資安事件新聞週報 2023/9/4 ~ 2023/9/8

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2023/9/4 ~ 2023/9/8 1.重大弱點漏洞/後門/Exploit/Zero Day VMware 發布 VMware Tools 安全更新 https://www.vmware.com/security/advisories/VMSA-2023-0019.html PoC Exploit Released for Critical VMware Aria's SSH Auth Bypass Vulnerability https://thehackernews.com/2023/09/poc-exploit-released-for-critical.html 駭客鎖定思科SSL VPN系統進行帳號填充攻擊，逾10個組織受害 https://www.bleepingcomputer.com/news/security/hacking-campaign-bruteforces-cisco-vpns-to-breach-networks/ https://blogs.cisco.com/security/akira-ransomware-targeting-vpns-without-multi-factor-authentication https://www.rapid7.com/blog/post/2023/08/29/under-siege-rapid7-observed-exploitation-of-cisco-asa-ssl-vpns/ Cisco Issues Urgent Fix for Authentication Bypass Bug Affecting BroadWorks Platform https://thehackernews.com/2023/09/cisco-issues-urgent-fix-for.html 伊朗駭客攻擊美國航空機構，鎖定Zoho、Fortinet漏洞下手 https://www.cisa.gov/news-events/alerts/2023/09/07/cisa-fbi-and-cnmf-release-advisory-multiple-nation-state-threat-actors-exploit-cve-2022-47966-and CISA Warning: Nation-State Hackers Exploit Fortinet and Zoho Vulnerabilities https://thehackernews.com/2023/09/cisa-warning-nation-state-hackers.html Alert: Apache Superset Vulnerabilities Expose Servers to Remote Code Execution Attacks https://thehackernews.com/2023/09/alert-apache-superset-vulnerabilities.html 網頁應用程式安全平臺Mend.io出現SAML漏洞 https://www.withsecure.com/us-en/whats-new/pressroom/withsecure-mend-patch-vulnerability-in-popular-application-security-platform 內容管理系統PHPFusion存在漏洞，有可能讓攻擊者遠端執行任意程式碼 https://www.synopsys.com/blogs/software-security/cyrc-vulnerability-advisory-cve-2023-2453/ Google發布電腦版Chrome 116.0.5845.179，修補高風險漏洞 https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop.html Atlas VPN零時差漏洞有可能洩露用戶實際IP位址 https://www.bleepingcomputer.com/news/security/atlas-vpn-zero-day-vulnerability-leaks-users-real-ip-address/ http://www.reddit.com/r/cybersecurity/comments/167f16e/atlasvpn_linux_client_103_remote_disconnect/ https://cybersecurity.theater/@tweedge/110997661135498890 儲存系統MinIO漏洞被用於攻擊，駭客意圖破壞企業網路環境 https://www.securityjoes.com/post/new-attack-vector-in-the-cloud-attackers-caught-exploiting-object-storage-services 瀏覽器安全設計不良加上網站有漏洞，導致外掛程式可能存取使用者機密資料，有外洩風險 https://www.bleepingcomputer.com/news/security/chrome-extensions-can-steal-plaintext-passwords-from-websites/ 應用程式開發平臺Adobe ColdFusion重大漏洞出現攻擊行動 https://www.fortinet.com/blog/threat-research/multiple-threats-target-adobe-coldfusion-vulnerabilities 微星即將釋出BIOS更新解決Windows BSOD問題 https://www.ithome.com.tw/news/158647 Mozilla將於Firefox 118修復Vue.js執行效能問題 https://www.ithome.com.tw/news/158643 2.銀行/金融/保險/證券/金融監理新聞及資安德國金融監管機構遭到DDoS攻擊 https://www.bleepingcomputer.com/news/security/german-financial-agency-site-disrupted-by-ddos-attack-since-friday/ 在外操作金融APP最怕個資外洩！行動資安風險四大重點一看就懂 https://www.ettoday.net/news/20230908/2578257.htm 金控重金挖資安人才　警官跳槽年薪上看1500萬 https://news.cts.com.tw/cts/life/202309/202309052224164.html 3.信用卡/電子支付/行動支付/pay/支付系統/資安全真瑜珈健身傳出系統遭駭客攻擊，傳出會員信用卡遭盜刷 https://news.tvbs.com.tw/local/2218285 6大行動支付哪個最好用？