資安事件新聞週報 2023/9/18 ~ 2023/9/22

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2023/9/18 ~ 2023/9/22 1.重大弱點漏洞/後門/Exploit/Zero Day Fortinet 發布多個產品的安全公告 https://www.cisa.gov/news-events/alerts/2023/09/15/fortinet-releases-security-updates-multiple-products Fortinet修補防火牆作業系統、上網安全閘道、WAF的高風險漏洞 https://www.securityweek.com/fortinet-patches-high-severity-vulnerabilities-in-fortios-fortiproxy-fortiweb-products/ Fortinet修補防火牆作業系統、上網安全閘道、WAF的高風險漏洞 https://www.securityweek.com/fortinet-patches-high-severity-vulnerabilities-in-fortios-fortiproxy-fortiweb-products/ 1.2萬臺Juniper網路安全設備曝露於無需身分驗證的RCE漏洞 https://vulncheck.com/blog/juniper-cve-2023-36845 Nearly 12,000 Juniper Firewalls Found Vulnerable to Recently Disclosed RCE Vulnerability https://thehackernews.com/2023/09/over-12000-juniper-firewalls-found.html 趨勢科技修補端點防護產品已被用於攻擊行動的零時差漏洞 https://www.bleepingcomputer.com/news/security/trend-micro-fixes-endpoint-protection-zero-day-used-in-attacks/ https://success.trendmicro.com/dcx/s/solution/000294994 https://www.jpcert.or.jp/english/at/2023/at230021.html 趨勢科技 Deep Discovery Inspector 6.x 和 CVE-2023-3823/3824 安全性通告 https://www.cve.org/CVERecord?id=CVE-2023-3823 https://www.cve.org/CVERecord?id=CVE-2023-3824 Trend Micro Releases Urgent Fix for Actively Exploited Critical Security Vulnerability https://thehackernews.com/2023/09/trend-micro-releases-urgent-fix-for.html Microsoft 推出 2023 年 9 月 Patch Tuesday 每月例行更新修補包 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10694 微軟Patch Tuesday修補兩個零時差弱點 https://www.twcert.org.tw/tw/cp-104-7374-2742e-1.html Microsoft Uncovers Flaws in ncurses Library Affecting Linux and macOS Systems https://thehackernews.com/2023/09/microsoft-uncovers-flaws-in-ncurses.html Beware: Fake Exploit for WinRAR Vulnerability on GitHub Infects Users with Venom RAT https://thehackernews.com/2023/09/beware-fake-exploit-for-winrar.html WinRAR 中存在允許執行任意程式碼的弱點 https://www.twncert.org.tw/Security_Alerts_Detail?lang=en&seq=1253 Security Bulletin: QRadar Pulse application add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities https://www.ibm.com/support/pages/node/7032220?myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E GitLab發布更新，修補執行任意自動化工作流程的漏洞 https://about.gitlab.com/releases/2023/09/18/security-release-gitlab-16-3-4-released/ GitLab Releases Urgent Security Patches for Critical Vulnerability https://thehackernews.com/2023/09/gitlab-releases-urgent-security-patches.html 網路監控軟體Nagios XI存在高風險漏洞，恐導致資訊洩漏或權限提升 https://outpost24.com/blog/nagios-xi-vulnerabilities/ Critical Security Flaws Exposed in Nagios XI Network Monitoring Software https://thehackernews.com/2023/09/critical-security-flaws-exposed-in.html High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server https://thehackernews.com/2023/09/high-severity-flaws-uncovered-in.html Atlassian修補旗下Jira、Confluence、Bitbucket、Bamboo漏洞 https://www.securityweek.com/atlassian-security-updates-patch-high-severity-vulnerabilities/ 開源物件儲存服務MinIO漏洞被用於攻擊，駭客意圖破壞企業網路環境 https://www.securityjoes.com/post/new-attack-vector-in-the-cloud-attackers-caught-exploiting-object-storage-services N-able遠端管理工具存在高風險漏洞，恐被用於刪除端點電腦檔案 https://www.mandiant.com/resources/blog/arbitrary-file-deletion-vulnerabilities 程式庫ncurses存在高風險漏洞，影響執行Linux、FreeBSD、macOS作業系統的電腦 https://www.microsoft.com/en-us/security/blog/2023/09/14/uncursing-the-ncurses-memory-corruption-vulnerabilities-found-in-library/ 2.