資安事件新聞週報 2023/1/9 ~ 2023/1/13

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2023/1/9 ~ 2023/1/13 1.重大弱點漏洞/後門/Exploit/Zero Day 微軟發佈1月份安全性公告 https://www.cisa.gov/uscert/ncas/current-activity/2023/01/10/microsoft-releases-january-2023-security-updates Microsoft Issues January 2023 Patch Tuesday Updates, Warns of Zero-Day Exploit https://thehackernews.com/2023/01/microsoft-issues-january-2023-patch.html 微軟發布1月份例行修補，共對於98個漏洞提出緩解措施 https://www.bleepingcomputer.com/news/microsoft/microsoft-january-2023-patch-tuesday-fixes-98-flaws-1-zero-day/ 美國聯邦機構限期修補已遭勒索軟體駭客利用的Exchange漏洞OWASSRF https://www.bleepingcomputer.com/news/security/cisa-orders-agencies-to-patch-exchange-bug-abused-by-ransomware-gang/ 已終止支援的思科路由器出現身分驗證繞過漏洞 https://www.bleepingcomputer.com/news/security/cisco-warns-of-auth-bypass-bug-with-public-exploit-in-eol-routers/ Chrome瀏覽器新漏洞允許駭客竊取包括加密錢包在內的敏感文件 https://news.cnyes.com/news/id/5062553 Google發布Chrome 109，修補17項漏洞 https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html Experts Detail Chromium Browser Security Flaw Putting Confidential Data at Risk https://thehackernews.com/2023/01/experts-detail-chromium-browser.html Patch Where it Hurts: Effective Vulnerability Management in 2023 https://thehackernews.com/2023/01/patch-where-it-hurts-effective.html Alert: Hackers Actively Exploiting Critical "Control Web Panel" RCE Vulnerability https://thehackernews.com/2023/01/alert-hackers-actively-exploiting.html Fortinet針對SSL VPN用戶提出警告，駭客利用12月修補的漏洞攻擊政府機關 https://www.bleepingcomputer.com/news/security/fortinet-govt-networks-targeted-with-now-patched-ssl-vpn-zero-day/ FortiOS Flaw Exploited as Zero-Day in Attacks on Government and Organizations https://thehackernews.com/2023/01/fortios-flaw-exploited-as-zero-day-in.html Analysis of FG-IR-22-398 – FortiOS - heap-based buffer overflow in SSLVPNd | Fortinet Blog https://www.fortinet.com/blog/psirt-blogs/analysis-of-fg-ir-22-398-fortios-heap-based-buffer-overflow-in-sslvpnd Adobe 已發布安全更新，以解決多個 Adobe 產品中的弱點 https://www.cisa.gov/uscert/ncas/current-activity/2023/01/10/adobe-releases-security-updates-multiple-products Adobe修補PDF製作與檢視軟體的漏洞 https://www.securityweek.com/adobe-plugs-security-holes-acrobat-reader-software SAP修補旗下產品多項重大漏洞 https://onapsis.com/blog/sap-security-patch-day-january-2023 濫用有漏洞的英特爾網路卡驅動程式，駭客組織Scattered Spider發動BYOVD攻擊，企圖繞過電腦安全防護機制 https://www.crowdstrike.com/blog/scattered-spider-attempts-to-avoid-detection-with-bring-your-own-vulnerable-driver-tactic/ 加密通訊軟體Threema通訊協定出現漏洞，可被用於恢復用戶私鑰 https://breakingthe3ma.app/ Python出現原型汙染的弱點 https://blog.abdulrah33m.com/prototype-pollution-in-python/ NPM套件JsonWebToken的RCE漏洞恐導致2.2萬專案曝險 https://unit42.paloaltonetworks.com/jsonwebtoken-vulnerability-cve-2022-23529/ Linux核心存在高風險安全漏洞(CVE-2022-47939) https://www2.nchu.edu.tw/news-detail/id/54903 2.