資安事件新聞週報 2023/3/27 ~ 2023/3/31

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2023/3/27 ~ 2023/3/31 1.重大弱點漏洞/後門/Exploit/Zero Day 一網打盡18種雲端服務的不當設定或漏洞風險，攻擊工具AlienFox可大量搜刮這些系統當中的帳密資料 https://www.sentinelone.com/labs/dissecting-alienfox-the-cloud-spammers-swiss-army-knife/ Winter Vivern利用Zimbra漏洞竊取北約組織電子郵件 https://www.proofpoint.com/us/blog/threat-insight/exploitation-dish-best-served-cold-winter-vivern-uses-known-zimbra-vulnerability 為什麼CVE-2023-23397你必須關注？並且應盡速更新 https://www.informationsecurity.com.tw/article/article_detail_2021.aspx?aid=10386 Cisco 發布多個產品的安全公告 https://www.cisa.gov/news-events/alerts/2023/03/23/cisco-releases-security-advisories-multiple-products 微軟修補可回復原始圖片的臭蟲Acropalypse https://www.ithome.com.tw/news/156124 微軟Azure Service Fabric Explorer存在XSS漏洞，允許攻擊者遠端執行程式碼 https://www.ithome.com.tw/news/156231 Microsoft Warns of Stealthy Outlook Vulnerability Exploited by Russian Hackers https://thehackernews.com/2023/03/microsoft-warns-of-stealthy-outlook.html Microsoft Issues Patch for aCropalypse Privacy Flaw in Windows Screenshot Tools https://thehackernews.com/2023/03/microsoft-issues-patch-for-acropalypse.html Researchers Detail Severe "Super FabriXss" Vulnerability in Microsoft Azure SFX https://thehackernews.com/2023/03/researchers-detail-severe-super.html OpenAI修補可盜帳號、洩露個資的ChatGPT漏洞 https://www.ithome.com.tw/news/156205 OpenAI Reveals Redis Bug Behind ChatGPT User Data Exposure Incident https://thehackernews.com/2023/03/openai-reveals-redis-bug-behind-chatgpt.html 漏洞挖掘競賽Pwn2Own Vancouver 2023落幕，參賽者找出27個零時差漏洞、抱走百萬美元獎金 https://www.zerodayinitiative.com/blog/2023/3/24/pwn2own-vancouver-2023-day 身分驗證及管理系統Okta出現漏洞，恐曝露用戶帳號資料而被濫用 https://www.mitiga.io/blog/how-okta-passwords-can-be-compromised-uncovering-a-risk-to-user-data 企業儲存設備平均存在14個漏洞，而成為駭客覬覦的目標 https://www.continuitysoftware.com/pressreleases/state-of-storage-security-report/ IBM檔案共用系統Aspera Faspex漏洞出現攻擊行動 https://www.rapid7.com/blog/post/2023/03/28/etr-active-exploitation-of-ibm-aspera-faspex-cve-2022-47986/ 網站管理系統CloudPanel曝露共用證書漏洞 https://www.rapid7.com/blog/post/2023/03/21/cve-2023-0391-mgt-commerce-cloudpanel-shared-certificate-vulnerability-and-weak-installation-procedures/ 2.銀行/金融/保險/證券/金融監理新聞及資安櫃買業績發表 4月7日秀資安 https://reurl.cc/7RYVdN 金融業用ChatGPT 立委：有資安疑慮 https://reurl.cc/WDzO8y 金融業用ChatGPT涉資安疑慮？金管會：將廣泛性盤點 https://wantrich.chinatimes.com/news/20230329900645-420501 金融業導入ChatGPT涉資安疑慮台立委籲金管會盤點與修法 https://www.epochtimes.com/b5/23/3/29/n13961045.htm 澳洲金融機構Latitude Financial資料外洩，影響1,400萬客戶 https://www.latitudefinancial.com.au/about-us/media-releases/cybercrime-update-27-03-2023.html IcedID Malware Shifts Focus from Banking Fraud to Ransomware Delivery https://thehackernews.com/2023/03/icedid-malware-shifts-focus-from.html 駭客聲稱掌握證交所資料，金管會表示無外洩情事 https://www.cna.com.tw/news/afe/202303290069.aspx First Citizens Bank宣布全面收購矽谷銀行 https://www.ithome.com.tw/news/156182 Google雲端GCP服務應臺灣金融機構上雲需求，完成獨立第三方單位聯合查核 https://www.ithome.com.tw/news/156170 3.