1.重大弱點漏洞/後門/Exploit/Zero Day
微軟終於透過新的復原工具排除 CrowdStrike 問題
https://www.kocpc.com.tw/archives/557206
Microsoft confirms CrowdStrike update also hit Windows 365 PCs
https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-365-cloud-pcs-stuck-restarting-after-crowdstrike-update/
Microsoft Defender Flaw Exploited to Deliver ACR, Lumma, and Meduza Stealers
https://thehackernews.com/2024/07/microsoft-defender-flaw-exploited-to.html
Microsoft releases tool to speed up recovery of systems borked by CrowdStrike update
https://blog.deurainfosec.com/microsoft-releases-tool-to-speed-up-recovery-of-systems-borked-by-crowdstrike-update/
CVE-2024–24919-PoC
https://github.com/0nin0hanz0/CVE-2024-24919-PoC
Exploiting CVE-2024–21412: A Stealer Campaign Unleashed
https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
This repository contains an PoC for the critical vulnerability identified as CVE-2024–41107 in Apache CloudStack
https://github.com/d0rb/CVE-2024-41107
Adobe、CISA針對Commerce及Magento重大漏洞提出警告,並指出已被用於攻擊行動
https://www.ithome.com.tw/news/164046
重大層級ServiceNow漏洞已被用於攻擊行動,駭客恐藉此竊取帳密資料
https://www.ithome.com.tw/news/164139
思科修補郵件安全閘道系統重大漏洞,若不處理攻擊者可建立root權限用戶
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-afw-bGG2UsjH
IBM QRadar Pulse application add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
https://www.ibm.com/support/pages/node/7160858
IBM QRadar Data Synchronization App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
https://www.ibm.com/support/pages/node/7161462
Windows 10 KB5040525 fixes WDAC issues causing app failures, memory leak
https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5040525-fixes-wdac-issues-causing-app-failures-memory-leak/
CISA Adds Twilio Authy and IE Flaws to Exploited Vulnerabilities List
https://thehackernews.com/2024/07/cisa-adds-twilio-authy-and-ie-flaws-to.html
Researchers Reveal ConfusedFunction Vulnerability in Google Cloud Platform
https://thehackernews.com/2024/07/experts-expose-confusedfunction.html
Critical Docker Engine Flaw Allows Attackers to Bypass Authorization Plugins
https://thehackernews.com/2024/07/critical-docker-engine-flaw-allows.html
CISA Warns of Exploitable Vulnerabilities in Popular BIND 9 DNS Software
https://thehackernews.com/2024/07/cisa-warns-of-exploitable.html
HPE Aruba Networking EdgeConnect SD-WAN gateway存在多個高風險弱點
https://nvd.nist.gov/vuln/detail/CVE-2024-41133
https://nvd.nist.gov/vuln/detail/CVE-2024-41134
https://nvd.nist.gov/vuln/detail/CVE-2024-41135
https://nvd.nist.gov/vuln/detail/CVE-2024-33519
https://nvd.nist.gov/vuln/detail/CVE-2024-22443
https://nvd.nist.gov/vuln/detail/CVE-2024-41914
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04672en_us&docLocale=en_US
https://csaf.arubanetworks.com/2024/hpe_aruba_networking_-_hpesbnw04673.txt
GitLab CE/EE存在高風險弱點CVE-2024–7047
https://nvd.nist.gov/vuln/detail/CVE-2024-7047
https://gitlab.com/gitlab-org/gitlab/-/issues/455318
https://www.tenable.com/cve/CVE-2024-7047
雲端平臺GCP的服務存在權限提升漏洞ConfusedFunction,未經授權的攻擊者可藉此存取敏感資料
https://www.ithome.com.tw/news/164150
Docker揭露嚴重度高達10分資安漏洞,問題出在外掛程式AuthZ的身分驗證,而且經過5年才發覺
https://www.ithome.com.tw/news/164148
2.銀行/金融/保險/證券/金融監理 新聞及資安
金融業防駭 金管會推動「零信任」 兩大關鍵
https://www.sinotrade.com.tw/richclub/news/66995f2b32ba0c933186456c
新加坡銀行將在3個月內汰除動態密碼
https://www.ithome.com.tw/news/163923
OCC發現美國半數大型銀行營運風險管理能力薄弱
https://www.moneydj.com/kmdj/news/newsviewer.aspx?a=8294917a-506c-46e2-94e1-83eb32ff5ad3
金管會揭露CrowdStrike事故對臺金融業災情,保險業上千臺伺服器和上千臺PC受影響
https://www.ithome.com.tw/news/164084
微軟大當機 我金融業13家受影響保險業災情較重
https://www.chinatimes.com/realtimenews/20240723004938-260410?chdtv
金融科技如何降低人為因素及提升資料安全
https://news.pchome.com.tw/science/technice/20240723/index-72171997843250338005.html
ECB’s Cyber Stress Test Reveals Material Deficits at Some Banks
https://www.bloomberg.com/news/articles/2024-07-23/ecb-s-cyber-stress-test-reveals-material-deficits-at-some-banks
卡巴斯基7指南應對數據洩露速改密碼重發銀行卡
https://www.sinchew.com.my/news/20240723/nation/5785728?variant=zh-hant
3.信用卡/電子支付/行動支付/pay/支付系統/資安
Magento Sites Targeted with Sneaky Credit Card Skimmer via Swap Files
https://thehackernews.com/2024/07/magento-sites-targeted-with-sneaky.html
現金先留著!實測日本消費用「行動支付」超划算 低匯率.免手續費.現金回饋一兼三顧
https://health.udn.com/health/story/6006/8103499
歐洲的iPhone用戶將不再需要使用Apple Pay進行行動支付
https://reurl.cc/EjqMNK
數位支付3大類比一比 1分鐘看懂使用方式
https://www.cna.com.tw/news/ahel/202407200016.aspx
Windows大當機影響行動支付 倡議團體:無現金社會風險高
https://reurl.cc/ZeR5d6
微軟系統「藍白當機畫面」 澳洲銀行PayID電子支付大當機!
