資安事件新聞週報 2024/3/19 ~ 2024/3/22

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2024/3/19 ~ 2024/3/22 1.重大弱點漏洞/後門/Exploit/Zero Day 美國國防部公布漏洞懸賞專案執行成果，7年來找出逾5萬個漏洞 https://content.govdelivery.com/bulletins/gd/USDODDC3-390288e Kubernetes高風險漏洞恐導致Windows節點遭到接管 https://www.akamai.com/blog/security-research/kubernetes-local-volumes-command-injection-vulnerability-rce-system-privileges China-Linked Group Breaches Networks via Connectwise, F5 Software Flaws https://thehackernews.com/2024/03/china-linked-group-breaches-networks.html CVE-2024-2432-PaloAlto-GlobalProtect-EoP https://github.com/Hagrid29/CVE-2024-2432-PaloAlto-GlobalProtect-EoP Exploit released for Fortinet RCE bug used in attacks, patch now CVE-2023-48788 https://www.bleepingcomputer.com/news/security/exploit-released-for-fortinet-rce-bug-used-in-attacks-patch-now/ Fortinet warns of critical RCE bug in endpoint management software https://www.bleepingcomputer.com/news/security/fortinet-warns-of-critical-rce-bug-in-endpoint-management-software/ 研究人員揭露FlowFixation漏洞，攻擊者有可能用來一鍵接管AWS服務帳號 https://www.tenable.com/blog/flowfixation-aws-apache-airflow-service-takeover-vulnerability-and-why-neglecting-guardrails FortiClient EMS存在危急漏洞，且已被用於攻擊行動 https://www.bleepingcomputer.com/news/security/exploit-released-for-fortinet-rce-bug-used-in-attacks-patch-now/ CVE-2024-21762 Nuclei Template for Scanning FortiGate Firewalls https://bit-sentinel.com/cve-2024-21762-nuclei-template-for-scanning-fortigate-firewalls/ Microsoft 推出 2024 年 3 月 Patch Tuesday 每月例行更新修補包 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10989 Windows 11更新完卻「藍白當機」　筆電、電競掌機「一招恢復」看這邊 https://www.upmedia.mg/news_info.php?Type=24&SerialNo=197409 Researchers Detail Kubernetes Vulnerability That Enables Windows Node Takeover https://thehackernews.com/2024/03/researchers-detail-kubernetes.html Microsoft confirms Windows Server issue behind domain controller crashes https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-windows-server-issue-behind-domain-controller-crashes/ Cisco 發布 IOS XE SD-WAN 軟體安全更新 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrl2vpn-jesrU3fc https://www.cisa.gov/news-events/alerts/2024/03/14/cisco-releases-security-updates-ios-xr-software 思科示警IOS RX高危險漏洞 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10995 GhostRace – New Data Leak Vulnerability Affects Modern CPUs https://thehackernews.com/2024/03/ghostrace-new-data-leak-vulnerability.html CVE-2024-21378 — Remote Code Execution in Microsoft Outlook https://www.netspi.com/blog/technical/red-team-operations/microsoft-outlook-remote-code-execution-cve-2024-21378/ Flashes: QRadar: Hosts with LUKS encryption cannot be upgraded to 7.5.0 Update Pack 8 https://www.ibm.com/support/pages/node/7142062 資料備份軟體Arcserve UDP存在漏洞，有可能對主機散布惡意程式、造成阻斷服務 https://www.tenable.com/security/research/tra-2024-07 Fortra修補檔案傳輸工具FileCatalyst的重大漏洞 https://www.fortra.com/security/advisory/fi-2024-002 https://www.fortra.com/security/advisory/fi-2024-002 https://labs.nettitude.com/blog/cve-2024-25153-remote-code-execution-in-fortra-filecatalyst/ https://github.com/nettitude/CVE-2024-25153 Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool https://thehackernews.com/2024/03/fortra-patches-critical-rce.html 已終止維護的WordPress資安外掛程式存在漏洞，恐導致網站遭到挾持 https://www.wordfence.com/blog/2024/03/critical-vulnerability-remains-unpatched-in-two-permanently-closed-miniorange-wordpress-plugins-1250-bounty-awarded/ Massive Sign1 Campaign Infects 39,000+ WordPress Sites with Scam Redirects https://thehackernews.com/2024/03/massive-sign1-campaign-infects-39000.html Intel、AMD修補處理器新的微架構漏洞 https://www.securityweek.com/chipmaker-patch-tuesday-intel-amd-address-new-microarchitectural-vulnerabilities/ IBM QRadar SIEM M7 Appliances are vulnerable to CVE-2022-21216 https://www.ibm.com/support/pages/node/7144944 GitHub預覽程式碼掃描自動修復功能 https://www.ithome.com.tw/news/161902 程式碼儲存庫GitHub導入新的AI工具，自動修補用戶程式碼的弱點 https://github.blog/2024-03-20-found-means-fixed-introducing-code-scanning-autofix-powered-by-github-copilot-and-codeql/ GitHub Launches AI-Powered Autofix Tool to Assist Devs in Patching Security Flaws https://thehackernews.com/2024/03/github-launches-ai-powered-autofix-tool.html 