###### tags: `資安事件新聞週報` # 資安事件新聞週報 2024/7/8 ~ 2024/7/12 1.重大弱點漏洞/後門/Exploit/Zero Day Citrix 發布 NetScaler 安全性更新 https://support.citrix.com/article/CTX677998/netscaler-console-agent-and-sdx-security-bulletin-for-cve20246235-and-cve20246236 Citrix修補應用程式交付平臺NetScaler高風險漏洞，若不處理恐面臨資訊洩露、阻斷服務風險 https://www.ithome.com.tw/news/163899 Palo Alto Networks修補移轉工具Expedition缺乏身分驗證的重大漏洞 https://security.paloaltonetworks.com/CVE-2024-5910 Palo Alto Networks Patches Critical Flaw in Expedition Migration Tool https://thehackernews.com/2024/07/palo-alto-networks-patches-critical.html VMware揭露自動化處理平臺存在高風險漏洞，攻擊者可對其發動SQL注入攻擊 https://www.ithome.com.tw/news/163898 研究發現RADIUS協定存在漏洞Blast RADIUS，可讓駭客發動中間人攻擊 https://www.ithome.com.tw/news/163887 Apache HTTP Server 2.4.59 CVE-2024-39573 https://nvd.nist.gov/vuln/detail/CVE-2024-39573 Apache基金會修補HTTP伺服器的程式碼洩露弱點 https://httpd.apache.org/security/vulnerabilities_24.html 已知的PHP重大漏洞被用於散布Gh0st RAT、Muhstik及挖礦程式 https://www.akamai.com/blog/security-research/2024-php-exploit-cve-one-day-after-disclosure PHP Vulnerability Exploited to Spread Malware and Launch DDoS Attacks https://thehackernews.com/2024/07/php-vulnerability-exploited-to-spread.html Dell Remote Access Controller 9 CVE-2024-25943 https://nvd.nist.gov/vuln/detail/CVE-2024-25943 Dell PowerProtect DD https://nvd.nist.gov/vuln/detail/CVE-2024-29176 https://nvd.nist.gov/vuln/detail/CVE-2024-37140 VMware Issues Patches for Cloud Foundation, vCenter Server, and vSphere ESXi https://www.linkedin.com/pulse/vmware-issues-patches-cloud-foundation-vcenter-server-vsphere-xkaxf/ IBM MQ CVE-2024-31912 https://nvd.nist.gov/vuln/detail/CVE-2024-31912 IBM Security QRadar Manager for YARA and SIGMA Rules App for IBM QRadar SIEM is vulnerable to using a component with a known vulnerability (CVE-2024-35195) https://www.ibm.com/support/pages/node/7160150 IBM QRadar SIEM protocols are vulnerable to Security Restriction Bypass ( CVE-2020-13956) https://www.ibm.com/support/pages/node/7160139 IBM QRadar SIEM contains multiple vulnerabilities https://www.ibm.com/support/pages/node/7160134 GeoServer 漏洞曝光：開源地理位置資訊伺服器受到攻擊風險 https://www.twcert.org.tw/tw/cp-104-7920-1cf4e-1.html New OpenSSH Vulnerability Discovered: Potential Remote Code Execution Risk https://thehackernews.com/2024/07/new-openssh-vulnerability-discovered.html RegreSSHion exploit, CVE-2024-6387: A Write-Up https://www.offsec.com/blog/regresshion-exploit-cve-2024-6387/ CVE-2024-6387-Vulnerability-Checker https://github.com/filipi86/CVE-2024-6387-Vulnerability-Checker/ How CVE-2022-24785 MomentJS Path Traversal Works: Detailed Exploit Guide https://0xjay.com/how-cve-2022-24785-momentjs-path-traversal-works-detailed-exploit-guide 微軟發佈7月份安全性公告 https://msrc.microsoft.com/update-guide/releaseNote/2024-Jul https://www.cisa.gov/news-events/alerts/2024/07/09/microsoft-releases-july-2024-security-updates 微軟7月修補143個安全漏洞，包括4個零時差漏洞 https://www.ithome.com.tw/news/163856 Microsoft's July Update Patches 143 Flaws, Including Two Actively Exploited https://thehackernews.com/2024/07/microsofts-july-update-patches-143.html Windows 10明年終止支援，資安業者推漏洞修補服務，費用僅微軟ESU的1/4 https://www.ithome.com.tw/news/163795 微軟修補MSHTML零時差漏洞消息剛發布，但去年1月就有駭客濫用漏洞，今年5月又被發現有人藉此散布竊資軟體Atlantida https://www.ithome.com.tw/news/163889 Microsoft: Windows 11 22H2 reaches end of service in October https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-11-22h2-reaches-end-of-service-in-october/ IBM QRadar Wincollect is using components with known vulnerabilities https://www.ibm.com/support/pages/node/7159865 IBM QRadar Deployment Intelligence app for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities (CVE-2024-4067, CVE-2024-28849, CVE-2024-4068) https://www.ibm.com/support/pages/node/7159781 IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities https://www.ibm.com/support/pages/node/7159783 Critical Unpatched Flaws Disclosed in Popular Gogs Open-Source Git Service https://thehackernews.com/2024/07/critical-vulnerabilities-disclosed-in.html ChatGPT 4 can exploit 87% of one-day vulnerabilities