資安事件新聞週報 2023/4/3 ~ 2023/4/7

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2023/4/3 ~ 2023/4/7 1.重大弱點漏洞/後門/Exploit/Zero Day Cacti, Realtek, and IBM Aspera Faspex Vulnerabilities Under Active Exploitation https://thehackernews.com/2023/04/cacti-realtek-and-ibm-aspera-faspex.html 逾1,500萬個連接網際網路的應用系統受到CISA列管的已知漏洞影響 https://www.rezilion.com/blog/get-to-know-kev-in-our-new-research-report/ 威聯通修補NAS零時差漏洞，8萬臺設備曝險 https://sternumiot.com/iot-blog/qnap-ts-230-nas-vulnerability/ Azure Pipelines出現RCE漏洞，有可能導致供應鏈攻擊 https://www.legitsecurity.com/blog/remote-code-execution-vulnerability-in-azure-pipelines-can-lead-to-software-supply-chain-attack 微軟修補Azure Service Fabric高風險漏洞Super FabriXSS https://orca.security/resources/blog/super-fabrixss-azure-vulnerability/ Microsoft Fixes New Azure AD Vulnerability Impacting Bing Search and Major Apps https://thehackernews.com/2023/04/microsoft-fixes-new-azure-ad.html Researchers Detail Severe "Super FabriXss" Vulnerability in Microsoft Azure SFX https://thehackernews.com/2023/03/researchers-detail-severe-super.html Microsoft Tightens OneNote Security by Auto-Blocking 120 Risky File Extensions https://thehackernews.com/2023/04/microsoft-tightens-onenote-security-by.html Microsoft Outlook 發布重大漏洞公告，Openfind 協助客戶即時因應資安威脅 https://www.openfind.com.tw/taiwan/news_detail.php?news_id=10326 WordPress外掛程式Elementor Pro漏洞出現攻擊行動，1,100萬網站恐曝險 https://patchstack.com/articles/critical-elementor-pro-vulnerability-exploited/ Hackers Exploiting WordPress Elementor Pro Vulnerability: Millions of Sites at Risk https://thehackernews.com/2023/04/hackers-exploiting-wordpress-elementor.html Winter Vivern APT Targets European Government Entities with Zimbra Vulnerability https://thehackernews.com/2023/03/winter-vivern-apt-targets-european.html HP揭露涉及數十款雷射印表機的資訊外洩漏洞 https://www.ithome.com.tw/news/156263 HP揭露LaserJet印表機重大漏洞，呼籲用戶暫時改用舊版韌體因應 https://support.hp.com/us-en/document/ish_7905330-7905358-16/hpsbpi03838 雲端基礎設施的Log4Shell漏洞遭到利用，駭客進行頻寬挾持攻擊 https://sysdig.com/blog/proxyjacking-attackers-log4j-exploited 電腦版Chrome 112發布，修補16個漏洞 https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html 育碁數位科技 a+HRD - Deserialization of Untrusted Data https://www.twcert.org.tw/tw/cp-132-7023-8368b-1.html 四零四科技 MiiNePort E1 - Broken Access Control https://www.twcert.org.tw/tw/cp-132-7021-eb43a-1.html 2.銀行/金融/保險/證券/金融監理新聞及資安金融集團TMX資料外洩，480萬人受到影響 https://www.bleepingcomputer.com/news/security/consumer-lender-tmx-discloses-data-breach-impacting-48-million-people/ ChatGPT火熱黃天牧「示警」 3月發函銀行注意資安風險 https://reurl.cc/zAXnoe ChatGPT引起資安風險金管會提三方案因應 https://www.chinatimes.com/newspapers/20230407000411-260114?chdtv ChatGPT會衝擊人類文明！