這一款「可以折抵現金」被網推爆：一用就回不去了 https://www.storm.mg/lifestyle/4861309?page=1#google_vignette 出門不帶錢包成日常！行動支付超方便　網議6大行動支付盤點 https://news.tvbs.com.tw/life/2220537 郵局行員幫她下載台灣Pay「被騙賺業績？」網友看法大不同：好心還被嫌 https://tech.udn.com/tech/story/123154/7423483 發卡銀行爭啖行動支付商機 https://wantrich.chinatimes.com/news/20230904900249-420501 街口、全支付「共用條碼」購物！電支跨機構平台最快 10 月上線 https://finance.technews.tw/2023/08/25/inter-agency-platform/ 行動支付掃碼跨境支付平臺Hivex居中牽線，街口、玉山、全支付用戶未來可望在日本PayPay商家掃碼支付 https://www.ithome.com.tw/news/158412 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安金管會九月底將公布虛擬資產平臺業者指導原則，並未規範穩定幣可否發行 https://www.ithome.com.tw/news/158642 摩根大通調低BTC挖礦成本預測、FBI指Stake駭客為Lazarus、Grab支援Web3錢包 https://abmedia.io/0908-spot-crypto-news FBI認定Lazarus Group為Stake.com被盜事件駭客 https://news.cnyes.com/news/id/5317017?exp=a 美國FBI：加密賭場Stake.com「被盜4000萬鎂」真兇是北韓駭客拉撒路 https://www.blocktempo.com/stake-com-attack-by-north-korean-hackers-lazarus-group/ EP216｜與駭客的博弈！鏈上偵探是如何追回加密貨幣？ft. 慢霧科技 AML 負責人 Zero https://open.firstory.me/story/cll2jai9101ck01xj49ftfii2 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 惡意軟體Nascent鎖定NPM、PyPI、RubyGems用戶而來 https://blog.phylum.io/malware-campaign-targets-npm-pypi-and-rubygems-developers/ 惡意軟體Blister被用於散布C2框架Mythic https://www.elastic.co/security-labs/revisiting-blister-new-developments-of-the-blister-loader 新版Agent Tesla惡意程式透過Excel檔案散布 https://www.fortinet.com/blog/threat-research/agent-tesla-variant-spread-by-crafted-excel-document 惡意軟體Kinsing鎖定Openfire漏洞而來 https://blog.aquasec.com/kinsing-malware-exploits-novel-openfire-vulnerability 木馬程式SuperBear鎖定韓國社會運動人士下手 https://interlab.or.kr/archives/19416 駭客利用開源竊資軟體SapphireStealer打造變種程式 https://blog.talosintelligence.com/sapphirestealer-goes-open-source/ 勒索軟體駭客Ransomed索討贖金出現新話術：付錢可免除GDPR處罰 https://flashpoint.io/blog/ransomed-uncertain-cyber-threat/ 木馬程式Remcos透過經過混淆處理加殼的VBS檔案、PowerShell指令碼來埋藏攻擊程式 https://www.mcafee.com/blogs/other-blogs/mcafee-labs/peeling-back-the-layers-of-remcosrat-malware/ 微軟SQL Server遭勒索軟體FreeWorld鎖定 https://www.securonix.com/blog/securonix-threat-labs-security-advisory-threat-actors-target-mssql-servers-in-dbjammer-to-deliver-freeworld-ransomware/ 殭屍網路Mirai鎖定白牌安卓電視盒下手 https://news.drweb.com/show/?lng=en&i=14743 Mirai Botnet Variant 'Pandora' Hijacks Android TVs for Cyberattacks https://thehackernews.com/2023/09/mirai-botnet-variant-pandora-hijacks.html RedLine Stealer: Answers to Unit Wireshark Quiz https://unit42.paloaltonetworks.com/wireshark-quiz-redline-stealer-answers/ 惡意軟體Chaes透過瀏覽器內建開發工具竊取資料 https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers Chae$ 4: New Chaes Malware Variant Targeting Financial and Logistics Customers https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers New Attack Vector In The Cloud: Attackers caught exploiting Object Storage Services https://www.securityjoes.com/post/new-attack-vector-in-the-cloud-attackers-caught-exploiting-object-storage-services Exposing RocketMQ CVE-2023-33246 Payloads https://vulncheck.com/blog/rocketmq-exploit-payloads New Agent Tesla Variant Being