https://securityintelligence.com/articles/chatgpt-4-exploits-87-percent-one-day-vulnerabilities/ 文件轉換程式庫Ghostscript存在RCE漏洞，傳出已被用於攻擊行動 https://www.ithome.com.tw/news/163894 RCE bug in widely used Ghostscript library now exploited in attacks https://www.bleepingcomputer.com/news/security/rce-bug-in-widely-used-ghostscript-library-now-exploited-in-attacks/ Cybercriminals Escalate Attacks Exploiting Microsoft SmartScreen Flaw (CVE-2024-21412) https://securityonline.info/cybercriminals-escalate-attacks-exploiting-microsoft-smartscreen-flaw-cve-2024-21412/ CVE-2024-36138: High-Severity Vulnerability in Node.js Allows Code Execution on Windows https://securityonline.info/cve-2024-36138-high-severity-vulnerability-in-node-js-allows-code-execution-on-windows/ Node.js 多個漏洞 https://www.hkcert.org/tc/security-bulletin/node-js-multiple-vulnerabilities_20240709 Hackers Exploiting Jenkins Script Console for Cryptocurrency Mining Attacks https://thehackernews.com/2024/07/hackers-exploiting-jenkins-script.html 中國網路間諜組織利用思科NX-OS零日漏洞進行攻擊 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11128 WhatsUp Gold SetAdminPassword Privilege Escalation CVE-2024-5009 https://summoning.team/blog/progress-whatsup-gold-privesc-setadminpassword-cve-2024-5009/ Resurrecting Internet Explorer: Threat Actors Using Zero-day https://research.checkpoint.com/2024/resurrecting-internet-explorer-threat-actors-using-zero-day-tricks-in-internet-shortcut-file-to-lure-victims-cve-2024-38112/ 文件轉換程式庫Ghostscript存在RCE漏洞，傳出已被用於攻擊行動 https://codeanlabs.com/blog/research/cve-2024-29510-ghostscript-format-string-exploitation/ Adobe針對Premiere、InDesign、Bridge修補重大層級漏洞 https://www.securityweek.com/adobe-issues-critical-patches-for-multiple-products-warns-of-code-execution-risks/ SAP修補生命週期成本會計工具PDCE、Commerce高風險漏洞 https://onapsis.com/blog/sap-patch-day-july-2024/ Adobe 發布多個產品的安全性更新 https://www.cisa.gov/news-events/alerts/2024/07/09/adobe-releases-security-updates-multiple-products https://helpx.adobe.com/security/products/bridge/apsb24-51.html https://helpx.adobe.com/security/products/indesign/apsb24-48.html https://helpx.adobe.com/security/products/premiere_pro/apsb24-46.html Splunk Enterprise https://nvd.nist.gov/vuln/detail/CVE-2024-36983 https://nvd.nist.gov/vuln/detail/CVE-2024-36985 https://nvd.nist.gov/vuln/detail/CVE-2024-36997 https://nvd.nist.gov/vuln/detail/CVE-2024-36982 https://nvd.nist.gov/vuln/detail/CVE-2024-36989 GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Jobs https://thehackernews.com/2024/07/gitlab-patches-critical-flaw-allowing.html New Ransomware Group Exploiting Veeam Backup Software Vulnerability https://thehackernews.com/2024/07/new-ransomware-group-exploiting-veeam.html Critical Exim Mail Server Vulnerability Exposes Millions to Malicious Attachments https://thehackernews.com/2024/07/critical-exim-mail-server-vulnerability.html CVE-2024-4577 Exploits in the Wild One Day After Disclosure https://www.akamai.com/blog/security-research/2024-php-exploit-cve-one-day-after-disclosure 2.銀行/金融/保險/證券/金融監理 新聞及資安 資安院攜手政大培育金融資安人才 提升防護量能 https://reurl.cc/9vjXyY 蘇建榮：資安是總體金融穩定的戰略關鍵 https://reurl.cc/DjR68j 券商設反詐騙專區 可獲補助 https://reurl.cc/r9m84x 個人投顧用AI當沖爆賺要納管 金管會回應了 https://www.ctee.com.tw/news/20240710700817-430301?utm=LINE_share_btn 開放第四家純網銀？彭金隆：開放之門並沒有關掉 https://www.ctee.com.tw/news/20240710701128-430301 3.信用卡/電子支付/行動支付/pay/支付系統/資安 WordPress、Magento、OpenCart網站遭到新型態信用卡側錄工具Caesar Cipher Skimmer鎖定 https://www.ithome.com.tw/news/163821 Experts Warn of Mekotio Banking Trojan Targeting Latin American Countries https://thehackernews.com/2024/07/experts-warn-of-mekotio-banking-trojan.html 網路訂房交易異常「輸入信用卡秒盜刷」　4大旅遊陷阱曝光 https://finance.ettoday.net/news/2772683 蘋果與歐盟達成協議 向競爭對手開放行動支付系統 https://news.cnyes.com/news/id/5635851 LINE Pay開通韓國跨境支付！各家信用卡優惠、使用方式一次看 https://dailyview.tw/popular/detail/26808 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 今年上半年駭客和網路漏洞竊取的加密貨幣金額達13.8億美元 https://www.panewslab.com/zh_hk/sqarticledetails/5oba4fzwFt.html Bittensor：PyPi軟體包漏洞引發駭客攻擊，正與交易平台合作追回資金 https://bitnance.vip/news/66f440ed-ff45-4322-9a43-245fde264e90 Mt. Gox 開始償還債權人！