###### tags: `資安事件新聞週報` # 資安事件新聞週報 2023/6/12 ~ 2023/6/16 1.重大弱點漏洞/後門/Exploit/Zero Day Cisco ASA 和 Cisco FTD 在為 SSL/TLS 配置的 Cisco Firepower 2100 系列設備上運行存在弱點 https://sec.cloudapps.cisco.com/security/center/publicationListing.x Cisco Expressway 系列和 Cisco TelePresence 視訊通信服務器權限提升弱點 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-priv-esc-Ls2B9t7b Fortinet 近日發布 FortiOS 和 FortiProxy 的安全性更新 https://www.fortiguard.com/psirt/FG-IR-23-097 Fortinet發布防火牆作業系統更新，傳出修補了SSL VPN重大漏洞 https://www.bleepingcomputer.com/news/security/fortinet-fixes-critical-rce-flaw-in-fortigate-ssl-vpn-devices-patch-now/ Fortinet證實SSL VPN重大漏洞出現攻擊行動 https://www.fortinet.com/blog/psirt-blogs/analysis-of-cve-2023-27997-and-clarifications-on-volt-typhoon-campaign Critical RCE Flaw Discovered in Fortinet FortiGate Firewalls - Patch Now! https://thehackernews.com/2023/06/critical-rce-flaw-discovered-in.html VMware 發布 Aria Operations for Networks 安全更新 https://www.vmware.com/security/advisories/VMSA-2023-0012.html MFT檔案共享系統MOVEit Transfer再度發現新漏洞 https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-CVE-Pending-Reserve-Status-June-9-2023 英國電信主管機關遭MOVEit Transfer零時差漏洞攻擊 https://therecord.media/ofcom-cyberattack-uk-regulator-moveit-vulnerability 研究人員針對MOVEit Transfer零時差漏洞發布概念性驗證程式 https://www.horizon3.ai/moveit-transfer-cve-2023-34362-deep-dive-and-indicators-of-compromise/ MOVEit Transfer再傳新的SQL注入漏洞，Progress呼籲用戶限制HTTP、HTTPS存取因應 https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-15June2023 勒索軟體Clop傳出向MOVEit Transfer攻擊受害組織勒索 https://www.bleepingcomputer.com/news/security/clop-ransomware-gang-starts-extorting-moveit-data-theft-victims/ https://edition.cnn.com/2023/06/15/politics/us-government-hit-cybeattack/index.html New Critical MOVEit Transfer SQL Injection Vulnerabilities Discovered - Patch Now! https://thehackernews.com/2023/06/new-critical-moveit-transfer-sql.html CVE-2023-34362: MOVEit Transfer SQL Injection Vulnerability Threat Brief https://unit42.paloaltonetworks.com/threat-brief-moveit-cve-2023-34362/ Clop Ransomware Gang Likely Aware of MOVEit Transfer Vulnerability Since 2021 https://thehackernews.com/2023/06/clop-ransomware-gang-likely-exploiting.html Third Flaw Uncovered in MOVEit Transfer App Amidst Cl0p Ransomware Mass Attack https://thehackernews.com/2023/06/third-flaw-uncovered-in-moveit-transfer.html 中國駭客利用VMware ESXi零時差漏洞，部署後門程式並操控VM https://www.mandiant.com/resources/blog/vmware-esxi-zero-day-bypass Chinese Hackers Exploit VMware Zero-Day to Backdoor Windows and Linux Systems https://thehackernews.com/2023/06/chinese-hackers-exploit-vmware-zero-day.html Severe Vulnerabilities Reported in Microsoft Azure Bastion and Container Registry https://thehackernews.com/2023/06/severe-vulnerabilities-reported-in.html CVE-2017-9248 Exploitation in U.S. Government IIS Server https://www.cisa.gov/news-events/analysis-reports/ar23-166a Experts Unveil Exploit for Recent Windows Vulnerability Under Active Exploitation https://thehackernews.com/2023/06/experts-unveil-poc-exploit-for-recent.html 