1.重大弱點漏洞/後門/Exploit/Zero Day Citrix檔案協作雲服務ShareFile在6月被揭露RCE漏洞，7月底已出現攻擊行動 https://www.securityweek.com/exploitation-of-recent-citrix-sharefile-rce-vulnerability-begins/ https://www.greynoise.io/blog/introducing-cve-2023-24489-a-critical-citrix-sharefile-rce-vulnerability https://support.citrix.com/article/CTX559517/sharefile-storagezones-controller-security-update-for-cve202324489 https://blog.assetnote.io/2023/07/04/citrix-sharefile-rce/ 逾640臺存在重大漏洞的Citrix NetScaler伺服器被部署Web Shell「中國菜刀」 https://www.bleepingcomputer.com/news/security/over-640-citrix-servers-backdoored-with-web-shells-in-ongoing-attacks/ Hundreds of Citrix NetScaler ADC and Gateway Servers Hacked in Major Cyber Attack https://thehackernews.com/2023/08/hundreds-of-citrix-netscaler-adc-and.html Over 640 Citrix servers backdoored with web shells in ongoing attacks https://www.bleepingcomputer.com/news/security/over-640-citrix-servers-backdoored-with-web-shells-in-ongoing-attacks/ 近 40% Ubuntu 系統含有權限提升與任意程式碼執行漏洞 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10602 GameOver(lay): Two Severe Linux Vulnerabilities Impact 40% of Ubuntu Users https://thehackernews.com/2023/07/gameoverlay-two-severe-linux.html Ivanti再度修補行動裝置管理平臺的零時差漏洞，該漏洞也曾用於攻擊挪威政府 https://forums.ivanti.com/s/article/CVE-2023-35081-Arbitrary-File-Write?language=en_US Ivanti Warns of Another Endpoint Manager Mobile Vulnerability Under Active Attack https://thehackernews.com/2023/07/ivanti-warns-of-another-endpoint.html Multiple Flaws Found in Ninja Forms Plugin Leave 800,000 Sites Vulnerable https://thehackernews.com/2023/07/multiple-flaws-found-in-ninja-forms.html Norwegian Entities Targeted in Ongoing Attacks Exploiting Ivanti EPMM Vulnerability https://thehackernews.com/2023/08/norwegian-entities-targeted-in-ongoing.html Canon呼籲用戶送修、汰換印表機前，應手動移除Wi-Fi組態 https://www.ithome.com.tw/news/158066 研究人員揭露名為Collide+Power的處理器漏洞 https://www.securityweek.com/nearly-all-modern-cpus-leak-data-to-new-collidepower-side-channel-attack/ 2022年零時差漏洞超過4成來自已知漏洞修補不全，安卓生態圈長期面臨較高的攻擊風險情況加劇 https://security.googleblog.com/2023/07/the-ups-and-downs-of-0-days-year-in.html 電玩遊戲Minecraft伺服器遭到鎖定，駭客利用漏洞BleedingPipe來掌控系統 https://www.bleepingcomputer.com/news/security/hackers-exploit-bleedingpipe-rce-to-target-minecraft-servers-players/ mRemoteNG v1.77.3.1784-NB - Cleartext Storage of Sensitive Information in Memory https://www.exploit-db.com/exploits/51637 Major Cybersecurity Agencies Collaborate to Unveil 2022's Most Exploited Vulnerabilities https://thehackernews.com/2023/08/major-cybersecurity-agencies.html Google發布Chrome 115更新，修補排版引擎V8漏洞 https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-desktop.html Mozilla發布Firefox 116，修補高風險記憶體安全漏洞 https://www.securityweek.com/firefox-116-patches-high-severity-vulnerabilities/ 2.銀行/金融/保險/證券/金融監理 新聞及資安 公股銀線上信貸 最快30分鐘入帳 https://ctee.com.tw/news/finance/911294.html 惡意軟體SpyNote攻擊歐洲銀行客戶的安卓手機 https://www.cleafy.com/cleafy-labs/spynote-continues-to-attack-financial-institutions European Bank Customers Targeted in SpyNote Android Trojan Campaign https://thehackernews.com/2023/08/european-bank-customers-targeted-in.html 義大利組織遭惡意軟體WikiLoader鎖定，於受害電腦部署金融木馬及竊資軟體 https://www.proofpoint.com/us/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion Cybercriminals Renting WikiLoader to Target Italian Organizations with Banking Trojan https://thehackernews.com/2023/08/cybercriminals-renting-wikiloader-to.html 國泰金攜手刑事局 簽署資安聯防MOU https://www.moneydj.com/kmdj/news/newsviewer.aspx?a=aca121b4-3f97-47c6-b6e9-ee8e39d8d177 台灣半年詐騙金額逾19億　國泰金控聯手刑事局簽署資安聯防MOU護國民 https://www.mirrormedia.mg/story/20230801mkt003/ 資安挑戰不斷！