金管會示警　金融業不能被控制 https://finance.ettoday.net/news/2473834 法務部調查局臺北市調查處與遠東銀行簽署「國家資通安全聯防與情資分享合作備忘錄」 https://taiwanpost.net/economics/2023/04/06/19121/ 調查局資安第一交椅嚴防駭侵！與遠銀簽資安聯防備忘錄 https://news.ltn.com.tw/news/society/breakingnews/4262543 調查局攜手遠東商銀即時交流資安威脅情資 https://www.cna.com.tw/news/asoc/202304060312.aspx 第4家金融機構簽訂資安聯防MOU　調查局攜手遠東商銀打詐防駭 https://www.ettoday.net/news/20230406/2474179.htm 社群媒體活躍金融穩定新挑戰 https://money.udn.com/money/story/5628/7081335?from=edn_newestlist_cate_side 3.信用卡/電子支付/行動支付/pay/支付系統/資安香港電子支付存短板　數字經濟發展刻不容緩 http://www.hkcna.hk/docDetail.jsp?id=100328022&channel=4372 街口支付用戶破600萬 4/12導入會員分級 https://reurl.cc/GeD2zZ 金融機構危機處理要點擬納入電子支付、信用卡 https://reurl.cc/MRDKYk 防堵電子支付遭盜用　4/1起核驗原始手機碼 https://www.cardu.com.tw/news/detail.php?48456 平常都用電子支付！他錢包遺失2天慘遭無良情侶「衝藥妝店掃貨盜刷」 https://reurl.cc/MRDKY3 數位發展部數位產業署「行動支付Ｘ產業創新應用論壇」台北智慧城市展登場 https://ctee.com.tw/industrynews/cooperation/835043.html 大陸解封後行動支付的便與不便 https://wantrich.chinatimes.com/news/20230331900151-420201 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 Cryptocurrency Companies Targeted in Sophisticated 3CX Supply Chain Attack https://thehackernews.com/2023/04/cryptocurrency-companies-targeted-in.html 蘋果macOS暗藏比特幣白皮書 https://www.ithome.com.tw/news/156278 沒有監管，就沒有未來，DeFi 的下一步何去何從 https://technews.tw/2023/04/02/what-is-next-for-defi/ 比特幣怎麼玩、怎麼買？虛擬貨幣新手投資教學（2023 版） https://applealmond.com/posts/181481 瑞信、SVB全被「信心」擊垮　交易所如何用公開透明走出新道路 https://www.upmedia.mg/news_info.php?Type=9&SerialNo=169672 顯示卡都被拿去「挖礦」 NVIDIA高層：加密貨幣對社會沒幫助，不如投資「這技術」 https://reurl.cc/b7xKv3 Cega登陸以太坊，引進新槓桿化選擇權產品，並設立交易公司 https://n.yam.com/Article/20230406917661 Optimism為何能成「超級鏈」：統一全部Layer2，打造Rollup鏈工廠 https://www.blocktempo.com/optimism-super-chain-unify-layer-2-network/ 美國財政部稱去中心化加密貨幣市場威脅國家安全 https://reurl.cc/WDWK6y 加密幣洗錢更容易　美日韓：北韓境外駭客持續為核武籌錢 https://www.taisounds.com/news/content/84/40051 Aragon將於4月10日開啟「DAO全球駭客松」 https://news.cnyes.com/news/id/5138584 14萬枚比特幣賣壓》Mt.Gox債權人「索賠登記截止」計劃10/31前完成還款 https://www.blocktempo.com/mt-gox-repayment-window-has-opened/ 以太坊聯合創辦人 V 神將於台北舉行的 ETHTaipei 擔任 Keynote Speaker https://reurl.cc/ykX9zM 遭遇「黑吃黑」？解析MEV機器人如何淪為駭客提款機 https://news.cnyes.com/news/id/5136399 鏈上資訊：Sentiment駭客在規定時間內歸還盜取資金將獲得9.5萬美元獎金 https://news.cnyes.com/news/id/5136951 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 惡意軟體Opcjacker假借提供VPN服務散布 https://www.trendmicro.com/en_us/research/23/c/new-opcjacker-malware-distributed-via-fake-vpn-malvertising.html Crypto-Stealing OpcJacker Malware Targets Users with Fake VPN Service https://thehackernews.com/2023/04/crypto-stealing-opcjacker-malware.html 惡意軟體透過加上密碼的WinRAR自解壓縮檔迴避資安系統的偵測 