資安事件新聞週報 2025/1/20 ~ 2025/1/24

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2025/1/20 ~ 2025/1/24 1.重大弱點漏洞/後門/Exploit/Zero Day SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation https://thehackernews.com/2025/01/sonicwall-urges-immediate-patch-for.html SonicWall防火牆設備SMA 1000系列存在重大漏洞，已傳出被用於攻擊行動 https://www.bleepingcomputer.com/news/security/sonicwall-warns-of-sma1000-rce-flaw-exploited-in-zero-day-attacks/ Palo Alto Firewalls Found Vulnerable to Secure Boot Bypass and Firmware Exploits https://thehackernews.com/2025/01/palo-alto-firewalls-found-vulnerable-to.html Fortinet https://nvd.nist.gov/vuln/detail/CVE-2024-55591 https://nvd.nist.gov/vuln/detail/CVE-2024-35273 https://nvd.nist.gov/vuln/detail/CVE-2024-50563 https://nvd.nist.gov/vuln/detail/CVE-2024-23106 https://nvd.nist.gov/vuln/detail/CVE-2024-35277 https://nvd.nist.gov/vuln/detail/CVE-2024-47571 https://nvd.nist.gov/vuln/detail/CVE-2024-36512 https://nvd.nist.gov/vuln/detail/CVE-2024-48884 https://nvd.nist.gov/vuln/detail/CVE-2024-50566 https://nvd.nist.gov/vuln/detail/CVE-2024-48886 https://nvd.nist.gov/vuln/detail/CVE-2024-46668 https://nvd.nist.gov/vuln/detail/CVE-2024-46670 https://nvd.nist.gov/vuln/detail/CVE-2024-27778 https://nvd.nist.gov/vuln/detail/CVE-2023-37931 https://nvd.nist.gov/vuln/detail/CVE-2023-37937 https://nvd.nist.gov/vuln/detail/CVE-2023-37936 https://nvd.nist.gov/vuln/detail/CVE-2024-47572 https://nvd.nist.gov/vuln/detail/CVE-2024-46667 Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9) https://thehackernews.com/2025/01/cisco-fixes-critical-privilege.html 思科修補防毒軟體ClamAV阻斷服務漏洞，防止攻擊者中斷防毒掃描 https://www.ithome.com.tw/news/167139 Veeam修補本地端與Azure備份軟體多個漏洞，包括提升權限的重大漏洞 https://www.ithome.com.tw/news/167089 針對Ivanti SSL VPN零時差漏洞攻擊事故，資安業者Palo Alto Networks揭露新的調查結果 https://securityonline.info/cl-unk-0979-exploit-zero-day-flaw-in-ivanti-connect-secure-to-gain-access-to-networks/ HPE修補網路設備作業系統ArubaOS高風險漏洞 https://www.ithome.com.tw/news/167090 HPE Aruba公布網路設備作業系統AOS高風險漏洞 https://securityonline.info/hpe-aruba-networking-addresses-security-vulnerabilities-in-aos-systems/ Oracle發布2025年第一季例行更新，修補320個資安弱點 https://securityonline.info/oracles-january-2025-critical-patch-update-addressing-320-security-vulnerabilities/ Oracle Critical Patch Update for January 2025 https://reurl.cc/O5nyk3 Oracle Releases January 2025 Patch to Address 318 Flaws Across Major Products https://thehackernews.com/2025/01/oracle-releases-january-2025-patch-to.html Microsoft 推出 2025年1月 Patch Tuesday 每月例行更新修補包 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11555 Threat Brief: CVE-2025-0282 and CVE-2025-0283 https://unit42.paloaltonetworks.com/threat-brief-ivanti-cve-2025-0282-cve-2025-0283/ Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation https://thehackernews.com/2025/01/critical-flaws-in-wgs-804hpt-switches.html CISA Adds Five-Year-Old jQuery XSS Flaw to Exploited Vulnerabilities List https://thehackernews.com/2025/01/cisa-adds-five-year-old-jquery-xss-flaw.html 供房地產網站使用的WordPress佈景主題、外掛存在重大漏洞，攻擊者有機會得到3萬個網站的管理權限 https://www.ithome.com.tw/news/167149 W3 Total Cache修補高風險漏洞，百萬WordPress網站曝攻擊風險 https://www.ithome.com.tw/news/167033 AWS修補WorkSpaces、AppStream、DCV高風險漏洞 https://securityonline.info/aws-patches-vulnerabilities-in-workspaces-appstream-2-0-and-dcv-clients/ 7-Zip存在高風險MoTW漏洞，揭露此事的資安業者趨勢科技公布細節 https://www.bleepingcomputer.com/news/security/7-zip-fixes-bug-that-bypasses-the-windows-motw-security-mechanism-patch-now/ Nvidia公告容器工具套件及GPU Operator高風險弱點 https://www.ithome.com.tw/news/167051 Yubiko針對開源身分驗證套件pam-u2f發布資安公告，攻擊者有機會藉由重大漏洞繞過身分驗證 https://securityonline.info/yubico-addresses-authentication-bypass-vulnerability-cve-2025-23013-in-pam-u2f-package/ 2.