###### tags: `資安事件新聞週報` # 資安事件新聞週報 2024/4/8 ~ 2024/4/12 1.重大弱點漏洞/後門/Exploit/Zero Day 新型態HTTP/2漏洞遭揭露，網頁伺服器可能因為單一連線而癱瘓 https://ithome.com.tw/news/162148 Zero-Day Alert: Critical Palo Alto Networks PAN-OS Flaw Under Active Attack https://thehackernews.com/2024/04/zero-day-alert-critical-palo-alto.html 最新RCE漏洞! 16500 台 Ivanti Connect Secure、Poly Secure gateway 受影響 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11028 Fortinet修補Linux版FortiClient的危急漏洞 https://www.fortiguard.com/psirt/FG-IR-23-087 Fortinet Rolls Out Critical Security Patches for FortiClientLinux Vulnerability https://thehackernews.com/2024/04/fortinet-has-released-patches-to.html Fortinet FortiOS與FortiProxy存在高風險安全漏洞(CVE-2024-21762)，請儘速確認並進行修補 https://da.taichung.gov.tw/2590357/post Two Bytes is Plenty: FortiGate RCE with CVE-2024-21762 https://www.assetnote.io/resources/research/two-bytes-is-plenty-fortigate-rce-with-cve-2024-21762 Imperva 示警地端WAF嚴重漏洞可導致安全繞過 https://reurl.cc/OM7VdA Imperva 近日發布更新以解決 SecureSphere 的安全性弱點 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11020&mod=1%20- Bypassing Imperva SecureSphere WAF (CVE-2023-50969) https://www.hoyahaxa.com/2024/03/imperva-waf-bypass-cve-2023-50969.html 微軟發布4月例行更新，修補149個漏洞，有2個傳出已遭利用 https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-two-windows-zero-days-exploited-in-malware-attacks/ Windows新驅動程式讓第三方程式無法變更預設瀏覽器 https://www.ithome.com.tw/news/162187 Microsoft fixes two Windows zero-days exploited in malware attacks https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-two-windows-zero-days-exploited-in-malware-attacks/ KB5002574: Outlook 2016 on Windows 10 /11 gets better via Group Policy (GPO) edit fixes https://www.neowin.net/news/kb5002574-outlook-2016-on-windows-10-11-gets-better-via-group-policy-gpo-edit-fixes/ Recent Windows updates break Microsoft Connected Cache delivery https://www.bleepingcomputer.com/news/microsoft/recent-windows-updates-break-microsoft-connected-cache-delivery/ Microsoft fixes Windows Sysprep issue behind 0x80073cf2 errors https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-sysprep-issue-behind-0x80073cf2-errors/amp/ New SharePoint flaws help hackers evade detection when stealing files https://www.bleepingcomputer.com/news/security/new-sharepoint-flaws-help-hackers-evade-detection-when-stealing-files/ Ivanti EPM Cloud Services Appliance (CSA)存在高風險安全漏洞(CVE-2021-44529)，請儘速確認並進行修補 https://da.taichung.gov.tw/2602360/post 資安業者Ivanti修補VPN系統Connect Secure高風險漏洞 https://www.bleepingcomputer.com/news/security/ivanti-fixes-vpn-gateway-vulnerability-allowing-rce-dos-attacks/ Ivanti零時差漏洞影響持續發酵，多個中國駭客組織加入利用行列 https://www.ithome.com.tw/news/162168 New Ivanti RCE flaw may impact 16,000 exposed VPN gateways https://www.bleepingcomputer.com/news/security/new-ivanti-rce-flaw-may-impact-16-000-exposed-vpn-gateways/amp/ New Windows driver blocks software from changing default web browser https://www.bleepingcomputer.com/news/microsoft/new-windows-driver-blocks-software-from-changing-default-web-browser/ Critical Progress Flowmon Vulnerability Let Attackers Inject Malicious Code https://gbhackers-com.cdn.ampproject.org/c/s/gbhackers.com/progress-flowmon-vulnerability/amp/ AI-as-a-Service Providers Vulnerable to PrivEsc and Cross-Tenant Attacks https://thehackernews.com/2024/04/ai-as-service-providers-vulnerable-to.html Hugging Face存在漏洞，恐導致AI供應鏈攻擊 https://ithome.com.tw/news/162150 Google再度修補Pwn2Own公布的Chrome零時差漏洞 https://www.bleepingcomputer.com/news/security/google-fixes-one-more-chrome-zero-day-exploited-at-pwn2own/ WordPress互動模組建置外掛LayerSlider存在重大漏洞，100萬網站曝險 https://www.wordfence.com/blog/2024/04/5500-bounty-awarded-for-unauthenticated-sql-injection-vulnerability-patched-in-layerslider-wordpress-plugin/ CVE-2024-30850-chaos-rat-rce-poc https://github.com/chebuya/CVE-2024-30850-chaos-rat-rce-poc IBM QRadar Deployment Intelligence app for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities https://www.ibm.com/support/pages/node/7147812 IBM QRadar App SDK for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities https://www.ibm.com/support/pages/node/7147813 IBM QRadar SIEM is vulnerable to AJP Smuggling (CVE-2022-26377) https://www.ibm.com/support/pages/node/7145265 IBM QRadar SIEM is vulnerable to command injection and cross-site scripting (CVE-2023-50961, CVE-2023-50960) https://www.ibm.com/support/pages/node/7145262 