資安事件新聞週報 2024/1/8 ~ 2024/1/12

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2024/1/8 ~ 2024/1/12 1.重大弱點漏洞/後門/Exploit/Zero Day Juniper 近日發布針對JSA平台漏洞的更新 https://supportportal.juniper.net/s/article/2023-12-Security-Bulletin-JSA-Series-Multiple-vulnerabilities-resolved?language=en_US Google Kubernetes Engine 中的漏洞可能允許叢集接管 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10878 分散式訊息串流資料平臺Apache RocketMQ存在重大漏洞，已出現嘗試利用的情況 https://www.bleepingcomputer.com/news/security/hackers-target-apache-rocketmq-servers-vulnerable-to-rce-attacks/ https://www.openwall.com/lists/oss-security/2023/07/12/1 https://dashboard.shadowserver.org/statistics/combined/time-series/?date_range=30&source=honeypot&tag=rocketmq-scan&group_by=geo&style=stacked Microsoft 推出 2024 年 1 月 Patch Tuesday 每月例行更新修補包 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10891 Microsoft's January 2024 Windows Update Patches 48 New Vulnerabilities https://thehackernews.com/2024/01/microsofts-january-2024-windows-update.html CISA Flags 6 Vulnerabilities - Apple, Apache, Adobe, D-Link, Joomla Under Attack https://thehackernews.com/2024/01/cisa-flags-6-vulnerabilities-apple.html SSL VPN系統Ivanti Connect Secure含有零時差漏洞且出現攻擊行動 https://www.ithome.com.tw/news/160823 Ivanti針對旗下SSL VPN、NAC解決方案的零時差漏洞提出警告，已出現攻擊行動 https://www.bleepingcomputer.com/news/security/ivanti-warns-of-connect-secure-zero-days-exploited-in-attacks/ Alert: Ivanti Releases Patch for Critical Vulnerability in Endpoint Manager Solution https://thehackernews.com/2024/01/alert-ivanti-releases-patch-for.html Chinese Hackers Exploit Zero-Day Flaws in Ivanti Connect Secure and Policy Secure https://thehackernews.com/2024/01/chinese-hackers-exploit-zero-day-flaws.html Alert: New Vulnerabilities Discovered in QNAP and Kyocera Device Manager https://thehackernews.com/2024/01/alert-new-vulnerabilities-discovered-in.html Cisco Fixes High-Risk Vulnerability Impacting Unity Connection Software https://thehackernews.com/2024/01/cisco-fixes-high-risk-vulnerability.html Act Now: CISA Flags Active Exploitation of Microsoft SharePoint Vulnerability https://thehackernews.com/2024/01/act-now-cisa-flags-active-exploitation.html New PoC Exploit for Apache OfBiz Vulnerability Poses Risk to ERP Systems https://thehackernews.com/2024/01/new-poc-exploit-for-apache-ofbiz.html WordPress寄信外掛程式POST SMTP Mailer存在漏洞，攻擊者有可能用於挾持網站 https://www.wordfence.com/blog/2024/01/type-juggling-leads-to-two-vulnerabilities-in-post-smtp-mailer-wordpress-plugin/ 思科修補語音郵件解決方案Unity Connection的重大漏洞 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuc-unauth-afu-FROYsCsD Adobe修補Substance 3D Stager程式碼執行漏洞 https://www.securityweek.com/adobe-patches-code-execution-flaws-in-substance-3d-stager/ CISA針對去年4月Apache修補的資料圖像化工具Superset漏洞提出警告，已出現攻擊行動 https://www.securityweek.com/cisa-warns-of-apache-superset-vulnerability-exploitation/ GITLAB任意用户密码重置漏洞（CVE-2023-7028）通告 https://blog.nsfocus.net/gitlabcve-2023-7028/ 2.