資安事件新聞週報 2024/1/22 ~ 2024/1/26

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2024/1/22 ~ 2024/1/26 1.重大弱點漏洞/後門/Exploit/Zero Day Citrix 發布NetScaler ADC 和 NetScaler Gateway的安全更新 https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549 Critical Cisco Flaw Lets Hackers Remotely Take Over Unified Comms Systems https://thehackernews.com/2024/01/critical-cisco-flaw-lets-hackers.html Google 近日發布更新以解決 Chrome 瀏覽器的零時差弱點 https://chromereleases.googleblog.com/ 已有兩年！中國駭客低調武器化 VMware 零日漏洞 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10910 美國CISA 示警第三個 Ivanti 嚴重漏洞被廣泛利用 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10909 VMware 發布 Aria Automation 安全性更新 https://www.vmware.com/security/advisories/VMSA-2024-0001.html 10月修補的VMware vCenter程式碼執行漏洞，傳出2年前就被中國駭客用於攻擊行動 https://www.mandiant.com/resources/blog/chinese-vmware-exploitation-since-2021 微軟收信軟體Outlook存在漏洞，可被用於發動NTLM攻擊 https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes Outlook 漏洞發現! 三種攻擊方法取得NTLM 雜湊值 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10917 逾5,300臺GitLab伺服器曝露於零點擊帳號挾持風險 https://twitter.com/Shadowserver/status/1750115947430416434 MFT檔案傳輸系統GoAnywhere存在身分驗證繞過漏洞，研究人員公布概念性驗證程式碼 https://www.bleepingcomputer.com/news/security/exploit-released-for-fortra-goanywhere-mft-auth-bypass-bug/ Apache ActiveMQ重大漏洞再度出現攻擊行動，駭客用於部署名為Godzilla的Web Shell https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/apache-activemq-vulnerability-leads-to-stealthy-godzilla-webshell/ DevOps協作平臺Atlassian Confluence重大漏洞已出現攻擊行動 https://www.bleepingcomputer.com/news/security/hackers-start-exploiting-critical-atlassian-confluence-rce-flaw/ https://twitter.com/Shadowserver/status/1749372138685915645 https://twitter.com/TheDFIRReport/status/1749066611678466205 新漏洞近期密集揭露！影響Apple、Atlassian、VMware、Apache和Fortra系列產品 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10916 Chinese Hackers Silently Weaponized VMware Zero-Day Flaw for 2 Years https://thehackernews.com/2024/01/chinese-hackers-silently-weaponized.html 持續整合工具Jenkins存在嚴重弱點，有可能被用於遠端執行程式碼 https://www.jenkins.io/security/advisory/2024-01-24/ Critical Jenkins Vulnerability Exposes Servers to RCE Attacks - Patch ASAP https://thehackernews.com/2024/01/critical-jenkins-vulnerability-exposes.html CISA Issues Emergency Directive to Federal Agencies on Ivanti Zero-Day Exploits https://thehackernews.com/2024/01/cisa-issues-emergency-directive-to.html Ivanti Connect Secure VPN Exploitation: New Observations https://www.volexity.com/blog/2024/01/18/ivanti-connect-secure-vpn-exploitation-new-observations/ https://github.com/volexity/threat-intel/blob/main/2024/2024-01-18%20Ivanti%20Connect%20Secure%20pt3/indicators/iocs.csv IBM QRadar Deployment Intelligence app for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities (CVE-2022-25883, CVE-2023-45133) https://www.ibm.com/support/pages/node/7111720?myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E IBM SOAR QRadar Plugin App is vulnerable to using components with known vulnerabilities https://www.ibm.com/support/pages/node/7111679?myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E IBM QRadar SIEM is vulnerable to denial of service (CVE-2022-3171, CVE-2022-3509) https://www.ibm.com/support/pages/node/7110910?myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities https://www.ibm.com/support/pages/node/7110903?myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E