期待台美聯防　金融金鐘罩 https://news.tvbs.com.tw/money/2195822 基富通證券股份有限公司違反證券管理法令處分案(金管證券罰字第1120137505號) https://reurl.cc/ZW5vol 金融上雲大鬆綁 放寬境內外雲端委外規定、簡化申請程序 https://news.cnyes.com/news/id/5275275 金融三業上雲大鬆綁來了！金管會正式公布相關修正辦法，兩周內上路 https://www.ithome.com.tw/news/158126 NPM開源軟體供應鏈攻擊針對銀行產業而來，攻擊者利用NPM套件、在LinkedIn設立假履歷引誘開啟惡意連結 https://checkmarx.com/blog/first-known-targeted-oss-supply-chain-attacks-against-the-banking-sector/ 3.信用卡/電子支付/行動支付/pay/支付系統/資安 eTag用戶逾714萬 遠通與調查局簽訂資安備忘錄 https://news.ltn.com.tw/news/society/breakingnews/4380109 電子支付開戶查核手機號碼 警示電支帳戶大降9成 https://wantrich.chinatimes.com/news/20230801901124-420501 不惜重構支付系統掌握技術力，全盈支付靠IT服務過百萬用戶 https://www.ithome.com.tw/people/157946 icash Pay創下業界3個第一！台灣電支百家爭鳴，icash Pay如何抓住使用者的心 https://www.bnext.com.tw/article/76053/icash 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 CertiK：自上周五以來記錄了26起事件，共造成約1.05億美元的損失 https://news.cnyes.com/news/id/5267782 CertiK：Rodeo攻擊者將371枚ETH轉入Tornado Cash https://news.cnyes.com/news/id/5268037 突發！Curve穩定池遭「駭客攻擊」損失2676萬鎂、CRV重挫20% https://www.blocktempo.com/curve-finance-attack-has-caused-26-million-in-losses/ 鏈習生幣圈新聞｜CRV 幣暴跌！Curve「這三池」遭駭客攻擊｜2023.07.31 加密貨幣新聞 https://news.cnyes.com/news/id/5268182 Curve 流動池連環爆！Vyper「重入鎖」故障導致超 4,000 萬美金遭駭 https://zombit.info/curve-finance-factory-pools-targeted-due-to-reentrancy-vulnerability/ Curve貢獻者Banteg：Curve上的CRV/ETH池在白帽駭客開始救援前幾分鐘被盜空 https://news.cnyes.com/news/id/5268093 MICA Daily | Curve Finance 遭到駭客攻擊協議漏洞，損失 4,700 萬美元 https://blockcast.it/2023/07/31/mica-daily-0731/ 市場預測》近半年多因素利好比特幣、從歷史上看 8 月波動將降低 https://www.blocktempo.com/analyst-predict-august-is-quiet-month-for-traditional-market-and-crypto-is-no-different/ 派盾：NFT借貸協議JPEG'd或遭駭客攻擊 https://news.cnyes.com/news/id/5268057 JPEG'd：JPEG'd合約未被駭客攻擊，NFT與財庫資金安全 https://news.cnyes.com/news/id/5268228 PeckShield：NFT借貸平台JPEG'd或遭駭客攻擊 https://news.cnyes.com/news/id/5268059 肯亞出手封鎖虹膜掃描加密貨幣Worldcoin https://www.ithome.com.tw/news/158085 Lazarus 駭侵團體疑與一起 6,000 萬美元加密貨幣竊案相關 https://www.twcert.org.tw/tw/cp-104-7282-53595-1.html 發行駭客任務、權力遊戲NFT也救不了！Nifty’s交易市場閃電倒閉 https://www.blocktempo.com/nft-platform-niftys-shuts-down/ CZ：昨日Binance內部地址遭遇「零轉賬釣魚攻擊」，已及時發現並無實際損失 https://news.cnyes.com/news/id/5272793 駭客利用 「零 U 投毒」技術攻擊幣安，2000 萬美元的 USDT面臨風險遭到凍結 https://www.coinledge.io/post/hackers-use-zero-u-poisoning-attack-on-binance-20-million-usdt-at-risk-of-freezing SignalPlus宏觀研報：DeFi遇風暴，Curve遭駭客攻擊面臨清算風險 https://news.cnyes.com/news/id/5273706 12 萬枚比特幣竊案：Bitfinex「鴛鴦大盜」承認共謀洗錢 https://blockcast.it/2023/08/04/crypto-couple-admits-to-massive-bitfinex-hack/ 一紐約男子承認自己是2016年Bitfinex駭客事件中的比特幣駭客 https://news.cnyes.com/news/id/5273908 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 報告：教育機構是勒索軟體攻擊顯著目標 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10595 殭屍網路AVRecon入侵路由器進行控制，將其用來提供非法的代理伺服器服務 https://krebsonsecurity.com/2023/07/who-and-what-is-behind-the-malware-proxy-service-socksescort/ 俄羅斯駭客APT29鎖定東歐外交單位，散布後門程式GraphicalProton https://www.recordedfuture.com/bluebravo-adapts-to-target-diplomatic-entities-with-graphicalproton-malware Windows搜尋功能遭到濫用，駭客用來部署RAT木馬程式 https://www.trellix.com/en-us/about/newsroom/stories/research/beyond-file-search-a-novel-method.html 資安廠商分析 2000 