BTC 跌勢擴大瀉逾 6% 、全網合約爆倉超過 6 億美元 https://blockcast.it/2024/07/05/mt-gox-starts-making-repayments-bitcoin-faces-heavy-selling-pressure/ Mt.Gox還款砸盤10月才結束！分析師：比特幣未實現利潤偏高，仍有新拋壓 https://www.blocktempo.com/mt-gox-repayments-may-stretch-until-october/ TON活躍用戶半年激增20倍！請小心這些詐騙風險 https://www.blocktempo.com/ton-user-increase-might-bring-potential-risk/ 聯準會「降息」訊號彈遲來 比特幣連環摔至兩個月新低 https://n.yam.com/Article/20240705175900#google_vignette 比特幣失守5.5萬美元　「減半」後兩大因素發酵觸發今輪跌浪 https://reurl.cc/oRjxKj Multicoin Capital承諾為支持加密貨幣的參議院候選人提供高達100萬美元的捐款 https://www.panewslab.com/zh_hk/sqarticledetails/6hyh9i7rFt.html TRM Labs：交易所駭客攻擊導致 2024 年加密貨幣被盜數量激增 https://news.cnyes.com/news/id/5628323 推動數位貨幣 央行：2025年辦公聽會、研議法律架構 https://www.cna.com.tw/news/afe/202407070101.aspx 央行推CBDC沒有時間表 先鎖定三大工程推進 https://www.chinatimes.com/amp/realtimenews/20240707002285-260410 憂Mt. Gox賠償觸發比特幣賣壓 加密貨幣市場流血 https://www.moneydj.com/kmdj/news/newsviewer.aspx?a=32f76327-2771-4354-9f8f-f8e8ef40a503&c=MB010000 以太坊將發起一個價值 200 萬美元的全協議「駭客馬拉松」 https://m.cnyes.com/news/id/5631261 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 資安業者SentinelOne發布3年追蹤APT駭客組織的調查，證實勒索軟體具備分散注意力的效果 https://www.ithome.com.tw/news/163807 人事廣告 可能藏病毒或是公司激勵機制 https://www.worldjournal.com/wj/story/121360/8078681?from=wj_catelistnews_index 今年3月竄出的勒索軟體Eldorado鎖定Windows、Linux與VMware ESXi平臺，已有16家企業遭受攻擊 https://www.ithome.com.tw/news/163819 專攻Linux系統的殭屍網路病毒Zergeca浮上檯面！因資安公司攔截到加殼惡意程式，後續有人上傳VirusTotal測試是否能被偵測而曝光 https://www.ithome.com.tw/news/163823 駭客假借提供知名AI應用程式散布Rilide Stealer、Vidar Stealer https://www.helpnetsecurity.com/2024/07/05/infostealing-malware-generative-ai 惡意軟體載入工具GootLoader透過多階段攻擊鏈散布，駭客佯稱提供法律文件範本引誘使用者上當 https://www.ithome.com.tw/news/163828 駭客鎖定以色列政府機關及企業組織，意圖散布以開源工具打造的惡意程式GrassHopper https://www.ithome.com.tw/news/163840 中東國家的軍事人員遭到惡意程式GuardZoo鎖定，逾450人安卓手機遭到監控 https://www.lookout.com/threat-intelligence/guardzoo-houthi-android-surveillanceware 拉丁美洲礦業、製造業遭到鎖定，駭客對其散布木馬程式Poco RAT https://cofense.com/blog/new-malware-campaign-targeting-spanish-language-victims/ 中國駭客APT41使用惡意程式DodgeBox於受害電腦載入MoonWalk後門 https://www.zscaler.com/blogs/security-research/dodgebox-deep-dive-updated-arsenal-apt41-part-1 Chinese APT41 Upgrades Malware Arsenal with DodgeBox and MoonWalk https://thehackernews.com/2024/07/chinese-apt41-upgrades-malware-arsenal.html Distribution of AsyncRAT Disguised as Ebook https://asec.ahnlab.com/en/67861/ ChamelGang & Friends | Cyberespionage Groups Attacking Critical Infrastructure with Ransomware https://www.sentinelone.com/labs/chamelgang-attacking-critical-infrastructure-with-ransomware/ Google Spy engine | Tracking, Malware Repository https://otx.alienvault.com/pulse/6688e142f0c8f5ddecbc788c GootLoader Malware Still Active, Deploys New Versions for Enhanced Attacks https://thehackernews.com/2024/07/gootloader-malware-delivers-new.html New Golang-Based Zergeca Botnet Capable of Powerful DDoS Attacks https://thehackernews.com/2024/07/new-golang-based-zergeca-botnet-capable.html Hackers attack HFS servers to drop malware and Monero miners https://www.bleepingcomputer.com/news/security/hackers-attack-hfs-servers-to-drop-malware-and-monero-miners/ Turla: A Master of Deception https://www.gdatasoftware.com/blog/2024/07/37977-turla-evasion-lnk-files Trojanized jQuery Packages Found on npm, GitHub, and jsDelivr Code Repositories https://thehackernews.com/2024/07/trojanized-jquery-packages-found-on-npm.html BlackSuit Ransomware: Insights and Defense Strategies https://areteir.com/article/understanding-blacksuit-ransomware/ GuardZoo Malware Targets Over 450 Middle Eastern Military Personnel https://thehackernews.com/2024/07/guardzoo-malware-targets-over-450.html Dark Web Malware Logs Expose 3,300 Users Linked to Child Abuse Sites https://thehackernews.com/2024/07/dark-web-malware-logs-expose-3300-users.html FBI Distributes 7,000 LockBit Ransomware Decryption Keys to Help Victims https://www.linkedin.com/pulse/fbi-distributes-7000-lockbit-ransomware-decryption-keys-oufyf/ VayGren and Mr.Burns: Strong Ties in Finance https://www.facct.ru/blog/vasygrek-and-mr-burns/ Kematian-Stealer: A Deep Dive into a New Information Stealer