Atlassian Confluence - Remote Code Execution (CVE-2023-22527) https://blog.projectdiscovery.io/atlassian-confluence-ssti-remote-code-execution/ https://twitter.com/TheDFIRReport/status/1749424404063232099 Mozilla基金會發布Firefox 122，修補5個高風險漏洞 https://www.securityweek.com/firefox-122-patches-15-vulnerabilities/ Google推出Chrome 121電腦版、行動裝置版本，修補3個高風險漏洞 https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html https://chromereleases.googleblog.com/2024/01/chrome-for-android-update_0750350412.html 2.銀行/金融/保險/證券/金融監理新聞及資安 Fed示警籲銀行業強化資安 https://www.chinatimes.com/newspapers/20240119000150-260202?chdtv 金管會於行政院會報告「113年度春節期間金融服務穩定整備措施」 https://www.banking.gov.tw/ch/home.jsp?id=540&parentpath=0,524,539&mcustomize=multimessage_view.jsp&dataserno=202401250001&aplistdn=ou=news,ou=multisite,ou=chinese,ou=ap_root,o=fsc,c=tw&dtable=News 刑事警察局與永豐金控公司簽訂「建構紅藍隊資安實力、反詐聯防與技術交流研討」合作意向書(MOU) https://www.cib.npa.gov.tw/ch/app/news/view?module=news&id=1887&serno=5dcd331c-ef0b-4478-9359-a3aefc5acc4e 富邦金今年徵才6600人 MA首年挑戰百萬年薪 https://www.cna.com.tw/news/afe/202401190149.aspx 集保積極數位創新基富通四大業務指標全數成長 https://money.udn.com/money/story/5613/7721666 Openfind協助金融單位因應主管機關對Teams即時訊息之稽核要求 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?CnlID=14&cat=50&id=0000683420_RAS3V0ZI3IW0L3LYKX7IG 數位金融服務平臺Payoneer阿根廷用戶傳出遭駭，駭客繞過雙因素驗證洗劫存款 https://www.bleepingcomputer.com/news/security/payoneer-accounts-in-argentina-hacked-in-2fa-bypass-attacks/ 新光銀行獲資訊安全管理系統驗證 https://www.ctee.com.tw/news/20240122700580-431201 合庫金融FIDO服務上線無實體卡無密碼刷臉即可提款 https://news.cnyes.com/news/id/5435240 台灣金融機構 47％已採AI技術 https://www.ctee.com.tw/news/20240123700710-430103 台灣人壽：攜手中信銀行打造行動投保金融生活圈 HomeBank數位身分驗證跨機構把關保戶個資 https://www.rmim.com.tw/news-detail-40399 雄獅跨足保險經紀　目標上市櫃孵小金雞 https://www.ftvnews.com.tw/news/detail/2024123W0141 國泰金擴增雲端版圖國壽、產險加入共近50套系統上雲 https://news.cnyes.com/news/id/5436936 金管會4招確保春節金融服務不打烊緊盯銀行資安 https://reurl.cc/OGr8oD 銀行公會研逐步淘汰實體支票 https://reurl.cc/OGr8KX 3.信用卡/電子支付/行動支付/pay/支付系統/資安資安風暴 7 大趨勢信用卡洩露問題最受關切 https://www.technice.com.tw/techmanage/infosecurity/93894/ 網嘆行動支付、掃碼支付其實不方便！他常卡在這一關：不如掏現金最快 https://tech.udn.com/tech/story/123154/7732693 行動支付比較慢？他嘆「常感應不到」網狂搖頭：一堆人拿錢數半天 https://udn.com/news/story/120912/7731491 每0.03秒就一筆交易！LINE Pay登興櫃暴漲飆破1000元 1張狂賺60萬 https://www.wealth.com.tw/articles/97123b3b-1f72-429c-bf4d-16c1ce0705a1 電子支付仍燒錢第三方支付營運亮眼 https://ec.ltn.com.tw/article/paper/1627650 LINE Pay 將登興櫃坦言今年不會申請電支執照 https://money.udn.com/money/story/5613/7729017 湖南｜跨境電商零售進口稅款電子支付上線 https://reurl.cc/lgyjKY 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安加密貨幣頻涉詐公會籌備小組先行研究產業聯防 https://udn.com/news/story/7239/7721110 突發！火幣交易所遭DDOS攻擊「大當機」，孫宇晨：用戶資金安全無虞 https://www.blocktempo.com/huobi-exchange-suffered-ddos-attack/ 別讓駭客有機可乘！幣圈黑暗森林「自救指南」 https://news.owlting.com/articles/180976 採用區塊鏈的主要挑戰 https://portalcripto.com.br/zh-TW/%E6%8E%A1%E7%94%A8%E5%8D%80%E5%A1%8A%E9%8F%88%E7%9A%84%E4%B8%BB%E8%A6%81%E6%8C%91%E6%88%B0/#google_vignette 【Web3 大西進】第十一集：如何選擇交易所？XREX 資安長獨家分享白帽駭客秘辛與個人資安技巧 https://www.youtube.com/watch?v=DgOn45eEh9g 【Web3 大西進】第十二集：金流追追追！加密貨幣交易如何確保乾淨？