銀行/金融/保險/證券/金融監理新聞及資安 F5：金融3.0 即將上路，API 盤點六大機制保護安全 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10882 新加坡金管局提議擴大其調查權力 https://www.panewslab.com/zh_hk/sqarticledetails/44wgi0n9Ft.html 將來銀行部署微軟 Surface 鞏固企業資安落實永續經營策略 https://news.microsoft.com/zh-tw/features/surface-nextbank-cyberserurity-sustainability/ 普鴻強化資安防禦機制獲ISO27001國際資安認證 https://news.cnyes.com/news/id/5430460 震撼彈！遠傳終止開放銀行合作金管會：資料限期銷毀 https://www.wealth.com.tw/articles/11636516-e452-458e-839d-832ee3b99428 3.信用卡/電子支付/行動支付/pay/支付系統/資安 Apple Pay無法付款？結帳跳出「信用卡即將到期」3步驟教你如何解決行動支付 https://reurl.cc/Qe4YM9 電子支付會取代信用卡嗎？為何專家說「言之過早」？2大原因解析 https://reurl.cc/zlAqV6 香港八達通開放的士支付網絡乘客1．25起可用支付寶銀聯 https://reurl.cc/yYkRqO 20年養胖千萬超商鐵粉！icash插旗電子支付，有哪些優勢與挑戰 https://reurl.cc/2zWKnO 即日起開放電子支付帳戶得為證券商交割約定帳戶 https://www.ctee.com.tw/news/20240105701690-430201 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 Cryptominers Targeting Misconfigured Apache Hadoop and Flink with Rootkit in New Attacks https://thehackernews.com/2024/01/cryptominers-targeting-misconfigured.html 美SEC遭駭客入侵！謊稱已核准比特幣ETF https://ec.ltn.com.tw/article/breakingnews/4547329 https://www.nytimes.com/2024/01/09/business/sec-x-hack-bitcoin.html https://www.theverge.com/2024/1/9/24032095/bitcoin-etf-sec-fake-tweet-x-gary-gensler https://www.cnbc.com/2024/01/09/sec-says-it-did-not-yet-approve-bitcoin-etf.html https://twitter.com/coinbase/status/1744832249952899087 https://twitter.com/GaryGensler/status/1744833049064288387 美國證券交易委員會將調查駭客攻擊事件 https://news.cnyes.com/news/id/5428092 詳解香港版比特幣現貨 ETF 監管：萬事俱備只欠東風 https://www.hk01.com/article/979699?utm_source=01articlecopy&utm_medium=referral 現貨比特幣 ETF 是啥？怎麼投資？一文看懂 https://money.udn.com/money/story/123398/7700790 Orbit Chain：將向決定性情報提供者發放最高800萬美元賞金 https://www.panewslab.com/zh_hk/articledetails/yef4gzkcFt.html SEC批准比特幣ETF 幣安：象徵加密資產接受度提升 https://ec.ltn.com.tw/article/breakingnews/4548897 區塊鏈資安業者CertiK的X帳號遭駭，被用於散布惡意程式，榨乾用戶的加密貨幣 https://www.bleepingcomputer.com/news/security/web3-security-firm-certiks-x-account-hacked-to-push-crypto-drainer/ https://twitter.com/CertiKAlert/status/1743202025771327740 https://twitter.com/RevokeCash/status/1743195962082775098 https://twitter.com/CertiK/status/1743252309662912937 https://twitter.com/CertiK/status/1743278606569083344 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 駭客被捕後，Babuk 勒索軟體解密器被發布 https://zh-tw.techwar.gr/284031/to-decryptor-for-babuk-ransomware-kykloforise-meta-ti-syllipsi-tou-chaker/#google_vignette 勒索軟體Akira在芬蘭肆虐，鎖定思科重大防火牆漏洞入侵企業組織，抹除存放於NAS的備份資料 https://www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/suomalaiset-organisaatiot-akira-kiristyshaittaohjelmien-kohteena Python惡意程式FBot鎖定雲端及SaaS平臺 https://s1.ai/fbot 荷蘭工程師傳出透過水泵入侵伊朗核能設施，植入惡意軟體Stuxnet https://www.securityweek.com/dutch-engineer-used-water-pump-to-get-billion-dollar-stuxnet-malware-into-iranian-nuclear-facility-report/ Mirai變種殭屍網路NoaBot針對SSH伺服器而來，將其用於挖礦 https://www.akamai.com/blog/security-research/mirai-based-noabot-crypto-mining 