萬筆惡意軟體記錄，發現近 38 萬筆企業登入資訊遭竊 https://www.twcert.org.tw/tw/cp-104-7275-4fc21-1.html 瑞星捕获疑似国内黑客组织传播病毒证据 https://www.aqniu.com/vendor/98398.html 雲端服務寄生攻擊出現新手法，AWS EC2系統管理工具System Manager有機可乘，能被當作木馬程式利用 https://www.mitiga.io/blog/mitiga-security-advisory-abusing-the-ssm-agent-as-a-remote-access-trojan 惡意軟體IcedID翻新BackConnect模組，對受害電腦帶來更嚴重的威脅 https://www.team-cymru.com/post/inside-the-icedid-backconnect-protocol-part-2 勒索軟體Abyss Locker鎖定VMware ESXi伺服器而來 https://www.bleepingcomputer.com/news/security/linux-version-of-abyss-locker-ransomware-targets-vmware-esxi-servers/ 有人以Python重新改寫竊資軟體NodeStealer，並假借提供Excel及Google Sheets範本的名義散布 https://unit42.paloaltonetworks.com/nodestealer-2-targets-facebook-business/ New NodeStealer Variant Targeting Facebook Business Accounts and Crypto Wallets https://thehackernews.com/2023/08/new-nodestealer-targeting-facebook.html NodeStealer 2.0 – The Python Version: Stealing Facebook Business Accounts https://unit42.paloaltonetworks.com/nodestealer-2-targets-facebook-business/ Beyond File Search: A Novel Method for Exploiting the "search-ms" URI Protocol Handler https://www.trellix.com/en-us/about/newsroom/stories/research/beyond-file-search-a-novel-method.html Dark Web Profile: 8Base Ransomware https://socradar.io/dark-web-profile-8base-ransomware/ The resurgence of the Ursnif banking trojan https://darktrace.com/blog/the-resurgence-of-the-ursnif-banking-trojan Ransomware Delivery URLs: Top Campaigns and Trends https://unit42.paloaltonetworks.com/url-delivered-ransomware/ Ongoing STARK#MULE Attack Campaign Targeting Victims Using US Military Document Lures https://www.securonix.com/blog/detecting-ongoing-starkmule-attack-campaign-targeting-victims-using-us-military-document-lures/ 惡意軟體Submarine針對Barracuda郵件安全閘道而來 https://www.bleepingcomputer.com/news/security/cisa-new-submarine-malware-found-on-hacked-barracuda-esg-appliances/ MAR-10454006-r1.v2 SUBMARINE Backdoor https://www.cisa.gov/news-events/analysis-reports/ar23-209a Hackers Deploy "SUBMARINE" Backdoor in Barracuda Email Security Gateway Attacks https://thehackernews.com/2023/07/hackers-deploy-submarine-backdoor-in.html MAR-10454006-r2.v1 SEASPY Backdoor https://www.cisa.gov/news-events/analysis-reports/ar23-209b Out of the Sandbox: WikiLoader Digs Sophisticated Evasion https://www.proofpoint.com/us/blog/threat-insight/out-sandbox-wikiloader-digs-sophisticated-evasion MAR-10454006-r3.v1 Exploit Payload Backdoor https://www.cisa.gov/news-events/analysis-reports/ar23-209c Threat Brief: RCE Vulnerability CVE-2023-3519 on Customer-Managed Citrix Servers https://unit42.paloaltonetworks.com/threat-brief-citrix-cve-2023-3519/ Threat Actors Exploiting Ivanti EPMM Vulnerabilities https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-213a Report: Ransomware Command-and-Control Providers Unmasked https://www.halcyon.ai/blog/report-ransomware-command-and-control-providers-unmasked-by-halcyon-researchers Honeypot Recon: New Variant of SkidMap Targeting Redis https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/honeypot-recon-new-variant-of-skidmap-targeting-redis/ Hackers Abusing Windows Search Feature to Install Remote Access Trojans https://thehackernews.com/2023/07/hackers-abusing-windows-search-feature.html BlueBravo Deploys GraphicalProton Backdoor Against European Diplomatic Entities https://thehackernews.com/2023/07/bluebravo-deploys-graphicalproton.html