https://www.crowdstrike.com/blog/self-extracting-archives-decoy-files-and-their-hidden-payloads/ 美國報稅網站eFile.com遭到JavaScript惡意軟體入侵 https://www.bleepingcomputer.com/news/security/irs-authorized-efilecom-tax-return-software-caught-serving-js-malware/ Veritas備份軟體遭ALPHV勒索軟體攻擊 https://www.ithome.com.tw/news/156247 微星部分資訊系統遭駭客攻擊陸續恢復正常 https://news.m.pchome.com.tw/finance/cna/20230407/index-16808420337547918003.html 微星傳出遭到勒索軟體Money Message攻擊，索討4百萬美元 https://www.bleepingcomputer.com/news/security/money-message-ransomware-gang-claims-msi-breach-demands-4-million/ 塞浦路斯開放大學傳出遭到勒索軟體Medusa攻擊 https://www.ouc.ac.cy/index.php/en/news-events/news/2847-cyberattack 通過優管設惡意軟件連結駭客利用AI幹案牟利 https://reurl.cc/GeD22x 中國駭客組織RedGolf利用後門程式Keyplug發動攻擊 https://www.recordedfuture.com/with-keyplug-chinas-redgolf-spies-on-steals-from-wide-field-targets 中東組織遭到駭客組織Arid Viper鎖定，針對Windows電腦與行動裝置下手 https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/verblecon-sophisticated-malware-cryptocurrency-mining-discord Arid Viper Hacking Group Using Upgraded Malware in Middle East Cyber Attacks https://thehackernews.com/2023/04/arid-viper-hacking-group-using-upgraded.html 勒索軟體Rorschach濫用Palo Alto Networks的XDR系統元件載入、執行 https://research.checkpoint.com/2023/rorschach-a-new-sophisticated-and-fast-ransomware/ 備份系統Veritas的弱點遭勒索軟體BlackCat利用，入侵受害組織 https://www.mandiant.com/resources/blog/alphv-ransomware-backup Typhon Reborn Stealer Malware Resurfaces with Advanced Evasion Techniques https://thehackernews.com/2023/04/typhon-reborn-stealer-malware.html Typhon Reborn V2: Updated stealer features enhanced anti-analysis and evasion capabilities https://otx.alienvault.com/pulse/642c378d5bb8e14c534c130e Rorschach Ransomware Emerges: Experts Warn of Advanced Evasion Strategies https://thehackernews.com/2023/04/rorschach-ransomware-emerges-experts.html 惡意擴充程式Rilide鎖定Chromium瀏覽器以竊取加密貨幣 https://www.ithome.com.tw/news/156292 以Chromium為基礎的瀏覽器遭到鎖定，惡意軟體Rilide竊取加密貨幣 https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/rilide-a-new-malicious-browser-extension-for-stealing-cryptocurrencies/ New Rilide Malware Targeting Chromium-Based Browsers to Steal Cryptocurrency https://thehackernews.com/2023/04/new-rilide-malware-targeting-chromium.html Rilide: A New Malicious Browser Extension for Stealing Cryptocurrencies https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/rilide-a-new-malicious-browser-extension-for-stealing-cryptocurrencies/ CryptoClippy: New Clipper Malware Targeting Portuguese Cryptocurrency Users https://thehackernews.com/2023/04/cryptoclippy-new-clipper-malware.html Hackers Using Self-Extracting Archives Exploit for Stealthy Backdoor Attacks