1.重大弱點漏洞/後門/Exploit/Zero Day
Juniper 產品 Junos OS 系列存在安全性弱點
https://www.cisa.gov/news-events/alerts/2023/06/22/juniper-networks-releases-security-advisory-junos-os-and-junos-os-evolved
VMware 發布 vCenter Server 和 Cloud Foundation 安全更新
https://www.cisa.gov/news-events/alerts/2023/06/23/vmware-releases-security-update-vcenter-server-and-cloud-foundation
研究人員揭露影響SAP多項產品的RFC重大漏洞
https://sec-consult.com/blog/detail/responsible-disclosure-of-an-exploit-chain-targeting-the-rfc-interface-implementation-in-sap-application-server-for-abap/
圖像化資料分析解決方案Grafana出現重大漏洞,若不修補可被用於挾持Azure AD帳號
https://grafana.com/blog/2023/06/22/grafana-security-release-for-cve-2023-3128/
微軟Teams出現漏洞,恐被攻擊者以外部帳號傳送惡意軟體
https://labs.jumpsec.com/advisory-idor-in-microsoft-teams-allows-for-external-tenants-to-introduce-malware/
Fortinet修補NAC系統的重大漏洞
https://www.fortiguard.com/psirt/FG-IR-23-096
GitHub儲存庫有可能遭到相依性套件挾持攻擊
https://blog.aquasec.com/github-dataset-research-reveals-millions-potentially-vulnerable-to-repojacking
備份軟體Arcserve UDP出現身分驗證繞過漏洞
https://www.mdsec.co.uk/2023/06/cve-2023-26258-remote-code-execution-in-arcserve-udp-backup/
網路系統協會修補DNS軟體套件BIND9的DoS漏洞
https://securityaffairs.com/147828/hacking/bind-dns-dos-flaws.html
美國聯邦機構數百臺設備的管理介面曝露於網際網路
https://censys.io/identifying-cisa-bod-23-02-internet-exposed-networked-management-interfaces-with-censys/
U.S. Cybersecurity Agency Adds 6 Flaws to Known Exploited Vulnerabilities Catalog
https://thehackernews.com/2023/06/us-cybersecurity-agency-adds-6-flaws-to.html
Google修補Chrome 114高風險漏洞
https://www.securityweek.com/chrome-114-update-patches-high-severity-vulnerabilities/
WordPress社群網站登入外掛出現重大漏洞,恐曝露使用者的帳號
https://www.wordfence.com/blog/2023/06/miniorange-addresses-authentication-bypass-vulnerability-in-wordpress-social-login-and-register-wordpress-plugin/
Critical Flaw Found in WordPress Plugin for WooCommerce Used by 30,000 Websites
https://thehackernews.com/2023/06/critical-flaw-found-in-wordpress-plugin.html
Critical Security Flaw in Social Login Plugin for WordPress Exposes Users' Accounts
https://thehackernews.com/2023/06/critical-security-flaw-in-social-login.html
Critical 'nOAuth' Flaw in Microsoft Azure AD Enabled Complete Account Takeover
https://thehackernews.com/2023/06/critical-noauth-flaw-in-microsoft-azure.html
Alert: Million of GitHub Repositories Likely Vulnerable to RepoJacking Attack
https://thehackernews.com/2023/06/alert-million-of-github-repositories.html
New Fortinet's FortiNAC Vulnerability Exposes Networks to Code Execution Attacks
https://thehackernews.com/2023/06/new-fortinets-fortinac-vulnerability.html
FLASH: Security Bulletin: IBM QRadar SIEM includes components with known vulnerabilities (2023.06.29)
https://www.ibm.com/support/pages/node/7006069?myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E
FLASH: Security Bulletin: Google OAuth Client Library for Java as used by IBM QRadar SIEM is vulnerable to verification bypass (CVE-2021-22573) (2023.06.29)
https://www.ibm.com/support/pages/node/7006525?myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E
FLASH: Security Bulletin: IBM QRadar SIEM is vulnerable to using broken or risky cryptographic algorithms (CVE-2023-26276) (2023.06.29)
https://www.ibm.com/support/pages/node/7006081?myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E
FLASH: Security Bulletin: RabbitMQ as used by IBM QRadar SIEM is vulnerable to potential man-in-the-middle attack (CVE-2018-11087) (2023.06.29)
https://www.ibm.com/support/pages/node/7006521?myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E
FLASH: Security Bulletin: IBM QRadar SIEM is vulnerable to Hazardous Input Validation (CVE-2023-26273) (2023.06.29)