銀行/金融/保險/證券/支付系統/金融監理新聞及資安 Bluebottle Cybercrime Group Preys on Financial Sector in French-Speaking African Nations https://thehackernews.com/2023/01/bluebottle-cybercrime-group-preys-on.html SpyNote Strikes Again: Android Spyware Targeting Financial Institutions https://thehackernews.com/2023/01/spynote-strikes-again-android-spyware.html 金管會發布《金融資安行動方案2.0》: 三年為期，9大重點 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10275 春節假期將至金管會4招穩定金融防詐不鬆懈 https://www.cna.com.tw/news/afe/202301130223.aspx 金管會於行政院會報告「112年春節期間金融服務穩定整備措施」 https://www.banking.gov.tw/ch/home.jsp?id=169&parentpath=0,2&mcustomize=news_view.jsp&dataserno=202301120005&dtable=News 券商資安違規處罰違約金最高400萬 https://www.sinotrade.com.tw/richclub/news/63bff645ebc145b27d6ebf45 虎年金融業税前淨利大減4成黄天牧強調加強應變的韌性 https://n.yam.com/Article/20230112155208 黃天牧盼今年台股展現韌性、穩健前行護盤措施尚不退場 https://news.cnyes.com/news/id/5061705 集保結算所2022年每股賺7.28元！　7大業務助攻 https://finance.ettoday.net/news/2421958 丹麥中央銀行遭到DDoS攻擊 https://informationsecuritybuzz.com/denmark-central-bank-hit-by-ddos-attack-other-private-bank/ 駭客繞過消費者信用報告機構Experian網站漏洞，存取民眾信用評價 https://krebsonsecurity.com/2023/01/identity-thieves-bypassed-experian-security-to-view-credit-reports/ 先買後付恐釀風暴　金管會緊盯風險 https://news.housefun.com.tw/news/article/178734362548.html 人生的第一張信用卡！一次看18歲成年申辦哪些卡容易過 https://www.gvm.com.tw/article/98694 2023 報稅相關新制報你知 https://reurl.cc/deZodM ATM交易轉帳比重逾半 https://ctee.com.tw/news/finance/789391.html 3.電子支付/行動支付/pay/資安台中捷運行動支付案完成簽約預計今年底啟用 https://www.taichung.gov.tw/2258805/post 悠遊卡、街口支付都能在日本用啦！日本超方便的行動支付介紹～購物超快速 https://today.line.me/tw/v2/article/5yzeV6R 銀行拉攏商家拚行動支付 https://money.udn.com/money/story/5613/6880539 支付業者積極卡位傳LINE Pay擬今年興櫃 https://www.epochtimes.com/b5/23/1/5/n13900083.htm 因應年節前跨行支付金融機構留存清算資金達4087億元 https://reurl.cc/kqAW43 以微服務打造電子支付新黑馬，全支付靠技術力服務百萬會員 https://www.ithome.com.tw/people/155004 香港本地電子支付系統公司Yedpay進軍東盟 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?CnlID=13&cat=990&id=0000654901_M97L5T3KLQ2LM52IL02K2 跨境Trip攻略｜一App在手玩盡中港澳　搭車消費全電子支付極方便 https://www.hk01.com/article/855816?utm_source=01articlecopy&utm_medium=referral 電支習慣大戰開打！44萬「新成年人」口袋又不深，為何成業者狂吸對象 https://www.bnext.com.tw/article/73588/18y-payment-2022q4 憂偽鈔流進北市迪化街商圈鼓勵「電子支付」 https://reurl.cc/MXEm14 電支普及化金融業結盟搶客 https://ctee.com.tw/news/finance/787292.html 你的6千元，在電支業者眼中不只是6千元？解析消費券背後的商戰邏輯 https://www.bnext.com.tw/article/73722/6000-wen-bn 年後全民發6000紅包「3方式領取」怎拿最划算？銀行曝破10%超猛回饋 https://reurl.cc/85mA4g 專營電子支付業務許可申請書件新增律師作為認證人 https://reurl.cc/qZebzq 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安加密貨幣錢包MetaMask用戶面臨網址中毒攻擊 https://metamask.zendesk.com/hc/en-us/articles/11967455819035-Address-poisoning-scams 加密貨幣漸進監理金管會：從資產分離等3面向著手 https://reurl.cc/bGpop6 防BNPL釀風暴金管會對業者提兩建議 https://www.ttv.com.tw/finance/view/?i=01202312220379B8B39C0954422A83AAE928329B855FE33A&from=587 零U投毒猖獗》Metamask教你「5招自保」、V神：建議用ENS https://www.blocktempo.com/alert-users-to-prevent-address-poisoning-attacks/ 火必生態鏈HECO最大借貸協議LendHub遭駭！