資安事件新聞週報 2024/6/17 ~ 2024/6/21

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2024/6/17 ~ 2024/6/21 1.重大弱點漏洞/後門/Exploit/Zero Day VMware修補vCenter Server的遠端執行漏洞 https://www.ithome.com.tw/news/163541 VMware Issues Patches for Cloud Foundation, vCenter Server, and vSphere ESXi CVE-2024-37081 https://thehackernews.com/2024/06/vmware-issues-patches-for-cloud.html https://nvd.nist.gov/vuln/detail/CVE-2024-37081 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453 未補漏洞且暴露在外網的舊款F5 BIG-IP設備遭中國駭客Velvet Ant攻破，潛入受害組織內部長達3年，暗中竊取敏感客戶資料 https://www.ithome.com.tw/news/163512 Hackers use F5 BIG-IP malware to stealthily steal data for years https://www.bleepingcomputer.com/news/security/hackers-use-f5-big-ip-malware-to-stealthily-steal-data-for-years/amp/ China-Linked Hackers Infiltrate East Asian Firm for 3 Years Using F5 Devices https://thehackernews.com/2024/06/china-linked-hackers-infiltrate-east.html China-Nexus Threat Group ‘Velvet Ant’ Abuses F5 Load Balancers for Persistence https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/ 中國駭客UNC3886利用Fortinet、VMware設備零時差漏洞持續在受害組織網路環境活動 https://www.ithome.com.tw/news/163572 UNC3886 Uses Fortinet, VMware 0-Days and Stealth Tactics in Long-Term Spying https://thehackernews.com/2024/06/chinese-cyber-espionage-group-exploits.html 全球至少2萬臺FortiGate防火牆遭到中國駭客Volt Typhoon滲透 https://blog.billows.com.tw/?p=3197 Fortinet FortiClientEMS存在高風險安全漏洞(CVE-2023-48788)，請儘速確認並進行修補 https://nvd.nist.gov/vuln/detail/CVE-2023-48788 Fortinet FortiOS存在高風險弱點CVE-2024-21762已有可被利用之攻擊程式碼 https://nvd.nist.gov/vuln/detail/CVE-2024-21762 https://fortiguard.com/psirt/FG-IR-24-015 https://github.com/h4x0r-dz/CVE-2024-21762 https://github.com/BishopFox/cve-2024-21762-check https://www.assetnote.io/resources/research/two-bytes-is-plenty-fortigate-rce-with-cve-2024-21762 https://research.qianxin.com/archives/1854 https://www.nics.nat.gov.tw/core_business/information_security_information_sharing/Vulnerability_Alert_Announcements/1256/ Fortinet FortiOS CVE-2024-23110 https://nvd.nist.gov/vuln/detail/CVE-2024-23110 Fortinet FortiPAM CVE-2024-26010 https://nvd.nist.gov/vuln/detail/CVE-2024-26010 Attacks Surge on Check Point's Recent VPN Zero-Day Flaw https://www.darkreading.com/cyberattacks-data-breaches/attacks-surge-on-check-points-recent-vpn-zero-day-flaw Openfind MailGates及MailAudit存在高風險弱點CVE-2024-6048 https://nvd.nist.gov/vuln/detail/CVE-2024-6048 https://www.twcert.org.tw/en/cp-139-7886-20b61-2.html https://www.twcert.org.tw/tw/cp-132-7885-a8013-1.html Avast Antivirus CVE-2024-5102 https://nvd.nist.gov/vuln/detail/CVE-2024-5102 Windows 系統曝 WiFi 資安漏洞所有版本皆受影響！微軟釋出安全修補 CVE-2024-30078 https://3c.ltn.com.tw/news/58596 研究人員針對微軟本月修補的Wi-Fi驅動程式漏洞提出警告，所有版本Windows都可能曝險 https://www.ithome.com.tw/news/163562 Microsoft Office存在多個高風險弱點 https://nvd.nist.gov/vuln/detail/CVE-2024-30101 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30101 https://nvd.nist.gov/vuln/detail/CVE-2024-30102 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30102 https://nvd.nist.gov/vuln/detail/CVE-2024-30104 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30104 https://www.tenable.com/cve/CVE-2024-30101 https://www.tenable.com/cve/CVE-2024-30102 https://www.tenable.com/cve/CVE-2024-30104 Hackers Exploit Legitimate Websites to Deliver BadSpace Windows Backdoor https://www.linkedin.com/pulse/hackers-exploit-legitimate-websites-deliver-badspace-windows-ldbhf/ KB5039239: Microsoft releases Windows 11 24H2 (2024 update) but you may not get it https://www.neowin.net/news/kb5039239-microsoft-releases-windows-11-24h2-2024-update-but-you-may-not-get-it/ CVE-2024-26229: Windows Elevation of Privilege Flaw Weaponized, PoC Exploit on GitHub https://securityonline.info/cve-2024-26229-windows-elevation-of-privilege-flaw-weaponized-poc-exploit-on-github/ 美國CISA證實Windows權限提升漏洞CVE-2024-26169已被用於勒索軟體攻擊行動 https://www.cisa.gov/news-events/alerts/2024/06/13/cisa-adds-three-known-exploited-vulnerabilities-catalog Trend Micro Security存在高風險弱點CVE-2024-32849 https://nvd.nist.gov/vuln/detail/CVE-2024-32849 https://helpcenter.trendmicro.com/en-us/article/tmka-19175 https://www.zerodayinitiative.com/advisories/ZDI-24-576 Dropbox Desktop Folder Sharing Mark-of-the-Web存在高風險弱點CVE-2024-5924 https://nvd.nist.gov/vuln/detail/CVE-2024-5924 https://www.zerodayinitiative.com/advisories/ZDI-24-677 Linux Kernel存在高風險安全漏洞(CVE-2024-1086) https://nvd.nist.gov/vuln/detail/CVE-2024-1086 https://access.redhat.com/security/cve/CVE-2024-1086 https://ubuntu.com/security/CVE-2024-1086 https://security-tracker.debian.org/tracker/CVE-2024-1086 https://src.uniontech.com/#/security_advisory_detail?utsa_id=UTSA-2024-000633 https://kylinos.cn/support/loophole/patch/5561.