###### tags: `資安事件新聞週報` # 資安事件新聞週報 2024/4/15 ~ 2024/4/19 1.重大弱點漏洞/後門/Exploit/Zero Day 利用中！Palo Alto Networks示警 PAN-OS存在零日漏洞 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11032 Palo Alto 示警 PAN-OS存在零日弱點 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11032 Palo Alto Networks對PAN-OS 軟體零日漏洞CVE-2024-3400發出緊急修補 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11037 Palo Alto Networks 驚爆風險等級 10 的安全漏洞 影響多項產品 https://netmag.tw/2024/04/16/palo-alto-vpn-product-zero-zero-vulnerability-vulnerability-risk-value-10-0 Palo Alto Networks Releases Urgent Fixes for Exploited PAN-OS Vulnerability https://thehackernews.com/2024/04/palo-alto-networks-releases-urgent.html Hackers Exploit Fortinet Flaw, Deploy ScreenConnect, Metasploit in New Campaign https://thehackernews.com/2024/04/hackers-exploit-fortinet-flaw-deploy.html Cisco Warns of Global Surge in Brute-Force Attacks Targeting VPN and SSH Services https://thehackernews.com/2024/04/cisco-warns-of-global-surge-in-brute.html Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack https://thehackernews.com/2024/04/hackers-deploy-python-backdoor-in-palo.html PuTTY存在私鑰洩露漏洞 https://www.ithome.com.tw/news/162336 CVE-2024-31497: Critical PuTTY Vulnerability Exposes Private Keys – Immediate Action Required https://securityonline.info/cve-2024-31497-critical-putty-vulnerability-exposes-private-keys-immediate-action-required/ 杜絕XZ後門！OWASP發佈十大開源軟體安全風險清單 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11039 Citrix 已發布XenServer和Citrix Hypervisor安全性更新 https://support.citrix.com/article/CTX633151/xenserver-and-citrix-hypervisor-security-update-for-cve202346842-cve20242201-and-cve202431142 https://www.cisa.gov/news-events/alerts/2024/04/12/citrix-releases-security-updates-xenserver-and-citrix-hypervisor Zero-Day Alert: Critical Palo Alto Networks PAN-OS Flaw Under Active Attack https://thehackernews.com/2024/04/zero-day-alert-critical-palo-alto.html Palo Alto Networks zero-day exploited since March to backdoor firewalls https://www.bleepingcomputer.com/news/security/palo-alto-networks-zero-day-exploited-since-march-to-backdoor-firewalls/ Fortinet推出新版FortiOS 7.6作業系統及安全織網平台重大更新 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11035 Fortinet 已發布多個產品安全性更新 https://www.fortiguard.com/psirt/FG-IR-23-493 https://www.fortiguard.com/psirt/FG-IR-23-087 https://www.fortiguard.com/psirt/FG-IR-23-345 逾8萬臺Palo Alto Networks防火牆曝露於危急漏洞CVE-2024-3400 https://www.ithome.com.tw/news/162415 Palo Alto Networks防火牆零時差漏洞已出現攻擊行動 https://www.ithome.com.tw/news/162282 BatBadBut漏洞恐讓駭客在Windows電腦執行命令注入攻擊 https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/ 權管理系統Delinea Secret Server存在危急漏洞，恐被用於挾持管理員帳號 https://www.helpnetsecurity.com/2024/04/15/delinea-secret-server-vulnerability/ 濫用FortiClient集中控管系統的漏洞攻擊浮上檯面，駭客將遇害伺服器改為下載遠端管理工具與惡意指令碼的轉運站 https://www.ithome.com.tw/news/162389 Juniper 已發布安全更新，以解決 Junos OS 和 Junos OS Evolved 中的弱點 https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-A-specific-EVPN-type-5-route-causes-rpd-crash-CVE-2024-30394?language=en_US Widely-Used PuTTY SSH Client Found Vulnerable to Key Recovery Attack https://thehackernews.com/2024/04/widely-used-putty-ssh-client-found.html 微軟發佈4月份安全性公告 https://msrc.microsoft.com/update-guide/releaseNote/2024-Apr https://www.cisa.gov/news-events/alerts/2024/04/09/microsoft-releases-april-2024-security-updates Microsoft 推出 2024 年 4 月 Patch Tuesday 每月例行更新修補包 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11031 A new journey with Windows: Microsoft's "end of support" notice