https://thehackernews.com/2023/04/hackers-using-self-extracting-archives.html Malicious ISO File Leads to Domain Wide Ransomware https://thedfirreport.com/2023/04/03/malicious-iso-file-leads-to-domain-wide-ransomware/ Malicious javascript injected into a tax filing service https://isc.sans.edu/diary/rss/29708 The Rise of FusionCore An Emerging Cybercrime Group from Europe https://www.cyfirma.com/outofband/the-rise-of-fusioncore-an-emerging-cybercrime-group-from-europe/ Technical Analysis of Xloader’s Code Obfuscation in Version 4.3 https://www.zscaler.com/blogs/security-research/technical-analysis-xloaders-code-obfuscation-version-43 The many faces of the IcedID attack kill chain https://www.menlosecurity.com/blog/the-many-faces-of-the-icedid-attack-kill-chain/ Dark Power and PayMe100USD Ransomware https://www.fortinet.com/blog/threat-research/dark-power-and-payme100usd-ransomware Silver Fox large-scale social workers https://reurl.cc/zAXngp Spyware vendors use 0-days and n-days against popular platforms https://otx.alienvault.com/pulse/642d642af9925dfe2aa41e14 Mac Malware MacStealer Spreads as Fake P2E Apps https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/c/mac-malware-macstealer-spreads-as-fake-p2e-apps/IOCs-mac-malware-macstealer-spreads-as-fake-p2e-apps.pdf https://www.trendmicro.com/en_us/research/23/c/mac-malware-macstealer-spreads-as-fake-p2-e-apps.html New Indicators of Compromise (IOCs) Discovered for Windows and Linux-based Backdoor Malware KEYPLUG https://www.csa.gov.sg/alerts-advisories/alerts/2023/al-2023-042 CryptoClippy Speaks Portuguese https://unit42.paloaltonetworks.com/crypto-clipper-targets-portuguese-speakers/ CryptoClippy Speaks Portuguese https://unit42.paloaltonetworks.com/crypto-clipper-targets-portuguese-speakers/ B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 Google Mandates Android Apps to Offer Easy Account Deletion In-App and Online https://thehackernews.com/2023/04/google-mandates-android-apps-to-offer.html 安卓4月例行更新發布，修補2個重大RCE漏洞 https://source.android.com/docs/security/bulletin/2023-04-01 加密通訊軟體Telegram藏汙納垢的情況越來越嚴重，卡巴斯基指出已淪為許多網釣駭客的軍火庫 https://securelist.com/telegram-phishing-services/109383/ 3月底遭Google下架的購物App拼多多，傳出具有擅自提升執行權限的功能，關閉後仍會在後臺運作 https://edition.cnn.com/2023/04/02/tech/china-pinduoduo-malware-cybersecurity-analysis-intl-hnk/index.html 購物App拼多多傳出具備監控功能，關閉後仍會在後臺運作 https://edition.cnn.com/2023/04/02/tech/china-pinduoduo-malware-cybersecurity-analysis-intl-hnk/index.html 網購要小心！拼多多App藏惡意程式竊個資資安專家批「非常可惡」 https://reurl.cc/DmDrm6 快刪除！