駭客組織Water Curupira透過垃圾郵件散布惡意程式載入工具PikaBot https://www.trendmicro.com/en_us/research/24/a/a-look-into-pikabot-spam-wave-campaign.html 美國貸款業者LoanDepot證實遭遇勒索軟體攻擊 https://www.sec.gov/Archives/edgar/data/1831631/000183163124000004/ldi-20240104.htm 加拿大動物園證實遭到勒索軟體攻擊，並強調動物健康狀態不受影響 https://www.torontozoo.com/mediaroom/press2024/20240108#press 駭客利用YouTube頻道散布竊資軟體Lumma https://www.fortinet.com/blog/threat-research/lumma-variant-on-youtube 美國關鍵基礎設施遭木馬程式AsyncRAT鎖定 https://cybersecurity.att.com/blogs/labs-research/asyncrat-loader-obfuscation-dgas-decoys-and-govno 敘利亞駭客在地下論壇散布RAT木馬程式Silver RAT，標榜防毒軟體無法將其視為有害 https://www.cyfirma.com/outofband/a-gamer-turned-malware-developer-diving-into-silverrat-and-its-syrian-roots/ 北韓駭客散布Mac後門程式SpectralBlur https://g-les.github.io/yara/2024/01/03/100DaysofYARA_SpectralBlur.html 坏事做绝：Akira 勒索软件攻击芬兰公司，永久破坏备份 https://www.anquanke.com/post/id/292590 Medusa Ransomware Turning Your Files into Stone https://unit42.paloaltonetworks.com/medusa-ransomware-escalation-new-leak-site/ Exploring FBot | Python-Based Malware Targeting Cloud and Payment Services https://www.sentinelone.com/labs/exploring-fbot-python-based-malware-targeting-cloud-and-payment-services/ Pivoting through a Sea of indicators to spot Turtles https://blog.strikeready.com/blog/pivoting-through-a-sea-of-indicators-to-spot-turtles/ You Had Me at Hi — Mirai-Based NoaBot Makes an Appearance https://github.com/akamai/akamai-security-research/blob/main/malware/noabot/iocs.csv https://www.akamai.com/blog/security-research/mirai-based-noabot-crypto-mining 竊資軟體Atomic透過加密酬載植入Mac電腦 https://www.malwarebytes.com/blog/threat-intelligence/2024/01/atomic-stealer-rings-in-the-new-year-with-updated-version Atomic Stealer rings in the new year with updated version https://www.malwarebytes.com/blog/threat-intelligence/2024/01/atomic-stealer-rings-in-the-new-year-with-updated-version Atomic Stealer Gets an Upgrade - Targeting Mac Users with Encrypted Payload https://thehackernews.com/2024/01/atomic-stealer-gets-upgrade-targeting.html Three New Malicious PyPI Packages Deploy CoinMiner on Linux Devices https://www.fortinet.com/blog/threat-research/malicious-pypi-packages-deploy-coinminer-on-linux-devices novel (at least in terms of inital hashing) linux backdoor: /usr/lib/libsystemd-shared-255.2-2 https://otx.alienvault.com/pulse/659a27b1d4043e822f444ce0 Deceptive Cracked Software Spreads Lumma Variant on YouTube https://www.fortinet.com/blog/threat-research/lumma-variant-on-youtube Free Decryptor Released for Black Basta and Babuk's Tortilla Ransomware Victims https://thehackernews.com/2024/01/free-decryptor-released-for-black-basta.html Alert: Water Curupira Hackers Actively Distributing PikaBot Loader Malware https://thehackernews.com/2024/01/alert-water-curupira-hackers-actively.html Pro-Iranian Hacker Group Targeting Albania with No-Justice Wiper Malware