###### tags: `資安事件新聞週報` # 資安事件新聞週報 2024/4/1 ~ 2024/4/5 1.重大弱點漏洞/後門/Exploit/Zero Day Imperva Web Application Firewall Flaw Let Attackers Bypass WAF Rules https://gbhackers-com.cdn.ampproject.org/c/s/gbhackers.com/imperva-waf-flaw-bypass-security/amp/ Imperva 示警地端WAF嚴重漏洞可導致安全繞過 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11020 Fortinet Introduces Expansive Upgrades to its Real-Time Network Security Operating System to Empower Enterprises to Fortify Their Networks https://www.fortinet.com/tw/corporate/about-us/newsroom/press-releases/2024/fortinet-introduces-expansive-upgrades-to-real-time-network-security-operating-system Cisco 發布 IOS、IOS XE和AP軟體中的漏洞發布了安全更新 https://www.cisa.gov/news-events/alerts/2024/03/28/cisco-releases-security-updates-multiple-products https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75056 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-secureboot-bypass-zT5vJkSD 思科修補IOS與IOS XE的多個高風險漏洞 https://securityaffairs.com/161181/security/cisco-ios-and-ios-xe-software-flaws.html 零日漏洞利用率激增，商業間諜軟體是主要利用者 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11009 德國警告當地超過1.7萬臺Exchange伺服器曝露於已知漏洞風險 https://www.bleepingcomputer.com/news/security/germany-warns-of-17k-vulnerable-microsoft-exchange-servers-exposed-online/ Urgent: Secret Backdoor Found in XZ Utils Library, Impacts Major Linux Distros https://thehackernews.com/2024/03/urgent-secret-backdoor-found-in-xz.html 駭客鎖定XZ Utils庫發動供應鏈攻擊，差一點進入眾多主流Linux發行版的SSHD注入後門 https://www.ithome.com.tw/news/162040 XZ Utils庫驚爆後門，多個Linux版本受害！駭客可遠端取得系統控制權 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11015 震撼整個IT界的XZ程式庫遭植入後門事件，之所以浮上檯面純屬意外！快速了解這項危機的三大關鍵 https://www.ithome.com.tw/news/162130 Linux常用壓縮工具xz-utils被爆植入後門，多個發行版中招 https://www.mobile01.com/topicdetail.php?f=514&t=6940410 XZ Utils後門事件更新：那些Linux版本受影響 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11018 Malicious Code in XZ Utils for Linux Systems Enables Remote Code Execution https://thehackernews.com/2024/04/malicious-code-in-xz-utils-for-linux.html 韌體資安業者Binarly提供XZ Utils供應鏈攻擊的檢測工具 https://www.binarly.io/blog/xz-utils-supply-chain-puzzle-binarly-ships-free-scanner-for-cve-2024-3094-backdoor Urgent: Secret Backdoor Found in XZ Utils Library, Impacts Major Linux Distros https://thehackernews.com/2024/03/urgent-secret-backdoor-found-in-xz.html 使用SSHD連接到系統的用戶當心！因為駭客供應鏈攻擊鎖定XZ Utils庫植入隱密後門，多個Linux發行版受影響 https://www.ithome.com.tw/news/162040 Frequently Asked Questions About CVE-2024-3094, A Backdoor in XZ Utils https://www.tenable.com/blog/frequently-asked-questions-cve-2024-3094-supply-chain-backdoor-in-xz-utils CVE-2024-3094-checker https://github.com/FabioBaroni/CVE-2024-3094-checker XZ Utils SSHd Backdoor https://blog.qualys.com/vulnerabilities-threat-research/2024/03/29/xz-utils-sshd-backdoor xz Backdoor CVE-2024-3094 https://openssf.org/blog/2024/03/30/xz-backdoor-cve-2024-3094/ CVE-2024-3094-info https://github.com/byinarie/CVE-2024-3094-info How to detect xz-lib CVE-2024-3094 with Splunk® Enterprise https://community.splunk.com/t5/Splunk-Search/How-to-detect-xz-lib-CVE-2024-3094-with-Splunk-Enterprise/m-p/682485#M233159 New Linux Bug Could Lead to User Password Leaks and Clipboard Hijacking https://thehackernews.com/2024/03/new-linux-bug-could-lead-to-user.html Flashes: QRadar: Hosts with LUKS encryption cannot be upgraded to 7.5.0 Update Pack 8 https://www.ibm.com/support/pages/node/7142062 GoFetch新型側道攻擊可竊取蘋果CPU加密金鑰 https://reurl.cc/WRlNeZ CISA的Ivanti伺服器遭駭客入侵，10萬人恐遭到波及 https://cyberscoop.com/ivanti-linked-breach-of-cisa-potentially-affected-more-than-100000-individuals/ 人工智慧框架Ray漏洞遭到鎖定，攻擊者挾持運算能力挖礦、竊取機敏資料 https://www.bleepingcomputer.com/news/security/hackers-exploit-ray-framework-flaw-to-breach-servers-hijack-resources/ Linux核心元件Netfilter存在權限提升漏洞Flipping Pages https://pwning.tech/nftables/ 研究人員揭露WallEscape漏洞，攻擊者可對Linux電腦產生假的Sudo提示、竊取管理員密碼 https://www.bleepingcomputer.com/news/security/decade-old-linux-wall-bug-helps-make-fake-sudo-prompts-steal-passwords/ CVE-2024-1086 https://github.com/Notselwyn/CVE-2024-1086 CVE-2024-3094 https://www.tenable.com/cve/CVE-2024-3094 gentoo 202403-04: XZ utils: Backdoor in release tarballs