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/ https://lists.centos.org/pipermail/centos-announce/2024-March/099235.html CVE-2024-37051: Critical JetBrains Flaw Exposes GitHub Tokens in IntelliJ IDEs, PoC Published https://securityonline.info/cve-2024-37051-exploit-poc-jetbrains-github-tokens/ CVE-2024-29824 Deep Dive: Ivanti EPM SQL Injection Remote Code Execution Vulnerability https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/?fbclid=IwZXh0bgNhZW0CMTAAAR3_923MxwvEUlUzZ6t_hRWELGNZZmb_CMYF_ctPkh6t0edMVMMccncZWNU_aem_z5_vdkpWw1DzOlpLpNCqcQ ASUS Download Master - Buffer Overflow https://nvd.nist.gov/vuln/detail/CVE-2024-31163 開發者必看！PHP 最新安全更新修復嚴重 RCE 漏洞 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11108 研究人員揭露Mailcow郵件伺服器系統的遠端程式碼執行漏洞 https://www.sonarsource.com/blog/remote-code-execution-in-mailcow-always-sanitize-error-messages/ Mailcow Mail Server Flaws Expose Servers to Remote Code Execution https://thehackernews.com/2024/06/mailcow-mail-server-flaws-expose.html Cybercriminals Exploit Free Software Lures to Deploy Hijack Loader and Vidar Stealer https://thehackernews.com/2024/06/cybercriminals-exploit-free-software.html SQL Server 2014 follows the Fixed Lifecycle Policy. https://learn.microsoft.com/en-us/lifecycle/products/sql-server-2014 Google發布Chrome 126更新，修補漏洞懸賞競賽揭露的弱點 https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_18.html SolarWinds Serv-U Vulnerability Under Active Attack - Patch Immediately https://thehackernews.com/2024/06/solarwinds-serv-u-vulnerability-under.html 研究人員公布Ivanti Endpoint Manager重大漏洞的細節 https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/ 全球最大ZDI零日漏洞懸賞計畫負責人剖析垂直產業漏洞管理四類型，更提出GenAI對未來漏洞揭露的影響 https://www.ithome.com.tw/news/162856 研究人員針對Wget漏洞提出警告，呼籲用戶近期應留意相關資安公告 https://www.ithome.com.tw/news/163594 2.銀行/金融/保險/證券/金融監理新聞及資安富邦金建立跨子公司偽冒案件應變小組，系統化執行偽冒網站下架作業 https://www.ithome.com.tw/news/163467 專家：因應中國網攻與金融攻擊台灣須準備好 https://www.rti.org.tw/news/view/id/2209716 金融資安國際攻防智庫投書美媒彰顯台灣在準備 https://reurl.cc/VzoRgy iKala「金融高階早餐會」導入GenAI的3個策略及4道程序 https://www.bnext.com.tw/article/79392/2024ikala 網釣工具套件租賃服務Onnx鎖定金融業的Microsoft 365帳號而來 https://blog.eclecticiq.com/onnx-store-targeting-financial-institution 國泰金深化數位轉型更落實資安金融服務評鑑大賞獲五大獎 https://reurl.cc/Rq7N86 中華郵政獲服務品質獎、資訊安全獎雙獎榮耀 https://money.udn.com/money/story/5636/8043991 Grandoreiro Banking Trojan Hits Brazil as Smishing Scams Surge in Pakistan https://thehackernews.com/2024/06/grandoreiro-banking-trojan-hits-brazil.html Truist Bank confirms breach after stolen data shows up on hacking forum https://www.bleepingcomputer.com/news/security/truist-bank-confirms-data-breach-after-stolen-data-shows-up-on-hacking-forum/ 3.信用卡/電子支付/行動支付/pay/支付系統/資安銀行爭議案增加!線上支付成詐騙集團最愛的盜刷漏洞 https://www.youtube.com/watch?v=ljyh4mc1ESU 全聯刷卡系統大出包！連兩天只能用現金、APP付款業者：持續修復中 https://reurl.cc/LWoN0K 不能用LINE Pay付錢了？確定2025年終止所有服務，行動支付還可以選哪家 https://cava.tw/lifestyle/technology/251433 《屁孩PAY》日本大垣市推出專屬行動支付奇葩命名讓網友傻眼了 https://news.gamme.com.tw/1768760 陸行動支付占近9成　實測北京小學生認識紙鈔銅板嗎 https://news.tvbs.com.tw/china/2522460 日本LINE Pay退出市場！內行激推出國「2支付方式」：好用超多、打敗一堆Pay https://www.storm.mg/lifestyle/5157526 北上電子支付｜螞蟻幫阿里巴巴對手吸港客？ AlipayHK支援拼多多山姆購物、美團充電寶 https://reurl.cc/oRb7AD 內地電子支付｜WeChat Pay HK/Alipay HK/八達通Pro大比併 https://reurl.cc/9vA4an iPASS一卡通可掃TWQR了！六都指定店家掃碼支付　享消費10%回饋 https://finance.ettoday.net/news/2757779 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 MaiCoin集團旗下 MaiCoin平台、MAX交易所取得ISO 27001資安驗證 https://money.udn.com/money/story/5636/8030341?from=edn_search_result 幣圈日常？「這款新幣」一夜暴跌 80%，官方修漏洞後急喊：正在報警 https://www.cryptocity.tw/one-new-coin-fell-80-after-hacked-for-1-billion-minted 新手、老手都可能被騙！