###### tags: `資安事件新聞週報` # 資安事件新聞週報 2023/5/1 ~ 2023/5/5 1.重大弱點漏洞/後門/Exploit/Zero Day 服務定位協定SLP漏洞恐被用於DDoS流量放大攻擊 https://www.bitsight.com/blog/new-high-severity-vulnerability-cve-2023-29552-discovered-service-location-protocol-slp Alert: Active Exploitation of TP-Link, Apache, and Oracle Vulnerabilities Detected https://thehackernews.com/2023/05/active-exploitation-of-tp-link-apache.html CISA Issues Advisory on Critical RCE Affecting ME RTU Remote Terminal Units https://thehackernews.com/2023/05/cisa-issues-advisory-on-critical-rce.html Cisco Warns of Vulnerability in Popular Phone Adapter, Urges Migration to Newer Model https://thehackernews.com/2023/05/cisco-warns-of-vulnerability-in-popular.html Researchers Discover 3 Vulnerabilities in Microsoft Azure API Management Service https://thehackernews.com/2023/05/researchers-discover-3-vulnerabilities.html 密碼管理系統1Password服務出現異常，該公司表示並非資安漏洞造成 https://www.bleepingcomputer.com/news/security/1password-explains-scary-secret-key-and-password-change-alerts/ 飯店業注意！有研究人員指出Oracle物業管理系統一項漏洞的風險被嚴重低估，應儘速修補 https://www.darkreading.com/application-security/hotels-at-risk-from-bug-in-oracle-property-management-software 思科警告SPA112電話轉接器含RCE漏洞，呼籲用用戶汰換產品至ATA 190系列 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-unauth-upgrade-UqhyTWW?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20SPA112%202-Port%20Phone%20Adapters%20Remote%20Command%20Execution%20Vulnerability&vs_k=1 思科伺服器管理工具存在零時差漏洞，恐被用於跨網站指令碼攻擊 https://www.bleepingcomputer.com/news/security/cisco-discloses-xss-zero-day-flaw-in-server-management-tool/ 新版Chrome瀏覽器修補15個安全漏洞 https://chromereleases.googleblog.com/2023/05/stable-channel-update-for-desktop.html?m=1 邊界閘道協定軟體FRRouting出現漏洞，恐被用於發動阻斷服務攻擊 https://thehackernews.com/2023/05/researchers-uncover-new-bgp-flaws-in.html 開源資料視覺化工具Apache Superset存在RCE漏洞，至少有2千臺伺服器曝險 https://www.horizon3.ai/cve-2023-27524-insecure-default-configuration-in-apache-superset-leads-to-remote-code-execution/ Google Cloud平臺存在漏洞GhostToken，恐導致用戶帳號遭到挾持 https://taiwan.googleblog.com/2023/04/HowWeFoughtBadApps2022.html 針對Google Authenticator加入的同步功能可能存在資安風險，該公司承諾將採用端對端加密改善 https://www.ithome.com.tw/news/156617 仲琦科技 Hitron CODA-5310 - Using default credentials https://www.twcert.org.tw/tw/cp-132-7085-13321-1.html 2.銀行/金融/保險/證券/金融監理 新聞及資安 FIN7 tradecraft seen in attacks against Veeam backup servers https://labs.withsecure.com/publications/fin7-target-veeam-servers https://github.com/WithSecureLabs/iocs/blob/master/FIN7VEEAM/iocs.csv Attention Online Shoppers: Don't Be Fooled by Their Sleek, Modern Looks — It's Magecart! https://thehackernews.com/2023/04/attention-online-shoppers-dont-be.html LOBSHOT: A Stealthy, Financial Trojan and Info Stealer Delivered through Google Ads https://thehackernews.com/2023/05/lobshot-stealthy-financial-trojan-and.html