資安事件新聞週報 2022/12/26 ~ 2022/12/30

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2022/12/26 ~ 2022/12/30 1.重大弱點漏洞/後門/Exploit/Zero Day Thousands of Citrix Servers Still Unpatched for Critical Vulnerabilities https://thehackernews.com/2022/12/thousands-of-citrix-servers-still.html 數千臺Citrix伺服器存在重大漏洞 https://blog.fox-it.com/2022/12/28/cve-2022-27510-cve-2022-27518-measuring-citrix-adc-gateway-version-adoption-on-the-internet/ Linux 存在多個弱點 https://access.redhat.com/security/cve/cve-2022-47939 Linux核心的SMB元件ksmbd存在記憶體釋放後濫用漏洞 https://www.ithome.com.tw/news/154880 Apache ShardingSphere存在身分認證繞過漏洞 https://www.cve.org/CVERecord?id=CVE-2022-45347 內容管理平臺Ghost存在權限提升漏洞 https://thehackernews.com/2022/12/two-new-security-flaws-reported-in.html WordPress禮物卡外掛程式存在重大漏洞，5萬網站曝險，且已有攻擊行動 https://www.wordfence.com/blog/2022/12/psa-yith-woocommerce-gift-cards-premium-plugin-exploited-in-the-wild/ Zoom白板應用程式存在漏洞，恐被用於跨網站指令碼攻擊 https://spaceraccoon.dev/analyzing-clipboardevent-listeners-stored-xss/ 海盜船鍵盤韌體存在臭蟲，輸入的資料竟於數天後才出現，用戶懷疑遭到側錄 https://www.bleepingcomputer.com/news/security/corsair-keyboard-bug-makes-it-type-on-its-own-no-malware-involved/ Nullsoft Scriptable Install System (NSIS)軟體含有DLL Hijacking漏洞，影響多個 web 應用程式 https://www.twcert.org.tw/tw/cp-132-3392-9df94-1.html 2.銀行/金融/保險/證券/支付系統/金融監理新聞及資安 New wave of Financial Fraud: Scammers Monitoring Social Media Complaints https://blog.cyble.com/2022/12/27/new-wave-of-finacial-fraud-scammers-monitoring-social-media-complaints/?utm_content=232952645&utm_medium=social&utm_source=twitter&hss_channel=tw-1141929006603866117 FIN7 Cybercrime Syndicate Emerges as a Major Player in Ransomware Landscape https://thehackernews.com/2022/12/fin7-cybercrime-syndicate-emerges-as.html 證券交易所要求券商遵守資安規範，半年內再犯最重可罰400萬元 https://www.cna.com.tw/news/afe/202212270303.aspx 金管會發布金融資安行動方案2.0，共9大推動重點 https://www.fsc.gov.tw/ch/home.jsp?id=96&parentpath=0%2C2&mcustomize=news_view.jsp&dataserno=202212270001&aplistdn=ou%3Dnews%2Cou%3Dmultisite%2Cou%3Dchinese%2Cou%3Dap_root%2Co%3Dfsc%2Cc%3Dtw&dtable=News&fbclid=IwAR17uX_MRMRlALDbVztgdCC8hHEFO4FogWW5wO0v2JPuTHILfdWfWkyWKMo Exchange遭到駭客組織FIN7鎖定，透過自動化攻擊套件入侵 https://www.prodaft.com/resource/detail/fin7-unveiled-deep-dive-notorious-cybercrime-gang Mango 攻擊者不請律師！「KYC偽裝烏克蘭女性」，或被移送紐約受審 https://www.blocktempo.com/mango-hacker-avraham-eisenberg-may-extrade-back-to-usa/ 集中保管結算所「資訊應用系統資安檢測服務專案」招商事宜 https://www.tdcc.com.tw/portal/zh/news/content/40289796840eaf6c018557dbcafb0093 金管會推動「資安行動方案2.0」　9大重點一次看 https://reurl.cc/ROo5O6 台新證通過ISO27001資安驗證接軌國際 https://www.smartcpa.tw/news/content/63F883228743EB4F8741814E714E269D 國泰世華銀大當機遭重罰1200萬元　總座降薪 https://finance.ettoday.net/news/2411779 建立證券商資通安全檢查機制 https://www.laws.taipei.gov.tw/Law/LawSearch/LawInformation?lawId=A040390050018500-20221228 金研院看世界－新的資安思維承認人工監控有其侷限 https://reurl.cc/58Nj1n 3.