###### tags: `資安事件新聞週報` # 資安事件新聞週報 2023/10/9 ~ 2023/10/13 1.重大弱點漏洞/後門/Exploit/Zero Day 美國針對Adobe Acrobat高風漏洞提出警告，已出現攻擊行動 https://www.securityweek.com/cisa-warns-of-attacks-exploiting-adobe-acrobat-vulnerability/ 微軟發佈10月份安全性公告 https://msrc.microsoft.com/update-guide/releaseNote/2023-oct Microsoft Releases October 2023 Patches for 103 Flaws, Including 2 Active Exploits https://thehackernews.com/2023/10/microsoft-releases-october-2023-patches.html Microsoft Warns of Nation-State Hackers Exploiting Critical Atlassian Confluence Vulnerability https://thehackernews.com/2023/10/microsoft-warns-of-nation-state-hackers.html Citrix 發布多個產品的安全更新 https://support.citrix.com/article/CTX579459/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20234966-and-cve20234967 Citrix NetScaler重大漏洞恐曝露敏感資料 https://support.citrix.com/article/CTX579459/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20234966-and-cve20234967 Citrix Devices Under Attack: NetScaler Flaw Exploited to Capture User Credentials https://thehackernews.com/2023/10/citrix-devices-under-attack-netscaler.html Cisco 發布多個產品的安全公告 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-apidos-PGsDcdNF Cisco Releases Urgent Patch to Fix Critical Flaw in Emergency Responder Systems https://thehackernews.com/2023/10/cisco-releases-urgent-patch-to-fix.html Security Bulletin: IBM QRadar SIEM includes components with known vulnerabilities https://www.ibm.com/support/pages/node/7049133?myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E Security Bulletin: IBM QRadar Use Case Manager app is vulnerable to using components with known vulnerabilities https://www.ibm.com/support/pages/node/7049126?myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E Threat Actors Actively Exploiting Progress WS_FTP via Multiple Attack Chains https://www.sentinelone.com/blog/threat-actors-actively-exploiting-progress-ws_ftp-via-multiple-attack-chains/ Critical Vulnerabilities: WS_FTP Exploitation https://www.huntress.com/blog/critical-vulnerabilities-ws_ftp-exploitation Atlassian修補DevOps協作平臺Confluence漏洞，已出現濫用弱點的攻擊行動 https://jira.atlassian.com/browse/CONFSERVER-92475 DevOps協作平臺Atlassian Confluence遭中國駭客鎖定，利用零時差漏洞提升權限 https://www.bleepingcomputer.com/news/security/microsoft-state-hackers-exploiting-confluence-zero-day-since-september/ https://twitter.com/msftsecintel/status/1711871732644970856 https://attackerkb.com/topics/Q5f0ItSzw5/cve-2023-22515/rapid7-analysis https://jira.atlassian.com/browse/CONFSERVER-92475 Nation-state Hackers Exploiting Confluence Zero-day Vulnerability https://cybersecuritynews.com/confluence-zero-day-vulnerability/ IZ1H9 Campaign Enhances Its Arsenal with Scores of Exploits https://www.fortinet.com/blog/threat-research/Iz1h9-campaign-enhances-arsenal-with-scores-of-exploits 程式庫Curl修補高風險漏洞 