XREX 交易所資安長帶你破解 Web3 駭客足跡 https://www.youtube.com/watch?v=DnF7DFuflME 資安團隊Blockfence：一詐騙者1年內創建千枚代幣，Rug Pull得手逾3千萬鎂 https://abmedia.io/blockfence-said-coin-scam-operation-has-stolen-32-million 穩定幣成網路罪犯偏好用於非法活動的加密貨幣 https://www.chainalysis.com/blog/2024-crypto-crime-report-introduction/ 加密貨幣錢包Trezor技術支援網站遭駭，6.6萬用戶資料外洩 https://thehackernews.com/2024/01/hackers-hijack-popular-java-and-android.html 駭客假冒加密貨幣交易所Coinbase等業者，散布惡意程式Inferno Drainer https://www.group-ib.com/blog/inferno-drainer/ 慢霧首席資訊安全官發布2024加密貨幣行業安全態勢預測 https://news.cnyes.com/news/id/5435229 DeFi協Concentric.fi遭遇駭客攻擊，損失約160萬美元 https://www.odaily.news/zhtw/newsflash/351174 跨鏈協議Socket已追回1032枚ETH被盜資金 https://news.cnyes.com/news/id/5436106 準備償還 14 萬枚比特幣？Mt. Gox 向債權人確認收款地址 https://blockcast.it/2024/01/24/mt-gox-confirms-creditors-bitcoin-addresses-for-repayment/ SagaDAO稱其銷售Saga代幣獲得的資金在轉移錢包時遭遇駭客攻擊 https://news.cnyes.com/news/id/5437027?exp=a GMEE Token：駭客仍控制Polygon上約2億枚代幣，正研究補救計劃 https://news.cnyes.com/news/id/5437787 美國政府又要賣幣！公告將出售 2,933 枚 BTC 、價值 1.17 億美元 https://blockcast.it/2024/01/26/us-government-to-sell-2933-bitcoin-seized-from-silk-road/ 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 美國FBI、CISA示警嚴重「Androxgh0st」攻擊，鎖定AWS、Microsoft 365 帳號 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10908 伊朗駭客Charming Kitten鎖定歐美大學、研究機構，散布惡意程式MediaPl https://www.microsoft.com/en-us/security/blog/2024/01/17/new-ttps-observed-in-mint-sandstorm-campaign-targeting-high-profile-individuals-at-universities-and-research-orgs/ 俄羅斯駭客Cold River假借提供加密的PDF文件，散布後門程式Spica https://blog.google/threat-analysis-group/google-tag-coldriver-russian-phishing-malware/ 鎖定蘋果電腦的後門程式透過中國盜版網站代管、散布 https://www.jamf.com/blog/jtl-malware-pirated-applications/ 勒索軟體「變臉」鎖定美國及歐洲的醫療、製造業而來 https://unit42.paloaltonetworks.com/bianlian-ransomware-group-threat-assessment/ 木馬程式Remcos RAT假借色情電玩遊戲散布 https://asec.ahnlab.com/en/60270/ 流量引導系統Parrot被用於將受害者導向惡意網站 https://unit42.paloaltonetworks.com/parrot-tds-javascript-evolution-analysis/ 惡意流量導向系統Parrot TDS被用於將受害者帶往惡意網站 https://unit42.paloaltonetworks.com/parrot-tds-javascript-evolution-analysis/ 駭客濫用遠端桌面軟體TeamViewer於受害電腦植入勒索軟體 https://www.huntress.com/blog/ransomware-deployment-attempts-via-teamviewer 芬蘭IT服務和企業雲端代管業者Tietoevry遭遇勒索軟體攻擊，傳出是Akira所為 https://www.bleepingcomputer.com/news/security/tietoevry-ransomware-attack-causes-outages-for-swedish-firms-cities/ 大型跨國速食連鎖業者Subway傳出遭到勒索軟體LockBit攻擊 https://www.ithome.com.tw/news/160962 https://securityaffairs.com/157852/cyber-crime/lockbit-hacked-sandwich-chain-subway.html https://www.theregister.com/2024/01/22/subways_data_toasted_by_lockbit/ https://www.pcmag.com/news/subway-investigates-possible-ransomware-gang-attack 北韓駭客ScarCruft假借資安研究的名義，企圖對業界專家散布後門程式RokRAT https://s1.ai/ScarFut Ransom.Kasseika 勒索病毒 https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F24%2Fa%2Fkasseika-ransomware-deploys-byovd-attacks-abuses-psexec-and-expl.html&data=05%7C02%7C%7C83d1c4c3fec14c5122e408dc1e446cca%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638418526465289898%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Fj0LgA4AcihYIkc4vzsXCiaPSS6118W7N710pEt8i9Q%3D&reserved=0 勒索軟體Kasseika濫用防毒軟體停用相關防護機制 https://www.trendmicro.com/en_us/research/24/a/kasseika-ransomware-deploys-byovd-attacks-abuses-psexec-and-expl.html 鎖定Mac電腦的竊資軟體透過DNS記錄向受害電腦散布 https://securelist.com/new-macos-backdoor-crypto-stealer/111778/ 英國警告人工智慧在未來2年恐讓勒索軟體威脅加劇 https://www.ncsc.gov.uk/news/global-ransomware-threat-expected-to-rise-with-ai 勒索軟體Kasseika濫用防毒軟體元件停用電腦相關防護機制 https://www.trendmicro.com/en_us/research/24/a/kasseika-ransomware-deploys-byovd-attacks-abuses-psexec-and-expl.html 英國水資源處理業者Southern Water傳出遭勒索軟體Black Basta攻擊 