https://thehackernews.com/2024/01/pro-iranian-hacker-group-targeting.html SpectralBlur: New macOS Backdoor Threat from North Korean Hackers https://thehackernews.com/2024/01/spectralblur-new-macos-backdoor-threat.html Orange Spain Faces BGP Traffic Hijack After RIPE Account Hacked by Malware https://thehackernews.com/2024/01/orange-spain-faces-bgp-traffic-hijack.html Third-Party Risk Management for SaaS Security New Bandook RAT Variant Resurfaces, Targeting Windows Machines https://thehackernews.com/2024/01/new-bandook-rat-variant-resurfaces.html Syrian Hackers Distributing Stealthy C#-Based Silver RAT to Cybercriminals https://thehackernews.com/2024/01/syrian-hackers-distributing-stealthy-c.html There is a Ransomware Armageddon Coming for Us All https://thehackernews.com/2024/01/there-is-ransomware-armageddon-coming.html NoaBot: Latest Mirai-Based Botnet Targeting SSH Servers for Crypto Mining https://thehackernews.com/2024/01/noabot-latest-mirai-based-botnet.html New Python-based FBot Hacking Toolkit Aims at Cloud and SaaS Platforms https://thehackernews.com/2024/01/new-python-based-fbot-hacking-toolkit.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊高通晶片漏洞可透過語音通話進行遠端攻擊 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10881 中國稱破解蘋果手機加密功能 NGO批蘋果迎合北京 https://www.rti.org.tw/news/view/id/2192452 在中國駭客攻擊之前，蘋果就收到了有關 AirDrop 缺陷的警告 https://zh-tw.techwar.gr/286438/i-apple-proeidopoiithike-gia-elattomata-tou-airdrop-prin-apo-to-hack-tis-kinas/#google_vignette C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力烏克蘭駭客聲稱攻陷俄羅斯網際網路服務供應商M9 Telecom https://www.darkreading.com/ics-ot-security/ukraine-claims-revenge-hack-against-moscow-internet-provider 中國網攻據稱揭示北京在潛在衝突中的戰略 https://reurl.cc/RWvYqG 美國情報部門使用AI追蹤瞄準關鍵基礎設施的駭客 https://reurl.cc/qrkGGD 紐時：中美科技戰加劇牽動微軟北京研究院去留 https://www.cna.com.tw/news/acn/202401110147.aspx 美軍資安轉型「零信任」全面防護 https://www.ydn.com.tw/news/newsInsidePage?chapterID=1644134&type=forum 網絡安全公司披露上月疑有中國黑客攻擊美國一研究機構 https://www.ktsf.com/2024/01/11/china-hacker-attacks/ 荷蘭IT業者與電信公司遭土耳其駭客Sea Turtle滲透，潛入內部從事網路間諜行動 https://www.huntandhackett.com/blog/turkish-espionage-campaigns 阿爾巴尼亞遭伊朗駭客透過資料破壞軟體No-Justice攻擊 https://www.clearskysec.com/no-justice-wiper/ 沙烏地阿拉伯工業暨礦產資源部環境配置檔案曝光，攻擊者有機會在其內部網路環境進行橫向移動 https://securityaffairs.com/157133/security/saudi-ministry-data-leak.html Threat Actors Increasingly Abusing GitHub for Malicious Purposes https://thehackernews.com/2024/01/threat-actors-increasingly-abusing.html 資安業者Mandiant針對X帳號遭盜事故提出進一步說明，背後是大規模的加密貨幣詐欺攻擊行動 https://www.mandiant.com/resources/blog/solana-cryptocurrency-stolen-clinksink-drainer-campaigns Mandiant's X Account Was Hacked Using Brute-Force Attack https://thehackernews.com/2024/01/mandiants-x-account-was-hacked-using.html Beware! YouTube Videos Promoting Cracked Software Distribute Lumma Stealer https://thehackernews.com/2024/01/beware-youtube-videos-promoting-cracked.html Sea Turtle Cyber Espionage Campaign Targets Dutch IT