Hackers Targeting Italian Corporate Banking Clients with New Web-Inject Toolkit DrIBAN https://thehackernews.com/2023/05/hackers-targeting-italian-corporate.html ImB涉高利假債權吸金 金管會：若違法最重可處七年以上、5億元以下罰金 https://turnnewsapp.com/livenews/finance/A95645002023050217524153 im.B借貸平台爆詐騙　不在金管會監管範圍 https://www.cardu.com.tw/news/detail.php?48749 張志堅自行研發關鍵技術 打造證券業聯發科 https://money.udn.com/money/story/122331/7137902 京城銀攜南市調查處 強化資安防護 https://ww2.money-link.com.tw/RealtimeNews/NewsContent.aspx?SN=5148076001&PU=0010 刑事局轉戰台新銀行資安長！1年來最大挑戰是什麼？企業資安該怎麼推 https://reurl.cc/EGAGKk 支付金融看好 前兩大拆轉帳、轉贈點數與開設數位帳戶 https://udn.com/news/story/7239/7142864 3.信用卡/電子支付/行動支付/pay/支付系統/資安 電子商務網站遭挾持，被植入付款表單，意圖竊取用戶信用卡資料 https://www.malwarebytes.com/blog/threat-intelligence/2023/04/kritec-art 資策會調查：行動支付常用度首破七成 直追實體信用卡 https://money.udn.com/money/story/5613/7142872 台中e指通被嫌不好用 議員促轉型「台中PAY」行動支付平台 https://news.ltn.com.tw/news/politics/breakingnews/4292418 鉅亨買基金攜手富達投信、台灣行動支付APP 攻新型態基金服務 https://wantrich.chinatimes.com/news/20230504901031-420401 北富銀即日起提供 Apple「iPhone卡緊收」服務 收款快速方便 https://udn.com/news/story/7239/7142426 陸詐騙集團架釣魚網站 在日盜走近3百萬組電子支付帳密 https://reurl.cc/kl6l03 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 How to mint NFTs programmatically (Zero Solidity knowledge needed) https://medium.com/@AaliyaAli_01/how-to-mint-nfts-programmatically-9dd23c3b5741 切勿點擊任何鑄幣連結！Yuga Labs新任CEO推特帳號被駭 https://news.knowing.asia/news/65e49b66-ddbc-4f37-a1cd-9aff9d24e19f YouTube 協助恢復試圖進行 XRP 加密詐騙的被駭頻道 https://reurl.cc/jlARKy Messari深度報告：Sui 技術優勢在哪？撐出 L1 公鏈新天地 https://www.blocktempo.com/messari-diving-into-sui/ Yearn：所有受到 Euler 攻擊影響的被盜資金均已收回並歸還給用戶 https://news.cnyes.com/news/id/5163325 跨鏈橋終極形態探究：如何解決流動性、確定性和安全性的三難問題 https://news.cnyes.com/news/id/5162892 一文搞懂加密貨幣！投身幣圈前，破解七大典型「謊言」與「迷思」 https://reurl.cc/n7KZk2 4 月份的加密騙局、不正當利用和駭客攻擊導致 1.03 億美元的損失 https://reurl.cc/zAVrm0 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 偽裝ChatGPT或類似AI工具的網路攻擊頻傳，Meta發現3月就有10個惡意軟體以此作為誘餌 https://engineering.fb.com/2023/05/03/security/malware-nodestealer-ducktail/ 惡意程式載入器AresLoader被用於散布多種攻擊工具 https://blog.cyble.com/2023/04/28/citrix-users-at-risk-aresloader-spreading-through-disguised-gitlab-repo/ Google切斷惡意軟體CryptBot的基礎設施 https://blog.google/technology/safety-security/continuing-our-work-to-hold-cybercriminal-ecosystems-accountable/ 勒索軟體攻擊美國達拉斯警方、法院網站 https://www.securityweek.com/ransomware-attack-affects-dallas-police-court-websites/ Meta發現今年3月以來，有10款惡意程式家族偽裝ChatGPT或類似的AI工具 https://engineering.fb.com/2023/05/03/security/malware-nodestealer-ducktail/ 小心！