https://www.securityweek.com/critical-socks5-vulnerability-in-curl-puts-enterprise-systems-at-risk/ https://blog.qualys.com/vulnerabilities-threat-research/2023/10/05/curl-8-4-0-proactively-identifying-potential-vulnerable-assets https://curl.se/docs/CVE-2023-38545.html https://access.redhat.com/security/cve/cve-2023-38545 https://curl.se/docs/CVE-2023-38546.html https://access.redhat.com/security/cve/cve-2023-38546 Security Patch for Two New Flaws in Curl Library Arriving on October 11 https://thehackernews.com/2023/10/security-patch-for-two-new-flaws-in.html libcue Library Flaw Opens GNOME Linux Systems Vulnerable to RCE Attacks https://thehackernews.com/2023/10/libcue-library-flaw-opens-gnome-linux.html Two High-Risk Security Flaws Discovered in Curl Library - New Patches Released https://thehackernews.com/2023/10/two-high-risk-security-flaws-discovered.html SAP發布10月份例行更新 https://www.securityweek.com/sap-releases-7-new-notes-on-october-2023-patch-day/ Google發布Chrome 118，修補20個漏洞 https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html GNOME桌面環境的程式庫libcue存在高風險漏洞 https://thehackernews.com/2023/10/libcue-library-flaw-opens-gnome-linux.html 2.銀行/金融/保險/證券/金融監理 新聞及資安 金融業護資安…連假不鬆懈 金管會：做好四大防護 https://udn.com/news/story/7239/7494747?list_ch2_index The Art of Concealment: A New Magecart Campaign That’s Abusing 404 Pages https://www.akamai.com/blog/security-research/magecart-new-technique-404-pages-skimmer Magecart卡片側錄出現新手法，攻擊者濫用404錯誤訊息網頁盜取相關資料 https://www.akamai.com/blog/security-research/magecart-new-technique-404-pages-skimmer 逾50家越南銀行用戶遭安卓金融木馬GoldDigger鎖定 https://www.group-ib.com/blog/golddigger-fraud-matrix/ 3.信用卡/電子支付/行動支付/pay/支付系統/資安 行動支付綁定後遭盜刷 學者：發卡銀行可再精進作為 https://ec.ltn.com.tw/article/paper/1608814 電子支付走入共碼 台專家：特約店讓利恐難喬 https://www.epochtimes.com/b5/23/10/9/n14091526.htm 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 WSJ：哈瑪斯獲得「加密貨幣金援」千萬美元軍資，幣安已協助凍結 https://www.blocktempo.com/hamas-militants-behind-israel-attack-raised-millions-in-crypto/ 穩定幣Platypus遭攻擊，損失超200萬美元 https://news.cnyes.com/news/id/5346205 索拉納基金會高層宣布提出懸賞：關閉索拉納平台的人將有機會贏得 40 萬美元 https://reurl.cc/K3l1Om FTX案陪審團聽取Alameda公司員工會議的祕密錄音 https://big5.ftchinese.com/interactive/125680?exclusive Elliptic：FTX 被盜資金的洗錢活動可能與俄羅斯網路犯罪集團有關 https://zombit.info/elliptic-report-some-of-stolen-assets-ftx-hack-involvement-intermediary-russia-linked-groups/ FT仿盤Stars Arena已取回90%資產，審計後將重新推出 https://abmedia.io/stars-arena-recovered-90-of-lost-fund 免擔心開發者「藏後門」，無管理員金鑰的 DEX 才是未來 https://www.blocktempo.com/closing-the-backdoor-opened-by-the-god-mode-is-a-future-where-dex-without-administrator-keys/ PeckShield：穩定幣交易項目Platypus Finance疑遭駭客攻擊，損失約100萬美元 https://www.panews.io/zh_hk/sqarticledetails/666e417fFt.html Stars Arena駭客留言尋求合作處理被竊資金 https://www.binance.com/zh-TC/feed/post/2023-10-11-stars-arena-1308039 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 駭客假借提供WordPress外掛散布惡意軟體，從而建立管理員帳號並挾持網站 http://www.wordfence.com/blog/2023/10/backdoor-masquerading-as-legitimate-plugin/ 勒索軟體Hello Kitty程式碼被公布，有助於製作解密金鑰 https://www.ithome.com.tw/news/159201 惡意軟體QBot背後的駭客持續發動攻擊，散布勒索軟體Ransom Knight、後門程式Remcos https://blog.talosintelligence.com/qakbot-affiliated-actors-distribute-ransom/ 搜尋引擎提供的AI聊天機器人也成為散布惡意程式的管道！