https://tw.nextapple.com/international/20240719/DE33BE5E3C4E4D89A29FA48BD57FFF95
MTS 和 NCTD 推出非接觸式支付選項,為旅途中的乘客提供無縫通勤
https://gonctd.com/zh-TW/mts-nctd-introduce-contactless-payment-option-for-seamless-commutes-for-riders-on-the-go/
全支付攻日奏捷 搶進南韓
https://money.udn.com/money/story/10871/8112096
日本直擊全支付交易 體驗PayPay無礙結帳
https://reurl.cc/GjzRRA
PayPay執行董事:全支付年底可使用日本自動販賣機
https://udn.com/news/story/7239/8114294
全聯:全支付插旗日本領先對手 持續開疆闢土
https://udn.com/news/story/7241/8114141?from=udn-catelistnews_ch2
LINE Pay明年升級電支
https://news.housefun.com.tw/news/article/910464431179.html
泰國刺激消費發紅包 送1萬泰銖電子錢包
https://reurl.cc/Ejqqjv
4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安
ZachXBT:DMM Bitcoin駭客攻擊事件中被洗至Huione Guarantee已超3500萬美元
https://m.cnyes.com/news/id/5637944
Ethena Discord伺服器被攻擊,暫時不要點擊鏈接
https://www.panewslab.com/zh_hk/sqarticledetails/e7w888ohFt.html
駭客稱AT&T支付約40萬美元以刪除敏感數據,一筆比特幣交易疑似與該勒索付款有關
https://www.panewslab.com/zh_hk/sqarticledetails/01rxs5w4Ft.html
DMM Bitcoin攻擊者或係朝鮮駭客組織,部分被盜資金已被轉入柬埔寨Huione平台
https://www.panewslab.com/zh_hk/sqarticledetails/rvdlij7jFt.html
聯合國報告:朝鮮駭客通過偽造簡歷滲透加密貨幣行業,年收入達6億美元
https://m.cnyes.com/news/id/5639415
北韓駭客竊取加密貨幣,洗錢手法大公開
https://buzzorange.com/techorange/2024/07/16/north-korean-hackers-sent-stolen-crypto-to-wallet-used-by-asian-payment-firm/
Scroll生態借貸平台Rho Markets或遭駭客攻擊
https://m.cnyes.com/news/id/5645019
WazirX:已聯繫多家平台封鎖被識別的攻擊者地址
https://news.cnyes.com/news/id/5644972
加密公司Wintermute正以約20億美元估值在與騰訊等投資者進行融資談判,融資規模或高達3億美元
https://www.panewslab.com/zh_hk/articledetails/sq0m865x.html
被詐騙的USDT能追回來嗎
https://reurl.cc/OMxoQD
Animoca Brands:香港電訊將探討穩定幣支援本地及跨境支付,渣打銀行關注風險
https://www.panewslab.com/zh_hk/sqarticledetails/e5btpzw7Ft.html
現貨以太坊ETF預計7月23日上市;Binance HODLer空投首個項目Banana Gun(BANANA)上線
https://news.cnyes.com/news/id/5645504
以太坊現貨ETF上市也救不了ETH?六大困境持續打壓幣價
https://www.blocktempo.com/can-ethereum-etf-effect-ethereum-price-rise/
Michael Saylor 發布比特幣 21 條軍規:為什麼永遠不要賣BTC
https://www.blocktempo.com/michael-saylor-bitcoin-21-rules/
DeFi exchange dYdX v3 website hacked in DNS hijack attack
https://www.bleepingcomputer.com/news/security/defi-exchange-dydx-v3-website-hacked-in-dns-hijack-attack/
加密貨幣最大做市商之一,「Wintermute」傳與騰訊洽談融資,估值20億美元
https://hk.investing.com/news/cryptocurrency-news/article-580857
比特幣與全球股市分化,特朗普成關鍵推手
https://hk.investing.com/news/economic-indicators/article-581847
WazirX駭客向兩個新地址轉移約16350枚ETH
https://www.panewslab.com/zh_hk/sqarticledetails/nm2nxfgjFt.html
dYdX:dYdX v3網站遭駭客入侵,請勿造訪網站或點擊相關鏈接
https://www.panewslab.com/zh_hk/sqarticledetails/xp390j3sFt.html
Spectra被盜復盤:損失168 ETH,希望駭客同意還款90%的和解方案
https://news.cnyes.com/news/id/5649589
Kraken比特幣錢包餘額過去24小時減少超6000枚BTC
https://m.cnyes.com/news/id/5649590
MonoSwap駭客將371枚ETH轉入Tornado Cash
https://m.cnyes.com/news/id/5649977
5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC
Lockbit 勒索病毒成員在美認罪!吸金超5億鎂「多是比特幣」,判25年以上監禁
https://www.blocktempo.com/2-foreign-nationals-plead-guilty-in-lockbit-case/
駭客鎖定CrowdStrike Falcon全球大當機事故,佯稱提供自動復原工具來散布惡意軟體
https://www.ithome.com.tw/news/164052
駭客散布冒牌AWS軟體套件,並透過JPEG圖檔進行C2通訊
https://blog.phylum.io/fake-aws-packages-ship-command-and-control-malware-in-jpeg-files/
駭客組織Revolver Rabbit註冊50萬個網域用來散布惡意軟體
https://blogs.infoblox.com/threat-intelligence/rdgas-the-next-chapter-in-domain-generation-algorithms/
竊資軟體Sys01透過被入侵的臉書帳號投放廣告散布
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/facebook-malvertising-epidemic-unraveling-a-persistent-threat-sys01/
針對CrowdStrike更新出錯事故,伊朗駭客假借提供修復工具名義誘人下載,實際卻是散布資料破壞軟體
https://www.ithome.com.tw/news/164079
中國駭客組織GhostEmperor捲土重來,利用惡意程式Demodex從事攻擊行動
https://www.ithome.com.tw/news/164082
美國洛杉機高等法院傳出遭到勒索軟體攻擊,被迫關閉網路系統
https://www.bleepingcomputer.com/news/security/los-angeles-superior-court-shuts-down-after-ransomware-attack/
勒索軟體Play鎖定VMware虛擬化環境而來
https://www.trendmicro.com/en_us/research/24/g/new-play-ransomware-linux-variant-targets-esxi-shows-ties-with-p.html