區塊鏈詐騙真的這麼難防嗎 https://web3plus.bnext.com.tw/article/2681 OKX Web3 & GoPlus：鏈上安全監控與事後搶救 https://news.cnyes.com/news/id/5601306 交易所安全警報：OKX帳戶被盜事件及其對產業的影響 https://www.panewslab.com/zh_hk/articledetails/uxwrubknFt.html OKX Web3 與 GoPlus 對談：鏈上安全監控與事後搶救 https://blockcast.it/2024/06/15/okx-web3-crypto-security-special-column-6/ 小心駭客橫行幣安與 OKX 接連爆出用戶資產遭盜取 https://www.cna.com.tw/postwrite/chi/374065 acc01ade.eth將盜取的部分HLG經USDT兌換成ETH，小部分已流入混幣器 https://www.panewslab.com/zh_hk/sqarticledetails/90pxg9niFt.html Curve創始人：UwU Lend安全事件引發CRV借貸倉位清算 https://news.cnyes.com/news/id/5601577 何一：並未發行Meme幣，請勿與此類詐騙鏈接或X帳戶交互 https://news.cnyes.com/news/id/5601607 要不要發數位新台幣？央行委外調查結果出爐 https://reurl.cc/XGb5yR 央行問卷出爐：9成民眾沒聽過「CBDC數位新台幣」 https://www.ctee.com.tw/news/20240620701696-430303 駭客橫行！加密貨幣交易所接連爆出用戶資產遭盜取 https://money.udn.com/money/amp/story/5635/8037013 Mindao：黑客攻击事件放大了Curve的问题，代币高集中度和创始人的明牌操作容易引起監管調查 https://www.theblockbeats.info/flash/161291 國內加密貨幣交易所XREX打造威脅引擎，快一步揪出詐騙、洗錢帳戶 https://www.ithome.com.tw/news/163373 比特幣第一起竊案：加密OG因祕鑰洩露被盜2.5萬枚BTC https://www.blocktempo.com/bitcoin-was-stolen-by-hacker/ 某「安全團隊」在向Kraken披露平台漏洞的同時盜走300萬美元加密資產 https://www.theblockbeats.info/flash/253989 Kraken Crypto Exchange Hit by $3 Million Theft Exploiting Zero-Day Flaw https://thehackernews.com/2024/06/kraken-crypto-exchange-hit-by-3-million.html 2024最新Bybit開戶教學：註冊流程、KYC認證、2FA安全驗證、出入金…全教學 https://www.blocktempo.com/the-most-complete-bybit-account-opening-tutorial-in-2024-registration-process-kyc-certification-2fa-protection-deposit-tutorial/ 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 駭客利用Excel 文件針對烏克蘭部署Cobalt Strike https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11111 駭客利用惡意軟體CloudMensis，從Mac電腦竊取訊息 https://reurl.cc/ezoW4x 北韓駭客Moonstone Sleet散布惡意NPM套件，鎖定開發人員下手 https://checkmarx.com/a-new-north-korean-group-emerges-disrupting-the-open-source-ecosystem/ 駭客假借提供破解軟體，意圖對韓國用戶散布惡意程式NiceRAT https://asec.ahnlab.com/en/66790/ 駭客組織Arid Viper鎖定行動裝置從事網路間諜活動，散布惡意程式AridSpy https://www.welivesecurity.com/en/eset-research/arid-viper-poisons-android-apps-with-aridspy/ 勒索軟體駭客組織Cactus聲稱攻擊光纖網路設備供應商康聯訊 https://www.redpacketsecurity.com/cactus-ransomware-victim-https-www-ctsystem-com/ 英國倫敦多家醫院受到Synnovis勒索軟體事故波及，被迫取消逾800項手術 https://www.bleepingcomputer.com/news/security/london-hospitals-cancel-over-800-operations-after-ransomware-attack/ 日本影音共享平臺Niconico、角川書店因資料中心遭受勒索軟體攻擊，被迫暫停相關服務 https://www.ithome.com.tw/news/163495 駭客製造假應用程式錯誤訊息引誘用戶上當，執行PowerShell指令碼植入惡意程式 https://www.ithome.com.tw/news/163513 Linux惡意軟體Disgomoji鎖定印度政府機關而來，攻擊者利用表情符號來下達命令 http://www.volexity.com/blog/2024/06/13/disgomoji-malware-used-to-target-indian-government/ RA World玩弄多重階段攻擊　勒索工具來自已退役集團舊病毒源碼外流二次公害　新駭客撿到槍進軍勒索 https://www.netadmin.com.tw/netadmin/zh-tw/technology/E43ABE2F44184ACAA718AC19305EFB0E 後門程式BadSpace透過被感染的WordPress網站散布 https://www.gdatasoftware.com/blog/2024/06/37947-badspace-backdoor 駭客鎖定公開的Docker API下手，從而部署惡意程式並挖掘加密貨幣 https://securitylabs.datadoghq.com/articles/attackers-deploying-new-tactics-in-campaign-targeting-exposed-docker-apis/ 有人假借提供思科Webex視訊會議軟體，意圖散布竊資軟體Vidar Stealer https://www.trellix.com/blogs/research/how-attackers-repackaged-a-threat-into-something-that-looked-benign/ 研究人員揭露鎖定亞太地區的惡意軟體Noodle RAT https://www.trendmicro.com/en_us/research/24/f/noodle-rat-reviewing-the-new-backdoor-used-by-chinese-speaking-g.html 駭客假借提供思科Webex視訊會議軟體，意圖散布竊資軟體Vidar Stealer https://www.ithome.com.tw/news/163565 駭客組織Void Arachne鎖定中國用戶，假借提供VPN軟體散布惡意程式Winos https://www.trendmicro.com/en_us/research/24/f/behind-the-great-wall-void-arachne-targets-chinese-speaking-user.html 巴基斯坦駭客組織Cosmic Leopard鎖定Windows、macOS、安卓裝置散布惡意程式 https://www.ithome.com.tw/news/163474 駭客鎖定WordPress網站下手，目的是要脅瀏覽網站的使用者瀏覽器過舊，藉此散布惡意程式 https://www.ithome.com.tw/news/163473 惡意軟體載入工具SquidLoader鎖定中國企業組織而來 https://cybersecurity.att.com/blogs/labs-research/highly-evasive-squidloader-targets-chinese-organizations Rust竊資軟體Fickle Stealer利用PowerShell繞過使用者帳號控制防護機制 https://www.fortinet.com/blog/threat-research/fickle-stealer-distributed-via-multiple-attack-chain 中國駭客組織針對亞洲電信業者植入後門，嘗試竊取帳密資料 https://symantec-enterprise-blogs.security.com/threat-intelligence/telecoms-espionage-asia Hackers Exploit Legitimate Websites to Deliver BadSpace Windows Backdoor https://thehackernews.com/2024/06/hackers-exploit-legitimate-websites-to.html Ransomware attackers quickly weaponize PHP vulnerability with 9.8 severity rating