資安事件新聞週報 2023/11/20 ~ 2023/11/24

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2023/11/20 ~ 2023/11/24 1.重大弱點漏洞/後門/Exploit/Zero Day Citrix 發布 Hypervisor 的安全更新 https://support.citrix.com/article/CTX583037/citrix-hypervisor-security-bulletin-for-cve202323583-and-cve202346835 Fortinet旗下資安資訊及事件管理平臺存在漏洞，有可能被拿來執行任意命令 https://www.fortiguard.com/psirt/FG-IR-23-135 Juniper 近日發布 JSA 系列的管理器具多個安全性弱點 https://supportportal.juniper.net/s/article/2023-11-Security-Bulletin-JSA-Series-Multiple-vulnerabilities-resolved?language=en_US Splunk RCE Vulnerability Let Attackers Upload Malicious File https://cybersecuritynews.com/splunk-rce-vulnerability/ https://github.com/nathan31337/Splunk-RCE-poc/tree/main https://nvd.nist.gov/vuln/detail/CVE-2023-46214 https://advisory.splunk.com/advisories/SVD-2023-1104 https://research.splunk.com/application/6cb7e011-55fb-48e3-a98d-164fa854e37e/ https://research.splunk.com/application/a053e6a6-2146-483a-9798-2d43652f3299/ Splunk 9.0.5 - admin account take over https://www.exploit-db.com/exploits/51747 Microsoft 推出 2023 年 11 月 Patch Tuesday 每月例行更新修補包，共修復 58 個資安漏洞，內含 5 個 0-day 漏洞 https://www.twcert.org.tw/tw/cp-104-7545-d79c9-1.html 惡意軟體Kinsing鎖定訊息導向中介軟體ActiveMQ重大漏洞，部署挖礦程式、Rootkit http://www.trendmicro.com/en_us/research/23/k/cve-2023-46604-exploited-by-kinsing.html Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits https://thehackernews.com/2023/11/kinsing-hackers-exploit-apache-activemq.html CVE-2023-46604 (Apache ActiveMQ) Vulnerability Exploited to Infect Systems With Cryptominers and Rootkits https://www.trendmicro.com/en_us/research/23/k/cve-2023-46604-exploited-by-kinsing.html IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities https://www.ibm.com/support/pages/node/7081403?myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E #StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-325a 美國針對勒索軟體LockBit利用Citrix Bleed漏洞發動攻擊提出警告 https://securityaffairs.com/154546/hacking/citrix-bleed-attacks.html MAR-10478915-1.v1 Citrix Bleed https://www.cisa.gov/news-events/analysis-reports/ar23-325a Cacti 1.2.24 - Authenticated command injection when using SNMP options https://www.exploit-db.com/exploits/51740 GOM Player 2.3.90.5360 - Remote Code Execution (RCE) https://www.exploit-db.com/exploits/51719 GOM Player 2.3.90.5360 - Buffer Overflow (PoC) https://www.exploit-db.com/exploits/51724 2.銀行/金融/保險/證券/金融監理新聞及資安 Social engineering attacks lure Indian users to install Android banking trojans https://www.microsoft.com/en-us/security/blog/2023/11/20/social-engineering-attacks-lure-indian-users-to-install-android-banking-trojans/ Malicious Apps Disguised as Banks and Government Agencies Targeting Indian Android Users https://thehackernews.com/2023/11/malicious-apps-disguised-as-banks-and.html 國泰金捍衛資安 BSI認證 https://money.udn.com/money/story/5613/7587495 統一期貨行動實踐ESG永續理念 https://reurl.cc/MyE7jW 用銀行App擔心資安問題？