_b_relevance 資深資安人員(資安管理) https://www.104.com.tw/job/802v6?jobsource=jolist_b_relevance 資安管理駐點工程師 https://www.104.com.tw/job/80u1n?jobsource=jolist_b_relevance 企業行動應用及行動資安管理平台 導入 顧問 (台北市) https://www.104.com.tw/job/63r5t?jobsource=jolist_b_relevance AD10407 資安管理師 https://www.104.com.tw/job/7ebd5?jobsource=jolist_b_relevance 【資訊】資安管理人員 https://www.104.com.tw/job/69jq5?jobsource=jolist_b_relevance 資安管理師(資安管理室) https://www.104.com.tw/job/80yty?jobsource=jolist_b_relevance 資安管理人員 https://www.104.com.tw/job/7jqu5?jobsource=jolist_b_relevance 三商家購-總公司-資安管理師/副理 A01 https://www.104.com.tw/job/7w30d?jobsource=jolist_b_relevance 資訊-資安管理工程師 https://www.104.com.tw/job/7oip0?jobsource=jolist_b_relevance 總部功能-資安資訊中心-資安管理工程師(內湖) https://www.104.com.tw/job/5txkw?jobsource=jolist_b_relevance I205 資安管理師(可遠端工作) https://www.104.com.tw/job/7j6bh?jobsource=jolist_b_relevance 總公司資訊安全部資安管理科人員 https://www.104.com.tw/job/6i94r?jobsource=jolist_b_relevance 【總公司】資安管理專員 https://www.104.com.tw/job/814q2?jobsource=jolist_b_relevance 雲端資安管理師/專員/助理 https://www.104.com.tw/job/81jlf?jobsource=jolist_b_relevance 【總公司】資安管理師 https://www.104.com.tw/job/8144t?jobsource=jolist_b_relevance 資安管理師（Pi 拍錢包） https://www.104.com.tw/job/7k5jm?jobsource=jolist_b_relevance 資安管理師 (Information Security Officer)_資訊安全部 https://www.104.com.tw/job/72y3d?jobsource=jolist_b_relevance 資安管理工程師 https://www.104.com.tw/job/7s6zh?jobsource=jolist_b_relevance Linux主機及資安管理工程師 https://www.104.com.tw/job/6mc5x?jobsource=jolist_b_relevance 資安管理系統工程師 https://www.104.com.tw/job/7z19h?jobsource=jolist_b_relevance 資安管制人員 https://www.104.com.tw/job/7ww4i?jobsource=jolist_b_relevance 統一超商資安管理專員 https://www.104.com.tw/job/7qetc?jobsource=jolist_b_relevance 【確信諮詢服務】資安風險顧問-顧問/資深顧問/經理 https://www.linkedin.com/jobs/view/%E3%80%90%E7%A2%BA%E4%BF%A1%E8%AB%AE%E8%A9%A2%E6%9C%8D%E5%8B%99%E3%80%91%E8%B3%87%E5%AE%89%E9%A2%A8%E9%9A%AA%E9%A1%A7%E5%95%8F-%E9%A1%A7%E5%95%8F-%E8%B3%87%E6%B7%B1%E9%A1%A7%E5%95%8F-%E7%B6%93%E7%90%86-at-deloitte-3647300438/?originalSubdomain=tw 國立中興大學資訊工程學系新聘專任「資安」教師公告 https://www.nstc.gov.tw/folksonomy/detail/3157c862-c357-4c9a-96de-4313184f33af?l=ch 【新藥生技公司招募】資安稽核人員(資訊暨資安人員)(含員工配股、認購) https://www.104.com.tw/job/81k2x?jobsource=googlejobs D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 勾中國駭客竊個資盜刷 警抓15嫌.逾百人受害 https://reurl.cc/94bQz8 兩岸合作？陸駭客盜個資 台集團盜刷千萬 https://reurl.cc/lDaMLE 勾結大陸駭客、盜刷集團利用電子支付盜刷千萬 刑事局逮15人 https://udn.com/news/story/7315/7282139 盜刷集團聯手中國駭客盜取個資 6年至少得手逾千萬 https://news.ltn.com.tw/news/society/breakingnews/4355492 駭客盜刷1年撈千萬！譏知名送餐平台「隨便刷隨便過」　4人收押 https://www.ettoday.net/news/20230706/2534522.htm 刑事局破台陸駭客集團　滲透商場資料庫盜刷多國信用卡　警6波拘提逮15嫌 https://ctinews.com/news/items/q9WPq6vbam Email Spam with Attachment Modiloader https://isc.sans.edu/diary/rss/29978 WhatsApp Upgrades Proxy Feature Against Internet Shutdowns https://thehackernews.com/2023/06/whatsapp-upgrades-proxy-feature-against.html 微軟否認遭Anonymous Sudan取得其3000萬客戶資料 https://www.ithome.com.tw/news/157618 兩家瑞典企業因使用Google Analytics違反GDPR遭罰 https://www.imy.se/en/news/companies-must-stop-using-google-analytics/ 英國曼徹斯特大學遭網路攻擊，110萬傷患個資、學生個資外洩 https://www.bankinfosecurity.com/trauma-terrorist-victim-data-breached-in-university-attack-a-22409 詐騙手法一樣還是騙得到人！