駭客冒充ChatGPT大量散播「病毒軟體」，Meta：正開發防禦策略 https://www.blocktempo.com/chatgpt-and-ai-the-newest-vector-for-malware-meta-security-team/ 駭客假造桌面版ChatGPT　透過Telegram傳送被盜數據 https://www.technice.com.tw/cloudtech/infosecurity/51238/ 北韓駭客APT37透過捷徑檔案散布木馬程式RokRAT https://research.checkpoint.com/2023/chain-reaction-rokrats-missing-link/ 為了增加得逞機率，勒索軟體Rapture植入前，祭出多種方法窺似受害者電腦 https://www.trendmicro.com/en_us/research/23/d/rapture-a-ransomware-family-with-similarities-to-paradise.html 英國中學Hardenhuish遭到勒索軟體攻擊 https://www.infosecurity-magazine.com/news/ransomware-disrupts-network/ 陸發報告控美中情局「網攻別國」　聲稱捕獲大批「木馬程式」 https://www.ettoday.net/news/20230504/2492133.htm 製造業淪為勒索軟體攻擊最大重點目標 https://www.eettaiwan.com/20230504nt21-the-2023-global-ransomware-report/ 5成企業去年遭勒索軟體攻擊 製造業支付贖金最高 https://ec.ltn.com.tw/article/breakingnews/4291196 你的Mac裡有加密錢包嗎？小心被AMOS竊密程式盯上 https://netmag.tw/2023/05/03/new-macos-malicious-programs-steal-keychain-passwords-and-encrypted-currency-wallets Atomic Stealer | Threat Actor Spawns Second Variant of macOS Malware Sold on Telegram https://www.sentinelone.com/blog/atomic-stealer-threat-actor-spawns-second-variant-of-macos-malware-sold-on-telegram/ New Atomic macOS Malware Steals Keychain Passwords and Crypto Wallets https://thehackernews.com/2023/04/new-atomic-macos-stealer-can-steal-your.html BlackBit Ransomware: A Threat from the Shadows of LokiLocker https://blog.cyble.com/2023/05/03/blackbit-ransomware-a-threat-from-the-shadows-of-lokilocker/ New KEKW Malware Variant Identified in PyPI Package Distribution https://blog.cyble.com/2023/05/03/new-kekw-malware-variant-identified-in-pypi-package-distribution/ Raspberry Robin: A global USB malware campaign providing access to ransomware operators https://otx.alienvault.com/pulse/64525c79560a208895cba893 1877 Team: A Kurdish hacker group on the rise https://otx.alienvault.com/pulse/64524a56a61ad32b77d042d9 Tonto Team Using Anti-Malware Related Files for DLL Side-Loading https://asec.ahnlab.com/en/51746/ Tonto Team Uses Anti-Malware File to Launch Attacks on South Korean Institutions https://thehackernews.com/2023/04/tonto-team-uses-anti-malware-file-to.html ViperSoftX InfoStealer Adopts Sophisticated Techniques to Avoid Detection https://thehackernews.com/2023/04/vipersoftx-infostealer-adopts.html BouldSpy Android Spyware: Iranian Government's Alleged Tool for Spying on Minority Groups https://thehackernews.com/2023/05/bouldspy-android-spyware-iranian.html North Korea's ScarCruft Deploys RokRAT Malware via LNK File Infection Chains https://thehackernews.com/2023/05/north-koreas-scarcruft-deploys-rokrat.html DNS惡意軟體工具包Decoy Dog鎖定組織的網路設備而來 https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/ New Decoy Dog Malware Toolkit Uncovered: Targeting Enterprise Networks https://thehackernews.com/2023/05/new-decoy-dog-malware-toolkit-uncovered.html Meta Takes Down Malware Campaign That Used ChatGPT as a Lure to Steal Accounts https://thehackernews.com/2023/05/meta-takes-down-malware-campaign-that.html Chinese Hacker Group Earth Longzhi Resurfaces with Advanced Malware Tactics https://thehackernews.com/2023/05/chinese-hacker-group-earth-longzhi.html Fleckpe Android Malware Sneaks onto Google Play Store with Over 620,000 Downloads https://thehackernews.com/2023/05/fleckpe-android-malware-sneaks-onto.