信用卡/電子支付/行動支付/pay/支付系統/資安 Critical WooCommerce Payments Plugin Flaw Patched for 500,000+ WordPress Sites https://thehackernews.com/2023/03/critical-woocommerce-payments-plugin.html 手機護資安！全台金融業半數都靠 HyperG的appGuard https://www.nownews.com/news/6094353 「先買後付」來了！蘋果Apple Pay Later還能貸款美國搶先試用 https://reurl.cc/gZNYOb 雷門多元支付串聯花蓮智慧交通整合服務新亮點 https://n.yam.com/Article/20230331579444 電子支付帳戶也遭詐騙集團冒用！一卡通投身金融防詐，Gogolook成為合作首選 https://www.storm.mg/article/4764218 金融機構危機處理要點擬納入電子支付、信用卡 https://reurl.cc/ykWAzD 防堵電子支付遭盜用　4/1起核驗原始手機碼 https://www.cardu.com.tw/news/detail.php?48456 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 Sftimo交易所：預防投資者上當受騙，從自身做起 https://reurl.cc/eXQkVK Chainlink將於4月28日至6月9日舉辦2023年春季駭客松 https://news.cnyes.com/news/id/5133118 BTC攻佔歐洲央行！投影「巨型比特幣LOGO」金融叛客現場開趴 https://www.blocktempo.com/ecb-building-projected-with-bitcoin-logo/ 確定了！「V 神」將亮相「ETHTaipei」暢談以太坊未來藍圖 https://blockcast.it/2023/03/31/get-ready-for-an-amazing-talk-by-vitalik-buterin-at-ethtaipei/ 美國CFTC控告幣安與趙長鵬 https://www.ithome.com.tw/news/156167 貨幣對決／電子支付人口已近8成　為什麼還需要CBDC https://finance.ettoday.net/news/2458881 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 微軟在OneNote封鎖120種可能被用於散布惡意程式的檔案格式 https://www.bleepingcomputer.com/news/security/microsoft-onenote-will-block-120-dangerous-file-extensions/ 美國電信網路服務業者Lumen證實遭到2次網路攻擊 https://www.cybersecuritydive.com/news/lumen-ransomware-attack/646135/ 中國駭客散布Linux惡意軟體Mélofée https://blog.exatrack.com/melofee/ Dark Power 新勒索軟體組織不到一個月內勒索10個目標 https://www.informationsecurity.com.tw/article/article_detail_2021.aspx?aid=10391 從勒索軟體到網路間諜行動：2022 年武器化的 55 個零日漏洞 https://www.informationsecurity.com.tw/article/article_detail_2021.aspx?aid=10381 LockBit 3.0 勒索軟體 https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-075a 一款新的 Andorid 殭屍木馬為你的銀行金融數據而生 https://www.kocpc.com.tw/archives/486330 中國駭客組織Mustang Panda利用以密碼保護的文件檔案來規避防毒軟體偵測 https://www.trendmicro.com/en_us/research/23/c/earth-preta-updated-stealthy-strategies.html 勒索軟體Dark Power一個月內攻陷10個組織 https://www.trellix.com/en-us/about/newsroom/stories/research/shining-light-on-dark-power.html 竊資軟體BlackGuard針對剪貼簿、瀏覽器擴充套件下手，盜取加密貨幣 https://cybersecurity.att.com/blogs/labs-research/blackguard-stealer-extends-its-capabilities-in-new-variant 殭屍網路病毒Emotet針對美國報稅季而來 https://www.bleepingcomputer.com/news/security/emotet-malware-distributed-as-fake-w-9-tax-forms-from-the-irs/ 中國核能產業遭駭客組織Bitter鎖定，散布惡意程式 https://www.intezer.com/blog/research/phishing-campaign-targets-nuclear-energy-industry/ 駭客以服務型式提供惡意程式Cinoshi多種攻擊模組 https://blog.cyble.com/2023/03/23/cinoshi-project-and-the-dark-side-of-free-maas/ 出現鎖定Mac用戶的竊資軟體，能從OS內建密碼管理系統盜走各式帳密 https://www.uptycs.com/blog/macstealer-command-and-control-c2-malware 惡意PyPI套件濫用Unicode異體字元進行混淆，目的是規避偵測 https://blog.phylum.io/malicious-actors-use-unicode-support-in-python-to-evade-detection 美國波多黎各水道管理局傳出遭勒索軟體Vice Society攻擊 https://therecord.media/fbi-investigating-cyberattack-on-puerto-rico 勒索軟體為近2年歐洲交通運輸業者的重大威脅 https://www.enisa.europa.eu/publications/enisa-transport-threat-landscape 博奕業者Crown Resorts證實因GoAnywhere遭駭而被勒索 https://www.bleepingcomputer.com/news/security/crown-resorts-confirms-ransom-demand-after-goanywhere-breach/ Google揭露間諜軟體供應商濫用熱門平臺零時差和既有漏洞 https://www.ithome.com.tw/news/156207 惡意軟體IcedID出現精簡版變種，被用於散布第二階段作案工具 https://www.proofpoint.com/us/blog/threat-insight/fork-ice-new-era-icedid Analysis of SideCopy Group's Recent Attacks Using Indian Ministry of Defense Documents as Lures https://reurl.cc/DmYqGE New loader on the bloc - AresLoader https://intel471.com/blog/new-loader-on-the-bloc-aresloader Nexus: a new Android botnet? https://www.cleafy.com/cleafy-labs/nexus-a-new-android-botnet Warning on KIMSUKY1 Cyber Actor's Recent Cyber Campaigns against Google's Browser and App Store Services https://reurl.cc/rLkEpr Shining Light on Dark Power: Yet Another Ransomware Gang https://www.trellix.com/en-us/about/newsroom/stories/research/shining-light-on-dark-power.html Earth Preta Updated Stealthy Strategies https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/c/earth-preta-updated-stealthy-strategies/iocs-earth-pretas-updated-stealthy-strategies.txt https://www.trendmicro.com/en_us/research/23/c/earth-preta-updated-stealthy-strategies.html Scarcruft Bolsters Arsenal for targeting individual Android devices https://medium.com/s2wblog/scarcruft-bolsters-arsenal-for-targeting-individual-android-devices-97d2bcef4ab Fork in the Ice: The New Era of IcedID https://www.proofpoint.com/us/blog/threat-insight/fork-ice-new-era-icedid Finding Gozi https://unit42.paloaltonetworks.com/march-wireshark-gozi-answers/ MacStealer: New macOS-based Stealer Malware Identified https://www.uptycs.com/blog/macstealer-command-and-control-c2-malware Heavy Shadows: Summary of Recent Attack Techniques Used by Donot Group https://ti.qianxin.com/blog/articles/Heavy-Shadows:-Summary-of-Recent-Attack-Techniques-Used-by-Donot-Group-EN/ Updates from the MaaS: new threats delivered through NullMixer https://medium.com/@lcam/updates-from-the-maas-new-threats-delivered-through-nullmixer-d45defc260d1 AsyncRAT Crusade: Detections and Defense https://www.splunk.com/en_us/blog/security/asyncrat-crusade-detections-and-defense.html New OpcJacker Malware Distributed via Fake VPN Malvertising https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/c/new-opcjacker-malware-distributed-via-fake-vpn-malvertising/ioc-new-opcJacker-malware-distributed-via-fake-vpn-malvertising.txt https://www.trendmicro.com/en_us/research/23/c/new-opcjacker-malware-distributed-via-fake-vpn-malvertising.html Makop: The Toolkit of a Criminal Gang https://medium.com/@lcam/makop-the-toolkit-of-a-criminal-gang-53cd44563c11 VoIP網路電話系統3CX的用戶端程式遭到滲透，原因是受到駭客的軟體供應鏈攻擊 https://www.bleepingcomputer.com/news/security/hackers-compromise-3cx-desktop-app-in-a-supply-chain-attack/ CrowdStrike Falcon Platform Detects and Prevents Active Intrusion Campaign Targeting 3CXDesktopApp Customers https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/ https://news.sophos.com/en-us/2023/03/29/3cx-dll-sideloading-attack/ https://objective-see.org/blog/blog_0x73.html https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/ https://www.huntress.com/blog/3cx-voip-software-compromise-supply-chain-threats