國泰世華CUBE App這樣為你把關 https://www.nownews.com/news/6301187 證券業唯一獲獎凱基證券奪下 BSI 資訊韌性應變力獎 https://udn.com/news/story/7239/7592896 凱基證券亞太區資訊長黃榮林引領凱基證券核心系統數位轉型 https://www.ctee.com.tw/news/20231119700097-439901 台國銀前三季阻詐衝55億陳建仁赴中信銀視察打氣 https://www.epochtimes.com/b5/23/11/22/n14121845.htm 台新金導入AI，提升消費金融服務效益 https://www.moneydj.com/kmdj/news/newsviewer.aspx?a=2422fc30-a799-46c7-8faf-ea4bd1e25ab3 3.信用卡/電子支付/行動支付/pay/支付系統/資安打造便利金融財金公司再建「金融FIDO」「開放證券」2平台 https://ec.ltn.com.tw/article/breakingnews/4500587 未來支付再升級！「TWQR」讓民眾無痛使用電子支付 https://reurl.cc/8Nml94 南韓無現金業務擬擴海外行動支付業者百家爭鳴 https://news.pts.org.tw/article/664954 中國行動支付普及官媒批拒收現金損人民幣尊嚴 https://www.rti.org.tw/news/view/id/2185060 金融消保法修正三讀通過納管電子支付業 https://www.chinatimes.com/realtimenews/20231121002914-260407?chdtv 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 Randstorm Exploit: Bitcoin Wallets Created b/w 2011-2015 Vulnerable to Hacking https://thehackernews.com/2023/11/randstorm-exploit-bitcoin-wallets.html 駭客組織DarkCasino利用WinRAR漏洞發動攻擊，目標鎖定加密貨幣用戶 https://nsfocusglobal.com/the-new-apt-group-darkcasino-and-the-global-surge-in-winrar-0-day-exploits/ 加密貨幣量化交易公司麒點科技驚傳遭駭，損失逾2千萬美元 https://www.blocktempo.com/taiwan-largest-quantitative-fund-was-reportedly-hacked/ 駭侵者濫用以太坊功能，竊得 6,000 萬美元加密資金 https://www.twcert.org.tw/tw/cp-104-7543-ff1bf-1.html Justin Sun：HTX和Heco跨鏈橋遭受駭客攻擊，將全額補償HTX熱錢包資產損失 https://news.cnyes.com/news/id/5389399 當HECO Bridge駭客拋售HBTC時，一鯨魚通過套利賺取約0.83枚BTC https://news.cnyes.com/news/id/5389423 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 針對IT開發者而來！27 個惡意 PyPI 套裝軟體下載量達數千次 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10811 Ransom.Win64.LOCKBIT.YJDIHT 勒索病毒 https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.win64.lockbit.yjdiht Dragon Touch廉價平板電腦暗藏惡意軟體Corejava https://www.eff.org/deeplinks/2023/11/low-budget-should-not-mean-high-risk-kids-tablet-came-preloaded-sketchyware 勒索軟體Phobos鎖定資安社群VX-Underground而來 https://www.bleepingcomputer.com/news/security/vx-underground-malware-collective-framed-by-phobos-ransomware/ https://twitter.com/pcrisk/status/1726482750704619786 https://twitter.com/vxunderground/status/1726604821242040407 美國NASA、空中巴士合作夥伴Autonomous Flight Technologies遭勒索軟體駭客BlackCat鎖定 https://twitter.com/AlvieriD/status/1726125990319960262 勒索軟體Rhysida聲稱是大英圖書館網路攻擊的幕後黑手 https://www.bleepingcomputer.com/news/security/rhysida-ransomware-gang-claims-british-library-cyberattack/ 大英圖書館證實月初發生多項服務中斷，起因是遭遇勒索軟體攻擊 https://www.darkreading.com/attacks-breaches/british-library-confirms-ransomware-attack-caused-outages 木馬程式NetSupport RAT鎖定政府機關、企業組織而來 https://blogs.vmware.com/security/2023/11/netsupport-rat-the-rat-king-returns.html 駭客散布惡意PyPI套件，利用PNG圖檔埋藏攻擊意圖 https://checkmarx.com/blog/attacker-hidden-in-plain-sight-for-nearly-six-months-targeting-python-developers/ 勒索軟體BlackCat投放Google廣告，攻擊律師事務所、製造業、倉庫經營者 https://www.esentire.com/blog/the-notorious-alphv-blackcat-ransomware-gang-is-attacking-corporations-and-public-entities-using-google-ads-laced-with-malware-warns-esentire 惡意軟體Konni RAT利用Word文件感染Windows電腦，竊取電腦資料 https://www.fortinet.com/blog/threat-research/konni-campaign-distributed-via-malicious-document Konni Group Using Russian-Language Malicious Word Docs