New Malvertising Campaign Distributing Trojanized IT Tools via Google and Bing Search Ads https://thehackernews.com/2023/07/new-malvertising-campaign-distributing.html 安卓惡意軟體CherryBlos藉由OCR盜取圖片裡的加密貨幣錢包帳密資料 https://www.trendmicro.com/en_us/research/23/g/cherryblos-and-faketrade-android-malware-involved-in-scam-campai.html New Android Malware CherryBlos Utilizing OCR to Steal Sensitive Data https://thehackernews.com/2023/07/new-android-malware-cherryblos.html IcedID Malware Adapts and Expands Threat with Updated BackConnect Module https://thehackernews.com/2023/07/icedid-malware-adapts-and-expands.html AVRecon Botnet Leveraging Compromised Routers to Fuel Illegal Proxy Service https://thehackernews.com/2023/07/avrecon-botnet-leveraging-compromised.html Fruity Trojan Uses Deceptive Software Installers to Spread Remcos RAT https://thehackernews.com/2023/07/fruity-trojan-uses-deceptive-software.html 惡意軟體P2Pinfect濫用Redis複寫功能進行橫向感染 https://www.cadosecurity.com/redis-p2pinfect/ Novel Malware, Redis P2Pinfect https://www.cadosecurity.com/redis-p2pinfect/ New P2PInfect Worm Targets Redis Servers with Undocumented Breach Methods https://thehackernews.com/2023/07/new-p2pinfect-worm-targets-redis.html Researchers Uncover AWS SSM Agent Misuse as a Covert Remote Access Trojan https://thehackernews.com/2023/08/researchers-uncover-aws-ssm-agent.html From small LNK to large malicious BAT file with zero VT score https://isc.sans.edu/diary/rss/30094 Malicious npm Packages Found Exfiltrating Sensitive Data from Developers https://thehackernews.com/2023/08/malicious-npm-packages-found.html New Version of Rilide Data Theft Malware Adapts to Chrome Extension Manifest V3 https://thehackernews.com/2023/08/new-version-of-rilide-data-theft.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 南韓女性私生活遭手機監視 日記內容全被上傳！駭客囂張：「妳現在做的事我都能看見」 https://www.kpopn.com/2023/07/29/sbs-phonetapping-news 研究人員發現警用的加密無線電系統中，有個存在幾十年之久的後門而且「大家都知道」 https://www.techbang.com/posts/108286-researchers-have-discovered-a-decades-old-bug-in-the-police Google： Android 世界裡零日漏洞與N日漏洞同樣危險! https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10600 冒牌即時通訊軟體SafeChat鎖定安卓用戶而來，竊取Telegram、WhatsApp、Facebook Messenger資料 https://www.cyfirma.com/outofband/apt-bahamut-targets-individuals-with-android-malware-using-spear-messaging/ Google針對安卓裝置部署不明追蹤警告功能，防範用戶遭到未知藍牙裝置跟蹤 https://blog.google/products/android/unknown-tracker-alert-google-android/ 為保護使用者隱私，蘋果採取新的App Store管理政策，要求App開發商說明使用API追蹤用戶的理由 https://www.ithome.com.tw/news/158017 全新 macOS 惡意軟體 Realst 會竊取加密貨幣錢包內的數位資產 https://www.twcert.org.tw/tw/cp-104-7273-908d0-1.html 專門攻擊Mac！暗網間諜軟體HVNC，能竊走錢包私鑰、遠端控制電腦 https://www.blocktempo.com/dark-web-sells-malware-macos-hvnc/ 快刪！安卓「31款購物APP」暗藏詐騙軟體　錢恐全遭盜走 https://news.tvbs.com.tw/tech/2193938 Apple Sets New Rules for Developers to Prevent Fingerprinting and Data Misuse https://thehackernews.com/2023/07/apple-sets-new-rules-for-developers-to.html Top Industries Significantly Impacted by Illicit Telegram Networks https://thehackernews.com/2023/08/top-industries-significantly-impacted.html Malicious Apps Use Sneaky Versioning Technique to Bypass Google Play Store Scanners https://thehackernews.com/2023/08/malicious-apps-use-sneaky-versioning.html 小心 Android App 長大了走歪路！