https://www.3cx.com/blog/news/desktopapp-security-alert/ 3CX Desktop App Supply Chain Attack Leaves Millions at Risk - Urgent Update on the Way! https://thehackernews.com/2023/03/3cx-desktop-app-targeted-in-supply.html 3CX Supply Chain Attack — Here's What We Know So Far https://thehackernews.com/2023/03/3cx-supply-chain-attack-heres-what-we.html LimeRAT Malware Analysis: Extracting the Config https://any.run/cybersecurity-blog/limerat-malware-analysis/ DBatLoader Actively Distributing Malwares Targeting Europea https://www.zscaler.com/blogs/security-research/dbatloader-actively-distributing-malwares-targeting-european-businesses Exploitation is a Dish Best Served Cold: Winter Vivern Uses Known Zimbra Vulnerability to Target Webmail Portals of NATO-Aligned Governments in Europe https://www.proofpoint.com/us/blog/threat-insight/exploitation-dish-best-served-cold-winter-vivern-uses-known-zimbra-vulnerability Ducktail: Dissecting a complex infection chain started from social engineering https://otx.alienvault.com/pulse/64260878d21ef6bbcde86089 Dissecting AlienFox | The Cloud Spammer’s Swiss Army Knife https://assets.sentinelone.com/sentinellabs22/s1_-sentinellabs_dis#page=1s1_-sentinellabs_dis.pdf Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data https://thehackernews.com/2023/03/malicious-python-package-uses-unicode.html New MacStealer macOS Malware Steals iCloud Keychain Data and Passwords https://thehackernews.com/2023/03/new-macstealer-macos-malware-steals.html 惡意程式載入器DBatLoader在歐洲散布木馬程式與竊資軟體 https://www.zscaler.com/blogs/security-research/dbatloader-actively-distributing-malwares-targeting-european-businesses Stealthy DBatLoader Malware Loader Spreading Remcos RAT and Formbook in Europe https://thehackernews.com/2023/03/stealthy-dbatloader-malware-loader.html President Biden Signs Executive Order Restricting Use of Commercial Spyware https://thehackernews.com/2023/03/president-biden-signs-executive-order.html 俄羅斯及東歐遭到惡意Tor瀏覽器鎖定，散布剪貼簿挾持程式 https://securelist.com/copy-paste-heist-clipboard-injector-targeting-cryptowallets/109186/ Trojanized TOR Browser Installers Spreading Crypto-Stealing Clipper Malware https://thehackernews.com/2023/03/trojanized-tor-browser-installers.html AlienFox Malware Targets API Keys and Secrets from AWS, Google, and Microsoft Cloud Services https://thehackernews.com/2023/03/alienfox-malware-targets-api-keys-and.html Mélofée: Researchers Uncover New Linux Malware Linked to Chinese APT Groups https://thehackernews.com/2023/03/melofee-researchers-uncover-new-linux.html Chinese RedGolf Group Targeting Windows and Linux Systems with KEYPLUG Backdoor https://thehackernews.com/2023/03/chinese-redgolf-group-targeting-windows.