in Latest Attacks https://thehackernews.com/2023/11/konni-group-using-russian-language.html The Continued Evolution of the DarkGate Malware-as-a-Service https://otx.alienvault.com/pulse/6560841a3ac666c2f0862496 MetaStealer - Redline's Doppelgänger https://russianpanda.com/2023/11/20/MetaStealer-Redline%27s-Doppelganger/ ParaSiteSnatcher How Malicious Chrome Extensions Target Brazil https://www.trendmicro.com/en_us/research/23/k/parasitesnatcher-how-malicious-chrome-extensions-target-brazil-.html https://documents.trendmicro.com/assets/txt/20231121_ParaSiteSnatcher_IoCsl7nn42H.txt SolarMarker: To Jupyter and Back https://www.esentire.com/blog/solarmarker-to-jupyter-and-back Unveiling LummaC2 stealer’s novel Anti-Sandbox technique: Leveraging trigonometry for human behavior detection https://outpost24.com/blog/lummac2-anti-sandbox-technique-trigonometry-human-detection/ PlayCrypt Ransomware-as-a-Service Expands Threat https://adlumin.com/post/playcrypt-ransomware-as-a-service-expands-threat-from-script-kiddies-and-sophisticated-attackers/ NetSupport RAT: The RAT King Returns https://blogs.vmware.com/security/2023/11/netsupport-rat-the-rat-king-returns.html Atomic Stealer distributed to Mac users via fake browser updates https://www.malwarebytes.com/blog/threat-intelligence/2023/11/atomic-stealer-distributed-to-mac-users-via-fake-browser-updates BlackNET https://otx.alienvault.com/pulse/655d0f94ad4d7cdc5e3f0a98 New "Agent Tesla" Variant: Unusual "ZPAQ" Archive Format Delivers Malware https://www.gdatasoftware.com/blog/2023/11/37822-agent-tesla-zpaq XWorm Malware: Exploring C&C Communication https://any.run/cybersecurity-blog/xworm-malware-communication-analysis/ Investigating the New Rhysida Ransomware https://www.fortinet.com/blog/threat-research/investigating-the-new-rhysida-ransomwarerhysida-ransomware-intrusion.pdf 勒索軟體Rhysida鎖定缺乏雙因素驗證的企業下手，利用Zerologon入侵內部網路環境 https://www.cisa.gov/news-events/alerts/2023/11/15/cisa-fbi-and-ms-isac-release-advisory-rhysida-ransomware A deep dive into Phobos ransomware, recently deployed by 8Base group https://blog.talosintelligence.com/deep-dive-into-phobos-ransomware/ Konni Campaign Distributed Via Malicious Document https://www.fortinet.com/blog/threat-research/konni-campaign-distributed-via-malicious-document Malware Spotlight - Into the Trash: Analyzing LitterDrifter https://research.checkpoint.com/2023/malware-spotlight-into-the-trash-analyzing-litterdrifter/ Scattered Spider https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-320a 8Base Group Deploying New Phobos Ransomware Variant via SmokeLoader https://thehackernews.com/2023/11/8base-group-deploying-new-phobos.html Russian Cyber Espionage Group Deploys LitterDrifter USB Worm in Targeted Attacks https://thehackernews.com/2023/11/russian-cyber-espionage-group-deploys.html Beware: Malicious Google Ads Trick WinSCP Users into Installing Malware https://thehackernews.com/2023/11/beware-malicious-google-ads-trick.html 27 Malicious PyPI Packages with Thousands of Downloads Found