https://arstechnica.com/security/2024/06/thousands-of-servers-infected-with-ransomware-via-critical-php-vulnerability/ Pakistani Hackers Use DISGOMOJI Malware in Indian Government Cyber Attacks https://thehackernews.com/2024/06/pakistani-hackers-use-disgomoji-malware.html Cybercriminals Employ PhantomLoader to Distribute SSLoad Malware https://intezer.com/blog/research/ssload-technical-malware-analysis/ Oyster Backdoor Spreading via Trojanized Popular Software Downloads https://thehackernews.com/2024/06/oyster-backdoor-spreading-via.html New Linux malware is controlled through emojis sent from Discord https://www.bleepingcomputer.com/news/security/new-linux-malware-is-controlled-through-emojis-sent-from-discord/amp/ NiceRAT Malware Targets South Korean Users via Cracked Software https://www.linkedin.com/pulse/nicerat-malware-targets-south-korean-users-via-cracked-l4d4f/ Bondnet Using High-Performance Bots For C2 Server https://cybersecuritynews.com/bondnet-high-performance-bots-c2-server/ New Malware Targets Exposed Docker APIs for Cryptocurrency Mining https://thehackernews.com/2024/06/new-malware-targets-exposed-docker-apis.html SolarMarker Impersonates Job Employment Website https://www.esentire.com/blog/solarmarker-impersonates-job-employment-website-indeed-with-a-team-building-themed-lure Analysis of Coin Miner Attack Case Against Domestic Web Server https://asec.ahnlab.com/ko/66860/ New Threat Actor 'Void Arachne' Targets Chinese Users with Malicious VPN Installers https://thehackernews.com/2024/06/void-arachne-uses-deepfakes-and-ai-to.html A New Stealer Named SatanStealer https://otx.alienvault.com/pulse/6672cfa0305b3ffc75490a6a New Rust-based Fickle Malware Uses PowerShell for UAC Bypass and Data Exfiltration https://thehackernews.com/2024/06/new-rust-based-fickle-malware-uses.html Experts Uncover New Evasive SquidLoader Malware Targeting Chinese Organizations https://thehackernews.com/2024/06/experts-uncover-new-evasive-squidloader.html Fickle Stealer Distributed via Multiple Attack Chain https://www.fortinet.com/blog/threat-research/fickle-stealer-distributed-via-multiple-attack-chain RAFEL RAT, ANDROID MALWARE FROM ESPIONAGE TO RANSOMWARE OPERATIONS https://research.checkpoint.com/2024/rafel-rat-android-malware-from-espionage-to-ransomware-operations/ B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊台電示警「3C充電7做法」恐釀火災！睡覺時充秒中 https://www.ettoday.net/news/20240615/2758541.htm 他們iPhone狂跳「自動安裝APP」關不掉全因這色色遊戲害慘！解決方法曝光 https://tech.udn.com/tech/amp/story/123154/8041009 Alleged Scattered Spider sim-swapper arrested in Spain https://www.bleepingcomputer.com/news/legal/alleged-scattered-spider-sim-swapper-arrested-in-spain/ Singapore Police Extradites Malaysians Linked to Android Malware Fraud https://thehackernews.com/2024/06/singapore-police-extradites-malaysians.html Signal Foundation Warns Against EU's Plan to Scan Private Messages for CSAM https://thehackernews.com/2024/06/signal-foundation-warns-against-eus.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力資安產業具備輕資產、高價值特性，吸引年輕人投入創業 https://www.ithome.com.tw/article/163110 中國民眾不熱衷！李開復：中國 AI 助理用戶僅千萬，大幅落後 ChatGPT https://www.inside.com.tw/article/35328-china-ai-not-hot#google_vignette 企業IT預算的資安占比創新高，資安轉型企業加碼力道翻倍 https://www.ithome.com.tw/article/163452 網路攻擊促使北美汽車經銷業者SaaS服務供應商CDK Global暫時關閉系統 https://www.ithome.com.tw/news/163563 產業創新條例的修訂，推動「資安產業化」以及「產業資安化」是主要目標 https://www.ithome.com.tw/article/163109 學術網路跨單位預警助百萬台主機應對資安威脅 https://www.cna.com.tw/news/ahel/202406190040.aspx 資安警戒！半導體業接二連三出現遭駭事件 https://ec.ltn.com.tw/article/breakingnews/4707412 謀定而後動，善用資安框架是上上策 https://www.ithome.com.tw/article/163232 俊思集團系統遭入侵逾5.4萬會員及員工或受影響 https://hk.epochtimes.com/news/2024-06-19/72031025#google_vignette 不僅AMD ?! 知名駭客IntelBroker也聲稱入侵Apple?! 暗網兜售疑是兩家公司的資料 https://blog.billows.com.tw/?p=3200 知名駭客稱已盜取AMD大量敏感訊息、公司要查 https://www.ctee.com.tw/news/20240619701003-430702 AMD傳遭駭！產品資訊及員工個資等流入暗網販售，AMD：聯手執法機關調查中 https://today.line.me/tw/v2/article/Vx331y2 晶片大廠AMD驚傳產品研發、客戶資料外洩，初始入侵管道掮客IntelBroker於駭客論壇兜售相關資料 https://www.ithome.com.tw/news/163539 海事工業署四網絡體系遭駭客於週日侵入 https://unitednews.net.ph/article.php?post=102502 永信藥品工業遭駭客攻擊，首見公開發行公司發布資安重訊 https://www.ithome.com.tw/news/163503 永信：永信藥品工業部份資訊系統遭受駭客攻擊事宜 https://www.moneydj.com/kmdj/news/newsviewer.aspx?a=2b637cfc-52af-40f9-a688-ea76ae52986f 永信藥品:公告本公司部份資訊系統遭受駭客攻擊 https://news.cnyes.com/news/id/5603105 遭駭客攻擊「重要系統未受害」環球晶喊：明天恢復出貨 https://reurl.cc/RqoOpn 針對部分廠區遭遇網路攻擊，半導體晶圓廠環球晶圓二度發布重大訊息，證實生產及出貨出現延遲 https://www.ithome.com.tw/news/163491 日本航太機構JAXA遭駭客攻擊！　