for Windows 10 users https://www.ghacks.net/2024/04/12/a-new-journey-with-windows-microsofts-end-of-support-notice-for-windows-10-users/ Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack https://thehackernews.com/2024/04/hackers-deploy-python-backdoor-in-palo.html IBM Security QRadar Analyst Workflow app for IBM QRadar SIEM includes components with known vulnerabilities https://www.ibm.com/support/pages/node/7148190 IBM QRadar - When The Attacker Controls Your Security Stack (CVE-2022-26377) https://labs.watchtowr.com/ibm-qradar-when-the-attacker-controls-your-security-stack/ Microsoft Windows、Google Chrome、Microsoft Edge等軟體存在高風險安全漏洞，請同仁儘速確認並進行更新或修補作業 https://www.cc.ntust.edu.tw/p/404-1050-123855.php?Lang=zh-tw Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400) https://reurl.cc/EjKeGR 韌體安全堪慮！Intel和Lenovo伺服器受長達6年Lighttpd漏洞影響 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11033 Ivanti修補Avalanche行動裝置管理系統危急漏洞 https://forums.ivanti.com/s/article/Avalanche-6-4-3-Security-Hardening-and-CVEs-addressed Oracle發布2024年第2季例行更新，總共公布441個修補程式 https://www.oracle.com/security-alerts/cpuapr2024.html Oracle Critical Patch Update for April 2024 https://reurl.cc/Ze7WQM Intel and Lenovo BMCs Contain Unpatched Lighttpd Server Flaw https://thehackernews.com/2024/04/intel-and-lenovo-bmcs-contain-unpatched.html 中繼資料管理工具OpenMetadata遭挾持，攻擊者藉此入侵K8s並部署挖礦軟體 https://www.ithome.com.tw/news/162397 Hackers Exploit OpenMetadata Flaws to Mine Crypto on Kubernetes https://thehackernews.com/2024/04/hackers-exploit-openmetadata-flaws-to.html 鎖定SAP應用系統的攻擊行動以倍數成長 https://go.onapsis.com/threat-report/ch4tter 新型態Spectre v2攻擊手法影響搭載Intel處理器的Linux電腦 https://www.ithome.com.tw/news/162307 Windows版Telegram用戶端程式存在零時差漏洞，有可能被拿來執行Python指令碼 https://www.bleepingcomputer.com/news/security/telegram-fixes-windows-app-zero-day-used-to-launch-python-scripts/ DevOps協作平臺Atlassian Confluence已知漏洞遭到利用，慘遭勒索軟體Cerber攻入 https://www.ithome.com.tw/news/162387 2.銀行/金融/保險/證券/金融監理 新聞及資安 證券商內部控制制度標準規範宣導說明會 明日起跑 https://www.ctee.com.tw/news/20240417701374-430201 安卓金融木馬SoumniBot利用作業系統弱點迴避偵測 https://securelist.com/soumnibot-android-banker-obfuscates-app-manifest/112334/ 政大教授彭金隆出任金管會主委！保險、金融都是他守備範圍 上任後的2任務與1挑戰 https://www.wealth.com.tw/articles/e475bf34-ff86-4c10-8126-2b4ae347dfb1 金管會主委爆黑馬 彭金隆肩負打擊金融詐騙重任 https://www.cna.com.tw/news/aipl/202404160076.aspx 中共國務院與金融機構再被巡視 官員密集落馬 https://reurl.cc/QR7XLq 財金公司4月21日凌晨 將辦理「ATM跨行服務系統主備中心切轉演練」 https://udn.com/news/story/7239/7907889 3.信用卡/電子支付/行動支付/pay/支付系統/資安 Sneaky Credit Card Skimmer Disguised as Harmless Facebook Tracker https://thehackernews.com/2024/04/sneaky-credit-card-skimmer-disguised-as.html Pay.Taipei成效差挨批　北市資訊局考慮退場 https://www.cardu.com.tw/news/detail.php?51200 北市支付平台pay.taipei難與民間廠商競爭 資訊局：思考退場機制 https://news.ltn.com.tw/news/life/breakingnews/4642838 吃火鍋想刷LINE Pay！店員稱「需要多收3%」　他花7千多：改用現金 https://finance.ettoday.net/news/2689191 HIVEX跨境行動支付日本反掃功能解鎖 實現支付最大覆蓋 https://udn.com/news/story/7241/7810104 不一定要掃碼才能購物！陸「行動支付綁定繁瑣」遊客卻步 官方推動商家做好現金備付 https://reurl.cc/70ykpd 恭喜中獎竟是烏龍一場　全支付會員氣炸批詐騙 https://www.cardu.com.tw/news/detail.php?51153 全支付發烏龍假訊息送「9萬郵輪雙人遊」系統出包？行銷活動？ 金管會介入了解 https://reurl.cc/9vZ4Vn 全支付出包！網紅啾啾鞋也收到中獎通知 全聯致歉：用字造成誤會 https://reurl.cc/mMqDl7 內地乘車碼攻略｜不用買全國通！WeChat Pay支援最多城市/Alipay HK優惠低至5折/八達通×雲閃付免手續費 https://reurl.cc/va57kj 用行動支付Apple Pay買東西 想退款「竟沒紀錄」！網曝這1物成關鍵 https://tech.udn.com/tech/story/123154/7889649 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 前安全工程師因攻擊兩家DEX竊取超1200萬美元加密貨幣被判3年監禁，系首例針對智能合約駭客攻擊的定罪案件 https://news.cnyes.com/news/id/5523626 美國駭客入侵DEX遭判三年監禁、500萬鎂罰款 https://www.blocktempo.com/shakeeb-ahmed-convicted-for-hacking-crypto-smart-contracts/ Synthetix將向參與治理的社區用戶空投PYTH，需在4月22日之前填表 https://news.cnyes.com/news/id/5523627 以色列伊朗隨時開戰！