北約組織向Ivanti通報同步應用系統Standalone Sentry的重大漏洞 https://www.bleepingcomputer.com/news/security/ivanti-fixes-critical-standalone-sentry-bug-reported-by-nato/ https://forums.ivanti.com/s/article/CVE-2023-41724-Remote-Code-Execution-for-Ivanti-Standalone-Sentry https://forums.ivanti.com/s/article/SA-CVE-2023-46808-Authenticated-Remote-File-Write-for-Ivanti-Neurons-for-ITSM CISA傳出遭到Ivanti漏洞攻擊，並指出有2個系統受到影響 https://therecord.media/cisa-takes-two-systems-offline-following-ivanti-compromise Ivanti Releases Urgent Fix for Critical Sentry RCE Vulnerability https://thehackernews.com/2024/03/ivanti-releases-urgent-fix-for-critical.html Atlassian修補CI/CD工具Bamboo重大漏洞 https://www.securityweek.com/atlassian-patches-critical-vulnerability-in-bamboo-data-center-and-server/ https://confluence.atlassian.com/security/security-bulletin-march-19-2024-1369444862.html https://jira.atlassian.com/browse/BAM-25716 Atlassian Releases Fixes for Over 2 Dozen Flaws, Including Critical Bamboo Bug https://thehackernews.com/2024/03/atlassian-releases-fixes-for-over-2.html Chrome 123、Firefox 124正式推出，修補多項高風險漏洞 https://www.securityweek.com/chrome-123-firefox-124-patch-serious-vulnerabilities/ https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html https://www.mozilla.org/en-US/security/advisories/mfsa2024-12/ CVE-2023-29300: Adobe ColdFusion 漏洞 https://teamt5.org/tw/posts/alerts-of-exploiting-adobe-cold-fusion-cve-2023-29300/ APACHE SUPERSET - DATABASE DATA RETRIEVAL THROUGH IMPROPER ERROR HANDLING https://www.obrela.com/blog/apache-superset/ Apple Ｍ系列處理器允許攻擊者發動微架構旁路攻擊，竊取加密演算法機密金鑰 https://www.ithome.com.tw/news/161909 甲骨文推出Java 22，提升開發效率還強化運算效能 https://www.ithome.com.tw/news/161890 Pwn2Own Vancouver 2024登場，參賽團隊首日抱走電動車與高額獎金 https://www.zerodayinitiative.com/blog/2024/3/20/pwn2own-vancouver-2024-day-one-results 2.銀行/金融/保險/證券/金融監理新聞及資安金管會要3家上市櫃租賃訂內控準則年底前查核 https://reurl.cc/80mNpj 衣索比亞銀行系統故障　「ATM免費送錢」學生大排長龍狂領12.7億 https://www.setn.com/news.aspx?newsid=1440933 富邦產險攜手台灣資安主管聯盟呼籲企業重視資安應變計畫 https://udn.com/news/story/7239/7846813 富邦產險舉辦資安管理研討會 https://www.ctee.com.tw/news/20240322700338-439901 高標準重視資安群益期貨領先通過國際驗證 https://www.ctee.com.tw/news/20240321700390-430202 牛市啟動，小心國家級駭客組織正在盯著你的錢包 https://web3caff.com/zh_tc/archives/87378 Microsoft Threat Intelligence unveils targets and innovative tactics amidst tax season https://www.microsoft.com/en-us/security/blog/2024/03/20/microsoft-threat-intelligence-unveils-targets-and-innovative-tactics-amidst-tax-season/ 3.信用卡/電子支付/行動支付/pay/支付系統/資安信用卡盜刷成風招損失：有效防止信用卡被盜用方法 https://finance730.com.hk/2024/03/19/%E4%BF%A1%E7%94%A8%E5%8D%A1-%E7%9B%9C%E7%94%A8/ 跨境打團體戰　支付業先攻日韓 https://news.housefun.com.tw/news/article/626547416250.html LINE Pay用戶小心了！收到這封簡訊千萬別點網址，鎖定1心態「一點就中招」... 5步驟防堵 https://www.businesstoday.com.tw/article/category/183030/post/202403180008/ 方便外國人赴中國旅行　支付寶上線16國語言翻譯 https://www.hk01.com/article/1001850?utm_source=01articlecopy&utm_medium=referral LINE Pay徵人啦！上班早餐免費吃　薪資、福利全曝光 https://www.setn.com/News.aspx?NewsID=1441663 強化阻詐金管會：去年12月警示電子支付帳戶數驟降9成 https://ec.ltn.com.tw/article/breakingnews/4609577 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 NFPrompt遭受駭客攻擊，官方已將所有智慧合約所有權轉移至新地址 https://www.panews.io/zh_hk/sqarticledetails/n0hr1cewFt.html Lazarus Group相關的駭客過去24小時內使用Tornado Cash洗錢1200萬美元的ETH https://news.cnyes.com/news/id/5491532 BNB Chain公布第一季駭客松12個入選項目 https://news.cnyes.com/news/id/5493173 比特幣飆升薩爾瓦多發大財、持有逾129億 https://ec.ltn.com.tw/article/breakingnews/4609522 Matters Lab 成為媒體合作伙伴：ETHTaipei 黑客松獎金突破 200 萬，Vitalik 分享坎昆升級後以太坊藍圖 https://reurl.cc/v0RoxL 幣安分拆其創投部門Binance Labs；BTC今日跌幅超5% https://www.panewslab.com/zh_hk/articledetails/mdu7v2tfFt.html Blast解鎖潮來臨，第一批盜幣者開始收網 https://www.panewslab.com/zh_hk/articledetails/op6t5216Ft.html 區塊鏈平台Berachain在6,900萬美元融資中成為獨角獸，估值達15億美元 https://www.panewslab.com/zh_hk/sqarticledetails/c42qsh3kFt.html 美國賺爆！沒收的21萬枚比特幣價值飆破149億鎂、未實現利潤達2.4倍 https://www.blocktempo.com/us-gov-holds-210392-btc-with-a-2x-unrealized-profit/ Decima Fund完成約3000萬美元募資支持Web3行業並已確定10項投資 https://news.cnyes.com/news/id/5493594 Milady創辦人錢包被盜 https://www.panewslab.com/zh_hk/sqarticledetails/on2095w6Ft.html 民間幣流追蹤高手現身！揪出加密貨幣詐騙集團，手法、話術一次揭露！ https://lnkd.in/equuPwvx 區塊鏈金融犯罪調查師來了！