銀行/金融/保險/證券/金融監理新聞及資安 Akamai: 美國金融機構遭遇史上最大規模DDoS攻擊 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10690 中華開發金控採用CyberArk平台確保多雲環境下系統存取權限及顧客資料的保全 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10687 駭客組織USDoD聲稱竊得信用評估業者環聯資料，環聯表示並未遭到入侵 https://www.bleepingcomputer.com/news/security/transunion-denies-it-was-hacked-links-leaked-data-to-3rd-party/ https://newsroom.transunion.com/transunion-statement-regarding-some-limited-online-activity-alleging-that-data-obtain-from-multiple-entities-including-transunion-will-be-released-read-full-statement/ 泰國數位金融平臺CardX傳出資料外洩 https://www.cardx.co.th/news/details/personal-data-protection 富士達保經落實資安及個資保護取得雙項國際資訊安全認證 https://money.udn.com/money/story/5636/7449935 公股銀：網路攻擊量年增一倍 https://reurl.cc/A07Y38 符合金融法規的電子帳單系統建置 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000673789_0C384V0P7SOL8GL0MB3SQ 3.信用卡/電子支付/行動支付/pay/支付系統/資安網站信用卡側錄攻擊Silent Skimmer鎖定亞太、拉丁美洲及北美 https://blogs.blackberry.com/en/2023/09/silent-skimmer-online-payment-scraping-campaign-shifts-targets-from-apac-to-nala 這樣怎麼繳？停車場遭怨手機支付卻沒訊號 https://reurl.cc/z6ZE5k 長榮航機上行動支付服務上線國內首見 https://news.cnyes.com/news/id/5320592 台灣支付生態巨變！後疫情時代這類支付成主流為6成民眾首選 https://udn.com/news/story/7239/7453382 元大銀行QR Code升級行動支付綁定與額度隨時掌握 https://udn.com/news/story/7239/7408153 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 North Korea's Lazarus Group Suspected in $31 Million CoinEx Heist https://thehackernews.com/2023/09/north-koreas-lazarus-group-suspected-in.html 北韓駭客Lazarus從加密貨幣交易所CoinEx竊得3,100萬美元 https://thehackernews.com/2023/09/north-koreas-lazarus-group-suspected-in.html 台灣首部「加密貨幣專法」提案出爐！立委江永昌提虛擬資產監管12面向 https://www.blocktempo.com/taiwan-first-virtual-assets-law-proposal-released/ 比特幣在美聯儲鷹派態度對利率的影響下出現波動，交易量持續處於多年低位，而流動性相對穩定 https://hk.investing.com/news/stock-market-news/article-384391 欲起草「加密貨幣政策框架」！一分鐘回顧美國共和黨總統候選人Vivek Ramaswamy如何支持加密貨幣發展 https://reurl.cc/GKxOGv 臺灣立例擁抱加密貨幣與香港競爭　比特幣價格向上更多人持有可爆升的BTCBSC https://news.cnyes.com/news/id/5330910 加密貨幣公司尋找美國以外增長機會，香港等地加大開放力度 https://reurl.cc/V4DlmA 交易量新低、波動性下降！數據解讀：加密貨幣市場的嚴峻現狀 https://blockcast.it/2023/09/19/bitcoins-rise-masks-a-grim-outlook-for-crypto-markets/ JPEX案｜森美連續兩日缺席　多間加密貨幣兌換店被查封 https://hk.on.cc/hk/bkn/cnt/entertainment/20230919/bkn-20230919162402356-0919_00862_001.html 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 台中、彰化肉品市場遭勒索攻擊，營運停擺 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10695 Ransom.Win32.NOESCAPE.THFOEBC 勒索病毒 https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.win32.noescape.thfoebc 旅館集團美高梅在遭遇勒索軟體攻擊的10天後恢復正常 https://www.securityweek.com/mgm-resorts-computers-back-up-after-10-days-as-analysts-eye-effects-of-casino-cyberattacks/ 駭客組織Gold Melody向勒索軟體駭客兜售存取組織的管道 https://www.secureworks.com/research/gold-melody-profile-of-an-initial-access-broker 中文使用者遭到鎖定，駭客向其散布木馬ValleyRAT、Sainbox RAT、Purple Fox https://www.proofpoint.com/us/blog/threat-insight/chinese-malware-appears-earnest-across-cybercrime-threat-landscape 惡意軟體VenomRAT假借WinRAR漏洞概念性驗證程式散布 https://unit42.paloaltonetworks.com/fake-cve-2023-40477-poc-hides-venomrat/ 亞塞拜然共和國遭到Rust惡意軟體攻擊 https://www.deepinstinct.com/blog/operation-rusty-flag-a-malicious-campaign-against-azerbaijanian-targets 中東電信業者遭駭客組織ShroudedSnooper鎖定，假借提供端點防護系統元件散布惡意程式 https://blog.talosintelligence.com/introducing-shrouded-snooper/ 美國針對勒索軟體Snatch的攻擊行動提出警告 https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-263a 