有人投放廣告對Bing Chat用戶散布惡意軟體 https://www.hcu.edu.tw/mp/mp/zh-tw/24DE9AF46FF74DF9A4E6AF5EC16AA9F5/CE9E0CDCDCC348F8ABBCBEC201EB0DF5 Dark Angels | ESXi Ransomware Borrows Code & Victimology From RagnarLocker https://www.sentinelone.com/blog/dark-angels-esxi-ransomware-borrows-code-victimology-from-ragnarlocker/ ToddyCat: Keep calm and check logs https://securelist.com/toddycat-keep-calm-and-check-logs/110696/ ShellBot DDoS Malware Installed Through Hexadecimal Notation Addresses https://asec.ahnlab.com/en/57635/ New APT Group Using Custom Malware to Attack Manufacturing & IT Industries https://cybersecuritynews.com/apt-group-custom-malware/ #StopRansomware: AvosLocker Ransomware (Update) https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-284a Leveraging a Hooking Framework to Expand Malware Detection Coverage on the Android Platform https://unit42.paloaltonetworks.com/hooking-framework-in-sandbox-to-analyze-android-apk/ QakBot Threat Actors Still in Action, Using Ransom Knight and Remcos RAT in Latest Attacks https://thehackernews.com/2023/10/qakbot-threat-actors-still-in-action.html 執行Linux作業系統的SSH伺服器遭到鎖定，駭客植入惡意程式ShellBot，並利用Hex編碼的IP位置迴避偵測 https://asec.ahnlab.com/en/57635/ ShellBot Uses Hex IPs to Evade Detection in Attacks on Linux SSH Servers https://thehackernews.com/2023/10/shellbot-uses-hex-ips-to-evade.html Microsoft Defender Thwarts Large-Scale Akira Ransomware Attack https://thehackernews.com/2023/10/microsoft-defender-thwarts-akira.html Researchers Uncover Malware Posing as WordPress Caching Plugin https://thehackernews.com/2023/10/researchers-uncover-malware-posing-as.html Ransomware attacks doubled year on year. Are organizations equipped to handle the evolution of Ransomware in 2023 https://thehackernews.com/2023/10/ransomware-attacks-doubled-year-on-year.html DarkGate Malware Spreading via Messaging Services Posing as PDF Files https://thehackernews.com/2023/10/darkgate-malware-spreading-via.html FBI, CISA Warn of Rising AvosLocker Ransomware Attacks Against Critical Infrastructure https://thehackernews.com/2023/10/fbi-cisa-warn-of-rising-avoslocker.html Malicious NuGet Package Targeting .NET Developers with SeroXen RAT https://thehackernews.com/2023/10/malicious-nuget-package-targeting-net.