https://www.tenable.com/plugins/pipeline/issues/167777-0 Hackers are already attacking this Microsoft SharePoint vulnerability, so patch now https://www.techradar.com/pro/security/hackers-are-already-attacking-this-microsoft-sharepoint-vulnerability-so-patch-now 2023年用於攻擊行動的零時差漏洞增加50% https://storage.googleapis.com/gweb-uniblog-publish-prod/documents/Year_in_Review_of_ZeroDays.pdf WordPress會員系統外掛程式存在高風險XSS漏洞，恐被用於指令碼注入攻擊 https://www.wordfence.com/blog/2024/04/unauthenticated-stored-cross-site-scripting-vulnerability-patched-in-wp-members-membership-plugin-500-bounty-awarded/ Critical Security Flaw Found in Popular LayerSlider WordPress Plugin https://thehackernews.com/2024/04/critical-security-flaw-found-in-popular.html New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks https://thehackernews.com/2024/04/new-http2-vulnerability-exposes-web.html Google fixes one more Chrome zero-day exploited at Pwn2Own https://www-bleepingcomputer-com.cdn.ampproject.org/c/s/www.bleepingcomputer.com/news/security/google-fixes-one-more-chrome-zero-day-exploited-at-pwn2own/amp/ Ivanti Rushes Patches for 4 New Flaws in Connect Secure and Policy Secure https://thehackernews.com/2024/04/ivanti-rushes-patches-for-4-new-flaw-in.html Microsoft fixes Outlook security alerts bug caused by December updates https://www.bleepingcomputer.com/news/security/microsoft-fixes-outlook-security-alerts-bug-caused-by-december-updates/ 2.銀行/金融/保險/證券/金融監理 新聞及資安 國泰銀行離譜的扣款流程（已確定是詐騙手法） https://www.mobile01.com/topicdetail.php?f=801&t=6938533 變種版Android 銀行木馬現蹤！假冒McAfee Security 防毒App竊個資 https://3c.ltn.com.tw/news/57591 假冒下載、安裝McAfee防毒軟體的名義，安卓金融木馬Vultur透過發出引誘SMS簡訊散播 https://blog.fox-it.com/2024/03/28/android-malware-vultur-expands-its-wingspan/ Vultur Android Banking Trojan Returns with Upgraded Remote Control Capabilities https://thehackernews.com/2024/04/vultur-android-banking-trojan-returns.html 竊資軟體Agent Tesla假借銀行付款通知散布 https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/agent-teslas-new-ride-the-rise-of-a-novel-loader/ 三竹啟用商用簡訊簡碼服務，首波由金融業上線 https://buzzorange.com/techorange/2024/04/02/sanzhu-launches-commercial-sms-code-service/ 金融業捍衛資安 連假備戰 https://money.udn.com/money/story/5613/7876587 歐盟執行電子發票交換指令(Directive 2014/55/EU)之情形 https://www.trade.gov.tw/Pages/Detail.aspx?nodeID=45&pid=781481 Vietnam-Based Hackers Steal Financial Data Across Asia with Malware https://thehackernews.com/2024/04/vietnam-based-hackers-steal-financial.html 3.信用卡/電子支付/行動支付/pay/支付系統/資安 出國行動支付也能通！跨國合作實現跨境支付 https://reurl.cc/qry883 「理論是可以」…他遊日本想不帶卡靠行動支付 網揭最慘下場 https://udn.com/news/story/120911/7872258 為何我們花這麼多錢？研究：支付方式增加太多 https://finance.technews.tw/2024/04/02/to-many-payments-let-people-overspending/ 街口拚轉型、全支付追市占、LINE Pay揭策略… 30家業者搶6400億商機 電子支付新爭霸賽開打 https://www.businesstoday.com.tw/article/category/183015/post/202404020034/ 街利存週歲給3%街口幣 全支付環島撒幣再出發 https://reurl.cc/RWadNe 行動支付、網購、代扣繳專用！6家銀行虛擬信用卡集合 https://reurl.cc/xLzDRe Visa warns of new JSOutProx malware variant targeting financial orgs https://www.bleepingcomputer.com/news/security/visa-warns-of-new-jsoutprox-malware-variant-targeting-financial-orgs/ 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 PeckShieldAlert：Lava被駭客攻擊已損失約34萬美元 https://news.cnyes.com/news/id/5508275 Immunefi：加密領域Q1因駭客攻擊和詐騙損失3.36億美元 https://news.cnyes.com/news/id/5507865 先前聲稱「欲退還資金」的Prisma Finance攻擊者開始將資金轉入Tornado Cash https://www.panewslab.com/zh_hk/sqarticledetails/cjvja8vwFt.html Prisma Finance其中一個攻擊者稱其行為系白帽救援，欲退還資金 https://www.panewslab.com/zh_hk/sqarticledetails/ly88ko0eFt.html 再質押專案Prisma遭洗門風，駭客要求團隊直播道歉、公開真實身份 https://abmedia.io/prisma-finance-hacker-defends-exploit Prisma攻擊者：團隊毫無悔意，很難退還資金，應舉行在線發布會致歉 https://news.cnyes.com/news/id/5508964 Atomic Wallet黑客从多个链上已盗取超1400万美元 https://www.binance.com/zh-TC/square/post/595804 虛假駭客封鎖帳戶 https://www.wikifx.com/zh/exposure/detail/202403309302609115.html 朝鮮如何竊取加密貨幣資助核計劃 https://news.owlting.com/articles/652330 數據：過去7天USDC流通量增加6億枚 https://www.panewslab.com/zh_hk/sqarticledetails/l27a9wi3Ft.html 麻吉大哥愛犬幣 BOBAOPPA 開盤 20 分鐘即暴跌，將募資所得 7 成 SOL 拿去質押 https://news.owlting.com/articles/652532 DEGEN第二季空投獎勵於今日上線；黃立成將Meme專案Bobaoppa預售籌集的SOL質押 https://www.panewslab.com/zh_hk/articledetails/5aes024zFt.html