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 Google Blocks 1.43 Million Malicious Apps, Bans 173,000 Bad Accounts in 2022 https://thehackernews.com/2023/05/google-blocks-143-million-malicious.html Apple and Google Join Forces to Stop Unauthorized Location-Tracking Devices https://thehackernews.com/2023/05/apple-and-google-join-forces-to-stop.html Google帳號開始支援Passkey登入，讓用戶不用煩惱密碼管理，也比原本2SV更安全方便 https://security.googleblog.com/2023/05/so-long-passwords-thanks-for-all-phish.html Google Introduces Passwordless Secure Sign-In with Passkeys for Google Accounts https://thehackernews.com/2023/05/google-introduces-passwordless-secure.html 11款訂閱木馬程式溜進Google Play，波及62萬個裝置 https://www.ithome.com.tw/news/156741 2022年Google封鎖逾17萬開發者帳號 https://security.googleblog.com/2023/04/how-we-fought-bad-apps-and-bad-actors.html 蘋果首度針對藍牙耳機發布安全更新 https://www.securityweek.com/apple-releases-first-ever-security-updates-for-beats-airpods-headphones/ 針對已遭利用的漏洞，蘋果首度發布快速修補Rapid Security Response更新 https://support.apple.com/en-us/HT201224 Apple首度以快速資安回應方式釋出iOS、iPadOS與macOS的安全修補更新 https://netmag.tw/2023/05/02/apple-uses-ios-and-macos-rapid-security-response-feature-for-the-first-time C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 金鼎科部分資料遭受駭客網路攻擊事件 https://reurl.cc/jlARqn 公司門禁磁扣「爽開家中大門」他傻眼！ 專家建議：避免使用這功能 https://fnc.ebc.net.tw/fncnews/house/160536 冷藏物流業者Americold傳出遭到網路攻擊 https://www.bleepingcomputer.com/news/security/cold-storage-giant-americold-outage-caused-by-network-breach/ 彰基一張檢核表，喚起全院資安意識！駭客「無差別攻擊」，智慧醫院變肥羊 https://www.bnext.com.tw/article/74678/cyber-security-cc0-hospital-ciso 影視平台「LiTV」片庫被刪險倒閉 駭客超瞎理由曝光 https://today.line.me/tw/v2/article/YaW1WjB 蘋果、Google聯手打擊Airtag非法跟蹤行為 https://www.apple.com/newsroom/2023/05/apple-google-partner-on-an-industry-specification-to-address-unwanted-tracking/ 美歐聯手破獲暗網市集Monopoly Market，逮捕288名嫌犯 https://www.bleepingcomputer.com/news/security/police-operation-spector-arrests-288-dark-web-drug-vendors-and-buyers/ 聯合國網路罪犯條約傳出將於6月公布 https://therecord.media/first-draft-of-un-cybercrime-treaty-expected-in-june 美國FBI向國會報告資安防禦不對稱狀況，他們表示，網路探員每人至少要對付50個中國駭客 https://therecord.media/wray-fbi-cyber-budget-china-cyberthreats 研究人員挾持14個熱門Packagist套件，目的是為了求職 https://www.bleepingcomputer.com/news/security/researcher-hijacks-popular-packagist-php-packages-to-get-a-job/ 南韓能源組織的VMware桌面虛擬化平臺、Oracle Weblogic伺服器遭駭客組織8220鎖定，散布挖礦程式XMRig https://asec.ahnlab.com/en/51568/ 塔吉克政府高層、電信業者、公共服務基礎設施遭俄羅斯駭客攻擊，至少有499個系統遭設置後門，發起Paperbug網路間諜攻擊 https://www.prodaft.com/resource/detail/paperbug-nomadic-octopus-paperbug-campaign 德國IT服務業者Bitmarck遭到網路攻擊，關閉內部網路、客戶的系統 