銀行/金融/保險/證券/金融監理新聞及資安歐盟數位營運韌性法案生效金融業如何建立資安事件通報 https://www.ctee.com.tw/news/20250117700123-439901 偽冒案件激增六成富邦金控提醒春節防詐五「不」 https://www.ctee.com.tw/news/20250122700718-431201 富邦金控偵測485件偽冒案件，年增六成展現打擊詐欺決心 https://www.storm.mg/stylish/5313561 驚！才13天國人就被詐騙47億銀行將祭出「這招」攔阻調高額度 https://reurl.cc/yDG3ND 春節ATM不中斷！央行祭3措施、銀行加倍工資 https://news.pchome.com.tw/living/nownews/20250123/index-73760481600559207009.html#google_vignette 新北金融沙盒育才中心揭牌培育國際貿易及商業金融人才 https://reurl.cc/G5O3yW 3.信用卡/電子支付/行動支付/pay/支付系統/資安手機嗶進站！北捷何時開放Apple Pay、LINE Pay搭車？TPASS通勤族為何難開心 https://www.cw.com.tw/article/5133855 跨境支付平台 HIVEX 正式開通韓國跨境行動支付服務 https://money.udn.com/money/story/5613/8473578 華南銀行防詐升級信用卡綁定驗證機制再進階 https://money.udn.com/money/story/5613/8512965 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安川普成立加密貨幣小組擬定新監管框架 https://www.cna.com.tw/video/news/4346323 加密貨幣｜川普簽署加密貨幣行政命令，數位資產監管可能迎來新局面 https://today.line.me/tw/v2/article/JPWavpk 川普啟動比特幣時代 SEC廢了加密幣準則 https://www.ctee.com.tw/news/20250124700551-430701 HOYA BIT 揭秘「加密貨幣防詐SOP」打造完美資金防護網 https://reurl.cc/nqA822 Coinbase 執行長：美國恐下架 USDT，穩定幣與代幣類別成加密法案推行重點 https://abmedia.io/coinbase-ceo-interview-crypto-stablecoin-usdt-stargate 「比特幣耶穌」涉嫌詐欺逃稅馬斯克尋求川普赦免 https://money.udn.com/money/story/10511/8509449?from=edn_newestlist_rank 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 印度駭客組織DoNot鎖定安卓用戶，散布惡意軟體Tanzeem https://www.ithome.com.tw/news/167150 韓國VPN業者IPany遭駭，攻擊者在原廠提供安裝檔上加料以散布惡意程式SlowStepper https://www.ithome.com.tw/news/167133 殭屍網路Airashi利用零時差漏洞綁架cnPilot路由器，不只發動DDoS攻擊，也打算提供非法代理伺服器服務 https://www.ithome.com.tw/news/167138 勒索軟體駭客藉由電子郵件轟炸、鎖定微軟Teams網釣入侵受害組織 https://www.securityweek.com/ransomware-groups-abuse-microsoft-services-for-initial-access/ 冒牌套件管理Homebrew透過惡意廣告散布，意圖對macOS用戶散布竊資軟體AmosStealer https://www.bleepingcomputer.com/news/security/fake-homebrew-google-ads-target-mac-users-with-malware/ 駭客利用PHP後門及連線工具GSocket打造印尼非法賭博平臺 https://thehackernews.com/2025/01/python-based-bots-exploiting-php.html 惡意程式PNGPlug、ValleyRAT鎖定臺灣、香港、中國地區而來 https://www.ithome.com.tw/news/167099 駭客意圖透過惡意NPM套件竊取加密貨幣錢包，並濫用Gmail通訊協定藏匿行蹤 https://thehackernews.com/2025/01/hackers-deploy-malicious-npm-packages.html 惡意PyPI套件pycord-self鎖定Discord開發人員而來 https://socket.dev/blog/malicious-pypi-package-targets-discord-developers-with-token-theft-and-backdoor Gootloader Inside Out https://news.sophos.com/en-us/2025/01/16/gootloader-inside-out/ Will the Real Volt Typhoon Please Stand Up https://censys.com/will-the-real-volt-typhoon-please-stand-up/ Python-Based Bots Exploiting PHP Servers Fuel Gambling Platform Proliferation https://thehackernews.com/2025/01/python-based-bots-exploiting-php.html 1.3萬臺MikroTik路由器被綁架組成殭屍網路，駭客搭配DNS弱點與SPF不當設定散布惡意軟體 https://www.ithome.com.tw/news/167059 物聯網裝置遭綁架，被用於散布殭屍網路病毒Mirai和Bashlite變種 