TRM Labs分析師：2023年TRON網路占加密領域非法交易量的45% https://news.cnyes.com/news/id/5509032 揭秘 Poloniex 駭客事件：1.25 億美元的搶劫震撼了加密世界 https://www.binance.com/zh-TC/square/post/1744947 3月因漏洞利用、駭客攻擊和退出詐騙而損失約7900萬美元 https://news.cnyes.com/news/id/5509155 某用戶買入BOBAOPPA虧損443枚SOL，而後又買入Rug項目MACHI虧損9.9枚SOL https://www.panewslab.com/zh_hk/articledetails/305w50pqFt.html Tornado Cash聯盟創Roman Storm尋求駁回洗錢等三項針對他的指控 https://www.panewslab.com/zh_hk/sqarticledetails/mldu8vpxFt.html 派盾：3月份加密貨幣領域因駭客攻擊損失約1.8729億美元，已追回約9880萬美元 https://news.cnyes.com/news/id/5509678 2024年Q1 Web3領域因駭客攻擊、釣魚詐騙和Rug Pull造成的總損失超過7.78億美元 https://news.knowing.asia/news/cdba51db-704b-47e3-91fd-c98b17d87ae8 幣安CEO秘密訪韓擬解決市場進入問題；Base網路昨DEX交易量創新高 https://www.panewslab.com/zh_hk/articledetails/ivazsm6iFt.html PlayDapp駭客攻擊報告：因域名欺騙郵件導致管理員私鑰被盜 https://news.cnyes.com/news/id/5509836 Tether加倉8888比特幣！總持倉破7.5萬枚、躍第7大BTC巨鯨 https://www.blocktempo.com/tether-bought-8888-btc-again/ 台中男買泰達幣遭丟包！報案被搶300萬　1嫌落網辯「交易糾紛」 https://tw.nextapple.com/local/20240401/D8FFC6BF44AAAC50D9252AC5BF492896 歐科雲鏈安全月報：3月安全事件全網累計造成損失約1.9億美元，REKT 事件損失佔25.11% https://www.panewslab.com/zh_hk/sqarticledetails/6mx5gvaqFt.html FixedFloat證實其再次遭遇攻擊：駭客利用其第三方服務中漏洞，公司和用戶資金未受影響 https://www.panewslab.com/zh_hk/sqarticledetails/b78pqo7gFt.html 兩個月內被同一駭客攻擊兩次！FixedFloat 又被盜 3 百萬美元 https://blockcast.it/2024/04/03/fixedflaot-suffers-3million-theft-sencond-attack-in-2-months/ 位元幣誕生前的嘗試：密碼朋克與加密無政府主義 https://big5.ftchinese.com/story/001102642?full=y 區塊鏈協議套接字從駭客事件中恢復了 1032 ETH https://reurl.cc/D4aNe5 一投資者在過去24小時內向Binance存入了30萬UNI，仍持有118萬UNI https://www.panewslab.com/zh_hk/sqarticledetails/gsq1jk2xFt.html Wormhole聯創Robinson Burkey推特賬號已被駭客攻擊，請勿點擊任何鏈接 https://news.cnyes.com/news/id/5513542 Wormhole或忘記將2022年盜取12萬枚ETH的駭客地址排除在空投範圍外 https://news.cnyes.com/news/id/5513585 美國政府又賣幣？20億美元的比特幣被轉移，6.5萬支撐位「壓力山大」 https://m.cnyes.com/news/id/5512538 Aerodrome 和 Velodrome DeFi 平台遭遇前端駭客攻擊 https://www.binance.com/zh-TC/square/post/697440147409 Upbit：由於Filecoin網路升級，將於4月11日17時暫停FIL充提 https://www.panewslab.com/zh_hk/sqarticledetails/29eur9sgFt.html 幣安新幣挖礦上線第51期計畫Saga（SAGA） https://www.panewslab.com/zh_hk/articledetails/spjki2twFt.html 質押核彈！合成美元穩定幣USDe年化近200％，如何賺取Ethena收入 https://www.blocktempo.com/the-annualized-interest-rate-of-usde-staking-is-as-high-as-35/ Ethena已支援比特幣作為USDe抵押資產 https://www.panewslab.com/zh_hk/sqarticledetails/er5van21Ft.html 韓國交易所 GDAC 熱錢包被駭！損失上千萬美元、占總資產 23% https://www.binance.com/zh-TC/square/post/404797 BCH區塊獎勵減半完成；Ellipsis Labs完成Paradigm領投的2000萬美元A輪融資 https://www.panewslab.com/zh_hk/articledetails/1be3km13Ft.html 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 殭屍網路的新玩法：利用安卓電視盒及智慧電視進行惡意活動 https://ithome.com.tw/pr/162059 駭客利用惡意廣告傳播竊資軟體，主要鎖定macOS使用者 https://thehackernews.com/2024/03/hackers-target-macos-users-with.html 駭客鎖定macOS使用者，利用惡意廣告、視訊會議傳播竊資軟體 https://www.jamf.com/blog/infostealers-pose-threat-to-macos/ 研究人員透過大型語言模型散布不存在的軟體套件 https://lasso-security.webflow.io/blog/ai-package-hallucinations 木馬程式Venom RAT透過大規模網釣攻擊拉丁美洲 https://blog.eclecticiq.com/darkgate-opening-gates-for-financially-motivated-threat-actors Mispadu Trojan Targets Europe, Thousands of Credentials Compromised https://thehackernews.com/2024/04/mispadu-trojan-targets-europe-thousands.html Hackers Target macOS Users with Malicious Ads Spreading Stealer Malware https://thehackernews.com/2024/03/hackers-target-macos-users-with.html PyPI Halts Sign-Ups Amid Surge of Malicious Package Uploads Targeting Developers https://thehackernews.com/2024/03/pypi-halts-sign-ups-amid-surge-of.html haul from the last two weeks of wrangling - presumed malware and IOC's found on my personal devices https://otx.alienvault.com/pulse/6605781ad51380e5b1c22815 January 2024 review of virus activity on mobile devices https://otx.alienvault.com/pulse/660a7b2d9f45d7a70b1a8fc1 Detecting Windows-based Malware Through Better Visibility https://thehackernews.com/2024/04/detecting-windows-based-malware-through.html Malicious Apps Caught Secretly Turning Android Phones into Proxies for Cybercriminals https://thehackernews.com/2024/04/malicious-apps-caught-secretly-turning.html Hackers Target macOS Users with Malicious Ads Spreading Stealer