https://www.theregister.com/2023/05/01/bitmarck_data_breach/ 中國駭客組織Earth Longzhi利用新手法停用資安防護系統，鎖定臺灣、泰國、菲律賓而來 https://www.trendmicro.com/en_us/research/23/e/attack-on-security-titans-earth-longzhi-returns-with-new-tricks.html 新加坡與法國聯手以人工智慧強化網路安全 https://www.zdnet.com/article/these-two-countries-are-teaming-up-to-develop-ai-for-cybersecurity/ 以色列主要新聞網站於獨立紀念日遭到Anonymous Sudan癱瘓 https://www.jpost.com/breaking-news/article-741298 郭台銘要派8萬個機器人上戰場 學者：是中國上海造的嗎？萬一被解放軍駭了 https://reurl.cc/MReXx3 徐嶔煌諷：拿中國製造的機器人對付解放軍？郭台銘挨批「科幻國防」 https://www.ftvnews.com.tw/news/detail/2023502W0279 迎戰中國駭客! 日本自衛隊網路防衛隊人員年內將擴編2.5倍 https://newtalk.tw/news/view/2023-05-03/869385 中國駭客數比FBI多50倍 呼籲美軍成立「網路部隊」聲浪漸增 https://reurl.cc/2WnW4v Sophos X-Ops 發現東南亞地區網路賭徒遭受進階型攻擊 https://n.yam.com/Article/20230504130468 大陸官方報告指控 台灣2014年太陽花運動是美國主導 https://money.udn.com/money/story/5603/7141560?from=edn_subcatelist_cate 中國報告批美駭客帝國 要以國產設備因應 https://money.udn.com/money/story/5603/7141968?from=edn_newestlist_cate_side 皇家駭客集團勒贖 達拉斯市府網站停擺 https://www.worldjournal.com/wj/story/121469/7143800 美國政府提撥1.4億美元成立7個全新人工智慧研發中心，確保人工智慧技術不影響民眾安危 https://reurl.cc/WDnqeZ Packagist Repository Hacked: Over a Dozen PHP Packages with 500 Million Compromised https://thehackernews.com/2023/05/packagist-repository-hacked-over-dozen.html Vietnamese Threat Actor Infects 500,000 Devices Using 'Malverposting' Tactics https://thehackernews.com/2023/05/vietnamese-threat-actor-infects-500000.html Operation SpecTor: $53.4 Million Seized, 288 Vendors Arrested in Dark Web Drug Bust https://thehackernews.com/2023/05/operation-spector-534-million-seized.html Meta Uncovers Massive Social Media Cyber Espionage Operations Across South Asia https://thehackernews.com/2023/05/meta-uncovers-massive-social-media.html N. Korean Kimsuky Hackers Using New Recon Tool ReconShark in Latest Cyberattacks https://thehackernews.com/2023/05/n-korean-kimsuky-hackers-using-new.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 ChatGPT is Back in Italy After Addressing Data Privacy Concerns https://thehackernews.com/2023/04/chatgpt-is-back-in-italy-after.html 冒充Meta技術支援團隊的釣魚攻擊暴增，資安業者查獲3,200個臉書網頁、個人檔案以此行騙 https://www.group-ib.com/blog/meta-phishing-campaign/ 竊資軟體NodeStealer鎖定臉書、Gmail、Outlook帳密而來 https://engineering.fb.com/2023/05/03/security/malware-nodestealer-ducktail/ 美國明尼蘇達州學區資料外洩，傳出學生心理報告流出 https://www.nbcnews.com/tech/security/students-psychological-reports-abuse-allegations-leaked-ransomware-hac-rcna79414 兒童心理健康諮商業者Brightline證實檔案共用系統GoAnywhere遭零時差漏洞攻擊，78萬人資料洩露 https://www.bleepingcomputer.com/news/security/brightline-data-breach-impacts-783k-pediatric-mental-health-patients/ 資安業者揭露2023年第一季電子郵件夾帶惡意HTML附件的比例已接近5成 https://blog.barracuda.com/2023/05/03/threat-spotlight-malicious-html-attachments-doubles/ 2023年第一季解除分期付款詐騙高風險賣場公布，蝦皮購物居第一 https://www.facebook.com/165bear/posts/610576861113375?