https://securityaffairs.com/157951/cyber-crime/black-basta-gang-claims-the-hack-of-the-uk-water-utility-southern-water.html 駭客組織TA866發動發票網釣攻擊，散布惡意軟體WasabiSeed、Screenshotter https://www.proofpoint.com/us/blog/threat-insight/security-brief-ta866-returns-large-email-campaign 水資源處理業者Veolia北美分公司證實遭遇勒索軟體攻擊，付款系統運作受到影響 https://www.bleepingcomputer.com/news/security/water-services-giant-veolia-north-america-hit-by-ransomware-attack/ 新惡意軟體使用MacOS上的盜版應用程式劫持加密錢包，請注意防範風險 https://www.panews.io/zh_hk/sqarticledetails/fp0rw08yFt.html 證券借貸平台EquiLend遭勒索軟件攻擊部分業務關閉 https://reurl.cc/j3yvjy Kuiper Ransomware’s Evolution https://www.trellix.com/about/newsroom/stories/research/the-evolution-of-the-kuiper-ransomware/ An update on Chaes malware Infostealer https://www.morphisec.com/hubfs/Chae$_Chronicles_Chaes4.1.pdf https://blog.morphisec.com/chaes-chronicles Ransomware Deployment Attempts Via TeamViewer https://www.huntress.com/blog/ransomware-deployment-attempts-via-teamviewer Mimo CoinMiner and Mimus Ransomware Installed via Vulnerability Attacks https://asec.ahnlab.com/en/60440/ npm Package Found Delivering Sophisticated RAT https://blog.phylum.io/npm-package-found-delivering-sophisticated-rat/ Researchers Discover Pirated macOS Apps Similar to ZuRu Malware https://www.jamf.com/blog/jtl-malware-pirated-applications/ Experts Warn of macOS Backdoor Hidden in Pirated Versions of Popular Software https://thehackernews.com/2024/01/experts-warn-of-macos-backdoor-hidden.html Npm Trojan Bypasses UAC, Installs AnyDesk with "Oscompatible" Package https://thehackernews.com/2024/01/npm-trojan-bypasses-uac-installs.html Zloader: No Longer Silent in the Night https://www.zscaler.com/blogs/security-research/zloader-no-longer-silent-night Cracked software beats gold: new macOS backdoor stealing cryptowallets https://securelist.com/new-macos-backdoor-crypto-stealer/111778/ ThreeAM ransomware https://www.intrinsec.com/wp-content/uploads/2024/01/TLP-CLEAR-2024-01-09-ThreeAM-EN-Information-report.pdf Cactus Ransomware https://www.shadowstackre.com/analysis/cactus JAVA-Based Sophisticated Stealer Using Discord Bot as EventListener https://www.trellix.com/about/newsroom/stories/research/java-based-sophisticated-stealer-using-discord-bot-as-eventlistener/ VTA - Kasseika Ransomware Deploys BYOVD Attacks, Abuses PsExec and Exploits Martini Driver https://otx.alienvault.com/pulse/65b1eff3d480775f1acb7e6b 中國駭客組織Blackwood發動軟體供應鏈攻擊，針對中國、日本、英國散布Nspx30間諜程式 https://www.welivesecurity.com/en/eset-research/nspx30-sophisticated-aitm-enabled-implant-evolving-since-2005/ NSPX30: A sophisticated AitM-enabled implant evolving since 2005 https://www.welivesecurity.com/en/eset-research/nspx30-sophisticated-aitm-enabled-implant-evolving-since-2005/ China-backed Hackers Hijack Software Updates to Implant "NSPX30" Spyware https://thehackernews.com/2024/01/china-backed-hackers-hijack-software.html SystemBC Malware's C2 Server Analysis Exposes Payload Delivery Tricks https://thehackernews.com/2024/01/systembc-malwares-c2-server-analysis.html 鎖定日本而來的後門程式Lodeinfo，開始擴大範圍對英文用戶下手 https://blog-en.itochuci.co.jp/entry/2024/01/24/134100 LODEINFO Fileless Malware Evolves with Anti-Analysis and Remote Code Tricks https://thehackernews.com/2024/01/lodeinfo-fileless-malware-evolves-with.html New CherryLoader Malware Mimics CherryTree to Deploy PrivEsc Exploits https://thehackernews.com/2024/01/new-cherryloader-malware-mimics.html Malicious Ads on Google Target Chinese Users with Fake Messaging Apps https://thehackernews.com/2024/01/malicious-ads-on-google-target-chinese.html Russian TrickBot Mastermind Gets 5-Year Prison Sentence for Cybercrime Spree https://thehackernews.com/2024/01/russian-trickbot-mastermind-gets-5-year.