Google 發現多起惡意程式濫用版本更新偷渡入侵用戶手機 https://netmag.tw/2023/08/04/malware-uses-version-control-to-circumvent-google-play-check-mechanism C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 請注意 電話系統被駭 平常請把遠端維護的網路線拔掉 https://vocus.cc/article/64c72a8cfd897800019625ff Sophos 發現 CryptoRom 騙徒使用類似 ChatGPT 的 AI 聊天工具還有對加密貨幣帳戶的假駭客攻擊 https://n.yam.com/Article/20230804343097 NIST 的工作模式使其成為網路威脅的參與者 https://blog.twnic.tw/2023/07/31/27539/ 駭客假借免費提供滲透測試設備Filpper Zero發動攻擊 https://www.bleepingcomputer.com/news/security/fake-flipperzero-sites-promise-free-devices-after-completing-offer/ 劇團女演員從「程式小白」化身資安工程師　薪水翻倍！轉職撇步大公開 https://tw.nextapple.com/life/20230802/90EEB8D42785FDE4EEFCED2ED64C4004 微軟更新風險因素 若AI晶片不足恐致雲端服務中斷 https://news.cnyes.com/news/id/5267807 主機代管業者Cloudzy被資安廠商指控包庇駭客組織，為其提供C2代管服務 https://www.ithome.com.tw/news/158068 大樹醫藥證實遭到網路攻擊，以簡訊提醒消費者慎防詐騙 https://udn.com/news/story/7241/7332429 駭客攻擊再翻新：企業不可不知的資安攻擊手法 https://udn.com/news/story/6871/7336771 駭客猖獗《決勝時刻6：現代戰爭2》多人遊戲暫時關閉 https://gamemad.com/news/67129 FBI警告：使用AI發動網路攻擊的駭客數量，正在以驚人的速度增加 https://news.knowing.asia/news/9d317caf-5741-4695-b4ef-d2ec3fb75182 Fact Check 機構警告 AI 對選舉影響　印度及美國大選將可見生成式 AI 肆虐 https://unwire.hk/2023/07/29/generative-ai-could-undermine-upcoming-elections-in-us-and-india-startup-warns/fun-tech/ 紐時：美關鍵基礎設施遭植入惡意軟體 以利中國侵台 https://reurl.cc/QXkVno 紐時：美國系統遭植入中國惡意軟體 成定時炸彈 https://reurl.cc/kXj8NG 美認定基礎設施遭中國植入惡意軟體 恐衝擊台海軍事行動 https://news.ltn.com.tw/news/world/breakingnews/4380180 拜登政府搜尋中國惡意代碼，稱其可幹擾美國軍事行動 https://cn.nytimes.com/usa/20230731/china-malware-us-military-bases-taiwan/zh-hant/ 美國傳出找尋埋藏於軍事系統中國惡意軟體 https://www.nytimes.com/2023/07/29/us/politics/china-malware-us-military-bases-taiwan.html 美國拜登政府禁止聯邦機構使用商業間諜軟體 https://blog.twnic.tw/2023/08/01/27693/ 以色列最大煉油廠BAZAN疑遭入侵，網站及SCADA系統受害 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10603 以色列大型煉油廠Bazan網站遭到DDoS攻擊 https://www.bleepingcomputer.com/news/security/israels-largest-oil-refinery-website-offline-after-ddos-attack/ 攻擊行動Stark#Mule鎖定韓國而來，假借提供美軍募兵資料散布惡意軟體 https://www.securonix.com/blog/detecting-ongoing-starkmule-attack-campaign-targeting-victims-using-us-military-document-lures/ STARK#MULE Targets Koreans with U.S. Military-themed Document Lures https://thehackernews.com/2023/07/starkmule-targets-koreans-with-us.html 中国国家网信办就《移动互联网未成年人模式建设指南（征求意见稿）》公开征求意见 https://www.aqniu.com/industry/98396.html 中国武汉地震监测中心遭黑客攻击，周鸿祎称360已开展取证工作 https://www.4hou.com/posts/MKBG 學者示警了！中共對台青年統戰有「中長期目標」　建議助認清中國真面目 https://www.mirrormedia.mg/story/20230802edi048/ 國際組織揭：北京收買媒體滲透太平洋島國 https://www.soundofhope.org/post/743888?lang=b5 涉為中國竊取軍事機密 美逮捕2名海軍士兵 https://www.cna.com.tw/news/aopl/202308040011.aspx Researchers Expose Space Pirates' Cyber Campaign Across Russia and Serbia https://thehackernews.com/2023/08/researchers-expose-space-pirate-cyber.html 中國駭客APT31鎖定東歐工控環境與關鍵基礎設施，企圖從被隔離的網路環境竊取機密 https://usa.kaspersky.com/about/press-releases/2023_kaspersky-uncovers-malware-for-targeted-data-exfiltration-from-air-gapped-environments 惡意軟體鎖定東歐工控環境與關鍵基礎設施，企圖從隔離網路竊取機密 https://usa.kaspersky.com/about/press-releases/2023_kaspersky-uncovers-malware-for-targeted-data-exfiltration-from-air-gapped-environments China's APT31 Suspected in Attacks on Air-Gapped Systems in Eastern Europe https://thehackernews.com/2023/08/chinas-apt31-suspected-in-attacks-on.html 北韓版駭客帝國? 