Malware https://thehackernews.com/2024/03/hackers-target-macos-users-with.html Mitigating malware and ransomware attacks https://www.ncsc.gov.uk/guidance/mitigating-malware-and-ransomware-attacks Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites https://thehackernews.com/2024/03/hackers-using-sneaky-html-smuggling-to.html More comprehensive upload of booty pirated over the last three weeks, from my personal devices https://otx.alienvault.com/pulse/660c76d65b4a79089548c791 New Latrodectus malware replaces IcedID in network breaches https://www.bleepingcomputer.com/news/security/new-latrodectus-malware-replaces-icedid-in-network-breaches/ B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 免費的永遠最貴！17款安卓VPN內藏惡意程式 手機成駭客跳板「Google強制下架」 https://news.pchome.com.tw/living/crwant/20240330/index-71176136731801316009.html 快刪28款App！恐成駭客幫兇 Google強制下架 https://www.chinatimes.com/realtimenews/20240330001523-260405?chdtv 28款APP慘遭駭客利用！用戶手機淪「犯罪中繼站」　專家急籲快刪 https://www.nownews.com/news/6394812 快檢查手機！資安公司示警「17款APP」內藏惡意程式：個資恐被賣「成駭客幫手」 https://www.storm.mg/lifestyle/5071719 17 款免費 VPN 內含惡意木馬 黑客偷用戶資料 被借用作 DDoS 攻擊 https://reurl.cc/A4o9qY 天下沒有白吃的午餐，VPN也是！有駭客打造17款假VPN App，安裝後成駭客發動惡意攻擊跳板 https://www.humansecurity.com/learn/blog/satori-threat-intelligence-alert-proxylib-and-lumiapps-transform-mobile-devices-into-proxy-nodes TikTok傳透過公關公司遊說立委求「公平待遇」 藍委證實收到信 https://news.ttv.com.tw/news/11303290032500N 加拿大安省4教育局起訴TikTok等 索賠45億 https://www.ntdtv.com.tw/b5/20240330/video/387237.html?%E5%8A%A0%E6%8B%BF%E5%A4%A7%E5%AE%89%E7%9C%814%E6%95%99%E8%82%B2%E5%B1%80%E8%B5%B7%E8%A8%B4TikTok%E7%AD%89%20%E7%B4%A2%E8%B3%A045%E5%84%84 別在機場充電！　資安專家曝「3大風險」：資料秒被盜走 https://www.ettoday.net/news/20240331/2710455.htm 你的手機被hack攻擊過嗎？三種方式保護你 https://reurl.cc/09LoZY 中華電信：已陸恢復服務，尚有37個基地臺待修復 https://www.ithome.com.tw/news/162131 蘋果App Store無法連線！音樂串流也斷線，3急救方法可嘗試 https://cava.tw/lifestyle/design&gadgets/250381 Malicious Apps Caught Secretly Turning Android Phones into Proxies for Cybercriminals https://thehackernews.com/2024/04/malicious-apps-caught-secretly-turning.html Google Warns: Android Zero-Day Flaws in Pixel Phones Exploited by Forensic Companies https://thehackernews.com/2024/04/google-warns-android-zero-day-flaws-in.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 Microsoft 提醒用戶 Gmail 將部分 Outlook 郵件列為垃圾信件（同場加映：臨時修復方案） https://www.kocpc.com.tw/archives/541495 奪走明華園總團粉專駭客行動了 孫翠鳳：拜託幫忙檢舉 https://udn.com/news/story/7315/7866774 復興商工美展首獎作者使用AI 資格遭取消 https://www.rti.org.tw/news/view/id/2200853 台灣加強網路防禦，積極推動後備通訊系統基礎建設及彈性以因應安全挑戰 https://reurl.cc/VNKa1b 馬英九訪中第一站參訪「大疆無人機」深圳總部，為何綠委批「向國際傳遞錯誤訊息」 https://www.thenewslens.com/article/200944 美國懸賞 1000 萬美元獎勵醫療保健駭客提供變革訊息 https://www.enigmasoftware.com/zh-hant/10-million-reward-offered-by-us-for-information-on-change-healthcare-hackers/ 尋找「BlackCat」駭客組織 國務院懸賞千萬 https://mobile.chinesedaily.com/plus/view.php?aid=694437 鎖定Linux與Ubuntu系統！中國APT駭客組織使用之XDealer惡意變種現蹤 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11019 中共駭客攻擊行動 已成世界公敵！埋下民族衝突火種！中共官僚體系普遍躺平 政權延續凶多吉少 https://www.youtube.com/watch?v=HtFED-ORBus 繼英美新西蘭後　比利時芬蘭指認北京為網絡攻擊幕後黑手 https://www.rfa.org/cantonese/news/attack-03292024122023.html 繼英美新西蘭後 比利時芬蘭指認北京網絡攻擊（多圖） https://renminbao.com/rmb/articles/2024/3/30/81748b.html 英國指控中國惡意網攻民主機構及國會議員，制裁2名中國公民及1家實體公司 https://www.trademag.org.tw/page/newsid1/?id=7899293&iz=2 西方圍剿中共黑客網戰 嚇阻三戰 https://www.epochtimes.com/b5/24/3/31/n14215323.htm 「全球网攻行动」持续14年？中共骇客帝国被爆光 国安部推出「警惕」微电影 https://www.soundofhope.org/post/803467 陸國安部喊話美英：停止對中國的汙蔑抹黑和網路攻擊 https://udn.com/news/story/7331/7871393 背後支持網路間諜犯眾怒 中國反嗆：我們才是最大受害者！ https://news.ltn.com.tw/news/world/breakingnews/4627690 反稱對方賊喊捉賊 中國反擊美國等多國網路攻擊指責 https://www.voacantonese.com/a/china-accuses-us-of-cyber-attacks-20240402/7553083.html 回應駭客事件 中國國安部中英雙語發文反擊 https://money.udn.com/money/story/5603/7872257 紐時：中國網軍假扮川粉攻擊拜登 北京干預手法變 https://www.cna.com.tw/news/aopl/202404010336.aspx 防機密外洩 美國眾院禁國會使用AI助理Copilot https://udn.com/news/story/6813/7867640 美國與以色列「空前的」情報共享在華盛頓招致批評 https://reurl.cc/lg8LeE 為納瓦尼之死報仇 俄羅斯駭客大鬧監獄網路 https://www.chinatimes.com/realtimenews/20240401004118-260408?ctrack=pc_world_headl_p02&chdtv 北約秘書長：北韓伊朗對俄軍事支持 將威脅全球安全 https://www.chinatimes.com/realtimenews/20240404002160-260408?chdtv 葛珮帆：數碼港資訊保安系統沒有做多重認證，屬於很低級保安錯誤 https://news.cnyes.com/news/id/5514085 阿爾巴尼亞政府宣布將成立特別委員會，以抵抗外國影響行動、打擊虛假資訊 https://www.euractiv.com/section/politics/news/albanian-government-to-create-commission-against-foreign-influence-disinformation/ 駭客入侵俄監獄商店為納瓦尼復仇 竄改標價竊數十萬筆囚犯資料 https://reurl.cc/67WpKy 美國五角大廈制訂國防工業基地的網路安全戰略 https://media.defense.gov/2024/Mar/28/2003424523/-1/-1/1/DOD_DOB_CS_STRATEGY_DSD_SIGNED_20240325.PDF 英國核電廠因網路安全稽核缺失遭到起訴 https://therecord.media/sellafield-site-prosecution-nuclear-facility-cybersecurity 美國政府批評微軟的安全文化不足才遭駭客入侵 https://www.ithome.com.tw/news/162123 美日菲將設聯合網路防護架構 防止中俄網攻 https://www.cna.com.tw/news/aopl/202404040009.aspx 美國有意「規範」國際太空競爭制定　白宮要NASA建立月球標準時間 https://www.hk01.com/article/1006747?utm_source=01articlecopy&utm_medium=referral 美網路安全委員會：中國駭入美高官電郵原可避免 https://money.udn.com/money/story/5599/7875341?from=edn_related_storybottom CISA針對緊急救援機構設立911網路安全資源中心 https://www.cisa.gov/news-events/news/safecom-and-ncswic-develop-911-cybersecurity-resource-hub 中國駭客組織APT41旗下團體利用名為Unapimon的工具迴避偵測 https://www.trendmicro.com/en_us/research/24/d/earth-freybug.html China-linked Hackers Deploy New 'UNAPIMON' Malware for Stealthy Operations https://thehackernews.com/2024/04/china-linked-hackers-deploy-new.html Indian Government Rescues 250 Citizens Forced into Cybercrime in Cambodia https://thehackernews.com/2024/04/indian-government-rescues-250-citizens.html U.S. Cyber Safety Board Slams Microsoft Over Breach by China-Based Hackers https://thehackernews.com/2024/04/us-cyber-safety-board-slams-microsoft.html 資安專員 https://www.104.com.tw/job/8abi1?jobsource=googlejobs 資安檢測工讀生 https://www.104.com.tw/job/8aal2?jobsource=n104bank2 資安專員 https://www.104.com.tw/job/80m4y?jobsource=salary_job 【專業支援】資安管理專業人員_I00000644 https://www.104.com.tw/job/86qpc?jobsource=m104 網絡工程師 https://www.104.com.tw/job/8aco6?jobsource=googlejobs 資安網管維護部經理 https://www.1111.com.tw/job/130198994/ 資安管理 https://www.104.com.tw/job/89rry?jobsource=keyword2Keyword 網頁全端工程師 https://www.104.com.tw/job/84jfx?jobsource=company_job 【資訊管理組】資安人員 https://www.104.com.tw/job/8aed3?jobsource=googlejobs 資安工程師 https://www.1111.com.tw/job/113008973/ 資安助理_Security Assistant https://www.104.com.tw/job/89g7n?jobsource=salary_job 臺灣學術網路危機處理中心-徵求網路安全管理師 https://www.104.com.tw/job/8aeay?jobsource=googlejobs 【資安所】資安專案管理師 https://www.104.com.tw/job/88vts?jobsource=google_faq [SW-301] 軟體資安工程師 https://www.104.com.tw/job/8ah5l?jobsource=googlejobs 資安稽核顧問 https://www.104.com.tw/job/862k0?jobsource=m_job_same_b 資訊安全工程師(弱點掃描)_資訊處(台北) https://www.104.com.tw/job/84u9w?jobsource=m_analysis_jobsame_b 113年度法務部調查局資安工作站高級資安分析師 2名、資安分析師2名甄選公告 https://www.mjib.gov.tw/news/Details/2/985 D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 駭客入侵7高中校務系統 教育部清查26校學習歷程 https://www.cna.com.tw/news/ahel/202403290337.aspx 亞昕資訊股份有限公司資安事件聲明書 https://www.assota.com.tw/%E4%BA%9E%E6%98%95%E8%B3%87%E8%A8%8A%E8%81%B2%E6%98%8E%E6%9B%B8/ 7所高中遭駭客入侵「學生個資外洩」！教育部：學習檔案未遭竄改 https://www.ettoday.net/news/20240329/2709886.htm 駭客入侵7高中校務系統偷個資 教育部：學習歷程資料未遭刪改 https://news.ltn.com.tw/news/life/breakingnews/4624293 校務系統遭駭 2萬筆個資外洩 主要為1988、1989年出生 多分布於中彰投 連同家長姓名、電話看光光 https://www.chinatimes.com/newspapers/20240401000365-260110?chdtv 駭客竊取7校學生個資　教育部證實資安公司已收到勒索信 https://www.upmedia.mg/news_info.php?Type=24&SerialNo=198381 遭駭客入侵7校名單公布 教部：學習歷程有備份 https://www.rti.org.tw/news/view/id/2200754 被駭客盯上！7高中校務系統遭駭、個資外洩 教育部公布學校名單 https://udn.com/news/story/6885/7866995 駭客入侵未傷及學檔資料 4／12起開放申請入學上傳演練 https://reurl.cc/D4Gq4j 從7所高中校務系統遭駭事件看個人資料外洩的因應策略 https://reurl.cc/zl08Wa 亞昕資訊通報其校務行政系統遭駭而被勒索，教育部已確認7所高中受影響，將持續清查26校 https://www.gov.tw/News_Content_11_737953.html 教育部在3月29日公布了近期國內7 打詐「專屬商用簡訊短碼」登場！互動資通與三大電信業者完成串接 https://finance.technews.tw/2024/03/29/sms-scam/ 廣告商投放詐騙廣告海撈上億　老婦誤信融金條慘賠4千萬 https://www.mirrormedia.mg/story/20240329soc007 美國最大電信供應商AT&T再傳個資外洩 「暗網」可購買上近千萬個資 https://www.taiwannews.com.tw/zh/news/5133786 AT&T發生用戶個資外洩事件 多達7300萬人受影響 https://today.line.me/tw/v2/article/GgpqweQ?oaId=linetoday_tw&oapHash=GAOEb&oapContentOrder=6&utm_source=oa&utm_medium=TODAY&utm_campaign=202403310838&utm_term=1 7300萬用戶個資外洩 AT&T將提供免費信用監控 https://udn.com/news/story/6813/7867718 報稅季　國稅局列「12條騙術」呼籲民眾防詐騙 https://news.housefun.com.tw/news/article/538724417803.html 婦人誤信網路投資 蘆洲警及時阻詐 https://reurl.cc/eLq59x 針對中國資安業者安洵信息資料外流，研究人員發現該公司與更多駭客組織有關 https://www.recordedfuture.com/attributing-i-soon-private-contractor-linked-chinese-state-sponsored-groups 資安專家籲 檢視IT承包商能力 個資外洩頻傳 https://www.chinatimes.com/newspapers/20240401000371-260110?chdtv 個人資料外洩的因應策略 https://voicettank.org/20240401-2/ 華航再爆個資外洩，110 萬筆落入駭客手中！