駭客佯稱提供電玩遊戲俠盜獵車手VI測試版散布惡意程式
https://hackread.com/grand-theft-auto-fake-gta-vi-beta-download-malware/
惡意應用程式OilAlpha鎖定葉門人道救援組織而來
https://www.recordedfuture.com/research/oilalpha-spyware-used-to-target-humanitarian-aid-groups
臺灣及美國macOS用戶遭到鎖定,中國駭客Evasive Panda使用後門程式Macma從事攻擊行動
https://www.ithome.com.tw/news/164099
使用竊資軟體Lumma Stealer、Connecio的駭客加入利用CrowdStrike更新大當機為幌子的行列
https://www.ithome.com.tw/news/164106
北韓駭客Andariel以經濟利益為目標,發動勒索軟體攻擊
https://cloud.google.com/blog/topics/threat-intelligence/apt45-north-korea-digital-military-machine
針對美國醫院及醫療保健服務供應商部署勒索軟體的北韓駭客遭美國起訴
https://www.ithome.com.tw/news/164149
逾3千個GitHub帳號遭駭客組織Stargazer Goblin濫用,作為散布惡意軟體的管道
https://research.checkpoint.com/2024/stargazers-ghost-network/
Two Russian Nationals Plead Guilty in LockBit Ransomware Attacks
https://thehackernews.com/2024/07/two-russian-nationals-plead-guilty-in.html
Pro-Houthi Group Targets Yemen Aid Organizations with Android Spyware
https://thehackernews.com/2024/07/pro-houthi-group-targets-yemen-aid.html
Exploiting the EvilVideo vulnerability on Telegram for Android
https://www.welivesecurity.com/en/eset-research/cursed-tapes-exploiting-evilvideo-vulnerability-telegram-android/
Solving the 7777 Botnet enigma: A cybersecurity quest
https://blog.sekoia.io/solving-the-7777-botnet-enigma-a-cybersecurity-quest/
SocGholish Malware Exploits BOINC Project for Covert Cyberattacks
https://thehackernews.com/2024/07/socgholish-malware-exploits-boinc.html
New Linux Variant of Play Ransomware Targeting VMware ESXi Systems
https://thehackernews.com/2024/07/new-linux-variant-of-play-ransomware.html
Cybercriminals Exploit CrowdStrike Update Mishap to Distribute Remcos RAT Malware
https://thehackernews.com/2024/07/cybercriminals-exploit-crowdstrike.html
New ICS Malware ‘FrostyGoop’ Targeting Critical Infrastructure
https://thehackernews.com/2024/07/new-ics-malware-frostygoop-targeting.html
Ukrainian Institutions Targeted Using HATVIBE and CHERRYSPY Malware
https://thehackernews.com/2024/07/ukrainian-institutions-targeted-using.html
Chinese Hackers Target Taiwan and US NGO with MgBot Malware
https://thehackernews.com/2024/07/chinese-hackers-target-taiwan-and-us.html
Chinese Espionage Group Upgrades Malware Arsenal to Target All Major OS
https://www.infosecurity-magazine.com/news/chinese-group-malware-target-os/
Chinese hackers deploy new Macma macOS backdoor version
https://www.bleepingcomputer.com/news/security/evasive-panda-hackers-deploy-new-macma-macos-backdoor-version/
Hamster Kombat’s 250 million players targeted in malware attacks
https://www.bleepingcomputer.com/news/security/hamster-kombats-250-million-players-targeted-in-android-windows-malware-attacks/
Windows July security updates send PCs into BitLocker recovery
https://www.bleepingcomputer.com/news/microsoft/windows-july-security-updates-send-pcs-into-bitlocker-recovery/
Threat Actor Uses Fake Recovery Manual to Deliver Unidentified Stealer
https://www.crowdstrike.com/blog/fake-recovery-manual-used-to-deliver-unidentified-stealer
Fake update puts visitors at risk
https://www.gdatasoftware.com/blog/2024/07/37976-socgholish-fake-update
B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊
蘋果再拉警報!98 國使用者遭間諜軟體鎖定,記者、企業高層最危險
https://reurl.cc/nNWMZn
手機屏幕自己動懷疑遭入侵 女子送修後發現竟是「這原因」
https://www.chinatimes.com/realtimenews/20240720003092-260402?chdtv
Google開鍘!「4種APP」8月底將全被下架
https://www.mirrormedia.mg/external/ebc_432629
FBI利用以色列駭客工具成功破解川普刺客的安卓手機,過程僅耗時40分鐘
https://www.ithome.com.tw/news/164064
Android版Telegram漏洞讓駭客將惡意程式偽裝成影音檔
https://www.ithome.com.tw/news/164066
Apple Watch深海可救命!男子溺水撥緊急電話求救 多做1事順利脫困
https://tech.udn.com/tech/story/123152/8099365
Apple Watch「Vitals」APP將能更好的理解你的健康狀況,但只有在你睡覺時才有用
https://www.techbang.com/posts/116910-the-apple-watch-vital-signs-app-vitals-can-analyze-peoples
「Tinypod」是可以將你的舊 Apple Watch 變身成 iPod 的小配件