微軟發佈6月份安全性公告 https://www.cisa.gov/news-events/alerts/2023/06/13/microsoft-releases-june-2023-security-updates Microsoft Releases Updates to Patch Critical Flaws in Windows and Other Software https://thehackernews.com/2023/06/microsoft-releases-updates-to-patch.html Barracuda郵件安全閘道零時差漏洞攻擊疑中國駭客組織所為 https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally Chinese UNC4841 Group Exploits Zero-Day Flaw in Barracuda Email Security Gateway https://thehackernews.com/2023/06/chinese-unc4841-group-exploits-zero-day.html Zero Day Vulnerability in Barracuda Email Security Gateway Appliance (ESG) (CVE-2023-2868) https://reurl.cc/EooL9R Fake Researcher Profiles Spread Malware through GitHub Repositories as PoC Exploits https://thehackernews.com/2023/06/fake-researcher-profiles-spread-malware.html Critical Security Vulnerability Discovered in WooCommerce Stripe Gateway Plugin https://thehackernews.com/2023/06/critical-security-vulnerability.html Adobe 已發布安全更新，以解決多個 Adobe 產品中的弱點 https://www.cisa.gov/news-events/alerts/2023/06/13/adobe-releases-security-updates-multiple-products Google修補Chrome 114重大漏洞 https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_13.html SAP發布6月例行更新，修補高風險漏洞 https://www.securityweek.com/sap-patches-high-severity-vulnerabilities-with-june-2023-security-updates/ Azure Bastion、Container Registry出現XSS漏洞 https://orca.security/resources/blog/examining-two-xss-vulnerabilities-in-azure-services Adobe修補電子商務平臺的重大漏洞 https://www.securityweek.com/patch-tuesday-critical-flaws-in-adobe-commerce-software/ WordPress線上付款外掛程式漏洞恐曝露客戶訂單資料 https://patchstack.com/articles/unauthenticated-idor-to-pii-disclosure-vulnerability-in-woocommerce-stripe-gateway-plugin/ 2.銀行/金融/保險/證券/金融監理 新聞及資安 Microsoft Uncovers Banking AitM Phishing and BEC Attacks Targeting Financial Giants https://thehackernews.com/2023/06/microsoft-uncovers-banking-aitm.html 駭客發動新型態的AiTM攻擊、BEC詐騙，鎖定銀行與金融服務業者而來 https://www.microsoft.com/en-us/security/blog/2023/06/08/detecting-and-mitigating-a-multi-stage-aitm-phishing-and-bec-campaign/ 3.信用卡/電子支付/行動支付/pay/支付系統/資安 600 萬張被竊卡片分析——有 1.1 萬張屬於台灣 https://www.businesstoday.com.tw/article/category/183015/post/202306120025/ 用現金落伍又頑固 數位支付業者大放送：請享受我們的監控、駭客入侵 https://udn.com/news/story/121591/7237527 4月電子支付吹起逆風　儲值匯兌轉帳都衰退 https://www.cardu.com.tw/news/detail.php?49075 綠界科技今年2大亮點 整合線上線下支付 https://ec.ltn.com.tw/article/breakingnews/4335079 存錢好輕鬆！全支付ｘ好好證券「電支雞」新功能上線 https://www.cardu.com.tw/mpay/detail.php?41280 大陸優化境外人士使用行動支付 可綁定境外金融卡 https://www.chinatimes.com/realtimenews/20230616002222-260409?chdtv 中國行動支付海外客不便 支付寶改良可綁信用卡 https://money.udn.com/money/story/5604/7238170 上海台青參觀支付寶　境外銀行卡也能在陸行動支付了 https://www.ettoday.net/news/20230615/2520943.htm 海峽論壇助力台人開通電子支付　陳志勇：短期、長期均可辦 https://www.ettoday.net/news/20230615/2520896.htm 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 北韓駭客Lazarus將Atomic Wallet贓款轉向俄羅斯 https://abmedia.io/lazarus-hack-atomic-wallet 愛沙尼亞和哈薩克斯坦警方調查Atomic錢包駭客攻擊 https://news.cnyes.com/news/id/5212978 超過5500個錢包受損害！