個資被偷，我們該怎麼應對 https://www.techbang.com/posts/114115-china-airlines-has-leaked-11-million-personal-information-in 捐款188元做公益？ 小心假公益之名遭騙取個資 https://today.line.me/tw/v2/article/oqWYv9N 被公司要求密碼設超難解16碼，員工用1舉動防忘 網噴笑：共創資安漏洞 https://reurl.cc/37GR6R 胡宇威驚曝「帳號慘遭駭客入侵」！傻眼喊：真的嚇了一大跳 https://today.line.me/tw/v2/article/1DRMe1M 認知作戰影片粗糙效果差 學者指中共改用「台灣內部聲音」操作 https://udn.com/news/story/7331/7872879?list_ch2_index MFA轟炸攻擊再現！但這次發生在蘋果密碼重設通知的場景 https://krebsonsecurity.com/2024/03/recent-mfa-bombing-attacks-targeting-apple-users/ 服飾連鎖品牌Hot Topic遭遇帳號填充攻擊，鎖定客戶忠誠度獎勵帳號下手 https://www.bleepingcomputer.com/news/security/retail-chain-hot-topic-hit-by-new-credential-stuffing-attacks/ 代購平臺PandaBuy傳出資料外洩，波及逾130萬用戶 https://www.bleepingcomputer.com/news/security/shopping-platform-pandabuy-data-leak-impacts-13-million-users/ 遊艇經銷商MarineMax遭遇網路攻擊，證實資料外洩 https://www.bleepingcomputer.com/news/security/yacht-retailer-marinemax-discloses-data-breach-after-cyberattack/ OWASP基金會證實資料外洩，起因是維基伺服器組態不當 https://owasp.org/blog/2024/03/29/OWASP-data-breach-notification.html 配置錯誤！OWASP示警約千份履歷可能外洩 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11022 詐騙4年增40億，台公私部門如何聯手護資安 https://futurecity.cw.com.tw/article/3390 【小心二次受騙】臉書詐騙廣告氾濫 假律師、假駭客狙擊受害者 https://today.line.me/tw/v2/article/YaPKmqL 眼見不一定為真，帳號被駭以假代真 https://www.ithome.com.tw/pr/162096 Google同意銷毀Chrome無痕模式的瀏覽資料 https://www.ithome.com.tw/news/162081 Google to Delete Billions of Browsing Records in 'Incognito Mode' Privacy Lawsuit Settlement https://thehackernews.com/2024/04/google-to-delete-billions-of-browsing.html Massive Phishing Campaign Strikes Latin America: Venom RAT Targeting Multiple Sectors https://thehackernews.com/2024/04/massive-phishing-campaign-strikes-latin.html AiTM Phishing with Azure Functions https://nicolasuter.medium.com/aitm-phishing-with-azure-functions-a1530b52df05 New Phishing Campaign Targets Oil & Gas with Evolved Data-Stealing Malware https://thehackernews.com/2024/04/new-phishing-campaign-targets-oil-gas.html E.研究報告/工具 駭客如何黑進我們的電腦和手機的 https://reurl.cc/g4KDyX 一篇看懂「雲端運算」是什麼：3大類型與優勢介紹 https://enterprise.fetnet.net/content/ebu/tw/epaper/tech/2024/2024_CloudComputing.html 資安四大重點一次看！2024 資安威脅趨勢報告摘要 https://mile.cloud/zh/resources/blog/security-trends-report-summary-all-in-one_722 AI評測指引草案預告 風險分4級企業可評估送測 https://www.fountmedia.io/article/215911 研究：「AI 幻覺」會捏造軟體套件造成安全隱憂 https://infosecu.technews.tw/2024/03/31/ai-bots-hallucinate-software-packages-and-devs-download-them/ 【Azure Blob Storage】使用物件複寫同步儲存體帳戶 https://www.charliewei.net/2024/03/azure-blob-storage-object-replication.html Azure Blob生命週期管理原則 https://www.uuu.com.tw/Public/content/article/24/20240401.htm 微軟Azure OpenAI與Fabric皆整合Neo4j圖資料庫，強化資料分析與AI應用 https://www.ithome.com.tw/news/162024 Use Logic App to monitor Application Gateway Backend Health https://techcommunity.microsoft.com/t5/azure-networking-blog/use-logic-app-to-monitor-application-gateway-backend-health/ba-p/4104759?fbclid=IwAR35D-MKBvLS_uQ0W4ZE73drV5YZwqijxvww0EZxvJbYPchs9WXxPk4EM9E_aem_AXG7NTpJAGsV6Us9cjVJvlOQUeoTa9yn6PfanMskKqEtDXX1KOgHVmm-AwZk1pA37EUtnBmVIDiIz0m4idr0yoLM Chrome將加入可阻擋cookie劫持的新功能 https://www.pcmag.com/news/google-to-fight-cookie-hijacking-with-encryption-keys-for-chrome-browser Chrome開始測試DBSC功能防禦Cookie劫持攻擊 https://www.ithome.com.tw/news/162126 Attack Surface Management vs. Vulnerability Management https://thehackernews.com/2024/04/attack-surface-management-vs.html Tapping into the potential of Memory Dump Emulation https://blahcat.github.io/posts/2024/01/27/tapping-into-the-potential-of-memory-dump-emulation.html How to manage OAuth risks at scale with Nudge Security https://www.nudgesecurity.com/post/how-to-manage-oauth-risks-at-scale-with-nudge-security The Golden Age of Automated Penetration