電子支付/行動支付/pay/資安全支付跟PX Pay差在哪？全聯不跟補貼戰，「未必虧錢」背後有2大底氣 https://www.bnext.com.tw/article/73488/difference-between-pxpay-and-pxpay-plus- 1張表看懂4家電支業者新布局 https://www.ithome.com.tw/news/154939 電子支付大戰白熱化！全支付42天圈粉200萬進逼街口、一卡通雙雄 https://udn.com/news/story/6842/6873366 「你今天用Pay了嗎？」非現金交易破4.5兆，街口仍是使用者最多的電子支付 https://www.thenewslens.com/article/178964 OMO跨業整合新世界 https://www.ithome.com.tw/voice/154949 【電支戰略分析：街口支付】開放平臺擴大異業合作，將推分級制度深化會員經營 https://www.ithome.com.tw/news/154931 icash Pay成為首家提供逾7,600項線上繳費的電支服務 https://reurl.cc/EXvx4R 數位車牌化身電子支付工具！它如何讓你的生活變得更安全、更便利 https://www.businesstoday.com.tw/article/category/183015/post/202212160020/ 用手機也可付郵資！i郵箱開放「2電子支付」繳款更方便 https://reurl.cc/EXvx4m 釣魚簡訊騙帳戶！誆綁「悠遊付」給補助款 https://reurl.cc/lZOmgq 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 How to learn DeFi in 2022 https://medium.com/coinmonks/how-to-learn-defi-in-2022-b63e8f8a6798 加密貨幣投資機器人3Commas坦承資料外洩，駭客聲稱竊得10萬個API金鑰 https://www.bleepingcomputer.com/news/security/crypto-platform-3commas-admits-hackers-stole-api-keys/ 3Commas金鑰大規模外洩，CZ提醒用戶立即禁用 https://www.btcc.com/zh-TW/coin-news/market-updates/3commas-key-leaked-on-a-large-scale DeFi平臺Defrost Finance聖誕節前夕遭閃電貸攻擊，損失1,200萬美元，被社群懷疑是自導自演 https://cointelegraph.com/news/defrost-finance-breaks-silence-on-exit-scam-accusations-denies-rug-pull NFT投資人遭北韓駭客鎖定，發動大規模網釣攻擊 https://slowmist.medium.com/slowmist-our-in-depth-investigation-of-north-korean-apts-large-scale-phishing-attack-on-nft-users-362117600519 駭客假借提供加密貨幣錢包BitKeep的安卓App，得手800萬美元 https://www.bleepingcomputer.com/news/security/hackers-steal-8-million-from-users-running-trojanized-bitkeep-apps/ BitKeep安全事件思考：自託管錢包問題及潛在變局 https://news.cnyes.com/news/id/5048915 加密貨幣錢包Bitkeep遭竊800萬美元，駭客利用DeFi漏洞得逞 https://cointelegraph.com/news/hackers-drain-8m-in-assets-from-bitkeep-wallets-in-latest-defi-exploit 加密貨幣交易所FTX宣布破產數小時後遭駭，美國檢察官著手調查 https://www.bloomberg.com/news/articles/2022-12-27/us-probes-how-372-million-vanished-in-hack-after-ftx-bankruptcy BTC.com月初遭遇網路攻擊事件，調查後損失300萬美元 https://www.ithome.com.tw/news/154915 Nexon創始人在去世後被盜約670萬美元加密貨幣，駭客已被判刑 https://news.cnyes.com/news/id/5048681 幣圈資安新危機，機器人交易服務 3Commas 遭駭，10 萬組金鑰外流 https://technews.tw/2022/12/29/3commas-key-api-leak/ 越來越多的訊號指向：變盤在即 https://blockcast.it/2022/12/28/madman-column-2022-dec-28/ Defrost Finance 否認監守自盜！稱駭客歸還 1,200 萬鎂，社群存疑被逼急了 https://www.blocktempo.com/defrost-finance-denies-rug-pull/ SBF 才剛獲准保釋沒幾天！Alameda 錢包驚傳流出數百萬美元 https://blockcast.it/2022/12/29/alameda-liquidated-millions-dollars-of-cryptos-days-after-sbf-was-released-from-jail/ BXH團隊和比特叢林協助警方成功抓獲BXH第二次被盜案駭客 https://news.cnyes.com/news/id/5049845 加密產業的復甦，需要更積極的詐欺解決方案 https://news.knowing.asia/news/24ebcfb9-8ebe-44ac-a59a-835aeb4ea245 跨鏈橋駭客在過去兩年裡造成大約25億美元損失 https://news.cnyes.com/news/id/5050113 借鏡烏俄戰爭專家立委：妥善應用區塊鏈強化台灣數位韌性 https://wp.taronews.tw/2022/12/30/882631/ 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC AV-TEST公佈年度報告！ Windows 惡意軟體數量是Mac 的5千多倍 https://3c.ltn.com.tw/news/51839 FBI與CISA發布Cuba Ransomware勒索軟體警報 https://www.cisa.gov/uscert/ncas/alerts/aa22-335a 駭客佯稱提供知名應用程式，濫用Google廣告散布竊密軟體 https://labs.guard.io/masquerads-googles-ad-words-massively-abused-by-threat-actors-targeting-organizations-gpus-42ae73ee8a1e 北韓駭客組織假冒日本投顧來散布惡意程式 https://securelist.com/bluenoroff-methods-bypass-motw/108383/ 美國路易斯安那州大型醫院遭勒索軟體攻擊，27萬病人資料外洩 https://www.bleepingcomputer.com/news/security/ransomware-attack-at-louisiana-hospital-impacts-270-000-patients/ 電信業者Intrado傳出遭到勒索軟體Royal攻擊 https://www.bleepingcomputer.com/news/security/royal-ransomware-claims-attack-on-intrado-telecom-provider/ GuLoader惡意軟體發展出規避偵測的新技術 https://www.crowdstrike.com/blog/guloader-dissection-reveals-new-anti-analysis-techniques-and-code-injection-redundancy/ 南韓外交智庫學者遭北韓駭客大規模網釣，數十家購物網站遭勒索軟體攻擊 https://www.ithome.com.tw/news/154914 IcedID殭屍網路濫用Google PPC服務散布惡意軟體 https://www.trendmicro.com/en_us/research/22/l/icedid-botnet-distributors-abuse-google-ppc-to-distribute-malware.html 竊密軟體RisePro疑透過惡意軟體下載器PrivateLoader散布 https://www.bleepingcomputer.com/news/security/new-info-stealer-malware-infects-software-pirates-via-fake-cracks-sites/ 勒索軟體Vice Society利用更為複雜的演算法加密電腦檔案 https://www.sentinelone.com/labs/custom-branded-ransomware-the-vice-society-group-and-the-threat-of-outsourced-development/ 美國路易斯安那州醫院受勒索軟體攻擊影響 27萬名病患 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10266 Trying to Steal Christmas (Again!) https://www.fortinet.com/blog/threat-research/trying-to-steal-christmas-again Microsoft research uncovers new Zerobot capabilities https://www.microsoft.com/en-us/security/blog/2022/12/21/microsoft-research-uncovers-new-zerobot-capabilities/ Threat Brief: OWASSRF Vulnerability Exploitation https://unit42.paloaltonetworks.com/threat-brief-owassrf/ Godfather: A banking Trojan that is impossible to refuse https://blog.group-ib.com/godfather-trojan Google ad traffic leads to stealer packages based on free software https://isc.sans.edu/diary/rss/29376 Dissecting a highly evasive malware targeting Italy https://blog.cluster25.duskrise.com/2022/12/22/an-infostealer-comes-to-town APT35 IOCs - SEC-1275-1 https://1275.ru/ioc/1226/apt35-iocs/ New RisePro Stealer distributed by the prominent PrivateLoader https://blog.sekoia.io/new-risepro-stealer-distributed-by-the-prominent-privateloader/ Google廣告遭到濫用，駭客藉此散布惡意軟體IcedID https://www.trendmicro.com/en_us/research/22/l/icedid-botnet-distributors-abuse-google-ppc-to-distribute-malware.html IcedID Botnet Distributors Abuse Google PPC to Distribute Malware https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/l/icedid-botnet-distributors-abuse-google-ppc-to-distribute-malware/IOCs-IcedID-Botnet-Actors-Abuse-Google-PPC-to-Distribute-Malware.txt Shc Linux Malware