愛沙尼亞和哈薩克警方調查Atomic Wallet的駭客攻擊事件 https://news.knowing.asia/news/c77edbcc-54a0-429f-adb2-60ac18699b5f Atomic Wallet被駭金額升至1億美元，追兇北韓駭客拉撒路Lazarus https://www.blocktempo.com/north-koreas-lazarus-group-reemerges-with-new-100-million-atomic-hack/ 幣安的投資者保護基金價值縮水11% https://reurl.cc/944ayx Knnex交易所：從根源上避開金融詐騙陷阱 https://n.yam.com/Article/20230614578717 Hashflow在攻擊事件中損失約60萬美元，派盾稱或為白帽駭客所為 https://news.cnyes.com/news/id/5215086 Two Russian Nationals Charged for Masterminding Mt. Gox Crypto Exchange Hack https://thehackernews.com/2023/06/two-russian-nationals-charged-for.html Beware: New DoubleFinger Loader Targets Cryptocurrency Wallets with Stealer https://thehackernews.com/2023/06/beware-new-doublefinger-loader-targets.html Ransomware Hackers and Scammers Utilizing Cloud Mining to Launder Cryptocurrency https://thehackernews.com/2023/06/ransomware-hackers-and-scammers.html 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 安卓惡意軟體GravityRAT鎖定WhatsApp備份資料而來 https://www.welivesecurity.com/2023/06/15/android-gravityrat-goes-after-whatsapp-backups/ 勒索軟體Rhysida聲稱從智利軍隊竊得內部資料，疑有士兵涉案 https://www.bleepingcomputer.com/news/security/rhysida-ransomware-leaks-documents-stolen-from-chilean-army/ 俄羅斯駭客Gamaredon利用USB惡意軟體攻擊烏克蘭 https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-russia-ukraine-military 竊資軟體Vidar輪替後端的基礎設施，攻擊行動更為隱匿 https://www.team-cymru.com/post/darth-vidar-the-aesir-strike-back 廢棄的AWS S3儲存桶恐被用於散布惡意軟體 https://checkmarx.com/blog/hijacking-s3-buckets-new-attack-technique-exploited-in-the-wild-by-supply-chain-attackers/ 有駭客透過盜版Windows 10光碟映像檔散布剪貼簿挾持軟體 https://news.drweb.com/show/?i=14712 駭客佯稱是資安業者的研究人員，宣稱提供零時差漏洞的PoC程式，透過推特、GitHub散布惡意軟體 https://vulncheck.com/blog/fake-repos-deliver-malicious-implant 中國駭客利用惡意軟體ChamelDoH攻擊Linux主機 https://stairwell.com/news/chamelgang-and-chameldoh-a-dns-over-https-implant/ Go語言惡意軟體Skuld鎖定Windows電腦，意圖竊取Discord和瀏覽器資料 https://www.trellix.com/en-us/about/newsroom/stories/research/skuld-the-infostealer-that-speaks-golang.html 惡意軟體ChromeLoader假借提供盜版影音、遊戲散布 https://threatresearch.ext.hp.com/wp-content/uploads/2023/06/HP_Wolf_Security_Threat_Insights_Report_Q1_2023.pdf ChatGPT的「捏造」有可能被用於惡意套件散布 https://vulcan.io/blog/ai-hallucinations-package-risk 美國伊利諾州醫院St. Margaret's Health關閉部分院區，勒索軟體攻擊是其中原因之一 https://www.securityweek.com/ransomware-attack-played-major-role-in-shutdown-of-illinois-hospital/ 惡意軟體混淆引擎BatCloak用於攻擊的情況升溫 https://www.trendmicro.com/en_us/research/23/f/analyzing-the-fud-malware-obfuscation-engine-batcloak.html 烏克蘭政治人物、美國醫療保健機構遭惡意軟體RomCom鎖定 https://blogs.blackberry.com/en/2023/06/romcom-resurfaces-targeting-ukraine 利比亞人士遭到惡意軟體Stealth Soldier鎖定 https://research.checkpoint.com/2023/stealth-soldier-backdoor-used-in-targeted-espionage-attacks-in-north-africa/ 駭客組織運用惡意程式載入工具DoubleFinger，搭配PNG圖檔散布惡意軟體 https://securelist.com/doublefinger-loader-delivering-greetingghoul-cryptocurrency-stealer/109982/ 物聯網殭屍網路針對電信業者而來 https://www.nokia.com/networks/security-portfolio/threat-intelligence-report/ 越南企業遭後門程式Spectralviper鎖定 https://www.elastic.co/security-labs/elastic-charms-spectralviper 澳洲大型律師事務所HWL Ebsworth遭到勒索軟體BlackCat攻擊，駭客洩露1.4 TB資料 https://www.bleepingcomputer.com/news/security/blackcat-ransomware-fails-to-extort-australian-commercial-law-giant/ SharePoint Online遭勒索軟體攻擊，不經電腦也可以感染 https://www.ithome.com.tw/news/157280 下載微軟Win10小心！