損失近600萬鎂 https://www.blocktempo.com/heco-largest-lending-agreement-lendhub-was-hacked/ 數位人民幣功能升級無網無電支付上線 https://money.udn.com/money/story/5603/6904162 數碼港元在香港的機遇 https://reurl.cc/gQ5bvQ 阿里據報擬減持印度支付龍頭Paytm逾3%　作價9.8億港元 https://reurl.cc/DX5M1j 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 防禦勒索病毒應超前部署 https://ctee.com.tw/news/tax-law/791773.html 新發現！俄羅斯APT組織Turla 正搭載已有十年之久惡意軟體佈建新後門 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10286 駭客利用8年前的Intel驅動程式漏洞，在Windows電腦安裝惡意程式 https://www.ptt.cc/bbs/PC_Shopping/M.1673580151.A.F6C.html 2023年每起事件損失將超過500萬美元！勒索軟體仍是頭號威脅 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10284 衛報證實勒索軟體攻擊事件駭客竊取員工資料 https://www.infosecurity-magazine.com/news/guardian-confirms-ransomware-attack/ 澳洲消防救援隊資料外洩，疑勒索軟體Vice Society所為 https://www.bleepingcomputer.com/news/security/vice-society-ransomware-claims-attack-on-australian-firefighting-service/ 英國郵務業者Royal Mail遭遇網路攻擊疑勒索軟體LockBit所為 https://www.bleepingcomputer.com/news/security/royal-mail-cyberattack-linked-to-lockbit-ransomware-operation/ 勒索軟體Cuba利用OWASSRF漏洞入侵Exchange https://www.bleepingcomputer.com/news/security/microsoft-cuba-ransomware-hacking-exchange-servers-via-owassrf-flaw/ 駭客組織StrongPity假借提供視訊聊天軟體Shagle的名義散布惡意軟體 https://www.welivesecurity.com/2023/01/10/strongpity-espionage-campaign-targeting-android-users/ 義大利使用者遭到竊密軟體鎖定，目標是加密貨幣錢包與網頁瀏覽器敏感資料 https://www.uptycs.com/blog/infostealer-malware-attacks-targeting-italian-region/ 惡意軟體Kinsing入侵Kubernetes環境的攻擊行動升溫 https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/initial-access-techniques-in-kubernetes-environments-used-by/ba-p/3697975 護理之家Consulate Health Care遭勒索軟體Hive攻擊 https://securityaffairs.com/140452/cyber-crime/consulate-health-care-hive-ransomware.html 鎖定Mac電腦的勒索軟體也出現新型態攻擊手法！駭客採用寄生攻擊並導入反偵測的機制 https://www.microsoft.com/en-us/security/blog/2023/01/05/unraveling-the-techniques-of-mac-ransomware/ 駭客假借提供寶可夢電玩的名義，散布NetSupport RAT木馬程式 https://asec.ahnlab.com/en/45312/ 美國賓州婦女診所遭勒索軟體攻擊 https://www.bankinfosecurity.com/womens-health-clinic-suffers-breach-in-ransomware-attack-a-20878 俄羅斯駭客Turla利用USB裝置散布惡意軟體Andromeda https://www.mandiant.com/resources/blog/turla-galaxy-opportunity Russian Turla Hackers Hijack Decade-Old Malware Infrastructure to Deploy New Backdoors https://thehackernews.com/2023/01/russian-turla-hackers-hijack-decade-old.html BlindEagle Targeting Ecuador With Sharpened Tools https://research.checkpoint.com/2023/blindeagle-targeting-ecuador-with-sharpened-tools/ New APT organization Saaiwc Group targeting the military, finance and other departments in Southeast Asia