比特幣下撞6.5萬、以太坊重挫12%，全網爆倉超9.2億鎂 https://www.blocktempo.com/the-israel-iran-war-could-start-at-any-time-bitcoin-plummeted-by-65000/ Linea生態Meme項目Foxy已開放空投申領；Binance新幣挖礦上線Omni Network https://news.cnyes.com/news/id/5523466 「比特幣狂人」阿根廷總統形象大反轉！要強制監管境內交易商遭砲轟 https://www.blocktempo.com/javier-mileis-stance-on-bitcoin-changed-after-taking-office-as-argentinas-president/ 以太坊下次升級為何會納入EIP-3074？它與ERC-4337有什麼區別 https://m.cnyes.com/news/id/5523851 FTX清算錢包成「下跌指標」？精準在暴跌前將2500 ETH存入交易所 https://www.blocktempo.com/ftx-liquidation-wallet-became-falling-indicator-2500-eth-was-deposited-into-cex-before-last-night-dump/ Ex-Security Engineer Jailed 3 Years for $12.3 Million Crypto Exchange Thefts https://thehackernews.com/2024/04/ex-security-engineer-jailed-3-years-for.html 中美兩國在比特幣減半前爭奪比特幣霸主地位，比特幣價格延後減半前漲勢 https://reurl.cc/9vZVWv 開發動能爆發！ETHTaipei 2024：70支隊伍競逐百萬獎金，匿名交友、隱私轉帳服務成亮點 https://www.blocktempo.com/the-second-ethtaipei-concluded-successfully/ OKX Web3 最新發布：鏈上防釣魚安全交易指南 https://blockcast.it/2024/04/16/okx-how-to-safeguard-web3-wallet-from-fraudsters/ ZachXBT：Prisma團隊正尋求一切可能的法律途徑，敦促攻擊者歸還資金 https://news.cnyes.com/news/id/5527075 經區塊鏈分析師展開調查後，可能會揪出 Prisma Finance 駭客 https://www.fxstreet.hk/news/jing-qu-kuai-lian-fen-xi-shi-zhan-kai-diao-cha-hou-ke-neng-hui-jiu-chu-prisma-finance-hai-ke-202404170152 CertiK：Q1共發生224起安全事件，其中47起事件中駭客將共計2.2億美元資金直接發往CEX https://news.cnyes.com/news/id/5529612 Haker Euler Finance odsyła 51 000 skradzionych eterów z powrotem do protokołu https://www.binance.com/pl/square/post/348427 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 趨勢科技公佈勒索病毒集團LockBit犯罪細節讓駭客無所遁形 http://compotech.com.tw/a/press/2024/0416/57381.html 趨勢科技指出 LockBit 集團 持續開發 Lockbit-NG-Dev 病毒 https://udn.com/news/story/7240/7902093 2023 多重勒索軟體攻擊激增　製造業在台灣受影響最深 https://www.netadmin.com.tw/netadmin/zh-tw/snapshot/E27355EAF7D949BFB5B229EE833A0920#google_vignette 駭客組織TA558發動攻擊行動SteganoAmor，透過Office方程式編輯器漏洞散布惡意軟體 https://www.ithome.com.tw/news/162365 聯合國機構傳出遭遇勒索軟體8Base攻擊，大量資料遭竊 https://www.ithome.com.tw/news/162407 惡意軟體OfflRouter鎖定烏克蘭政府機關，透過VBA巨集感染受害電腦 https://blog.talosintelligence.com/offlrouter-virus-causes-upload-confidential-documents-to-virustotal/ 遭勒索軟體攻擊的健康保險服務業者UnitedHealth付出逾8億美元的代價 https://www.ithome.com.tw/news/162361 晶片製造商Nexperia傳出遭遇勒索軟體攻擊，該公司證實發生資料外洩 https://www.ithome.com.tw/news/162324 旅館集團Omni傳出遭到勒索軟體駭客組織Daixin攻擊 https://databreaches.net/omni-hotels-resorts-attack-in-march-now-claimed-by-daixin-team/ 駭客假借提供加密貨幣錢包Exodus應用程式，意圖散布惡意軟體FatalRAT https://cyble.com/blog/fatalrats-new-prey-cryptocurrency-users-in-the-crosshairs/ SaaS應用系統及雲端服務供應商遭到駭客團體Muddled Libra鎖定，竊取相關資料入侵目標企業組織 https://unit42.paloaltonetworks.com/muddled-libra-evolution-to-cloud/ 日本光學設備製造商Hoya傳出遭到勒索軟體駭客組織Hunters International攻擊，遭索討1,000萬美元贖金 https://www.ithome.com.tw/news/162283 駭客意圖操縱GitHub的搜尋功能，將其用於散布惡意軟體 https://checkmarx.com/blog/new-technique-to-trick-developers-detected-in-an-open-source-supply-chain-attack/ XZ Utils供應鏈攻擊再傳災情，以Rust打造的程式庫liblzma也遭植入後門程式 https://www.ithome.com.tw/news/162292 Popular Rust Crate liblzma-sys Compromised with XZ Utils Backdoor Files https://thehackernews.com/2024/04/popular-rust-crate-liblzma-sys.html Comprehensive Tria.ge import - Pro tip https://otx.alienvault.com/pulse/661c5aeb351e7ed1fd41dccd Backup from 03-28-24 - Systemd dump, malicious ssh and sshd files, libsystemd-vore