閱兵竟出現這「黑衣人」方陣 曾出過超級美女間諜 https://newtalk.tw/news/view/2023-08-04/882728 中國學術機構遭駭客組織Patchwork鎖定，植入後門程式EyeShell https://medium.com/@knownsec404team/patchworks-new-assault-weapons-report-eyeshell-weapons-disclosure-181833f434be Patchwork Hackers Target Chinese Research Organizations Using EyeShell Backdoor https://thehackernews.com/2023/07/patchwork-hackers-target-chinese.html Iranian Company Cloudzy Accused of Aiding Cybercriminals and Nation-State Hackers https://thehackernews.com/2023/08/iranian-company-cloudzy-accused-of.html Microsoft Flags Growing Cybersecurity Concerns for Major Sporting Events https://thehackernews.com/2023/08/microsoft-flags-growing-cybersecurity.html "Mysterious Team Bangladesh" Targeting India with DDoS Attacks and Data Breaches https://thehackernews.com/2023/08/mysterious-team-bangladesh-targeting.html Russian Cyber Adversary BlueCharlie Alters Infrastructure in Response to Disclosures https://thehackernews.com/2023/08/russian-cyber-adversary-bluecharlie.html 資安檢測長期兼職/實習生(台南) https://www.104.com.tw/job/808ct?jobsource=salary_job C.顧問類-(資訊安全流程顧問) https://www.linkedin.com/jobs/view/c-%E9%A1%A7%E5%95%8F%E9%A1%9E-%E8%B3%87%E8%A8%8A%E5%AE%89%E5%85%A8%E6%B5%81%E7%A8%8B%E9%A1%A7%E5%95%8F-at-%E7%BE%85%E5%85%B5%E5%92%B8%E6%B0%B8%E9%81%93-3677044826/?originalSubdomain=tw 雲端資安業務人員-台北 https://www.104.com.tw/job/82juy?jobsource=googlejobs 資安工程師-ACSI https://www.linkedin.com/jobs/view/3679519448/ 區塊鏈資安工程師 https://www.104.com.tw/job/82h86?jobsource=googlejobs 核心技術處-資深資安研發工程師 https://www.104.com.tw/job/81vr8?jobsource=jblist_default 資安工程師 https://www.104.com.tw/job/825fj?jobsource=googlejobs 資安威脅獵捕分析師 https://www.104.com.tw/job/82lge?jobsource=googlejobs D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 俄羅斯駭客利用Microsoft Teams展開網釣攻擊 https://www.ithome.com.tw/news/158086 美國服飾零售業者Hot Topic遭遇網路攻擊，用戶資料可能外洩 https://www.bleepingcomputer.com/news/security/retail-chain-hot-topic-discloses-wave-of-credential-stuffing-attacks/ 美國、澳洲警告網頁應用系統的竊密漏洞IDOR恐遭大量利用 https://www.ithome.com.tw/news/158015 https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-208a https://therecord.media/cisa-australia-warn-of-idor-vulnerabilities https://labs.jumpsec.com/advisory-idor-in-microsoft-teams-allows-for-external-tenants-to-introduce-malware/ Cybersecurity Agencies Warn Against IDOR Bugs Exploited for Data Breaches https://thehackernews.com/2023/07/cybersecurity-agencies-warn-against.html A Data Exfiltration Attack Scenario: The Porsche Experience https://thehackernews.com/2023/07/a-data-exfiltration-attack-scenario.html Phishers Exploit Salesforce's Email Services Zero-Day in Targeted Facebook Campaign https://thehackernews.com/2023/08/phishers-exploit-salesforces-email.html 網傳「手機剩一格電輻射是平時的1000倍；用右耳接電話會傷大腦」 https://tfc-taiwan.org.tw/articles/9410 賣家也中招！買主扮客服要求「掃條碼」升級資安　唬被害人「下單失敗」詐5萬 https://ctinews.com/news/items/57nGYz3Vak 趨勢科技：OAuth釣魚攻擊騙取帳號近日增多 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10609 Microsoft Exposes Russian Hackers' Sneaky Phishing Tactics via Microsoft Teams Chats https://thehackernews.com/2023/08/microsoft-exposes-russian-hackers.html Phishers Exploit Salesforce's Email Services Zero-Day in Targeted Facebook Campaign https://thehackernews.com/2023/08/phishers-exploit-salesforces-email.html Salesforce零時差漏洞被用於臉書網釣攻擊 https://labs.guard.io/phishforce-vulnerability-uncovered-in-salesforces-email-services-exploited-for-phishing-32024ad4b5fa Google行動裝置網頁框架AMP遭濫用，駭客用於繞過資安防護發送釣魚信 https://cofense.com/blog/google-amp-the-newest-of-evasive-phishing-tactic/ E.研究報告/工具 讓駭客再也竊聽不到的資安新技術！