https://www.ibm.com/support/pages/node/7006083?myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E
FLASH: Security Bulletin: IBM QRadar SIEM is vulnerable to information disclosure between tenants (CVE-2022-34352) (2023.06.29)
https://www.ibm.com/support/pages/node/7006057?myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E
FLASH: Security Bulletin: IBM QRadar SIEM is vulnerable to Cross Site Scripting (XSS) (CVE-2023-26274) (2023.06.29)
https://www.ibm.com/support/pages/node/7006085?myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E
FLASH: Security Bulletin: Protobuf as used by IBM QRadar SIEM is vulnerable to denial of service (CVE-2021-22569) (2023.06.29)
https://www.ibm.com/support/pages/node/7006523?myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E
NPM套件庫曝露於Manifest Confusion攻擊的風險當中
https://blog.vlt.sh/blog/the-massive-hole-in-the-npm-ecosystem
Gentoo Linux作業系統元件存在重大SQL注入漏洞,攻擊者可將其用於RCE攻擊
https://www.sonarsource.com/blog/why-orms-and-prepared-statements-cant-always-win/
Openfind Mail2000 - XSS (Reflected Cross-site scripting)
https://www.twcert.org.tw/tw/cp-132-7158-751a6-1.html
L7 Networks InstantScan & InstantQoS - Arbitrary File Upload
https://www.twcert.org.tw/tw/cp-132-7159-d1383-1.html
SUNNET CTMS培訓大師 - Path Traversal
https://www.twcert.org.tw/tw/cp-132-7033-878ab-1.html
2.銀行/金融/保險/證券/金融監理 新聞及資安
台美金融資安論壇 蔡英文:資安防護是一筆很大的資產
https://money.udn.com/money/story/5613/7265969?from=edn_newest_index
總統喊話金融業 提高資安成為最大資產
https://www.rti.org.tw/news/view/id/2172082
蔡英文:提升金融資安量能 要打團體戰
https://ctee.com.tw/livenews/aj/ctee/a83205002023062910182406
出席台美金融資安論壇 總統盼金融業夥伴與政府齊心協力 打造更強韌資安防護體系
https://ocacnews.net/article/343818
蔡英文:破壞金融核心資安設備 加重刑責可處7年徒刑
https://newtalk.tw/news/view/2023-06-29/877579
ChatGPT來搶金飯碗?金管會訂AI運用指引
https://www.cardu.com.tw/news/detail.php?49165
Anatsa Banking Trojan Targeting Users in US, UK, Germany, Austria, and Switzerland
https://thehackernews.com/2023/06/anatsa-banking-trojan-targeting-users.html
美國、歐洲銀行用戶遭安卓木馬Anatsa鎖定
https://www.threatfabric.com/blogs/anatsa-hits-uk-and-dach-with-new-campaign
Anatsa Android 木馬惡意軟體大規模竊取美英等國使用者銀行資訊
https://www.twcert.org.tw/tw/cp-104-7211-3944f-1.html
歐盟「數位歐元」立法開跑!是否會衝擊傳統金融服務
https://blockcast.it/2023/06/29/eu-digital-euro-legislation-starts-will-it-impact-traditional-financial-services/
想進入金融科技業!街口支付人資經理:這3大特質你有嗎
https://www.cw.com.tw/article/5126243
3.信用卡/電子支付/行動支付/pay/支付系統/資安
沒大陸帳戶也能用微信支付!7月起陸續支援綁定境外信用卡
https://reurl.cc/x7N0RL
中國境內行動支付 港媒:微信開放綁定境外信用卡
https://reurl.cc/p6ayG8
Google Wallet 將在巴西試行 QR Code 結帳,使沒有 NFC 的手機進行 Google Wallet 行動支付
https://www.cool3c.com/article/195542
通勤月票7月上路!15.7萬人搶先申請 第二階段導入行動支付
https://www.ettoday.net/news/20230629/2530040.htm
中國多所大專停用微信支付 騰訊道歉停收手續費
https://reurl.cc/AAM85e
萬事達卡攜手支付寶 遊中國大陸暢享行動支付
https://www.cardu.com.tw/message/detail.php?49177
無現金社會、行動支付不等於進步!揭開你我數位金融迷思
https://www.businessweekly.com.tw/magazine/Article_mag_page.aspx?id=7008142
電子支付成為焦點戰場:進擊的零售業者
https://vocus.cc/article/649ec863fd897800014d73bf
抱歉,我們只有街口支付喔
https://vocus.cc/article/649e4cddfd89780001bfca33
電子支付- 未來生活DNA
https://vip.udn.com/event/newmedia_digital_payment
數位帳戶、電子支付大成長
https://ctee.com.tw/news/finance/887273.html
前三大電支業者都還沒賺錢!這門生意為何這麼難做?專訪全盈支付總座劉美玲
https://www.managertoday.com.tw/articles/view/67008?utm_source=copyshare
ICOCA 正式支援 Apple Pay 交通卡,日本旅遊交通、電子支付新選擇!(教學)
https://www.kocpc.com.tw/archives/497784
匈牙利電子支付市場快速成長
https://www.trademag.org.tw/page/newsid1/?id=7884017&iz=6
4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安
Twitter Hacker Sentenced to 5 Years in Prison for $120,000 Crypto Scam
https://thehackernews.com/2023/06/twitter-hacker-sentenced-to-5-years-in.html
Japanese Cryptocurrency Exchange Falls Victim to JokerSpy macOS Backdoor Attack