https://www.cyfirma.com/research/kematian-stealer-a-deep-dive-into-a-new-information-stealer Persistent npm Campaign Shipping Trojanized jQuery https://blog.phylum.io/persistent-npm-campaign-shipping-trojanized-jquery/ Decrypted: DoNex Ransomware and its Predecessors https://decoded.avast.io/threatresearch/decrypted-donex-ransomware-and-its-predecessors/ Resurrecting Internet Explorer: Threat Actors Using Zero-day Tricks in Internet Shortcut File to Lure Victims (CVE-2024-38112) https://research.checkpoint.com/2024/resurrecting-internet-explorer-threat-actors-using-zero-day-tricks-in-internet-shortcut-file-to-lure-victims-cve-2024-38112/ Hamas Hackers Sling Stealthy Spyware Across Egypt, Palestine https://www.linkedin.com/pulse/hamas-hackers-sling-stealthy-spyware-across-egypt-palestine-stfef/ B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 蘋果向近百個國家iPhone用戶發布警報，部分疑似遭到間諜軟體鎖定 https://techcrunch.com/2024/07/10/apple-alerts-iphone-users-in-98-countries-to-mercenary-spyware-attacks/ Apple Removes VPN Apps from Russian App Store Amid Government Pressure https://thehackernews.com/2024/07/apple-removes-vpn-apps-from-russian-app.html Apple Geolocation API Exposes Wi-Fi Access Points Worldwide https://www.darkreading.com/endpoint-security/apple-geolocation-api-exposes-wi-fi-access-points-worldwide New Ransomware Group Exploiting Veeam Backup Software Vulnerability https://thehackernews.com/2024/07/new-ransomware-group-exploiting-veeam.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 樂天市場揭露產品資安檢測方法 https://www.ithome.com.tw/news/163842 上千人搶修、文組生也聽得懂的AI課　被學生「駭」出高分怎麼辦 https://www.cw.com.tw/article/5131043 CI/CD平臺Jenkins的指令碼主控臺遭到鎖定，駭客將其用於挖礦 https://www.trendmicro.com/en_us/research/24/g/turning-jenkins-into-a-cryptomining-machine-from-an-attackers-pe.html Google宣布暗網監控功能將提供所有用戶使用 https://www.ithome.com.tw/news/163860 資安考量，微軟中國地區員工 9 月起只能用 iPhone 工作 https://finance.technews.tw/2024/07/08/microsoft-in-china-iphone/ 無法以Google Play驗證身分有效性　微軟要求中國員工用iPhone https://www.rfa.org/cantonese/news/microsoft-07092024003202.html 掰了華為、小米！資安考量 微軟令中國員工9月起全面改用iPhone工作 https://www.rti.org.tw/news/view/id/2212318 微軟要求大陸區職員 9月起禁用Android機 只能用iPhone https://www.sinotrade.com.tw/richclub/news/668bbfaa32ba0c933138a9dd 微軟祭安卓禁令！中國員工9月起「辦公只能用iPhone」，發生什麼事？發言人揭關鍵原因 https://www.bnext.com.tw/article/79692/microsoft-android-iphone-2024 美國出現「子彈販賣機」！ 專家警告：恐淪駭客目標 https://news.ltn.com.tw/news/world/breakingnews/4730574 研究人員調查與確認polyfill供應鏈攻擊範圍，至少有超過163萬臺網站伺服器曝險 https://www.ithome.com.tw/news/163834 Cloudflare的DNS解析器傳出遭遇邊界閘道協定挾持攻擊 https://blog.cloudflare.com/cloudflare-1111-incident-on-june-27-2024 宅配通部份資訊系統遭受駭客網路攻擊 https://reurl.cc/0vA2O9 宅配通：公司部份資訊系統遭受駭客網路攻擊 https://today.line.me/tw/v2/article/mWYRz1p 宅配通(2642)7/8部份資訊系統遭駭，經查對公司營運無重大影響 https://ww2.money-link.com.tw/RealtimeNews/NewsContent.aspx?SN=2084075002&PU=0010#google_vignette 部分資訊系統遭駭客攻擊 東元：對營運尚無重大影響 https://www.cna.com.tw/news/afe/202407080190.aspx 上市櫃公司再爆資安事件 東元部分網路遭駭客攻擊：無重大影響 https://udn.com/news/story/7240/8081137?from=udn-ch1_breaknews-1-cate6-news 集團子公司遭駭客攻擊　聖暉*發重訊：已啟動加強資安 https://finance.ettoday.net/news/2773403 露營烤架也會被入侵　更新軟體防禦駭客 https://www.technice.com.tw/techmanage/telecom/122472/ OpenAI 遭駭客攻擊導致內部備忘錄外洩 卻未即時通告引爭議 https://netmag.tw/2024/07/10/openai-hacked-delayed-disclosure-sparks-controversy OpenAI遭駭客入侵未公開　專家警告AI公司勿輕視安全 https://www.knews.com.tw/news/98F81587C7491D2C8DF3BFD1C5ED9EB7 OpenAI傳內部AI細節去年遭駭、高層決定不公開 https://reurl.cc/LWE75L OpenAI隱瞞駭客攻擊事件：公司治理和安全意識面臨挑戰 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11129 OpenAI去年遭駭竊取機密 卻未公開揭露 引發資安憂慮 https://udn.com/news/story/6811/8075757 OpenAI傳去年遭駭未通報主管機關，事後解聘向董事會呼籲重視的員工 https://www.ithome.com.tw/news/163815 OpenAI去年遭駭 員工憂安全漏洞釀中國竊密 https://reurl.cc/dnYxQy dWallet Labs聯合創始人：開源駭客工具的激增降低了業餘駭客的進入門檻，增加了攻擊的數量和頻率 https://m.cnyes.com/news/id/5627222 印尼臨時資料中心遭到駭客攻擊 https://www.trade.gov.tw/Pages/Detail.aspx?nodeID=45&pid=786703 印尼國家資料中心遭網路攻擊，竟然 98% 數據沒備份 https://technews.tw/2024/07/09/indonesia-national-data-center-cyberattack/ 國家資料庫遭入侵檔案全毀，當政府正懊惱時駭客竟良心發現 https://buzzorange.com/techorange/2024/07/05/indonesia-data-hit-by-cyberattack/ 中共官媒控五眼聯盟認知作戰 