https://www.trendmicro.com/en_us/research/25/a/iot-botnet-linked-to-ddos-attacks.html Mirai變種殭屍網路Murdoc鎖定陞泰IP攝影機、華為路由器而來 https://www.ithome.com.tw/news/167106 Mirai殭屍網路攻擊規模再創新高，資安業者Cloudflare攔下規模5.6 Tbps的DDoS攻擊 https://www.ithome.com.tw/news/167130 Mirai Botnet Launches Record 5.6 Tbps DDoS Attack with 13,000+ IoT Devices https://thehackernews.com/2025/01/mirai-botnet-launches-record-56-tbps.html Mirai Variant Murdoc Botnet Exploits AVTECH IP Cameras and Huawei Routers https://thehackernews.com/2025/01/murdocbotnet-found-exploiting-avtech-ip.html QakBot-Linked BC Malware Adds Enhanced Remote Access and Data Gathering Features https://thehackernews.com/2025/01/qakbot-linked-bc-malware-adds-enhanced.html TRIPLESTRENGTH Hits Cloud for Cryptojacking, On-Premises Systems for Ransomware https://thehackernews.com/2025/01/triplestrength-targets-cloud-platforms.html Hackers Deploy Malicious npm Packages to Steal Solana Wallet Keys via Gmail SMTP https://thehackernews.com/2025/01/hackers-deploy-malicious-npm-packages.html PNGPlug Loader Delivers ValleyRAT Malware Through Fake Software Installers https://thehackernews.com/2025/01/pngplug-loader-delivers-valleyrat.html DoNot Team Linked to New Tanzeem Android Malware Targeting Intelligence Collection https://thehackernews.com/2025/01/donot-team-linked-to-new-tanzeem.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 Android's New Identity Check Feature Locks Device Settings Outside Trusted Locations https://thehackernews.com/2025/01/androids-new-identity-check-feature.html TikTok Goes Dark in the U.S. as Federal Ban Takes Effect January 19, 2025 https://thehackernews.com/2025/01/tiktok-goes-dark-in-us-as-federal-ban.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力【2025最新國家級駭客攻擊與威脅變化】邊緣裝置成駭客主要滲透媒介，軟體與服務供應鏈的風險加劇 https://www.ithome.com.tw/news/166903 【重新認識國家級駭客威脅】全民資安風險倍增！國家支持的網路間諜攻擊升級 https://www.ithome.com.tw/news/166901 推動AI代理人應用，Nvidia提供AI護欄微服務、內容安全防範工具 https://www.ithome.com.tw/news/167020 微軟已棄用的NTLMv1驗證機制，仍可能被啟動用於攻擊 https://www.ithome.com.tw/news/167104 【電信業屢遭國家級駭客鎖定】美國多家電信業遭駭成2024最大網路間諜事故 https://www.ithome.com.tw/news/166898 Cloudflare快取被濫用於零點擊攻擊，Signal與Discord用戶地理位置遭洩露 https://www.ithome.com.tw/news/167115 聯鈞光電資訊系統遭遇勒索軟體攻擊 https://mops.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=3&SPOKE_TIME=65931&SPOKE_DATE=20250120&COMPANY_ID=3450 所羅門資訊系統遭受攻擊 https://mops.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=150945&SPOKE_DATE=20250123&COMPANY_ID=2359 新門資訊系統遭受攻擊 https://mops.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=160603&SPOKE_DATE=20250123&COMPANY_ID=5432 PlushDaemon APT Targets South Korean VPN Provider in Supply Chain Attack https://thehackernews.com/2025/01/plushdaemon-apt-targets-south-korean.html Unsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers https://thehackernews.com/2025/01/unsecured-tunneling-protocols-expose-42.html U.S. Sanctions Chinese Cybersecurity Firm Over Treasury Hack Tied to Salt Typhoon https://thehackernews.com/2025/01/us-sanctions-chinese-cybersecurity-firm.html U.S. Sanctions North Korean IT Worker Network Supporting WMD Programs https://thehackernews.com/2025/01/us-sanctions-north-korean-it-worker.html DoJ Indicts 5 Individuals for $866K North