__cft__[0]=AZVB7hc_gbq5Iex0nQnt-FVU3oHjMeBXjBgnlBkNA6P0zNfbkqnjZ_n0C5aB1KzuM1LNYweIKJduUFdd0bkpL_b1w4dZHX_liYb_aNSe2dEYAGubDFirucO8-tAFcpnVd2AHINnqwD2Zw2jrPqrJa4PpWpgH7DOFsvU5KLt-HPTKJSpxditt4ETMhfepsBHAuVtbWq49ofSs7EjHIu5Q1IqF&__tn__=%2CO%2CP-y-R AI語音讓「綁架騙局」更可信，FBI指出可建立通關密語破解 https://edition.cnn.com/2023/04/29/us/ai-scam-calls-kidnapping-cec/index.html 電信業者T-Mobile證實今年第2次資料外洩，逾800人受害 https://www.bleepingcomputer.com/news/security/t-mobile-discloses-second-data-breach-since-the-start-of-2023/ 多家公司使用Salesforce服務卻被發現曝露敏感業務資料，原因出在組態設定錯誤 https://krebsonsecurity.com/2023/04/many-public-salesforce-sites-are-leaking-private-data/ 以色列總理臉書帳號遭入侵，數萬民眾個資外洩 https://www.malwarebytes.com/blog/threat-intelligence/2023/04/kritec-art 假借Windows更新的名義，俄羅斯駭客APT28對烏克蘭政府機關發動網路釣魚攻擊，意圖收集目標機關的電腦資訊 https://cert.gov.ua/article/4492467 APT28 Targets Ukrainian Government Entities with Fake "Windows Update" Emails https://thehackernews.com/2023/05/apt28-targets-ukrainian-government.html 勒索軟體駭客BlackCat聲稱入侵硬碟製造商Western Digital，公布該公司的內部資料 https://www.bleepingcomputer.com/news/security/hackers-leak-images-to-taunt-western-digitals-cyberattack-response/ 別再用vip！趕快換掉台灣人最常用的「10組爛密碼」 https://3c.ltn.com.tw/news/53107 醫院個資外洩恐影響國安 監委申請調查 https://www.cna.com.tw/news/aipl/202305040039.aspx 打詐民宿隊！反詐號角響起！宜蘭兩千家民宿業者誓師響應 https://www.watchmedia01.com/cnews-20230504203507.html 小心誘騙點擊再盜取個資！沃爾瑪等9大品牌最常被駭客冒用 https://ec.ltn.com.tw/article/breakingnews/4291020 刑事局公布112年首季高風險賣場　蝦皮購物回應：平台無個資外洩 https://www.setn.com/News.aspx?NewsID=1288776 E.研究報告/工具 Why Your Detection-First Security Approach Isn't Working https://thehackernews.com/2023/04/why-your-detection-first-security.html Wanted Dead or Alive: Real-Time Protection Against Lateral Movement https://thehackernews.com/2023/05/wanted-dead-or-alive-real-time.html Why Telecoms Struggle with SaaS Security https://thehackernews.com/2023/05/why-telecoms-struggle-with-saas-security.html Researchers Uncover New BGP Flaws in Popular Internet Routing Protocol Software https://thehackernews.com/2023/05/researchers-uncover-new-bgp-flaws-in.html Why the Things You Don't Know about the Dark Web May Be Your Biggest Cybersecurity Threat https://thehackernews.com/2023/05/why-things-you-dont-know-about-dark-web.html Lack of Visibility: The Challenge of Protecting Websites from Third-Party Scripts https://thehackernews.com/2023/05/lack-of-visibility-challenge-of.html 有駭客組織以雙重DLL測載方式試圖逃避資安檢測 https://news.sophos.com/en-us/2023/05/03/doubled-dll-sideloading-dragon-breath/ NIST CSF 2.0草案出爐，增加「治理」核心構面 https://www.nist.gov/system/files/documents/2023/04/24/NIST%20Cybersecurity%20Framework%202.0%20Core%20Discussion%20Draft%204-2023%20final.pdf 研究人員展示挾持歐洲太空總署衛星的手法 https://www.thalesgroup.com/en/worldwide/security/press_release/thales-seizes-control-esa-demonstration-satellite-first F.商業 資安法規再升級 國內製造業準備好了嗎？ 