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 PEACHPIT: Massive Ad Fraud Botnet Powered by Millions of Hacked Android and iOS https://thehackernews.com/2023/10/peachpit-massive-ad-fraud-botnet.html 蘋果發布iOS 16.7.1、iPadOS 16.7.1，修補舊版裝置的零時差漏洞CVE-2023-42824、CVE-2023-5217 https://support.apple.com/HT213972 Google以Rust重寫Android裸機元件，進一步強化記憶體安全 https://www.ithome.com.tw/news/159204 中國駭客組織EvilBamboo鎖定臺灣安卓用戶下手，假借提供破解版Whoscall散布惡意程式 https://www.volexity.com/blog/2023/09/22/evilbamboo-targets-mobile-devices-in-multi-year-campaign/ C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 駭客入侵微軟SQL Server資料庫系統，目標是Azure雲端環境的虛擬機器 https://www.microsoft.com/en-us/security/blog/2023/10/03/defending-new-vectors-threat-actors-attempt-sql-server-to-cloud-lateral-movement/ 網路公司擋下歷來最大規模 DDoS，高峰達每秒 3.98 億次請求 https://technews.tw/2023/10/13/internet-companies-report-biggest-ever-denial-of-service-operation/ 微軟：中國部署大量帳號外宣 台灣受駭客攻擊居亞太第2 https://ec.ltn.com.tw/article/breakingnews/4456262 美國公布最常見的10種配置不當情況 https://www.cisa.gov/news-events/news/joint-advisory-top-cyber-misconfigurations-highlights-urgency-software-manufacturers-incorporate 100個駭客組織針對以巴衝突進行網路攻擊 https://thecyberexpress.com/cyber-war-in-the-israel-vs-palestine-conflict/ https://twitter.com/FalconFeedsio/status/1711868327486787831 https://thecyberexpress.com/israel-palestine-conflict-cyber-warfare-risk/ https://thecyberexpress.com/israel-hamas-war-ransomedvc-access-to-iran/ 中國駭客假借台積電的名義對半導體產業散布Cobalt Strike https://www.ithome.com.tw/news/159184 東南亞政府機關遭到駭客組織中國駭客Mustang Panda、Alloy Taurus、Gelsemium鎖定 https://thehackernews.com/2023/09/new-report-uncovers-three-distinct.html https://unit42.paloaltonetworks.com/stately-taurus-attacks-se-asian-government/ https://unit42.paloaltonetworks.com/alloy-taurus-targets-se-asian-government/ https://unit42.paloaltonetworks.com/rare-possible-gelsemium-attack-targets-se-asia/ 研究人員揭露聲援巴勒斯坦激進組織的加薩駭客Storm-1133 https://securityaffairs.com/152153/hacking/gaza-linked-hackers-argeting-israel.html 以色列衛星及工控系統遭到俄羅斯駭客鎖定 https://cybernews.com/cyber-war/russian-hacktivists-target-israel-industrial-control-system/ 英國選民資料在針對選舉監察機構的網路攻擊中被駭客入侵 https://blog.twnic.tw/2023/10/11/28566/ 以巴衝突從飛彈到資訊戰！駭客用 DDoS 癱瘓兩國網站，還發送假空襲警告誤導民眾 https://buzzorange.com/techorange/2023/10/11/israel-palestine-info-war/ HTTP/2 協定漏洞放大攻擊，多家業者統計最大 DDoS 攻擊流量皆創紀錄 https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487 https://www.ithome.com.tw/news/159221 https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps https://aws.amazon.com/security/security-bulletins/AWS-2023-011/ HTTP/2 Rapid Reset Zero-Day Vulnerability Exploited to Launch Record DDoS Attacks https://thehackernews.com/2023/10/http2-rapid-reset-zero-day.html Over 17,000 WordPress Sites Compromised by Balada Injector in September 2023 https://thehackernews.com/2023/10/over-17000-wordpress-sites-compromised.html Stayin’ Alive – Targeted Attacks Against Telecoms and Government Ministries in Asia https://research.checkpoint.com/2023/stayin-alive-targeted-attacks-against-telecoms-and-government-ministries-in-asia/ 臺灣生技產業、製造業、IT業者要小心！