https://thehackernews.com/2023/06/japanese-cryptocurrency-exchange-falls.html
日本加密貨幣交易所遭到macOS後門程式JokerSpy鎖定
https://thehackernews.com/2023/06/japanese-cryptocurrency-exchange-falls.html
Emerging Threat! Exposing JOKERSPY
https://www.elastic.co/security-labs/inital-research-of-jokerspy
駭客藉由提供超級瑪利歐遊戲的名義,利用受害電腦運算資源挖礦
https://blog.cyble.com/2023/06/23/trojanized-super-mario-game-installer-spreads-supremebot-malware/
Themis Protocol遭受預言機操縱攻擊,駭客獲利約37萬美元
https://news.cnyes.com/news/id/5230499
5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC
台積電傳出遭勒索軟體LockBit攻擊,該公司表示是供應商遭到攻擊,受害廠商擎昊科技也發表聲明承認遭駭
https://cybernews.com/news/tsmc-data-breach-lockbit/
https://technews.tw/2023/06/30/hackers-blackmail-tsmc/
https://money.udn.com/money/story/5612/7269764
美國國家安全局推出防禦UEFI惡意軟體BlackLotus的指南
https://media.defense.gov/2023/Jun/22/2003245723/-1/-1/0/CSI_BlackLotus_Mitigation_Guide.PDF
北韓駭客Stonefly透過Log4Shell漏洞散布木馬程式EarlyRAT
https://securelist.com/lazarus-andariel-mistakes-and-easyrat/110119/
VMware虛擬化平臺遭勒索軟體Akira鎖定
https://www.bleepingcomputer.com/news/security/linux-version-of-akira-ransomware-targets-vmware-esxi-servers/
https://blog.cyble.com/2023/06/28/akira-ransomware-extends-reach-to-linux-platform/
惡意軟體下載器PindOS被用於散布Bumblebee、IcedID
https://www.deepinstinct.com/blog/pindos-new-javascript-dropper-delivering-bumblebee-and-icedid
Powerful JavaScript Dropper PindOS Distributes Bumblebee and IcedID Malware
https://thehackernews.com/2023/06/powerful-javascript-dropper-pindos.html
駭侵者利用 OnlyFans 成人圖片散布資料竊取惡意軟體
https://www.twcert.org.tw/tw/cp-104-7205-b0a23-1.html
NSA Releases Guide to Combat Powerful BlackLotus Bootkit Targeting Windows Systems
https://thehackernews.com/2023/06/nsa-releases-guide-to-combat-powerful.html
MULTI#STORM Campaign Targets India and U.S. with Remote Access Trojans
https://thehackernews.com/2023/06/multistorm-campaign-targets-india-and.html
勒索軟體8Base威脅態勢升溫
https://www.bleepingcomputer.com/news/security/8base-ransomware-gang-escalates-double-extortion-attacks-in-june/
8Base Ransomware Spikes in Activity, Threatens U.S. and Brazilian Businesses
https://thehackernews.com/2023/06/8base-ransomware-spikes-in-activity.html
New Mockingjay Process Injection Technique Could Let Malware Evade Detection
https://thehackernews.com/2023/06/new-mockingjay-process-injection.html
竊資軟體ThirdEye鎖定俄語用戶而來
https://www.fortinet.com/blog/threat-research/new-fast-developing-thirdeye-infostealer-pries-open-system-information
Newly Uncovered ThirdEye Windows-Based Malware Steals Sensitive Data
https://thehackernews.com/2023/06/newly-uncovered-thirdeye-windows-based.html
Fluhorse: Flutter-Based Android Malware Targets Credit Cards and 2FA Codes
https://thehackernews.com/2023/06/fluhorse-flutter-based-android-malware.html
B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊
Zero-Day Alert: Apple Releases Patches for Actively Exploited Flaws in iOS, macOS, and Safari
https://thehackernews.com/2023/06/zero-day-alert-apple-releases-patches.html
蘋果修補Operation Triangulation攻擊行動遭到利用的零時差漏洞
https://www.ithome.com.tw/news/157482
CISA 要求美國政府單位立即修補可能造成間諜軟體攻擊的 iPhone 資安漏洞
https://www.twcert.org.tw/tw/cp-104-7209-74e9b-1.html
New Report Exposes Operation Triangulation's Spyware Implant Targeting iOS Devices
https://thehackernews.com/2023/06/new-report-exposes-operation.html
Android Spy App LetMeSpy Suffers Major Data Breach, Exposing Users' Personal Data
https://thehackernews.com/2023/06/android-spy-app-letmespy-suffers-major.html
WhatsApp Upgrades Proxy Feature Against Internet Shutdowns
https://thehackernews.com/2023/06/whatsapp-upgrades-proxy-feature-against.html
安卓間諜程式LetMyeSpy遭入侵,用戶資料外流