捏造「伏特颱風」 https://www.cna.com.tw/news/aopl/202407080109.aspx 美情報界編造一駭客組織來抹黑中國 http://big5.china.com.cn/gate/big5/news.china.com.cn/2024-07/09/content_117298913.shtml 駭客鎖定以色列政府機關及企業組織，意圖散布以開源工具打造的惡意程式GrassHopper https://www.ithome.com.tw/news/163840 中國駭客組織SneakyChef鎖定亞洲、歐洲、中東、非洲政府機關，散布惡意程式SugarGh0st https://www.ithome.com.tw/news/163908 澳洲聯手盟友 控中國資助駭客對澳網路攻擊 https://news.pchome.com.tw/internation/cna/20240709/index-17204891096237518011.html 多國網路安全機構聯手針對中國駭客組織APT40的攻擊行動提出警告，揭露鎖定澳洲發動攻擊的案例 https://www.ithome.com.tw/news/163861 澳洲聯手盟友，公開指責中國資助駭客組織APT40對澳網路攻擊 https://www.thenewslens.com/article/204974 澳洲警告：中共政府支持的駭客構成 https://www.bannedbook.org/bnews/zh-tw/ccpdope/20240709/2059937.html 澳大利亞警告稱中國政府支持的黑客構成“持續威脅” https://www.voacantonese.com/a/australia-sounds-warning-over-state-backed-chinese-hackers/7690638.html 「八國聯軍」指責陸資助駭客APT40 日韓首加入五眼聯盟一起罵 https://reurl.cc/kOx3bb 日本警察廳呼籲防範中國背景駭客組織「APT40」行動＝八國聯合聲明 https://www.nippon.com/hk/news/yjj2024070900554/ 澳情報機關示警：中國駭客主動攻擊技術增強 威脅日增 https://news.ltn.com.tw/news/world/breakingnews/4730891 Cybersecurity Agencies Warn of China-linked APT40's Rapid Exploit Adaptation https://thehackernews.com/2024/07/cybersecurity-agencies-warn-of-china.html Cybersecurity Agencies Warn of China-linked APT40's Rapid Exploit Adaptation https://thehackernews.com/2024/07/cybersecurity-agencies-warn-of-china.html APT40 Advisory PRC MSS tradecraft in action https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/apt40-advisory-prc-mss-tradecraft-in-action Polyfill[.]io Attack Impacts Over 380,000 Hosts, Including Major Companies https://thehackernews.com/2024/07/polyfillio-attack-impacts-over-380000.html Global Police Operation Shuts Down 600 Cybercrime Servers Linked to Cobalt Strike https://thehackernews.com/2024/07/global-police-operation-shuts-down-600.html Cloudflare’s 1.1.1.1 DNS Service Disrupted by BGP Hijacking and Route Leak https://securityonline.info/cloudflares-1-1-1-1-dns-service-disrupted-by-bgp-hijacking-and-route-leak/ Exposing Attack Operations Utilizing PyPI Against Windows, Linux and macOS Platforms https://otx.alienvault.com/pulse/668bc4877a1f909fc99a829d New APT Group "CloudSorcerer" Targets Russian Government Entities https://thehackernews.com/2024/07/new-apt-group-cloudsorcerer-targets.html HuiOne Guarantee: The $11 Billion Cybercrime Hub of Southeast Asia https://thehackernews.com/2024/07/crypto-analysts-expose-huione.html ViperSoftX Malware Disguises as eBooks on Torrents to Spread Stealthy Attacks https://thehackernews.com/2024/07/vipersoftx-malware-disguises-as-ebooks.html U.S. Seizes Domains Used by AI-Powered Russian Bot Farm for Disinformation https://thehackernews.com/2024/07/us-seizes-domains-used-by-ai-powered.html 60 New Malicious Packages Uncovered in NuGet Supply Chain Attack https://thehackernews.com/2024/07/60-new-malicious-packages-uncovered-in.html 台北-資安分析師 https://www.104.com.tw/job/8dhbi?jobsource=cmw_redirect 〔資訊〕資安分析師 https://www.104.com.tw/job/7vsy8?jobsource=cmw_redirect 資安工程師（弱點掃描） https://www.104.com.tw/job/80035?jobsource=cmw_redirect 滲透檢測工程師 https://www.104.com.tw/job/8cupa?jobsource=cmw_redirect 駐場維運工程師(架構安全組） https://www.104.com.tw/job/7jqri?jobsource=cmw_redirect 資安工程師 https://www.104.com.tw/job/3xacz?jobsource=cmw_redirect 紅隊演練工程師 https://www.104.com.tw/job/7mwqm?jobsource=cmw_redirect 資安工讀生(檢測助理) https://www.104.com.tw/job/8aal2?jobsource=cmw_redirect 【GSS】資安工程師 (Security Engineer) https://www.104.com.tw/job/7hjgw?jobsource=cmw_redirect 資深網路安全工程師 https://www.104.com.tw/job/6n02x?jobsource=cmw_redirect 資安分析師-M115 https://www.104.com.tw/job/8cy7c?jobsource=cmw_redirect AD10507 資安分析師 https://www.104.com.tw/job/7fipf?jobsource=cmw_redirect 資安事故調查與鑑識工程師 https://www.104.com.tw/job/6isjn?jobsource=cmw_redirect 資安工程師（約聘，表現良好轉正） https://www.104.com.tw/job/7mxpm?jobsource=cmw_redirect 資安治理工程師 https://www.104.com.tw/job/7hqmt?jobsource=cmw_redirect Microsoft資安技術支援工程師(台北) https://www.104.com.tw/job/552mv?jobsource=cmw_redirect 【總公司】資安管理師 https://www.104.com.tw/job/8144t?jobsource=cmw_redirect 資訊部-資安維運人員 https://www.104.com.tw/job/7ku5t?jobsource=cmw_redirect 