Installs Coin Miner https://asec.ahnlab.com/ko/44885/ Navigating the Vast Ocean of Sandbox Evasions https://unit42.paloaltonetworks.com/sandbox-evasion-memory-detection/ New YouTube Bot Malware Spotted Stealing User’s Sensitive Information https://blog.cyble.com/2022/12/23/new-youtube-bots-malware-spotted-stealing-users-sensitive-information/ Pure coder offers multiple malware for sale in Darkweb forums https://blog.cyble.com/2022/12/27/pure-coder-offers-multiple-malware-for-sale-in-darkweb-forums/ Vice Society Ransomware Attackers Adopt Robust Encryption Methods https://thehackernews.com/2022/12/vice-society-ransomware-attackers-adopt.html GuLoader Malware Utilizing New Techniques to Evade Security Software https://thehackernews.com/2022/12/guloader-malware-utilizing-new.html PrivateLoader PPI Service Found Distributing Info-Stealing RisePro Malware https://thehackernews.com/2022/12/privateloader-ppi-service-found.html APT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector https://thehackernews.com/2022/12/apt-hackers-turn-to-malicious-excel-add.html New Malvertising Campaign via Google Ads Targets Users Searching for Popular Software https://thehackernews.com/2022/12/new-malvertising-campaign-via-google.html 因應微軟圍堵VBA巨集，駭客濫用.NET開發框架製作惡意Excel範本檔案，並用於網釣攻擊 https://blog.talosintelligence.com/xlling-in-excel-malicious-add-ins/ 容器驗證系統Kyverno的弱點恐遭利用，駭客可藉此上傳惡意映像檔到K8s https://www.armosec.io/blog/cve-2022-47633-kyvernos-container-image-signature-verification/ 降低勒索病毒危害風險的八個實用措施 https://techops.digiwin.com/rw_8tips/ B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊研究人員揭露由動作感知器監控安卓手機的手法EarSpy http://arxiv.org/pdf/2212.12151.pdf WhatsApp用戶注意！這50款手機元旦起不支援程式，機型一次看 https://www.bnext.com.tw/article/73486/whatsapp-20221229 C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力開源軟體成駭客目標惡意攻擊今年暴增6倍 https://ec.ltn.com.tw/article/breakingnews/4169112 研究人員揭露鎖定印度政府的攻擊行動Steppy#Kavach，濫用JavaScript於受害電腦植入後門程式 https://www.securonix.com/blog/new-steppykavach-attack-campaign/ 上市櫃第一級公司設置資安長最後期限將至，台積電資訊安全長人選出爐 https://news.cnyes.com/news/id/5046907 網路攻擊武器化資安長要超前部署 https://view.ctee.com.tw/processing/47592.html 駭客攻擊印度醫療阻礙電子化發展 https://reurl.cc/ROo5dn 在戰爭爆發時守住醫院與電網！歐盟全新資安指令怎麼抵禦新形態戰爭 https://buzzorange.com/techorange/2022/12/30/eu-nis-2/ 美國將全面禁止公務裝置安裝抖音 https://www.ithome.com.tw/news/154929 烏克蘭總統談話從未斷線！他們如何打造世界最有效的資安防禦 https://buzzorange.com/techorange/2022/12/29/winter-cyber-risks/ 俄羅斯駭客企圖入侵北約國家的煉油廠 https://unit42.paloaltonetworks.com/trident-ursa/ 南韓指控北韓駭客攻擊近900名外交專家 https://www.scmp.com/news/asia/east-asia/article/3204528/north-korea-hacked-almost-900-south-korean-foreign-policy-experts-sought-ransom GitHub 程式碼儲存倉庫被駭後，Okta 程式碼被盜 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10257 美國電信業者Comcast Xfinity用戶遭到攻擊，駭客疑繞過雙因素驗證挾持帳號 