Spread by Crafted Excel Document https://www.fortinet.com/blog/threat-research/agent-tesla-variant-spread-by-crafted-excel-document "Smishing Triad" Targeted USPS And US Citizens For Data Theft https://www.resecurity.com/blog/article/smishing-triad-targeted-usps-and-us-citizens-for-data-theft I know what you mined last summer: summarizing Summer '23 cryptomining activity https://www.wiz.io/blog/cryptojacking-attacks-summer-2023 Active North Korean campaign targeting security researchers https://blog.google/threat-analysis-group/active-north-korean-campaign-targeting-security-researchers/ How an APT technique turns to be a public Red Team Project https://yoroi.company/research/how-an-apt-technique-turns-to-be-a-public-red-team-project/ Mac users targeted in new malvertising campaign delivering Atomic Stealer https://www.malwarebytes.com/blog/threat-intelligence/2023/09/atomic-macos-stealer-delivered-via-malvertising Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475 https://www.cisa.gov/news-events/analysis-reports/ar23-250a Cybercriminals target graphic designers with GPU miners https://blog.talosintelligence.com/cybercriminals-target-graphic-designers-with-gpu-miners/ Novel RAT discovered “SuperBear” targeting journalist covering geopolitics of Asia https://interlab.or.kr/archives/19416 Fake Update Utilizes New IDAT Loader To Execute StealC and Lumma Infostealers https://www.rapid7.com/blog/post/2023/08/31/fake-update-utilizes-new-idat-loader-to-execute-stealc-and-lumma-infostealers/ VMConnect supply chain attack continues, evidence points to North Korea https://securityboulevard.com/2023/08/vmconnect-supply-chain-attack-continues-evidence-points-to-north-korea/ Protecting Your Microsoft IIS Servers Against Malware Attacks https://thehackernews.com/2023/09/protecting-your-microsoft-iis-servers.html Mac Users Beware: Malvertising Campaign Spreads Atomic Stealer macOS Malware https://thehackernews.com/2023/09/mac-users-beware-malvertising-campaign.html New BLISTER Malware Update Fuelling Stealthy Network Infiltration https://thehackernews.com/2023/09/new-blister-malware-update-fuelling.html New Python Variant of Chaes Malware Targets Banking and Logistics Industries https://thehackernews.com/2023/09/new-python-variant-of-chaes-malware.html Threat Actors Targeting Microsoft SQL Servers to Deploy FreeWorld Ransomware https://thehackernews.com/2023/09/threat-actors-targeting-microsoft-sql.html Russian State-Backed 'Infamous Chisel' Android Malware Targets Ukrainian Military https://thehackernews.com/2023/09/russian-state-backed-infamous-chisel.html New SuperBear Trojan Emerges in Targeted Phishing Attack on South Korean Activists https://thehackernews.com/2023/09/new-superbear-trojan-emerges-in.html SapphireStealer Malware: A Gateway to Espionage and Ransomware Operations https://thehackernews.com/2023/08/sapphirestealer-malware-gateway-to.html Beware of MalDoc in PDF: A New Polyglot Attack Allowing Attackers to Evade Antivirus https://thehackernews.com/2023/09/beware-of-maldoc-in-pdf-new-polyglot.