Testing is Here https://thehackernews.com/2024/03/the-golden-age-of-automated-penetration.html Issue 1510709 (Type confusion in Harmony Set methods, leads to RCE) https://h0meb0dy.me/entry/Issue-1510709-Type-confusion-in-Harmony-Set-methods-leads-to-RCE Harnessing the Power of CTEM for Cloud Security https://thehackernews.com/2024/04/harnessing-power-of-ctem-for-cloud.html The Cost of Cyber Defense: CIS Controls IG1 https://www.cisecurity.org/insights/white-papers/the-cost-of-cyber-defense-cis-controls-ig1 Considerations for Operational Technology Cybersecurity https://thehackernews.com/2024/04/considerations-for-operational.html F.商業 從近期駭客攻擊案例檢視供應鏈！AWS 更新資安韌性觀念：「被打時不能被直搗黃龍，要快速止血和回神」 https://buzzorange.com/techorange/2024/03/29/aws-3/ CyberArk 推出業界首款以身分為中心安全瀏覽器 https://infosecu.technews.tw/2024/03/29/cyberark-browser/ 預防Cookie 竊取和連線接管攻擊! CyberArk 推出業以身分為中心的安全瀏覽器 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11010 IBM Guardium and FlashSystem: Fortifying Data with a Synergistic Cybersecurity Solution https://data-security.blog/2024/03/30/ibm-guardium-and-flashsystem-fortifying-data-with-a-synergistic-cybersecurity-solution/ 機器學習演算分析評估問卷　產出可提交管理層審查報告 第三方風險管理工具加持　供應鏈安全持續強化 https://www.netadmin.com.tw/netadmin/zh-tw/trend/68B7BC4DD3E740CD97F8D79036D0EDB6#google_vignette 超過5成企業在安全堆棧中部署超過10個以上單點解決方案 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11011 微軟公布多款改善生成式AI服務安全性的新工具，Prompt Shields率先亮相 https://azure.microsoft.com/en-us/blog/announcing-new-tools-in-azure-ai-to-help-you-build-more-secure-and-trustworthy-generative-ai-applications/ 微軟公布Windows 10付費延伸安全更新價格 https://www.ithome.com.tw/news/162134 G.政府 政府資安缺信譽 數位簽章難推 https://udn.com/news/story/7339/7865883?from=udn-catelistnews_ch2 台灣資安大聯盟成立！攜手促進資安產業發展 三黨團皆表支持 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11014 國防部：機敏專案廠商人員安全查核 1年排除38人 https://www.cna.com.tw/news/aipl/202403300163.aspx 補助成大設資安基地遭質疑 教部：因應數位轉型趨勢 https://reurl.cc/dL6LEV 成大設資安基地「把戰爭帶進校園」？　教育部回應了 https://www.ftvnews.com.tw/news/detail/2024330W0206 提升關鍵基礎設施資安實戰量能！成大揭牌大專院校首座資安基地 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11016 提升我國關鍵基礎設施資安實戰量能 成大資安基地揭牌 https://n.yam.com/Article/20240331495689#google_vignette 資安為名抗中 又拿不出配套 https://udn.com/news/story/8394/7867447 台灣資安人才不足　中山大學范俊逸呼籲：政府應提供優渥薪資　組國家隊整合資源 https://www.taiwannews.com.tw/zh/news/4964734 數位部推出部落格 讓政策技術接地氣 https://www.fountmedia.io/article/215974 教部被駭 新北教育資料平台藏隱憂 https://reurl.cc/mrEyaj 建立本土資安實力 資安大聯盟與立院對談探討解決方案 https://reurl.cc/bD0Wrv 資通安全聯防 日月光與高市調處簽合作備忘錄 https://www.tssdnews.com.tw/?FID=64&CID=731466#google_vignette 遭洽詢無人機「資安檢測」狀況？　資安院澄清：並無此事 https://www.ftvnews.com.tw/news/detail/2024331W0140 拒提供驗證清單？資安院：未參與無人機資安檢測 https://www.cna.com.tw/news/afe/202403310225.aspx 「去紅化」超嚴！資安檢測難過　我陷無人機空窗期 https://www.mnews.tw/story/20240331sot12010 羅森柏格5度訪台　蔡英文：盼台美在經貿、資安深化合作 https://tw.nextapple.com/politics/20240401/13D8881310D076192EA7EA1169A787CF 因應無人機侵擾 國防部：不聽警告打下來 https://anntw.com/articles/20240401-yf7T 教部公文系統當4天 卡到全大運 https://udn.com/news/story/6885/7871155 電子公文系統當4天修復 教育部：將確認62所大學是否受影響 https://www.chinatimes.com/realtimenews/20240402001541-260405?chdtv 揭數位身分證已花14.1億還喊卡 審計長：會請內政部做決策評估　 https://newtalk.tw/news/view/2024-04-02/914568 403強震國家級警報為何沒響？ 氣象署：預估震度低 https://www.ithome.com.tw/news/162114 民安10號演習磨練反制假訊息及強化資安 https://reurl.cc/zl02Gy 國防部長邱國正兒涉黃 國安局：疑個人雲端帳密遭駭 邱員2大過汰除 https://www.rti.org.tw/news/view/id/2201236 花蓮地震 唐鳳：強化國家通訊網路韌性續推3策略 https://www.fountmedia.io/article/216644 中醫大附醫智慧醫院安全再升級　全國首家醫院取得國際最高規資安 https://n.yam.com/Article/20240405292657#google_vignette H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 Dormakaba Locks Used in Millions of Hotel Rooms Could Be Cracked in Seconds https://thehackernews.com/2024/03/dormakaba-locks-used-in-millions-of.html 21款無人機資安過關 逾半報價增7倍 https://reurl.cc/yYzv2q 短短三天！TheMoon 駭客將 6 千台華碩路由器變成殭屍裝置 https://infosecu.technews.tw/2024/04/01/thousands-of-phones-and-routers-swept-into-proxy-service-unbeknownst-to-users/ TheMoon Botnet Resurfaces, Exploiting EoL Devices to Power Criminal Proxy https://thehackernews.com/2024/03/themoon-botnet-resurfaces-exploiting.html TheMoon惡意軟體變種肆虐！ 超過 6千台ASUS 路由器已被感染 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11008 「去紅化」超嚴！