反詐騙高手教你如何蒐證、舉報！ https://lnkd.in/ehYVSCsG 偵六刑警現身說法，攻破加密貨幣投資詐騙最前線！ https://lnkd.in/eWpuE5Dg 台北地檢署洪敏超檢察官：濫用加密貨幣犯罪的手法多變，有效的情資交換是打擊關鍵！ https://lnkd.in/eKhPzJrA 從白帽工程師到國際幣流追蹤 Bitrace 聯合創辦人：弱的 KYC 就會吸引問題資金 https://lnkd.in/exi-ks3N 比以太坊表現更強勢，這 8 大公鏈有什麼值得期待的 https://www.hk01.com/article/1001920?utm_source=01articlecopy&utm_medium=referral ZachXBT：Trezor X帳戶遭攻擊並發布有關SLERF預售的虛假資訊，現已恢復 https://news.cnyes.com/news/id/5497659 混幣器Tornado Cash被控洗錢12億鎂，社群聲援：開源工具與作者不該背鍋 https://www.blocktempo.com/the-mixer-tornado-cash-is-accused-of-laundering-1-2-billion-dollars/ 「MEME預售熱」持續，TON官推也成了駭客目標 https://m.cnyes.com/news/id/5496017 聯合國安理會：北韓駭客對加密公司的網路攻擊，造成約30億美元損失 https://news.knowing.asia/news/4aab37ee-667e-43ef-a8af-7d902735f755 PeckShieldAlert：駭客已將AirDAO被盜資金轉移至MEXC、ChangeNOW和KuCoin https://news.cnyes.com/news/id/5499382 AirDAO單個錢包受損，協議整體不受影響且用戶資金安全 https://news.cnyes.com/news/id/5499196 AirDAO公布駭客攻擊情況：財庫資金安全，總計被盜約41,612,782 AMB和126.5 ETH https://news.cnyes.com/news/id/5499794 從SBF到CZ，加密貨幣交易所創辦人為何總被指控涉嫌洗錢 https://www.blocktempo.com/why-exchange-founders-are-always-accused-of-money-laundering/ 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 勒索軟體StopCrypt出現新變種，藉由多階段執行迴避偵測 https://blog.sonicwall.com/en-us/2024/03/new-multi-stage-stopcrypt-ransomware/ 惡意程式BunnyLoader 3.0被用於竊取受害電腦資料，並散布其他惡意軟體 https://unit42.paloaltonetworks.com/analysis-of-bunnyloader-malware/ 竊資軟體AZORult透過新型態的HTML挾持手法散布 https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites 駭客透過GitHub提供盜版軟體破解程式，意圖散布竊資軟體RisePro https://www.gdatasoftware.com/blog/2024/03/37885-risepro-stealer-campaign-github 北美製造業遭到惡意軟體Ande Loader鎖定 https://www.esentire.com/blog/blind-eagles-north-american-journey 趨勢科技調查...台灣是勒索病毒攻擊最嚴重前五國之一 https://money.udn.com/money/story/5613/7843749?from=edn_subcatelist_cate LockBit 勒索軟體駭客在加拿大認罪後被判處 4 年監禁併罰款 86 萬美元 https://www.enigmasoftware.com/zh-hant/lockbit-ransomware-hacker-sentenced-to-4-years-in-jail-and-860000-fine-after-guilty-plea-in-canada/ HTTP非同步傳輸框架Aiohttp漏洞遭到勒索軟體駭客組織鎖定 https://cyble.com/blog/cgsi-probes-shadowsyndicate-groups-possible-exploitation-of-aiohttp-vulnerability-cve-2024-23334/ 安卓惡意軟體PixPirate採用新型態策略埋藏在背景運作 https://securityintelligence.com/posts/pixpirate-brazilian-financial-malware/ 駭客組織PhantomBlu透過OLE物件在Microsoft 365用戶電腦植入後門 https://perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/ 駭客嘗試透過大型語言模型修改惡意程式，降低被防毒軟體特徵碼察覺的機會 https://www.recordedfuture.com/adversarial-intelligence-red-teaming-malicious-use-cases-ai 資料破壞軟體AcidPour鎖定Linux網路裝置而來 https://www.bleepingcomputer.com/news/security/new-acidpour-data-wiper-targets-linux-x86-network-devices/ 南非公務員退休基金傳出在2月遭遇勒索軟體LockBit攻擊 https://therecord.media/lockbit-ransomware-takes-credit-for-south-african-pension-fund-attack 更多駭客利用TeamCity重大漏洞，散布勒索軟體Jasmin、挖礦程式XMRig、木馬程式SparkRAT https://www.trendmicro.com/en_us/research/24/c/teamcity-vulnerability-exploits-lead-to-jasmin-ransomware.html 中國用戶遭到惡意廣告鎖定，駭客假借提供Notepad++、VNote等應用程式散布滲透測試工具Geacon https://securelist.com/trojanized-text-editor-apps/112167/ Malicious Ads Targeting Chinese Users with Fake Notepad++ and VNote Installers https://thehackernews.com/2024/03/malicious-ads-targeting-chinese-users.html LockBit Ransomware Hacker Ordered to Pay $860,000 After Guilty Plea in Canada https://thehackernews.com/2024/03/lockbit-ransomware-hacker-ordered-to.html Ransomware Roundup – RA World https://www.fortinet.com/blog/threat-research/ransomware-roundup-ra-world Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites https://thehackernews.com/2024/03/hackers-using-sneaky-html-smuggling-to.html Malware Alert! Hackers Attacking Indian Android users With Malware-as-a-Service https://cybersecuritynews.com/malware-alert-hackers-android/#google_vignette CryptoWire Ransomware Attacking Abuses Schedule Task To maintain Persistence https://gbhackers-com.cdn.ampproject.org/c/s/gbhackers.com/cryptowire-ransomware-persistence-schedule-task-buse/amp/ Suspected Russian Data-Wiping 'AcidPour' Malware Targeting Linux x86 Devices https://thehackernews.com/2024/03/suspected-russian-data-wiping-acidpour.html 研究人員揭露Deep#Gosu攻擊行動，北韓駭客打造PowerShell及VBS惡意軟體對Windows電腦下手 https://www.securonix.com/blog/securonix-threat-research-security-advisory-new-deepgosu-attack-campaign/ New DEEP#GOSU Malware Campaign Targets Windows Users with Advanced Tactics https://thehackernews.com/2024/03/new-deepgosu-malware-campaign-targets.html TeamCity Flaw Leads to Surge in Ransomware, Cryptomining, and RAT Attacks https://thehackernews.com/2024/03/teamcity-flaw-leads-to-surge-in.html New BunnyLoader Malware Variant Surfaces with Modular Attack Features https://thehackernews.com/2024/03/new-bunnyloader-malware-variant.html From Deepfakes to Malware: AI's Expanding Role in Cyber Attacks https://thehackernews.com/2024/03/from-deepfakes-to-malware-ais-expanding.html New BunnyLoader Malware Variant Surfaces with Modular Attack Features https://thehackernews.com/2024/03/new-bunnyloader-malware-variant.html 竊資軟體AndroxGh0st鎖定網頁應用程式框架Laravel，盜取雲端服務帳密 https://blogs.juniper.net/en-us/security/shielding-networks-against-androxgh0st AndroxGh0st Malware Targets Laravel Apps to Steal Cloud Credentials https://thehackernews.com/2024/03/androxgh0st-malware-targets-laravel.html Russian Hackers May Have Targeted Ukrainian Telecoms with Upgraded 'AcidPour' Malware https://thehackernews.com/2024/03/russian-hackers-target-ukrainian.html Over 800 npm Packages Found with Discrepancies, 18 Exploitable to 'Manifest Confusion' https://thehackernews.com/2024/03/over-800-npm-packages-found-with.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊比利時高官配安全手機曝訪陸每小時被駭135次 https://udn.com/news/story/6809/7834483?from=udn-catelistnews_ch2 安卓手機用戶小心這款木馬程式偷走你的錢 https://reurl.cc/mrK7MA 安卓用戶快看！新木馬病毒「隱藏App圖標」發現時錢已被偷轉光 https://reurl.cc/krKkOb 百萬換機潮來了！3G系統6月關閉電信三雄搶客 https://www.chinatimes.com/realtimenews/20240315000911-260410?chdtv SIM卡挾持攻擊出現新手法，鎖定eSIM設備發動攻擊 https://www.facct.ru/media-center/press-releases/esim-bank-attacks/ 蘋果開放歐盟地區可從第三方 App Store 下載安裝應用，但限制繁多 https://netmag.tw/2024/03/19/apple-allows-users-to-download-ios-apps-from-website-but-only-eu-regions 蘋果在Safari 17引入的進階音訊指紋辨識保護機制遭到破解 https://www.ithome.com.tw/news/161711 環球卡4/1終止服務中華電：代辦業務依公告為準 https://reurl.cc/E49O5a 蘋果為何壟斷?iPhone限制用戶發簡訊、試用App、行動支付 https://www.worldjournal.com/wj/story/121468/7848589 美國司法部、16州控告蘋果壟斷智慧型手機市場 https://www.ithome.com.tw/news/161904 iOS 17.4.1 正式版釋出！新 iOS、iPadOS 9 大重點更新、功能增強全整合 https://reurl.cc/37zY39 U.S. Justice Department Sues Apple Over Monopoly and Messaging Security https://thehackernews.com/2024/03/us-justice-department-sues-apple-over.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力資安員工累了引進AI技術及提升福利減少人才流失 https://www.technice.com.tw/techmanage/infosecurity/101536/ 【上市櫃資安事件背後的企業挑戰】導致資安事件常見問題是管理疏失，普遍組織高層仍缺乏事件應變團隊概念 https://www.ithome.com.tw/news/161876 DEVCORE資安研討會登場，揭露最新攻擊技術手法與企業資安破口 https://www.ithome.com.tw/news/161917 寶可夢公司網站發布警訊，有人疑似對玩家發動帳號填充攻擊 https://techcrunch.com/2024/03/19/pokemon-resets-some-users-passwords-after-hacking-attempts/ 尷尬！台南復興國小臉書慘遭駭客入侵「狂發色情影片」校方急報警 https://new-reporter.com/news/214207 傳遭駭客勒索台積電：為IT硬體供應商、不影響生產營運 https://reurl.cc/YVAXla 傳宏碁遭駭客勒索調查局：已立案偵辦 https://reurl.cc/aLWY2l 大型醫療保健公司遭網路攻擊為醫療保健業界帶來嚴重財務困擾 https://www.ktsf.com/2024/03/15/healthcare-industry-cyber-attack/ 駭客攻擊？多國麥當勞同步「系統故障」總部發聲了 https://www.chinatimes.com/realtimenews/20240315004683-260408 麥當勞全球CIO揭露全球大當機主因，第三方供應商配置變更出包才釀災 https://www.ithome.com.tw/news/161802 國際貨幣基金組織證實遭遇網路攻擊，11個電子郵件帳號被駭 https://www.imf.org/en/News/Articles/2024/03/15/pr2488-imf-investigates-cyber-security-incident https://www.bleepingcomputer.com/news/security/international-monetary-fund-email-accounts-hacked-in-cyberattack/ 南韓公務員這原因愛用私人信箱辦公　專家警告增加資安風險 https://www.storm.mg/article/5059784 歐盟查阿里速賣通是否遵守數位市場法 https://www.chinatimes.com/realtimenews/20240315002295-260410?chdtv 駭客駭入中共網站學者：有助中國民眾了解真相 https://www.epochtimes.com/b5/24/3/17/n14204552.htm 中評網爆中國總理示警「國家將亡」　情治單位研判駭客全面啟動 https://www.ftvnews.com.tw/news/detail/2024316W0209 中評社疑遭駭客入侵遭植入冒名總理李強“國家將亡”假報告 https://reurl.cc/09N8yb 針對中國資助的駭客Volt Typhoon持續鎖定關鍵基礎設施攻擊，美國提供防禦指引 https://www.cisa.gov/resources-tools/resources/prc-state-sponsored-cyber-activity-actions-critical-infrastructure-leaders 思打廢 242 中共派駭客駭侵多國政府機關竊取資料 https://www.youtube.com/watch?v=tfTnRwD7TuI 駭客組織駭入中共網站「讓世界看到兩會隱瞞的真相」 https://reurl.cc/OGW4E7 中國大陸國安部親解網路安全法4亮點：實名制是「照妖鏡」 https://www.chinatimes.com/realtimenews/20240318001043-260409 10國外交部、38個政府機構遭駭！