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊針對X帳號遭駭事故，美國證券交易委員會證實是遭遇SIM卡置換攻擊所致 https://www.sec.gov/secgov-x-account#jan22 蘋果針對旗下電腦、行動裝置、穿戴裝置發布更新，修補WebKit零時差漏洞 https://www.bleepingcomputer.com/news/apple/apple-fixes-first-zero-day-bug-exploited-in-attacks-this-year/ 針對埋藏於iPhone上的間諜軟體，研究人員揭露名為iShutdown的檢測方法 https://thehackernews.com/2024/01/new-ishutdown-method-exposes-hidden.html 蘋果釋出iOS 17.3正式版本更新加入更嚴謹防盜機制、修補漏洞 https://tech.udn.com/tech/story/123151/7729639 如何掃描手機上的QR Code？網提供Android手機這妙招：真的超快 https://tech.udn.com/tech/story/123151/7730392 新兵注意！這11款中國品牌手機軍中禁用 https://news.ltn.com.tw/news/politics/breakingnews/4563246 C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力網攻無所不在，企業如何強化資安控管 https://www.ctee.com.tw/news/20240123700121-439901 知名元宇宙公司愛實境遭駭離職技術長、工程師惡搞遭起訴 https://today.line.me/tw/v2/article/MLvyp9w 啟動以雲端為網路核心先布建資安網絡控管潛在漏洞 https://www.technice.com.tw/techmanage/infosecurity/93666/ KnowBe4的最新報告指出公部門在2023年遭受網路攻擊的次數大幅增加 https://n.yam.com/Article/20240124284995#google_vignette 惡意流量引導系統VexTrio被用於針對逾7萬個網域發動攻擊 https://blogs.infoblox.com/cyber-threat-intelligence/cybercrime-central-vextrio-operates-massive-criminal-affiliate-program/ 9成兒童用網路設備玩遊戲兒童網路使用安全風險大幅升高 https://www.technice.com.tw/techmanage/infosecurity/92890/ 台酒公司遭駭！員工竟為「做這事」侵入人資電郵竊個資 https://www.chinatimes.com/realtimenews/20240125001150-260402?chdtv 網攻威脅難解菲律賓官方資安求助駭客 https://money.udn.com/money/story/5599/7724634 澳洲健保公司資料遭駭首度公布俄羅斯主謀身份 https://www.rti.org.tw/news/view/id/2193743 歐盟新的《網路安全條例》正式生效，提升面對網路威脅的韌性和回應 https://iknow.stpi.narl.org.tw/Post/Read.aspx?PostID=20370 臺灣加入國際資安應變組織FIRST成員數量2023年創下新高 https://www.ithome.com.tw/news/160961 GKE錯誤配置恐讓攻擊者接管K8s叢集、存取敏感資訊 https://orca.security/resources/blog/sys-all-google-kubernetes-engine-risk-example/ 科技廠接連遭駭網路資安概念基金吸睛 https://turnnewsapp.com/livenews/finance/20240119003196-260410 鎖定環境服務業的DDoS攻擊2023年爆增近620倍 https://blog.cloudflare.com/ddos-threat-report-2023-q4/ 你訂好的資安政策員工為何一直踩線？想改善的話，先掌握這 5 大心理 https://buzzorange.com/techorange/2024/01/22/cybersecurity-risks-employees-training/ 奇葩！貼告示請鄰居增設Wifi密碼　剖白原因捱罵：怎會管到別人家 https://www.hk01.com/article/983048?utm_source=01articlecopy&utm_medium=referral 小孩狂連不睡覺！　家長崩潰求鄰居「Wi-Fi設密碼」 https://news.cts.com.tw/cts/life/202401/202401192278114.html Meta承認使用盜版書籍訓練AI，但拒絕賠償作家 https://www.techbang.com/posts/112523-meta-admits-to-using-pirated-books-to-train-aim-and-refuses 美媒：大陸駭客襲擊多所大學竊取海事技術 https://tw.bg3.co/a/mei-mei-da-lu-hai-ke-xi-ji-duo-suo-da-xue-qie-qu-hai-shi-ji-zhu.html Microsoft Warns of Widening APT29 Espionage Attacks Targeting Global Orgs https://thehackernews.com/2024/01/microsoft-warns-of-widening-apt29.html 俄羅駭客組織APT29入侵HPE的Microsoft 365雲端郵件系統環境，竊取資安團隊相關資料 https://www.sec.gov/ix?doc=/Archives/edgar/data/1645590/000164559024000009/hpe-20240119.htm https://www.cnbc.com/2024/01/24/hpe-hit-by-russian-intelligence-group-that-hacked-microsoft.html https://edition.cnn.com/2024/01/24/tech/hewlett-packard-enterprise-hack-russia-cozy-bear/index.html https://www.bleepingcomputer.com/news/security/hpe-russian-hackers-breached-its-security-teams-email-accounts/ Tech Giant HP Enterprise Hacked by Russian Hackers Linked to DNC Breach https://thehackernews.com/2024/01/tech-giant-hp-enterprise-hacked-by.html 北韓駭客竊取 Gmail 新手法 SHARPEXT 惡用 Chrome 擴充功能 https://reurl.cc/eLLy9M 微軟驚爆遭撞庫攻擊！