非官方版藏木馬「可躲防毒軟體偵測」，已盜取1.9萬鎂加密資產 https://www.blocktempo.com/pirated-windows-builds-with-crypto-stealer-via-efi-partition/ Sneaky DoubleFinger loads GreetingGhoul targeting your cryptocurrency https://securelist.com/doublefinger-loader-delivering-greetingghoul-cryptocurrency-stealer/109982/ A Truly Graceful Wipe Out https://thedfirreport.com/2023/06/12/a-truly-graceful-wipe-out/ The Phantom Menace: Brute Ratel remains rare and targeted https://news.sophos.com/en-us/2023/05/18/the-phantom-menace-brute-ratel-remains-rare-and-targeted/ https://github.com/sophoslabs/IoCs/blob/master/ATK-Brutel.csv Brand Impersonation Campaign Targeting Big Brands https://bolster.ai/blog/brand-impersonation-scam COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises https://www.mandiant.com/resources/blog/cosmicenergy-ot-malware-russian-response Pirated Windows builds with crypto stealer that penetrates EFI partition https://news.drweb.com/show/?i=14712&lng=en https://github.com/DoctorWebLtd/malware-iocs/blob/master/Trojan.Clipper.231/README.adoc Android Malware Impersonates ChatGPT-Themed Applications https://otx.alienvault.com/pulse/648b79387967f2109520998e Stealth Soldier: A New Custom Backdoor Targets North Africa with Espionage Attacks https://thehackernews.com/2023/06/stealth-soldier-new-custom-backdoor.html Cybercriminals Using Powerful BatCloak Engine to Make Malware Fully Undetectable https://thehackernews.com/2023/06/cybercriminals-using-powerful-batcloak.html New SPECTRALVIPER Backdoor Targeting Vietnamese Public Companies https://thehackernews.com/2023/06/new-spectralviper-backdoor-targeting.html New Golang-based Skuld Malware Stealing Discord and Browser Data from Windows PCs https://thehackernews.com/2023/06/new-golang-based-skuld-malware-stealing.html 勒索軟體LockBit不法所得逾9千萬美元 https://www.cisa.gov/news-events/news/us-and-international-partners-release-comprehensive-cyber-advisory-lockbit-ransomware LockBit Ransomware Extorts $91 Million from U.S. Companies https://thehackernews.com/2023/06/lockbit-ransomware-extorts-91-million.html 20-Year-Old Russian LockBit Ransomware Affiliate Arrested in Arizona https://thehackernews.com/2023/06/20-year-old-russian-lockbit-ransomware.html Vidar Malware Using New Tactics to Evade Detection and Anonymize Activities https://thehackernews.com/2023/06/vidar-malware-using-new-tactics-to.html Warning: GravityRAT Android Trojan Steals WhatsApp Backups and Deletes Files https://thehackernews.com/2023/06/warning-gravityrat-android-trojan.