中國APT駭客組織鎖定45國116單位攻擊 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10996 香港基本法23條三讀通過　「這些行為」通通觸犯港版國安罪 https://www.ftvnews.com.tw/news/detail/2024319W0282 對新國安法保持警惕在港外國公司加強應急計劃 https://reurl.cc/M4lnen 中國企業遭舉報網攻揭境外駭客大規模滲透政府系統 https://reurl.cc/bDOZ9M 曹興誠：「反分裂法」是中共白紙黑字的陽謀 https://reurl.cc/RWZKy9 資安業者趨勢科技揭露中國駭客組織Earth Lusca的攻擊行動 https://www.ithome.com.tw/news/161607 中國駭客組織Earth Krahang鎖定45個國家、逾100個組織而來 https://www.trendmicro.com/en_us/research/24/c/earth-krahang.html 靠駭客壯大軍備！聯合國：北韓外匯收入約 50% 來自網路攻擊 https://zombit.info/un-north-korea-hack-report/ 雲端服務帳號遭到俄羅斯駭客組織APT29鎖定，成為對方重要的入侵管道 https://www.darkreading.com/cloud-security/russia-s-midnight-blizzard-targeting-service-accounts-for-initial-cloud-access RedCurl Cybercrime Group Abuses Windows PCA Tool for Corporate Espionage https://thehackernews.com/2024/03/redcurl-cybercrime-group-abuses-windows.html WordPress Admins Urged to Remove miniOrange Plugins Due to Critical Flaw https://thehackernews.com/2024/03/wordpress-admins-urged-to-remove.html 新型態攻擊手法Loop DoS有可能影響30萬個線上系統 https://www.bleepingcomputer.com/news/security/new-loop-dos-attack-may-impact-up-to-300-000-online-systems/ https://cispa.de/en/loop-dos https://kb.cert.org/vuls/id/417980 New 'Loop DoS' Attack Impacts Hundreds of Thousands of Systems https://thehackernews.com/2024/03/new-loop-dos-attack-impacts-hundreds-of.html 美各州供水、汙水系統遭駭客攻擊蘇利文點名中國跟伊朗 https://udn.com/news/story/6813/7847529 美國對水利系統業者提出警告，駭客鎖定全國各地有關的關鍵基礎設施發動攻擊 https://www.bleepingcomputer.com/news/security/white-house-and-epa-warn-of-hackers-breaching-water-systems/ https://www.epa.gov/system/files/documents/2024-03/epa-apnsa-letter-to-governors_03182024.pdf https://www.epa.gov/newsreleases/biden-harris-administration-engages-states-safeguarding-water-sector-infrastructure U.S. EPA Forms Task Force to Protect Water Systems from Cyberattacks https://thehackernews.com/2024/03/us-epa-forms-task-force-to-protect.html U.S. Sanctions Russians Behind 'Doppelganger' Cyber Influence Campaign https://thehackernews.com/2024/03/us-sanctions-russians-behind.html Russian Hackers Target Ukrainian Telecoms with Upgraded 'AcidPour' Malware https://thehackernews.com/2024/03/russian-hackers-target-ukrainian.html 歐洲非政府組織遭到俄羅斯駭客組織攻擊，被植入後門程式TinyTurla-NG https://blog.talosintelligence.com/tinyturla-full-kill-chain/ Russia Hackers Using TinyTurla-NG to Breach European NGO's Systems https://thehackernews.com/2024/03/russia-hackers-using-tinyturla-ng-to.html Security Architect (資安架構師) in undefined at Logicalis https://reurl.cc/v0RoZk 資安工程師(亞東證券) https://www.cakeresume.com/companies/ddmc-feg-3bb3a8/jobs/information-security-engineer-yadong-securities 駐點資安服務工程師(南港東明站3/21小徵)【2024/03/21~2024/03/21 14:00~16:00 南港東明站3/21(四)下午2-4點小徵】 https://job.taiwanjobs.gov.tw/Internet/index/JobDetail.aspx?R2=11&EMPLOYER_ID=528812&HIRE_ID=12632637 中華電信今年徵才逾2千人畢業季節大舉前進校園招募新血 https://www.1111.com.tw/news/jobns/155387 資安工程師(IIT10台北) https://www.104.com.tw/job/89uyw?jobsource=n104bank2 5B新光銀行-資訊安全管理師 https://www.1111.com.tw/job/130185961/ 資訊安全分析師 https://www.104.com.tw/job/85ugj?jobsource=m_job_same_b 資安工程師 https://jobs.smartrecruiters.com/SGS/743999975372018-- 資安人員(資安管理室) https://www.1111.com.tw/job/130187048/ 總公司_資安管理人員※英文必須※－知名日系保險公司（17559） https://www.1111.com.tw/job/130188006/ D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全警揭詐團新騙術假冒警方再騙一次 https://www.epochtimes.com/b5/24/3/15/n14203221.htm 小心上當！詐騙集團假冒警察、律師　創假網站、臉書社團二次詐騙 https://ctinews.com/news/items/pRnY2317WY 惡劣詐團盜「台北市反詐中心」剝兩層皮｜刑事局預防科網巡查獲全力圍堵 https://news.owlting.com/articles/637666 追回被詐款項是假的　刑事局提醒慎防二次詐騙 https://cnews.com.tw/204240315a04/ 中國駭客公布高雄軍警法界公務員個資　高市府：舊資料移花接木 https://www.upmedia.mg/news_info.php?Type=24&SerialNo=197232 高雄公教人員個資全都露？駭客宣稱漏洞來自此處 https://money.udn.com/money/story/5930/7835607?from=edn_newestlist_rank 魔鬼藏在細節裡！這幾招辨別「釣魚簡訊」 https://reurl.cc/M4K9Ep Nissan資安事件造成10萬客戶個資遭竊 https://www.technice.com.tw/techmanage/infosecurity/100998/ 投資群組教唆激怒行員阻止關懷刑事局：全是詐騙話術 https://news.ltn.com.tw/news/Taipei/breakingnews/4610616 警銀聯手阻詐有成效詐團教導被害人反制話術 https://www.cdns.com.tw/articles/977485 LINE輔助認證詐騙勿點開！　趨勢：近期狂騷擾民眾應小心別上當 https://finance.ettoday.net/news/2702370 詐騙新招！