專家喊話接電話遇3情況要當心 https://tech.udn.com/tech/story/123154/7271262 男警非因公務擅查個資33筆遭懲處 不服興訟敗訴 https://www.cna.com.tw/news/asoc/202307020058.aspx 國外發現近期出現大量 QRCode 新型釣魚郵件來誘騙用戶掃描，並規避信箱的安全機制 https://www.kocpc.com.tw/archives/498593 越南網軍攻擊大牙　「駭客始祖」揪來源：是同家公司 https://www.ettoday.net/news/20230704/2532752.htm 假帳號來源疑曝光！傳陳建州買網軍攻擊大牙…資安專家爆：和李毓芬34%相同 https://ctinews.com/news/items/kYaDAKE8x9 太多個資放雲端！汽車恐成手機後、駭客下個攻擊目標 https://news.tvbs.com.tw/world/2169128 詐騙簡訊、飆股群組滿天飛，三大電信怎麼幫你防？一文盤點「防詐生態圈」 https://www.bnext.com.tw/article/75897/telecommunications-fraud-prevention 駭客宣稱成功入侵微軟取得3,000萬筆客戶資料 微軟出面駁斥不實 https://netmag.tw/2023/07/05/microsoft-refutes-30-million-customer-data-from-hackers 網絡安全｜黑客網絡釣魚進化｜Deepfake冒充聲音＋容貌｜4招自保 https://www.businesstimes.com.hk/articles/147557/ 歐盟監管機構要求Meta必須證明合理取得，才能將用戶隱私用於個人化廣告業務 https://mashdigi.com/eu-regulators-require-meta-to-prove-reasonable-acquisition-before-using-user-privacy-for-personalized-advertising/ 盜5萬筆學生資料架顏值評分網 中國人民大學校友被捕 https://www.cna.com.tw/news/acn/202307040371.aspx 資安漏洞!不肖殯葬業者 竊聽消防無線電搶生意 https://www.secretariat.taichung.gov.tw/2387967/post 駭客攻入企業而發生資料外洩的事故，有高達近5成的入侵管道是企業遭竊帳密 https://www.verizon.com/business/resources/reports/2023-data-breach-investigations-report-dbir.pdf Hackers Can Use AI to Guess Your Passwords—Here’s How to Protect Your Data https://www.rd.com/article/ai-password-cracking/ Instagram's Twitter Alternative 'Threads' Launch Halted in Europe Over Privacy Concerns https://thehackernews.com/2023/07/instagrams-twitter-alternative-threads.html Swedish Data Protection Authority Warns Companies Against Google Analytics Use https://thehackernews.com/2023/07/swedish-data-protection-authority-warns.html E.研究報告/工具 SIEM的警示規測僅能涵蓋約四分之一MITRE ATT&CK的攻擊手法 https://cardinalops.com/blog/3rd-annual-state-of-siem-detection-risk-report-mitre-attck/ 針對NPM套件的Manifest Confusion弱點，研究人員推出Python打造的檢測工具 https://www.bleepingcomputer.com/news/security/new-python-tool-checks-npm-packages-for-manifest-confusion-issues/ 無檔案攻擊手法一年內增加14倍 https://blog.aquasec.com/2023-nautilus-cybersecurity-report-insights-revealed Detecting Popular Cobalt Strike Malleable C2 Profile Techniques https://unit42.paloaltonetworks.com/cobalt-strike-malleable-c2/ Analysis of attack activities of APT-C-26 (Lazarus) organization using fake VNC software https://mp.weixin.qq.com/s?__biz=MzUyMjk4NzExMA%3D%3D&mid=2247492789&idx=1&sn=a991e6c5ed7388515d75f02e9c33428f New Fast-Developing ThirdEye Infostealer Pries Open System Information | FortiGuard Labs https://www.fortinet.com/blog/threat-research/new-fast-developing-thirdeye-infostealer-pries-open-system-information 開發者注意！