https://mp.weixin.qq.com/s/G3gUjg9WC96NW4cRPww6gw Emotet returns and deploys loaders https://www.intrinsec.com/emotet-returns-and-deploys-loaders/ https://raw.githubusercontent.com/Intrinsec/IOCs/main/Emotet/INTRINSEC_MLW_EMOTET_IOCs_09_01_2023.csv StrongPity espionage campaign targeting Android users https://www.welivesecurity.com/2023/01/10/strongpity-espionage-campaign-targeting-android-users/ Raspberry Robin’s botnet second life https://blog.sekoia.io/raspberry-robins-botnet-second-life/ 惡意軟體Gootkit假借影音播放器VLC散布，針對澳洲醫療機構散布Cobalt Strike http://www.trendmicro.com/en_us/research/23/a/gootkit-loader-actively-targets-the-australian-healthcare-indust.html Gootkit Loader Actively Targets Australian Healthcare Industry https://www.trendmicro.com/en_us/research/23/a/gootkit-loader-actively-targets-the-australian-healthcare-indust.html Gootloader Malware Leads to Cobalt Strike and Hand-on-Keyboard Activity https://www.esentire.com/blog/gootloader-leads-to-cobalt-strike-and-hand-on-keyboard-activity Dark Pink - New APT hitting Asia-Pacific, Europe that goes deeper and darker https://blog.group-ib.com/dark-pink-apt NeedleDropper https://decoded.avast.io/threatresearch/needledropper/ NoName057(16) - The Pro-Russian Hacktivist Group Targeting NATO https://www.sentinelone.com/labs/noname05716-the-pro-russian-hacktivist-group-targeting-nato/ Rhadamanthys: New Stealer Spreading Through Google Ads https://blog.cyble.com/2023/01/12/rhadamanthys-new-stealer-spreading-through-google-ads/ Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS https://thehackernews.com/2023/01/microsoft-reveals-tactics-used-by-4.html Dridex Malware Now Attacking macOS Systems with Novel Infection Method https://thehackernews.com/2023/01/dridex-malware-now-attacking-macos.html Rackspace Confirms Play Ransomware Gang Responsible for Recent Breach https://thehackernews.com/2023/01/rackspace-confirms-play-ransomware-gang.html 惡意PyPI套件透過Cloudflare隧道服務繞過防火牆 https://blog.phylum.io/a-deep-dive-into-powerat-a-newly-discovered-stealer/rat-combo-polluting-pypi Malicious PyPI Packages Using Cloudflare Tunnels to Sneak Through Firewalls https://thehackernews.com/2023/01/malicious-pypi-packages-using.html Italian Users Warned of Malware Attack Targeting Sensitive Information https://thehackernews.com/2023/01/italian-users-warned-of-malware-attack.html New Analysis Reveals Raspberry Robin Can be Repurposed by Other Threat Actors https://thehackernews.com/2023/01/new-analysis-reveals-raspberry-robin.html Kinsing Crypto Malware Hits Kubernetes Clusters via Misconfigured PostgreSQL https://thehackernews.com/2023/01/kinsing-cryptojacking-hits-kubernetes.html Australian Healthcare Sector Targeted in Latest Gootkit Malware Attacks https://thehackernews.com/2023/01/australian-healthcare-sector-targeted.html Cybercriminals Using Polyglot Files in Malware Distribution to Fly Under the Radar https://thehackernews.com/2023/01/cybercriminals-using-polyglot-files-in.html IcedID Malware Strikes Again: Active Directory Domain Compromised in Under 24 Hours https://thehackernews.com/2023/01/icedid-malware-strikes-again-active.