軟體工程師(資安巨資暨智慧城市) https://job.taiwanjobs.gov.tw/Internet/Index/JobDetail.aspx?EMPLOYER_ID=150820&HIRE_ID=12885741&R2=1&R2Tag= 資安技術人員 https://www.104.com.tw/job/63m1f?jobsource=cmw_redirect 資安鑑識分析師 https://www.104.com.tw/job/5xtj0?jobsource=cmw_redirect 資安工程師(湖口本部-RD9) https://www.104.com.tw/job/865vu?jobsource=cmw_redirect 資訊安全處-銀行資安專家 https://www.104.com.tw/job/87tuf?jobsource=cmw_redirect 資安資深-工程師/監控/顧問/滲透測試/事件處理/數位鑑識 https://www.104.com.tw/job/8976u?jobsource=cmw_redirect 資安/App檢測工程師 https://www.104.com.tw/job/862jz?jobsource=cmw_redirect 資安服務工程師 https://www.104.com.tw/job/8cumy?jobsource=cmw_redirect 資安主管 https://www.104.com.tw/job/8azzp?jobsource=cmw_redirect 資安鑑識工程師 https://www.104.com.tw/job/68ud0?jobsource=cmw_redirect 資安威脅與調查分析工程師 https://www.104.com.tw/job/7mj3y?jobsource=cmw_redirect 資安工程師Cybersecurity Engineer https://www.104.com.tw/job/71ust?jobsource=cmw_redirect 網路安全技術支援工程師-紘瑒科技 https://www.104.com.tw/job/8d5jr?jobsource=cmw_redirect 資安工程師 https://www.104.com.tw/job/8c2py?jobsource=cmw_redirect 資訊安全分析師 https://www.104.com.tw/job/85ugj?jobsource=cmw_redirect 資安維運 工程師 (和雲) https://ilabor.ntpc.gov.tw/cloud/GoodJob/job_title/998508082 D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 高達 100 億組密碼遭駭客公開曝光！重複使用相同密碼的人將成最大受害者 https://buzzorange.com/techorange/2024/07/05/biggest-password-leak-ever/ 史上最大規模！近百億組密碼被駭客 Po 上網　專家曝緊急 3 防盜手段 https://3c.ltn.com.tw/news/58806 首次代幣發行 (ICO) 詐騙利用 2024 巴黎奧運議題在網站上使用 AI 來引誘受害者上當 https://www.trendmicro.com/zh_tw/research/24/f/ico-scams-leverage-2024-olympics-to-lure-victims-use-ai-for-fake.html 臺美聯手合作，查獲透過非法交易市集Genesis Market購買臺灣民眾個資的嫌犯 https://www.mjib.gov.tw/news/Details/1/1015 調查局、美FBI聯手！逮台人非法交易個資 1收押2交保 https://news.ltn.com.tw/news/society/breakingnews/4727969 利用海外不法網站買千筆台人個資 主嫌遭收押禁見 https://www.cna.com.tw/news/asoc/202407060035.aspx 創世紀市場違法蒐集個資 調查局與FBI合作偵破...逮3人1人收押 https://today.line.me/tw/v2/article/BEkVgew 別亂點連結！44萬訂閱頻道慘遭駭客盜走　網紅曝3天救援過程：以為要失業 https://www.ftvnews.com.tw/news/detail/2024706W0145 泰勒絲演唱會購票個資被駭　遭勒索百萬美元贖金 https://today.line.me/tw/v2/article/3Nn52OB 虛擬寵物投資平台誆上億 21嫌落網 https://reurl.cc/qVE1pp 臉書帳號被駭 Meta最多賠100元 https://www.worldjournal.com/wj/story/122693/8078663?from=wj_catelistnews_index 攻擊Ticketmaster的駭客繼外洩該平臺用戶資料、行動門票條碼後，又公布實體門票檔案 https://www.ithome.com.tw/news/163848 詐欺駭客組織Ticket Heist運用700個網域兜售假的奧運門票 https://www.ithome.com.tw/news/163906 大型售票業者Ticketmaster資料外洩事故出現新的發展，對方公布44萬張泰勒絲巡迴演唱會門票條碼進行施壓 https://hackread.com/ticketmaster-breach-shinyhunters-leak-taylor-swift-eras-tour-tickets/ 中國駭客組織Dragon Bridge針對臺灣總統大戰散布不實消息，Google下架6.5萬個YouTube頻道與Blogger部落格 https://blog.google/threat-analysis-group/google-disrupted-dragonbridge-activity-q1-2024/ 崴寶精密科技與其客戶遭遇BEC詐騙，駭客冒名發送電子郵件騙走3千萬，所幸及時凍結接收匯款的人頭帳戶 https://www.ithome.com.tw/news/163841 美資安公司示警新釣魚手法　假蘋果訊息盜帳號 https://news.cts.com.tw/cts/life/202407/202407092348268.html#google_vignette 某知名釣魚團伙地址被另一投毒團隊「黑吃黑」成功詐騙10 ETH https://m.cnyes.com/news/id/5628372 全球果迷注意！駭客偽裝蘋果發釣魚訊息　一點「帳號秒被盜」 https://www.mirrormedia.mg/external/tvbs_2543641 專挑iOS用戶下手！駭客裝蘋果發官方公告　點開連結「卡被盜刷了」 https://www.setn.com/News.aspx?NewsID=1495916 當心 iPhone 詐騙！釣魚簡訊假冒 iCloud 騙取個資 https://newtalk.tw/news/view/2024-07-09/927301 果粉注意！iPhone最新釣魚手法曝光　收「1簡訊」千萬別點：帳號直接被盜 https://n.yam.com/Article/20240709566234#google_vignette 富士通證實駭客入侵致客戶資料外流，透露並非遭遇勒索軟體攻擊 https://www.ithome.com.tw/news/163883 駭客聲稱掌握數千名微軟、Nokia員工個資，將其流入網路犯罪論壇 https://www.ithome.com.tw/news/163896 美國傳統基金會遭駭，駭客組織SiegedSec聲稱竊得Project 2025的機密文件 https://hackread.com/siegedsec-hacks-heritage-foundation-project-2025/ 電腦製造商Zotec不慎曝露申請退貨授權請求的相關文件，進一步導致客戶資料曝光 https://www.bleepingcomputer.com/news/security/computer-maker-zotac-exposed-customers-rma-info-on-google-search/ 電玩遊戲Roblox傳出供應商資料外洩，開發者大會與會者資料流出 https://www.bleepingcomputer.com/news/security/roblox-vendor-data-breach-exposes-dev-conference-attendee-info/ Brazil Halts Meta's AI Data Processing Amid Privacy Concerns https://thehackernews.com/2024/07/brazil-halts-metas-ai-data-processing.html 史上最大密碼洩露！