越流行的大型語言模型越不安全 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10537 3 Reasons SaaS Security is the Imperative First Step to Ensuring Secure AI Usage https://thehackernews.com/2023/06/3-reasons-saas-security-is-imperative.html Technical Analysis of Bandit Stealer https://www.zscaler.com/blogs/security-research/technical-analysis-bandit-stealer Secrets, Secrets Are No Fun. Secrets, Secrets (Stored in Plain Text Files) Hurt Someone https://thehackernews.com/2023/07/secrets-secrets-are-no-fun-secrets.html BlueNoroff | How DPRK’s macOS RustBucket Seeks to Evade Analysis https://www.sentinelone.com/blog/bluenoroff-how-dprks-macos-rustbucket-seeks-to-evade-analysis-and-detection/ How Pen Testing can Soften the Blow on Rising Costs of Cyber Insurance https://thehackernews.com/2023/07/how-pen-testing-can-soften-blow-on.html F.商業 66%企業落實零信任，缺乏整合成最大阻礙 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10532 SAP提出8大企業碳管理能力，建議企業這樣管理碳排數據 https://www.ithome.com.tw/news/157599 從數位轉型跨足數位身分認證 偉康科技7成銀行App都有它 https://www.chinatimes.com/realtimenews/20230701000010-260410?chdtv 駭客變更「重質不重量」！專挑大型科技製造業...Fortinet威脅情報副總裁解析攻擊新法 https://www.businesstoday.com.tw/article/category/183025/post/202307030044/ Palo Alto Networks：台灣資安人才、流程、技術企業信心嚴重不足 https://technews.tw/2023/07/04/confidence-in-taiwans-information-security-talents-processes-and-technology-companies-is-seriously-lacking/ Fortinet攜生態系夥伴 揭製造業最佳資安解方 https://ctee.com.tw/industrynews/technology/895111.html 設立再進修機制就地培養　新興技術人才前景看好 爭奪優秀人才暗潮洶湧　強技術善整合最有利 https://www.netadmin.com.tw/netadmin/zh-tw/trend/4630CF4753524BB586AA5732C9F24D17 探索資安轉骨良方 加強守護數位轉型成果 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000667668_EXG7L9GW5A5Y7D9BJHO9I Fortinet 與鉅鋼機械分享 OT 工控場域安全部署重點 https://reurl.cc/2Llg16 防駭客！七成台灣企業增年度資安預算　身分識別前四大資安策略重點出列 https://today.line.me/tw/v2/article/1D8Wpq9 安碁資訊6月營收今年新高 改列數位雲端類股 https://money.udn.com/money/story/5612/7280459 G.政府 國家資安研究院院長何全德 資安布建 四箭齊發 https://money.udn.com/money/story/122331/7275809 南市府召開112年研考委員會議 黃偉哲盼打造南部數位人才聚落 https://www.tainan.gov.tw/News_Content.aspx?n=13370&s=8558235 臺北市資訊局揭露資安部署策略：資安是智慧城市能否成功數位轉型的關鍵 https://www.ithome.com.tw/news/157515 打詐！唐鳳推公部門「三碼」簡訊 一看就能辨別詐騙 https://ec.ltn.com.tw/article/breakingnews/4356283 馬政府時期「服貿說帖」疑遭中共網軍盜用！海基會下架後這麼解釋 https://www.taisounds.com/news/content/71/68533 堵洩密！無人機資安驗測費30萬 使用者怒喊「要智能不要智障」 https://reurl.cc/VLmq36 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 TXOne Networks Stellar3.0 解決方案協助製造業平衡安全與營運優先 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10531 海康/大華爆漏洞，安控業的英國機會來了 https://www.moneydj.com/kmdj/news/newsviewer.aspx?a=d75b3d7f-77c0-4014-992e-6368b0d0fb11 超過5成臺灣企業認為不安全的物聯網裝置是最嚴峻的資安挑戰 https://www.cna.com.tw/postwrite/chi/345432 太陽能發電監控系統出現RCE漏洞，影響範圍恐擴大 https://vulncheck.com/blog/solarview-exploitation I.教育訓練 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 6.