IBM QRadar SIEM is vulnerable to cross-site scripting (CVE-2024-28784) https://www.ibm.com/support/pages/node/7145260 IBM QRadar SIEM contains multiple vulnerabilities https://www.ibm.com/support/pages/node/7148094 IBM Disconnected Log Collector includes components with known vulnerabilities https://www.ibm.com/support/pages/node/7148147 Security Bulletin: RabbitMQ protocol as used by IBM QRadar SIEM lacks certificate validation (CVE-2023-50949) https://www.ibm.com/support/pages/node/7147933 Researchers Uncover First Native Spectre v2 Exploit Against Linux Kernel https://thehackernews.com/2024/04/researchers-uncover-first-native.html 程式語言Rust被挖出CVSS滿分10分的重大漏洞，Windows電腦恐因此面臨命令注入攻擊 https://www.ithome.com.tw/news/162218 Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks https://thehackernews.com/2024/04/critical-batbadbut-rust-vulnerability.html SAP修補NetWeaver AS Java、BusinessObjects高風險漏洞 https://www.securityweek.com/saps-april-2024-updates-patch-high-severity-vulnerabilities/ Adobe針對9項產品發布4月例行更新 https://www.securityweek.com/patch-tuesday-code-execution-flaws-in-multiple-adobe-software-products/ Adobe 已發布安全更新 https://www.cisa.gov/news-events/alerts/2024/04/09/adobe-releases-security-updates-multiple-products-0 Hugging Face漏洞警示 AIaaS 面臨更多資安挑戰 https://www.technice.com.tw/techmanage/infosecurity/105468/ Vulnerability Summary for the Week of April 1, 2024 https://www.cisa.gov/news-events/bulletins/sb24-099 電子商務平臺Magento漏洞遭到利用，駭客對其注入後門程式 https://www.ithome.com.tw/news/162236 新型態Spectre v2攻擊手法影響搭載Intel處理器的Linux電腦 https://www.bleepingcomputer.com/news/security/new-spectre-v2-attack-impacts-linux-systems-on-intel-cpus/ Intel、聯想伺服器的BMC韌體存在長達6年之久的第三方元件漏洞 https://www.ithome.com.tw/news/162254 2.銀行/金融/保險/證券/金融監理 新聞及資安 Vietnam-Based Hackers Steal Financial Data Across Asia with Malware https://thehackernews.com/2024/04/vietnam-based-hackers-steal-financial.html 她1.5小時遭盜刷283次！慘噴上百萬　法院「1理由」要銀行全賠 https://www.ettoday.net/news/20240407/2714634.htm 人工智慧掀熱潮 金管會：2金融業規劃導入生成式AI https://reurl.cc/bDZlYl 元大期建網站防詐機制 守護交易安全 https://reurl.cc/L4v6V3 美中計畫舉行金融衝擊演習　模擬因應銀行網攻、疫情爆發等風險 https://www.upmedia.mg/news_info.php?Type=3&SerialNo=198955 不碰錢就沒事？資安專家：金融業導入LLM小心雙面刃 https://www.gvm.com.tw/article/111643 瑞興銀行資安系統 通過ISO 27001:2022 https://money.udn.com/money/story/5636/7887864 證交所挺券商強化資安 https://money.udn.com/money/story/5607/7890763 假電子商城攻擊行動升溫，鎖定馬來西亞、越南、緬甸的金融機構而來 https://cyble.com/blog/elevating-the-stakes-the-enhanced-arsenal-of-the-fake-e-shop-campaign/ 3.信用卡/電子支付/行動支付/pay/支付系統/資安 外卡內綁、小額免認證 境外赴陸移動支付用戶數增近6倍 https://www.chinatimes.com/realtimenews/20240405001136-260409?chdtv 玉山信用卡用戶發生 Apple Pay 遭自動設定！是卡片資料外流被盜刷嗎 https://applealmond.com/posts/227455 信用卡有 OTP 簡訊驗證很安全？網友未刷卡卻收到簡訊還被要求繳款 https://applealmond.com/posts/227249#google_vignette 鎖定亞洲金融機構！Visa 示警新一波 JsOutProx 惡意軟體攻擊激增 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11027 Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites https://thehackernews.com/2024/04/hackers-exploit-magento-bug-to-steal.html Sneaky Credit Card Skimmer Disguised as Harmless Facebook Tracker https://thehackernews.com/2024/04/sneaky-credit-card-skimmer-disguised-as.html 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 韓國將透過即將發布的指導方針收緊對加密交易所上幣的監管 https://www.panewslab.com/zh_hk/sqarticledetails/013oi2enFt.html 台灣團隊Zeus Network登Jupiter新幣區！5000萬枚$ZEUS急速售罄、上架OKX衝近1鎂 https://www.blocktempo.com/zeus-network-sold-50-million-zeus-on-jupiter-selling-out-in-20-minutes-for-27-5-million/ 谷歌起訴一加密詐騙集團涉嫌將虛假應用程式上傳到Google Play https://www.panewslab.com/zh_hk/sqarticledetails/58uzw810Ft.html 新幣Saga上幣安挖礦！Layer1 虛擬機潛力在哪？BNB 短時飆破 580 鎂 https://www.blocktempo.com/binance-launches-saga-new-coin-mining-project/ 藉助泰達幣(USDT)俄羅斯規避美國製裁獲得武器零件供應 https://hk.investing.com/news/economic-indicators/article-494243 Oasis 利用自己的錢包軟體查獲蟲洞駭客中被盜的加密貨幣 https://www.binance.com/zh-TC/square/post/249374 使用新火科技MPC託管產品的企業可優先申請其5,000萬美金的BTC L2 TVL資金池 https://www.panewslab.com/zh_hk/sqarticledetails/5iqew9iqFt.html Cyvers Alerts：BXH駭客將300枚ETH轉至Tornado Cash https://news.cnyes.com/news/id/5514501 Masa將於4月11日上線主網並推出MASA代幣 https://www.panewslab.com/zh_hk/sqarticledetails/gyk7xgm5Ft.html Mt. Gox 駭客套現？政府拍賣？