RockYou2024 密碼清單駭客論壇曝光 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11131 駭客公布近百億組密碼外洩資料集RockYou2024，疑為3年前流出資料持續維護、更新而成 https://www.ithome.com.tw/news/163863 Massive 9.4GB Twitter Data Leaked Online – 200 Million Records Exposed https://cybersecuritynews.com/massive-9-4gb-twitter-data-leaked-online/#google_vignette Hackers leak 39,000 print-at-home Ticketmaster tickets for 154 events https://www.bleepingcomputer.com/news/security/hackers-leak-39-000-print-at-home-ticketmaster-tickets-for-154-events/ How do cryptocurrency drainer phishing scams work https://blog.talosintelligence.com/how-do-cryptocurrency-drainer-phishing-scams-work/ New Poco RAT Targets Spanish-Speaking Victims in Phishing Campaign https://thehackernews.com/2024/07/new-poco-rat-targets-spanish-speaking.html E.研究報告/工具 隱藏在網路設備端竊聽的沉默殺手Cuttlefish https://www.uso.com.tw/portal_b1_page.php?owner_num=b1_55912&button_num=b1&cnt_id=18260 什麼是在地情資？如何製作 https://teamt5.org/tw/posts/what-is-localized-intelligence-and-how-is-it-made/ 資安提升千倍 中山大學博士生獨創虹膜辨識防駭技術 https://www.cna.com.tw/news/ait/202407080118.aspx What is Metasploit: Tools, Uses, History, Benefits, and Limitations https://cybersecuritynews.com/what-is-metasploit/amp/ Tunnel TCP connections through a file https://github.com/fiddyschmitt/File-Tunnel Blueprint for Success: Implementing a CTEM Operation https://thehackernews.com/2024/07/blueprint-for-success-implementing-ctem.html AI: The Next Era at Network Security 2024 https://www.sans.org/mlp/networksecurity/ Active Directory Certificate Services (AD CS) - A Beautifully Vulnerable and Mis-configurable Mess https://logan-goins.com/2024-05-04-ADCS/ DonPAPI https://github.com/login-securite/DonPAPI CVE-2024-36991 https://github.com/bigb0x/CVE-2024-36991 HEAP HEAP HOORAY — Unveiling GLIBC heap overflow vulnerability (CVE-2023–6246) https://medium.com/@elpepinillo/heap-heap-hooray-unveiling-glibc-heap-overflow-vulnerability-cve-2023-6246-0c6412423269 Reduce False Alerts – Automatically https://www.splunk.com/en_us/blog/security/reduce-false-alerts-automatically.html Blueprint for Success: Implementing a CTEM Operation https://thehackernews.com/2024/07/blueprint-for-success-implementing-ctem.html 5 Key Questions CISOs Must Ask Themselves About Their Cybersecurity Strategy https://thehackernews.com/2024/07/5-key-questions-cisos-must-ask.html LLVM CFI and Cross-Language LLVM CFI Support for Rust https://bughunters.google.com/blog/4805571163848704/llvm-cfi-and-cross-language-llvm-cfi-support-for-rust Booting Arch and Debian Linux Off Google Drive: A Red Teamer’s Dream https://www.linkedin.com/pulse/booting-arch-debian-linux-off-google-drive-red-teamers-bryan-k-uqhkc/?trackingId=nrb3MQ41ZS4T5EO4ByOviQ%3D%3D HUMINT: Diving Deep into the Dark Web https://thehackernews.com/2024/07/humint-diving-deep-into-dark-web.html 10 Dangerous DNS Attacks Types & Prevention Measures – 2024 https://www.linkedin.com/pulse/10-dangerous-dns-attacks-types-prevention-measures-2024-ccjif/ Analysis of Suspected APT Attack Activities by “Silver Fox” https://medium.com/@knownsec404team/analysis-of-the-suspected-apt-attack-activities-by-silver-fox-25781647da2b Smash-and-Grab Extortion https://thehackernews.com/2024/07/smash-and-grab-extortion.html True Protection or False Promise? The Ultimate ITDR Shortlisting Guide https://thehackernews.com/2024/07/true-protection-or-false-promise.html Exploitability is the Missing Puzzle Piece of SCA (Software Composition Analysis) https://thehackernews.com/expert-insights/2024/07/exploitability-is-missing-puzzle-piece.html F.商業 Akamai 加倍投資 API 安全性，完成收購 Noname Security https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11126 平衡法遵、資安、創新三大面向 IBM與中菲電腦助金融業擁抱AI https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000696625_K3F72W2U15WRXI6AAM07H 針對高風險使用者規畫的進階防護計畫，Google開放透過Passkey進行註冊、使狦 https://www.ithome.com.tw/news/163895 資安需求大 零壹上半年營收破紀錄、股價挑戰歷史高點 https://money.udn.com/money/story/5607/8084166?from=edn_related_storybottom 臺灣版微軟定期資訊安全公告新增攻防資訊 https://ithome.com.tw/news/51725 Google Adds Passkeys to Advanced Protection Program for High-Risk Users https://thehackernews.com/2024/07/google-adds-passkeys-to-advanced.html Streamlined Security Solutions: PAM for Small to Medium-sized Businesses https://thehackernews.com/2024/07/streamlined-security-solutions-pam-for.html G.