LINE Pay「假網址真客服」　專家：認明這點可防範 https://www.ftvnews.com.tw/news/detail/2024318F09M1 公益機構成詐騙魚餌：前移民署長莫天虎被告 https://www.npo.org.tw/npo165/OnePage.aspx?mid=2&id=23 網傳臉書廣告、粉專「專業律師團幫你找回被詐騙的錢」 https://tfc-taiwan.org.tw/articles/10396 網傳Google所寄電郵：「我們收到了其他用戶對您在平台上某些違規行為的檢舉。經審核，檢舉內容屬實，對此您有三天的時間提出行為申訴」 https://tfc-taiwan.org.tw/articles/10397 購物、銀行都用相同密碼，方便好記？錯！學會3方法，讓你身家不被一次破解 https://smart.businessweekly.com.tw/Reading/IndepArticle.aspx?ID=6014478 2023年近1,300萬組帳密資料在GitHub曝光 https://www.gitguardian.com/state-of-secrets-sprawl-report-2024 電信業者AT&T傳出資料外洩，影響7千萬人，但該公司強調他們的系統並未遭駭 https://www.bleepingcomputer.com/news/security/att-says-leaked-data-of-70-million-people-is-not-from-its-systems/ 旅遊旺季騙案升！旅遊別忘這10個防詐訣竅 https://n.yam.com/Article/20240318831711#google_vignette 2023年台灣網路詐騙逾285萬件 https://www.eettaiwan.com/20240319nt21-scam-security/ 南華體育會電腦資料外洩私隱公署調查約 70000 人受影響 https://reurl.cc/eLY47x 俄羅斯駭客APT28針對歐洲、美洲、亞洲展開廣泛的網路釣魚攻擊 https://securityintelligence.com/x-force/itg05-leverages-malware-arsenal/ 色情詐騙入侵東區復小新開粉專強化防盜 https://www.cdns.com.tw/articles/978993 詐騙再現！幫忙「LINE認證」攏是假　一點就上鉤個資外洩 https://today.line.me/tw/v2/article/mWwkZzw TikTok在美國所面臨的困境——用戶資安與言論自由之掙扎 https://ai.iias.sinica.edu.tw/struggling-of-tiktok-in-usa/ 假購物真騙錢？　「誆幫看手相」婦強索666元紅包 https://news.cts.com.tw/cts/society/202403/202403202300787.html 【詐騙】網傳簡訊「LINE Pay帳戶登入異常，登入帳號線上解除異常狀態」 https://tfc-taiwan.org.tw/articles/10406 配置不當的Firebase曝露近2千萬筆明文帳密資料 https://env.fail/posts/firewreck-1/ 電郵威脅風險創新高　偽冒順豐、中國稅務局詐騙 https://www.pcmarket.com.hk/green-radar-greti-raise-to-highest-hacker-pretend-to-be-sf-express-ccp-government/ 資安學者李忠憲被盜用照片賣股票警方：小心投資型詐騙 https://news.ltn.com.tw/news/society/breakingnews/4615840 美指中國收購媒體造假訊息　中方強烈不滿 https://www.setn.com/news.aspx?newsid=1442094 New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT https://thehackernews.com/2024/03/new-phishing-attack-uses-clever.html APT28 Hacker Group Targeting Europe, Americas, Asia in Widespread Phishing Scheme https://thehackernews.com/2024/03/apt28-hacker-group-targeting-europe.html Hackers Using Cracked Software on GitHub to Spread RisePro Info Stealer https://thehackernews.com/2024/03/hackers-using-cracked-software-on.html GhostRace – New Data Leak Vulnerability Affects Modern CPUs https://thehackernews.com/2024/03/ghostrace-new-data-leak-vulnerability.html Hackers Claim 740GB of Data Stolen from Viber VOIP Platform https://gbhackers-com.cdn.ampproject.org/c/s/gbhackers.com/hackers-claim-of-data-stolen/amp/ 富士通證實IT系統遭到惡意軟體入侵，客戶資料恐外流 https://pr.fujitsu.com/jp/news/2024/03/15-1.html Fujitsu found malware on IT systems, confirms data breach https://www.bleepingcomputer.com/news/security/fujitsu-found-malware-on-it-systems-confirms-data-breach/ Hackers Exploiting Popular Document Publishing Sites for Phishing Attacks https://thehackernews.com/2024/03/hackers-exploiting-popular-document.html E-Root Marketplace Admin Sentenced to 42 Months for Selling 350K Stolen Credentials https://thehackernews.com/2024/03/e-root-marketplace-admin-sentenced-to.html 900+ Websites Exposing 10M+ Passwords: Most In Plaintext https://gbhackers.com/websites-exposing-10m-passwords/ Stanford University Hacked – Attackers Breached The Internal Network https://reurl.cc/g45y4p Ukraine Arrests Trio for Hijacking Over 100 Million Email and Instagram Accounts https://thehackernews.com/2024/03/ukraine-arrests-trio-for-hijacking-over.html E.研究報告/工具企業必備資料保護五大守則！避免數位資料「毀滅性災難」，資料備份+緊急救援雙管齊下才能萬無一失！ https://www.inside.com.tw/article/34471-EaseUS 研究人員揭露Google Gemini聊天機器人潛在的威脅 https://hiddenlayer.com/research/new-google-gemini-content-manipulation-vulns-found/ 研究人員揭露新型態推測執行攻擊GhostRace，影響多種架構的處理器 https://thehackernews.com/2024/03/ghostrace-new-data-leak-vulnerability.html Gartner：AI生成的深度偽造將影響身分認證與驗證方案的可靠度 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10983 報告：2024年 IT 管理的優先投資項目出現轉變，安全性仍為首要任務 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10987 除 Google Gemini 外，新旁路攻擊能破解和主流 AI 聊天機器人的聊天內容 https://infosecu.technews.tw/2024/03/19/hackers-can-read-private-ai-assistant-chats-even-though-theyre-encrypted/ 網路勒索手法精進損害更大企業加強資安升級 https://www.technice.com.tw/techmanage/infosecurity/101759/ 企業採納威脅狩獵策略的 5 個好處 https://teamt5.org/tw/posts/5-benefits-of-threat-hunting-strategies-for-enterprises/ 解決AI潛在危害：紅隊測試成為新手段，但人工智慧安全仍需多元化防禦戰略 https://www.techbang.com/posts/113967-ai-models-red-teaming-tests 軟體安全評估工具GUAC成OpenSSF孵化專案 https://www.ithome.com.tw/news/161675 夠用就好！