https://niebezpiecznik.pl/post/letmespy-android-wyciek-hacked/
https://techcrunch.com/2023/06/27/letmespy-hacked-spyware-thousands/
C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力
駭客透過惡意OpenSSH元件攻擊Linux設備
https://www.microsoft.com/en-us/security/blog/2023/06/22/iot-devices-and-linux-based-systems-targeted-by-openssh-trojan-campaign/
暴雪娛樂遭到DDoS攻擊,旗下多款遊戲的玩家面臨連線異常
https://www.ithome.com.tw/news/157491
光學鏡頭龍頭廠大立光工程師帶槍投靠先進光,纏訟11年判決出爐
https://www.mirrormedia.mg/story/20230626inv002/
美國證券交易委員會傳出打算對SolarWinds財務長、資安長提告,追究2020年軟體供應鏈攻擊事故的責任
https://www.bankinfosecurity.com/sec-alleges-solarwinds-cfo-ciso-violated-us-securities-laws-a-22367
自2022年戰爭開打以來,烏克蘭關鍵基礎設施遭到3千次網路攻擊
https://www.cip.gov.ua/en/news/vorozhi-khakeri-atakuyut-kritichnu-infrastrukturu-ukrayini-pracyuvati-nad-posilennyam-zakhistu-treba-postiino
俄羅斯駭客發起的DDoS攻擊行動一年內增加24倍
https://blog.sekoia.io/following-noname05716-ddosia-projects-targets/
美國、歐盟IT服務供應商遭到鎖定,駭客將其伺服器用於挖礦
https://unit42.paloaltonetworks.com/manic-menagerie-targets-web-hosting-and-it/
中國駭客組織利用Office漏洞,鎖定參與日本廣島G7高峰會的國家而來
https://www.bankinfosecurity.com/chinese-hackers-targeted-g7-summit-through-ms-office-flaw-a-22344
中國駭客組織Volt Typhoon鎖定關鍵基礎設施發動攻擊
https://www.crowdstrike.com/blog/falcon-complete-thwarts-vanguard-panda-tradecraft/
中國駭客APT15散布惡意軟體Graphican
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/flea-backdoor-microsoft-graph-apt15
俄羅斯駭客APT29發動大規模帳密盜竊攻擊
https://twitter.com/MsftSecIntel/status/1671579358031486991
From MuddyC3 to PhonyC2: Iran's MuddyWater Evolves with a New Cyber Weapon
https://thehackernews.com/2023/06/from-muddyc3-to-phonyc2-irans.html
Cybercriminals Hijacking Vulnerable SSH Servers in New Proxyjacking Campaign
https://thehackernews.com/2023/06/cybercriminals-hijacking-vulnerable-ssh.html
Critical SQL Injection Flaws Expose Gentoo Soko to Remote Code Execution
https://thehackernews.com/2023/06/critical-sql-injection-flaws-expose.html
加密通訊網路EncroChat被破解3年,逾6千名嫌犯遭到逮捕
https://www.europol.europa.eu/media-press/newsroom/news/dismantling-encrypted-criminal-encrochat-communications-leads-to-over-6-500-arrests-and-close-to-eur-900-million-seized
EncroChat Bust Leads to 6,558 Criminals' Arrests and €900 Million Seizure
https://thehackernews.com/2023/06/encrochat-bust-leads-to-6558-criminals.html
Microsoft Warns of Widescale Credential Stealing Attacks by Russian Hackers
https://thehackernews.com/2023/06/microsoft-warns-of-widescale-credential.html
駭客組織Muddled Libra鎖定業務流程外包業者下手
https://unit42.paloaltonetworks.com/muddled-libra/
Cybercrime Group 'Muddled Libra' Targets BPO Sector with Advanced Social Engineering
https://thehackernews.com/2023/06/cybercrime-group-muddled-libra-targets.html
Threat Group Assessment: Muddled Libra
https://unit42.paloaltonetworks.com/muddled-libra/
ScarCruft Hackers Exploit Ably Service for Stealthy Wiretapping Attacks
https://thehackernews.com/2023/06/scarcruft-hackers-exploit-ably-service.html
Chinese Hackers Using Never-Before-Seen Tactics for Critical Infrastructure Attacks
https://thehackernews.com/2023/06/chinese-hackers-using-never-before-seen.html
New Ongoing Campaign Targets npm Ecosystem with Unique Execution Chain
https://thehackernews.com/2023/06/new-ongoing-campaign-targets-npm.html
北韓駭客APT37散布竊資軟體FadeStealer進行攻擊
https://asec.ahnlab.com/en/54349/
North Korean Hacker Group Andariel Strikes with New EarlyRat Malware
https://thehackernews.com/2023/06/north-korean-hacker-group-andariel.html
Alert: New Electromagnetic Attacks on Drones Could Let Attackers Take Control
https://thehackernews.com/2023/06/alert-new-electromagnetic-attacks-on.html
CryptosLabs Scam Ring Targets French-Speaking Investors, Rakes in €480 Million