https://tw.news.yahoo.com/tinypod-turn-apple-watch-into-mini-ipod-083006091.html
Cursed tapes: Exploiting the EvilVideo vulnerability on Telegram for Android
https://www.welivesecurity.com/en/eset-research/cursed-tapes-exploiting-evilvideo-vulnerability-telegram-android/
Meta Removes 63,000 Instagram Accounts Linked to Nigerian Sextortion Scams
https://thehackernews.com/2024/07/meta-removes-63000-instagram-accounts.html
C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力
深度剖析CSF 2.0框架,掌握治理背後的重大意義
https://www.ithome.com.tw/news/164098
快速掌握NIST CSF 2.0的7大重要改變
https://www.ithome.com.tw/news/164080
當資訊安全守護者出包時
https://udn.com/news/story/7339/8112340
駭客威脅即將公布竊取到手的資料 環球晶回應了
https://money.udn.com/money/story/5613/8118656
針對半導體矽晶圓廠環球晶圓6月遭駭事故,駭客組織Storm-1811聲稱是他們所為,要脅7月底公布竊得資料
https://udn.com/news/story/7238/8116748
光寶科:公司資安事件之處理及因應說明
https://www.moneydj.com/kmdj/news/newsviewer.aspx?a=d5dad5ea-b2ba-4ff2-97d8-28b62f708c8a
燦坤集團遭駭客攻擊! 線上購物官網癱瘓錯失颱風假商機
https://www.knews.com.tw/news/9A4F55D362FC150289B2C2D6A6C14626
燦坤、燦星網重訊公告 資訊系統遭受網路攻擊
https://money.udn.com/money/story/5612/8116449
知名物流業者遭受駭客攻擊資安事件研析
https://reurl.cc/VzGEN5
研究人員揭露HTTP請求偷渡手法TE.0,恐導致數千個Google Cloud網站曝險
https://www.bugcrowd.com/blog/unveiling-te-0-http-request-smuggling-discovering-a-critical-vulnerability-in-thousands-of-google-cloud-websites/
密碼遭換、個資全都露!台灣工作室遭駭客入侵長達半年持續中
https://taronews.tw/2024/07/22/994335/
佛州華人充當中共特工被起訴
https://www.bannedbook.org/bnews/zh-tw/baitai/20240725/2066636.html#google_vignette
遭駭客攻擊勒索 洛縣36家法院22日全關閉
https://www.worldjournal.com/wj/story/121471/8112400
駭客濫用生成式AI助長社交工程攻擊 企業資安防禦更艱辛
https://www.knews.com.tw/news/99ED3F4CECA7522EFB5F9528EF0E58C3
東南亞受網路攻擊日益嚴重 資安防禦應納入駭客使用人工智慧
https://www.taiwannews.com.tw/zh/news/5901580
Kubelet API成為濫用的標的!駭客將其用於攻擊K8s環境
https://www.aquasec.com/blog/kubernetes-exposed-exploiting-the-kubelet-api/
東南亞國家喊加入「金磚集團」,究竟是是因親中還是「去美元化」的盤算
https://www.thenewslens.com/article/205613
駭客利用深偽技術線上應徵工作得逞,資安業者KnowBe4傳出不慎僱用北韓駭客,察覺異狀並尋求FBI協助調查
https://www.ithome.com.tw/news/164108
微軟大當機元凶慘了?全球最大保經公司:逾75家企業準備索賠
https://reurl.cc/GjzmNy
全球大當機暴露科技依賴風險 美網安局長批CrowdStrike更新缺陷
https://reurl.cc/QR19aM
盤點臺灣企業因CrowdStrike產品更新造成電腦當機的災情
https://www.ithome.com.tw/news/164062
CrowdStrike說明全球當機事件起於驗證軟體一隻臭蟲
https://www.ithome.com.tw/news/164100
上週CrowdStrike更新造成大量Windows電腦無法運作的資安事故,微軟估計有850萬臺Windows電腦受到影響
https://www.ithome.com.tw/news/164040
微軟全球大當機…為何院內病人權益未受影響? 台大醫院曝主因
https://udn.com/news/story/6656/8108165?from=udn-catelistnews_ch2
微軟系統全球大當機重點一次看 出包公司CrowdStrike是什麼
https://www.cna.com.tw/news/aopl/202407190402.aspx
軟體更新引發大當機 凸顯全球系統互連脆弱性
https://money.udn.com/money/story/5599/8107555
微軟系統全球大當機!眾人「藍畫面」卡爛 真正元凶是它害的
https://tech.udn.com/tech/story/123154/8106039?from=redpush
出包資安公司CrowdStrike執行長出面致歉 稱已安排修復解決故障問題
https://www.sinotrade.com.tw/richclub/news/669a786832ba0c93310bd2f9
資安業出包!全球 IT 當機元凶 空運恐須數周復原
https://www.sinotrade.com.tw/richclub/news/669c093232ba0c9331163271
為何例行更新會釀微軟當機?專家分析恐是CrowdStrike疏忽了這事
https://udn.com/news/story/6811/8108250
CrowdStrike出包釀禍 波及這些美股券商交易
https://m.cnyes.com/news/id/5645199
專家:CrowdStrike軟體更新致全球大當機 暴露科技依賴風險
https://www.rti.org.tw/news/view/id/2213651
CrowdStrike釀「史上最慘」大當機!補償曝光驚呆眾人
https://tw.nextapple.com/international/20240725/DA0D65A84737768566E3D456DC0B2445
資安公司推送軟體更新致全球大當機 微軟估850萬台裝置受影響、不足1%
https://www.ftvnews.com.tw/news/detail/2024721W0004
微軟宣布365雲端服務問題解決 資安商CEO致歉:非網攻
https://www.chinatimes.com/realtimenews/20240719004684-260408?chdtv
微軟全球大當機! JR西日本運行出問題 CrowdStrike資安連不上 連台灣都受害
https://newtalk.tw/news/view/2024-07-19/928822
CrowdStrike害全球大當機 補償方案給10美元「禮物卡」還被當詐欺
https://today.line.me/tw/v2/article/QwLaok0
澳洲警告:駭客偽裝成CrowdStrike發假更新
https://reurl.cc/MOno24
微軟全球藍底白字大當機後,中國360安全衛士創始人跑出來說:中國災情少是因為90%電腦用360
https://www.techbang.com/posts/117032-after-microsofts-global-crash-with-white-on-a-blue-background
17-Year-Old Linked to Scattered Spider Cybercrime Syndicate Arrested in U.K.