Korean IT Worker Scheme Violations https://thehackernews.com/2025/01/doj-indicts-5-individuals-for-866k.html 美國制裁中國資安業者，理由是參與Salt Typhoon攻擊電信業者及關鍵基礎設施 https://www.ithome.com.tw/news/167063 川普下令解除所有美國國土安全部顧問委員會成員職務，恐波及Salt Typhoon攻擊電信業者事故調查 https://www.ithome.com.tw/news/167140 Trump Terminates DHS Advisory Committee Memberships, Disrupting Cybersecurity Review https://thehackernews.com/2025/01/trump-terminates-dhs-advisory-committee.html President Trump Pardons Silk Road Creator Ross Ulbricht After 11 Years in Prison https://thehackernews.com/2025/01/president-trump-pardons-silk-road.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全雲端校園管理系統PowerSchool遭供應鏈攻擊，駭客聲稱竊得逾6千萬學生資料 https://www.bleepingcomputer.com/news/security/powerschool-hacker-claims-they-stole-data-of-62-million-students/ 俄羅斯駭客Star Blizzard鎖定政府官員與研究人士而來，意圖透過網釣挾持他們的WhatsApp帳號竊密 https://www.ithome.com.tw/news/167113 初始入侵管道掮客IntelBroker聲稱握有HPE帳密、存取憑證、產品原始碼，在駭客論壇兜售 https://www.ithome.com.tw/news/167091 攻擊者偽造Google Ads官方廣告，釣魚攻擊廣告主竊取預算 https://www.ithome.com.tw/news/167006 Sneaky 2FA: exposing a new AiTM Phishing-as-a-Service https://blog.sekoia.io/sneaky-2fa-exposing-a-new-aitm-phishing-as-a-service/ New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass https://thehackernews.com/2025/01/new-sneaky-2fa-phishing-kit-targets.html European Privacy Group Sues TikTok and AliExpress for Illicit Data Transfers to China https://thehackernews.com/2025/01/european-privacy-group-sues-tiktok-and.html Beware: Fake CAPTCHA Campaign Spreads Lumma Stealer in Multi-Industry Attacks https://thehackernews.com/2025/01/beware-fake-captcha-campaign-spreads.html Ex-CIA Analyst Pleads Guilty to Sharing Top-Secret Data with Unauthorized Parties https://thehackernews.com/2025/01/ex-cia-analyst-pleads-guilty-to-sharing.html 烏克蘭電腦緊急應變團隊提出警告，有人假冒他們的名義要求透過AnyDesk存取用戶電腦 https://www.ithome.com.tw/news/167117 CERT-UA Warns of Cyber Scams Using Fake AnyDesk Requests for Fraudulent Security Audits https://thehackernews.com/2025/01/cert-ua-warns-of-cyber-scams-using-fake.html E.研究報告/工具事件檢測：案例 A 高中 SEO 中毒攻擊事件事件檢測：案例 B 大學 SEO 中毒攻擊事件事件檢測：案例 C 大學 SEO 中毒攻擊事件 https://portal.cert.tanet.edu.tw/docs/pdf/2025010801015757363564577204841.pdf 研究人員揭露ChatGPT漏洞，攻擊者有機會藉由HTTP請求發動DDoS攻擊 https://securityonline.info/chatgpt-crawler-vulnerability-ddos-attacks-via-http-requests/ How to Bring Zero Trust to Wi-Fi Security with a Cloud-based Captive Portal https://thehackernews.com/2025/01/how-to-bring-zero-trust-to-wi-fi.html How to Eliminate Identity-Based Threats https://thehackernews.com/2025/01/eliminate-identity-based-threats.html F.商業 Palo Alto Networks預測 2025 年雲端安全趨勢 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11560 2024企業資安前瞻論壇：迎向複雜資安威脅的新時代 SIEM、SASE、API Security三大解決方案深度剖析 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11548 F5公布 2025 預測：AI 競速時代 - 智慧擴展、安全性和信任 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11557 微軟於Windows Insider Canary頻道擴大測試管理員防護功能 https://www.ithome.com.tw/news/167032 Google釋出OSV-SCALIBR程式庫，強化開源軟體漏洞檢測 https://www.ithome.com.tw/news/167105 G.