libsystemd-shared plus supporting php files https://otx.alienvault.com/pulse/661db37bf549518bf6f7f377 Connect:fun: New exploit campaign in the wild targets media company https://www.forescout.com/blog/connectfun-new-exploit-campaign-in-the-wild-targets-media-company/ Obligatory hash dump for files submitted. but not processed on OTX https://otx.alienvault.com/pulse/6621872309f454a3d9ca765e Kapeka: A novel backdoor spotted in Eastern Europe https://labs.withsecure.com/publications/kapeka Malvertising campaign targeting IT teams with MadMxShell https://www.zscaler.com/blogs/security-research/malvertising-campaign-targeting-it-teams-madmxshell Request for verification - Production Archlinux delivering malware spiked systemd library https://otx.alienvault.com/pulse/66207a021131686c618c5239 Hive RAT Creators and $3.5M Cryptojacking Mastermind Arrested in Global Crackdown https://thehackernews.com/2024/04/hive-rat-creators-and-35m-cryptojacking.html Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware https://thehackernews.com/2024/04/critical-atlassian-flaw-exploited-to.html TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks https://thehackernews.com/2024/04/ta558-hackers-weaponize-images-for-wide.html Recover from Ransomware in 5 Minutes—We will Teach You How! https://thehackernews.com/2024/04/recover-from-ransomware-in-5-minuteswe.html Akira Ransomware Gang Extorts $42 Million; Now Targets Linux Servers https://thehackernews.com/2024/04/akira-ransomware-gang-extorts-42.html Hackers Target Middle East Governments with Evasive "CR4T" Backdoor https://thehackernews.com/2024/04/hackers-target-middle-east-governments.html OfflRouter Malware Evades Detection in Ukraine for Almost a Decade https://thehackernews.com/2024/04/offlrouter-malware-evades-detection-in.html Recover from Ransomware in 5 Minutes—We will Teach You How https://thehackernews.com/2024/04/recover-from-ransomware-in-5-minuteswe.html New Android Trojan 'SoumniBot' Evades Detection with Clever Tricks https://thehackernews.com/2024/04/new-android-trojan-soumnibot-evades.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 iPhone突收到「Apple ID驗證通知」最好不要點！蘋果公司發布「威脅通知」…全球92國家受害 https://www.storm.mg/lifestyle/5087166 Apple Watch耗電災情曝！蘋果用戶「卡更新」榨乾電量 網提1方法暫時解決 https://tech.udn.com/tech/story/123152/7897693 Trust Wallet：蘋果手機iMessage存高危零日漏洞，可被駭客利用入侵 https://news.cnyes.com/news/id/5525656 聲稱 iMessage 存在零日漏洞、加密幣用戶受威脅，Trust Wallet 遭批散播恐慌 https://blockcast.it/2024/04/16/trust-wallet-warns-ios-users-of-high-risk-imessage-exploit-urges-disabling-imessages-immediately/ 安卓用戶快檢查手機！「3款聊天App」夾藏惡意程式　駭客看光個資 https://www.nownews.com/news/6407915 警方也吃驚！駭客遠端操控手機 盜款後刪WhatsApp證據 https://reurl.cc/6vyNnZ 網路犯罪份子企圖利誘電信業者T-Mobile、Verizon員工成幫兇，要求參與SIM卡挾持攻擊 https://www.ithome.com.tw/news/162406 Chinese-Linked LightSpy iOS Spyware Targets South Asian iPhone Users https://thehackernews.com/2024/04/chinese-linked-lightspy-ios-spyware.html New Android Trojan 'SoumniBot' Evades Detection with Clever Tricks https://thehackernews.com/2024/04/new-android-trojan-soumnibot-evades.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 AI讓網路攻擊自動化！ 全球攻擊增50% 台灣科技、製造和營建業遭鎖定 https://reurl.cc/Ej2GYn AI強化網攻 巴黎奧運面對更嚴峻挑戰 https://www.rti.org.tw/news/view/id/2202729 資安沒他們不行！白帽駭客內幕大揭密，抵禦「黑魔法」、找Bug要先知法試法 https://www.bnext.com.tw/article/78766/ethical-hacker Ready or Not 開發人員確認它最近被駭客入侵了 https://www.gamereactor.cn/ready-or-not-developer-confirms-it-was-hacked-recently-771143/ 「Volt Typhoon」給關鍵基礎設施相關組織的啟示 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11038 科技大廠接連被駭！