安碁資訊給資安長的三大建議 https://esg.gvm.com.tw/article/26888 資安風暴是危機也是商機？ 一文看懂資安服務產業 https://reurl.cc/vkMmR1 網創獲AWS進階合作夥伴認證 提供客戶全方位雲端、資安趨勢服務 https://money.udn.com/money/story/5640/7137612 G.政府 個資外洩修法擬罰鍰上限改至1千萬 立委認為難奏效 https://news.pts.org.tw/article/635034 企業外洩個資罰則再加重　最高1500萬元 https://www.ctwant.com/article/254348 台灣首座「量子加密通訊網路」來了！竊聽馬上被發現，還能怎麼加密資訊 https://www.bnext.com.tw/article/75109/nstc-quantum-internet H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 CISA Warns of Critical Flaws in Illumina's DNA Sequencing Instruments https://thehackernews.com/2023/04/cisa-warns-of-critical-flaws-in.html 美國針對Illumina的DNA測試系統重大漏洞提出警告 https://www.cisa.gov/news-events/ics-medical-advisories/icsma-23-117-01 Zyxel Firewall Devices Vulnerable to Remote Code Execution Attacks — Patch Now https://thehackernews.com/2023/04/zyxel-firewall-devices-vulnerable-to.html Hackers Exploiting 5-year-old Unpatched Vulnerability in TBK DVR Devices https://thehackernews.com/2023/05/hackers-exploiting-5-year-old-unpatched.html 駭客運用5年前的TBK Vision視訊監控畫面側錄設備漏洞發動攻擊 https://www.fortiguard.com/outbreak-alert/tbk-dvr-attack 駭客正利用TBK DVR設備5年前已知未修補漏洞取得設備管理權限 https://krebsonsecurity.com/2023/04/many-public-salesforce-sites-are-leaking-private-data/ Netgear網路管理系統漏洞恐被用於提升權限、洩露帳密資料 https://flashpoint.io/resources/research/fp-2023-01-netgear-prosafe-network-management-system/ OSU研究駭客可利用智慧電錶破壞電力網路穩定 https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=10098782&tag=1 兆勤防火牆設備出現重大漏洞，若不修補恐被用於執行OS命令 https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-remote-command-injection-vulnerability-of-firewalls 勒索軟件癱瘓美國油管運輸！從OT資安事件看工控聯網的隱憂 https://makerpro.cc/2023/05/viewing-hidden-dangers-of-industrial-control-networking-from-ot-information-security-incidents/ I.教育訓練 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 6.近期資安活動及研討會 營業秘密保護與資訊安全管理 2023/5/6 https://www.accupass.com/event/2304241603381258796798 人工智慧之民事侵權責任探究 2023/5/6 https://www.accupass.com/event/2304241735321819706360 TEDxNYCULive 2023：Possibility 可能性 2023/5/7 https://www.accupass.com/event/2304180415231057647711 社團法人台灣駭客協會 112 年度第一次會員聚會 2023/5/9 https://hitcon.kktix.cc/events/hit-banquet-112 2023 CYBERSEC 資安大會 Jamf Apple 資安館 2023/5/9 ~ 2023/5/11 https://jamf.kktix.cc/events/cybersec2023jamf Microsoft Azure 虛擬培訓日：基礎知識 2023/5/9 ~ 2023/5/10 https://mktoevents.com/Microsoft+Event/394403/157-GQE-382?wt.mc_id=AID3058380_QSG_EML_640883&wt.mc_id=AID3058380_EML_8317669 台灣網路講堂「建構多元異質的數位韌性」座談會 2023/5/10 https://www.twsig.tw/20230510/ Hack The Capitol 6.0 2023/5/10 ~ 2023/5/11 https://www.icsvillage.com/hack-the-capitol-2023 黑暗網站憑據如何導致軟體供應鏈攻擊 2023/5/11 https://lp.cyberark.com/how-dark-web-credentials-lead-to-a-software-supply-chain-attack-tc-registrationlp.html?utm_campaign=identity_security Airflow Taiwan User Meetup #4 2023/5/11 