駭客透過惡意Python套件culturestreak散布挖礦程式 https://checkmarx.com/blog/attacker-unleashes-stealthy-crypto-mining-via-malicious-python-package/ 殭屍網路P2PInfect攻擊爆增600倍 http://www.cadosecurity.com/cado-security-labs-researchers-witness-a-600x-increase-in-p2pinfect-traffic/ 駭客使用Python打造竊資軟體NodeStealer，鎖定北美與南歐盜取企業臉書帳號 https://www.netskope.com/blog/new-python-nodestealer-goes-beyond-facebook-credentials-now-stealing-all-browser-cookies-and-login-credentials 勒索軟體LockBit透過多種遠端管理工具散布 https://www.esentire.com/blog/russia-linked-lockbit-ransomware-gang-attacks-an-msp-and-two-manufacturers-using-the-targets-rmm-tools-to-infect-downstream-customers-and-employees-with-ransomware 中國駭客Earth Lusca鎖定政府機關散布Linux惡意程式SprySOCKS http://www.trendmicro.com/en_us/research/23/i/earth-lusca-employs-new-linux-backdoor.html 勒索軟體NoEscape聲稱攻擊美加邊境水務組織 https://www.theregister.com/2023/09/15/ijc_noescape_ransomware/ 惡意軟體Bumblebee濫用WebDAV資料夾進行散布 https://intel471.com/blog/bumblebee-loader-resurfaces-in-new-campaign 駭客組織Scattered Spider擴大攻擊範圍，發動勒索軟體攻擊迫使受害組織付錢 https://www.mandiant.com/resources/blog/unc3944-sms-phishing-sim-swapping-ransomware 斯里蘭卡政府電子郵件系統遭勒索軟體攻擊，備份資料也無法倖免 https://cert.gov.lk/?p=3362 勒索軟體駭客BlackCat鎖定Azure Storage儲存桶下手 https://www.bleepingcomputer.com/news/security/blackcat-ransomware-hits-azure-storage-with-sphynx-encryptor/ 卡車車隊管理服務Orbcomm遭勒索軟體攻擊，司機改用紙本記錄工作狀態 https://www.bleepingcomputer.com/news/security/orbcomm-ransomware-attack-causes-trucking-fleet-management-outage/ 勒索軟體NoEscape聲稱攻擊美加邊境水務組織 https://www.theregister.com/2023/09/15/ijc_noescape_ransomware/ 駭客組織Scattered Spider擴大攻擊範圍，發動勒索軟體攻擊迫使受害組織付錢 https://www.mandiant.com/resources/blog/unc3944-sms-phishing-sim-swapping-ransomware 駭客使用Python打造竊資軟體NodeStealer，鎖定北美與南歐盜取企業臉書帳號 https://www.netskope.com/blog/new-python-nodestealer-goes-beyond-facebook-credentials-now-stealing-all-browser-cookies-and-login-credentials Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets | Microsoft Security Blog https://www.microsoft.com/en-us/security/blog/2023/09/14/peach-sandstorm-password-spray-campaigns-enable-intelligence-collection-at-high-value-targets/ RedLine/Vidar Abuses EV Certificates, Shifts to Ransomware https://www.trendmicro.com/en_us/research/23/i/redline-vidar-first-abuses-ev-certificates.html https://www.trendmicro.com/content/dam/trendmicro/global/en/research/23/i/redline-vidar-first-abuses-ev-certificates-then-shifts-to-ransomware-/IOCs-RedLineVidar-Abuses-EV%20Certificates-Shifts-to-Ransomware.txt PSA: Ongoing Webex malvertising campaign drops BatLoader https://www.malwarebytes.com/blog/threat-intelligence/2023/09/ongoing-webex-malvertising-drops-batloader New Python NodeStealer Goes Beyond Facebook Credentials, Now Stealing All Browser Cookies and Login Credentials https://www.netskope.com/blog/new-python-nodestealer-goes-beyond-facebook-credentials-now-stealing-all-browser-cookies-and-login-credentials New MidgeDropper Variant https://www.fortinet.com/blog/threat-research/new-midgedropper-variant 巴基斯坦駭客APT36假借提供YouTube應用程式攻擊安卓手機 https://www.sentinelone.com/labs/capratube-transparent-tribes-caprarat-mimics-youtube-to-hijack-android-phones/ A peek into APT36’s updated arsenal https://www.zscaler.com/blogs/security-research/peek-apt36-s-updated-arsenal Fake CVE-2023-40477 Proof of Concept Leads to VenomRAT https://unit42.paloaltonetworks.com/fake-cve-2023-40477-poc-hides-venomrat/ New ShroudedSnooper actor targets telecommunications firms in the Middle East with novel Implants https://blog.talosintelligence.com/introducing-shrouded-snooper/ Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement https://www.trendmicro.com/en_us/research/23/i/earth-lusca-employs-new-linux-backdoor.html CapraTube | Transparent Tribe’s CapraRAT Mimics YouTube to Hijack Android Phones https://www.sentinelone.com/labs/capratube-transparent-tribes-caprarat-mimics-youtube-to-hijack-android-phones/ The Curious Case of “Monti” Ransomware: A Real-World Doppelganger https://blogs.blackberry.com/en/2022/09/the-curious-case-of-monti-ransomware-a-real-world-doppelganger NodeStealer Malware Now Targets Facebook Business Accounts on Multiple Browsers https://thehackernews.com/2023/09/nodestealer-malware-now-targets.html Financially Motivated UNC3944 Threat Actor Shifts Focus to Ransomware Attacks https://thehackernews.com/2023/09/financially-motivated-unc3944-threat.html Inside the Code of a New XWorm Variant https://thehackernews.com/2023/09/inside-code-of-new-xworm-variant.html Earth Lusca's New SprySOCKS Linux Backdoor Targets Government Entities https://thehackernews.com/2023/09/earth-luscas-new-sprysocks-linux.html Transparent Tribe Uses Fake YouTube Android Apps to Spread CapraRAT Malware https://thehackernews.com/2023/09/transparent-tribe-uses-fake-youtube.html Fresh Wave of Malicious npm Packages Threaten Kubernetes Configs and SSH Keys https://thehackernews.com/2023/09/fresh-wave-of-malicious-npm-packages.html ShroudedSnooper's HTTPSnoop Backdoor Targets Middle East Telecom Companies https://thehackernews.com/2023/09/shroudedsnoopers-httpsnoop-backdoor.html Cyber Group 'Gold Melody' Selling Compromised Access to Ransomware Attackers https://thehackernews.com/2023/09/cyber-group-gold-melody-selling.html Ukrainian Hacker Suspected to be Behind "Free Download Manager" Malware Attack https://thehackernews.com/2023/09/ukrainian-hacker-suspected-to-be-behind.html Researchers Raise Red Flag on P2PInfect Malware with 600x Activity Surge https://thehackernews.com/2023/09/researchers-raise-red-flag-on-p2pinfect.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊因應量子電腦時代的安全威脅，加密通訊軟體Signal採用新加密協定PQXDH https://www.ithome.com.tw/news/158852 Signal Messenger Introduces PQXDH Quantum-Resistant Encryption https://thehackernews.com/2023/09/signal-messenger-introduces-pqxdh.html The Rise of the Malicious App https://thehackernews.com/2023/09/the-rise-of-malicious-app.html 蘋果發布iOS 17.0.1、macOS Ventura 13.6，修補3個已被用於攻擊行動的零時差漏洞 https://www.bleepingcomputer.com/news/apple/apple-emergency-updates-fix-3-new-zero-days-exploited-in-attacks/ Apple Rushes to Patch 3 New Zero-Day Flaws: iOS, macOS, Safari, and More Vulnerable https://thehackernews.com/2023/09/apple-rushes-to-patch-3-new-zero-day.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力國際刑事法院證實遭到網路攻擊 https://www.bleepingcomputer.com/news/security/hackers-breached-international-criminal-courts-systems-last-week/ 面對人數多50倍的中國駭客威脅，FBI局長呼籲公私聯防，善用AI對抗網路威脅 https://www.ithome.com.tw/news/158829 OpenAI成立紅隊演練網路，招募各界專家改善大型語言模型安全 https://www.ithome.com.tw/news/158834 家庭清潔用品公司高樂氏遭到網路攻擊導致營運受到衝擊 https://www.theregister.com/2023/09/19/the_clorox_company_admits_cyber/ https://d18rn0p25nwr6d.cloudfront.net/CIK-0000021076/ae1fd2f2-142b-4a99-bed8-e7bfeb8a2bb7.pdf