攻擊者在內網漫遊近２個月　 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10912 https://msrc.microsoft.com/blog/2024/01/microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/ https://www.sec.gov/ix?doc=/Archives/edgar/data/789019/000119312524011295/d708866d8k.htm 微軟遭俄羅斯資助駭客入侵點名「午夜暴雪」 https://www.rti.org.tw/news/view/id/2193456 午夜暴风：俄罗斯APT组织袭击微软高管电子邮件 https://mp.weixin.qq.com/s?__biz=MzIzNDU5NTI4OQ==&mid=2247485103&idx=1&sn=9076480049586a22ffd64d03bc43cb1c 微軟驚傳遭俄國家級駭客組織入侵！遭竊取部份電郵和文件 https://udn.com/news/story/6809/7722503?from=udn-ch1_breaknews-1-cate5-news Microsoft's Top Execs' Emails Breached in Sophisticated Russia-Linked APT Attack https://thehackernews.com/2024/01/microsofts-top-execs-emails-breached-in.html ScarCruft | Attackers Gather Strategic Intelligence and Target Cybersecurity Professionals https://www.sentinelone.com/labs/a-glimpse-into-future-scarcruft-campaigns-attackers-gather-strategic-intelligence-and-target-cybersecurity-professionals/ Vextrio Operates Massive Criminal Affiliate Program https://blogs.infoblox.com/cyber-threat-intelligence/cybercrime-central-vextrio-operates-massive-criminal-affiliate-program/ Letters allegedly from the State Special Communications Service and the State Emergency Service - UAC-0050 attack using RemoteUtilities https://cert.gov.ua/article/6277285 資安工程師––中央研究院資訊服務處 https://www.1111.com.tw/job/85246054/?agent=home_eso_jobindex_schema_findjob MIS資訊工程師 https://www.1111.com.tw/job/113107826/ 【台北 or 桃園】資訊系統維護專員 https://www.1111.com.tw/job/113060155/ 資深 IT 資訊人員 #202401-07 https://www.1111.com.tw/job/113109784/ 【B】資安工程師/資深資安工程師(林口廠) https://www.1111.com.tw/job/112994940/ 網管工程師 https://www.1111.com.tw/job/103719914/ 資安工程師 https://www.1111.com.tw/job/112960508/ 【資訊部】資深專員 https://www.1111.com.tw/job/113078711/ 誠徵▼資安工程師(待過相關產業)★ https://www.1111.com.tw/job/113111772/ 【台北】MIS資訊安全專員 https://www.1111.com.tw/job/113045063/ 資訊/機電駐場工程師(桃園) https://www.1111.com.tw/job/113053512/ 資安工程師 https://www.1111.com.tw/job/103763701/ 資通安全處資安工程師 https://www.1111.com.tw/job/99049690/ 資訊專員(資安工程師) https://www.1111.com.tw/job/113050630/ I204 資深資安工程師(可遠端上班) https://www.1111.com.tw/job/113079100/ 資訊安全專責人員 https://www.1111.com.tw/job/112948493/ 誠徵▼資安工程師(待過相關產業)★ https://www.1111.com.tw/job/113111772/?agent=newsWeb D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全大型服飾集團VF Corp去年遭到入侵，逾3,500萬客戶個資被盜 https://www.sec.gov/ix?doc=/Archives/edgar/data/103379/000119312524010243/d641969d8ka.htm 柏文旗下健身工廠會員個資遭駭，公司啟動強化資安防護，無重大影響 https://ww2.money-link.com.tw/RealtimeNews/NewsContent.aspx?SN=2015470002&PU=0010 「健身工廠」會員個資遭駭柏文說明 https://wantrich.chinatimes.com/news/20240119900821-420101 婚外情網站駭客事件：當婚外戀網站遇上衛道士黑客｜數據洩漏，網絡大戰｜一個黑客組織如何揭露千萬個出軌的伴侶 https://www.youtube.com/watch?v=eTA_41VDGUA Have I Been Pwned收到近7,100萬筆來自惡意程式的外洩電子郵件帳號及逾1億個密碼 https://www.ithome.com.tw/news/160931 史上最大的「資料外洩之母」資料庫曝露260億筆記錄 https://cybernews.com/security/billions-passwords-credentials-leaked-mother-of-all-breaches/ 是時候更新你的密碼了！最新報告指出有 260 億筆資料洩漏，包含數個熱門網站 https://today.line.me/tw/v2/article/zNY5jQk 張心玲：無密碼身分識別下一步推向製造業 https://www.fountmedia.io/article/183252 Invoice Phishing Alert: TA866 Deploys WasabiSeed & Screenshotter Malware https://thehackernews.com/2024/01/invoice-phishing-alert-ta866-deploys.html 是網路釣魚電子郵件嗎？