中國電商巨頭APP藏惡意監控軟體能控制手機 7.5億用戶受害 https://www.wealth.com.tw/articles/4904894b-8283-4e82-9cd6-efd65aae36ca 中國網購App「拼多多」夾藏惡意軟體遭Google下架，海外版「Temu」的全球擴張蒙上陰影 https://www.thenewslens.com/article/183487 5歲女兒借手機玩　美國媽媽半夜驚見「刷卡消費12萬」嚇瘋 https://www.ettoday.net/news/20230405/2473336.htm C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力搜尋引擎Bing的結果有可能遭到錯誤配置的微軟應用程式挾持 https://www.wiz.io/blog/bingbang 2022年DDoS攻擊快速成長　三年暴增487% https://www.technice.com.tw/cloudtech/infosecurity/44973/ 微星遭駭客勒索1.2億用戶需注意更新檔來源 https://ec.ltn.com.tw/article/breakingnews/4263394 微星遭駭客勒索1.2億　公司稱「營運未受影響」 https://finance.ettoday.net/news/2474737 微星遭駭客勒索　繼廣達、宏碁、技嘉後又一樁 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000661190_ZZK0HH64LUN7THLNOZD1G 勒索軟體集團盯上台灣電競大廠　微星證實遭駭客勒索1.2億元 https://www.upmedia.mg/news_info.php?Type=24&SerialNo=169807 VicOne在Pwn2Own 2023駭客競賽現場直擊Tesla Model 3漏洞揭露成功 https://www.cdns.com.tw/articles/776979 AlienFox 駭客工具逐漸普及，可入侵電子信箱及網路託管服務 https://technews.tw/2023/04/07/alienfox-hacking-tools-are-gaining-popularity-in-recent-days/ TriBuzz項目Discord服務器已被入侵 https://news.cnyes.com/news/id/5137468 美歐警方查封駭客市場，逮捕119人 https://reurl.cc/EGD59m 遭駭客入侵！白沙屯媽臉書粉絲團帳號拿不回版主發公告急報案 https://reurl.cc/gZlXKN 白沙屯媽祖粉專管理員帳號遭駭警查出境外IP https://www.cna.com.tw/news/ahel/202304050240.aspx 親俄部落客中國網購帳號被駭撒幣替俄軍買無人機變一堆「鳥」 https://news.ltn.com.tw/news/world/breakingnews/4261662 英國IT服務業者Capita遭到網路攻擊 https://www.bleepingcomputer.com/news/security/capita-cyberattack-disrupted-access-to-its-microsoft-office-365-apps/ 防資安外洩澳洲宣布公部門公務機禁載抖音 https://tyenews.com/2023/04/365581/ 美韓日譴責北韓駭客犯罪活動，呼籲遵守聯合國制裁 https://reurl.cc/a1zKo9 美媒詳解郭文貴滅共歷程籲當局與中共脫鉤徹查內部滲透 https://n.yam.com/Article/20230405333359 紐西蘭情報單位：外國干預企圖持續存在 https://www.rti.org.tw/news/view/id/2164091 美國要求醫療器材商防駭客 https://reurl.cc/V8ebky Italian Watchdog Bans OpenAI's ChatGPT Over Data Protection Concerns https://thehackernews.com/2023/04/italian-watchdog-bans-openais-chatgpt.html Supply Chain Attacks and Critical Infrastructure: How CISA Helps Secure a Nation's Crown Jewels https://thehackernews.com/2023/04/supply-chain-attacks-and-critical.html 3CX Supply Chain Attack — Here's What We Know So Far https://thehackernews.com/2023/03/3cx-supply-chain-attack-heres-what-we.html 網路電話系統開發商3CX遭到供應鏈攻擊，傳出駭客運用10年前的Windows漏洞 https://www.bleepingcomputer.com/news/microsoft/10-year-old-windows-bug-with-opt-in-fix-exploited-in-3cx-attack/ 加密貨幣業者遭到網路電話系統3CX供應鏈攻擊波及，被植入後門程式Gopuram https://securelist.com/gopuram-backdoor-deployed-through-3cx-supply-chain-attack/109344/ Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack https://securelist.com/gopuram-backdoor-deployed-through-3cx-supply-chain-attack/109344/ FBI Cracks Down on Genesis Market: 119 Arrested in Cybercrime Operation https://thehackernews.com/2023/04/fbi-cracks-down-on-genesis-market-119.html