是誰轉走了 1 萬枚比特幣 https://news.owlting.com/articles/219977 DeFi項目BXH攻擊駭客將9491枚ETH轉入Tornado Cash清洗 https://news.cnyes.com/news/id/5514593 2021年盜取超1.3億美元的BXH駭客6小時前透過Tornado Cash轉移9491枚ETH https://www.panewslab.com/zh_hk/sqarticledetails/x0056zzeFt.html Mocaverse將與CoinList合作推出代幣發布平台MocaLis；FTX破產財產已出售16億至19億美元的鎖定Solana代幣 https://www.panewslab.com/zh_hk/articledetails/m9bgqu8qFt.html 駭客利用 OpenSea 功能竊取昂貴的 Apes 和 NFT https://www.binance.com/zh-TC/square/post/132696 幣安慈善向臺灣強震災區用戶空投價值一百萬美元 BNB https://reurl.cc/Xqvp73 幣安空投 1,200 萬台幣 BNB，幫助花蓮受災戶 https://reurl.cc/krG2Nx 幣安慈善將向花蓮地震災戶空投100萬鎂BNB，領取資格說明 https://www.blocktempo.com/binance-charity-airdrops-1-million-worth-of-bnb-to-users-in-earthquake-stricken-areas-in-taiwan/ Munchables已完成全額退款分配流程 https://www.panewslab.com/zh_hk/sqarticledetails/xwir2r2qFt.html 疑似某STEPN早期投資者或貢獻者向幣安存入2200萬枚GMT，目前仍持有8453萬枚GMT https://www.panewslab.com/zh_hk/sqarticledetails/lgr42mmpFt.html 多人共用同電子錢包 虛幣全流向冒牌幣商 https://news.ltn.com.tw/news/society/paper/1639367 3Commas CEO admits that API keys were leaked and hackers did obtain information https://www.binance.com/en-JP/square/post/139399 Munchables：確認全額退款分配流程現已完成 https://news.cnyes.com/news/id/5514644 韓國兩大政黨承諾推出加密貨幣誘因以爭取選票 https://www.panewslab.com/zh_hk/sqarticledetails/bjkssduoFt.html Prisma Finance已恢復協議運行 https://news.cnyes.com/news/id/5514805 投資加密貨幣安全嗎？如何保障你的數位資產 https://today.line.me/tw/v2/article/3NR1qEW Paraswap社群已同意使用財庫資金來補償駭客受害者 https://www.panewslab.com/zh_hk/sqarticledetails/c5c79h46Ft.html ParaSwap社區已同意使用財庫資金來補償用戶因駭客攻擊造成的損失 https://news.cnyes.com/news/id/5516071 Cyvers Alerts：發現SQUID Game Coin專案的「SquidTokenSwap」合約中存在一筆惡意交易 https://www.panewslab.com/zh_hk/sqarticledetails/81ppuhf4Ft.html Cyvers Alerts：鏈游SQUID Game存在惡意交易，總損失約為8.7萬美元 https://news.cnyes.com/news/id/5515764 ARC-20代幣AVM地板價升至0.35美元，24小時漲幅擴大至125.9% https://news.cnyes.com/news/id/5516073 將調查涉非法取得虛擬資產的交易行為！韓國近期加密監管動態一次看 https://reurl.cc/prqeZd 保護虛擬資產 六方法降風險 https://www.ctee.com.tw/news/20240409700154-439901 索要 38 萬美元比特幣的駭客組織竊取了王室成員的醫療資訊 https://www.binance.com/zh-TC/square/post/931963333697 抽樣檢測發現Base鏈上約91%的Meme幣有安全漏洞，其中20%係蓄意作惡 https://www.panewslab.com/zh_hk/sqarticledetails/u8nmqwz9Ft.html 將調查涉非法取得虛擬資產的交易行為！韓國近期加密監管動態一次看 https://news.knowing.asia/news/e36832a0-ba03-4940-92d2-b7246245adab xBlast遭遇駭客攻擊，專案團隊提出賠償和部署新代幣等解決方案 https://www.panewslab.com/zh_hk/sqarticledetails/yrddzx2aFt.html Chainlink Oracle 故障後 DeFi 協定 Tender.fi 駭客返還 160 萬美元 https://www.binance.com/zh-TC/square/post/292799 比特幣二層Mezo完成2100萬美元A輪融資，Pantera Capital領投 https://news.cnyes.com/news/id/5518352 加密貨幣首季詐騙及黑客攻擊等損失達34億元 https://hk.on.cc/hk/bkn/cnt/finance/20240410/bkn-20240410115057171-0410_00842_001.html Solana完整研報：Q1融資額超2023全年、DEX交易量環比增漲300%、待升級解決網路擁塞.. https://www.blocktempo.com/state-of-solana-q1-2024/ 加密貨幣欺詐Q1造成損失4.37億美元 以太坊成為重災區 https://hk.investing.com/news/cryptocurrency-news/article-497847 多鏈協作期權協議Jasper Vault於Hack.Summit()推出 https://news.cnyes.com/news/id/5519328 Be aware of information security risks! Social media reports that Friend.tech account was hacked https://www.binance.com/en/square/post/1248319 工行擬發400億人幣TLCA債券 https://news.now.com/home/finance/player?newsId=556494 鯨魚0xbBa在過去的1小時從幣安提取了379萬枚ENA，約546萬美元 https://www.panewslab.com/zh_hk/sqarticledetails/mbz5cedmFt.html 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 勒索軟體駭客組織Red CryptoApp竄起，疑為Maze成員東山再起 https://ithome.com.tw/news/162145 惡意軟體IcedID變種Latrodectus攻擊行動升溫，透過網頁應用程式開發平臺Firebase散布 https://ithome.com.tw/news/162154 智利資料中心IxMetro Powerhost遭遇勒索軟體SEXi攻擊，VMware ESXi伺服器遭到加密 https://www.bleepingcomputer.com/news/security/hosting-firms-vmware-esxi-servers-hit-by-new-sexi-ransomware/ 勒索軟體駭客組織Red CryptoApp竄起，疑為Maze成員東山再起 https://www.ithome.com.tw/news/162145 緩解不易！免費XZ Utils後門掃描器上線 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11021 越南石油公司PV Oil遭到勒索軟體攻擊，被迫暫停簽發電子發票 https://www.roc-taiwan.org/vnsgn/post/45158.html Earth Preta 攻擊行動使用 DOPLUGS 惡意程式攻擊亞洲 https://www.trendmicro.com/zh_tw/research/24/b/earth-preta-campaign-targets-asia-doplugs.html 駭客利用惡意程式ScrubCrypt迴避防毒軟體偵測，意圖散布多款木馬程式及竊資軟體 https://www.ithome.com.tw/news/162239 越南駭客組織鎖定亞洲、東南亞用戶，利用惡意程式RotBot、XClient竊取資料 https://www.ithome.com.tw/news/162264 日本光學設備製造商Hoya傳出遭到勒索軟體駭客組織Hunters International攻擊，遭索討1,000萬美元贖金 https://www.lemagit.fr/actualites/366580339/Ransomware-Hunters-International-demande-10-millions-de-dollars-a-Hoya 印度、巴基斯坦安卓用戶遭到eXotic Visit間諜軟體鎖定 https://www.welivesecurity.com/en/eset-research/exotic-visit-campaign-tracing-footprints-virtual-invaders/ 惡意軟體Raspberry Robin透過Windows指令碼散布 