專訪國立成功大學物理學系陳泳帆教授談「量子加密通訊」 https://scitechvista.nat.gov.tw/Article/C000003/detail?ID=b25e7d02-d387-47b8-b9c2-f0b4197dda8c Akamai：API風險不斷增加，不到半數開發人員採用安全測試工具 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10601 AI 產圖掀起圖片攻擊高峰，MIT 開發能干擾惡意 AI 的技術 PhotoGuard https://technews.tw/2023/07/31/mits-photoguard-protects-your-images-from-malicious-ai-edits/ Major Security Flaw Discovered in Metabase BI Software – Urgent Update Required https://thehackernews.com/2023/07/major-security-flaw-discovered-in.html RFP Template for Browser Security https://thehackernews.com/2023/07/rfp-template-for-browser-security.html What is Data Security Posture Management (DSPM) https://thehackernews.com/2023/08/what-is-data-security-posture.html Wide-area Packet Capture with PacketStreamer https://pentestmag.com/wide-area-packet-capture-with-packetstreamer/ How Pen-testing Can Help Prevent Insider Threats https://pentestmag.com/how-pen-testing-can-help-prevent-insider-threats/ 简析社会工程攻击的5种常见类型和防护 https://www.aqniu.com/vendor/98393.html 俄罗斯 APT29 演变进程之新的攻击和技术被发现 https://paper.seebug.org/2097/ 後量子時代的區塊鏈資安（上）：量子攻擊將發生？密碼學面臨的困境 https://www.blocktempo.com/blockchain-information-security-in-the-post-quantum-era/ Researchers Discover Bypass for Recently Patched Critical Ivanti EPMM Vulnerability https://thehackernews.com/2023/08/researchers-discover-bypass-for.html F.商業 憑「台積電」一句話！叡揚毅然投身資服 董座親揭秘辛 https://money.udn.com/money/story/5612/7333834?list_ch2_indexgold 蓋亞資訊攜手一零四資訊展現Chronicle效能，瞄準自動化資安之路前行 https://www.bnext.com.tw/article/75679/gaia 中飛科技代理 BeyondTrust邁進特權帳號管理市場 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10596 臺灣資安新創池安量子資安成立亞洲首座量子安全遷移中心 https://money.udn.com/money/story/5612/7340009 數聯資安「零信任」架構 獲政府雙認證 https://www.idn.com.tw/news/news_content.aspx?catid=3&catsid=1&catdid=0&artid=20230802zz0958003 數聯資安「零信任」架構獲政府雙認證 助產業快速導入國家級資安防護將風險 https://reurl.cc/8jZ8Vj 中華資安國際一站式服務 助企業落實 IEC 62443 https://news.owlting.com/articles/424393 受惠金融客戶資安需求增 普鴻資訊上半年營收、獲利報喜 https://www.chinatimes.com/realtimenews/20230803003990-260410?chdtv G.政府 資策會揭軟體委外開發管理關鍵，幫助委外承辦人即時掌控開發進度與資安問題 https://www.ithome.com.tw/news/158069 為強化零售業對於個人資料的保護，經濟部發布綜合商品零售業個人資料檔案安全維護管理辦法 https://www.moea.gov.tw/MNS/populace/news/News.aspx?kind=1&menu_id=40&news_id=110737 嚴防零售個資外洩 違者最高罰1500萬 https://anntw.com/articles/20230801-YKb5 資安院與工研院簽訂MOU，預計年底成立AI產品與系統的評測機構 https://www.nics.nat.gov.tw/NewInfoDetail.htm?seq=1706 校園通APP七大缺失 新北市教育局：皆已改善 https://www.chinatimes.com/newspapers/20230731000351-260107?chdtv 美遭中植入惡意軟體？ 數位部：每天因應境外威脅 https://www.rti.org.tw/news/view/id/2175300 交通部聯手中芯數據，打造資安防護網 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10608 3成外館爆資安疑慮 綠委示警：涉國安應加速檢討改善 https://news.ltn.com.tw/news/politics/breakingnews/4383718 我駐外館處爆資安疑慮？ 外交部：已設資安監控中心24小時偵測預警 https://today.line.me/tw/v2/article/aGYqR63 故宮文物圖檔外流　再爆研究員遠端打卡資安漏洞 https://www.ctwant.com/article/274035 嘉義市建構資通安全防護體系 全台唯一連2年榮獲績優機關佳績 https://www.chiayi.gov.tw/News_Content.aspx?n=454&sms=9149&s=788265 賴清德訪美恐再遭網攻？　唐鳳祭出「三重防禦」阻駭客 https://rwnews.tw/article.php?news=10526 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 製造業數位轉型曝弱點　駭客猛烈攻擊OT系統 https://reurl.cc/3xlbLV 工控資安專才匱乏！ IT與OT資安技術整合缺一不可 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10598 Peloton智慧健身器材存在漏洞，攻擊者有可能存取系統資訊、部署惡意軟體 https://blog.checkpoint.com/security/is-your-peloton-attracting-security-threats/ Industrial Control Systems Vulnerabilities Soar: Over One-Third Unpatched in 2023 https://thehackernews.com/2023/08/industrial-control-systems.html 美國針對Axis智慧門鎖的漏洞提出警告 https://www.hackread.com/axis-a1001-flaw-facilities-unauthorized-access/ I.