https://www.meetup.com/taipei-py/events/292991559/ TWCC-CLI 進階操作- AI/ML 自動流程 2023/5/12 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4035&from_course_list_url=course_index 【實作體驗營】一日駭客x網路弱點滲透 2023/5/13 https://www.accupass.com/event/2303030820005796452650 借助現代分析實現數位轉型 2023/5/15 ~ 2023/5/16 https://mktoevents.com/Microsoft+Event/394032/157-GQE-382?wt.mc_id=AID3058384_QSG_EML_640909&wt.mc_id=AID3058380_EML_8317669 「衛生福利部醫療領域資通系統資安防護基準」推廣說明會 2023/5/16 https://www.beclass.com/rid=274b10b64350aa626f12 Elastic Security－ 檢測、調查和應對多變的威脅 2023/5/17 https://www.accupass.com/event/2304190909578502986500 上市櫃資安法規要求在即 企業如何掌握法遵與因應策略 2023/5/19 https://www.accupass.com/event/2304270202566389789600 Taipei dbt Meetup #11 (in-person 👫 & online 👨‍�2023/5/24 https://www.meetup.com/taipei-dbt-meetup/events/292891149/ Elixir meetup �2023/5/24 https://www.meetup.com/elixirtw-taipei/events/293147308/ 資安五四三 2023/5/25 （線上14:00 - 15:30） https://csa.kktix.cc/events/202305-543 鏈三上雲：資安解析峰會 掌握Web 3資安動向，開啟鏈雲新模式 2023/5/25 https://www.accupass.com/event/2304120730519814020340 《區塊鏈初階課程》平日班 2023/5/25~2023/5/26 https://www.accupass.com/event/2304100300531686137286 3小時帶你了解AWS雲端服務與優勢 2023/5/26 https://www.uuu.com.tw/Public/content/edm/20230526_AWSDiscoveryDay_BC.htm 《區塊鏈初階課程》假日班 2023/5/27~2023/5/28 https://www.accupass.com/event/2304100341503819251900 大型語言模型時代下，建置解決方案該有的姿勢/知識 (Building solutions with LLMs) 2023/5/29 https://www.meetup.com/rladies-taipei/events/293170581/ 5月台北例會_美國聯邦政府的供應鏈資安管理－以CMMC為例 (採線上舉辦) 2023/5/30 https://www.caa.org.tw/newsdetail-16263.html 台灣數位創新領航論壇 Taiwan Digital Innovation Navigation Forum 2023/5/30 https://www.accupass.com/event/2304240303341594373938 Azure AI 基礎知識 2023/5/31 https://mktoevents.com/Microsoft+Event/393899/157-GQE-382?wt.mc_id=AID3058385_QSG_EML_640902&wt.mc_id=AID3058380_EML_8317669 【Monosparta】②⓪②③ 第二梯次 軟體開發實戰訓練營➠線上說明會 2023/5/31 ~ 2023/6/28 https://trunk-studio.kktix.cc/events/monosparta-202307 資安分析新手村：掌握網路封包分析技術（線上課程） 2023/6/13 https://forms.gle/msePzws5GtcDunrc7 資安分析新手村：掌握網路封包分析技術（實體課程）2023/6/14 https://forms.gle/mtpZNPCpTVyv97Dr9 黑客視角：網站漏洞挖掘與防禦 ( 線上課程) 2023/6/27 https://forms.gle/JpThJxMgxZd3uNh39 黑客視角：網站漏洞挖掘與防禦 ( 實體課程) 2023/6/28 https://forms.gle/qQAqx8KZzzntSyLd9 COSCUP 2023 2023/07/29 ~ 2023/07/30 https://coscup.org/2023/zh-TW/landing InfoSec Taiwan 2023 國際資安大會 2023/8/1 ~ 2023/8/3 https://csa.kktix.cc/events/infosectaiwan2023 DEF CON 32 2023/8/10 ~ 2023/8/13 https://defcon.org/index.html HITCON CMT 2023 2023/08/18 ~ 2023/08/19 https://hitcon.org/2023/CMT/ PyCon TW 2023 2023/9/2 ~ 2023/9/3 https://tw.pycon.org/2023/zh-hant/registration/tickets Hou.Sec.Con 2023/10/12 ~ 2023/10/13 https://web.cvent.com/event/76d46ccb-fe00-4fe5-ba46-e4a77c807f21/summary (ISC)2 SECURITY CONGRESS LEAD WITH CONFINDENCE 2023/10/25 ~ 2023/10/27 https://www.isc2.org/Congress-2023