and Telecom Companies https://thehackernews.com/2024/01/sea-turtle-cyber-espionage-campaign.html Russian Hackers Had Covert Access to Ukraine's Telecom Giant for Months https://thehackernews.com/2024/01/russian-hackers-had-covert-access-to.html North Korea's Cyber Heist: DPRK Hackers Stole $600 Million in Cryptocurrency in 2023 https://thehackernews.com/2024/01/north-koreas-cyber-heist-dprk-hackers.html 微軟SQL Server遭到勒索軟體Mimic鎖定 https://www.securonix.com/blog/securonix-threat-research-security-advisory-new-returgence-attack-campaign-turkish-hackers-target-mssql-servers-to-deliver-domain-wide-mimic-ransomware/ Turkish Hackers Exploiting Poorly Secured MS SQL Servers Across the Globe https://thehackernews.com/2024/01/turkish-hackers-exploiting-poorly.html New RE#TURGENCE Attack Campaign: Turkish Hackers Target MSSQL Servers to Deliver Domain-Wide MIMIC Ransomware https://www.securonix.com/blog/securonix-threat-research-security-advisory-new-returgence-attack-campaign-turkish-hackers-target-mssql-servers-to-deliver-domain-wide-mimic-ransomware/ D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全防消費者個資外洩！4000家超市百貨量販店須訂「個資安全計畫」 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10888 世界和平會選用資通經銷 Comodo 端點軟體保護捐款個資 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10884 FTC Bans Outlogic (X-Mode) From Selling Sensitive Location Data https://thehackernews.com/2024/01/ftc-bans-outlogic-x-mode-from-selling.html Exposed Secrets are Everywhere. Here's How to Tackle Them https://thehackernews.com/2024/01/exposed-secrets-are-everywhere-heres.html DoJ Charges 19 Worldwide in $68 Million xDedic Dark Web Marketplace Fraud https://thehackernews.com/2024/01/doj-charges-19-worldwide-in-68-million.html 拍照炫耀出國要注意！拍到「登機證」4處恐被駭信用卡盜刷光光 https://tech.udn.com/tech/story/123154/7695763 粉專成詭異名字！范瑞君點「停權」釣魚網址　急上線：我被盜了 https://news.tvbs.com.tw/entertainment/2362789 彭博：台灣禁不在籍投票可防中國干擾大選 https://www.rti.org.tw/news/view/id/2192378 X 平台確認 SEC 的 X 帳戶被入侵，駭客取得帳戶相關電話號碼控制權 https://zombit.info/x-confirm-sec-account-compromised/ 曾呼籲投資人使用「多重驗證」今打臉自己！X 官方：SEC 帳號未啟用 2FA https://blockcast.it/2024/01/10/secs-bitcoin-etf-debacle-was-result-of-not-utilizing-2fa-according-to-x/ https://twitter.com/Safety/status/1744924042681897343 https://cyberscoop.com/after-hack-x-claims-sec-failed-to-use-two-factor-authentication/ 國安人士：中國網軍鎖定蔡總統用大量AI偽造影音醜化形象介選 https://www.cna.com.tw/news/aipl/202401100121.aspx 男匯款投資行員驚見帳戶異常警協助圈存保住17萬 https://www.chinatimes.com/realtimenews/20240111004802-260402?chdtv 賴清德顧立雄個資外流成駭客商品國民黨：下一個是朝野立委 https://news.owlting.com/articles/229386 史上同期最多！