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊蘋果發布新版macOS、iOS、watchOS，修補已被用於植入間諜軟體的零點擊漏洞 https://www.ithome.com.tw/news/158648 https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/ https://support.apple.com/HT213905 https://support.apple.com/HT213906 https://support.apple.com/HT213907 Apple Rushes to Patch Zero-Day Flaws Exploited for Pegasus Spyware on iPhones https://thehackernews.com/2023/09/apple-rushes-to-patch-zero-day-flaws.html Google發布9月份安卓更新，修補已出現攻擊行動的零時差漏洞 https://source.android.com/docs/security/bulletin/2023-09-01 Zero-Day Alert: Latest Android Patch Update Includes Fix for Newly Actively Exploited Flaw https://thehackernews.com/2023/09/zero-day-alert-latest-android-patch.html 約會應用程式Coffee Meets Bagel傳出服務中斷，起因是遭到網路攻擊 https://www.theregister.com/2023/09/06/coffee_meets_bagel_outage_caused/ 歐盟要求社群網站對抗俄羅斯資訊戰但效果不彰，恐影響明年選舉 https://op.europa.eu/en/publication-detail/-/publication/c1d645d0-42f5-11ee-a8b8-01aa75ed71a1/language-de 2023上半年台灣手機惡意連結數量破百萬 https://www.eettaiwan.com/20230908nt22-network-mobile-security/ C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力美官員遭中國駭客攻擊微軟：旗下工程師遇駭所致 https://reurl.cc/L63Z47 微軟揭露金鑰遭盜過程，系統當機報告曝露消費者簽章金鑰 https://www.ithome.com.tw/news/158631 伺服器磁碟用罄，豐田被迫暫停所有汽車產線 https://www.ithome.com.tw/news/158630 受歐盟《數位市場法》規範的名單出爐，Alphabet、Amazon、蘋果、Meta、微軟、字節跳動入列 https://www.ithome.com.tw/news/158633 中國駭客入侵家用網路設備，以此攻擊德國政府機構 https://www.verfassungsschutz.de/SharedDocs/kurzmeldungen/DE/2023/2023-08-31-cyber-brief-02-2023.html https://www.zdf.de/nachrichten/politik/china-spionage-hacker-deutschland-100.html 微軟調查中國駭客Storm-0558入侵25個組織電子郵件系統，他們發現導火線是2021年當機事故 https://msrc.microsoft.com/blog/2023/09/results-of-major-technical-investigations-for-storm-0558-key-acquisition/ How Hackers obtained unauthorized access into Microsoft accounts, what malicious activities they now operate and how NDR protects organizations from APTs https://exeon.com/blog/microsoft-hack-storm-0558 英國國防機密資料恐遭俄羅斯駭客組織LockBit存取，起因是合作廠商遭到入侵 https://www.theregister.com/2023/09/04/zaun_breach_windows_7/ https://www.zaun.co.uk/zaun-data-breach-update/ https://www.mirror.co.uk/news/uk-news/russia-linked-hackers-hit-uk-30850139 駭客組織GhostSec聲稱公布了伊朗政府監控民眾的工具 https://www.darkreading.com/dr-global/ghostsec-source-code-alleged-iranian-surveillance-tool 北韓駭客Lazarus旗下組織Andariel鎖定韓國國防工業而來 https://thehackernews.com/2023/09/researchers-warn-of-cyber-weapons-used.html https://asec.ahnlab.com/en/48198/ https://asec.ahnlab.com/en/56405/ North Korean Hackers Exploit Zero-Day Bug to Target Cybersecurity Researchers https://thehackernews.com/2023/09/north-korean-hackers-exploit-zero-day.html 烏克蘭關鍵基礎設施遭到俄羅斯駭客APT28攻擊 https://cert.gov.ua/article/5702579 Ukraine's CERT Thwarts APT28's Cyberattack on Critical Energy Infrastructure https://thehackernews.com/2023/09/ukraines-cert-thwarts-apt28s.html Meta Takes Down Thousands of Accounts Involved in Disinformation Ops from China and Russia https://thehackernews.com/2023/09/meta-takes-down-thousands-of-accounts.html 越南駭客透過惡意廣告鎖定臉書企業帳號，散布Ducktail發動攻擊 