留心這 8 個警訊就不用太擔心 https://today.line.me/tw/v2/article/nXmV1YM 最新詐騙手法！賣家「僅輸入身分證」帳戶錢竟被轉走 https://www.youtube.com/watch?v=Z-ZYa6Ngxy8 柏文：旗下「健身工廠」會員個資遭駭客竊取事件之說明 https://www.moneydj.com/kmdj/news/newsviewer.aspx?a=c4f86bf4-2f5b-4877-a644-283d2c887ae5 豐田旗下印度保險公司的內部系統配置不當，曝露客戶資訊 https://eaton-works.com/2024/01/17/ttibi-email-hack/ 別在公共場所掃 QR code！詐騙集團高招迷惑騙個資和金錢，台灣人也被騙過 https://buzzorange.com/techorange/2024/01/22/the-ftc-is-warning-people-not-to-scan-qr-codes-in-public-places/ 數位詐騙猖獗，公益團體深受其害 https://infosecu.technews.tw/2024/01/23/digital-fraud/ 澳洲最嚴重個資外洩案情報部門矛頭指向俄駭客 https://news.pchome.com.tw/internation/cna/20240123/index-17059774210998918011.html Mailer Lite駭客冒充加密公司，通過網路釣魚郵件非法盜取60萬美元 https://news.cnyes.com/news/id/5436423 史上最大數據洩露事件騰訊15億條占最大宗 https://reurl.cc/VNM4Zn 你的密碼好猜嗎？　資安專家點出「15組超常見組合」：易遭駭客破解 https://www.ctwant.com/article/314180 如何對抗人工智慧產生的網路釣魚攻擊 https://blog.twnic.tw/2024/01/26/29474/ E.研究報告/工具【資安韌性】專題演講：近期企業網路威脅與防禦案例 https://www.youtube.com/watch?v=nsrXX0PiuCU 【資安韌性】專題演講：當前我國資安發展策略 https://www.youtube.com/watch?v=7GuN2PDZLZs 資安風暴下　數位堡壘的必要性 https://mymkc.com/article/content/25140 資安預警通報：X-103_SUPERNOVA攻擊活動歸因及相關技術分析 https://issdu.com.tw/technology_detail.php?id=15 对美国防部《2023网络战略》的解读和分析 https://mp.weixin.qq.com/s?__biz=Mzg4MDU0NTQ4Mw==&mid=2247516005&idx=1&sn=3a293d12021b60e96f7cf37a0f5efafb 波蘭鐵路請駭客分析列車故障原因 https://disp.cc/ptt/Railway/1bgVlC2N 虛擬群聚時代即將來臨 https://news.cnyes.com/news/id/5433238 駭客能讓自駕車把紅燈辨識成綠燈？分析 6 種 AI 模型攻擊提升 AI 安全防禦力 https://reurl.cc/VNM45b 資安管理的內外全面挑戰：從KKday與京鼎事件看資安管理體系的建置及法遵合規要求 https://vocus.cc/article/65ac59f7fd8978000194eb83 掌握ChatGPT進行道德駭客攻擊和滲透測試 https://www.uuu.com.tw/Public/content/article/24/20240122.htm 後端技術考古題- Web Operations 上篇 https://vocus.cc/article/65a880a5fd8978000103fff5 後端技術考古題- Web Operations 下篇 https://vocus.cc/article/65ae1ddffd89780001aa42c7 開源 TensorFlow 機器學習框架存在漏洞！駭客可發起供應鏈攻擊 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10911 從NuLink加密原理，看簡單易訪問加密的重要性 https://news.cnyes.com/news/id/5434772 新招術！研究駭客心理擬定新技術保護手機帳號被盜用攻擊 https://www.technice.com.tw/techmanage/infosecurity/93108/ 滲透測試的重要性和好處 https://reurl.cc/zlD6k7 駭客藉由訓練「惡意GPT」，來發動各式各樣的攻擊活動 https://www.find.org.tw/index/tech_obser/browse/33d812e6629ed6a2284c09c14566a74e/ 研究人員揭露MavenGate攻擊手法，有可能透過已廢棄的程式庫挾持Java及安卓應用程式 https://thehackernews.com/2024/01/hackers-hijack-popular-java-and-android.html https://blog.oversecured.com/Introducing-MavenGate-a-supply-chain-attack-method-for-Java-and-Android-applications/ https://www.sonatype.com/sonatypes-ongoing-commitment-to-maven-central Preventing Data Loss: Backup and Recovery Strategies for Exchange Server Administrators https://thehackernews.com/2024/01/preventing-data-loss-backup-and.html Enter The Gates: An Analysis of the DarkGate AutoIt Loader https://www.splunk.com/en_us/blog/security/enter-the-gates-an-analysis-of-the-darkgate-autoit-loader.html APT29 https://www.fortinet.com/blog/threat-research/teamcity-intrusion-saga-apt29-suspected-exploiting-cve-2023-42793 https://www.rnbo.gov.ua/files/2023_YEAR/CYBERCENTER/november/APT29%20attacks%20Embassies%20using%20CVE-2023-38831%20-%20report%20en.pdf https://socradar.io/apt-profile-cozy-bear-apt29/ https://unit42.paloaltonetworks.com/cloaked-ursa-online-storage-services-campaigns/ Perfecting the Defense-in-Depth Strategy with Automation https://thehackernews.com/2024/01/perfecting-defense-in-depth-strategy.html F.