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 WhatsApp Introduces Proxy Support to Help Users Bypass Internet Censorship https://thehackernews.com/2023/01/whatsapp-introduces-proxy-support-to.html StrongPity Hackers Distribute Trojanized Telegram App to Target Android Users https://thehackernews.com/2023/01/strongpity-hackers-distribute.html Expert Analysis Reveals Cryptographic Weaknesses in Threema Messaging App https://thehackernews.com/2023/01/expert-analysis-reveals-cryptographic.html 抖音、小紅書上的台灣青少年：當本土認同與中國社群媒體熱潮並行 https://theinitium.com/article/20230113-taiwan-concerns-teens-chineseapps/ 美國50州過半封殺TikTok！華為、微信、海康威視也掃到颱風尾 https://www.cmmedia.com.tw/home/articles/38182 C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力程式碼編輯器VS Code的外掛程式市集恐遭駭客濫用 https://blog.aquasec.com/can-you-trust-your-vscode-extensions 曾賣毒給蕭淑慎！毒后小妖落網斜槓當「駭客」密碼打錯就格式化 https://reurl.cc/KXgom9 勒索軟體駭客Lorenz藉由VoIP電話系統漏洞部署後門 https://insights.s-rminform.com/lorenz-cyber-intelligence-briefing-special 美國內部資安漏洞密碼竟出現「Password-1234」 https://www.technice.com.tw/cloudtech/infosecurity/34054/ 彭博：「星鏈」引發資安疑慮　特斯拉在上海擴廠計畫遭擱置 https://www.taisounds.com/Global/Top-News/All/uid5852935841 Group-IB揭露由Dark Pink駭客組織發起，鎖定亞太軍事與政府單位的APT攻擊 https://www.ithome.com.tw/news/155128 駭客組織Dark Pink鎖定亞太地區政府與軍事單位 https://www.group-ib.com/media-center/press-releases/dark-pink-apt/ 英國半導體業者Morgan Advanced Materials遭到網路攻擊 https://therecord.media/british-company-that-helps-make-semiconductors-hit-by-cyber-incident/ 英國郵務業者Royal Mail遭到網路攻擊，暫停部分國際業務 https://www.bleepingcomputer.com/news/security/royal-mail-halts-international-services-after-cyberattack/ 美國愛荷華州大型學校遭到網路攻擊被迫停課 https://www.bleepingcomputer.com/news/security/iowa-s-largest-school-district-cancels-classes-after-cyberattack/%E3%80%81 美國國土安全局、CISA計畫打造以AI為基礎的資安分析沙箱 https://www.theregister.com/2023/01/10/dhs_cisa_cybersecurity_sandbox/ 美國FAA飛航系統當機全美航班大亂讓人聯想911 https://news.cts.com.tw/cts/international/202301/202301122131547.html 塞爾維亞傳出遭到大規模DDoS攻擊 https://therecord.media/serbian-government-reports-massive-ddos-attack-amid-heightened-tensions-in-balkans 哥倫比亞和厄瓜多爾組織遭駭客組織Blind Eagle鎖定 https://research.checkpoint.com/2023/blindeagle-targeting-ecuador-with-sharpened-tools/ 阿芬迪:駭客入侵武裝部隊網絡仍安全 https://reurl.cc/GX0YWW 比利時國安局報告：中國利用灰色地帶影響歐洲決策 https://udn.com/news/story/6809/6909510 New Study Uncovers Text-to-SQL Model Vulnerabilities Allowing Data Theft and DoS Attacks