傳出有駭客組織針對這些產業從事網路間諜行動 https://www.ithome.com.tw/news/159220 Grayling: Previously Unseen Threat Actor Targets Multiple Organizations in Taiwan https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/grayling-taiwan-cyber-attacks Chinese Hackers Target Semiconductor Firms in East Asia with Cobalt Strike https://thehackernews.com/2023/10/chinese-hackers-target-semiconductor.html North Korea's Lazarus Group Launders $900 Million in Cryptocurrency https://thehackernews.com/2023/10/north-koreas-lazarus-group-launders-900.html Gaza-Linked Cyber Threat Actor Targets Israeli Energy and Defense Sectors https://thehackernews.com/2023/10/gaza-linked-cyber-threat-actor-targets.html Researchers Uncover Grayling APT's Ongoing Attack Campaign Across Industries https://thehackernews.com/2023/10/researchers-uncover-grayling-apts.html 以色列打資安戰　塔爾皮約計畫.8200部隊揭祕 https://news.cts.com.tw/cts/general/202310/202310112238454.html 南美洲國家蓋亞那政府機關遭到惡意程式DinodasRAT攻擊 https://www.welivesecurity.com/en/eset-research/operation-jacana-spying-guyana-entity/ 資安工程師 https://www.104.com.tw/job/84w48?jobsource=googlejobs 集保搶人才 釋出7大類職缺 預計招募30名新血助陣 https://news.cnyes.com/news/id/5343956 集保結算所獵才 共創數位金融生態圈 https://www.tssdnews.com.tw/?FID=64&CID=701492 資安工程師(FAE) https://www.linkedin.com/jobs/view/%E8%B3%87%E5%AE%89%E5%B7%A5%E7%A8%8B%E5%B8%AB-fae-at-ennoconn-corporation-3732531106/ D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 職場社群網站LinkedIn提供的市場行銷工具遭到濫用，駭客用於誘騙微軟帳號 https://cofense.com/blog/linkedin-smart-links-credential-phishing-campaign/ 資安警察：戀愛腦小心掉進網戀陷阱！帶你破解跨國詐欺犯的甜言蜜語 https://buzzorange.com/techorange/2023/10/12/security-police-take-you-through-the-sweet-talk-of-transnational-fraudsters/ 檢方確認我國2,357萬筆戶政資料流入暗網，兜售資料的駭客來自中國 https://www.ettoday.net/news/20231012/2600759.htm 全台戶籍個資流竄暗網！台男花5000枚USDT好奇買下，交易所「出金成鐵證」 https://www.blocktempo.com/taiwanese-man-spends-5000-on-the-dark-web-to-buy-complete-taiwanese-population-data/ 上網購買我國戶籍資料 工程師遭罰款 https://www.peoplenews.tw/articles/465f2c87f3 檢調認證 全台2300萬筆戶政資料外洩 專家：單靠買最貴軟體無法解決資安問題 https://reurl.cc/MyjKO3 向駭客購買台灣2300萬筆戶政資料 科技工程師繳50萬獲緩起訴 https://reurl.cc/blYKYd 檢調認證！全國2337萬個資遭盜賣流向大陸 陸籍駭客遭通緝 https://www.chinatimes.com/realtimenews/20231012001580-260402?chdtv 勒索軟體BianLian聲稱從加拿大航空竊得210 GB資料 https://www.bleepingcomputer.com/news/security/bianlian-extortion-group-claims-recent-air-canada-breach/ New Report: Child Sexual Abuse Content and Online Risks to Children on the Rise https://thehackernews.com/2023/10/new-report-child-sexual-abuse-content.html Cybercriminals Using EvilProxy Phishing Kit to Target Senior Executives in U.S. Firms https://thehackernews.com/2023/10/cybercriminals-using-evilproxy-phishing.html Google Adopts Passkeys as Default Sign-in Method for All Users https://thehackernews.com/2023/10/google-adopts-passkeys-as-default-sign.html 中國駭客ToddyCat鎖定亞洲電信業者，散布後門程式CurKeep