https://thehackernews.com/2024/07/17-year-old-linked-to-scattered-spider.html
Faulty CrowdStrike Update Crashes Windows Systems, Impacting Businesses Worldwide
https://thehackernews.com/2024/07/faulty-crowdstrike-update-crashes.html
CrowdStrike Explains Friday Incident Crashing Millions of Windows Devices
https://thehackernews.com/2024/07/crowdstrike-explains-friday-windows.html
APT41 Infiltrates Networks in Italy, Spain, Taiwan, Turkey, and the U.K.
https://thehackernews.com/2024/07/apt41-infiltrates-networks-in-italy.html
Patchwork Hackers Target Bhutan with Advanced Brute Ratel C4 Tool
https://thehackernews.com/2024/07/patchwork-hackers-target-bhutan-with.html
APT45: North Korea’s Digital Military Machine
https://cloud.google.com/blog/topics/threat-intelligence/apt45-north-korea-digital-military-machine
資安管理助理顧問
https://ilabor.ntpc.gov.tw/cloud/GoodJob/job_title/1001146608
資訊安全技術顧問
https://ilabor.ntpc.gov.tw/cloud/GoodJob/job_title/1001146614
B-數位金融_營運規劃及法遵法務諮詢人員
https://www.1111.com.tw/job/112960903/
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全
假冒執法人員的詐騙再起 中國駐美國使領館呼籲提高警覺
https://reurl.cc/yLxaQy
林口警破獲詐團假冒駭客 追回被騙的錢「再狠狠騙1次」
https://reurl.cc/XGvbja
迪士尼被爆遭駭,多達1.1TB包括美術、未展出作品到個人資料內容洩漏
https://reurl.cc/LW9oMx
租屋都騙?他親自與詐騙者交涉揭「新手法」 提醒民眾遇「這情況」別匯款
https://www.ftvnews.com.tw/news/detail/2024715W0181
打擊騙案|警方兩個月接12宗假冒技術支援騙案 駭客、警官由騙徒包「扮」
https://reurl.cc/bV1ol6
微軟大當機致全球逾5千航班取消 駭客趁機發假電郵
https://www.taisounds.com/news/content/84/137248
釣魚郵件的隱藏威脅 URL保護服務被駭客利用
https://news.pchome.com.tw/science/technice/20240720/index-72143540077198338005.html
新加坡示警不實訊息 引干預法封鎖郭文貴相關帳號
https://www.cna.com.tw/news/aopl/202407200118.aspx
暗網賣創意私房會員資料 檢警2行動「駭客滅站無法滅證」
https://www.ettoday.net/news/20240721/2781764.htm
駭客怒了!發動毀滅性攻擊刪光「創意私房」影音 置換首頁怒嗆
https://www.setn.com/News.aspx?NewsID=1501822
創意私房遭駭客攻破 檢警秘密偵查「掌握122名會員資料」
https://www.ctwant.com/article/351168/
攝狼遍全台!Telegram偷拍大群廣告分潤每月百萬 再揭窺淫內幕
https://www.ettoday.net/news/20240721/2781580.htm
台牌家用監視器設定「公開影像」民控:隱私外洩
https://news.tvbs.com.tw/amp/life/2557994
家中「私人影像」被看光!? SpotCam監視器爆疑慮
https://reurl.cc/z1mkx0
推銷娘惹糕駭長者電話 老千套密碼掃臉盜款
https://reurl.cc/9vg9xY
突破人力銀行限制取求職者個資 檢調約談10餘人
https://www.cna.com.tw/news/asoc/202407190002.aspx
104人力銀行回應人頭公司事件 提出8點求職安全提醒
https://finance.ettoday.net/news/2780619
保障求職安全! 104人力銀行主動通報檢調偵辦不法
https://www.sinotrade.com.tw/richclub/news/669a00e232ba0c9331597436
有內鬼?暗網驚見移民署內部資料外洩 署長資訊也被公開兜售
https://news.ltn.com.tw/news/society/breakingnews/4744162
內部通訊錄被上網販售 移民署:不排除離職員工涉案
https://news.ltn.com.tw/news/society/breakingnews/4744326
移民署爆內鬼!暗網PO文出售含署長通訊錄 開價81萬被鎖定
https://www.ettoday.net/news/20240722/2782353.htm
移民署內部通訊錄驚傳流入駭客論壇,該單位表示非駭客攻擊外流,疑為離職員工所為
https://www.ithome.com.tw/news/164081
移民署內部通訊錄遭外流兜售 王鴻薇:資安即國安「快拴緊螺絲」
https://www.nownews.com/news/6477397
移民署內部通訊錄遭外洩 劉世芳:不具資安價值已通報處理
https://goosedaily.com/articles/248091
網路曬娃是門好生意?惡意陌生人看孩子的視角,絕對跟父母不同
https://issues.ptsplus.tv/articles/9268/
騙案手法|騙徒演大龍鳳盜取$1,000萬存款!以系統錯誤警告為餌!扮駭客、支援人員、警官誘導提款轉錢!遇電腦錯誤提示緊記3要點
https://www.etnet.com.hk/www/tc/lifestyle/wealth/scamexposure/91598?utm_source=website&utm_medium=copied-text
郵局提升服務? 假簡訊誘上鉤 勿輕易點擊連結
https://www.worldjournal.com/wj/story/121360/8113013?from=wj_catelistnews_index
警員涉洩密騙土地遭搜索 台北市警局:主動調查、依法嚴處
https://www.chinatimes.com/realtimenews/20240723005279-260402?chdtv
全球大當機餘波…網路歹徒釣魚郵件 慎防「幫修復」打劫
https://www.worldjournal.com/wj/story/121177/8115208
遏制網路詐騙對未成年傷害 馬來西亞將加強打擊網路犯罪
https://www.taiwannews.com.tw/zh/news/5907773
彰化停班停課假訊息網路亂傳 縣府追究責任
https://tw.nextapple.com/local/20240725/778199B218E9E6DAB0E5E103027FEF2A
冒名詐騙又一波!魏哲家、蔡宏圖都遭盜用開假粉專 一次看懂如何防止上當
https://www.ftvnews.com.tw/news/detail/2024723W0183
Phish-Friendly Domain Registry “.top” Put on Notice
https://krebsonsecurity.com/2024/07/phish-friendly-domain-registry-top-put-on-notice/