https://threatresearch.ext.hp.com/raspberry-robin-now-spreading-through-windows-script-files/ From PDFs to Payload: Bogus Adobe Acrobat Reader Installers Distribute Byakugan Malware https://thehackernews.com/2024/04/from-pdfs-to-payload-bogus-adobe.html New Wave of JSOutProx Malware Targeting Financial Firms in APAC and MENA https://thehackernews.com/2024/04/new-wave-of-jsoutprox-malware-targeting.html The Gift that keeps giving - Freshest batch from my pals (insert cheeky name here) which actually net us some decent ATT&CK ID's https://otx.alienvault.com/pulse/6610147d77e27dfaa623646d Fake Facebook MidJourney AI page promoted malware to 1.2 million people https://www.bleepingcomputer.com/news/security/fake-facebook-midjourney-ai-page-promoted-malware-to-12-million-people/amp/ The Week in Ransomware - April 5th 2024 - Virtual Machines under Attack https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-april-5th-2024-virtual-machines-under-attack/amp/ Hackers Hijacked Notepad++ Plugin To Inject Malicious Code https://cybersecuritynews.com/hackers-hijacked-notepad-plugin/ Watch Out for 'Latrodectus' - This Malware Could Be In Your Inbox https://thehackernews.com/2024/04/watch-out-for-latrodectus-this-malware.html Vedalia APT Group Exploits Oversized LNK Files To Deliver Malware https://gbhackers.com/vedalia-apt-group-exploits/#google_vignette The Drop in Ransomware Attacks in 2024 and What it Means https://thehackernews.com/2024/04/the-drop-in-ransomware-attacks-in-2024.html Infected off the shelf Python hit on brand new Arch install. File hashes from previous pulse https://otx.alienvault.com/pulse/66149dc41724cef149e45c5a CL0P's Ransomware Rampage - Security Measures for 2024 https://thehackernews.com/2024/04/cl0ps-ransomware-rampage-security.html The Drop in Ransomware Attacks in 2024 and What it Means https://thehackernews.com/2024/04/the-drop-in-ransomware-attacks-in-2024.html 羅馬尼亞駭客組織Rubycarp經營殭屍網路長達10年，透過已知漏洞及暴力破解危害企業組織網路環境 https://www.ithome.com.tw/news/162221 10-Year-Old 'RUBYCARP' Romanian Hacker Group Surfaces with Botnet https://thehackernews.com/2024/04/10-year-old-rubycarp-romanian-hacker.html Behind The Scenes Of Ransomware Attacks https://blog.compass-security.com/2024/04/behind-the-scenes-of-ransomware-attacks/ Python's PyPI Reveals Its Secrets https://thehackernews.com/2024/04/gitguardian-report-pypi-secrets.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 關藍牙可對抗「吃電怪獸」？內行喊沒用：反讓「重要3功能」失靈 https://www.ftvnews.com.tw/news/detail/2024405W0211 免費的最貴！機場USB插座恐瞬間偷光個資 4招防竊 https://www.chinatimes.com/realtimenews/20240405000869-260408?chdtv Android用戶留意！這17款免費手機App含惡意程式 下載隨時變駭客幫兇 盜取資料 https://reurl.cc/RWaYAg VPN安全｜17款藏PROXYLIB病毒 用戶個人資料或被盜取 https://reurl.cc/rrNkxE 地震沒收到國家級警報？ 網大推「1款App」：提前好幾秒還很準 https://reurl.cc/2z5K5r iPhone 漏洞價值多少錢？最新零日漏洞價格比蘋果安全獎金更高 https://mrmad.com.tw/iphone-vulnerability-value#google_vignette 注意！駭客利用假的 Midjouney 粉專騙人安裝木馬程式，逾百萬人上當 https://netmag.tw/2024/04/08/alert-fake-midjourney-pages-trick-millions-into-trojans 華為自製行動平臺HarmonyOS已有4,000個原生程式，準備切割Android https://www.ithome.com.tw/news/162156 Feds Patching Years-Old SS7 Vulnerability in Phone Networks https://reurl.cc/j3bZx1 Google Sues App Developers Over Fake Crypto Investment App Scam https://thehackernews.com/2024/04/google-sues-app-developers-over-fake.html Whoscall免費新功能「個資外洩偵測」 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11025 9 億用戶、估值300 億美元，「暗黑版微信」Telegram決定上市 https://www.panewslab.com/zh_hk/articledetails/0v8n6gziFt.html 筆電及平板電腦配件製造商Targus證實面臨網路攻擊，檔案伺服器遭到外部存取 https://www.sec.gov/Archives/edgar/data/1464790/000121390024031252/ea0203500-8k_briley.htm Apple Updates Spyware Alert System to Warn Victims of Mercenary Attacks https://thehackernews.com/2024/04/apple-expands-spyware-alert-system-to.html 'eXotic Visit' Spyware Campaign Targets Android Users in India and Pakistan https://thehackernews.com/2024/04/exotic-visit-spyware-campaign-targets.html 蘋果發電郵警告92國iPhone使用者　恐遭傭兵間諜軟體攻擊 https://tw.nextapple.com/international/20240411/58602902AEAFB64D2B4DBEC92FB63B5B 蘋果呼籲92國用戶小心傭兵間諜軟體 https://www.ithome.com.tw/news/162247 蘋果對iPhone用戶發緊急警告！