Targeting IT Experts https://thehackernews.com/2023/11/27-malicious-pypi-packages-with.html LummaC2 Malware Deploys New Trigonometry-Based Anti-Sandbox Technique https://thehackernews.com/2023/11/lummac2-malware-deploys-new.html LockBit Ransomware Exploiting Critical Citrix Bleed Vulnerability to Break In https://thehackernews.com/2023/11/lockbit-ransomware-exploiting-critical.html Play Ransomware Goes Commercial - Now Offered as a Service to Cybercriminals https://thehackernews.com/2023/11/play-ransomware-goes-commercial-now.html North Korean Hackers Pose as Job Recruiters and Seekers in Malware Campaigns https://thehackernews.com/2023/11/north-korean-hackers-pose-as-job.html Hamas-Linked Cyberattacks Using Rust-Powered SysJoker Backdoor Against Israel https://thehackernews.com/2023/11/hamas-linked-cyberattacks-using-rust.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 FCC Enforces Stronger Rules to Protect Customers Against SIM Swapping Attacks https://thehackernews.com/2023/11/fcc-enforces-stronger-rules-to-protect.html 為防範SIM卡挾持攻擊，美國FCC對電信業者祭出新規定 https://docs.fcc.gov/public/attachments/DOC-398483A1.pdf 美國 FCC 推新規定防制 SIM-swap 與門號攜碼攻擊 https://www.twcert.org.tw/tw/cp-104-7551-6f2b8-1.html ClearFake Campaign Expands to Target Mac Systems with Atomic Stealer https://thehackernews.com/2023/11/clearfake-campaign-expands-to-deliver.html 攻擊行動ClearFake鎖定Mac電腦用戶，散布竊資軟體Atomic Stealer https://www.malwarebytes.com/blog/threat-intelligence/2023/11/atomic-stealer-distributed-to-mac-users-via-fake-browser-updates 從使用者裝置攻擊 5G 基礎架構：5G 核心網路中的 ASN.1 漏洞 https://www.trendmicro.com/zh_tw/research/23/k/asn1-vulnerabilities-in-5g-cores.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力台灣網路講堂：數位時代的民主：威脅與方案會後報導 https://blog.twnic.tw/2023/11/22/29087/ 勒索軟體駭客組織Play將其工具提供出租，吸引更多打手加入 https://adlumin.com/post/playcrypt-ransomware-as-a-service-expands-threat-from-script-kiddies-and-sophisticated-attackers/ SIEM廠商Sumo Logic針對月初的資安事故進行調查，強調客戶資料不受影響 https://www.securityweek.com/sumo-logic-completes-investigation-into-recent-security-breach/ 開源3D設計軟體Blender網站遭遇DDoS攻擊，駭客發出逾2.4億次請求 https://www.blender.org/news/cyberattack-november-2023/ 歐洲多個國家的大使館遭到網路攻擊，兇手是俄羅斯駭客APT29，他們發動WinRAR漏洞攻擊 https://www.rnbo.gov.ua/files/2023_YEAR/CYBERCENTER/november/APT29%20attacks%20Embassies%20using%20CVE-2023-38831%20-%20report%20en.pdf 英國國家網路安全中心宣布入侵指標的新標準 https://www.ncsc.gov.uk/blog-post/rfc-indicators-of-compromise-for-ietf CISA發布醫療保健產業的網路安全指南 https://www.cisa.gov/sites/default/files/2023-11/HPH-Sector-Mitigation-Guide-TLP-CLEAR_508c.pdf 美國愛達荷實驗室傳出遭到駭客組織SiegedSec入侵 https://securityaffairs.com/154598/hacktivism/siegedsec-hacked-idaho-national-laboratory.html 中心綜合醫院傳出掛號系統無法使用、預約資料消失，疑遭網路攻擊所致 https://news.cts.com.tw/cts/general/202311/202311212254630.html 中石化遭受網路攻擊事件 https://mops.