台灣資安危機連環爆　專家：資安工程師將成搶手人才 https://tw.nextapple.com/finance/20240412/B5DAA94E77B62F838B9BB7CFB6F81422 網路駭客攻擊 聯合再生：產線設備無影響已復工生產 https://udn.com/news/story/7240/7894183 台美智庫合辦研討會 籲串聯印太對抗中國網路威脅 https://www.rti.org.tw/news/view/id/2202790 日本軍事佈局 封住共軍進入太平洋通路 https://www.soundofhope.org/post/806791?lang=b5 針對微軟1月遭駭，CISA下命聯邦機構清查受到波及的情況 https://www.ithome.com.tw/news/162320 FBI：中國駭客已入侵美國23基建公司　毀滅性攻擊隨時爆發 https://reurl.cc/aq51OZ 美FBI兩年前已警告英國「注意駭客」 英國政府隱瞞！議員不滿要政府解釋！ https://reurl.cc/Rq6v8z 美日菲攜手強化資安情資共享 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11034 美日韓東海聯演 嚇阻潛在對手 https://www.ydn.com.tw/news/newsInsidePage?chapterID=1667563&type=international 俄駭客入侵微軟電郵 竊美政府通訊內容 https://www.ydn.com.tw/news/newsInsidePage?chapterID=1667564&type=international 北馬其頓為第一個採納國家衛生安全行動計畫的西巴爾幹國家 https://today.line.me/tw/v2/article/EX7mjPY 美揭駭客「伏特颱風」有中政府背景 北京回批栽贓換預算 https://www.worldjournal.com/wj/story/121339/7902212 對抗中國經濟威脅 戴琪：通過新301條款行動等貿易工具 https://www.rti.org.tw/news/view/id/2202840 疑似俄羅斯駭客攻擊德州水設施 美國加強網絡防禦 https://www.edigest.hk/1272790/?utm_campaign=ED_ContentCopy&utm_source=Web-inventory&utm_medium=Content-Copy_ED 俄羅斯駭客組織Sandworm鎖定西方國家水利設施發動攻擊 https://www.ithome.com.tw/news/162384 美控中國駭客潛入基礎設施 待適當時機發動攻擊 https://www.cna.com.tw/news/aopl/202404190040.aspx FBI局長批陸把關鍵基礎設施當作網路行動的「可獵取目標」 https://www.chinatimes.com/realtimenews/20240419001799-260409?ctrack=pc_main_rtime_p02&chdtv 美國國家安全局：中國試圖入侵美國關鍵基礎設施 https://cn.nytimes.com/usa/20240418/china-cyber-us-infrastructure/zh-hant/ 中共79號文件曝光：2027年前清除美國科技 https://www.ntdtv.com/b5/2024/03/09/a103860333.html 德國逮捕2俄諜計劃攻擊美軍基地 德外長召見俄大使 https://www.cna.com.tw/news/aopl/202404180404.aspx 荷蘭軍情安全局指中國間諜全面獵捕荷蘭先進技術 https://n.yam.com/Article/20240419599456#google_vignette 馬來西亞將擬訂「半導體產業戰略藍圖」，盼續成為全球首選投資目的地 https://www.trade.gov.tw/Pages/Detail.aspx?nodeid=45&pid=782189 南海局勢升溫，菲律賓遭遇中國駭客攻擊事故增加3倍 https://www.resecurity.com/blog/article/misinformation-and-hacktivist-campaigns-target-the-philippines-amidst-rising-tensions-with-china Iranian MuddyWater Hackers Adopt New C2 Tool 'DarkBeatC2' in Latest Campaign https://thehackernews.com/2024/04/iranian-muddywater-hackers-adopt-new-c2.html U.S. Treasury Hamas Spokesperson for Cyber Influence Operations https://thehackernews.com/2024/04/us-treasury-hamas-spokesperson-for.html Russian APT Deploys New 'Kapeka' Backdoor in Eastern European Attacks https://thehackernews.com/2024/04/russian-apt-deploys-new-kapeka-backdoor.html 【總公司】資安人員 https://www.104.com.tw/job/8an6i?jobsource=google_faq 台中 資安專員 https://www.104.com.tw/job/8apof?jobsource=salary_job 資安治理專業人員_I00016355 https://www.104.com.tw/job/88qky?jobsource=apply_analyze 資圖中心資訊組資安專章計畫人員 https://job.taiwanjobs.gov.tw/internet/index/JobDetail.aspx?EMPLOYER_ID=425187&HIRE_ID=12708323&R2=5 資安人員 https://www.104.com.tw/job/8awe0?jobsource=n104bank2 資安工程師 https://www.104.com.tw/job/82ze6?jobsource=n104bank2 資安專員 https://www.1111.com.tw/job/130208298/ 新加坡科技業薪資縮水，但資料科學家逆勢漲薪 11.3% https://technews.tw/2024/04/17/singapore-tech-salaries-mostly-fell-in-2023-but-these-jobs-saw-wages-jump/ 資訊安全資深工程師 https://job.taiwanjobs.gov.tw/internet/index/jobDetail.aspx?R2=15&EMPLOYER_ID=44531&HIRE_ID=12695649 D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 中資荷蘭晶片製造商遭駭客攻擊 據報蘋果、華為等客戶海量數據被竊 https://reurl.cc/EjKWDA 串流媒體商Roku(ROKU.US)：逾50萬帳號受駭客攻擊 查獲400單盜用購物 http://www.aastocks.com/tc/usq/news/comment.aspx?source=AAFN&id=NOW.1342023&catg=1 青青賣出76萬IG帳號！