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 Apple Issues Urgent Security Update for Older iOS and iPadOS Models https://thehackernews.com/2023/03/apple-issues-urgent-security-update-for.html Smart Mobility has a Blindspot When it Comes to API Security https://thehackernews.com/2023/03/smart-mobility-has-blindspot-when-it.html Spyware Vendors Caught Exploiting Zero-Day Vulnerabilities on Android and iOS Devices https://thehackernews.com/2023/03/spyware-vendors-caught-exploiting-zero.html 研究人員揭露新型態Wi-Fi攻擊手法，可攔截流量、繞過安全機制 https://papers.mathyvanhoef.com/usenix2023-wifi.pdf New Wi-Fi Protocol Security Flaw Affecting Linux, Android and iOS Devices https://thehackernews.com/2023/03/new-wi-fi-protocol-security-flaw.html 蘋果強化iOS/iPadOS安全性更新多套作業系統解決漏洞 https://netmag.tw/2023/03/31/apple-strengthens-ios-ipados-security-update-multiple-suite-of-operating-systems-to-resolve-vulnerabilities 蘋果針對舊版iOS作業系統修補WebKit零時差漏洞 https://www.bleepingcomputer.com/news/apple/apple-fixes-recently-disclosed-webkit-zero-day-on-older-iphones/ 安卓、iOS手機出現零時差漏洞，被駭客用於部署惡意程式 https://blog.google/threat-analysis-group/spyware-vendors-use-0-days-and-n-days-against-popular-platforms/ 美國證實5個iOS與安卓漏洞被用於攻擊行動，要求聯邦機構限期修補 https://www.bleepingcomputer.com/news/security/cisa-orders-agencies-to-patch-bugs-exploited-to-drop-spyware/ Nokia今年內讓4G網路上月球 https://www.ithome.com.tw/news/156184 C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力全球資安人才缺口達340萬，2022年遭入侵5次以上的企業增加53％ https://www.fortinet.com/content/dam/fortinet/assets/reports/2023-cybersecurity-skills-gap-report.pdf 企業採用的開放原始碼軟體，有近9成使用了超過4年沒更新的元件 https://www.synopsys.com/software-integrity/resources/analyst-reports/open-source-security-risk-analysis.html 網軍針對政府機關發動地毯式DNS攻擊 https://hisecure.hinet.net/secureinfo/popup.php?cert_id=HiNet-2023-0027 歐洲刑警組織警告網路罪犯濫用ChatGPT https://www.europol.europa.eu/media-press/newsroom/news/criminal-use-of-chatgpt-cautionary-tale-about-large-language-models 報告：中共政府支持的黑客組織非常活躍 https://www.epochtimes.com/b5/23/3/30/n13961910.htm 中國駭客的攻擊行動Operation Soft Cell鎖定中東電信業者而來 https://www.sentinelone.com/labs/operation-tainted-love-chinese-apts-target-telcos-in-new-attacks/ 北韓駭客APT43埋藏攻擊行蹤長達5年 https://www.mandiant.com/resources/blog/apt43-north-korea-cybercrime-espionage 北韓駭客團體APT43透過加密貨幣洗錢自給自足維持間諜行動 https://www.ithome.com.tw/news/156194 APT43: North Korean Group Uses Cybercrime to Fund Espionage Operations https://mandiant.widen.net/s/zvmfw5fnjs/apt43-report 澳洲大學網站接連遭到兩個駭客組織DDoS攻擊 https://blog.cloudflare.com/ddos-attacks-on-australian-universities/ 以邪治邪！英國設置冒牌DDoS攻擊租賃服務的網站來識別網路罪犯 https://www.nationalcrimeagency.gov.uk/news/nca-infiltrates-cyber-crime-market-with-disguised-ddos-sites U.K. National Crime Agency Sets Up Fake DDoS-For-Hire Sites to Catch Cybercriminals https://thehackernews.com/2023/03/uk-national-crime-agency-sets-up-fake.html Researchers Uncover Chinese Nation State Hackers' Deceptive Attack Strategies https://thehackernews.com/2023/03/researchers-uncover-chinese-nation.html 20-Year-Old BreachForums Founder Faces Up to 5 Years in Prison https://thehackernews.com/2023/03/20-year-old-breachforums-founder-faces.html North Korean APT43 Group Uses Cybercrime to Fund Espionage Operations https://thehackernews.com/2023/03/north-korean-apt43-group-uses.html Pakistan-Origin SideCopy Linked to New Cyberattack on India's Ministry of Defence