政府 113年7月4日行政院會通過版 https://moda.gov.tw/ACS/laws/draft-notice/8913 政院通過資安法修正草案 卓榮泰：臺灣是全球資安攻防的一級戰 https://reurl.cc/mMgv2Y 強化資安管理政院大修法 公務機關、竹科、台電等須設資安長 https://udn.com/news/story/7243/8074697 行政院會通過「資通安全管理法」修正草案明確化法律位階，強化聯防 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11130 立委再揭國軍路由器是中國製 軍備局：已要求拆除 https://news.pts.org.tw/article/703604 綠能國家隊出事了？他揭發這公司在「軍事要塞」裝中國設備　釀資安疑慮 https://www.mirrormedia.mg/external/ftnn_261590 將軍座車裝陸製行車紀錄器？ 軍方要查 https://udn.com/news/story/10930/8076975 板橋轉運站電視牆驚現「中資廣告」　捷運公司：已下架 https://today.line.me/tw/v2/article/PG1e08M 國網中心啟用CPU架構超級電腦創進一號 https://www.ithome.com.tw/news/163835 數位部：非同步軌道衛星通訊已涵蓋臺灣全島 https://www.ithome.com.tw/news/163833 移民署國安系統電腦大當機 全國服務站、機場停擺 https://www.chinatimes.com/realtimenews/20240711004296-260402?chdtv 蕭美琴：資安為5大信賴產業核心基礎 https://money.udn.com/money/story/5613/8085474 指台灣處國際地緣政治敏感區　蕭美琴：5大「信賴」產業核心是資安 https://reurl.cc/qVxo2R 百餘家廠商、8協會共組台灣資安大聯盟　蕭美琴：提升國家資安能量 https://reurl.cc/yLpoay 貪方便偷刻「藍祖蔚」印章　國影中心前資安主任判2月 https://www.chinatimes.com/realtimenews/20240709004580-260402?chdtv 結束立院總質詢 卓榮泰：經濟發展、強化資安雙主軸展開重大建設 https://video.ltn.com.tw/article/_AQjP9y7v7I/PLI7xntdRxhw0WAtjar8mbBJH6nFzOOxRb H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 Microsoft Uncovers Critical Flaws in Rockwell Automation PanelView Plus https://thehackernews.com/2024/07/microsoft-uncovers-critical-flaws-in.html OVHcloud Hit with Record 840 Million PPS DDoS Attack Using MikroTik Routers https://thehackernews.com/2024/07/ovhcloud-hit-with-record-840-million.html 2024調查報告顯示OT系統的網路攻擊持續增加，恢復運作的速度成關鍵 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11127 駭客掌控你的車？車聯網越發達　你去哪？聽啥歌？全都被記錄 https://news.tvbs.com.tw/life/2544227 西門子、施耐德電機、CISA針對工業控制系統發布資安公告 https://www.securityweek.com/ics-patch-tuesday-siemens-schneider-electric-cisa-issue-advisories/ I.教育訓練 資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 電子資訊交換標準共識座談會 2024/7/16 https://www.accupass.com/event/2406241046006788745940 Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/7/16 https://www.meetup.com/taiwan-code-camp/events/301873079/ Elastic Stack (ELK) 智能平台：從高效能 AI 搜索到全面監控與安全防護 2024/7/17 https://www.accupass.com/event/2406180701341855640550 【第1期】2024企業資訊安全基礎課程 2024/7/17 https://www.accupass.com/event/2402020448251773447860 資訊安全系列課程 2024/7/17 - 2024/11/9 https://www.accupass.com/event/2404290752591014846953 台灣駭客年會 HITCON Training 2024 2024/7/17-2024/7/20 https://hitcon.kktix.cc/events/hitcon-training-2024 電子簽章（名）法人金融應用法規與實務研討會 2024/7/19 https://www.accupass.com/event/2406240243517254896540 Taoyuan WordPress Café 桃園咖啡小聚 #38 2024/7/20 https://www.meetup.com/taoyuan-wordpress-meetup/events/301729248/ 微軟MVP - 關於生成式AI的兩三事 2024/7/22 https://www.meetup.com/rladies-taipei/events/301812934/ Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/7/23 https://www.meetup.com/taiwan-code-camp/events/xfxtjtygckbfc/ Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/7/24 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/299702433/ 國家高速網路與計算中心 教育訓練 NVIDIA GPU 計算 2024/7/24 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4094&from_course_list_url=homepage 國際自動化協會臺灣分會：資安驗證與場域評估專業聚會 2024/7/25 https://isatw.kktix.cc/events/isa-2024q3-isasecure-1 HITCON Cyber Range 2024 企業藍隊競賽 2024/7/26 ~ 2024/10/30 https://hitcon.kktix.cc/events/hitcon-cyberrange-2024 【安碁學苑】資安職能培訓｜系統網路安全管理師 2024/7/27 ~ 2024/8/24 https://acsiacad.kktix.cc/events/6ebd7fbd-copy-4 Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/7/30 https://www.meetup.com/taiwan-code-camp/events/xfxtjtygckbnc/ FinTech Summer CAMP 2024/8/5 ~ 2024/8/9 https://isipevent.kktix.cc/events/f2ce8bcc-copy-6 「資安技術人才培育計畫」免費線上講座 2024/8/6 https://www.acsiacad.com/subdetail/1066 Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/8/28 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/299702435/ 第二屆台南Web3產業國際博覽會 TAINAN WEB3 INTERNATIONAL FAIR 2024/10/18 https://www.accupass.com/event/2406150525111725753130 HITCON Enterprise 2024 台灣駭客年會 2024/10/30 https://hitcon.kktix.cc/events/hitcon-ent-2024