「辣照全清空」吐切割真相…昔開價數字曝光 https://www.setn.com/News.aspx?NewsID=1453391 U.S. Federal Agencies Ordered to Hunt for Signs of Microsoft Breach and Mitigate Risks https://thehackernews.com/2024/04/us-federal-agencies-ordered-to-hunt-for.html 網傳「接到陌生電話不要先講話，不出聲要直接掛掉，AI會蒐集民眾聲音」 https://tfc-taiwan.org.tw/articles/10481 麥擱卡阿！個資意識調查：民眾最不滿資料用於行銷 https://reurl.cc/QRpmg2 美國土安全部紅鉤計劃 打擊中國人禮品卡詐騙 https://reurl.cc/bV6aj3 打詐與洗錢防制實務研討會　司法官學院與政院洗防辦跨機關對話 https://news.owlting.com/articles/664914 越南駭客組織鎖定亞洲、東南亞用戶，利用惡意程式RotBot、XClient竊取資料 https://www.huidu.io/en/news/16019 前 NCC 委員驚爆當詐騙集團門神！隻手掩護不法「黑莓卡」 https://www.inside.com.tw/article/34767-former-ncc-commissioner-rumored-to-be-the-keeper-of-a-fraud-syndicate 電信商成為透過簡訊傳送動態密碼的破口！駭客對思科身分驗證服務Duo合作電信業者發動網路攻擊，竊取部分雙因素驗證資訊 https://www.ithome.com.tw/news/162325 微軟某 Azure 伺服器竟無密碼保護！員工密碼憑證恐怕洩光光 https://infosecu.technews.tw/2024/04/17/microsoft-left-internal-passwords-exposed-in-latest-security-blunder/ 資安不容忽視！生成式AI加速網攻進程 2023身分詐欺TOP5曝光 https://reurl.cc/8vyqVj 駭客稱要賣所竊Change Healthcare個資 https://reurl.cc/4ryQMK 以免費IP位址掃描工具軟體為誘餌意圖吸引IT團隊上當，駭客組織FIN7鎖定美國某家汽車製造商發動網路釣魚攻擊 https://www.ithome.com.tw/news/162391 小心語音網路釣魚！駭客冒充LastPass客服，意圖用誘騙用戶密碼庫資料 https://www.ithome.com.tw/news/162411 FIN7 Cybercrime Group Targeting U.S. Auto Industry with Carbanak Backdoor https://thehackernews.com/2024/04/fin7-cybercrime-group-targeting-us-auto.html 詐騙分子出新招! 駭客遠程開銀行APP匯款 事主:警方看了也驚訝 https://www.sinchew.com.my/news/20240418/nation/5543139 點連結「27萬訂閱」遭盜　名師李天豪控有詐 https://news.tvbs.com.tw/local/2460152 網紅「木星人」YT曾被盜用　寄信奪回帳號 https://news.tvbs.com.tw/local/2460144 英警取締網絡釣魚服務商LabHost 全球拘37人受害者達7萬 https://reurl.cc/4ryQ9D TikTok前員工證實 每14天向北京傳送美用戶個資 https://reurl.cc/Gjde7A 網傳「曼谷8.5級地震的影片不要打開，立即刪除，是勒索病毒」 https://tfc-taiwan.org.tw/articles/10496 接陌生電話別出聲避AI搜集？查核中心：人聲不易模擬無須太防備 https://www.cna.com.tw/news/ahel/202404170031.aspx 北韓駭客組織Kimsuky濫用DMARC從事網路釣魚攻擊 https://www.proofpoint.com/us/blog/threat-insight/social-engineering-dmarc-abuse-ta427s-art-information-gathering 登入VPN遠端存取別再用簡單或共用密碼！7個廠牌的設備或服務遭到大規模暴力破解攻擊 https://www.ithome.com.tw/news/162367 串流網路電視業者Roku遭遇帳號填充攻擊，57萬用戶恐受波及 https://www.ithome.com.tw/news/162370 新型態漏洞LeakyCLI恐曝露AWS及Google Cloud帳密 https://www.ithome.com.tw/news/162362 伊朗駭客MuddyWater採用外流的電子郵件帳號發動網釣攻擊，透過遠端管理工具控制受害電腦 https://www.ithome.com.tw/news/162308 全國金融機構去年阻詐75億創新高 投資詐騙金額最高警籲慎防 https://reurl.cc/bVz92y FTC Fines Mental Health Startup Cerebral $7 Million for Major Privacy Violations https://thehackernews.com/2024/04/ftc-fines-mental-health-startup.html Muddled Libra Shifts Focus to SaaS and Cloud for Extortion and Data Theft Attacks https://thehackernews.com/2024/04/muddled-libra-shifts-focus-to-saas-and.html AWS, Google, and Azure CLI Tools Could Leak Credentials in Build Logs https://thehackernews.com/2024/04/aws-google-and-azure-cli-tools-could.html Global Police Operation Disrupts 'LabHost' Phishing Service, Over 30 Arrested Worldwide https://thehackernews.com/2024/04/global-police-operation-disrupts.html Malicious Google Ads Pushing Fake IP Scanner Software with Hidden Backdoor https://thehackernews.com/2024/04/malicious-google-ads-pushing-fake-ip.html E.研究報告/工具 生成式AI時代駭客威脅加劇！