https://thehackernews.com/2023/03/pakistan-origin-sidecopy-linked-to-new.html 資安服務助理工程師 https://www.104.com.tw/job/6pw58?jobsource=googlejobs D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 Phishing Campaign Targets Chinese Nuclear Energy Industry https://www.intezer.com/blog/research/phishing-campaign-targets-nuclear-energy-industry/ 駭客假冒企業SharePoint檔案共用通知郵件，對攻擊目標所屬的員工進行網路釣魚 https://www.kaspersky.com/blog/sharepoint-notification-scam/47593/ 大學教授遭到變臉不雅照勒索，疑中國駭客所為 https://udn.com/news/story/7320/7054755 https://news.ltn.com.tw/news/society/paper/1573945 https://www.cna.com.tw/news/ahel/202303240332.aspx 資安業者Black Lantern提供開源工具Badsecrets，可偵測網頁應用程式框架曝露的帳密資料 https://blog.blacklanternsecurity.com/p/introducing-badsecrets AI測試框架MLflow出現漏洞，恐導致資料外洩 https://protectai.com/blog/hacking-ai-system-takeover-exploit-in-mlflow 推特網站與內部工具的原始碼傳出被公布於GitHub儲存庫 https://www.ithome.com.tw/news/156159 適逢美國報稅季，殭屍網路病毒Emotet假借IRS寄出申報單名義進行網路釣魚攻擊 https://www.bleepingcomputer.com/news/security/emotet-malware-distributed-as-fake-w-9-tax-forms-from-the-irs/ Instagram詐騙傳出以提供時裝購物商城Shein禮物卡為誘餌 https://blog.avast.com/shein-instagram-scam 美國警告駭客假借採購名義進行商業郵件詐騙 https://www.ic3.gov/Media/Y2023/PSA230324 豐田汽車義大利分公司資安出包！市場行銷系統帳密竟在公開網路曝露逾一年半 https://cybernews.com/security/toyota-customer-data-leak/ 臺灣民眾網路詐騙抵抗力有待加強，透過錯誤資訊來確認資訊真偽的比例高達8成 https://usa.visa.com/content/dam/VCOM/regional/na/us/run-your-business/documents/visa-fraudulese-report.pdf ChatGPT資料外洩，起因是近期新加入使用的元件出現弱點 https://openai.com/blog/march-20-chatgpt-outage 兒童程式開發課程系統iD Tech傳出個資遭外洩 https://techcrunch.com/2023/03/23/id-tech-kids-tech-camp-data-breach/ 威秀影城傳出50萬筆客戶資料外洩 https://tw.nextapple.com/local/20230330/797513A5ED5E2F1F401C209A13DCC250 E.研究報告/工具 CIA資安鐵三角（CIA triad） https://blog.twnic.tw/2023/03/29/26302/ 如何輕鬆管理ISO27001文件和紀錄 https://www.attnerp.com.tw/post-2303301/ 研究人員揭露針對語音助理發動的無聲攻擊手法 https://www.bleepingcomputer.com/news/security/inaudible-ultrasound-attack-can-stealthily-control-your-phone-smart-speaker/ Where SSO Falls Short in Protecting SaaS https://thehackernews.com/2023/03/where-sso-falls-short-in-protecting-saas.html Breaking the Mold: Pen Testing Solutions That Challenge the Status Quo https://thehackernews.com/2023/03/breaking-mold-pen-testing-solutions.html How to Build a Research Lab for Reverse Engineering — 4 Ways https://thehackernews.com/2023/03/how-to-build-research-lab-for-reverse.html Cyberstorage: Leveraging the Multi-Cloud to Combat Data Exfiltration https://thehackernews.com/2023/03/cyberstorage-leveraging-multi-cloud-to.html Deep Dive Into 6 Key Steps to Accelerate Your Incident Response https://thehackernews.com/2023/03/deep-dive-into-6-key-steps-to.html F.