「高機密合約」疑外洩 https://www.ettoday.net/news/20240621/2762255.htm 19座美軍基地旁有中資農地恐被安裝偵察設備引國安疑慮 https://udn.com/news/story/6813/8045568?from=udn-catebreaknews_ch2 美國宣布全面禁售卡巴斯基產品 https://www.ithome.com.tw/news/163589 U.S. Bans Kaspersky Software, Citing National Security Risks https://thehackernews.com/2024/06/us-bans-kaspersky-software-citing.html 美國CISA針對AI資安事故進行首次演習 https://www.cisa.gov/topics/partnerships-and-collaboration/joint-cyber-defense-collaborative/Joint-Cyber-Defense-Collaborative-Artificial-Intelligence-Cyber-Tabletop-Exercise 美國首度模擬「國家級 AI 網攻」，微軟、OpenAI、NVIDIA 皆參與演習 https://www.inside.com.tw/article/35359-cisa-tech-companies-ai-cyberattack-simulation#google_vignette 中國疫情死了4億多人？駭客入侵中共資料庫意外揭露絕機密 https://reurl.cc/3XQ3gV 中國駭客輕鬆盜走政府資料？微軟總裁受美眾院「靈魂拷問」 https://ec.ltn.com.tw/article/breakingnews/4705080 美國務院六萬封電郵遭中共入侵微軟總裁國會作證 https://www.ntdtv.com/b5/2024/06/14/a103889322.html 紀錄片揭中國滲透紐西蘭干預政壇適逢李強到訪引關注 https://www.cna.com.tw/news/aopl/202406150056.aspx 中國駭客組織SecShow在全球進行大規模DNS探測行動 https://www.ithome.com.tw/news/163528 https://blogs.infoblox.com/threat-intelligence/what-a-show-an-amplified-internet-scale-dns-probing-operation/ Sophos揭露《紅宮行動》報告：中國國家支持的駭客組織鎖定東南亞政府機構 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11109 U.K. Hacker Linked to Notorious Scattered Spider Group Arrested in Spain https://thehackernews.com/2024/06/uk-hacker-linked-to-notorious-scattered.html Mass exploitation: The vulnerable edge of enterprise security https://labs.withsecure.com/publications/mass-exploitation-the-vulnerable-edge-of-enterprise-security The Professionalization of Cyber Crime https://www.withsecure.com/content/dam/with-secure/en/resources/WS_Professionalisation_of_CyberCrime_EN.pdf Warning: Markopolo's Scam Targeting Crypto Users via Fake Meeting Software https://thehackernews.com/2024/06/warning-markopolos-scam-targeting.html Hamas Hackers Sling Stealthy Spyware Across Egypt, Palestine https://www.linkedin.com/pulse/hamas-hackers-sling-stealthy-spyware-across-egypt-palestine-stfef/ Chinese Cyber Espionage Targets Telecom Operators in Asia Since 2021 https://thehackernews.com/2024/06/chinese-cyber-espionage-targets-telecom.html Sustained Campaign Using Chinese Espionage Tools Targets Telcos https://symantec-enterprise-blogs.security.com/threat-intelligence/telecoms-espionage-asia French Diplomatic Entities Targeted in Russian-Linked Cyber Attacks https://thehackernews.com/2024/06/french-diplomatic-entities-targeted-in.html 儀科中心-資訊服務與資安組-誠徵「資訊工程師」1名 https://www.1111.com.tw/job/130279056/ 資安專員 https://ilabor.ntpc.gov.tw/cloud/GoodJob/job_title/992012023 系統工程師(新媒體事業群資訊部) https://job.taiwanjobs.gov.tw/internet/index/JobDetail.aspx?R2=11&EMPLOYER_ID=11265&HIRE_ID=12820423 資安弱點掃描工程師 https://www.104.com.tw/job/8d3fo?jobsource=google 資訊專員 https://job.taiwanjobs.gov.tw/Internet/index/jobDetail.aspx?R2=&EMPLOYER_ID=98999&HIRE_ID=12826695 網路資安工程師(上班地點：新竹) https://www.104.com.tw/job/75nlq?jobsource=google D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 Proofpoint 2024 網路釣魚狀況報告 https://www.ciphertech.com.tw/all_news/products_news/2024-state-of-the-phish/ 「兒童網紅」風潮席捲全球！歐美國家立法保護孩童權益 https://www.limedia.tw/edu/51023/ 抖音涉侵犯兒少隱私美國啟動司法調查 https://anntw.com/articles/20240620-bvR2 中國洛縣公共衛生局遭駭客攻擊 20萬人個資恐外洩 https://reurl.cc/VzoRk6 接到這幾種電話可能是詐騙 https://www.worldjournal.com/wj/story/121360/8032829?from=wj_maintab_index Synology 隱瞞黑客入侵盜取 51GB 資料陸續有受害人被釣魚網站勒索攻擊 https://hk.xfastest.com/188430/synology-hacked-51gb-data/ 駭客組織Scattered Spider鎖定IT服務人員發動社交工程攻擊，竊取各式SaaS應用程式機密資料 https://www.ithome.com.tw/news/163500 研究人員針對鎖定巴黎奧運賽事而來的詐騙網站提出警告 https://www.ithome.com.tw/news/163471 微軟9月起淘汰個人電子郵件帳號的基礎身分驗證措施 https://www.ithome.com.tw/news/163493 中共傳播菲律賓內戰謠言利用社媒打認知戰 https://www.epochtimes.com/b5/24/6/17/n14272124.htm 微軟資安問題頻傳，員工電子郵件遭冒用風險升高 https://buzzorange.com/techorange/2024/06/19/security-bug-allows-anyone-to-spoof-microsoft-employee-emails/ 中國駭客組織發起釣魚簡訊攻擊Smishing Triad規模擴大，鎖定巴基斯坦用戶發送惡意訊息 https://www.ithome.com.tw/news/163550 曾介紹群暉產品的臉書粉絲專頁被駭客盯上，歹徒冒用該公司名義發出侵害智財權的釣魚信 https://www.ithome.com.tw/news/163537 二一勒令退學？