https://thehackernews.com/2023/01/new-study-uncovers-text-to-sql-model.html Dark Pink APT Group Targets Governments and Military in APAC Region https://thehackernews.com/2023/01/dark-pink-apt-group-targets-governments.html 資安經理/副理 (跨國金控) https://www.linkedin.com/jobs/view/%E8%B3%87%E5%AE%89%E7%B6%93%E7%90%86-%E5%89%AF%E7%90%86-%E9%87%91%E6%8E%A7-at-michael-page-3431126611/?originalSubdomain=tw 資通安全組-高級工程師(221) https://job.taiwanjobs.gov.tw/Internet/jobwanted/JobDetail.aspx?EMPLOYER_ID=628290&HIRE_ID=11705017 資訊類資安工程師 https://job.taiwanjobs.gov.tw/Internet/jobwanted/JobDetail.aspx?R2=5&EMPLOYER_ID=410&HIRE_ID=11705189 竹北大樓-資安門禁安檢員(固定日/夜班) https://www.104.com.tw/job/7vega?jobsource=googlejobs 資安主管 http://www.9999.com.tw/JobShow.asp?j_no=25819 富邦金聯合徵才計畫起跑招募多元領域菁英 https://www.ttv.com.tw/finance/view/0120231213513E1D5DFE843E46B286EE810031FD11B1FFD0/587 資安經理 (串流龍頭) https://www.linkedin.com/jobs/view/%E8%B3%87%E5%AE%89%E7%B6%93%E7%90%86-%E4%B8%B2%E6%B5%81%E9%BE%8D%E9%A0%AD-at-michael-page-3431129053/?originalSubdomain=tw 資安副理(Security Assistant Manager) https://www.yourator.co/companies/deloitte/jobs/28050 D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 Twitter Denies Hacking Claims, Assures Leaked User Data Not from its System https://thehackernews.com/2023/01/twitter-denies-hacking-claims-assures.html 國外論壇販售華航會員資料，外洩名單包含賴清德、張忠謀和林志玲 https://www.ithome.com.tw/news/155167 華航證實遭到網路勒索，駭客論壇已出現資料外洩資訊 https://www.facebook.com/hackercat1215/posts/pfbid0318wer26KWGrB2t1MXxBEp1Tg3wRzp5PQEtSYyVMUvCguYyKv8P1HUsTF6VWGNHgLl 針對2億外流用戶資料，推特表示並非因2022年1月修補的漏洞流出 https://www.bleepingcomputer.com/news/security/twitter-claims-leaked-data-of-200m-users-not-stolen-from-its-systems/ 日本保險業者Aflac癌症險保戶資料外洩，疑美國合作夥伴引起 https://www.theregister.com/2023/01/11/japan_aflac_zurich_data_breaches/ 竊密軟體Vidar透過1,300個冒牌AnyDesk網站散布 https://www.bleepingcomputer.com/news/security/over-1-300-fake-anydesk-sites-push-vidar-info-stealing-malware/ 法國航空、荷蘭航空通知旅客帳號遭竊事故 https://www.bleepingcomputer.com/news/security/air-france-and-klm-notify-customers-of-account-hacks/ 雲端服務業者Rackspace再透露12月資安事故調查結果，駭客存取部分用戶資料 https://www.bleepingcomputer.com/news/security/rackspace-customer-email-data-accessed-in-ransomware-attack/ 冒牌OnlyFans成人約會網站濫用英國政府網站的開放重新導向弱點 https://www.bleepingcomputer.com/news/security/fake-onlyfans-dating-sites-abuse-uk-environment-agency-open-redirect/ 美國德州救護車服務業者遭勒索軟體攻擊，恐洩露逾60萬人個資 https://www.bankinfosecurity.com/texas-county-ems-agency-says-ransomware-breach-hit-612000-a-20876 個資外洩是國安問題 https://talk.ltn.com.tw/article/paper/1562388 年關將至網路詐騙防不勝防打詐中心四大面向防堵 https://www.rti.org.tw/news/view/id/2156224 詐騙集團假行員來電　立委陳亭妃：差點被騙 https://www.mnews.tw/story/20230113sot12010 Deepfake掀起的新科技犯罪風暴專家教你4招肉眼破解技巧 https://tfc-taiwan.org.tw/articles/8681 年節恐將迎來詐騙高峰跨部會合作助防詐 https://news.pts.org.tw/article/618692 你的產業也上榜了嗎？