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 Apple's Safari Private Browsing Now Automatically Removes Tracking Parameters in URLs https://thehackernews.com/2023/06/apples-safari-private-browsing-now.html Over Half of Security Leaders Lack Confidence in Protecting App Secrets, Study Reveals https://thehackernews.com/2023/06/over-half-of-security-leaders-lack.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 駭客攻擊？全台各地檢署網站出現藍畫面掛掉 https://www.01.today/20230615/27115 不再駭怕 南大邀請微智安聯蔡一郎分享資安威脅與駭侵手法 https://www.chinatimes.com/campus/20230614003906-262301?chdtv 英國計畫於秋季舉辦全球AI安全高峰會 https://www.gov.uk/government/news/uk-to-host-first-global-summit-on-artificial-intelligence 微軟Azure入口網站暫停運作，疑為駭客組織Anonymous Sudan發動DDoS攻擊所致 https://www.bleepingcomputer.com/news/microsoft/microsofts-azure-portal-down-following-new-claims-of-ddos-attacks/ 微軟Azure入口網站服務中斷，起因是流量大幅增加 https://www.bleepingcomputer.com/news/microsoft/microsoft-azure-portal-outage-was-caused-by-traffic-spike-/ 瑞士政府遭到俄羅斯駭客NoName發動DDoS攻擊 https://www.bleepingcomputer.com/news/security/swiss-government-warns-of-ongoing-ddos-attacks-data-leak/ 俄羅斯駭客Cadet Blizzard鎖定烏克蘭組織發動資料破壞攻擊 https://www.microsoft.com/en-us/security/blog/2023/06/14/cadet-blizzard-emerges-as-a-novel-and-distinct-russian-threat-actor/ 俄羅斯網路服務供應商Infotel JSC遭到烏克蘭駭客癱瘓，當地銀行連線中斷 https://www.bleepingcomputer.com/news/security/ukrainian-hackers-take-down-service-provider-for-russian-banks/ 駭客假冒新聞記者竊取300萬美元加密貨幣 https://drops.scamsniffer.io/post/pink-drainer-steals-3m-from-multiple-hack-events-including-openai-cto-orbiter-finance/ 10年內中共恐攻台！華府專家揭「網軍滲透侵略」 https://reurl.cc/ZWWvdV 美智庫：10年內中共攻台　網軍入侵健保系統侵略 https://www.rfa.org/cantonese/news/htm/tw-data-06152023021907.html 鎖定亞太與台灣 中國駭客涉及大規模網路間諜活動 https://www.rti.org.tw/news/view/id/2170891 資安業者：駭客替北京當間諜　至少16國受害 https://www.nownews.com/news/6171656 布林肯訪中前夕，中國遭揭露支持駭客進行網路間諜攻擊，台灣、香港、美國皆受害 https://www.thenewslens.com/article/187237 中國駭客網攻威脅 美官員示警：美國應做好準備 https://udn.com/news/story/6813/7231041 美中衝突 中共會網攻基礎設施 https://reurl.cc/lDDAnY 疑遭中監聽　白宮：無礙布林肯訪華 https://www.ctwant.com/article/263302 習下令「整治整訓」 軍隊國安再掀風暴 https://reurl.cc/011Rkb 天津法輪功學員曝光奴工產品 https://reurl.cc/K00REg 香港網路趨向「中共化」 使用ChatGPT得翻牆 https://reurl.cc/944aWd 駭客組織「匿名者」力挺白紙革命 癱瘓中國政府網站要求釋放民眾 https://reurl.cc/944axV 微軟示警攻烏駭客Cadet Blizzard與俄軍情局有關 https://reurl.cc/655x36 CNN：駭客藉軟體漏洞發動網攻 影響美聯邦機構 https://news.ltn.com.tw/news/world/breakingnews/4335397 Asylum Ambuscade: A Cybercrime Group with Espionage Ambitions https://thehackernews.com/2023/06/asylum-ambuscade-cybercrime-group-with.html New Supply Chain Attack Exploits Abandoned S3 Buckets to Distribute Malicious Binaries https://thehackernews.com/2023/06/new-supply-chain-attack-exploits.html New Report Reveals Shuckworm's Long-Running Intrusions on Ukrainian Organizations https://thehackernews.com/2023/06/new-report-reveals-shuckworms-long.html Microsoft Warns of New Russian State-Sponsored Hacker Group with Destructive Intent https://thehackernews.com/2023/06/microsoft-warns-of-new-russian-state.