https://thehackernews.com/2023/06/cryptoslabs-scam-ring-targets-french.html
資安主管
https://www.104.com.tw/job/81epv?jobsource=jolist_a_relevance
網路資安效能分析師-台北
https://www.104.com.tw/job/7ug37?jobsource=apply_analyze
LH230055-資安工程師(台北總公司)
https://www.104.com.tw/job/81ctl?jobsource=m104
資訊員
https://2022job.taiwanjobs.gov.tw/Internet/jobwanted/JobDetail.aspx?R2=11&EMPLOYER_ID=97627&HIRE_ID=11979617
Security Engineer (資安工程師)
https://www.linkedin.com/jobs/view/security-engineer-%E8%B3%87%E5%AE%89%E5%B7%A5%E7%A8%8B%E5%B8%AB-at-logicalis-asia-3648662194/?originalSubdomain=tw
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全
74%的資料洩露始於人為疏失或社交工程攻擊
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10529
詐騙集團CryptosLabs鎖定法國、比利時、盧森堡,假借投資名義詐財
https://www.group-ib.com/blog/cryptoslabs-investment-scams/
Unveiling the Unseen: Identifying Data Exfiltration with Machine Learning
https://thehackernews.com/2023/06/unveiling-unseen-identifying-data.html
大樓保全利用職務之便蒐集40個社區的住戶個資,架設網站轉賣供房仲使用
https://www.ettoday.net/news/20230628/2529093.htm
https://udn.com/news/story/7321/7263332
https://www.setn.com/News.aspx?NewsID=1315460
日本數位身分證傳出資料外洩,首相下令進行緊急調查
https://www.theregister.com/2023/06/22/japan_my_number_security_review/
https://www.kantei.go.jp/jp/101_kishida/statement/2023/0621kaiken.html
https://www.japantimes.co.jp/news/2023/06/20/national/my-number-card-delivery-error/
https://www.asahi.com/ajw/articles/14906469
密碼管理服務LastPass雙因素驗證流程出錯,用戶遭到登出
https://www.bleepingcomputer.com/news/security/lastpass-users-furious-after-being-locked-out-due-to-mfa-resets/
美國航空、西南航空資料外洩,起因是遭遇供應鏈攻擊
https://www.bleepingcomputer.com/news/security/american-airlines-southwest-airlines-disclose-data-breaches-affecting-pilots/
物流業者UPS資料外洩,警告加拿大用戶釣魚簡訊攻擊
https://twitter.com/BrettCallow/status/1671532524705570818
紐約市近 45,000 名學生個資因 MOVEit 資安漏洞而遭外洩
https://www.twcert.org.tw/tw/cp-104-7213-12203-1.html
訂房注意! 國外飯店疑遭駭 「信用卡遺失」有詐
https://www.youtube.com/watch?v=UwDKeyBkkwI
採用零信任來防範資料遭駭客外傳
https://blog.trendmicro.com.tw/?p=77342
詐騙之島-反詐篇》刷臉提款、實名簡訊,其他國家的反詐高招,為什麼台灣學不來
https://new7.storm.mg/article/4804869
E.研究報告/工具
企業如何確保數位身分安全並將風險降至最低
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10530
如何實現 DevOps 自動化?雲端 DevOps 工具有哪些
https://www.hiyun.com.tw/news/blog/devops-automation
特權存取管理 (PAM) 解決方案之優點與不足
https://vocus.cc/article/64943821fd897800016e3eb8
研究人員揭露處理程序注入新手法Mockingjay,聲稱能繞過EDR偵測且行蹤更為隱密
https://www.securityjoes.com/post/process-mockingjay-echoing-rwx-in-userland-to-achieve-code-execution
民間國安智庫/強化國家關鍵基礎設施防護,加重刑罰就夠了嗎
https://www.twreporter.org/a/opinion-the-insufficiencies-of-new-rules-aiming-at-protecting-critical-infrastructure
Startup Security Tactics: Friction Surveys
https://thehackernews.com/2023/06/startup-security-tactics-friction.html
The Power of Browser Fingerprinting: Personalized UX, Fraud Detection, and Secure Logins
https://thehackernews.com/2023/06/the-power-of-browser-fingerprinting.html
Generative-AI apps & ChatGPT: Potential risks and mitigation strategies
https://thehackernews.com/2023/06/generative-ai-apps-chatgpt-potential.html
How Generative AI Can Dupe SaaS Authentication Protocols — And Effective Ways To Prevent Other Key AI Risks in SaaS
https://thehackernews.com/2023/06/how-generative-ai-can-dupe-saas.html
Beyond Asset Discovery: How Attack Surface Management Prioritizes Vulnerability Remediation
https://thehackernews.com/2023/06/beyond-asset-discovery-how-attack.html
Researchers Find Way to Recover Cryptographic Keys by Analyzing LED Flickers
https://thehackernews.com/2023/06/researchers-find-way-to-recover.html
The Right Way to Enhance CTI with AI (Hint: It's the Data)
https://thehackernews.com/2023/06/the-right-way-to-enhance-cti-with-ai.html