https://www.sec.gov/ix?doc=/Archives/edgar/data/21076/000120677423000969/clx4231381-8k.htm 挖礦攻擊行動Ambersquid鎖定不尋常的AWS服務下手 https://sysdig.com/blog/ambersquid/ 俄羅斯駭客NoName057(16)疑發動DDoS攻擊，癱瘓加拿大機場旅客通關作業 https://www.lapresse.ca/actualites/national/2023-09-19/agence-des-services-frontaliers/la-panne-dans-les-aeroports-provenait-bien-d-une-attaque-informatique.php https://securityaffairs.com/151149/hacking/noname-ddos-attack-canadian-airports.html New AMBERSQUID Cryptojacking Operation Targets Uncommon AWS Services https://thehackernews.com/2023/09/new-ambersquid-cryptojacking-operation.html Mysterious 'Sandman' Threat Actor Targets Telecom Providers Across Three Continents https://thehackernews.com/2023/09/mysterious-sandman-threat-actor-targets.html China Accuses U.S. of Decade-Long Cyber Espionage Campaign Against Huawei Servers https://thehackernews.com/2023/09/china-accuses-us-of-decade-long-cyber.html 伊朗駭客APT33發起密碼潑灑攻擊，並濫用開源資安框架偵察Azure AD環境 https://aka.ms/peach-sandstorm Iranian Nation-State Actors Employ Password Spray Attacks Targeting Multiple Sectors https://thehackernews.com/2023/09/iranian-nation-state-actors-employ.html Iranian Nation-State Actor OilRig Targets Israeli Organizations https://thehackernews.com/2023/09/iranian-nation-state-actor-oilrig.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 Cybercriminals Combine Phishing and EV Certificates to Deliver Ransomware Payloads https://thehackernews.com/2023/09/cybercriminals-combine-phishing-and-ev.html Retool Falls Victim to SMS-Based Phishing Attack Affecting 27 Cloud Clients https://thehackernews.com/2023/09/retool-falls-victim-to-sms-based.html TikTok Faces Massive €345 Million Fine Over Child Data Violations in E.U. https://thehackernews.com/2023/09/tiktok-faces-massive-345-million-fine.html 微軟外洩38 TB資料，起因是Azure儲存桶未設防 https://www.bleepingcomputer.com/news/microsoft/microsoft-leaks-38tb-of-private-data-via-unsecured-azure-storage/ https://www.wiz.io/blog/38-terabytes-of-private-data-accidentally-exposed-by-microsoft-ai-researchers https://msrc.microsoft.com/blog/2023/09/microsoft-mitigated-exposure-of-internal-information-in-a-storage-account-due-to-overly-permissive-sas-token/ Microsoft AI Researchers Accidentally Expose 38 Terabytes of Confidential Data https://thehackernews.com/2023/09/microsoft-ai-researchers-accidentally.html Sophisticated Phishing Campaign Targeting Chinese Users with ValleyRAT and Gh0st RAT https://thehackernews.com/2023/09/sophisticated-phishing-campaign_20.html 資安業者指控Google Authenticator雙因素驗證碼雲端同步機制恐削弱安全性 https://retool.com/blog/mfa-isnt-mfa/ E.研究報告/工具 The Interdependence between Automated Threat Intelligence Collection and Humans https://thehackernews.com/2023/09/the-interdependence-between-automated.html Cybersecurity Law A graduate degree for working professionals https://www.law.umaryland.edu/academics/ms-in-law-program/landing-pages/cybersecurity-hacker-news/ The Convergence of AI + Cybersecurity https://abnormalsecurity.com/convergence?utm_source=hackernews&_m=3n.009a.3152.kl0ao0dcsu.251q Do You Really Trust Your Web Application Supply Chain https://thehackernews.com/2023/09/do-you-really-trust-your-web.html Finnish Authorities Dismantle Notorious PIILOPUOTI Dark Web Drug Marketplace https://thehackernews.com/2023/09/finnish-authorities-dismantle-notorious.html How to Interpret the 2023 MITRE ATT&CK Evaluation Results https://thehackernews.com/2023/09/how-to-interpret-2023-mitre-att.html F.