Goodbye? Attackers Can Bypass ‘Windows Hello’ Strong Authentication
https://www.darkreading.com/endpoint-security/goodbye-attackers-can-bypass-windows-hello-strong-authentication
BreachForums v1 hacking forum data leak exposes members’ info
https://www.bleepingcomputer.com/news/security/breachforums-v1-hacking-forum-data-leak-exposes-members-info/
Verizon to pay $16 million in TracFone data breach settlement
https://www.bleepingcomputer.com/news/security/verizon-to-pay-16-million-in-tracfone-data-breach-settlement/
The Criminal IP API-powered favicon-finder is a tool for searching and generating hashes of favicons.
https://github.com/KamilDogo/favicon-finder
E.研究報告/工具
研究人員揭露人工智慧平臺SAP AI Core漏洞SAPwned,有可能被攻擊者存取帳密及客戶資料
https://www.ithome.com.tw/news/164045
Take a look at Forensic Analysis of Tor Browser on Windows 11: Unveiling the Dark Web’s Secrets
https://eforensicsmag.com/forensic-analysis-of-tor-browser-on-windows-11-unveiling-the-dark-webs-secrets/
How to Set up an Automated SMS Analysis Service with AI in Tines
https://thehackernews.com/2024/07/how-to-set-up-automated-sms-analysis.html
MSPs & MSSPs: How to Increase Engagement with Your Cybersecurity Clients Through vCISO Reporting
https://thehackernews.com/2024/07/msps-mssps-how-to-increase-engagement.html
How to Securely Onboard New Employees Without Sharing Temporary Passwords
https://thehackernews.com/2024/07/how-to-securely-onboard-new-employees.html
Leveraging AI as a Tool in Threat Management
https://thehackernews.com/expert-insights/2024/06/leveraging-ai-as-tool-in-threat.html
Beware Of Dating Apps Exposing Your Personal And Location Details To Cyber Criminals
https://gbhackers-com.cdn.ampproject.org/c/s/gbhackers.com/dating-apps-security-risk/amp/
How a North Korean Fake IT Worker Tried to Infiltrate Us
https://blog.knowbe4.com/how-a-north-korean-fake-it-worker-tried-to-infiltrate-us
How a Trust Center Solves Your Security Questionnaire Problem
https://thehackernews.com/2024/07/how-trust-center-solves-your-security.html
How to Reduce SaaS Spend and Risk Without Impacting Productivity
https://thehackernews.com/2024/07/how-to-reduce-saas-spend-and-risk.html
PSKracker is a collection of WPA/WPA2/WPS default algorithms/password generators/pingens
https://github.com/soxrok2212/PSKracker
6 Types of Applications Security Testing You Must Know About
https://thehackernews.com/2024/07/6-types-of-applications-security.html
Keeping an eye on WSL through Microsoft Defender for Endpoint
https://www.michalos.net/2024/06/25/keeping-an-eye-on-wsl-through-microsoft-defender-for-endpoint/
F.商業
為什麼 Fortify DAST 動態應用程式安全檢測很重要
https://marketing.ares.com.tw/newsletter/2024-07-cimes/fortify-webinspect-important
Safeguard Personal and Corporate Identities with Identity Intelligence
https://thehackernews.com/2024/07/safeguard-personal-and-corporate.html
微軟推出 Microsoft Entra Suite 強化身份驗證零信任架構與治理
https://www.cdns.com.tw/articles/1050237
微軟對自家雲端物件儲存環境提供企業級惡意軟體掃描
https://www.ithome.com.tw/review/164007
新北親師生平臺再進化 攜手Fortinet簽MOU 強化數位品格力
https://reurl.cc/jWbe02
共育台灣資安人才,DEVCORE與全球資安培訓機構OffSec合作引進原廠講師實體課程
https://reurl.cc/3XdQ0X
資安大廠市占率恐將重新洗牌
https://today.line.me/tw/v2/article/mWYeRkz
Google將抓漏獎金提高5倍
https://www.ithome.com.tw/news/163912
新版 Red Hat OpenShift 大幅簡化跨混合雲的多樣化工作負載
https://www.ithome.com.tw/pr/164004
F5 SOAS AI 2024報告 :資料治理和安全問題存在差距,企業仍在擴大部署AI
https://www.ithome.com.tw/pr/164026
伊雲谷與AWS簽訂戰略合作協議 深化區域合作 聚焦人才育留
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000697106_NAQ2TY5YLT4HVV72SRPZR
BeyondTrust Remote 遠端支援,隨時隨地提供安全的個人設備或系統維護服務
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11136
Meta Given Deadline to Address E.U. Concerns Over ‘Pay or Consent’ Model
https://thehackernews.com/2024/07/meta-given-deadline-to-address-eu.html