該如何抵抗和避免資安危機與個資外洩風險 https://reurl.cc/3X1pEM vCenter Server升級前的規劃 https://www.uuu.com.tw/Public/content/article/24/20240415.htm 北韓駭客利用新的「幻影DLL挾持」攻擊手法隱匿攻擊行蹤 https://www.darkreading.com/vulnerabilities-threats/dprk-exploits-mitre-sub-techniques-phantom-dll-hijacking-tcc-abuse How Attackers Can Own a Business Without Touching the Endpoint https://thehackernews.com/2024/04/showcasing-networkless-identity-attacks.html Code Keepers: Mastering Non-Human Identity Management https://thehackernews.com/2024/04/code-keepers-mastering-non-human.html AirDrop Forensics | by Kinga Kięczkowska https://eforensicsmag.com/airdrop-forensics-by-kinga-kieczkowska/ The 2038 Problem https://www.codereliant.io/the-2038-problem/ RUBYCARP: A Detailed Analysis of a Sophisticated Decade-Old Botnet Group https://sysdig.com/blog/rubycarp-romanian-botnet-group/ Takeaways from the Microsoft Exchange Online Intrusion Review https://material.security/blog/microsoft-online-exchange-intrusion-review Timing is Everything: The Role of Just-in-Time Privileged Access in Security Evolution https://thehackernews.com/2024/04/timing-is-everything-role-of-just-in.html Identity in the Shadows: Shedding Light on Cybersecurity's Unseen Threats https://thehackernews.com/2024/04/identity-in-shadows-shedding-light-on.html GenAI: A New Headache for SaaS Security Teams https://thehackernews.com/2024/04/genai-new-headache-for-saas-security.html How to Conduct Advanced Static Analysis in a Malware Sandbox https://thehackernews.com/2024/04/how-to-conduct-advanced-static-analysis.html F.商業 在 AI 時代中 F5 為界業唯一針對 API 保護、效付及最佳化提供安全解決方案 https://www.xfastest.com/thread-286915-1-1.html Google將在今年稍晚時候終止Google One訂閱方案額外提供的VPN服務 https://mashdigi.com/google-will-end-the-vpn-service-that-comes-with-google-one-subscription-plans-later-this-year/ F5 導入API程式碼測試和遙測分析 打造AI-ready的API安全解決方案 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11036 智慧資安科技 F5 MSSP 雲化代管 WAF 服務上線 https://www.unixecure.com/tw/news_new?urlQuery=OGZhNTNhNWYzODhkMjE3ODAzZDhkYmViYWE3NzE4NzY= 在 AI 與後量子新時代，半導體產業如何以駭客思維檢視供應鏈韌性、破解資安攻擊新維度 https://buzzorange.com/techorange/2024/04/16/2024h1-cybersecurity-combat-exercise-3/ Paradigm安全主管推出加密網路安全威脅資訊共享平台SEAL-ISAC https://news.cnyes.com/news/id/5528231 資策會MIC：AI發展帶來2類資安威脅 https://money.udn.com/money/story/5613/7905770?from=edn_newest_index 思科聯手Splunk 衝AI資安服務 https://ww2.money-link.com.tw/RealtimeNews/NewsContent.aspx?SN=5458134001&PU=0010#google_vignette 微軟：2款舊版Office軟體2025年10月終止支援 https://www.cna.com.tw/news/ait/202404180253.aspx 雲端災難復原商機大爆發 https://www.ithome.com.tw/voice/162426 七成營收來自遊艇 揮軍低軌衛星領域再添助力！工控走向客製化 攸泰通吃海陸空商機 https://www.wealth.com.tw/articles/50687f56-08c4-4ff6-9152-68f4ab00045b Sophos與Tenable合作推出新的託管式風險服務 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000689544_ZB34XNLH536A2O3P1W92W Cohesity為資料保護儲存服務導入Intel機密運算功能 https://www.ithome.com.tw/news/162374 SaaS應用程式備份保護服務商BackupLABS擴展應用範圍 https://www.ithome.com.tw/news/162375 AI Copilot: Launching Innovation Rockets, But Beware of the Darkness Ahead https://thehackernews.com/2024/04/ai-copilot-launching-innovation-rockets.html 疑似XZ Utils的軟體供應鏈攻擊手法再度出現，這次是鎖定OpenJS的JavaScript專案而來 https://www.ithome.com.tw/news/162357 OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt https://thehackernews.com/2024/04/openjs-foundation-targeted-in-potential.html MLCommons制定基準測試，可評估AI模型的安全性 https://www.ithome.com.tw/news/162372 D-Link停止支援的NAS設備，三天內已出現1百多起攻擊者嘗試利用的活動 https://www.ithome.com.tw/news/162302 G.政府 因應深偽詐騙科技犯罪 警大將設數位科技偵查研究中心 https://www.epochtimes.com/b5/24/4/12/n14224059.htm 台電新營區處與法務部調查局簽署MOU 遏止駭客攻擊守護供電穩定 https://times.586.com.tw/2024/04/670310/ 唐鳳出局...