一月工作機會餘百萬個　轉職潮來襲小心詐騙 https://www.cmmedia.com.tw/home/articles/44535 筆電製造商Framework遭遇供應鏈攻擊，導致部分客戶個資外洩 https://community.frame.work/t/framework-data-breach/43408 印度網際網路服務供應商Hathway資料外洩，駭客架設搜尋引擎供受害客戶確認，藉此向該ISP施壓 https://www.hackread.com/indian-isp-hathway-data-breach-user-data-kyc-leak/ 駭客組織藉由人工智慧技術從事發票詐欺 https://www.resecurity.com/blog/article/cybercriminals-implemented-artificial-intelligence-ai-for-invoice-fraud 冒牌的401(k)資料鎖定人資部門而來，企圖竊取企業組織的帳密 https://cofense.com/blog/threat-actors-taking-advantage-of-hr-initiatives/ 駭客鎖定Booking.com的合作旅館進行網釣攻擊，目的疑為收集旅館客戶資料 https://perception-point.io/blog/attackers-target-hotels-to-gain-booking-com-credentials/ 現代汽車、網路設備業者Netgear的X帳號遭到挾持 https://www.bleepingcomputer.com/news/security/netgear-hyundai-latest-x-accounts-hacked-to-push-crypto-drainers/ https://twitter.com/malwrhunterteam/status/1744243500181279220 https://twitter.com/SecuriTears/status/1743989857427329333 https://twitter.com/SecuriTears/status/1743991027755618504 https://twitter.com/OverworldPlay/status/1735234694319571270 瑞士空軍敏感資料外流，起因是美國供應商遭駭 https://www.swissinfo.ch/eng/cyberattack-exposes-swiss-air-force-documents-on-the-darknet/49100914 E.研究報告/工具 UAC-0184: Targeted attacks on Ukrainian servicemen using the recruiting theme related to the 3rd Separate Special Purpose Brigade and the Israeli Defense Forces (IDF) https://cert.gov.ua/article/6276988 專家預期： 2024 年針對應用程式層面的攻擊數量將上升 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10880 報告解讀之北韓駭客、釣魚團夥及洗錢工具分析 https://web3caff.com/zh_tc/archives/81643 KyberSlash攻擊手法恐導致量子加密專案曝險 https://www.bleepingcomputer.com/news/security/kyberslash-attacks-put-quantum-encryption-projects-at-risk/ 雲端平台安全攻防戰企業上雲前必須注意的資安問題 https://www.thehubnews.net/archives/333514#google_vignette 研究人員揭露Mac後門程式SpectralBlur，疑為惡意程式KandyKorn的前身 https://thehackernews.com/2024/01/spectralblur-new-macos-backdoor-threat.html Getting off the Attack Surface Hamster Wheel: Identity Can Help https://thehackernews.com/2024/01/getting-off-attack-surface-hamster.html Unifying Security Tech Beyond the Stack: Integrating SecOps with Managed Risk and Strategy https://thehackernews.com/2024/01/unifying-security-tech-beyond-stack.html 四大攻擊類型並存！美國NIST 示警軟體設計快速導入AI可能產生的安全和隱私風險 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10892 NIST Warns of Security and Privacy Risks from Rapid AI System Deployment https://thehackernews.com/2024/01/nist-warns-of-security-and-privacy.html Why Public Links Expose Your SaaS Attack Surface https://thehackernews.com/2024/01/why-public-links-expose-your-saas.html Applying the Tyson Principle to Cybersecurity: Why Attack Simulation is Key to Avoiding a KO https://thehackernews.com/2024/01/applying-tyson-principle-to.html Google 瀏覽器、Excel 爆出資安漏洞！從索尼機密外洩，看資訊攻擊對企業有多傷 https://www.managertoday.com.tw/articles/view/67987?utm_source=copyshare 新型態SMTP走私手法可繞過資安系統寄送偽造的郵件 https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/ 反击：MaxPatrol SIEM 针对勒索软件添加了 62 条新规则来检测威胁 https://www.anquanke.com/post/id/292600 HTTP2 请求走私利用剖析 https://paper.seebug.org/3109/ 一款自带shodan key且联动shodan的端口扫描工具 https://mp.weixin.qq.com/s?__biz=Mzg5NTYwMDIyOA==&mid=2247501095&idx=1&sn=492e106627ebe8e1c1e5bbf2261d448d F.