商業 Google Agrees to $93 Million Settlement in California's Location-Privacy Lawsuit https://thehackernews.com/2023/09/google-agrees-to-93-million-settlement.html AI引領反欺詐革命！HiTRUST獲發明專利，金融電商皆受益 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10696 先竊取，後解密！Openfind 部署後量子加密技術，強化郵件安全 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10688 思科以280億美元買下大數據資安業者Splunk https://www.ithome.com.tw/news/158878 https://newsroom.cisco.com/c/r/newsroom/en/us/a/y2023/m09/cisco-to-acquire-splunk-to-help-make-organizations-more-secure-and-resilient-in-an-ai-powered-world.html https://www.splunk.com/en_us/newsroom/press-releases/2023/cisco-to-acquire-splunk-to-help-make-organizations-more-secure-and-resilient-in-an-ai-powered-world.html https://www.ithome.com.tw/news/149369 資安業者CrowdStrike買下ASPM新創Bionic https://www.crowdstrike.com/press-releases/crowdstrike-to-acquire-bionic-to-extend-cloud-security-leadership/ https://www.securityweek.com/crowdstrike-to-acquire-bionic/ 為強化列印系統安全，微軟將在Windows更新逐步淘汰第三方印表機驅動程式 https://learn.microsoft.com/en-us/windows-hardware/drivers/print/end-of-servicing-plan-for-third-party-printer-drivers-on-windows Google承諾將為Chromebook提供長達10年的安全更新 https://blog.google/outreach-initiatives/education/automatic-update-extension-chromebook/ G.政府美國NIST院長回訪數位部進行深度資安交流 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10698 政府資服採購作業指引9月公布，開始明定標案需獨立編列資安預算 https://www.ithome.com.tw/news/158882 數位部舉行縣市資訊主管聯席會提升資安韌性 https://reurl.cc/A07Y6Z 400億政府資訊服務採購變革關鍵，新版資服採購作業指引出爐 https://www.ithome.com.tw/news/158881 防堵敏感資訊被駭政府採購契約納入資安要求 https://www.rti.org.tw/news/view/id/2179341 資安法將送政院修法聚焦三重點 https://www.chinatimes.com/newspapers/20230904000100-260202?chdtv H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安 DDoS 2.0: IoT Sparks New DDoS Alert https://thehackernews.com/2023/09/ddos-20-iot-sparks-new-ddos-alert.html 歐姆龍修補PLC、工程軟體的漏洞 https://www.securityweek.com/omron-patches-plc-engineering-software-flaws-discovered-during-ics-malware-analysis/ 網路電話Atos Unify存在漏洞，恐讓駭客在系統設置後門 https://sec-consult.com/vulnerability-lab/advisory/authenticated-remote-code-execution-missing-authentication-atos-unify-openscape/ I.教育訓練 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 6.近期資安活動及研討會從 MLOps 到 LLMOps 的混合雲實踐 2023/9/25 https://www.meetup.com/rladies-taipei/events/295452194/ 四個月考過CCNA，成為網路工程師 2023/9/27 https://www.accupass.com/event/2308280820492735100520 【ACSI安碁資訊】上雲後的下一步——如何逐步建構雲端防護 2023/9/28 https://www.accupass.com/event/2307270328312367680900 Hou.Sec.Con 2023/10/12 ~ 2023/10/13 https://web.cvent.com/event/76d46ccb-fe00-4fe5-ba46-e4a77c807f21/summary Taipei DevOps User Group Launch Event 2023/10/13 https://www.meetup.com/taipei-devops-user-group/events/295716641/ 國家高速網路與計算中心平行計算程式設計基礎課程 2023/10/17 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4033&from_course_list_url=homepage OCF 培訓活動: 如何建立安全的網路架構 II 2023/10/21 https://ocftw.kktix.cc/events/ocftot2023 (ISC)2 SECURITY CONGRESS LEAD WITH CONFINDENCE 2023/10/25 ~ 2023/10/27 https://www.isc2.org/Congress-2023 Web應用滲透測試 2023/11/9 ~ 2023/11/10 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=631 【亞洲最具指標供應鏈高峰會】Supply Chain Summit 2023 2023/11/14 ~ 2023/11/15 https://www.accupass.com/event/2307070154211343470512 【Monosparta】②⓪②④ 第一梯次軟體開發實戰訓練營➠線上說明會 2024/1/17 https://trunk-studio.kktix.cc/events/monosparta-202401