https://blog.checkpoint.com/security/unveiling-stayin-alive-a-closer-look-at-an-ongoing-campaign-in-asia-targeting-telecom-and-governmental-entities/ Researchers Unveil ToddyCat's New Set of Tools for Data Exfiltration https://thehackernews.com/2023/10/researchers-unveil-toddycats-new-set-of.html 成為帳戶預設選項，Google 大力推動「密碼金鑰」取代密碼輸入 https://technews.tw/2023/10/11/google-is-making-passkeys-even-more-accessible-by-offering-them-as-the-default-option-across-google-accounts/ E.研究報告/工具 如何運用AI人工智慧協助SAP ERP資安權限管理 https://www.acl.com.tw/specialinfo/expert_paper.php?p_id=4285 資訊科技犯罪：資安戰爭開打！從心理測驗、交友軟體、廣告信&假新聞到選舉操控，駭客如何入侵你的真實生活 https://www.iread.com.tw/Detail/ProdDetail/B000685864 聰明AI也會有資安威脅？專家解析駭客如何入侵讓AI走鐘 https://vip.udn.com/vip/story/121938/7496714 Cybersecurity Law A graduate degree for working professionals https://www.law.umaryland.edu/academics/ms-in-law-program/landing-pages/cybersecurity-hacker-news/?_m=3n.009a.3168.kl0ao0dcsu.25ny New OS Tool Tells You Who Has Access to What Data https://thehackernews.com/2023/10/new-os-tool-tells-you-who-has-access-to.html GitHub's Secret Scanning Feature Now Covers AWS, Microsoft, Google, and Slack https://thehackernews.com/2023/10/githubs-secret-scanning-feature-now.html "I Had a Dream" and Generative AI Jailbreaks https://thehackernews.com/2023/10/i-had-dream-and-generative-ai-jailbreaks.html How to Guard Your Data from Exposure in ChatGPT https://thehackernews.com/2023/10/how-to-guard-your-data-from-exposure-in.html F.商業 為強化雲端基礎設施機密保護及配置管理自動化，基礎設施即程式碼工具新創Pulumi推出新的解決方案 https://www.ithome.com.tw/news/159247 GitHub帳密機敏資訊掃描功能範圍擴及AWS、微軟、Google、Slack https://github.blog/2023-10-04-introducing-secret-scanning-validity-checks-for-major-cloud-services/ 數聯資安啟動星鏈人才培育計畫，打造資安即戰力 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10734 助力小資機構資安弱點管理合規 中華資安推弱點通報平台VANS雲端方案 政府與企業資訊資產管理與弱點管理一次快速掌握 https://www.bnext.com.tw/article/76989/chtsecurity? 美國司法部對 Google 反壟斷 揭露 Apple 有意改用 Bing https://www.pcmarket.com.hk/%E7%BE%8E%E5%9C%8B%E5%8F%B8%E6%B3%95%E9%83%A8%E5%B0%8D-google-%E5%8F%8D%E5%A3%9F%E6%96%B7-%E6%8F%AD%E9%9C%B2-apple-%E6%9C%89%E6%84%8F%E6%94%B9%E7%94%A8-bing/ 軟體數位黑潮─台灣商用軟體上雲出海計畫 https://www.wealth.com.tw/articles/18d6decb-d789-4ad4-8c93-24c85ee23cb4 F5 透過投資開發與提升技術效能支援開源遙測項目 https://reurl.cc/4WdVrX 中華電信推動5G智慧海港 整合陸、海、空無人載具巡檢 https://udn.com/news/story/7240/7498466 安碁資訊 市場第一也是唯一的雲端資安公司 https://www.moneyweekly.com.tw/Magazine/Info/%e7%90%86%e8%b2%a1%e5%91%a8%e5%88%8a/130325 Google Chrome 將保護加密金鑰，以防止未來可能出現的量子電腦攻擊 https://blog.twnic.tw/2023/10/12/28576/ G.政府 強化公部門資料安全，26個A級機關完成導入T-Road https://www.cna.com.tw/news/afe/202310100027.aspx 提升產業資安防護力 數位部TIE展出12項創新技術 https://reurl.cc/blYKDE 成立一年詐騙卻增 21%，數位部有什麼政績 https://technews.tw/2023/10/12/moda-6/ 中選會：電子連署上線僅剩資安疑慮　估最快明年3月通過 https://www.ettoday.net/news/20231011/2600072.htm 公投電子連署系統 李進勇：明年2月決定上線時間 https://udn.com/news/story/6656/7499662 中選會：電子公投連署系統資安弱點已修復　預計明年2月送審 https://www.ettoday.net/news/20231012/2600769.htm 行政院及所屬機關（構）使用生成式AI參考指引 https://www.pthg.gov.tw/planra/News_Content.aspx?n=FC549E14BEC99123&sms=39F0C1E893AAD2D4&s=4F3215C6562B944E 資安危機！