台灣果粉嚇：陌生Apple ID自動登入 https://www.nownews.com/news/6403503 C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 Google VPN疑擅自綁架Windows 11 DNS設定 https://www.ithome.com.tw/news/162139 暗網占「90%網域」 剝削未成年賣個資犯罪溫床 https://www.youtube.com/watch?v=7ZuRpwl8p2c HN Securiy：藉白帽駭客巡防，建立主動式「進攻型資安」 https://www.moneydj.com/kmdj/news/newsviewer.aspx?a=006212e7-c7c5-47e6-9189-94ddd9bc0c93 白帽駭客的巡防，引導建立進攻型的網路安全 https://www.trademag.org.tw/page/newsid1/?id=7899520&iz=6 鎖定關鍵基礎設施的Volt Typhoon肆虐，美國、日本、菲律賓將組成資安威脅情報共享聯盟 https://asia.nikkei.com/Politics/Defense/Japan-U.S.-Philippines-to-form-joint-cyberdefense-network 22％員工承認違反公司規定使用 GenAI https://www.technice.com.tw/techmanage/infosecurity/105091/ Google AI搜尋建議受操控　黑客借AI推送惡意網站 https://reurl.cc/77ZzeQ 摩洛哥、西撒哈拉人權鬥士遭駭客組織Starry Addax鎖定 https://blog.talosintelligence.com/starry-addax/ 旅館業者富野證實旗下分公司資訊系統遭受網路攻擊 https://www.ithome.com.tw/news/162213 富野：旗下分公司資訊系統遭受網路攻擊事宜 https://www.moneydj.com/kmdj/news/newsviewer.aspx?a=08c2d1b8-46e3-4e7e-b47c-13a632302583 聯成：公司發生網路資安事件，估對營運尚無重大影響 https://today.line.me/tw/v2/article/rmaYjPX 聯成發生網路資安事件 https://reurl.cc/WReKkL 說明聯華發生網路資安事件 https://reurl.cc/Ej8GAA 食品業者聯華遭遇網路攻擊事件 https://mops.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=173251&SPOKE_DATE=20240409&COMPANY_ID=1229 化學產品製造商聯成遭遇網路攻擊 https://mops.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=182452&SPOKE_DATE=20240409&COMPANY_ID=1313 光學設備製造商Hoya遭遇網路攻擊，部分工廠及業務伺服器被迫離線 https://www.bleepingcomputer.com/news/security/hoyas-optics-production-and-orders-disrupted-by-cyberattack/ 聯合再生遭駭客攻擊 工廠處停工狀態 展開復原作業中 https://reurl.cc/WxaKRD 網傳解放軍進花蓮救災 綠委：陸駭客缺業績 https://reurl.cc/j3b9xD 駭客綁架數千個WordPress網站，意圖榨乾瀏覽網站用戶的加密貨幣資產 https://www.bleepingcomputer.com/news/security/hackers-deploy-crypto-drainers-on-thousands-of-wordpress-sites/ 借鑑黑客勒索事件　提高本港網安意識 https://www.hk01.com/article/1007836?utm_source=01articlecopy&utm_medium=referral 陳民傑 : 數碼港提升數據保安系統再出發 https://www.thinkhk.com/article/2024-04/08/61796.html 從AI、自駕車到國安 美國科技巨擘頻遭中國員工竊密 https://udn.com/news/story/6811/7882172 紐西蘭擬與北約簽新合作協議 學者憂恐激怒中國 https://www.cna.com.tw/news/aopl/202404050220.aspx 比TikTok更生猛　又一讓美國坐立難安的中資巨獸 https://www.hk01.com/article/1007799?utm_source=01articlecopy&utm_medium=referral 習近平被再次警告 中共利用高科技持續干預美國大選 https://m.secretchina.com/news/b5/2024/04/07/1059069.html 俄羅斯杜馬錄音：俄羅斯下一個侵略目標是哈薩克 https://www.chinatimes.com/realtimenews/20240407002803-260408?ctrack=pc_main_recmd_p01&chdtv 越南遭受網路攻擊案件持續增加 https://www.trademag.org.tw/page/newsid1/?id=7899460&iz=6 被中國黑客攻擊的法國議員提出司法起訴 https://reurl.cc/NQ1K49 美國FBI局長：中國威脅我們這一代人 https://taiwandaily.net/%E5%8D%B3%E6%99%82%E6%96%B0%E8%81%9E/13507/ 美國FBI局長：中國是美國最大威脅 駭客多過所有國家總和 https://udn.com/news/story/6812/7889434?list_ch2_index 任何人都可以在網上加入戰鬥：烏克蘭表彰攻擊俄羅斯的駭客志願者引發爭議 https://www.thenewslens.com/article/201104 美示警俄駭客藉微軟電郵　竊取官員與科技巨擘間通信內容 https://news.tvbs.com.tw/world/2453371 Researchers Identify Multiple China Hacker Groups Exploiting Ivanti Security Flaws https://thehackernews.com/2024/04/researchers-identify-multiple-china.html US Health Dept warns hospitals of hackers targeting IT help desks https://reurl.cc/rrNGMN Iranian MuddyWater Hackers Adopt New C2 Tool 'DarkBeatC2' in Latest Campaign https://thehackernews.com/2024/04/iranian-muddywater-hackers-adopt-new-c2.html U.S. Federal Agencies Ordered to Hunt for Signs of Microsoft Breach and Mitigate Risks https://thehackernews.com/2024/04/us-federal-agencies-ordered-to-hunt-for.html 資安工程師 https://www.104.com.tw/job/70xj4?jobsource=n104bank2 資深產品行銷專員 https://www.104.com.tw/job/7p7hq?jobsource=m_job_same_b 演算法研發工程師 https://www.104.com.tw/job/88elg?jobsource=n104bank2 【資安所】計畫管理師(產業資安發展中心) https://www.104.com.tw/job/88xfe 資安人員 https://www.104.com.tw/job/89hf5 網路資安工程師 https://www.104.com.tw/job/87wc2?jobsource=n104bank2 資安業務(台北) https://www.104.com.tw/job/7n7i5?jobsource=analysis_jobsame_b 資訊安全工程師 https://www.104.com.tw/job/87bii?jobsource=google_job 新竹經銷部系統工程師(網路、資安) https://www.104.com.tw/job/86nk5?jobsource=changejob 6TA520- 資安單位主管 https://www.104.com.tw/job/887sh?jobsource=n104bank2 資安需求熱，安碁資訊求才若渴 https://www.moneydj.com/kmdj/news/newsviewer.aspx?a=9a6f71e9-640c-47a8-9d43-c733d0636c0a 華航虎航招新血 涵括機師空服及資工技術員 https://news.cts.com.tw/cna/life/202404/202404082308335.html 資安輔導管理師 https://www.104.com.tw/job/8ak7h?jobsource=n104bank2 資安行政專員 https://www.104.com.tw/job/8amhr?jobsource=googlejobs 【資安人員】2024 https://www.104.com.tw/job/887jt?jobsource=m104 資安專員 https://www.104.com.tw/job/7eabt?jobsource=n104bank2 成大計網中心網路與資訊安全組誠徵資訊人員2名 https://dweb.cjcu.edu.tw/im/news/42482 新市 資安專員 https://www.1111.com.tw/job/130208158/ 資安工程師(總公司) https://www.104.com.tw/job/87bl4?jobsource=company_job 