https://www.ithome.com.tw/news/158628 https://www.zscaler.com/blogs/security-research/look-ducktail https://labs.withsecure.com/publications/meet-the-ducks Vietnamese Cybercriminals Targeting Facebook Business Accounts with Malvertising https://thehackernews.com/2023/09/vietnamese-cybercriminals-targeting.html Chinese-Speaking Cybercriminals Launch Large-Scale iMessage Smishing Campaign in U.S. https://thehackernews.com/2023/09/chinese-speaking-cybercriminals-launch.html 俄羅斯駭客鎖定烏克蘭軍方，利用惡意軟體攻擊安卓設備 https://www.ncsc.gov.uk/news/uk-allies-support-ukraine-calling-out-russia-gru-malware-campaign D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全逾4成消費者以萬用密碼上網　資安業者祭3大忠告 https://hakkanews.tw/2023/09/07/more-than-4-of-consumers-pay-for-online-security-for-online-security/ 還在以萬用密碼上網？快檢視3大「受駭」漏洞中了幾個 https://www.chinatimes.com/realtimenews/20230907004173-260412?chdtv 資安公司揭三大上網NG習慣　過半數人離開電腦前不會鎖定螢幕 https://www.nownews.com/news/6253557 AI工具已成為簡化詐騙流程、自動過濾目標以及擴大攻擊規模的利器 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10663 連性活動也不放過！Mozilla指控25個汽車品牌離譜的個資保護政策 https://foundation.mozilla.org/en/blog/privacy-nightmare-on-wheels-every-car-brand-reviewed-by-mozilla-including-ford-volkswagen-and-toyota-flunks-privacy-test/ 嬌生醫療照護系統傳出資料外洩，起因是IBM代管的應用系統遭到攻擊 https://www.bleepingcomputer.com/news/security/johnson-and-johnson-discloses-ibm-data-breach-impacting-patients/ 鎖定行動裝置的AdSense詐欺攻擊透過短網址進行 https://blog.sucuri.net/2023/09/bogus-url-shorteners-go-mobile-only-in-adsense-fraud-campaign.html Outlook Hack: Microsoft Reveals How a Crash Dump Led to a Major Security Breach https://thehackernews.com/2023/09/outlook-breach-microsoft-reveals-how.html Alert: Phishing Campaigns Deliver New SideTwist Backdoor and Agent Tesla Variant https://thehackernews.com/2023/09/alert-phishing-campaigns-deliver-new.html 研究人員揭露網釣犯罪集團W3LL，專門挾持使用者的微軟帳號，不到一年有8千個組織受害 https://www.group-ib.com/media-center/press-releases/w3ll-phishing-report/ W3LL Store: How a Secret Phishing Syndicate Targets 8,000+ Microsoft 365 Accounts https://thehackernews.com/2023/09/w3ll-store-how-secret-phishing.html X (Twitter) to Collect Biometric Data from Premium Users to Combat Impersonation https://thehackernews.com/2023/09/x-twitter-to-collect-biometric-data.html Okta 示警: 多個社交工程攻擊鎖定IT管理者取得Okta Super Admin特權身分 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10671 身分驗證解決方案業者Okta針對社交工程攻擊提出警告 https://sec.okta.com/articles/2023/08/cross-tenant-impersonation-prevention-and-detection Okta Warns of Social Engineering Attacks Targeting Super Administrator Privileges https://thehackernews.com/2023/09/okta-warns-of-social-engineering.html 釣魚簡訊攻擊Smishing Triad鎖定美國民眾而來 https://www.resecurity.com/blog/article/smishing-triad-targeted-usps-and-us-citizens-for-data-theft 詐騙攻擊行動Classiscam在疫情期間騙得6,450萬美元 https://www.group-ib.com/blog/classiscam-2023/ Classiscam Scam-as-a-Service Raked $64.5 Million During the COVID-19 Pandemic https://thehackernews.com/2023/09/classiscam-scam-as-service-raked-645.html 澳洲Pizza Hut傳出遭駭客組織ShinyHunters入侵，100萬客戶資料外流 