大學生也收詐騙簡訊騙個資 https://www.chinatimes.com/newspapers/20240620000543-260114?chdtv 女子假冒銀行代表騙取史坦頓島77歲老婦1.5萬元 https://www.epochtimes.com/b5/24/6/20/n14273799.htm Smishing Triad Targets Pakistan with Large-Scale Banking Scam https://securityonline.info/smishing-triad-targets-pakistan-with-large-scale-banking-scam/ Meta Pauses AI Training on EU User Data Amid Privacy Concerns https://thehackernews.com/2024/06/meta-halts-ai-training-on-eu-user-data.html Google's Privacy Sandbox Accused of User Tracking by Austrian Non-Profit https://thehackernews.com/2024/06/googles-privacy-sandbox-accused-of-user.html ZKTeco Biometric System Found Vulnerable to 24 Critical Security Flaws https://thehackernews.com/2024/06/zkteco-biometric-system-found.html New phishing toolkit uses PWAs to steal login credentials https://www.bleepingcomputer.com/news/security/new-phishing-toolkit-uses-pwas-to-steal-login-credentials/ 23andMe data breach under investigation in UK and Canada https://www.linkedin.com/pulse/23andme-data-breach-under-investigation-uk-canada-cisos-insights-8bzwf/ Microsoft: New Outlook security changes coming to personal accounts https://www.bleepingcomputer.com/news/security/microsoft-new-outlook-security-changes-coming-to-personal-accounts/amp/ E.研究報告/工具你不知道的 AI 產業鏈！（上）台灣供應鏈的機會來了 https://techops.digiwin.com/ai-chain-taiwan/ 你不知道的 AI 產業鏈！（下）資安怎麼做才能跟上時代 https://techops.digiwin.com/ai-chain-security/ 統一平台掌握應用程式風險　及時發現異常防資料遭竊持續發展API全面防護　強化數位營運安全 https://www.netadmin.com.tw/netadmin/zh-tw/viewpoint/CEF3E6C3EC8B40629E6A3D63E3AE7A52 研究人員揭露針對機器學習模型而來的攻擊手法Sleepy Pickle https://www.ithome.com.tw/news/163545 New Wi-Fi Takeover Attack—All Windows Users Warned To Update Now https://www.forbes.com/sites/daveywinder/2024/06/14/new-wi-fi-takeover-attack-all-windows-users-warned-to-update-now/ Why Regulated Industries are Turning to Military-Grade Cyber Defenses https://thehackernews.com/2024/06/why-regulated-industries-are-turning-to.html TikStalker https://github.com/P4nD3m1CB0Y0xD/TikStalker 2/6 | Exposing Malicious Extensions: Shocking Statistics from the VS Code Marketplace https://reurl.cc/9vqNq8 What is DevSecOps and Why is it Essential for Secure Software Delivery https://thehackernews.com/2024/06/what-is-devsecops-and-why-is-it.html DJI Mavic 3 Drone Research Part 1: Firmware Analysis https://www.nozominetworks.com/blog/dji-mavic-3-drone-research-part-1-firmware-analysis DJI Mavic 3 Drone Research Part 2: Vulnerability Analysis https://www.nozominetworks.com/blog/dji-mavic-3-drone-research-part-2-vulnerability-analysis The Annual SaaS Security Report: 2025 CISO Plans and Priorities https://thehackernews.com/2024/06/the-annual-saas-security-report-2025.html Tool Overload: Why MSPs Are Still Drowning with Countless Cybersecurity Tools in 2024 https://thehackernews.com/2024/06/tool-overload-why-msps-are-still.html How to Use Tines's SOC Automation Capability Matrix https://thehackernews.com/2024/02/how-to-use-tiness-soc-automation.html Researchers Uncover UEFI Vulnerability Affecting Multiple Intel CPUs https://thehackernews.com/2024/06/researchers-uncover-uefi-vulnerability.html Tool Overload: Why MSPs Are Still Drowning with Countless Cybersecurity Tools in 2024 https://thehackernews.com/2024/06/tool-overload-why-msps-are-still.html F.商業微軟將砸2296億元在西班牙新建資料中心 https://ec.ltn.com.tw/article/breakingnews/4706794 酷澎Coupang在韓遭重罰33億　稱「操控關鍵字」是全球電商慣例 https://www.ettoday.net/news/20240616/2759377.htm 全景軟體強化數位信任推符合國際標準IoT與零信任安全解決方案 https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000694167_S7P0R35K7IAKFN6YKQ64V 銓鍇國際廣招人才！