2022 駭客最愛用惡意電子郵件攻擊這 5 大產業 https://buzzorange.com/techorange/2023/01/13/acronis-cyberthreats-report/ Twitter澄清「推特個資外洩」非系統漏洞！強烈建議啟用雙重認證 https://www.blocktempo.com/twitter-update-about-user-data-being-sold-online/ 推特否認駭客銷售的客戶資料由公司安全漏洞取得 https://www.technice.com.tw/outbound/news/34166/ 克里斯伊凡 Chris Evans 不爽假帳號詐騙，發文警告：「我的帳戶只有一個，其他都是假的！」 https://reurl.cc/x1q8n1 E.研究報告/工具研究人員揭露Trojan Puzzle攻擊手法，可訓練AI助理產生惡意程式碼 http://arxiv.org/pdf/2301.02344.pdf 研究人員揭露新型態的Text-to-SQL機器學習模型弱點，恐被用於竊取資料或是發動阻斷服務攻擊 https://arxiv.org/abs/2211.15363 Blind Eagle Hackers Return with Refined Tools and Sophisticated Infection Chain https://thehackernews.com/2023/01/blind-eagle-hackers-return-with-refined.html Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub https://thehackernews.com/2023/01/hackers-using-captcha-bypass-tactics-in.html Why Do User Permissions Matter for SaaS Security https://thehackernews.com/2023/01/why-do-user-permissions-matter-for-saas.html Top SaaS Cybersecurity Threats in 2023: Are You Ready https://thehackernews.com/2023/01/top-saas-cybersecurity-threats-in-2023.html Hackers Can Abuse Visual Studio Marketplace to Target Developers with Malicious Extensions https://thehackernews.com/2023/01/hackers-distributing-malicious-visual.html Severe Security Flaw Found in "jsonwebtoken" Library Used by 22,000+ Projects https://thehackernews.com/2023/01/critical-security-flaw-found-in.html An open-source visual website builder to create your websites and web apps like a pro in no time! https://reurl.cc/4X9MdK Today’s Software Developers Will Stop Coding Soon https://medium.com/codex/todays-software-developers-will-stop-coding-soon-712e7661bbef Can ChatGPT Write Better SQL than a Data Analyst https://towardsdatascience.com/can-chatgpt-write-better-sql-than-a-data-analyst-f079518efab2 F.商業 AWS資安長CJ Moses預測2023年六大安全趨勢 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10285 F5擴充SaaS安全方案，推出分散式雲應用基礎架構防護AIP https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10280 趨勢科技成立5G資安新公司 CTOne 著眼三大目標市場 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10279 設備即安全! 台灣富士軟片資訊Apeos 7580/6580高階黑白多功能事務機提升數據資產安全性 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10276 泰富國際網絡推出全新SASE安全存取服務邊緣 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?cnlid=14&cat=60&id=0000653930_BFWLGI6W23ZVP213P060G Palo Alto Networks：認清5大網安迷思有效採取零信任策略 https://reurl.cc/ROMoVn 十年經驗不藏私！DEVCORE研討會三月登場 https://money.udn.com/money/story/10860/6907236 認清5大網安迷思，有效採取零信任 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10293 Akamai：從2022年技術趨勢中，洞見2023年安全應對策略 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10290 G.