商業 CyberArk強化員工密碼管理功能，支援採用 CAPTCHA驗證 https://www.informationsecurity.com.tw/article/article_detail_2021.aspx?aid=10383 思科啟動台灣數位加速計畫 2.0，資安、韌性是重點 https://www.informationsecurity.com.tw/article/article_detail_2021.aspx?aid=10380 果核數位子公司HyperG自研產品取得CC國際資安認證 https://www.informationsecurity.com.tw/article/article_detail_2021.aspx?aid=10390 GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations https://thehackernews.com/2023/03/github-swiftly-replaces-exposed-rsa-ssh.html 產官學聯防校園資安　世新大學攜手瑞擎數位、資策會資安所提升數位時代保護力 https://www.owlting.com/news/articles/317375 WIZON懷生數位宣布成立聚焦資安即服務模式 https://twnewshub.com/archives/44603 思科最新調查：僅16%台灣企業為資安威脅做好準備 https://www.winnews.com.tw/125305/ 微軟發布 Security Copilot，將 AI 的強大功能帶入資安防禦領域 https://news.microsoft.com/zh-tw/security-copilot/ 微軟針對企業資安需求打造以人工智慧驅動的Security Copilot服務 https://mashdigi.com/microsoft-creates-ai-driven-security-copilot-service-for-enterprise-information-security-needs/ 精誠攜美資安大廠一站式平台服務 https://wantrich.chinatimes.com/news/20230330900195-420501 德凱集團買下臺灣資安新創安華聯網 https://www.dekra.com.tw/tc/dekra-de-kai-ji-tuan-bing-gou-an-hua-lian-wang-gong-gu-ya-tai-shi-chang-qiang-hua-quan-fang-wei-zi-an-ye-wu/ 資安業者Rapid7買下Minerva，強化勒索軟體防護與回應 https://www.rapid7.com/about/press-releases/rapid7-acquires-minerva-labs/ 奧義智慧推出XCockpit自動化資安威脅管理平臺 https://ctee.com.tw/industrynews/automation/836474.html Google正式推出機密協同運算服務Confidential Space https://www.ithome.com.tw/news/156229 AutoCAD、Maya終於支援Apple Silicon晶片 https://www.ithome.com.tw/news/156226 Google Assistant部門傳改組，將以Bard為重點 https://www.ithome.com.tw/news/156221 Google相容於PostgreSQL的雲端資料庫AlloyDB，提供下載版本支援本地用例 https://www.ithome.com.tw/news/156218 傳微軟又將打造對抗ChromeOS的下一代Windows，且支援AI https://www.ithome.com.tw/news/156199 思科Webex加入多項人工智慧功能，改善線上會議協作體驗 https://www.ithome.com.tw/news/156196 Amazon Chime SDK通話分析新功能，可即時分析語音情感和搜尋說話者紀錄 https://www.ithome.com.tw/news/156176 橘子集團資安系統獲CC國際資安認證，布局東南亞拓展商機 https://reurl.cc/n7xY91 G.政府資安院研議AI技術檢測機制擬年底前出爐 https://admin.rti.org.tw/news/view/id/2163514 AI技術檢測標準與工具資安院擬年底前推出 https://ec.ltn.com.tw/article/breakingnews/4255480 打造資安一條龍服務！資安院長何全德：「台版AI框架」拚今年下半年啟動 https://tw.stock.yahoo.com/news/cyber-security-105101714.html 資安院：培育人才像養成棒球選手每年拚150高階戰力 https://reurl.cc/xle3NV 數位部有資安署又有資安院，兩者怎麼分 https://technews.tw/2023/03/29/moda-nics-2/ 數位發展部下設資通安全研究院個資事件查處列重點 https://news.pts.org.tw/article/629803 捷克國安局長同行訪台　加速雙邊軍事、資安聯防合作 https://www.upmedia.mg/news_info.php?Type=1&SerialNo=169250 2023年企業永續發展行動方案出爐！資本額不到20億元上市櫃公司未來也要編製永續報告書 https://www.ithome.com.tw/news/156181 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安美國CISA警告須注意Delta及Rockwell工業控制系統多個高危險漏洞 https://www.informationsecurity.com.tw/article/article_detail_2021.aspx?aid=10389 Microsoft Introduces GPT-4 AI-Powered Security Copilot Tool to Empower Defenders https://thehackernews.com/2023/03/microsoft-introduces-gpt-4-ai-powered.html 友通深耕智慧交通 https://money.udn.com/money/story/5710/7068176?from=edn_newestlist_cate_side 車用電子夯趨勢友通組隊衝 https://wantrich.chinatimes.com/news/20230331900053-420101 威聯通針對旗下NAS修補Linux元件權限提升漏洞 https://www.qnap.com/en/security-advisory/qsa-23-11 殭屍網路病毒ShellBot、MooBot大量散播有新管道，它們鎖定Realtek物聯網平臺與網管系統Cacti重大漏洞 https://www.fortinet.com/blog/threat-research/moobot-strikes-again-targeting-cacti-and-realtek-vulnerabilities Google BigQuery新機器學習推理引擎支援外部自定義模型 https://www.ithome.com.tw/news/156191 I.教育訓練 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 6.