資安專員 https://www.1111.com.tw/job/130208298/ 資安助理 Data Security Assistant /Professional DSP https://www.104.com.tw/job/8apmr?jobsource=m104 D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 New Phishing Campaign Targets Oil & Gas with Evolved Data-Stealing Malware https://thehackernews.com/2024/04/new-phishing-campaign-targets-oil-gas.html Massive Phishing Campaign Strikes Latin America: Venom RAT Targeting Multiple Sectors https://thehackernews.com/2024/04/massive-phishing-campaign-strikes-latin.html 緬甸副防長疑電詐「保護傘」 傳應中方要求被捕 https://reurl.cc/OGxYdD 澎湖縣113年第1季詐欺犯罪常見手法分析與預防 https://penghudaily.blogspot.com/2024/04/1131.html#google_vignette 萬豪個資外洩案 路透：疑中國駭客作案 https://www.rti.org.tw/news/player/id/2004355 愛心捐款要小心 雲警宣導民眾識詐警覺心 https://n.yam.com/Article/20240407371366#google_vignette Whoscall 推新功能，「個資外洩偵測」提前預警詐騙風險 https://infosecu.technews.tw/2024/04/08/whoscall-data-breach/ 你的個資遭外洩了嗎？台灣免費 App 只要 30 秒查詢就能知道 https://3c.ltn.com.tw/news/57685 針對微軟去年簽章金鑰外洩，美國政府公布調查結果，起因是該公司的安全文化不足 https://ithome.com.tw/news/162123 國際駭客組織要幫台灣人對詐騙出手了 https://disp.cc/ptt/Gossiping/1c4dcOKD#google_vignette 假觀光真偷竊！智利竊盜集團靠美國旅遊免簽入境 https://today.line.me/tw/v2/article/60RoWq6 釣魚簡訊騙全台牟利67萬 台中警破詐欺集團逮6人 https://udn.com/news/story/7315/7885944 薩爾瓦多500萬人個人資訊遭泄露 https://news.cnyes.com/news/id/5516664 網路廣告聲稱能協助追回被詐騙的款項 也是詐騙 https://www.kmdn.gov.tw/1117/1271/1272/565402/ 蕭亞軒遭駭客盜用帳號「威脅家人朋友」 親上火線尋兇手 https://reurl.cc/N45KNe 蕭亞軒信箱遭盜用「涉及威脅」　臉書po文求網友幫忙揪出駭客 https://today.line.me/tw/v2/article/Kw8v9Vn 蕭亞軒遭恐嚇威脅！「內容非常可惡」急尋惡劣兇手 https://news.owlting.com/articles/660999 駭客猛攻個資，台灣資安跟得上嗎？資安工程師薪水、前景深度分析 https://blog.salary.tw/article/taiwan-cybersecurity-engineer-salary 駭客入侵7中學校務系統　美國知名暗網兜售台2萬學生個資 https://www.mirrormedia.mg/story/20240409soc003 15萬台幣能買全國2300萬人個資　美暗網還賣台國安資料 https://www.mirrormedia.mg/story/20240409soc004 軍事學者林穎佑示警中國資訊戰：天災發生時癱瘓政府網站，放大不實訊息效果 https://watchout.tw/reports/4pJAYR3qDsU0vkViJNyN 詐團好會演！「假中獎」手法繁瑣 男遭騙2萬 https://reurl.cc/kONlxq 駭客竊取三十四萬多社會保險證號 https://reurl.cc/8v4xN7 【易生誤解】網傳「龍山寺發起全台吃素3天， 平安渡過災情」 https://tfc-taiwan.org.tw/articles/10475 駭客透過臉書聲稱提供多種生成式AI服務桌面版程式，目的是散布竊資軟體 https://www.ithome.com.tw/news/162233 他收到「調薪通知」機警秒刪除！　真相曝光：差點中招 https://today.line.me/tw/v2/article/5yRO5Jq 台大醫院投放廣告賣治肝藥？山寨粉絲專頁！別在網路買來路不明的藥品 https://www.mygopen.com/2024/04/NTU-ad.html 美國電信業者AT&T資料外洩影響用戶數量出爐，目前傳出多達5,100萬名顧客受害 https://www.ithome.com.tw/news/162244 「假」銀行來電 告知「真」交易紀錄 芝婦女上當失金 https://www.worldjournal.com/wj/story/121473/7893428 易生誤解】網傳「賴清德捐總統選舉補助款5300萬救災」 https://tfc-taiwan.org.tw/articles/10474 美國針對資料分析業者Sisense帳密資料外洩事故提出警告 https://www.ithome.com.tw/news/162260 LastPass員工遭遇語音網釣攻擊，駭客透過Deepfake冒充該公司執行長行騙 https://www.ithome.com.tw/news/162249 駭客組織TA547利用AI產生PowerShell指令碼，目的是散布竊資軟體Rhadamanthys https://www.ithome.com.tw/news/162242 TA547 Phishing Attack Hits German Firms with Rhadamanthys Stealer https://thehackernews.com/2024/04/ta547-phishing-attack-hits-german-firms.html TA547 Phishing Attack Hits German Firms with Rhadamanthys Stealer https://thehackernews.com/2024/04/ta547-phishing-attack-hits-german-firms.html Phishing: Spot and report scam emails, texts, websites and calls https://www.ncsc.gov.uk/collection/phishing-scams Cybercriminals Targeting Latin America with Sophisticated Phishing Scheme https://thehackernews.com/2024/04/cybercriminals-targeting-latin-america.html Attackers Using Obfuscation Tools to Deliver Multi-Stage Malware via Invoice Phishing https://thehackernews.com/2024/04/attackers-using-obfuscation-tools-to.html E.研究報告/工具 雲端安全難駕馭！了解CTEM如何協助降低雲端曝險威脅 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11023 當 APT 威脅埋伏於環境中，該如何有效處置 https://teamt5.org/tw/posts/ir-use-case-how-to-respond-to-advanced-persistent-threat-apt/ 原始情資（Raw Intel）在現今網路威脅情資中所扮演的角色為何 https://teamt5.org/tw/posts/raw-intel-s-role-in-modern-cyber-threat-intelligence/ 資安即國安！「網路韌性」如武力展示，遇上駭客不只要能防禦，更能反擊 https://ppa.org.tw/hot_488315.html CISO Perspectives on Complying with Cybersecurity Regulations https://thehackernews.com/2024/04/ciso-perspectives-on-complying-with.html Considerations for Operational Technology Cybersecurity https://thehackernews.com/2024/04/considerations-for-operational.html 瀏覽器直接在本地裝 Gemma 與 Llama AI 用！