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=201402&SPOKE_DATE=20231120&COMPANY_ID=1314 俄羅斯駭客Gamaredon鎖定烏克蘭組織，散布USB蠕蟲LitterDrifter https://research.checkpoint.com/2023/malware-spotlight-into-the-trash-analyzing-litterdrifter/ U.S. Cybersecurity Agencies Warn of Scattered Spider's Gen Z Cybercrime Ecosystem https://thehackernews.com/2023/11/us-cybersecurity-agencies-warn-of.html Cryptojacking Attack Campaign Against Apache Web Servers Using Cobalt Strike https://asec.ahnlab.com/en/59110/ Circumstances of an Attack Exploiting an Asset Management Program (Andariel Group) https://asec.ahnlab.com/en/59073/ HrServ – Previously unknown web shell used in APT attack https://securelist.com/hrserv-apt-web-shell/111119/ 臺灣多媒體軟體業者訊連科技遭北韓駭客Lazarus發動供應鏈攻擊 https://www.ithome.com.tw/news/159983 Diamond Sleet supply chain compromise distributes a modified CyberLink installer https://www.microsoft.com/en-us/security/blog/2023/11/22/diamond-sleet-supply-chain-compromise-distributes-a-modified-cyberlink-installer/ Hacking Employers and Seeking Employment: Two Job-Related Campaigns Bear Hallmarks of North Korean Threat Actors https://unit42.paloaltonetworks.com/two-campaigns-by-north-korea-bad-actors-target-job-hunters/ Elephant Hunting | Inside an Indian Hack-For-Hire Group https://www.sentinelone.com/labs/elephant-hunting-inside-an-indian-hack-for-hire-group/ Suspected Rattlesnake organization uses Nim backdoor to spy on intelligence from many countries in South Asia https://mp.weixin.qq.com/s?__biz=MzI2MDc2MDA4OA==&mid=2247508655&idx=1&sn=b808c9a435b473e5dc957d1b34a79432&chksm=ea6655d8dd11dcce5db489b200b67463f251c5900402b9a1cb18c9e1d9d1c56adee066eb165e&scene=178&cur_album_id=1539799351089283075#rd Protestware taps npm to call out wars in Ukraine, Gaza https://www.reversinglabs.com/blog/protestware-taps-npm-to-call-out-wars-in-ukraine-gaza Stately Taurus Targets the Philippines As Tensions Flare in the South Pacific https://unit42.paloaltonetworks.com/stately-taurus-targets-philippines-government-cyberespionage/ Indian Hack-for-Hire Group Targeted U.S., China, and More for Over 10 Years https://thehackernews.com/2023/11/indian-hack-for-hire-group-targeted-us.html Mustang Panda Hackers Targets Philippines Government Amid South China Sea Tensions https://thehackernews.com/2023/11/mustang-panda-hackers-targets.html 中國駭客組織Mustang Panda鎖定東南亞國家軍事單位下手，主要可能是針對菲律賓而來 https://unit42.paloaltonetworks.com/stately-taurus-targets-philippines-government-cyberespionage/ NetSupport RAT Infections on the Rise - Targeting Government and Business Sectors https://thehackernews.com/2023/11/netsupport-rat-infections-on-rise.html 網路管理/資訊安全工程師 https://www.104.com.tw/job/867yq?jobsource=googlejobs 專案經理(資安營運) https://www.1111.com.tw/job/113051943/ 技術工程類 - ESG(CSR)資安工程師【台北】 https://www.1111.com.tw/job/113044624/ 資安專案經理 https://www.104.com.tw/job/869o4?jobsource=googlejobs 資安工程師(產品合規性評估)_台達研究院(台北) https://www.1111.com.tw/job/113054763/ 財金資訊招募儲備人才、資訊、稽核、客服等四大類人員 https://www.1111.com.tw/news/jobns/154028 D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全台灣四成民眾週週遇詐騙！