Google TAG Warns of North Korean-linked ARCHIPELAGO Cyberattacks https://thehackernews.com/2023/04/google-tag-warns-of-north-korean-linked.html 微軟與Forta聯手，企圖封殺用於攻擊行動的Cobalt Strike伺服器 https://blogs.microsoft.com/on-the-issues/2023/04/06/stopping-cybercriminals-from-abusing-security-tools/ Microsoft Takes Legal Action to Disrupt Cybercriminals' Illegal Use of Cobalt Strike Tool https://thehackernews.com/2023/04/microsoft-takes-legal-action-to-disrupt.html 資安健診工程師-ACSI https://www.linkedin.com/jobs/view/%E8%B3%87%E5%AE%89%E5%81%A5%E8%A8%BA%E5%B7%A5%E7%A8%8B%E5%B8%AB-acsi-at-acer-3556186087/?originalSubdomain=tw D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全用話術逼 ChatGPT 洩密！資安專家示範規避道德限制 https://www.inside.com.tw/article/31217-pressurize-chatgpt-to%20leak-info 三星開放員工使用 ChatGPT，不料 20 天內連爆 3 起機密資訊外洩 https://technews.tw/2023/04/06/samsung-fab-workers-leak-confidential-data-chatgpt/ 員工外洩內部機密！三星開放ChatGPT後出事緊急限縮使用 https://www.ithome.com.tw/news/156291 數位ID驗證解決方案業者OCR Labs曝露開發環境配置檔案，客戶資料面臨洩露風險 https://cybernews.com/security/ocr-labs-exposes-its-systems/ Uber再傳司機資料外洩，起因是法律事務所遭駭 https://www.theregister.com/2023/04/03/uber_drivers_info_stolen/ 刑事局破獲以假基地臺發送釣魚簡訊的網路攻擊與詐騙事件 https://www.cna.com.tw/news/asoc/202304060246.aspx 日本豐田市公告電子郵件洩漏事件，起因為供應商疏於軟體授權更新，導致強制郵件BCC失效 https://www.city.toyota.aichi.jp/pressrelease/1053884/1053944.html 磁碟製造商Western Digital資料外洩，多項雲端備份服務停擺 http://www.businesswire.com/news/home/20230402005076/en/Western-Digital-Provides-Information-on-Network-Security-Incident Western Digital Hit by Network Security Breach - Critical Services Disrupted! https://thehackernews.com/2023/04/western-digital-hit-by-network-security.html 利用 AI 算圖工具 Midjourney 生成過於真實的川普被捕照片，使用者沒獲得解釋就被停權 https://grinews.com/news/%E3%80%90%E6%9C%AC%E9%80%B1%E8%B3%87%E5%AE%89%E4%BA%8B%E4%BB%B6%E6%87%B6%E4%BA%BA%E5%8C%85%E3%80%91%E4%BD%A0%E9%80%99%E9%80%B1%E7%9C%8B%E9%81%8E%E3%80%8C%E5%B7%9D%E6%99%AE%E8%A2%AB%E6%8D%95%E7%85%A7/ 公司想要索取求職者前份工作的薪酬資料？專家：小心誤觸個資法 https://www.managertoday.com.tw/columns/view/66634?utm_source=copyshare 網傳簡訊與網址「汽燃費逾期徴收通知，您的111年度汽燃費逾期金額2880元」 https://tfc-taiwan.org.tw/articles/8985 我國個資正在被出賣 https://disp.cc/b/Gossiping/fXQ7 連鎖餐飲集團強化資安防會員個資外洩 https://ctee.com.tw/news/industry/837738.html 濫用兒童數據！