台灣資安頂尖專家 黃彥男將任數發部長：AI是人類共同發展夥伴 https://www.wealth.com.tw/articles/3da92c80-a243-4a73-a417-b62ecee99924 傳機密文件在暗網兜售 外交部：來源可疑涉偽造勿輕信 https://www.cna.com.tw/news/aipl/202404180348.aspx 外交部疑機密外洩 邦交國關係評估表遭暗網兜售 https://ec.ltn.com.tw/article/breakingnews/4645581 2邦交國亮黃燈機密文件被上網兜售　外交部：協調相關機關調查 https://www.upmedia.mg/news_info.php?Type=24&SerialNo=199800 傳暗網兜售外洩機密 外交部：勿輕信 https://reurl.cc/QR74vM 公務資料頻遭駭 專家︰機密應限制存取 https://news.ltn.com.tw/news/politics/paper/1641545 外交密件遭貼暗網兜售 王定宇：外交部要強化資安管理 https://today.line.me/tw/v2/article/j7mlqRa H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 無人機中製疑慮 監委：凸顯資安管理盲點促政院檢討 https://www.cna.com.tw/news/aipl/202404120031.aspx 國慶煙火用陸製無人機藏資安風險 監院要求政院檢討 https://udn.com/news/story/10930/7894387 美國針對三菱電機、Unitronics工業控制系統漏洞提出警告，並指出尚無可用的修補程式 https://www.darkreading.com/ics-ot-security/ics-network-controllers-open-to-remote-exploit-no-patches-available 思科針對基板管理控制器IMC漏洞提出警告，攻擊者有可能取得root權限 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-mUx4c5AJ TP-Link路由器漏洞遭濫用，6個殭屍網路病毒綁架大量網路設備，每日攻擊超過5萬次 https://www.ithome.com.tw/news/162385 殭屍網路病毒藉由TP-Link路由器漏洞CVE-2023-1389散布 https://www.fortinet.com/blog/threat-research/botnets-continue-exploiting-cve-2023-1389-for-wide-scale-spread Embedded World Attendees Spot Unannounced Raspberry Pi Monitor, AI Camera Products https://www.hackster.io/news/embedded-world-attendees-spot-unannounced-raspberry-pi-monitor-ai-camera-products-196e436d2d2b FIDO 力推 FDO 落實物聯網設備安全性 https://news.owlting.com/articles/666912 他山之石! 惡意工控軟體 Fuxnet 如何瞬間摧毀87000個工業感測器 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11042 主角就是你 買中國電動車恐遭「遠端偷拍」 https://www.mobile01.com/topicdetail.php?f=397&t=6946249 I.教育訓練 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 6.近期資安活動及研討會 Just a chat - with no Expectations 2024/4/20 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/lsmkqsygcgbbc/ Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/4/23 https://www.meetup.com/taiwan-code-camp/events/xfxtjtygcgbfc/ SyntaxError 2024/4/24 https://www.meetup.com/pythonhug/events/pqnsctygcgbgc/ 「強韌數位公民力量：從防禦到行動」雙報告發表沙龍 2024/4/24 "Strengthening Digital Civic Space in East Asia: From Defense to Action" Dual Report Release Seminar https://ocftw.kktix.cc/events/drights2 Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/4/24 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/299702416/ HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會 淡水 2024/4/25 https://www.meetup.com/hackingthursday/events/psspctygcgbhc/ 國際5G/6G技術發展趨勢動態觀察 2024/4/26 https://ievents.iii.org.tw/eventS.aspx?t=0&id=2380 iPAS-「初級」資訊安全工程師-能力研習衝刺班 2024/4/27、5/4 https://www.twcert.org.tw/tw/cp-105-7703-b5976-1.html ISA/IEC 62443工控系統資通安全解析及實務分析 2024/4/30 https://www.caa.org.tw/newsdetail-16334.html 【安碁學苑】資安職能培訓｜資訊安全工程師 2024/5/4 https://acsiacad.kktix.cc/events/6ebd7fbd-copy-3 Just a chat - with no Expectations 2024/4/27 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/lsmkqsygcgbkc/ 「工業自動化控制系統-資安指引」說明會 2024/5/10 https://www.tairoa.org.tw/column/bnGenerator.aspx?Language=zh-TW&CategoryId=5&ColumnId=13731 Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/5/22 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/299702425/ 【安碁學苑】資安職能培訓｜系統網路安全管理師 2024/5/24 https://acsiacad.kktix.cc/events/6ebd7fbd-copy-4 2024離島盃資安競賽 2024/5/25 https://shieldx.kktix.cc/events/outlying 資通安全概論--中區--考前複習班 2024/6/4 https://moltke.nccu.edu.tw/Registration/registration.do?action=conferenceInfo&conferenceID=X22767 Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/6/26 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/299702428/ Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/7/24 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/299702433/ AI應用系統開發與生成式AI應用人才培訓班第一梯次 2024/6/27 ~ 2024/8/9 https://www.accupass.com/event/2401100729511706489107 Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/8/28 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/299702435/