「未辨識出詐騙行為」是落入陷阱的主要原因 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10808 醫療照顧系統供應商Welltok遭遇MOVEit Transfer零時差漏洞攻擊，850萬病人資料流出 https://www.bleepingcomputer.com/news/security/welltok-data-breach-exposes-data-of-85-million-us-patients/ https://welltoknotice.wpenginepowered.com/?page_id=23 https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf https://www.theregister.com/2023/11/20/moveit_victim_77m_medical/ 汽車零件經銷商AutoZone遭遇MOVEit Transfer漏洞攻擊，18萬人個資外洩 https://www.documentcloud.org/documents/24173151-az_individual-notice-letter-sample 山葉機車證實菲律賓子公司遭遇勒索軟體攻擊，部分員工個資、公司銷售資訊恐流出 https://global.yamaha-motor.com/news/2023/1116/corporate.html 駭客組織聲稱入侵美國核子研究實驗室，竊得數十萬員工個資 https://www.bleepingcomputer.com/news/security/hacktivists-breach-us-nuclear-research-lab-steal-employee-data/ 北韓駭客冒充徵才者、求職者，騙取經濟利益 https://unit42.paloaltonetworks.com/two-campaigns-by-north-korea-bad-actors-target-job-hunters/ 旅遊業者雄獅證實遭遇網路攻擊事件，客戶採購資訊外流，但不含信用卡資料 https://info.liontravel.com/category/zh-tw/notice/index?fr=cg8613C0301M01 司法院針對判決資料外洩事故做出新的說明 https://www.judicial.gov.tw/tw/cp-1693-987065-7321a-1.html 臺灣生技業者大江生醫傳出遭駭，駭客聲稱握有230 GB內部資料 https://twitter.com/FalconFeedsio/status/1724046526870331569 https://medium.com/@Billows_Tech/hunters-international%E5%85%A5%E4%BE%B5%E5%8F%B0%E7%81%A3-%E5%82%B3%E5%87%BA%E4%B8%8A%E5%B8%82%E7%94%9F%E9%86%AB%E9%81%AD%E6%AE%83-361523a9e6eb https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10815 大江生醫集團驚爆 236.3GB 資料於暗網洩露 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10815 惡意軟體載入工具WailingCrab透過物流相關主題為誘餌散布 https://securityintelligence.com/x-force/wailingcrab-malware-misues-mqtt-messaging-protocol/ 竊資軟體Lumma測量滑鼠移動的軌跡，判斷是否在沙箱環境運作，以此躲避偵測 https://outpost24.com/blog/lummac2-anti-sandbox-technique-trigonometry-human-detection/ 竊資軟體Lumma開發者聲稱能復原Google帳號的連線階段，挾持受害者帳號 https://www.bleepingcomputer.com/news/security/malware-dev-says-they-can-revive-expired-google-auth-cookies/ https://www.linkedin.com/posts/alon-gal-utb_an-upcoming-update-to-lumma-infostealer-is-activity-7128433924380213248-hcEG/ https://www.linkedin.com/posts/alon-gal-utb_infostealer-cybercrime-activity-7129468853574598656-gboo/ https://twitter.com/g0njxa/status/1725486960750284847 惡意軟體DarkGate及PikaBot透過網釣攻擊散布，攻擊者很可能是曾經利用QBot的駭客 https://cofense.com/blog/are-darkgate-and-pikabot-the-new-qakbot/ 透過將1GB資料壓縮為6KB的ZPAQ檔案突破防毒軟體上限，Agent Tesla散布竊資軟體 https://www.gdatasoftware.com/blog/2023/11/37822-agent-tesla-zpaq 駭客假借以巴衝突的名義，謊稱為災民募款進行詐騙 https://abnormalsecurity.com/blog/attackers-exploit-middle-east-crisis-solicit-cryptocurrency-donations Bloomberg Crypto 官方 X 帳號遭盜，用以進行 Discord 釣魚攻擊 https://www.twcert.org.tw/tw/cp-104-7549-94175-1.html 彭博社舊的Telegram頻道遭到冒用，攻擊者將其用於盜取Discord帳密 https://www.bleepingcomputer.com/news/security/bloomberg-crypto-x-account-snafu-leads-to-discord-phishing-attack/ 加拿大政府外包業者遭駭，導致政府雇員資料被竊 https://www.twcert.org.tw/tw/cp-104-7553-a69e9-1.html Alert: New WailingCrab Malware Loader Spreading via Shipping-Themed Emails https://thehackernews.com/2023/11/alert-new-wailingcrab-malware-loader.html How Multi-Stage Phishing Attacks Exploit QRs, CAPTCHAs, and Steganography https://thehackernews.com/2023/11/how-multi-stage-phishing-attacks.html DarkGate and PikaBot Malware Resurrect QakBot's Tactics in New Phishing Attacks https://thehackernews.com/2023/11/darkgate-and-pikabot-malware-resurrect.html New Agent Tesla Malware Variant Using ZPAQ Compression in Email Attacks https://thehackernews.com/2023/11/new-agent-tesla-malware-variant-using.html 中國大陸锦州警方破获网络诈骗案 | 晋城警方打掉诈骗洗钱团伙——涉网犯罪每日情报 https://mp.weixin.qq.com/s?