商業 Akamai 彙總2023年雲端安全年度回顧 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10883 亞利安科技攜手PacketX重塑網路安全防禦對策 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10896 安碁資訊揭2024資安服務策略，雲端安全與人才培訓事業成重點，並擴大泰國布局 https://www.ithome.com.tw/news/160781 密碼管理業者LastPass強制所有用戶設置12個字元的主密碼 https://blog.lastpass.com/2024/01/lastpass-is-making-account-updates-heres-why/ G.政府新北YouBike2.0資安強化　系統更新期間暫停租借 https://www.ettoday.net/news/20240110/2661484.htm 詹婷怡當選ICANN ASO副主席擔任亞太區網路治理關鍵角色 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10893 數位部：協同相關部會持續強化關鍵基礎設施資安 https://reurl.cc/nr7mg6 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安 IoT世代萬物皆可駭！ TTC推物聯網資安聯合檢測中心 https://reurl.cc/zlAqKp 行動聯網安全晶片持續守護IoT資安 https://reurl.cc/xLlNob Bosch智慧扳手存在一系列漏洞，可被用於勒索軟體攻擊、癱瘓生產作業 https://www.nozominetworks.com/blog/vulnerabilities-on-bosch-rexroth-nutrunners 西門子、施耐德電機發布1月例行更新，修補逾20個漏洞 https://www.securityweek.com/siemens-schneider-electric-release-first-ics-patch-tuesday-advisories-of-2024/ 臺灣NAS廠商威聯通修補QTS、Video Station、QuMagie等多項產品高風險漏洞 https://www.securityweek.com/qnap-patches-high-severity-flaws-in-qts-video-station-qumagie-netatalk-products/ https://www.qnap.com/en/security-advisory/qsa-23-64 https://www.qnap.com/en/security-advisory/qsa-23-55 https://www.qnap.com/en/security-advisory/qsa-23-23 https://www.qnap.com/en/security-advisory/qsa-23-22 车联网移动应用安全攻守道 https://www.aqniu.com/industry/102107.html I.教育訓練 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 6.近期資安活動及研討會 2024年第一次會員研討會 - ISC2 資安之旅：Security Congress心得、得獎專案，以及資安反思 2024/1/16 https://isc2taipei.kktix.cc/events/isc2webinar1th Elixir Taiwan monthly meetup 2024/1/16 https://www.meetup.com/elixirtw-taipei/events/297578852/ SyntaxError 2024/1/17 https://www.meetup.com/pythonhug/events/pqnsctygccbwb/ 國家高速網路與計算中心教育訓練大型語言模型LLMs課程教學-跟你組織內的知識庫對話 Talk To Your Internal Knowledge Base 2024/1/17 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4085&from_course_list_url=homepage 【Monosparta ②⓪②④ 第一梯次軟體開發實戰訓練營➠線上說明會 2024/1/17 https://trunk-studio.kktix.cc/events/monosparta-202401 2024年資安新手實戰培訓課程說明會 2024/1/19 https://acsiacad.kktix.cc/events/acadnewhire 2024 Global NF Conference 2024/1/20 ~ 2024/1/25 https://www.ctf.org/events/2024-joint-global-nf-conference# 獲利究竟被誰偷走了－Excel樞紐分析編製各式報表與查核 2024/1/24 https://www.caa.org.tw/coursedetail-36599.html Cyber Range in 2024 2024/1/24 ~ 2024/1/25 https://www.wwt.com/event/64e4ebafc176b30347f0568a SyntaxError 2024/1/24 https://www.meetup.com/pythonhug/events/pqnsctygccbgc/ SANS Cyber Threat Intelligence Summit & Training 2024 2024/1/29 - 2024/2/5 https://www.sans.org/cyber-security-training-events/cyber-threat-intelligence-summit-2024/ SyntaxError 2024/1/31 https://www.meetup.com/pythonhug/events/pqnsctygccbpc/ 第七屆《Hit AI & Blockchain》人工智慧暨區塊鏈產業高峰會 2024/2/6 https://www.accupass.com/event/2311160625102022535520 2024資安365年會 2024/2/22 https://www.informationsecurity.com.tw/seminar/2024_TPinfosecurity365/register.aspx 【安碁學苑】IPAS 資訊安全工程師中級證照培訓班 2024/2/20-2024/2/3/5 https://www.accupass.com/event/2312151022301066488466