3 Reasons SaaS Security is the Imperative First Step to Ensuring Secure AI Usage
https://thehackernews.com/2023/06/3-reasons-saas-security-is-imperative.html
MITRE Unveils Top 25 Most Dangerous Software Weaknesses of 2023: Are You at Risk
https://thehackernews.com/2023/06/mitre-unveils-top-25-most-dangerous.html
Analysis: Aurora Stealer
https://www.esentire.com/blog/esentire-threat-intelligence-malware-analysis-aurora-stealer
Why Malware Crypting Services Deserve More Scrutiny
https://krebsonsecurity.com/2023/06/why-malware-crypting-services-deserve-more-scrutiny/
F.商業
趨勢科技推出結合XDR與AI功能的Trend Vision One平台
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10522
鼎恒數位科技打造效率、彈性、資安並重的人資上雲解方
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10525
1Password針對OpenID Connect身分驗證解決方案支援單一簽入
https://blog.1password.com/unlock-with-sso-oidc/
Proton推出密碼管理服務,整合電子郵件信箱別名功能
https://proton.me/blog/proton-pass-launch
Windows 11將納入Passkey產生與使用,可望帶動新一波無密碼身分驗證應用
https://blogs.windows.com/windows-insider/2023/06/22/announcing-windows-11-insider-preview-build-23486/
資安業者Fortinet揭露臺灣近7成企業導入零信任架構
https://www.fortinet.com/content/dam/fortinet/assets/reports/report-state-of-zero-trust.pdf
G.政府
歐洲議會訪團拜會數位部,針對資安、數位韌性進行交流
https://moda.gov.tw/press/press-releases/5539
為增進高階資安人才技術,資安院首度推出菁英培訓課程
https://www.facebook.com/te.nics.tw/posts/pfbid0VxwB8E9vKrApLtCmASifJN9sbGS7mphFHXc7TdGWQum7gzSnpkqCPMFL1ox2H9Fzl
工研院與以色列新創簽訂 MOU,攜手實證尖端資安晶片
https://technews.tw/2023/06/30/chain-reaction-mou/
蔡總統:資安即國安 須跨產業跨領域聯防
https://www.cna.com.tw/news/aipl/202306290056.aspx
孫曉雅:盼透過資安合作機制 與台灣打造更可信賴的供應鏈
https://www.setn.com/News.aspx?NewsID=1315883
數位部唐鳳部長於以色列網路安全週演說 分享應對複合式網攻與守護民主臺灣經驗
https://www.ocac.gov.tw/OCAC/Pages/Detail.aspx?nodeid=345&pid=54613930
產官學研能量沙崙匯聚 期助推南臺灣數位永續產業升級
https://www.tainan.gov.tw/News_Content.aspx?n=13370&s=8556998
台灣處境外網攻最前線 唐鳳:新創資安質量進展顯著
https://reurl.cc/nDm086
會晤華府智庫 柯文哲:台海若衝突將遭網攻
https://www.rti.org.tw/news/view/id/2172030
H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安
完全自駕!沒有方向盤也沒有油門,亞馬遜無人計程車 Zoox 賭城上路測試中
https://buzzorange.com/techorange/2023/06/29/amazons-self-driving-unit-zoox-expands-testing-vegas/
新Condi 惡意軟體綁架 TP-Link 路由器進行 DDoS 殭屍網路攻擊
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10524
華碩路由器韌體更新,曝光關鍵漏洞
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10521
西門子能源公司、施耐德電機傳出遭到MOVEit Transfer零時差漏洞攻擊
https://securityaffairs.com/147865/data-breach/schneider-electric-siemens-energy-moveit.html
https://www.bleepingcomputer.com/news/security/siemens-energy-confirms-data-breach-after-moveit-data-theft-attack/
New Cryptocurrency Mining Campaign Targets Linux Systems and IoT Devices
https://thehackernews.com/2023/06/new-cryptocurrency-mining-campaign.html
5 Things CISOs Need to Know About Securing OT Environments
https://thehackernews.com/2023/06/5-things-cisos-need-to-know-about.html
兆勤NAS重大漏洞傳出攻擊行動
https://www.cisa.gov/news-events/alerts/2023/06/23/cisa-adds-five-known-exploited-vulnerabilities-catalog
殭屍網路Mirai變種鎖定22個網路設備漏洞而來
https://unit42.paloaltonetworks.com/mirai-variant-targets-iot-exploits/
寵物餵食機竟也存資安漏洞!專家警告:駭客能入侵監控
https://3c.ltn.com.tw/news/53902
ASUS RT-AC86U - Buffer Overflow
https://www.twcert.org.tw/tw/cp-132-7147-afcf9-1.html
ASUS RT-AC86U - Command Injection
https://www.twcert.org.tw/tw/cp-132-7146-ef92a-1.html
固特斯 SGUDA U-Lock遠端八合一電子鎖 - Broken Access Control - 2
https://www.twcert.org.tw/tw/cp-132-7100-7a15c-1.html
固特斯 SGUDA U-Lock遠端八合一電子鎖 - Broken Access Control
https://www.twcert.org.tw/tw/cp-132-7099-e8897-1.html
I.教育訓練
iPAS資訊安全工程師中級筆記
https://hackmd.io/@Not/iPASInformationSecuritySpecialist
iPas資安工程師證照考前研習
https://reurl.cc/GEbA3p
Coursera 盤點 7 項雲端資安認證,高薪跳板都在這了!