Google宣布放棄在Chrome中封鎖第三方Cookie的計畫
https://www.ithome.com.tw/news/164065
Google Abandons Plan to Phase Out Third-Party Cookies in Chrome
https://thehackernews.com/2024/07/google-abandons-plan-to-phase-out-third.html
New Chrome Feature Scans Password-Protected Files for Malicious Content
https://thehackernews.com/2024/07/new-chrome-feature-scans-password.html
電子地圖基金會Overture Maps發布開放地圖資料集的正式版
https://www.ithome.com.tw/news/164101
Nvidia推出企業用AI模型客製化平臺AI Foundry
https://www.ithome.com.tw/news/164103
微軟開始於Bing搜尋測試AI生成結果
https://www.ithome.com.tw/news/164104
Mistral AI發表Mistral Large 2,挑戰GTP-4o與Llama 3.1 405B
https://www.ithome.com.tw/news/164107
Apple Maps終於推出網頁版,臺灣已上線
https://www.ithome.com.tw/news/164105
Palo Alto Networks 推出 Prisma SASE 3.0 將零信任快速帶入 OT 環境
https://netmag.tw/2024/07/23/palo-alto-networks-launches-prisma-sase-3-0
IBM雲端金融三支箭 賦能金融業擁抱AI時代
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?CnlID=13&id=697629
一張攻擊圖預測攻擊路徑,奧義智慧如何讓 AI 偵測資安事件
https://www.bnext.com.tw/article/79732/cycraft-cycarrier-cyber-security-check-taiwan-impact-ai-award-2024x
InfoSec Taiwan國際資安組織大會成為資安產業鏈結平台 攜手產官學研打造生態圈 共推自主研發能量邁向國際
https://www.netadmin.com.tw/netadmin/zh-tw/snapshot/1CDD9F2F3776452E80CB45D8C700066C
史上Google最大併購案告吹!資安業者Wiz傳出拒絕併購協議,將尋求IPO
https://www.ithome.com.tw/news/164092
G.政府
又是駭客!「基市健康E化博物館」粉專PO大量不雅片 衛生局回應
https://www.nownews.com/news/6471854
政府機關粉專遭盜用 數發部:應設社群平台管理機制
https://www.cna.com.tw/news/afe/202407210062.aspx
新北萬安演習今登場 模擬駭客攻擊主機釀交通癱瘓
https://m.match.net.tw/pc/news/life/20240723/8054331
民安10號、萬安47號演習也涵蓋資安演練,新北市針對交通控制系統遭駭進行應變處置
https://www.cna.com.tw/news/aloc/202407230243.aspx
中科院:已具備深偽技術相關研發能量 可協助國軍反認知作戰
https://www.cna.com.tw/news/aipl/202407160136.aspx
不滿數位部僅做半套!台灣駭客出手「刪光創意私房」影音 1標語警示眾人
https://www.ftnn.com.tw/news/270405
金管會強化金融業資安 公布導入零信任架構參考指引
https://www.chinatimes.com/realtimenews/20240719001214-260410?ctrack=pc_main_rtime_p01&chdtv
資安院靠AI揪160萬機器人帳號 源頭打詐鎖定廣告驗證
https://www.ctee.com.tw/news/20240719701400-430104
Windows停擺 數發部:資安事件快通報 桃機6航空地勤採人工作業因應
https://www.ctee.com.tw/news/20240720700069-439901
微軟當機全球受害 數發部長:台灣影響不大、仍須警惕幾件事
https://reurl.cc/bVZ89E
微軟釀當機災情 黃彥男:政府服務不會只用一家公有雲
https://www.fountmedia.io/article/235563
深偽技術武器化 慎防誤判確保國安
https://www.ydn.com.tw/news/newsInsidePage?chapterID=1694004&type=universal
黃偉哲培育在地數位資安尖兵 臺南市資安攻防工具入門首場課程爆滿
https://www.tainan.gov.tw/News_Content.aspx?n=13371&s=8650073
加強資安意識 嘉縣府政風處辦理資訊安全講習
https://www.cna.com.tw/postwrite/chi/376926
金融業導入零信任架構參考指引
https://law.fsc.gov.tw/NewsContent.aspx?id=9915
YouBike不到1個月當機2次 北市府依合約罰1萬元挨轟太少
https://reurl.cc/bY46vM
H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安
人體植入NFC晶片成為門禁管理新型攻擊方式,使用嗅探犬成為資安新利器
https://www.techbang.com/posts/116976-the-implantation-of-nfc-chips-in-the-human-body-has-become-a
NK首次核發型式認可證書予網路韌性船用設備
https://www.tssdnews.com.tw/?FID=9&CID=752319
2024 OT安全現狀報告:OT攻擊頻繁來襲七成台灣企業面臨每日威脅
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11141
資策會成立FAITH 全台首家車輛軟體評測單位打造智慧車輛信賴環境
https://news.owlting.com/articles/759244
Moxa深耕工業互聯網 全球遍地開花
https://www.chinatimes.com/newspapers/20240724000332-260202?chdtv
工控系統惡意軟體FrostyGoop今年初發動攻擊,導致烏克蘭暖氣供應中斷
https://www.dragos.com/blog/protect-against-frostygoop-ics-malware-targeting-operational-technology/
New ICS Malware ‘FrostyGoop’ Targeting Critical Infrastructure
https://thehackernews.com/2024/07/new-ics-malware-frostygoop-targeting.html
I.教育訓練
資安事件發生必要知道的復原程序,降低傷害
https://www.ithome.com.tw/pr/163614
iPAS資訊安全工程師中級筆記
https://hackmd.io/@Not/iPASInformationSecuritySpecialist
iPas資安工程師證照考前研習
https://reurl.cc/GEbA3p
iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題)
https://reurl.cc/orlD1g
GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計
https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad
Coursera 盤點 7 項雲端資安認證,高薪跳板都在這了!