__biz=MzAxMzkzNDA1Mg==&mid=2247507479&idx=1&sn=6f8223bee2dbd7941a987764c5947817 调用栈欺骗技术(番外篇) https://mp.weixin.qq.com/s?__biz=Mzk0NTUwNzAyOA==&mid=2247484009&idx=1&sn=3f3b6b3b393ea4ae14c6925670544906 一下載就被盜！假的Safari 及Chrome頁面騙你下載瀏覽器 https://reurl.cc/1GRQMD E.研究報告/工具 Linux基金會、ISC2、OpneSSF進行合作，促進安全程式碼開發 https://openssf.org/press-release/2023/11/02/linux-foundation-isc2-and-openssf-collaborate-to-target-secure-code-development/ 研究人員揭露印度僱庸駭客組織Appin Software Security https://www.sentinelone.com/labs/elephant-hunting-inside-an-indian-hack-for-hire-group/ 研究人員揭露CrushFTP檔案傳輸系統的漏洞細節，發布概念性驗證程式 https://convergetp.com/2023/11/16/crushftp-zero-day-cve-2023-43177-discovered/ 資安怎麼入門大哉問 https://vocus.cc/article/655f63dcfd89780001a93397 Tracking Vidar Infrastructure with Censys https://censys.com/tracking-vidar-infrastructure/ Attacker targeting Python developers https://checkmarx.com/blog/attacker-hidden-in-plain-sight-for-nearly-six-months-targeting-python-developers/ Why Defenders Should Embrace a Hacker Mindset https://thehackernews.com/2023/11/why-defenders-should-embrace-hacker.html AI Solutions Are the New Shadow IT https://thehackernews.com/2023/11/ai-solutions-are-new-shadow-it.html 戴尔、联想、微软笔记本电脑上的Windows Hello身份验证可被绕过 https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458529420&idx=3&sn=184473b510cd08b5a9c306ae280ef1aa 研究人員揭露繞過筆電Windows Hello指紋驗證機制的手法，多個廠牌的電腦曝險 https://blackwinghq.com/blog/posts/a-touch-of-pwn-part-i/ New Flaws in Fingerprint Sensors Let Attackers Bypass Windows Hello Login https://thehackernews.com/2023/11/new-flaws-in-fingerprint-sensors-let.html OWASP 实战分析 level 2 https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458529420&idx=1&sn=1d385addf837026dda176646cb96c5e7 APT-C-35（肚脑虫）利用RemcosRAT远控攻击活动分析 https://mp.weixin.qq.com/s?__biz=MzA4MTg0MDQ4Nw==&mid=2247567767&idx=2&sn=62bdde38db3536bc2cd6cbc6cc63e9db DorXNG：一款功能强大的现代OSINT信息收集工具 https://mp.weixin.qq.com/s?__biz=MjM5NjA0NjgyMA==&mid=2651249099&idx=4&sn=c1264da260b2e473d13d87a1c2617253 近乎明文显示！大量Kubernetes机密暴露 https://mp.weixin.qq.com/s?__biz=MjM5NjA0NjgyMA==&mid=2651249099&idx=1&sn=fe5dd39f510d1f3ddb835a0ac3380294 Tell Me Your Secrets Without Telling Me Your Secrets https://thehackernews.com/2023/11/tell-me-your-secrets-without-telling-me.html Kubernetes Secrets of Fortune 500 Companies Exposed in Public Repositories https://thehackernews.com/2023/11/kubernetes-secrets-of-fortune-500.html F.