https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/
全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口
https://reurl.cc/m39MDj
CISSP資安認證的8大領域
https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html
CISSP考試心得
https://reurl.cc/KbY83j
CISSP考試心得 – Benson
https://reurl.cc/GbWvxd
目標導向-20天光速考過CISSP
https://reurl.cc/2Zq6zn
CISSP證照考試實戰心得 第一章:初期準備工作
https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat
CISSP證照考試實戰心得 第二章:規律且有紀律的讀書策略
https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies
CISSP證照考試實戰心得 第三章:終極一戰
https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle
Quick CISSP Infographic for IPSec
https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec
CSSLP Certification - Security models in F#
https://github.com/vbocan/csslp
Certified Secure Software Lifecycle Professional in bullet points
https://github.com/joeyhage/csslp-notes
CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得
https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/
EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022
https://reurl.cc/1oyEM8
CEH v11 考試心得與準備方式
https://blog.sean.taipei/2022/01/ceh
CEH
https://github.com/a3cipher/CEH
CodeRed by EC-Council
https://github.com/codered-by-ec-council
ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials
https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4
EC-Council ECSA資安分析專家 v10 考試心得分享
https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html
20180817 EC-Council ECSA v10 PASS
https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html
關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享
https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d
深度解析 CPENT 考試心得、以及與 OSCP 的比較
https://reurl.cc/41eL8v
EC-Council CPENT v1 滲透測試認證 – 內容及心得分享
https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review
CPENT 從暴力到破解
https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295
Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master
https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f
CPENT考試心得分享:一次拿到 LPT 滲透測試大師認證
https://ucom.uuu.com.tw/web/Testimony/Article/4404
kaizensecurity/CPENT
https://github.com/kaizensecurity/CPENT/tree/master
CPENT : Pentesting like NO OTHERS !
https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/
Journey of My CPENT Exam
https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917
[備考心得]CompTIA Security+ (SY0–601) 上篇
https://reurl.cc/M053DK
[備考心得]CompTIA Security+ (SY0–601) 下篇
https://reurl.cc/M053Gv
comptia-security-plus
https://github.com/ajfuto/comptia-security-plus
security-plus
https://github.com/fjavierm/security-plus
CompTIA Security+ Certification Practice Test Questions
https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette
不只是工程師才要懂的 App 資訊安全:取得資安檢測合格證書血淚史(iT邦幫忙鐵人賽系列書)
https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html
OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享
https://hackmd.io/@henry-ko/HyQ56e8eF
ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年
https://reurl.cc/aVLoX9
Learn NIST Inside Out With 21 Hours of Training @ 86% OFF
https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html
駭客與國家: 網路攻擊與地緣政治新常態
The hacker and the state: cyber attacks and the new normal of geopolitic
https://reurl.cc/D3nKKj
Practical Network Penetration Tester (PNPT) Certification Review
https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df
WUSON常用的基本詞彙
https://choson.lifenet.com.tw/?p=1958
證照仍是學習資安基本功的主要管道,有專家打造「資安證照地圖」
https://www.ithome.com.tw/news/156754
用證照證明自己實力之餘,更應將證照視為督促學習的最大動力
https://www.ithome.com.tw/news/156756
打破證照誤解與迷思,資安專家帶你釐清資安證照的意義
https://www.ithome.com.tw/news/156755
Accelerate Your Career with the Global Leader in Cyber Security Training
https://www.sans.org/mlp/promo-partnership-hacker-news/
6.近期資安活動及研討會
Drupal Mentoring Taipei - Meet and Code 2023/7/1
https://www.meetup.com/drupal-mentoring-taipei/events/294204156/
Just a chat - with no Expectations 2023/7/1
https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/294117040/
𝑭𝑰𝑹𝑴𝑨𝑿𝑬 futures 加密貨幣交易大解密 $SUI, $DOGE, $BTC, $SHIB, $PEPE2023/7/1