https://www.bleepingcomputer.com/news/security/comcast-xfinity-accounts-hacked-in-widespread-2fa-bypass-attacks/ France Fines Microsoft €60 Million for Using Advertising Cookies Without User Consent https://thehackernews.com/2022/12/france-fines-microsoft-60-million-for.html BitKeep Confirms Cyber Attack, Loses Over $9 Million in Digital Currencies https://thehackernews.com/2022/12/bitkeep-confirms-cyber-attack-loses.html 101610-資安管理工程師 https://www.104.com.tw/job/7hpni?jobsource=job_same_b 資深網路資安工程師 https://tw.indeed.com/viewjob?jk=7f6c6fa36fae1b49 D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 FrodoPIR: New Privacy-Focused Database Querying System https://thehackernews.com/2022/12/frodopir-new-privacy-focused-database.html Researchers Warn of Kavach 2FA Phishing Attacks Targeting Indian Govt. Officials https://thehackernews.com/2022/12/researchers-warn-of-kavach-2fa-phishing.html LastPass Admits to Severe Data Breach, Encrypted Password Vaults Stolen https://thehackernews.com/2022/12/lastpass-admits-to-severe-data-breach.html Facebook to Pay $725 Million to settle Lawsuit Over Cambridge Analytica Data Leak https://thehackernews.com/2022/12/facebook-to-pay-725-million-to-settle.html 印度鐵路公司外洩大量資料，3千萬筆乘客個資流入暗網 https://economictimes.indiatimes.com/news/new-updates/indian-railway-data-leak-30-million-railway-customers-data-for-sale-on-the-dark-web/articleshow/96569440.cms 印度針對LastPass資料外洩事件可能衍生的網釣攻擊提出警告 https://www.financialexpress.com/life/technology-govt-of-india-issues-advisory-against-potential-phishing-attacks-in-wake-of-lastpass-data-breach-2930866/ 烏克蘭查獲詐欺客服中心，受害者達1.8萬人 https://www.bleepingcomputer.com/news/security/ukraine-shuts-down-fraudulent-call-center-claiming-18-000-victims/ 針對劍橋分析事件的集體訴訟，Meta打算拿出7.25億美元和解 https://www.ithome.com.tw/news/154878 假冒合作廠商、盜取YT帳號事故再度上演！國內創作者傳遭Session劫持導致MFA被繞過的攻擊 https://www.youtube.com/watch?v=pvNNMxouy8o eBay銷售的二手裝置包含美國軍方資料 https://www.ithome.com.tw/news/154916 逾4億筆推特用戶資料出現於駭客論壇 https://www.bleepingcomputer.com/news/security/hacker-claims-to-be-selling-twitter-data-of-400-million-users/ 抖音證實員工曾存取記者個資 https://www.ithome.com.tw/news/154879 資安危機！美國國會提案禁用抖音　澳籍中人指：對年輕人影響才是真木馬 https://www.ftvnews.com.tw/news/detail/2022C30W0194 美國辛辛那提州社區大學傳出資料外洩，恐曝露師生社會安全碼 https://www.cincinnati.com/story/news/2022/12/24/cincinnati-state-breach-exposed-social-security-numbers-other-info/69754533007/ 體育賽事賭博網站BetMGM證實資料外洩 https://www.bleepingcomputer.com/news/security/leading-sports-betting-firm-betmgm-discloses-data-breach/ 歐盟著手調查推特大規模資料外洩事故 https://www.bleepingcomputer.com/news/security/massive-twitter-data-leak-investigated-by-eu-privacy-watchdog/ 作惡不分年齡？《Roblox》爆存在年輕「黑社會」釣魚、駭客行騙同齡玩家 https://game.udn.com/game/story/122089/6872730 警分局小隊長勾結徵信社洩漏個資懲戒判決出爐 https://www.chinatimes.com/realtimenews/20221230001313-260402?chdtv 來自Maybank 選委會 Astro 傳近1300萬人個資外洩 https://reurl.cc/bGoQnl E.