https://www.databreaches.net/pizza-hut-australia-customer-data-hacked-shinyhunters-claims-to-have-more-than-1-million-customers-information/ 20萬受到醫療補助的美國印第安那州民眾個資恐因CareSource資安事故外洩 https://www.wrtv.com/news/public-safety/more-than-200-000-indiana-medicaid-members-possibly-exposed-in-caresource-data-breach 物品交換網站Freecycle傳出資料外洩，波及700萬用戶 https://freecycle.helpscoutdocs.com/article/319-data-breach-august-2023 北市中正一分局刑警涉洩個資疑從事不法檢調約談釐清 https://news.pts.org.tw/article/655336 E.研究報告/工具 Gartner在資料安全成熟度曲線新增五大新技術 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10670 The State of the Virtual CISO Report: MSP/MSSP Security Strategies for 2024 https://thehackernews.com/2023/09/the-state-of-virtual-ciso-report.html Online Master of Science in Law Program Cybersecurity Law A graduate degree for working professionals https://www.law.umaryland.edu/academics/ms-in-law-program/landing-pages/cybersecurity-hacker-news/?_m=3n.009a.3142.kl0ao0dcsu.24nu Three CISOs Share How to Run an Effective SOC https://thehackernews.com/2023/09/three-cisos-share-how-to-run-effective.html Way Too Vulnerable: Join this Webinar to Understand and Strengthen Identity Attack Surface https://thehackernews.com/2023/09/way-too-vulnerable-join-this-webinar-to.html Key Cybersecurity Tools That Can Mitigate the Cost of a Breach https://thehackernews.com/2023/09/key-cybersecurity-tools-that-can.html Researchers Warn of Cyber Weapons Used by Lazarus Group's Andariel Cluster https://thehackernews.com/2023/09/researchers-warn-of-cyber-weapons-used.html Hackers Exploit MinIO Storage System Vulnerabilities to Compromise Servers https://thehackernews.com/2023/09/hackers-exploit-minio-storage-system.html Everything You Wanted to Know About AI Security but Were Afraid to Ask https://thehackernews.com/2023/09/everything-you-wanted-to-know-about-ai.html It's a Zero-day? It's Malware? No! It's Username and Password https://thehackernews.com/2023/09/its-zero-day-its-malware-no-its.html Go further and faster with your technology https://www.insight.com/en_US/home.html?_m=3n.009a.3139.kl0ao0dcsu.24jo F.商業 2023年人類及機器身分數量翻倍，身分是資安攻擊核心 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10660 Fortinet 推 SASE 解決方案三大升級，打造企業級雲地資安防護網 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10666 F5 推出行動應用安全套件，結合行動應用防護與機器人防禦 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10667 採用SAS「身分認證優先」策略美國CNG Holdings成功打擊詐欺 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10658 Google與GitLab聯手提升DevOps與軟體供應鏈安全 https://about.gitlab.com/blog/2023/08/29/gitlab-google-partnership-s3c/ Palo Alto 啟動 Cortex 雲端資料中心，全方位雲端資安平台落地台灣 https://technews.tw/2023/09/07/palo-alto-cortex-cloud-data-center/ G.