Opera 成史上第一人 https://www.kocpc.com.tw/archives/541598 Code Keepers: Mastering Non-Human Identity Management https://thehackernews.com/2024/04/code-keepers-mastering-non-human.html Embracing the Cloud: Revolutionizing Privileged Access Management with One Identity Cloud PAM Essentials https://thehackernews.com/2024/03/embracing-cloud-revolutionizing.html LLM RED TEAMING: ADVERSARIAL, PROGRAMMING, AND LINGUISTIC APPROACHES VS CHATGPT, CLAUDE, MISTRAL, GROK, LLAMA, AND GEMINI https://adversa.ai/blog/llm-red-teaming-vs-grok-chatgpt-claude-gemini-bing-mistral-llama/ A Practical Approach to Attacking IoT Embedded Designs (II) https://labs.ioactive.com/2021/02/a-practical-approach-to-attacking-iot_23.html DJI Mavic 3 Drone Research Part 2: Vulnerability Analysis https://www.nozominetworks.com/blog/dji-mavic-3-drone-research-part-2-vulnerability-analysis Stories from the SOC Part 1: IDAT Loader to BruteRatel https://www.rapid7.com/blog/post/2024/03/28/stories-from-the-soc-part-1-idat-loader-to-bruteratel/ Stealing the Bitlocker key from a TPM https://astralvx.com/stealing-the-bitlocker-key-from-a-tpm/ GitOps with ArgoCD for Kubernetes https://overcast.blog/gitops-with-argocd-for-kubernetes-tips-and-tricks-4b926ba75f88 Elevating Security Intelligence with Splunk UBA's Machine Learning Models https://reurl.cc/WRpQlO FRINET: REVERSE-ENGINEERING MADE EASIER https://www.synacktiv.com/publications/frinet-reverse-engineering-made-easier CISO Perspectives on Complying with Cybersecurity Regulations https://thehackernews.com/2024/04/ciso-perspectives-on-complying-with.html Mastering Pentesting in Termux with txtool: A Step-by-Step Guide https://learntricking.blogspot.com/2024/04/mastering-pentesting-in-termux-with-txtool.html Laptop BIOS password reset technique uses contorted paperclips stuffed into a parallel port https://reurl.cc/WRp7Oy Attack Surface Management vs. Vulnerability Management https://thehackernews.com/2024/04/attack-surface-management-vs.html Notepad++ wants your help in "parasite website" shutdown https://www.bleepingcomputer.com/news/security/notepad-plus-plus-wants-your-help-in-parasite-website-shutdown/amp/ Python's PyPI Reveals Its Secrets https://thehackernews.com/2024/04/blog-post.html?_m=3n%2e009a%2e3327%2ekl0ao0dcsu%2e2bv8 F.商業 受反間諜法影響！美國資安大廠「趨勢科技」研發中心撤離中國 https://today.line.me/tw/v2/article/OpG96lj 微軟AI助理推繁中版 台廠受惠 https://www.ctee.com.tw/news/20240406700040-439901 微軟公佈 Windows 10 延伸安全更新方案價格 第一年要價 61 美元 https://netmag.tw/2024/04/10/microsoft-announces-windows-10-esu-pricing-61-for-first-year Google新版尋找裝置功能準備上線，將能確認可疑裝置或個人裝置是否遺落 https://reurl.cc/97gqon VMware被博通收購後越來越「小氣」？網友抱怨就連想下載驅動程式，都還需要發郵件向博通要 https://www.techbang.com/posts/114217-after-being-acquired-by-broadcom-if-you-want-to-download Proxmox gives VMware ESXi users a place to go after Broadcom kills free version https://www.linkedin.com/pulse/proxmox-gives-vmware-esxi-users-place-go-after-broadcom-kills-wjd9e/ Chrome將加入可阻擋cookie劫持的新功能 https://ithome.com.tw/news/162126 Sophos 與 Tenable 合作推出新型託管式風險服務 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11024 Google Chrome Adds V8 Sandbox - A New Defense Against Browser Attacks https://thehackernews.com/2024/04/google-chrome-adds-v8-sandbox-new.html 新立資訊攜手戴爾與 Akamai　共築最強資料安全防線 https://news.owlting.com/articles/660506 恆隆行採用CyberArk強化數位轉型過程的資安防護能力 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?CnlID=13&id=689310 Google Cloud Next 2024 亮點彙整！能自動生成分鏡的『 Google Vids 』將於六月正式推出 https://agirls.aotter.net/post/63217 Fortinet全面升級即時網路安全作業系統，賦能企業強固網路防禦 https://www.digitalwall.com/scripts/displaypr.asp?UID=90758#google_vignette F5收購Wib與Heyhack 打造AI-ready的API安全解決方案 https://www.ctimes.com.tw/DispNews-tw.asp?O=HK84BB8Z1AUSAA00NZ G.政府 唐鳳令「應變網路行動車」花蓮救災！ 他對比馬斯克星鏈傻眼了 https://www.chinatimes.com/realtimenews/20240405001515-260407?chdtv 數位部助建立通訊網路 低軌衛星OneWeb首次用於救災 https://money.udn.com/money/story/5621/7881350 輔助第一線人員資安事件發生處理新武器－「法務部數位證據保全自動化蒐證及分析工具」 https://www.airitilibrary.com/Article/Detail/P20191031001-201710-201911040024-201911040024-45-48 台醫院首家！資訊、網路安全獲國際最高規 https://www.mirrormedia.mg/external/setn_1450063 遏止網路犯罪與防駭！臺南市政府與法務部調查局簽署MOU https://www.tainan.gov.tw/News_Content.aspx?n=13370&s=8629203 臺南市政府與調查局攜手打造智慧城市資安防護體系 https://www.reachingnews.com/article-info.asp?cate=17&id=8563 微軟示警！