解密混合雲浪潮下雲端工程師「必備能力」 https://www.bnext.com.tw/article/79436/ckmates202406 Google培育台灣資安即戰力明年底新增2000人 https://www.cna.com.tw/news/afe/202406170118.aspx 2025年底前培育超過2000名資安人才，Google攜手數發部、資策會及北科大推動資安人才培育計畫 https://mashdigi.com/to-cultivate-more-than-2000-information-security-talents-by-the-end-of-2025-google-joins-hands-with-the-digital-development-department-information-policy-council-and-beijing-university-of-science-a/ Google 資安證照引進台灣，全英文授課、文組也能報名 https://infosecu.technews.tw/2024/06/17/google-cybersecurity-certificate-launched-in-taiwan/ 剖析中小企防禦痛點　兩大技術助企業築防火牆 https://www.hk01.com/article/1023661?utm_source=01articlecopy&utm_medium=referral 是方裸機雲服務上陣，雲米協助台灣電商落地越南 https://www.ithome.com.tw/pr/163433 企業為何上雲，上雲戰略的4大關鍵點 https://enterprise.fetnet.net/content/ebu/tw/epaper/tech/2024/2024_CloudMigration.html 思科台灣數位加速計劃3.0 攜手產官學合作加速數位轉型 https://www.sinotrade.com.tw/richclub/news/666fed02016bc527356a74b1 思科台灣數位加速計畫 TDA 3.0 聚焦永續、資安與 AI 數位轉型 https://reurl.cc/vaxRAN 防堵零時差攻擊趨勢科技籲制定防禦預防針 https://www.cio.com.tw/technology-for-prevention-of-zero-zero-differential-attack-on-trend-prevention-and-prevention/ XCockpit Identity 洞悉AD安全-預視駭客攻擊路徑，有恃無恐 https://www.metaage.com.tw/news/products/677 New Case Study: Unmanaged GTM Tags Become a Security Nightmare https://thehackernews.com/2024/06/new-case-study-unmanaged-gtm-tags.html Proofpoint 協助您完美防範 12 大資安風險 https://www.ciphertech.com.tw/all_news/products_news/proofpoint-news/against-12-cyberthreats/ 思科舉行AIoT夥伴鏈結大會 https://www.tssdnews.com.tw/?FID=14&CID=746391#google_vignette AWS安全長揭露防護生成式AI的心法 https://www.ithome.com.tw/news/163577 G.政府臺灣推動「資安即國安」領先世界各國，將資安拉高到國安層級 https://www.ithome.com.tw/article/163108 建數位經濟高速公路黃彥男：打造台灣AI生態園區 https://www.1111.com.tw/news/jobns/156468 資源資安資通三位一體　數發部長黃彥男：讓AI成為下一個護國神山 https://www.technice.com.tw/experience/118601/ 資通安全網路月報（113年5月） https://moda.gov.tw/ACS/press/report/12956 營區警監系統伺服器誤植為陸製中科院向廠商求償467萬 https://www.chinatimes.com/amp/realtimenews/20240615002134-260407 顧立雄擬成立聯合督導小組　盯緊中科院成效若未達標撤案裁員 https://n.yam.com/Article/20240615629954 國科會主委盼攜國際廠商將沙崙打造亞太AI研發重鎮 https://udn.com/news/story/7238/8033202 苗縣府推數位學生證家長憂資安問題 https://www.chinatimes.com/realtimenews/20240616001965-260421?chdtv 資策會18日董事會將推舉新任董座智崴前董座黃仲銘出線 https://www.ctee.com.tw/news/20240616700514-430104 苗栗學生證將全面數位化家長憂資安 https://www.chinatimes.com/newspapers/20240617000542-260107?chdtv 批內政部塗黑資料藍委擬刪數位身分證維護費 https://www.cna.com.tw/news/aipl/202406170081.aspx 個資外洩頻傳資安院協助59家業者提升技術防護 https://udn.com/news/story/7238/8036153 資安院祭2項輔導服務提升中小企業資安防護能量 https://www.cna.com.tw/news/afe/202406170304.aspx 內政布2.0？調閱數位身分證文件全被塗黑　徐巧芯拿「這物」狠酸 https://www.nownews.com/news/6450736 英國智庫皇家國際事務研究所舉辦2024年網路安全會議，邀請數位發展部分享臺灣防禦策略 https://news.pts.org.tw/article/699798 「資安即國安」戰略目標確立臺灣8年資安發展 https://www.ithome.com.tw/article/163001 打造數位韌性！數發部長：資安扮演關鍵角色 https://reurl.cc/mMQKAA 北科大與Google台灣、數發部、資策會共同培育台灣資安人才 https://www.ctee.com.tw/news/20240617701304-431204 微軟大型資料中心落腳桃園張善政：市府已運用微軟AI工具推動業務 https://ec.ltn.com.tw/article/breakingnews/4708102 資安院發表AI打詐技術大幅提升詐騙廣告識別率 https://www.rti.org.tw/news/view/id/2210122 資策會轉型3年有成第三方服務占6成收入 https://www.rti.org.tw/news/view/id/2210288 立委民間齊發聲籲政府建立資安產品國家認證制度 https://www.cna.com.tw/news/aipl/202406180359.aspx 本土資安人才荒企業啟動資安人才培育計畫 https://www.hakkatv.org.tw/news-detail/1718685061394904 台數發部AI打詐每天辨別萬筆詐騙通報平台下架率達9成 https://www.epochtimes.com/b5/24/6/19/n14273323.htm 數發部運用AI技術識別社群詐騙廣告：每天能搜到5千至1萬筆 https://www.chinatimes.com/amp/realtimenews/20240619003997-260407 新技術打詐！數發部林宜敬：用科技對付科技詐騙 https://reurl.cc/EjNAmv 詐團猖獗無孔不入民眾防不勝防！資安院研發AI技術助阻詐 https://reurl.cc/9vYv6x 打詐科技偵查政院索「空白授權」立委巧諷「王膝知」恐更多 https://www.ctwant.com/article/344295 學術網路跨單位預警助百萬台主機應對資安威脅 https://news.cts.com.tw/cna/life/202406/202406192339270.html#google_vignette 資安院今年擬擴大培訓助攻金融醫療領域資安人才 https://news.pchome.com.tw/finance/cna/20240621/index-17189595357849918003.html H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安革新汽車網路安全 VicOne與ASRG聯手提供無與倫比的汽車威脅情報網 https://www.cdns.com.tw/articles/1029882 汽車關鍵核心的ADAS系統成為駭客鎖定目標，如何避免未來自駕車遭駭而失控將是更大的挑戰 https://www.ithome.com.tw/news/162879 CISA針對AutomationDirect旗下的可程式化邏輯控制器漏洞提出警告 https://www.cisa.gov/news-events/ics-advisories/icsa-24-144-01 ASUS warns of critical remote authentication bypass on 7 routers https://www.bleepingcomputer.com/news/security/asus-warns-of-critical-remote-authentication-bypass-on-7-routers/ ASUS Patches Critical Authentication Bypass Flaw in Multiple Router Models https://thehackernews.com/2024/06/asus-patches-critical-authentication.html 華碩 7 款路由器曝高危險資安漏洞恐遭駭入侵！