TikTok被英國罰1270萬英鎊 https://reurl.cc/vkXR4A 個資外洩侵害法庭上多認業者應舉證 https://reurl.cc/LNDKL9 電商個資外洩裁罰掛蛋專家：已是長期問題 https://www.epochtimes.com/b5/23/4/5/n13965642.htm 個資外洩國民黨提案最高求償總額20億元 https://reurl.cc/WDWK7O 個資遭竊荷蘭200萬人受害 https://reurl.cc/WDWK9D 矽谷僑領電郵被駭歹徒冒名指示銀行匯款10萬 https://www.worldjournal.com/wj/story/121472/7077324 網絡釣魚詐騙技術升級　使用正當企業電郵進行攻擊 https://unwire.pro/2023/04/05/phishing-30/security/ 跨國聯合行動成功抄掉犯罪個資交易所 https://www.chinatimes.com/realtimenews/20230405003385-260408?chdtv 駭客利用官方E-Mail騙個資　YouTube警告新騙局 https://www.technice.com.tw/cloudtech/infosecurity/45142/ 涉盜5500萬人個資出售泰士兵與護士妻遭拘留 https://reurl.cc/8q7xQX Cyber Police of Ukraine Busted Phishing Gang Responsible for $4.33 Million Scam https://thehackernews.com/2023/03/cyber-police-of-ukraine-busted-phishing.html Are Source Code Leaks the New Threat Software vendors Should Care About? https://thehackernews.com/2023/04/are-source-code-leaks-new-threat.html E.研究報告/工具 Deep Dive Into 6 Key Steps to Accelerate Your Incident Response https://thehackernews.com/2023/03/deep-dive-into-6-key-steps-to.html "It's The Service Accounts, Stupid": Why Do PAM Deployments Take (almost) Forever To Complete? https://thehackernews.com/2023/04/its-service-accounts-stupid-why-do-pam.html Think Before You Share the Link: SaaS in the Real World https://thehackernews.com/2023/04/think-before-you-share-link-saas-in.html Protect Your Company: Ransomware Prevention Made Easy https://thehackernews.com/2023/04/protect-your-company-ransomware.html Sorting Through Haystacks to Find CTI Needles https://thehackernews.com/2023/04/sorting-through-haystacks-to-find-cti.html Anatomy of SQL Window Functions https://towardsdatascience.com/anatomy-of-sql-window-functions-7256d8cf509a 請ChatGPT「預測樂透號碼」真的中獎了他曝超神試算法 https://www.worldjournal.com/wj/story/121480/7078927 AI生成版 Copilot for Word 截圖曝光：可生成摘要、尋找適合文章內容圖片、自動格式化 https://www.techbang.com/posts/105130-win10-win11-copilot-for-word-screenshot-exposure-can-generate F.商業 Google公布Cloud TPU v4 AI晶片技術，號稱效能更快、更節能 https://www.ithome.com.tw/news/156295 Databricks針對製造業推出資料湖倉，加速資料分析和AI用例開發 https://www.ithome.com.tw/news/156266 微軟將改進.NET身分驗證系統，消除對商用專案IdentityServer的依賴 https://www.ithome.com.tw/news/156271 資訊學院聯手中華電信　產學合作培養跨域人才 https://www.nccu.edu.tw/p/406-1000-13909,r17.php?Lang=zh-tw G.政府數位部次長闕河鳴出訪澳洲交流資安、數位韌性 https://ec.ltn.com.tw/article/breakingnews/4261314 分享台灣經驗數位部出席雪梨對談交流資安韌性 https://reurl.cc/d784eM 第一位 GitHub 台灣員工邱慕安加入公共數位創新空間、國家資安研究院 https://www.inside.com.tw/article/31239-muan-head-of-design-systems 修22法！未來侵害關鍵設施核心設備致人於死處無期徒刑 https://www.epochtimes.com/b5/23/4/6/n13966690.htm H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安 CISA Warns of Critical ICS Flaws in Hitachi, mySCADA, ICL, and Nexx Products https://thehackernews.com/2023/04/cisa-warns-of-critical-ics-flaws-in.html ProPump and Controls水泵控制系統曝露多個漏洞 https://www.securityweek.com/unpatched-security-flaws-expose-water-pump-controllers-to-remote-hacker-attacks/ Nexx智慧車庫控制系統存在漏洞，攻擊者可用於破解門鎖、操控警報器 https://medium.com/@samsabetan/the-uninvited-guest-idors-garage-doors-and-stolen-secrets-e4b49e02dadc I.