近期資安活動及研討會 WordPress - 桃園午茶小聚 #26 2023/7/8 https://www.meetup.com/taoyuan-wordpress-meetup/events/294449557/ Taichung.py 2023/07：純 Python 開發 WebApp - Pynecone(reflex) 2023/7/12 https://taichung-py.kktix.cc/events/meetup-202307-pynecone 台灣網路講堂「負責任的影響力：談網紅的社會責任」座談會 2023/7/14 https://www.twsig.tw/20230714/ 台灣駭客年會 HITCON Training 2023 2023/7/12 ~ 2023/7/15 https://hitcon.kktix.cc/events/hitcon-training-2023 啟動未來 - 數位民主與公民參與 2023點子松論壇 - 七月場 2023/7/12 https://www.accupass.com/event/2306251336101876912835 權限如何把關 給企業的3W管理大法 2023/7/13 https://www.accupass.com/event/2306290839559233319470 【職場參訪體驗】中華電信股份有限公司 2023/7/13 https://www.accupass.com/event/2306121146237901126600 資安第一步：從終端設備開始完成零信任｜犇亞會議中心 2023/7/13 https://jamf.kktix.cc/events/jamffintech 國際職場的科技女力 Session2新轉型 2023/7/14 https://www.meetup.com/women-who-code-taipei/events/294204966/ JMUG | 台灣初登場 2023/7/18 https://jamf.kktix.cc/events/cloudidpokta Taipei LangChain Hacky Hour 2023/7/18 https://www.meetup.com/taipei_langchain/events/294403943/ Taiwan Multimedia Tech #9 2023/7/19 https://www.meetup.com/taiwan-multimedia-technology/events/293987313/ 一鍵完成設備部署、資安、合規的實作秘笈-科技製造業專場｜犇亞會議中心 2023/7/20 https://jamf.kktix.cc/events/appleinmanufacturing 【全景軟體ｘ啄木科技】Zero Trust Solution 零信任解決方案 2023/7/20 https://www.accupass.com/event/2306130338409522122060 Taipei dbt Meetup #13 (in-person 👫 & online 👨‍💻)2023/7/26 https://www.meetup.com/taipei-dbt-meetup/events/294298229/ AI引爆電商革命 數據驅動變現力 2023/7/27 https://www.accupass.com/event/2305190535222139620296 大數據分析進階班 2023/7/27 ~ 2023/7/28 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=600 【舒虎教育】《區塊鏈初階課程》平日班 2023/7/27 ~ 2023/7/28 https://www.accupass.com/event/2305280843071623542481 緯育TibaMe「 第二屆IT人才求職趣」大型人才招募活動 2023/7/29 https://tibametibame.kktix.cc/events/goodjob729even 【舒虎教育】《區塊鏈初階課程》假日班 2023/7/29 ~ 2023/7/30 https://www.accupass.com/event/2305280843202058678448 COSCUP 2023 2023/07/29 ~ 2023/07/30 https://coscup.org/2023/zh-TW/landing 入門 AI 開源的生態系平台 Hugging Face 2023/7/31 https://www.meetup.com/rladies-taipei/events/294283382/ InfoSec Taiwan 2023 國際資安大會 2023/8/1 ~ 2023/8/3 https://csa.kktix.cc/events/infosectaiwan2023 大數據分析進階班 2023/8/10 ~ 2023/8/11 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=611 DEF CON 32 2023/8/10 ~ 2023/8/13 https://defcon.org/index.html AIoT應用實作研習班 2023/8/16 ~ 2023/8/17 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=601 HITCON CMT 2023 2023/08/18 ~ 2023/08/19 https://hitcon.org/2023/CMT/ 大數據分析進階班 (台中) 2023/8/21 ~ 2023/8/22 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=612 AIoT應用實作研習班 (台中) 2023/8/23 ~ 2023/8/24 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=604 5G+AIOT機器人智慧生活應用科學營 2023/8/23 ~ 2023/8/25 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=625 PyCon TW 2023 2023/9/2 ~ 2023/9/3 https://tw.pycon.org/2023/zh-hant/registration/tickets Web應用滲透測試 2023/9/7 ~ 2023/9/8 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=631 Hou.Sec.Con 2023/10/12 ~ 2023/10/13 https://web.cvent.com/event/76d46ccb-fe00-4fe5-ba46-e4a77c807f21/summary (ISC)2 SECURITY CONGRESS LEAD WITH CONFINDENCE 2023/10/25 ~ 2023/10/27 https://www.isc2.org/Congress-2023