商業 Google Cloud 的 2024年20個網路安全威脅預測 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10809 HiTRUST 獲選擔任「台灣金融科技代表團」參展2023新加坡金融科技嘉年華 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10800 Palo Alto Networks：92%的台灣企業推動資安防護自動化，但實務多採被動式防禦 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10804 Fortinet：23年零日漏洞數量創新高，明年六大趨勢預測 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10801 Google發表新款Titan實體安全金鑰，可存放250組Passkey https://blog.google/technology/safety-security/titan-security-key-google-store/ CyberArk：生成式 AI 在 2024 年將引發災難性網路攻擊事件 https://infosecu.technews.tw/2023/11/23/cyberark-generative-ai-security/ 呼應「安全未來倡議」! 微軟推出整合Security Copilot的單一安全運營平台 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10816 G.政府支持資安院啟動臺灣資安計畫，Google資助1百萬美元 https://taiwan.googleblog.com/2023/11/googleorg.html 雄獅、中石化、泰山傳遭駭客攻擊，引起政府重視 https://www.setn.com/News.aspx?NewsID=1386417 政院防詐陳揆：保護個資設專責機制同步安排國家資安研究院協助企業防駭 https://reurl.cc/9R8zWO 大型企業遭受駭客攻擊陳建仁：政院將成立個資保護委員會籌備處 https://reurl.cc/Y0zlnl 立院初審調查局增1名副局長負責科技偵查業務 https://www.cna.com.tw/news/asoc/202311230145.aspx 大型企業遭駭資安院：明年啟動私人企業通報服務 https://www.merit-times.com/NewsPage.aspx?unid=867942 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安 SEMI發佈半導體製造環境資訊網路安全參考架構 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10803 Stealthy WailingCrab Malware misuses MQTT Messaging Protocol https://securityintelligence.com/x-force/wailingcrab-malware-misues-mqtt-messaging-protocol/ Mirai殭屍網路變種利用零時差漏洞感染路由器、視訊監控裝置 https://www.akamai.com/blog/security-research/new-rce-botnet-spreads-mirai-via-zero-days Mirai-based Botnet Exploiting Zero-Day Bugs in Routers and NVRs for Massive DDoS Attacks https://thehackernews.com/2023/11/mirai-based-botnet-exploiting-zero-day.html 江森自控修補工業冷凍系統的嚴重漏洞 https://www.securityweek.com/johnson-controls-patches-critical-vulnerability-in-industrial-refrigeration-products/ https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2023/jci-psa-2023-09.pdf?la=en&hash=3A4A98244141122D9019B5EAF3B58314DAA63E4D https://www.cisa.gov/news-events/ics-advisories/icsa-23-313-01 OpenPLC WebServer 3 - Denial of Service https://www.exploit-db.com/exploits/51746 Techview LA-5570 Wireless Gateway Home Automation Controller - Multiple Vulnerabilities https://www.exploit-db.com/exploits/51720 DLINK DPH-400SE - Exposure of Sensitive Information https://www.exploit-db.com/exploits/51709 I.教育訓練 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 6.近期資安活動及研討會 High Velocity ITSM Taipei 2023/11/25 https://www.meetup.com/taipei-atlassian-community-events/events/295913312/ 2023台北國際金融博覽會 2023/11/24 ~ 2023/11/26 https://www.accupass.com/event/2307200240122074808667 HITCON GIRLS 2023 Workshop 2023/11/25 ~ 2023/11/26 https://hitcon.kktix.cc/events/hitcongirlsworkshop2023 High Velocity ITSM Taipei 2023/11/25 https://www.meetup.com/taipei-atlassian-community-events/events/295913312/ 資安防無懼一步到位 : Affordable SOC 有效強化企業核心資安防護力 2023/11/28 https://www.gss.com.tw/content-page/173-currcular/3599-2023-11-28 Flutter Meetup #8 2023/11/29 https://www.meetup.com/flutter-taipei/events/296465276/ 發掘未來資安長，CISSP交流會 2023/11/30 https://www.accupass.com/event/2311220845307097352650 Jamf Nation Live Taipei 2023 2023/12/19 https://jamf.kktix.cc/events/jamfnation2023 【Monosparta】②⓪②④ 第一梯次軟體開發實戰訓練營➠線上說明會 2024/1/17 https://trunk-studio.kktix.cc/events/monosparta-202401