教育訓練 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 6.近期資安活動及研討會跨境數位威權：全球數位威權趨勢對台灣的機遇和挑戰 2023/4/8 https://ocftw.kktix.cc/events/citizenseminar 《數位創新沙龍座談小聚》混合雲轉型：從 IT 到學術的旅程 2023/4/8 https://www.accupass.com/event/2303230824409325135880 超融合架構暨網路資安防護論壇 2023/4/12 https://www.accupass.com/event/2303200150055844623280 Airflow Taiwan User Meetup #3 2023/4/13 https://www.meetup.com/taipei-py/events/292026654/ Fortify 直擊漏洞，佈建合規資安研討會 2023/4/14 https://www.accupass.com/event/2303160227581447651717 網路資安鐘點戰防止威脅入侵的五大戰略 2023/4/12 ~ 5/17 https://www.accupass.com/event/2303250723538886915720 中華民國數位學習學會“數位學習環境下的資安問題”研討會 2023/4/13 https://fdc.tnnua.edu.tw/p/406-1004-38547,r138.php?Lang=zh-tw TWCC-CLI 基本操作 - 計算資源管理自動化 2023/4/14 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4034&from_course_list_url=course_index AI & XR Meetup 2023/4/15 https://www.meetup.com/taiwan-ai-xr-discovery-meetups/events/292574374/ WordPress - 桃園午茶小聚 #23 2023/4/15 https://www.meetup.com/taoyuan-wordpress-meetup/events/292467443/ iPAS-「初級」資訊安全工程師-能力研習衝刺班 2023/4/15、4/22 https://www.cisanet.org.tw/Course/Detail/3948 Taipei dbt Meetup #10 (in-person 👫 & online 👨‍💻)2023/4/16 https://www.meetup.com/taipei-dbt-meetup/events/291861526/ 資安五四三 2023/4/18 https://csa.kktix.cc/events/1f504d33 Hugging Face :Object Detection 2023/4/18 https://www.meetup.com/tensorflow-user-group-taipei/events/290714768/ 平行計算程式設計基礎課程 2023/4/18 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4032&from_course_list_url=course_index 無所不在的混合雲與ZTA交流研討會 2023/4/20 https://www.nehs.hc.edu.tw/?p=14035 資安韌性與金融科技創新 2023/4/21 https://www.accupass.com/event/2303281153102586247910 資安大師班 - 讓專家來為你解密資安實戰 2023/4/21 https://www.accupass.com/event/2303310934086693440470 「Meta 台灣 AR 黑客松」 2023/4/22 ~ 2023/4/23 https://www.arhackathon.tw/ EDB 15 資安新功能 TDE & SSL 保衛資料庫安全 2023/4/26 https://www.accupass.com/event/2303310808018123738370 RSA Conference 2023 2023/4/24 ~ 2023/4/27 https://www.rsaconference.com/usa 如何做好工業控制網路安全 2023/4/27 https://www.accupass.com/event/2303300158119715085090 網站應用程式安全（資安專業課程訓練） 2023/4/28 https://moltke.nccu.edu.tw/Registration/registration.do?action=conferenceInfo&conferenceID=X21031 TWCC-CLI 進階操作- AI/ML 自動流程 2023/5/12 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4035&from_course_list_url=course_index 【實作體驗營】一日駭客x網路弱點滲透 2023/5/13 https://www.accupass.com/event/2303030820005796452650 iPAS中級資訊安全人員訓練班 2023/5/4 ~ 2023/6/1 https://edu.tcfst.org.tw/web/tw/class/show.asp?courseidori=12C013 (ISC)2 SECURITY CONGRESS LEAD WITH CONFINDENCE 2023/10/25 ~ 2023/10/27 https://www.isc2.org/Congress-2023