https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/
一般人也能拿到國際資安認證!CSCU安全電腦使用者認證課程
https://www.ithome.com.tw/pr/160954
全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口
https://reurl.cc/m39MDj
CISSP資安認證的8大領域
https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html
CISSP考試心得
https://reurl.cc/KbY83j
CISSP考試心得 — Benson
https://reurl.cc/GbWvxd
目標導向-20天光速考過CISSP
https://reurl.cc/2Zq6zn
CISSP證照考試實戰心得 第一章:初期準備工作
https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat
CISSP證照考試實戰心得 第二章:規律且有紀律的讀書策略
https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies
CISSP證照考試實戰心得 第三章:終極一戰
https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle
Quick CISSP Infographic for IPSec
https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec
CSSLP Certification — Security models in F#
https://github.com/vbocan/csslp
Certified Secure Software Lifecycle Professional in bullet points
https://github.com/joeyhage/csslp-notes
CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得
https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/
EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022
https://reurl.cc/1oyEM8
CEH v11 考試心得與準備方式
https://blog.sean.taipei/2022/01/ceh
CEH
https://github.com/a3cipher/CEH
CodeRed by EC-Council
https://github.com/codered-by-ec-council
EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習
https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2
EC-Council CEHP考試準備心得
https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po
ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials
https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4
EC-Council ECSA資安分析專家 v10 考試心得分享
https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html
20180817 EC-Council ECSA v10 PASS
https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html
關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享
https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d
深度解析 CPENT 考試心得、以及與 OSCP 的比較
https://reurl.cc/41eL8v
EC-Council CPENT v1 滲透測試認證 — 內容及心得分享
https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review
CPENT 從暴力到破解
https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295
Ec-Council CPENT心得 — 資安菜鳥從CEH到LPT Master
https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f
CPENT考試心得分享:一次拿到 LPT 滲透測試大師認證
https://ucom.uuu.com.tw/web/Testimony/Article/4404
kaizensecurity/CPENT
https://github.com/kaizensecurity/CPENT/tree/master
CPENT : Pentesting like NO OTHERS !
https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/
Journey of My CPENT Exam
https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917
[備考心得]CompTIA Security+ (SY0–601) 上篇
https://reurl.cc/M053DK
[備考心得]CompTIA Security+ (SY0–601) 下篇
https://reurl.cc/M053Gv
comptia-security-plus
https://github.com/ajfuto/comptia-security-plus
security-plus
https://github.com/fjavierm/security-plus
CompTIA Security+ Certification Practice Test Questions
https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette
不只是工程師才要懂的 App 資訊安全:取得資安檢測合格證書血淚史(iT邦幫忙鐵人賽系列書)
https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html
App防駭學,資安防護實戰課程全面提升安全觀念
https://www.ithome.com.tw/pr/161505
OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享
https://hackmd.io/@henry-ko/HyQ56e8eF
OSCP(Offensive Security Certified Professional)
https://github.com/0x584A/oscp-notes/tree/master
ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年
https://reurl.cc/aVLoX9
Learn NIST Inside Out With 21 Hours of Training @ 86% OFF
https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html
駭客與國家: 網路攻擊與地緣政治新常態
The hacker and the state: cyber attacks and the new normal of geopolitic
https://reurl.cc/D3nKKj
Practical Network Penetration Tester (PNPT) Certification Review
https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df
WUSON常用的基本詞彙
https://choson.lifenet.com.tw/?p=1958
證照仍是學習資安基本功的主要管道,有專家打造「資安證照地圖」
https://www.ithome.com.tw/news/156754
用證照證明自己實力之餘,更應將證照視為督促學習的最大動力
https://www.ithome.com.tw/news/156756
打破證照誤解與迷思,資安專家帶你釐清資安證照的意義
https://www.ithome.com.tw/news/156755
Accelerate Your Career with the Global Leader in Cyber Security Training
https://www.sans.org/mlp/promo-partnership-hacker-news/
【成大資安社社課】資安禁術 — 逆向工程地獄試煉
https://www.youtube.com/watch?v=4Yc3-9CjG6U
透過實務演練,教你建立實作標準的安全SOP流程
https://www.ithome.com.tw/pr/163514
6.近期資安活動及研討會
【安碁學苑】資安職能培訓|系統網路安全管理師 2024/7/27 ~ 2024/8/24
https://acsiacad.kktix.cc/events/6ebd7fbd-copy-4
Self-Taught Coding Tuesdays — Study, Code, Design, Build, Network 2024/7/30
https://www.meetup.com/taiwan-code-camp/events/xfxtjtygckbnc/
FinTech Summer CAMP 2024/8/5 ~ 2024/8/9
https://isipevent.kktix.cc/events/f2ce8bcc-copy-6
「資安技術人才培育計畫」免費線上講座 2024/8/6
https://www.acsiacad.com/subdetail/1066
Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/8/28
https://www.meetup.com/taipei-startups-investors-masterminds-network/events/299702435/
第二屆台南Web3產業國際博覽會 TAINAN WEB3 INTERNATIONAL FAIR 2024/10/18
https://www.accupass.com/event/2406150525111725753130
HITCON Enterprise 2024 台灣駭客年會 2024/10/30
https://hitcon.kktix.cc/events/hitcon-ent-2024