近期資安活動及研討會 Just a chat - with no Expectations 2023/4/1 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/292187542/ SyntaxError 2023/4/5 https://www.meetup.com/pythonhug/events/292275935/ HackingThursday 固定聚會@2023 -- 台北 Taipei 2023/4/6 https://www.meetup.com/hackingthursday/events/292299234/ 用 Keelung 構造零知識證明 FunTh#83 2023/4/6 https://www.meetup.com/functional-thursday/events/292296123/ OWASP Meetup 2023.Apr . 2023/4/7 https://csa.kktix.cc/events/owasp202304-copy-1 Application of Formal Methods to High-Security Requirements Software 2023/4/7 https://www.meetup.com/automotive-security-research-group-taipei-asrg-%E8%87%BA%E5%8C%97/events/292558745/ Bitcoin Meetup & Socratic Seminar With Jimmy Song, Andrew Chow and Nopara 2023/4/7 https://www.meetup.com/taiwan-bitdevs/events/292571920/ 跨境數位威權：全球數位威權趨勢對台灣的機遇和挑戰 2023/4/8 https://ocftw.kktix.cc/events/citizenseminar 《數位創新沙龍座談小聚》混合雲轉型：從 IT 到學術的旅程 2023/4/8 https://www.accupass.com/event/2303230824409325135880 超融合架構暨網路資安防護論壇 2023/4/12 https://www.accupass.com/event/2303200150055844623280 Airflow Taiwan User Meetup #3 2023/4/13 https://www.meetup.com/taipei-py/events/292026654/ Fortify 直擊漏洞，佈建合規資安研討會 2023/4/14 https://www.accupass.com/event/2303160227581447651717 網路資安鐘點戰防止威脅入侵的五大戰略 2023/4/12 ~ 5/17 https://www.accupass.com/event/2303250723538886915720 TWCC-CLI 基本操作 - 計算資源管理自動化 2023/4/14 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4034&from_course_list_url=course_index AI & XR Meetup 2023/4/15 https://www.meetup.com/taiwan-ai-xr-discovery-meetups/events/292574374/ WordPress - 桃園午茶小聚 #23 2023/4/15 https://www.meetup.com/taoyuan-wordpress-meetup/events/292467443/ iPAS-「初級」資訊安全工程師-能力研習衝刺班 2023/4/15、4/22 https://www.cisanet.org.tw/Course/Detail/3948 Taipei dbt Meetup #10 (in-person 👫 & online 👨‍💻)2023/4/16 https://www.meetup.com/taipei-dbt-meetup/events/291861526/ 資安五四三 2023/4/18 https://csa.kktix.cc/events/1f504d33 Hugging Face :Object Detection 2023/4/18 https://www.meetup.com/tensorflow-user-group-taipei/events/290714768/ 平行計算程式設計基礎課程 2023/4/18 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4032&from_course_list_url=course_index 無所不在的混合雲與ZTA交流研討會 2023/4/20 https://www.nehs.hc.edu.tw/?p=14035 資安韌性與金融科技創新 2023/4/21 https://www.accupass.com/event/2303281153102586247910 資安大師班 - 讓專家來為你解密資安實戰 2023/4/21 https://www.accupass.com/event/2303310934086693440470 「Meta 台灣 AR 黑客松」 2023/4/22 ~ 2023/4/23 https://www.arhackathon.tw/ EDB 15 資安新功能 TDE & SSL 保衛資料庫安全 2023/4/26 https://www.accupass.com/event/2303310808018123738370 RSA Conference 2023 2023/4/24 ~ 2023/4/27 https://www.rsaconference.com/usa 網站應用程式安全（資安專業課程訓練） 2023/4/28 https://moltke.nccu.edu.tw/Registration/registration.do?action=conferenceInfo&conferenceID=X21031 TWCC-CLI 進階操作- AI/ML 自動流程 2023/5/12 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4035&from_course_list_url=course_index 【實作體驗營】一日駭客x網路弱點滲透 2023/5/13 https://www.accupass.com/event/2303030820005796452650 iPAS中級資訊安全人員訓練班 2023/5/4 ~ 2023/6/1 https://edu.tcfst.org.tw/web/tw/class/show.asp?courseidori=12C013 (ISC)2 SECURITY CONGRESS LEAD WITH CONFINDENCE 2023/10/25 ~ 2023/10/27 https://www.isc2.org/Congress-2023