政府攜手高市府資訊處、中山大資安研究中心打造大南方科技廊道的數位盾牌 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11570 資安署24年12月資安月報：政府機關網站實兵演練揭三大弱點，VPN安全成焦點 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11572 預算遭大砍4成，數位部表示將影響打詐、通訊韌性基礎建設及資通安全 https://www.ithome.com.tw/news/167141 臺馬海纜服務中斷，數發部表示已啟用備援機制微波通訊因應 https://www.ithome.com.tw/news/167116 黃彥男等到寶　蔡福隆年後轉升資安署長、林志吉將接金管會主秘 https://new7.storm.mg/article/5314272 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安美國CISA發布OT安全採購指南：強調12項關鍵產品安全要素 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11563 研究人員指出ABB大樓控制系統存在超過1千項弱點 https://www.securityweek.com/researcher-says-abb-building-control-products-affected-by-1000-vulnerabilities/ 威聯通為NAS設備修補檔案同步工具Rsync弱點 https://www.bleepingcomputer.com/news/security/qnap-fixes-six-rsync-vulnerabilities-in-hbs-nas-backup-recovery-app/ 針對威聯通9月修補的NAS漏洞，研究人員公布概念驗證程式碼 https://securityonline.info/cve-2024-53691-poc-exploit-released-for-severe-qnap-rce-flaw/ 汽車漏洞挖掘競賽Pwn2Own Automotive 2025於日本東京舉行 https://www.bleepingcomputer.com/news/security/hackers-exploit-16-zero-days-on-first-day-of-pwn2own-automotive-2025/ Moxa工業交換器存在重大層級漏洞，攻擊者有機會繞過身分驗證機制 https://www.ithome.com.tw/news/167097 普萊德一款工業交換器存在重大漏洞，攻擊者有機會用來遠端執行任意程式碼 https://www.ithome.com.tw/news/167094 I.教育訓練資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 Saturday AI Hangout with Zack Lim 2025/1/25 https://www.meetup.com/internet-entrepreneurs-network-vietnam/events/305234530/ Focus and Take Action - Entrepreneurs and Digital Nomads 2025/1/26 https://www.meetup.com/taipei-accountability-group/events/rjcdptyhccbjc/ Algorithms Study Group! 2025/1/28 https://www.meetup.com/codeseoul/events/305093942/ Chinese Linguistics, History, and Etymology 2025/1/29 https://www.meetup.com/formosa-technology-and-philosophy-symposium/events/mkgkptyhccbmc/ HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會淡水 2025/1/30 https://www.meetup.com/hackingthursday/events/psspctyhccbnc/ HackingThursday 固定聚會台北場 Taipei 2025/1/30 https://www.meetup.com/hackingthursday/events/fcmtntyhccbnc/ IC TAIWAN GRAND CHALLENGE: GLOBAL CALL FOR PROPOSALS 2025/1/31 https://www.meetup.com/meetups-hk-science-park/events/304872613/ Advanced Scrum Case Study 2025/2/1 https://www.meetup.com/silicon-valley-professional-scrum-bangkok/events/ghffptyhcdbcb/ Focus and Take Action - Entrepreneurs and Digital Nomads 2025/2/2 https://www.meetup.com/taipei-accountability-group/events/rjcdptyhcdbdb/ Algorithms Study Group! 2025/2/4 https://www.meetup.com/codeseoul/events/305093944/ Chinese Linguistics, History, and Etymology 2025/2/5 https://www.meetup.com/formosa-technology-and-philosophy-symposium/events/mkgkptyhcdbhb/ 自動化新視界：解鎖流程優化與工具整合實用策略課堂 2025/2/8 ~ 2025/2/15 https://www.accupass.com/event/2412020803131836788493 Advanced Scrum Case Study 2025/2/15 https://www.meetup.com/silicon-valley-professional-scrum-bangkok/events/ghffptyhcdbtb/ [Online] Philippine Bitcoin meetup 2025/2/20 https://www.meetup.com/philippine-bitcoiners/events/300961130/ 第八屆《Hit AI & Blockchain》人工智慧暨區塊鏈產業高峰會 2025/2/20 https://www.accupass.com/event/2411261044223773652370 Advanced Scrum Case Study 2025/3/1 https://www.meetup.com/silicon-valley-professional-scrum-bangkok/events/ghffptyhcfbcb/ DEVCORE CONFERENCE 2025 2025/3/15 https://devcore.kktix.cc/events/devcoreconf2025 [Online] Philippine Bitcoin meetup 2025/3/20 https://www.meetup.com/philippine-bitcoiners/events/304057810/