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 Password Reset Hack Exposed in Honda's E-Commerce Platform, Dealers Data at Risk https://thehackernews.com/2023/06/password-reset-hack-exposed-in-hondas-e.html Beware: 1,000+ Fake Cryptocurrency Sites Trap Users in Bogus Rewards Scheme https://thehackernews.com/2023/06/beware-1000-fake-cryptocurrency-sites.html New Research: 6% of Employees Paste Sensitive Data into GenAI tools as ChatGPT https://thehackernews.com/2023/06/new-research-6-of-employees-paste.html 北韓駭客仿造韓國最大入口網站Naver發動釣魚攻擊 https://www.nis.go.kr/resources/synap/skin/doc.html?fn=NIS_FILE_1686705163182 上百個流行服飾品牌網站遭到仿冒！駭客架設6千個網站進行網釣攻擊 https://bolster.ai/blog/brand-impersonation-scam 駭客假借歐洲大型媒體會議Anga Com的名義，鎖定廣電媒體、網路服務業者發動網釣攻擊 https://www.bleepingcomputer.com/news/security/swiss-government-warns-of-ongoing-ddos-attacks-data-leak/ 數十個組織遭到BEC商業郵件詐騙駭客鎖定，濫用Cloudflare圖靈驗證來迴避偵測 https://blog.sygnia.co/cracking-global-phishing-campaign-using-threat-intelligence-toolkit 密碼外洩查詢網站Have I Been Pwned透露投資研究機構Zacks資料外洩事件影響範圍 https://www.bleepingcomputer.com/news/security/have-i-been-pwned-warns-of-new-zacks-data-breach-impacting-8-million/ 醫療帳務解決方案業者Intellihartx證實遭到GoAnywhere漏洞攻擊，49萬病人個資受到影響 https://www.itxcompanies.com/noticeoffortradatasecurityincident 40歲男涉駭「myTV Super」盜3.5萬用戶資料　無綫：不涉信用卡資料 https://reurl.cc/K00Rvj 盜取TVB客戶資料 網罪科拘一男 http://www.hkcd.com/hkcdweb/content/2023/06/13/content_1404792.html 網傳「行李箱外不要寫地址，以免遭偷渡毒品；登機證不要丟垃圾桶，以免個資外洩」 https://tfc-taiwan.org.tw/articles/9251 艾莉絲創業7年遇「國際詐騙」　痛心還原遭詐過程「1年通信全被監視」 https://www.ctwant.com/article/263635 Toyota 雲端配置錯誤，客戶個資外洩達 7 年 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10507 E.研究報告/工具 研究人員揭露駭客偏好針對RDP發動攻擊的現象，3個月內發動逾340萬次攻擊 https://www.bleepingcomputer.com/news/security/rdp-honeypot-targeted-35-million-times-in-brute-force-attacks/ Why Now? The Rise of Attack Surface Management https://thehackernews.com/2023/06/why-now-rise-of-attack-surface.html 5 Reasons Why Access Management is the Key to Securing the Modern Workplace https://thehackernews.com/2023/06/5-reasons-why-access-management-is-key.html Researchers Uncover Publisher Spoofing Bug in Microsoft Visual Studio Installer https://thehackernews.com/2023/06/researchers-uncover-publisher-spoofing.html Where from, Where to — The Evolution of Network Security https://thehackernews.com/2023/06/where-from-where-to-evolution-of.html Activities in the Cybercrime Underground Require a New Approach to Cybersecurity https://thehackernews.com/2023/06/activities-in-cybercrime-underground.html F.商業 Google發表AI系統安全框架SAIF https://blog.google/technology/safety-security/introducing-googles-secure-ai-framework/ Secure Code Warrior 攜手叡揚資安 為台灣企業注入安全文化DNA https://www.gss.com.tw/focus/news-center/3460-SecureCodeWarrior20230613 G.政府 針對去年裴洛西訪臺資安事件頻傳，監察院要求數位部強化資安管理 https://www.cy.gov.tw/News_Content.aspx?n=125&sms=8912&s=26604 資安事件頻傳 監察院請數位部強化管理 https://udn.com/news/story/7240/7234447 全民國防應變手冊公布 緊急避難包必備清單一次看 https://www.cna.com.tw/news/aipl/202306130149.aspx 台糖×南市調查處共守資訊安全防範駭客入侵 https://n.yam.com/Article/20230614243513 資安即國安！