研究報告/工具回顧2022資安事件，2023資安趨勢與展望 https://readfi.news/11143/ 上雲了嗎？為2023年5大雲端安全威脅做好準備 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10256 研究人員揭露以智慧型手機加速度計擷取耳機振動竊聽電話的手法 https://reurl.cc/GXY8ov Excel XLL檔駭客初始入侵的最愛 https://www.technice.com.tw/cloudtech/infosecurity/32175/ 朝鮮駭客組織BlueNoroff冒充日本風投和銀行竊取數百萬美元加密貨幣 https://news.cnyes.com/news/id/5047790 BlueNoroff APT Hackers Using New Ways to Bypass Windows MotW Protection https://thehackernews.com/2022/12/bluenoroff-apt-hackers-using-new-ways.html BlueNoroff APT組織使用新方法繞過Windows MoTW保護 https://www.kaspersky.com/blog/bluenoroff-mark-of-the-web/46690/ BlueNoroff introduces new methods bypassing MoTW https://securelist.com/bluenoroff-methods-bypass-motw/108383/ 研究人員揭露軟修補Azure ACS一項重大漏洞的技術細節 https://securityaffairs.co/wordpress/139709/hacking/microsoft-revised-cve-2022-37958-rate.html 資安業者解析對資安防護產品帶來危害的Windows AMSI繞過技術 https://www.trendmicro.com/en_us/research/22/l/detecting-windows-amsi-bypass-techniques.html W4SP Stealer Discovered in Multiple PyPI Packages Under Various Names https://thehackernews.com/2022/12/w4sp-stealer-discovered-in-multiple.html Accelerate Your Incident Response https://thehackernews.com/2022/12/accelerate-your-incident-response.html 2022 Top Five Immediate Threats in Geopolitical Context https://thehackernews.com/2022/12/2022-top-five-immediate-threats-in.html Comparing Sysmon and EclecticIQ Endpoint Response — Event Filters https://eclecticiq.medium.com/comparing-sysmon-and-eclecticiq-endpoint-response-event-filters-6b862dddfe6a ChatGPT manipulation for hacking. Artificial Intelligence in cybersec. https://systemweakness.com/chatgpt-manipulation-for-hacking-artificial-intelligence-in-cybersec-146750808298 Advanced SQL techniques for beginners https://towardsdatascience.com/advanced-sql-techniques-for-beginners-211851a28488 Vulnerability Management at Lyft: Enforcing the Cascade - Part 1 https://eng.lyft.com/vulnerability-management-at-lyft-enforcing-the-cascade-part-1-234d1561b994 10 Little macOS Apps that Make a Big Difference in 2022 [Part 1] https://medium.com/@aplaceofmind/10-little-macos-apps-that-make-a-big-difference-in-2022-part-1-13c0361e695e How I found 40+ Directory Listing Vulnerabilities which contain Source Code Disclosure via Exposed WordPress Folders (/wp-admin) using Google Dorks https://0xkayala.medium.com/how-i-found-40-websites-source-code-disclosure-via-exposed-wordpress-folders-wp-admin-using-5273ff2ae53d F.商業 84%組織曾遭身分相關攻擊！SailPoint：機器身分佔比超出四成，將成資安前線 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10260 Acronis推出自動化工具組及單一平台整合多項功能 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10261 洛克威爾自動化與Fortinet合作，保障營運技術環境安全 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10263 促進隱私強化技術廣泛應用，Google將內部可模糊影像隱私物體Magritte專案開源 https://www.ithome.com.tw/news/154863 趨勢科技 ZDI 揭露漏洞並緩解危機 https://www.cdns.com.tw/articles/723505 趨勢科技 ZDI 計畫揭露並收購零時差漏洞，緩解不肖駭客攻擊危機 https://reurl.cc/85VE2M G.