商業中華資安國際連續五年資安廠商評鑑五A最高評價 https://www.chtsecurity.com/news/f426f238-efb7-4da7-a5a9-c29f23a3217b 京鼎官網遭駭客攻擊匯智安全科技宣導靜態資料備份且加密 https://www.ctee.com.tw/news/20240119701806-431202 不用打字、以圖搜圖就能搜尋！Google最新「神級功能」推出，畫圈秒找餐廳、網紅身上單品 https://cava.tw/lifestyle/design&gadgets/249474 AI、上雲催化備份需求！Veeam攜手資褓儲存強化台灣資料保護 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10904 聚上雲攜手Cloudera著眼金融業混合雲資料治理應對數據整合和AI挑戰 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?CnlID=13&id=683657 台灣大培育AI、資安兩大領域專才數位青年T大使招募起跑 https://www.1111.com.tw/news/jobns/154807 Cyber Threat Landscape: 7 Key Findings and Upcoming Trends for 2024 https://thehackernews.com/2024/01/cyber-threat-landscape-7-key-findings.html G.政府上市櫃公司陸續遭駭數位部為何示警社交工程欺騙 https://news.pts.org.tw/article/677146 臺灣也要推Digital Wallet，數位部明年將推數位皮夾，可望整合自然人憑證、駕照等證件 https://www.ithome.com.tw/news/160933 行政院長陳建仁：刻意傳錯假訊息將偵辦審慎處理抖音 https://reurl.cc/1332vQ 新立院首案盼重懲詐騙 https://udn.com/news/story/7339/7721884 境外介選假消息滿天飛　調查局成立「認知戰研究中心」防堵 https://today.line.me/tw/v2/article/nXm7DXg 新通訊診察治療辦法7/1上路適用對象擴大至10類 https://news.pts.org.tw/article/677459 民進黨公職跟進用抖音？沈伯洋揭資安危機：不建議使用 https://news.ltn.com.tw/news/politics/breakingnews/4560387 「因應數位發展部成立，公、私部門資安人力建制及產業資源探討」公聽會報告 https://www.ly.gov.tw/EngPages/Detail.aspx?nodeid=44242&pid=205697 提升資安聯防情資分享！調查局高市調查處與勝一化工簽合作備忘錄 https://www.nownews.com/news/6350800 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安洛克威爾自動化提2024 年工業「 R-E-D 關鍵三軸」強化廠房營運安全 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10906 VicOne與致伸科技攜手提供智慧車隊管理更有效率的汽車網路安全服務 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10907 洛克威爾自動化提2024 年工業「 R-E-D 關鍵三軸」強化廠房營運安全 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10906 感測器於物聯網應用之資安發展分析 https://infosecu.technews.tw/2024/01/22/sensor-iot-information-security/ 中日韓元宇宙政策對台灣發展物聯網之影響 https://ieknet.iek.org.tw/iekrpt/rpt_more.aspx?rpt_idno=52894086 CISA針對開源工控自動化平臺Rapid SCADA弱點提出警告 https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03 首屆汽車漏洞懸賞競賽Pwn2Own Automotive於1月24日至26日在日本舉行 https://www.zerodayinitiative.com/blog/2024/1/23/pwn2own-automotive-2024-the-full-schedule OT資安實例：大型工業控制設備聯網的網路威脅及解方 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10913 I.教育訓練 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 6.近期資安活動及研討會 SANS Cyber Threat Intelligence Summit & Training 2024 2024/1/29 - 2024/2/5 https://www.sans.org/cyber-security-training-events/cyber-threat-intelligence-summit-2024/ SyntaxError 2024/1/31 https://www.meetup.com/pythonhug/events/pqnsctygccbpc/ 第七屆《Hit AI & Blockchain》人工智慧暨區塊鏈產業高峰會 2024/2/6 https://www.accupass.com/event/2311160625102022535520 資安五四三 2024/2/21 https://csa.kktix.cc/events/202402-543 2024資安365年會 2024/2/22 https://www.informationsecurity.com.tw/seminar/2024_TPinfosecurity365/register.aspx 【安碁學苑】IPAS 資訊安全工程師中級證照培訓班 2024/2/20-2024/2/3/5 https://www.accupass.com/event/2312151022301066488466 2024H1資安實戰演練大會AI爆發時代的企業資安聯合軍演 2024/3/6 https://buzzorange.com/techorange/forum/2024h1-cybersecurity-combat-exercise/ 資安事件調查與實務分析 2024/3/6（三） https://docs.google.com/forms/d/1bO_IhZ9gxZ-nFNGVva7ZfRWyX5B3n-sKEdW6nkPtj50/edit 黑客視角：網站漏洞挖掘與防禦 2024/3/20 https://docs.google.com/forms/d/1OGcXzbo2vG9_DU5oQ9DCAF2zWJtewqrd4OM28zdatw4/edit 中區(實體)--校園資安作業與外部審查實務 2024/4/8 https://tp2rc.tanet.edu.tw/node/790