政府健保署科長傳出擅自查詢情報人員個資，恐涉嫌國家情報工作法 https://www.cna.com.tw/news/ahel/202301100352.aspx 健保署官員涉嫌濫用職權查詢個資長達13年 https://news.ltn.com.tw/news/politics/paper/1561851 回應健保署個資外洩上萬筆的媒體報導 http://sc-dr.tw/content-detail.php?type=5&id=6631 普發6千數位部2月底前完成系統上線準備 https://www.rti.org.tw/news/view/id/2156176 普發現金等過年後數位部：2月底前完成系統串接測試 https://reurl.cc/10RWyW 唐鳳訪立陶宛國會、參與論壇交流數位韌性議題 https://www.rti.org.tw/news/view/id/2156246 太空中心風光改名、6倍履歷湧進，卻還有三難關 https://www.gvm.com.tw/article/98682 稽核常見待改善事項及建議作法 https://reurl.cc/6LzR6y 資通安全網路月報（111年12月） https://moda.gov.tw/ACS/press/report/3565 安碁揭露臺灣公務機關資安現況：上傳漏洞和SQL Injection是大宗資安事件主因 https://www.ithome.com.tw/news/155149 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安 Millions of Vehicles at Risk: API Vulnerabilities Uncovered in 16 Major Car Brands https://thehackernews.com/2023/01/millions-of-vehicles-at-risk-api.html Over 100 Siemens PLC Models Found Vulnerable to Firmware Takeover https://thehackernews.com/2023/01/over-100-siemens-plc-models-found.html 逾百款西門子PLC設備存在漏洞，恐導致韌體遭到挾持 https://redballoonsecurity.com/siemens-discovery/ 華碩Wi-Fi路由器出現漏洞，恐導致資訊洩露與阻斷服務攻擊 https://blog.talosintelligence.com/vulnerability-spotlight-asus-router-access-information-disclosure-denial-of-service-vulnerabilities-discovered/ 台灣大、虎門、Rescale 「工業模擬解決方案」 https://www.idn.com.tw/news/news_content.aspx?catid=2&catsid=1&catdid=0&artid=20230112lulu002 I.教育訓練 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 6.近期資安活動及研討會【高雄限定】一日駭客體驗營｜６小時了解資安滲透 2023/1/14 https://www.accupass.com/event/2211150721101457239234 線上資安專題講座-工業控制系統資安威脅分析與防禦策略 2023/1/14 https://isipevent.kktix.cc/events/6c2fc51b Just a chat - with no Expectations 2023/1/14 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/290803106/ WordPress - 桃園午茶小聚 #20 2023/1/14 https://www.meetup.com/taoyuan-wordpress-meetup/events/290644354/ WordPress 台北小聚 - 新年快樂 @ 巴菲特國際商務中心 2023/1/16 https://www.meetup.com/taipei-wordpress/events/290629883/ 加密大逃殺？善用 Web3 去中心化錢包 2023/1/18 https://www.accupass.com/event/2212280753431784994319 SyntaxError 2023/1/18 https://www.meetup.com/pythonhug/events/290892168/ Informal Social Event: La Salle bar at DoubleTree By Hilton Taipei Zhongshan 2023/1/19 https://www.meetup.com/cambridge-graduates-in-taiwan/events/289964219/ tinyML Talks by Manuele Rusci from KU Leuven 2023/1/27 https://www.meetup.com/tinyml-enabling-low-power-ml-at-the-edge-taipei-taiwan/events/290860749/ Airflow Taiwan User Meetup 2023/2/2 https://www.meetup.com/taipei-py/events/290566341/ 金融資安研習營 2023/2/9 ~ 2023/2/10 https://fisw.ccisa.org.tw/ Hugging Face : Image Classification 2023/2/21 https://www.meetup.com/tensorflow-user-group-taipei/events/290714239/ 淺談總經數據與金融市場應用 2023/2/27 https://www.meetup.com/rladies-taipei/events/290280800/ DEVCORE Conference 2023 2023/3/10 ~ 2023/3/11 https://devcore.kktix.cc/events/devcoreconf2023 iPAS中級資訊安全人員訓練班 2023/5/4 ~ 2023/6/1 https://edu.tcfst.org.tw/web/tw/class/show.asp?courseidori=12C013