林口長庚、桃園市調查處簽訂合作備忘錄 https://tyenews.com/2023/06/395154/ H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 西門子、施耐德電機發布6月例行更新 https://www.securityweek.com/ics-patch-tuesday-siemens-addresses-over-180-third-party-component-vulnerabilities/ 研究人員藉由電磁故障注入手法，竄改無人機韌體 https://labs.ioactive.com/2023/06/applying-fault-injection-to-firmware.html 數位化成定局　TXOne專為OT打造資安防護網 https://www.eettaiwan.com/20230614nt31-building-a-security-protection-network-for-ot/ I.教育訓練 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 6.近期資安活動及研討會 線上資安專題講座- Large Language Model帶給供應鏈威脅獵捕的野望 2023/6/17 https://isipevent.kktix.cc/events/6c2fc51b-copy-1 2023 Empowering Yourself, Empowering Others Series: 調出跨文化故事力 2023/6/20 https://www.meetup.com/women-who-code-taipei/events/293462074/ Taipei dbt Meetup #12 (in-person 👫 & online 👨‍💻) 2023/6/21 https://www.meetup.com/taipei-dbt-meetup/events/293758471/ 從「會動就好」到「持續營運」 2023/6/24 https://www.accupass.com/event/2305270631121994465958 Raspberry Pi 樹莓派社群聚會 #38 2023/6/26 https://raspberrypi-tw-bdfa45.kktix.cc/events/meetup38 「以小博大：透過工具及社群提升公民數位韌性」座談會 2023/6/27 https://www.twsig.tw/20230627/ 黑客視角：網站漏洞挖掘與防禦 ( 線上課程) 2023/6/27 https://forms.gle/JpThJxMgxZd3uNh39 黑客視角：網站漏洞挖掘與防禦 ( 實體課程) 2023/6/28 https://forms.gle/qQAqx8KZzzntSyLd9 SaaS軟體PM-技術實戰班｜AWS雲端架構設計｜軟體資安｜AWS實作Lab｜模擬試題 2023/6/30 https://www.accupass.com/event/2305310854254976071070 SGS汽車供應鏈發展新趨勢 研討會 電動車產業關鍵佈局 迎向智慧 安全新未來 2023/7/4 https://www.accupass.com/event/2304250153518811535560 網路自由小聚 [7月] ：數位人權國際會議 會後分享會 2023/7/4 https://ocftw.kktix.cc/events/internetfreedom-july 2023-零信任存取 - APPLE資安研討會 2023/7/5 https://2023gettechnology.kktix.cc/events/48f91757 台灣駭客年會 HITCON Training 2023 2023/7/12 ~ 2023/7/15 https://hitcon.kktix.cc/events/hitcon-training-2023 大數據分析進階班 2023/7/27 ~ 2023/7/28 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=600 【舒虎教育】《區塊鏈初階課程》平日班 2023/7/27 ~ 2023/7/28 https://www.accupass.com/event/2305280843071623542481 【舒虎教育】《區塊鏈初階課程》假日班 2023/7/29 ~ 2023/7/30 https://www.accupass.com/event/2305280843202058678448 COSCUP 2023 2023/07/29 ~ 2023/07/30 https://coscup.org/2023/zh-TW/landing InfoSec Taiwan 2023 國際資安大會 2023/8/1 ~ 2023/8/3 https://csa.kktix.cc/events/infosectaiwan2023 大數據分析進階班 2023/8/10 ~ 2023/8/11 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=611 DEF CON 32 2023/8/10 ~ 2023/8/13 https://defcon.org/index.html AIoT應用實作研習班 2023/8/16 ~ 2023/8/17 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=601 HITCON CMT 2023 2023/08/18 ~ 2023/08/19 https://hitcon.org/2023/CMT/ 大數據分析進階班 (台中) 2023/8/21 ~ 2023/8/22 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=612 AIoT應用實作研習班 (台中) 2023/8/23 ~ 2023/8/24 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=604 PyCon TW 2023 2023/9/2 ~ 2023/9/3 https://tw.pycon.org/2023/zh-hant/registration/tickets Web應用滲透測試 2023/9/7 ~ 2023/9/8 https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=631 Hou.Sec.Con 2023/10/12 ~ 2023/10/13 https://web.cvent.com/event/76d46ccb-fe00-4fe5-ba46-e4a77c807f21/summary (ISC)2 SECURITY CONGRESS LEAD WITH CONFINDENCE 2023/10/25 ~ 2023/10/27 https://www.isc2.org/Congress-2023