北市人臉、指紋打卡鐘遭爆中國製　綠議員：個資恐回傳中國 https://www.setn.com/News.aspx?NewsID=1366761 8單位生物辨識打卡用中製產品 北巿工務局：將請廠商供產地 https://news.pts.org.tw/article/661655 北市府差勤指紋、掃臉採中國製產品　議員：員工個資恐有暴露風險 https://www.ftvnews.com.tw/news/detail/2023A13L04M1 議員曝有8單位用中製生物特徵辨識打卡機　北市府：嚴格確認機台產地 https://www.upmedia.mg/news_info.php?Type=24&SerialNo=184585 唐鳳與以色列資安晶片公司交流 促應用合作 https://www.ctee.com.tw/news/20231012702000-430104 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 以IEC 62443-4-1為核心 企業可逐步落實SSDLC https://n.yam.com/Article/20231013148388 Supermicro's BMC Firmware Found Vulnerable to Multiple Critical Vulnerabilities https://thehackernews.com/2023/10/supermicros-bmc-firmware-found.html High-Severity Flaws in ConnectedIO's 3G/4G Routers Raise Concerns for IoT Security https://thehackernews.com/2023/10/high-severity-flaws-in-connectedios.html 中國億帆工業路由器曝露於重大層級漏洞，迄今尚未有修補程式 https://blog.talosintelligence.com/vulnerability-roundup-webkit-and-yifan-router/ 路由器漏洞遭到殭屍網路病毒Mirai變種鎖定 https://www.fortinet.com/blog/threat-research/Iz1h9-campaign-enhances-arsenal-with-scores-of-exploits 13個路由器漏洞遭到殭屍網路病毒Mirai鎖定 https://www.fortinet.com/blog/threat-research/Iz1h9-campaign-enhances-arsenal-with-scores-of-exploits D-Link無線網路訊號延伸器出現可被用於命令注入的漏洞 https://www.redteam-pentesting.de/en/advisories/rt-sa-2023-006/-d-link-dap-x1860-remote-command-injection 7萬臺安卓電視盒、平板電腦韌體被植入後門，流入美國低收入戶 https://www.humansecurity.com/learn/blog/badbox-peachpit-and-the-fraudulent-device-in-your-delivery-box BlackBerry將物聯網及網路安全業務拆分為兩家公司 https://www.ithome.com.tw/news/159155 https://www.blackberry.com/us/en/company/newsroom/press-releases/2023/blackberry-provides-project-imperium-update-and-announces-intention-to-separate-business-units https://seekingalpha.com/article/4639246-blackberry-stock-overpriced-spin-off-uncertainty 財團法人電信技術中心已通過TAICS物聯網資安-數據機、機上盒之實驗室認可 https://www.taics.org.tw/LatestASSForm.aspx?Type=2&Ass_id=13108 保華資安股份有限公司/智慧科技資安檢測實驗室已通過TAICS物聯網資安-影像監控系統安全CNS16120-1～-2、智慧音箱實驗室之認可 https://www.taics.org.tw/LatestASSForm.aspx?Type=2&Ass_id=13107 I.教育訓練 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 6.近期資安活動及研討會 國家高速網路與計算中心 平行計算程式設計基礎課程 2023/10/17 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4033&from_course_list_url=homepage Elixir Taiwan monthly meetup 2023/10/17 https://www.meetup.com/elixirtw-taipei/events/296057946/ 數位轉型-看見台灣數位競爭力 國際論壇暨成果發表會 2023/10/17 https://www.accupass.com/event/2309130748501529132371?utm_source=web&utm_medium=search_result_%E8%B3%87%E5%AE%89&utm_campaign=accu_e_ 台灣網路講堂「探索未來世代的網路隱私治理框架」座談會 2023/10/18 https://www.twsig.tw/20231018/ 國家高速網路與計算中心 三維空間資訊共構教育訓練 2023/10/18 