重新審視品質開支 https://www.ithome.com.tw/voice/161918 Implementing Zero Trust Controls for Compliance https://thehackernews.com/2024/03/implementing-zero-trust-controls-for.html How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl https://thehackernews.com/2024/03/how-to-accelerate-vendor-risk.html Crafting and Communicating Your Cybersecurity Strategy for Board Buy-In https://thehackernews.com/2024/03/crafting-and-communicating-your.html A case of missing bytes: bruteforcing your way through Jenkins' CVE-2024-23897 https://www.errno.fr/bruteforcing_CVE-2024-23897.html CVE-2024-27307: Critical Flaw in Popular JSONata Library Could Lead to Code Execution https://reurl.cc/bDpgaX Third-Party ChatGPT Plugins Could Lead to Account Takeovers https://thehackernews.com/2024/03/third-party-chatgpt-plugins-could-lead.html Making Sense of Operational Technology Attacks: The Past, Present, and Future https://thehackernews.com/2024/03/making-sense-of-operational-technology.html 3 Things CISOs Achieve with Cato https://thehackernews.com/2024/03/3-things-cisos-achieve-with-cato.html A patched Windows attack surface is still exploitable https://securelist.com/windows-vulnerabilities/112232/ Third-Party ChatGPT Plugins Could Lead to Account Takeovers https://thehackernews.com/2024/03/third-party-chatgpt-plugins-could-lead.html Secret Scanner for Jira and Confluence: CVE-2023–22515 Defense in Depth https://pentestmag.com/secret-scanner-for-jira-and-confluence-cve-2023-22515-defense-in-depth/ Generative AI Security - Secure Your Business in a World Powered by LLMs https://thehackernews.com/2024/03/generative-ai-security-secure-your.html APIs Drive the Majority of Internet Traffic and Cybercriminals are Taking Advantage https://thehackernews.com/2024/03/apis-drive-majority-of-internet-traffic.html F.商業 Google Introduces Enhanced Real-Time URL Protection for Chrome Users https://thehackernews.com/2024/03/google-introduces-enhanced-real-time.html Chrome安全性再提升將阻止25%釣魚網站攻擊 https://reurl.cc/bDKqOo Google推出實時網址檢查升級安全網頁瀏覽功能防範更多釣魚網站 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10993 趨勢科技提出2024資安解惑必備策略，打通企業資安治理瓶頸 https://www.trendmicro.com/zh_tw/research/24/b/2024-Cybersecurity-Trends.html 以內建AI的網路韌性即時抵抗勒索軟體 https://www.eettaiwan.com/20240315np22-fights-ransomware-in-real-time-with-built-in-ai-solutions/ 微軟將從4月起推出Copilot for Security服務將人工智慧服務導入網路安全應用 https://reurl.cc/VNbgzy 微軟預告資安AI模型Copilot for Security將於4月1日正式上市 https://www.ithome.com.tw/news/161763 微軟公布第一批有Copilot專用鍵的Surface AI電腦 https://www.ithome.com.tw/news/161907 【你公司也這樣矛盾嗎】重視資安偵測但不想請人── Red Hat 揭 2024 全球技術觀察 https://today.line.me/tw/v2/article/wJBj1zE 台南擴建資料中心何時兌現 Google：評估市場需求 https://www.rti.org.tw/news/view/id/2199232 Fortinet SASE 台灣網路連接點今年落成 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10992 Fortinet SASE 台灣網路連接點今年落成！用戶網路體驗及安全防護更臻完備 https://www.techbang.com/posts/113885-fortinet-sase-taiwan-network-connectivity-point-was-completed NuGet.org套件庫簽署憑證將於4/8更新 https://www.ithome.com.tw/news/161824 提高TLS安全! 微軟將淘汰Windows系統1024位元RSA金鑰 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10997 思科合體Splunk 啖AI商機 280億美元收購案提前半年完成！ https://www.ctee.com.tw/news/20240320700112-439901 思科完成收購Splunk https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10999 融合VDI與ADC建構零信任網路　Citrix統一平台兼顧安全效能 https://www.netadmin.com.tw/netadmin/zh-tw/snapshot/2DCFB8991E924CB7BD3753D3D3EA4165#google_vignette Let's Encrypt推出新的憑證透明度日誌服務Sunlight https://www.ithome.com.tw/news/161820 AWS 助力遠東 SOGO 搶攻週年慶商機，雲端服務開啟智慧零售、創下業績新高 https://buzzorange.com/techorange/2024/03/21/aws-sogo-anniversary-2024/ G.政府政府碳排資料庫擬6月上路盼業者主動登錄 https://www.rti.org.tw/news/view/id/2199181 網友踢爆新北公車Wi-Fi使用華為介面恐出現資安漏洞 https://news.ltn.com.tw/news/politics/breakingnews/4610174 新北公車免費Wi-Fi使用華為介面？交通局：請業者清查確認 https://news.ltn.com.tw/news/politics/breakingnews/4610186 新北公車WiFi疑用華為介面！網憂資安　交通局：清查2500輛公車 https://tw.nextapple.com/life/20240317/C4CD3B1AC1FAA4F1E555AA52378D52F2 新北公車Wi-Fi用5年「中國華為介面」！