政府政府零信任架構推動有成，數位部首度公布內部導入經驗，資安院揭2023年上半最新進展 https://www.ithome.com.tw/news/158552 資安署首屆資安人才培訓課程結訓，透過競賽驗收成果，日本資安機構亦組隊參與 https://ec.ltn.com.tw/article/breakingnews/4417755 衛福部資安攻防演練彰基獲得高度肯定 https://tcnn.org.tw/archives/179105 政府機關資通安全防護精進建議 https://www.ydn.com.tw/news/newsInsidePage?chapterID=1613577 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安全球首批SEMI E187標準設備出爐 https://www.ithome.com.tw/news/158627 SEL電源管理系統存在漏洞，有可能讓攻擊者發動RCE攻擊 https://www.nozominetworks.com/blog/9-new-vulnerabilities-impact-schweitzer-engineering-labs-software 9 Alarming Vulnerabilities Uncovered in SEL's Power Management Products https://thehackernews.com/2023/09/9-alarming-vulnerabilities-uncovered-in.html 華碩家用Wi-Fi路由器出現重大漏洞，若不修補恐被挾持 https://www.bleepingcomputer.com/news/security/asus-routers-vulnerable-to-critical-remote-code-execution-flaws/ I.教育訓練 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 6.近期資安活動及研討會華宇企管｜免費說明會｜ISO 27001:2022改版有什麼不同 2023/9/12 https://www.accupass.com/event/2308150832588669740710 Elixir Taiwan monthly meetup 2023/9/12 https://www.meetup.com/elixirtw-taipei/events/295381891/ 「資安無邊界安全零信任」資安講座 2023/9/13 https://ievents.iii.org.tw/EventS.aspx?t=0&id=2215 Elastic AI Assistant 介紹：解析日誌和資安告警的神器，再也不用問 ChatGPT！ 2023/9/13 https://www.accupass.com/event/2308250311342124307577 Secure Our Streets 2023 2023/9/14 https://www.meetup.com/automotive-security-research-group-taipei/events/292175225/ KNIME Data Connect: Taiwan (Onsite/Hybrid) 2023/9/14 https://www.meetup.com/knime-users-taiwan/events/295003668/ 台歐EU ENISA雙向合作交流會(EU Cybersecurity Workshop) 2023/9/14 https://www.accupass.com/event/2308300304049987423000 Secure Our Streets 2023 2023/9/14 https://www.meetup.com/automotive-security-research-group-taipei/events/292175225/ ISO 27001改版 - 企業資安轉版重點解析 2023/9/15 https://www.accupass.com/event/2307260551372077718865 WordPress - 桃園午茶小聚 Linner Meetup #28 2023/9/16 https://www.meetup.com/taoyuan-wordpress-meetup/events/295803043/ [GDG] Artificial Intelligence Information Security Day 2023/9/16 https://gdg-taipei.kktix.cc/events/artificial-intelligence-information-security-day 史諾登事件十週年，我們仍在找尋隱私與安全之平衡點 2023/9/20 https://www.twsig.tw/20230920/ SyntaxError 2023/9/20 https://www.meetup.com/pythonhug/events/295730605/ 2023金融資安發展論壇 2023/9/22 https://www.informationsecurity.com.tw/seminar/2023_finance/ 從 MLOps 到 LLMOps 的混合雲實踐 2023/9/25 https://www.meetup.com/rladies-taipei/events/295452194/ 四個月考過CCNA，成為網路工程師 2023/9/27 https://www.accupass.com/event/2308280820492735100520 【ACSI安碁資訊】上雲後的下一步——如何逐步建構雲端防護 2023/9/28 https://www.accupass.com/event/2307270328312367680900 Hou.Sec.Con 2023/10/12 ~ 2023/10/13 https://web.cvent.com/event/76d46ccb-fe00-4fe5-ba46-e4a77c807f21/summary Taipei DevOps User Group Launch Event 2023/10/13 https://www.meetup.com/taipei-devops-user-group/events/295716641/ 國家高速網路與計算中心平行計算程式設計基礎課程 2023/10/17 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4033&from_course_list_url=homepage OCF 培訓活動: 如何建立安全的網路架構 II 2023/10/21 https://ocftw.kktix.cc/events/ocftot2023 (ISC)2 SECURITY CONGRESS LEAD WITH CONFINDENCE 2023/10/25 ~ 2023/10/27 https://www.isc2.org/Congress-2023 Web應用滲透測試 2023/11/9 ~ 2023/11/10 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=631 【亞洲最具指標供應鏈高峰會】Supply Chain Summit 2023 2023/11/14 ~ 2023/11/15 https://www.accupass.com/event/2307070154211343470512 【Monosparta】②⓪②④ 第一梯次軟體開發實戰訓練營➠線上說明會 2024/1/17 https://trunk-studio.kktix.cc/events/monosparta-202401