政府數位發展部2023年施政方針出爐，零信任網路架構與T-Road平臺成焦點 https://www.ithome.com.tw/news/154918 戶政系統遭駭5》抓到了！戶役政介接無活動紀錄內政部難獨力清查洩漏流程 https://www.peoplenews.tw/articles/ae75d79dba 【獨家】戶政系統遭駭4》駭客攻進總統府？賴清德顧立雄近三年家庭資料都被看光光？ https://www.peoplenews.tw/articles/5102674caf 【獨家】戶政系統遭駭2》政壇、企業大老戶籍曝光賴品妤籲跨部會調查（更新） https://www.peoplenews.tw/articles/4cb9fd7ed7 2300萬戶政資料外洩？內政部：並無遭駭客入侵檢調偵辦中 https://reurl.cc/Z1oKQg 戶政資料外洩案內政部：骨幹網路無遭駭 https://ctee.com.tw/realtimenews/cna/783011.html 時力立委邱顯智稱內政部已承認戶政資料外洩內政部澄清 https://news.ltn.com.tw/news/politics/breakingnews/4169436 個資外洩不給問不給查綠官綠委藏貓膩 https://udn.com/news/story/6656/6876881 健保快易通串聯你的健康APP數據　這四類應用程式皆可用 https://www.healthnews.com.tw/article/56331 數位發展部2023年施政方針，確保政府資安：力推零信任網路架構和T-Road平臺 https://www.ithome.com.tw/news/154918 數位產業署「R.I.S.E」加快落實數位轉型推動臺灣產業另一波成長 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=14&cat=60&id=0000653618_XLT7CI3M084OVN9JTT8S2 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安醫療IoT安全！Palo Alto Networks：75% 注射幫浦存在資安風險 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10255 TXOne Networks宣布成立OT戰略中樞，扮演亞太OT資安交流平台 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10259 Google智慧音箱弱點恐讓駭客能偷窺語音指令 https://downrightnifty.me/blog/2022/12/26/hacking-google-home.html Netgear針對路由器的預先身分驗證記憶體溢位漏洞發出公告，呼籲用戶儘速修補 https://kb.netgear.com/000065495/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2019-0208 打造安全IoT，SESIP標準崛起，Global Platform近期在臺推動 https://www.ithome.com.tw/news/154900 微軟研究：超過75%工業控制器存在未修補嚴重漏洞，成為駭客入侵新破口 https://www.techbang.com/posts/102512-microsoft-research-more-than-75-of-industrial-controllers 車用資安軟體Cybellum 攜手大眾電腦擴展亞太車用資安業務 https://www.thehubnews.net/archives/180075 依廠區流程建構OT網路安全性 https://www.netadmin.com.tw/netadmin/zh-tw/market/E41EAD8715A7407FB486B50BDD6FA0AF 協助 IoT 裝置抵禦以關鍵基礎設施為目標的攻擊 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10271 I.教育訓練 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 我國網路資安狂被駭監委申請自動調查 https://www.chinatimes.com/realtimenews/20220810003152-260407?chdtv 6.近期資安活動及研討會 Language exchange with VAMO 2023/1/1 https://www.meetup.com/language-exxhange-with-vamo/events/290522549/ TAIPEI INTERNET MONEY - Open to new members 2023/1/7 https://www.meetup.com/taipei-internet-money/events/290492310/ XR Meetup 2023/1/7 https://www.meetup.com/taiwanvirtualreality/events/290416808/ 美國 Fintech 新創 Infra / DevOps 工程師的一天 2023/1/7 https://www.meetup.com/pyladiestw/events/290403644/ 線上資安專題講座-微軟雲端資安趨勢解析及學習資源 2023/1/7 https://isipevent.kktix.cc/events/e58d0573-copy-10 Taipei.py 2023 1 月聚會 2023/1/12 https://www.meetup.com/taipei-py/events/290416829/ 一鍵完成設備部署、資安、合規的實作秘笈 | In Taipei Apple Office 2023/1/12 https://jamf.kktix.cc/events/onetouch2023-1 【高雄限定】一日駭客體驗營｜６小時了解資安滲透 2023/1/14 https://www.accupass.com/event/2211150721101457239234