教育訓練 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 6.近期資安活動及研討會 LangChain Taipei 2023/8/8 https://www.meetup.com/taipei_langchain/events/294403718/ Elixir meetup 2023/8/8 https://www.meetup.com/elixirtw-taipei/events/295023511/ 大數據分析進階班 2023/8/10 ~ 2023/8/11 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=611 DEF CON 32 2023/8/10 ~ 2023/8/13 https://defcon.org/index.html 2023網路信賴基礎環境應用導入論壇 2023/8/15 https://www.accupass.com/event/2307130333072035570544 國家高速網路與計算中心 台灣杉一號用戶教育訓練 2023/8/15 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4044&from_course_list_url=homepage 國家高速網路與計算中心 台灣杉三號用戶教育訓練 2023/8/16 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4040&from_course_list_url=homepage Zero Trust 新世代資安防線-零信任部署分享座談 2023/8/16 https://jamf.kktix.cc/events/zerotrust0816 【Monosparta】②⓪②③ 第三梯次 軟體開發實戰訓練營➠線上說明會 2023/8/16 https://trunk-studio.kktix.cc/events/monosparta-202309 【文件加密軟體免費試用】 線上資安研討會，保護研發機密這樣做 2023/8/16 https://www.accupass.com/event/2307071251221833519225 AIoT應用實作研習班 2023/8/16 ~ 2023/8/17 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=601 HITCON CMT 2023 2023/08/18 ~ 2023/08/19 https://hitcon.org/2023/CMT/ GO!!JIRA 社團實體日 2023/08/19 https://www.meetup.com/taipei-atlassian-community-events/events/294803808/ WordPress - 桃園午茶小聚 #27 2023/08/19 https://www.meetup.com/taoyuan-wordpress-meetup/events/294930398/ 行政人員個資行政檢查研習 2023/8/21 https://stli.iii.org.tw/news-event.aspx?d=1232&no=16 騰雲資安暑期營 2023/8/21 https://tengyun-security.kktix.cc/events/409411b1 大數據分析進階班 (台中) 2023/8/21 ~ 2023/8/22 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=612 AIoT應用實作研習班 (台中) 2023/8/23 ~ 2023/8/24 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=604 5G+AIOT機器人智慧生活應用科學營 2023/8/23 ~ 2023/8/25 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=625 全面備戰資安韌性 雲端資安全攻略 2023/8/24 https://www.accupass.com/event/2307190344132041357276 NISRA Enlightened 2023 2023/8/28 ~ 2023/8/31 https://nisra.kktix.cc/events/2023enlightened 【資安課程】數位鑑識工具與實務課程｜ACW SOUTH數位產業署沙崙資安服務基地 2023/8/31 https://ievents.iii.org.tw/EventS.aspx?t=0&id=2170 2023中部製造業資安論壇 2023/9/1 https://www.informationsecurity.com.tw/seminar/2023_TCM/register.aspx PyCon TW 2023 2023/9/2 ~ 2023/9/3 https://tw.pycon.org/2023/zh-hant/registration/tickets Web應用滲透測試 2023/9/7 ~ 2023/9/8 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=631 KNIME Data Connect: Taiwan (Onsite/Hybrid) 2023/9/14 https://www.meetup.com/knime-users-taiwan/events/295003668/ Secure Our Streets 2023 2023/9/14 https://www.meetup.com/automotive-security-research-group-taipei/events/292175225/ [GDG] Artificial Intelligence Information Security Day 2023/9/16 https://gdg-taipei.kktix.cc/events/artificial-intelligence-information-security-day Hou.Sec.Con 2023/10/12 ~ 2023/10/13 https://web.cvent.com/event/76d46ccb-fe00-4fe5-ba46-e4a77c807f21/summary 國家高速網路與計算中心 平行計算程式設計基礎課程 2023/10/17 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4033&from_course_list_url=homepage OCF 培訓活動: 如何建立安全的網路架構 II 2023/10/21 https://ocftw.kktix.cc/events/ocftot2023 (ISC)2 SECURITY CONGRESS LEAD WITH CONFINDENCE 2023/10/25 ~ 2023/10/27 https://www.isc2.org/Congress-2023 【亞洲最具指標供應鏈高峰會】Supply Chain Summit 2023 2023/11/14 ~ 2023/11/15 https://www.accupass.com/event/2307070154211343470512