https://www.meetup.com/livecryptotrade/events/294113841/
Coffee & Code 2023/7/2
https://www.meetup.com/innovate-taiwan/events/294404012/
SGS汽車供應鏈發展新趨勢 研討會 電動車產業關鍵佈局 迎向智慧 安全新未來 2023/7/4
https://www.accupass.com/event/2304250153518811535560
網路自由小聚 [7月] :數位人權國際會議 會後分享會 2023/7/4
https://ocftw.kktix.cc/events/internetfreedom-july
Hugging Face :Text2Text Generation 2023/7/4
https://www.meetup.com/tensorflow-user-group-taipei/events/293763113/
【台灣敏捷部落xAgile HR】金牌講師 人才發展品質管理TTQS 活動嘉賓:吉兒老師 2023/7/4
https://www.accupass.com/event/2306280449441358193621
2023-零信任存取 - APPLE資安研討會 2023/7/5
https://2023gettechnology.kktix.cc/events/48f91757
SyntaxError 2023/7/5
https://www.meetup.com/pythonhug/events/294202414/
HackingThursday 固定聚會@2023 -- 台北 Taipei 2023/7/6
https://www.meetup.com/hackingthursday/events/294225181/
Airflow Taiwan User Meetup #6 2023/7/6
https://www.meetup.com/taipei-py/events/294016507/
AI跨域與Python應用|線上直播.專題講座 2023/7/6
https://www.accupass.com/event/2306260654231623968623
WordPress - 桃園午茶小聚 #26 2023/7/8
https://www.meetup.com/taoyuan-wordpress-meetup/events/294449557/
Taichung.py 2023/07:純 Python 開發 WebApp - Pynecone(reflex) 2023/7/12
https://taichung-py.kktix.cc/events/meetup-202307-pynecone
台灣駭客年會 HITCON Training 2023 2023/7/12 ~ 2023/7/15
https://hitcon.kktix.cc/events/hitcon-training-2023
啟動未來 - 數位民主與公民參與 2023點子松論壇 - 七月場 2023/7/12
https://www.accupass.com/event/2306251336101876912835
權限如何把關 給企業的3W管理大法 2023/7/13
https://www.accupass.com/event/2306290839559233319470
【職場參訪體驗】中華電信股份有限公司 2023/7/13
https://www.accupass.com/event/2306121146237901126600
資安第一步:從終端設備開始完成零信任|犇亞會議中心 2023/7/13
https://jamf.kktix.cc/events/jamffintech
國際職場的科技女力 Session2新轉型 2023/7/14
https://www.meetup.com/women-who-code-taipei/events/294204966/
JMUG | 台灣初登場 2023/7/18
https://jamf.kktix.cc/events/cloudidpokta
Taipei LangChain Hacky Hour 2023/7/18
https://www.meetup.com/taipei_langchain/events/294403943/
Taiwan Multimedia Tech #9 2023/7/19
https://www.meetup.com/taiwan-multimedia-technology/events/293987313/
一鍵完成設備部署、資安、合規的實作秘笈-科技製造業專場|犇亞會議中心 2023/7/20
https://jamf.kktix.cc/events/appleinmanufacturing
【全景軟體x啄木科技】Zero Trust Solution 零信任解決方案 2023/7/20
https://www.accupass.com/event/2306130338409522122060
Taipei dbt Meetup #13 (in-person 👫 & online 👨💻)2023/7/26
https://www.meetup.com/taipei-dbt-meetup/events/294298229/
AI引爆電商革命 數據驅動變現力 2023/7/27
https://www.accupass.com/event/2305190535222139620296
大數據分析進階班 2023/7/27 ~ 2023/7/28
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=600
【舒虎教育】《區塊鏈初階課程》平日班 2023/7/27 ~ 2023/7/28
https://www.accupass.com/event/2305280843071623542481
緯育TibaMe「 第二屆IT人才求職趣」大型人才招募活動 2023/7/29
https://tibametibame.kktix.cc/events/goodjob729even
【舒虎教育】《區塊鏈初階課程》假日班 2023/7/29 ~ 2023/7/30
https://www.accupass.com/event/2305280843202058678448
COSCUP 2023 2023/07/29 ~ 2023/07/30
https://coscup.org/2023/zh-TW/landing
入門 AI 開源的生態系平台 Hugging Face 2023/7/31
https://www.meetup.com/rladies-taipei/events/294283382/
InfoSec Taiwan 2023 國際資安大會 2023/8/1 ~ 2023/8/3
https://csa.kktix.cc/events/infosectaiwan2023
大數據分析進階班 2023/8/10 ~ 2023/8/11
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=611
DEF CON 32 2023/8/10 ~ 2023/8/13
https://defcon.org/index.html
AIoT應用實作研習班 2023/8/16 ~ 2023/8/17
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=601
HITCON CMT 2023 2023/08/18 ~ 2023/08/19
https://hitcon.org/2023/CMT/
大數據分析進階班 (台中) 2023/8/21 ~ 2023/8/22
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=612
AIoT應用實作研習班 (台中) 2023/8/23 ~ 2023/8/24
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=604
5G+AIOT機器人智慧生活應用科學營 2023/8/23 ~ 2023/8/25
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=625
PyCon TW 2023 2023/9/2 ~ 2023/9/3
https://tw.pycon.org/2023/zh-hant/registration/tickets
Web應用滲透測試 2023/9/7 ~ 2023/9/8
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=631
Hou.Sec.Con 2023/10/12 ~ 2023/10/13
https://web.cvent.com/event/76d46ccb-fe00-4fe5-ba46-e4a77c807f21/summary
(ISC)2 SECURITY CONGRESS LEAD WITH CONFINDENCE 2023/10/25 ~ 2023/10/27
https://www.isc2.org/Congress-2023
Sign in with Wallet
Connect another wallet