中國大陸已用AI測試抹黑賴清德 今年將干擾美、韓、印度大選 https://udn.com/news/story/6809/7880876 華爾街日報：中國借助AI散播假訊息 鎖定台美選民 https://reurl.cc/j3bV5L 公投電子連署等6年 不在籍投票還要拖多久 https://udn.com/news/story/6656/7884021 全國公投電子連署系統10日上線測試　一張自然人憑證即可連署 https://reurl.cc/yY56vq 視察警專科技犯罪偵查教育中心 蔡總統：政府會做警消海巡後盾 https://www.rti.org.tw/news/view/id/2201865 興大與資安院簽署合作 協助產業培育資安人才 https://www.ctee.com.tw/news/20240409701081-430503 公投電子連署系統明上線 藍白質疑 中選會擺爛6年 https://udn.com/news/story/6656/7885605 法務部調查局與臺灣大學醫學院附設醫院簽署 國家資通安全聯防與情資分享合作備忘錄 https://www.mjib.gov.tw/news/Details/1/987 科技犯罪偵查教育中心揭牌 蔡英文盼警提升資安素養 https://www.epochtimes.com/b5/24/4/9/n14221945.htm H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 Over 92,000 exposed D-Link NAS devices have a backdoor account https://www.bleepingcomputer.com/news/security/over-92-000-exposed-d-link-nas-devices-have-a-backdoor-account/amp/ D-Link NAS 被曝存在後門帳戶 影響 9.2 萬台裝置 D-Link 拒絕修補漏洞 https://reurl.cc/yY56AE 裝置使用中！超過9萬台D-Link除役NAS發現後門漏洞 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11026 美國稱阻斷中國駭客針對路由器的劫持行動 https://reurl.cc/8v4qZX 零信任可與現有OT架構整合成經濟實惠的安全防護方案 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11029 智慧電視也可能被駭！大品牌爆安全漏洞專家教三招防範 https://3c.ltn.com.tw/news/57717 9萬臺LG智慧電視存在漏洞，攻擊者有機會遠端執行任意命令 https://www.ithome.com.tw/news/162222 Researchers Discover LG Smart TV Vulnerabilities Allowing Root Access https://thehackernews.com/2024/04/researchers-discover-lg-smart-tv.html 洛克威爾自動化重新定義生產關鍵 引領產業全面升級 https://www.digitalwall.com/scripts/displaypr.asp?UID=90756#google_vignette 西門子發布4月例行安全性公告，一口氣揭露80個漏洞 https://www.ithome.com.tw/news/162243 物聯網市場飆速成長　聯網資安風險不可輕忽 https://reurl.cc/p3DLlb 洛克威爾:內建AI趨勢興，從自動化走向自主化 https://today.line.me/tw/v2/article/nX5z0xL I.教育訓練 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 6.近期資安活動及研討會 Just a chat - with no Expectations 2024/4/13 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/299985415/ Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/4/16 https://www.meetup.com/taiwan-code-camp/events/xfxtjtygcgbvb/ SyntaxError 2024/4/17 https://www.meetup.com/pythonhug/events/pqnsctygcgbwb/ 【安碁學苑】上市上櫃公司資安主題課程 2024/4/18 https://acsiacad.kktix.cc/events/6ebd7fbd-copy-5 HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會 淡水 2024/4/18 https://www.meetup.com/hackingthursday/events/psspctygcgbxb/ 網路自由小聚 [4月] ：IETF 分享會 2024/4/18 https://ocftw.kktix.cc/events/internetfreedom-april2024 資安技術實作坊：滲透測試 2024/4/19 https://www.accupass.com/event/2403260547255414967380 Just a chat - with no Expectations 2024/4/20 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/lsmkqsygcgbbc/ Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/4/23 https://www.meetup.com/taiwan-code-camp/events/xfxtjtygcgbfc/ SyntaxError 2024/4/24 https://www.meetup.com/pythonhug/events/pqnsctygcgbgc/ 「強韌數位公民力量：從防禦到行動」雙報告發表沙龍 2024/4/24 "Strengthening Digital Civic Space in East Asia: From Defense to Action" Dual Report Release Seminar https://ocftw.kktix.cc/events/drights2 Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/4/24 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/299702416/ HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會 淡水 2024/4/25 https://www.meetup.com/hackingthursday/events/psspctygcgbhc/ 國際5G/6G技術發展趨勢動態觀察 2024/4/26 https://ievents.iii.org.tw/eventS.aspx?t=0&id=2380 iPAS-「初級」資訊安全工程師-能力研習衝刺班 2024/4/27、5/4 https://www.twcert.org.tw/tw/cp-105-7703-b5976-1.html ISA/IEC 62443工控系統資通安全解析及實務分析 2024/4/30 https://www.caa.org.tw/newsdetail-16334.html 【安碁學苑】資安職能培訓｜資訊安全工程師 2024/5/4 https://acsiacad.kktix.cc/events/6ebd7fbd-copy-3 Just a chat - with no Expectations 2024/4/27 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/lsmkqsygcgbkc/ 「工業自動化控制系統-資安指引」說明會 2024/5/10 https://www.tairoa.org.tw/column/bnGenerator.aspx?Language=zh-TW&CategoryId=5&ColumnId=13731 Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/5/22 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/299702425/ 【安碁學苑】資安職能培訓｜系統網路安全管理師 2024/5/24 https://acsiacad.kktix.cc/events/6ebd7fbd-copy-4 2024離島盃資安競賽 2024/5/25 https://shieldx.kktix.cc/events/outlying 資通安全概論--中區--考前複習班 2024/6/4 https://moltke.nccu.edu.tw/Registration/registration.do?action=conferenceInfo&conferenceID=X22767 Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/6/26 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/299702428/ Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/7/24 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/299702433/ AI應用系統開發與生成式AI應用人才培訓班第一梯次 2024/6/27 ~ 2024/8/9 https://www.accupass.com/event/2401100729511706489107 Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/8/28 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/299702435/