官方釋安全修補 https://3c.ltn.com.tw/news/58566 Hidden Backdoor in D-Link Routers Let Attacker Login as Admin https://gbhackers-com.cdn.ampproject.org/c/s/gbhackers.com/hidden-backdoor-in-d-link-routers/amp/ 2024年巴塞隆納物聯網展IoT Solutions World Congress 回歸5月展期吸引 https://www.trademag.org.tw/page/newsid1/?id=7903330&iz=6 研究人員揭露攻擊Arm裝置的手法TikTag，能針對Linux版的Chrome下手 https://www.bleepingcomputer.com/news/security/new-arm-tiktag-attack-impacts-google-chrome-linux-systems/ ZKTeco生物識別門禁系統曝嚴重漏洞風險隱患多 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11112 VicOne攜手ASRG發布AutoVulnDB，樹立汽車網路安全新標準 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11110 VicOne可偵測漏洞並提供獨家解決方案出爐！已在AWS Marketplace上架 https://cars.tvbs.com.tw/car-news/199106 從專案管理角度，看門禁系統資安認證的挑戰 https://www.asmag.com.tw/mobile/article_detail.aspx?aid=12946 快更新！華碩家用路由器有重大漏洞，可讓外人登入 https://netmag.tw/2024/06/20/update-now-major-asus-router-vulnerability I.教育訓練 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 Just a chat - with no Expectations 2024/6/22 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/lsmkqsygcjbdc/ AI 無法無天？沒法度可管？真人現身說法 2024/6/23 https://www.accupass.com/event/2405140314463639696970 Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/6/25 https://www.meetup.com/taiwan-code-camp/events/xfxtjtygcjbhc/ 高雄 Rails Meetup 2024/6/26 https://www.meetup.com/rails-taiwan/events/qxfvjkygcjbjc/ SyntaxError 2024/6/26 https://www.meetup.com/pythonhug/events/pqnsctygcjbjc/ Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/6/26 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/299702428/ 數據掌權時代解鎖資料解決方案的完整攻略 2024/6/26 https://www.accupass.com/event/2405251051471673260983 HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會淡水 2024/6/27 https://www.meetup.com/hackingthursday/events/psspctygcjbkc/ AI應用系統開發與生成式AI應用人才培訓班第一梯次 2024/6/27 https://www.accupass.com/event/2401100729511706489107 市場趨勢--不怕被AI取代，企業資安關鍵人才剖析 2024/6/27 https://www.accupass.com/event/2405230228276957814350 AI應用系統開發與生成式AI應用人才培訓班第一梯次 2024/6/27 ~ 2024/8/9 https://www.accupass.com/event/2401100729511706489107 永續轉型：綠色供應鏈x資訊安全x多元共融 2024/6/28 https://smeoda.kktix.cc/events/2024-1 Just a chat - with no Expectations 2024/6/29 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/lsmkqsygcjbmc/ 高雄 Rails Meetup 2024/7/3 https://www.meetup.com/rails-taiwan/events/qxfvjkygckbfb/ SyntaxError 2024/7/3 https://www.meetup.com/pythonhug/events/pqnsctygckbfb/ HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會淡水 2024/7/4 https://www.meetup.com/hackingthursday/events/psspctygckbgb/ 國家高速網路與計算中心教育訓練 RSC The Merck Index資料庫中文線上 2024/7/4 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4105&from_course_list_url=homepage ISO 27001：2022資訊安全管理系統主導稽核員訓練 2024/7/8 ~ 2024/7/12 https://www.accupass.com/event/2403090707238144555890 國家高速網路與計算中心教育訓練 ABAQUS基礎訓練課程 2024/7/9 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4099&from_course_list_url=homepage InfoSec Taiwan 2024 國際資安組織大會 2024/7/9 ~ 2024/7/11 https://csa.kktix.cc/events/infosectaiwan2024 .NET / Java 安全程式開發達人集訓班 2024/7/11 ~ 2024/7/12 https://www.accupass.com/event/2405280149081202805431 CraftCon Taiwan 奧義 AI 資安年會 2024/7/12 https://www.accupass.com/event/2404221057531664149101 【第1期】2024企業資訊安全基礎課程 2024/7/17 https://www.accupass.com/event/2402020448251773447860 Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/7/24 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/299702433/ 國家高速網路與計算中心教育訓練 NVIDIA GPU 計算 2024/7/24 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4094&from_course_list_url=homepage HITCON Cyber Range 2024 企業藍隊競賽 2024/7/26 ~ 2024/10/30 https://hitcon.kktix.cc/events/hitcon-cyberrange-2024 【安碁學苑】資安職能培訓｜系統網路安全管理師 2024/7/27 ~ 2024/8/24 https://acsiacad.kktix.cc/events/6ebd7fbd-copy-4 FinTech Summer CAMP 2024/8/5 ~ 2024/8/9 https://isipevent.kktix.cc/events/f2ce8bcc-copy-6 Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/8/28 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/299702435/

Syntax	Example	Reference
# Header	Header	基本排版
- Unordered List	Unordered List
1. Ordered List	Ordered List
- [ ] Todo List	Todo List
> Blockquote	Blockquote
Bold font	Bold font
Italics font	Italics font
~~Strikethrough~~	~~Strikethrough~~
19^th^	19^th
H~2~O	H₂O
++Inserted text++	Inserted text
==Marked text==	Marked text
[link text](https:// "title")	Link
![image alt](https:// "title")	Image
`Code`	`Code`	在筆記中貼入程式碼
```javascript var i = 0; ```	`var i = 0;`
:smile:		Emoji list
{%youtube youtube_id %}	Externals
$L^aT_eX$	L^aT_eX
:::info This is a alert area. :::	This is a alert area.