網炎上：台灣人個資免費送出了 https://www.ftvnews.com.tw/news/detail/2024317W0021 公車WiFi遭疑出現華為頁面新北清查無相關設備 https://wp.taronews.tw/2024/03/18/970376/ 臺灣兩個公共場所出現華為設備畫面的情況，引發資安疑慮 https://www.facebook.com/vic2211/posts/10231689078665539 https://news.ltn.com.tw/news/politics/breakingnews/4610174 https://www.ntpc.gov.tw/ch/home.jsp?id=e8ca970cde5c00e1&dataserno=83d63725a569a83f729385a94ab17ec3 https://www.ntpc.gov.tw/ch/home.jsp?id=e8ca970cde5c00e1&dataserno=c011b840e5e05c69e879d1db08be5592 https://news.ltn.com.tw/news/Tainan/breakingnews/4610268 尷尬！「華為」深夜當機「亮」在台南街頭 https://news.ltn.com.tw/news/life/breakingnews/4610268 台南大型電子廣告看板當機　斗大「華為通訊」畫面定格4小時 https://www.ettoday.net/news/20240317/2701765.htm 華為設備電子看板資安風險南市府：依法查察 https://news.ltn.com.tw/news/politics/breakingnews/4613482 防網紅誤導風險金管會3管齊下強化ETF監理 https://www.rti.org.tw/news/view/id/2199179 台灣民間兵推聚焦中共灰色地帶威脅 https://reurl.cc/13NEvm 巴拉圭科技部長訪台取經資安強化經驗 https://today.line.me/tw/v2/article/GgpX95y 2300萬戶政個資外洩至今偵查不公開挨告內政部回應了 https://udn.com/news/story/6656/7836761 數發部防禦力超強！唐鳳領軍逼退「境外敵對勢力」 https://reurl.cc/4j9W1K 賠2.8億才要交報告？換發eID政府該做的事 https://www.peoplenews.tw/articles/e0668b60d0 數位身分證喊卡立院設調閱小組 https://udn.com/news/story/6656/7839941 數位身分證耗14億　立院調閱小組追失職 https://news.housefun.com.tw/news/article/495249416249.html 民主峰會唐鳳示警選舉年AI深偽技術風險 https://www.rti.org.tw/news/view/id/2199400 台灣受邀民主峰會唐鳳預錄影片現身惹怒中共 https://reurl.cc/54nWrv 唐鳳受邀民主峰會遠距致詞分享台灣因應假訊息作法 https://ec.ltn.com.tw/article/breakingnews/4611943 台南某國小臉書遭「色情詐騙」洗版　綠議員曝「這數據」要求改善 https://www.ftvnews.com.tw/news/detail/2024319W0192 台南復興國小臉書粉團遭駭南市將通訊軟體納資安管理規範 https://udn.com/news/story/7326/7841316 綠委問台灣是否會禁抖音？唐鳳：列危害產品 http://hk.crntt.com/doc/1069/0/6/1/106906128.html?coluid=7&kindid=0&docid=106906128&mdate=0319182726 美國禁TikTok！台灣是否跟進　唐鳳：已跟TikTok新加坡總公司談過 https://today.line.me/tw/v2/article/qoBXKL9 TikTok怎麼管？唐鳳：須先有新版「資安法」與「打詐專法」 https://www.rti.org.tw/news/view/id/2199644 高雄市觀光局傳出網站遭駭，疑為舊資料拼湊而成 https://udn.com/news/story/7241/7835607 https://www.upmedia.mg/news_info.php?Type=24&SerialNo=197232 美將助台取得LINK-22系統！趙怡翔：北約規格有效防駭客！可連結美日英法盟軍資訊 https://www.youtube.com/watch?v=6Qc9lmrb2Qg 陳永康呼籲建立三軍電子共同作戰圖像！黃創夏：陸軍長期沒有更新！還用圓規跟防水套地圖 https://www.youtube.com/watch?v=vf4rTT4Kvyo 全球系統整合商大會數位部見證簽署9項MOU https://www.rti.org.tw/news/view/id/2199527 數位部出席布拉格資安大會分享我國通訊韌性應變經驗 https://money.udn.com/money/story/5613/7843222?from=edn_newest_index 工研院推升AIoT產業鏈結國際再升級　攜手Arm創建世界級系統驗證中心 https://www.itri.org.tw/ListStyle.aspx?DisplayStyle=01_content&SiteID=1&MmmID=1036276263153520257&MGID=113032013221657069 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安 SCADA 'in the cloud': new guidance for OT organisations https://www.ncsc.gov.uk/blog-post/scada-cloud-new-guidance-ot-organisations 英國發布雲端SCADA安全指引 https://www.securityweek.com/uk-government-releases-cloud-scada-security-guidance/ 醫療OT資安須重視！Claroty：超過6成 KEV羅列漏洞存在於醫療機構網路 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10991 部分品牌家用可視門鈴安全性差存被駭風險 https://www.epochtimes.com/b5/24/3/17/n14204733.htm 美國通過「物聯網產品信任標章計畫」有望成全球標準 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10994 台積電的資安攻防戰，如何順便催生全球首個半導體資安標準 https://buzzorange.com/techorange/2024/03/19/tsmc-and-semi-e187/ 中共國的電動汽車一旦開放，將遭受敵國遠端監控的風險 https://www.mobile01.com/topicdetail.php?f=294&t=6933806 白帽駭客展驚人技術：輕鬆破解 RFID，數百萬飯店門幾秒鐘就能開 https://www.inside.com.tw/article/34552-saflok-hotel-lock-unsaflok-hack-technique I.教育訓練 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 6.近期資安活動及研討會社團法人台灣駭客協會 113 年度會員春酒 2024/3/27 https://hitcon.kktix.cc/events/hit-banquet-113 Jamf 與 Microsoft 的最佳實踐：從 Apple 到多平台的裝置管理與安全 2024/3/29 https://jamf.kktix.cc/events/jamfxmicrosoft 無人機資安風險與企業資安人力部署的困境 2024/3/30 https://forms.gle/7Q2DXtsziCt7kQqz8 中區(實體)--校園資安作業與外部審查實務 2024/4/8 https://tp2rc.tanet.edu.tw/node/790 資安稽核實務 2024/4/11-2024/4/12 https://moltke.nccu.edu.tw/Registration/registration.do?action=conferenceInfo&conferenceID=X22536 「工業自動化控制系統-資安指引」說明會 2024/5/10 https://www.tairoa.org.tw/column/bnGenerator.aspx?Language=zh-TW&CategoryId=5&ColumnId=13731 資通安全概論--中區--考前複習班 2024/6/4 https://moltke.nccu.edu.tw/Registration/registration.do?action=conferenceInfo&conferenceID=X22767 AI應用系統開發與生成式AI應用人才培訓班第一梯次 2024/6/27 ~ 2024/8/9 https://www.accupass.com/event/2401100729511706489107