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4065&from_course_list_url=course_index 國家高速網路與計算中心 資料聯盟技術教育訓練 2023/10/18 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4066&from_course_list_url=course_index Microsoft 365線上研討會：智能運營與資安的完美結合 2023/10/19 https://www.systexsoftware.com.tw/News/Content/14563 網路自由小聚 [10月] ：數位韌性 Digital Resilience 2023/10/19 https://ocftw.kktix.cc/events/internetfreedom-october2023 【強化DevOps開發流程安全】 說明會報名 2023/10/19 https://www.accupass.com/event/2309080142511166709262?utm_source=web&utm_medium=search_result_%E8%B3%87%E5%AE%89&utm_campaign=accu_e_ 國家高速網路與計算中心 ANSYS LS-DYNA基礎訓練課程 2023/10/20 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4029&from_course_list_url=course_index OCF 培訓活動: 如何建立安全的網路架構 II 2023/10/21 https://ocftw.kktix.cc/events/ocftot2023 After WordCamp：你參加 WordCamp Taiwan 2023了嗎？ - 彰化小聚#34 2023/10/21 https://www.meetup.com/changhua-wordpress-meetup-group/events/296254308/ AI/Machine Learning Trivia Night! 2023/10/24 https://www.meetup.com/taipei_langchain/events/296326252/ Drupal 台北小聚 - 聊天、喝飲料、吃Pizza @聖誕老人國際股份有限公司 2023/10/25 https://www.meetup.com/drupal-mentoring-taipei/events/296351711/ ETC「智慧電網及智慧家庭之資安與互通性檢測技術研討會」訊息 2023/10/26 http://www.taiseia.org.tw/Industry/industry_more?id=1246 (ISC)2 SECURITY CONGRESS LEAD WITH CONFINDENCE 2023/10/25 ~ 2023/10/27 https://www.isc2.org/Congress-2023 不知攻，何談防？健全企業資安防護機制 2023/10/27 https://www.beclass.com/rid=284b3636525ffc017c87 旅遊服務銜接 AIGC 的各種坑 2023/10/30 https://www.meetup.com/rladies-taipei/events/296239571/ OpenText 當AI遇見資安零信任浪潮下產業新競局 - MetaAge 邁達特 2023/11/2 https://www.metaage.com.tw/events/283 ISC2 Taipei Chapter 2023年度會員大會暨「信任始於安全」研討會 2023/11/4 https://isc2taipei.kktix.cc/events/nosecuritynotrust 2023金融資安論壇-金融上雲 迎風挑戰資安布局 2023/11/7 https://www.accupass.com/event/2309260331486394385550?utm_source=web&utm_medium=search_result_%E8%B3%87%E5%AE%89&utm_campaign=accu_e_ Web應用滲透測試 2023/11/9 ~ 2023/11/10 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=631 MOPCON 2023 2023/11/11 ~ 2023/11/12 https://mopcon.kktix.cc/events/2023-students https://mopcon.kktix.cc/events/mopcon-2023 【亞洲最具指標供應鏈高峰會】Supply Chain Summit 2023 2023/11/14 ~ 2023/11/15 https://www.accupass.com/event/2307070154211343470512 國泰天職學X職游｜How IT Works SMART 2023/11/18 https://www.accupass.com/event/2309190510226744374250?utm_source=web&utm_medium=search_result_%E8%B3%87%E5%AE%89&utm_campaign=accu_e_ 2023 台灣智動化檢測驗證聯盟大會暨工業安全規範研討會 2023/11/22 https://www.accupass.com/event/2309200309193935682920?utm_source=web&utm_medium=search_result_%E8%B3%87%E5%AE%89&utm_campaign=accu_e_ High Velocity ITSM Taipei 2023/11/25 https://www.meetup.com/taipei-atlassian-community-events/events/295913312/ Jamf Nation Live Taipei 2023 2023/12/19 https://jamf.kktix.cc/events/jamfnation2023 【Monosparta】②⓪②④ 第一梯次 軟體開發實戰訓練營➠線上說明會 2024/1/17 https://trunk-studio.kktix.cc/events/monosparta-202401