資安檢測難過　我陷無人機空窗期 https://www.mirrormedia.mg/external/mnews_20240331sot12010 製造業數位轉型 動力安全資訊：IT/OT資安須齊頭並進 https://n.yam.com/Article/20240401105765#google_vignette 威力工業攜手SECPAAS 加強工業網路安全 https://money.udn.com/money/story/11799/7870315 Tenable OT 加強國防部的運輸及車隊管理的網路安全 https://starshot.tw/2024/04/tenable-ot/ I.教育訓練 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 6.近期資安活動及研討會 Just a chat - with no Expectations 2024/4/6 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/299846641/ 中區(實體)--校園資安作業與外部審查實務 2024/4/8 https://tp2rc.tanet.edu.tw/node/790 Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/4/9 https://www.meetup.com/taiwan-code-camp/events/299906888/ 珈特科技 x Jamf：金融端點資安新紀元 2024/4/9 https://2023gettechnology.kktix.cc/events/financial-endpoint SyntaxError 2024/4/10 https://www.meetup.com/pythonhug/events/299928328/ 防駭侵資安講座 立即報名就抽千元7-11禮卷 2024/4/10 https://pumonetwork.kktix.cc/events/169a30ce 身分識別與存取控制防護實務 https://www.twcert.org.tw/tw/cp-105-7702-54eaf-1.html X-Range 演訓聯盟服務方案說明會 2024/4/11 https://csa.kktix.cc/events/ecc HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會 淡水 2024/4/11 https://www.meetup.com/hackingthursday/events/299949180/ Taipei DevOps User Group 7th Event, supported by Wankuma Alliance 2024/4/12 https://www.meetup.com/taipei-devops-user-group/events/299332370/ 資安稽核實務 2024/4/11-2024/4/12 https://moltke.nccu.edu.tw/Registration/registration.do?action=conferenceInfo&conferenceID=X22536 Just a chat - with no Expectations 2024/4/13 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/299985415/ Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/4/16 https://www.meetup.com/taiwan-code-camp/events/xfxtjtygcgbvb/ SyntaxError 2024/4/17 https://www.meetup.com/pythonhug/events/pqnsctygcgbwb/ 【安碁學苑】上市上櫃公司資安主題課程 2024/4/18 https://acsiacad.kktix.cc/events/6ebd7fbd-copy-5 HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會 淡水 2024/4/18 https://www.meetup.com/hackingthursday/events/psspctygcgbxb/ 資安技術實作坊：滲透測試 2024/4/19 https://www.accupass.com/event/2403260547255414967380 Just a chat - with no Expectations 2024/4/20 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/lsmkqsygcgbbc/ Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/4/23 https://www.meetup.com/taiwan-code-camp/events/xfxtjtygcgbfc/ SyntaxError 2024/4/24 https://www.meetup.com/pythonhug/events/pqnsctygcgbgc/ 「強韌數位公民力量：從防禦到行動」雙報告發表沙龍 2024/4/24 "Strengthening Digital Civic Space in East Asia: From Defense to Action" Dual Report Release Seminar https://ocftw.kktix.cc/events/drights2 Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/4/24 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/299702416/ HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會 淡水 2024/4/25 https://www.meetup.com/hackingthursday/events/psspctygcgbhc/ iPAS-「初級」資訊安全工程師-能力研習衝刺班 2024/4/27、5/4 https://www.twcert.org.tw/tw/cp-105-7703-b5976-1.html ISA/IEC 62443工控系統資通安全解析及實務分析 2024/4/30 https://www.caa.org.tw/newsdetail-16334.html 【安碁學苑】資安職能培訓｜資訊安全工程師 2024/5/4 https://acsiacad.kktix.cc/events/6ebd7fbd-copy-3 Just a chat - with no Expectations 2024/4/27 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/lsmkqsygcgbkc/ 「工業自動化控制系統-資安指引」說明會 2024/5/10 https://www.tairoa.org.tw/column/bnGenerator.aspx?Language=zh-TW&CategoryId=5&ColumnId=13731 Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/5/22 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/299702425/ 【安碁學苑】資安職能培訓｜系統網路安全管理師 2024/5/24 https://acsiacad.kktix.cc/events/6ebd7fbd-copy-4 2024離島盃資安競賽 2024/5/25 https://shieldx.kktix.cc/events/outlying 資通安全概論--中區--考前複習班 2024/6/4 https://moltke.nccu.edu.tw/Registration/registration.do?action=conferenceInfo&conferenceID=X22767 Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/6/26 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/299702428/ Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/7/24 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/299702433/ AI應用系統開發與生成式AI應用人才培訓班第一梯次 2024/6/27 ~ 2024/8/9 https://www.accupass.com/event/2401100729511706489107 Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/8/28 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/299702435/