###### tags: `資安事件新聞週報` # 資安事件新聞週報 2025/3/3 ~ 2025/3/7 1.重大弱點漏洞/後門/Exploit/Zero Day VMware 發布多個產品的安全更新 https://www.ithome.com.tw/news/167667 https://nvd.nist.gov/vuln/detail/CVE-2025-22224 https://nvd.nist.gov/vuln/detail/CVE-2025-22225 https://nvd.nist.gov/vuln/detail/CVE-2025-22226 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390 已遭利用的漏洞CVE-2025-22224揭露後，全球目前有超過4萬臺VMware ESXi執行個體曝險 https://www.ithome.com.tw/news/167706 VMware修補虛擬化平臺3項零時差漏洞，風險程度最高達到9.3分 https://www.ithome.com.tw/news/167667 VMware Security Flaws Exploited in the Wild—Broadcom Releases Urgent Patches https://thehackernews.com/2025/03/vmware-security-flaws-exploited-in.html QRadar Pulse application add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities (CVE-2024-52798, CVE-2024-47764) https://www.ibm.com/support/pages/node/7184955 FlashSystem、Storwize儲存陣列用戶注意！IBM修補Storage Virtualize儲存平臺漏洞，包括繞過身分驗證的重大漏洞 https://www.ithome.com.tw/news/167719 IBM FlashSystem（IBM Storage Virtualize ) https://nvd.nist.gov/vuln/detail/CVE-2025-0159 https://nvd.nist.gov/vuln/detail/CVE-2025-0160 Cisco, Hitachi, Microsoft, and Progress Flaws Actively Exploited—CISA Sounds Alarm https://thehackernews.com/2025/03/cisco-hitachi-microsoft-and-progress.html Vim文字編輯器修補透過tar檔案執行惡意指令漏洞 https://www.ithome.com.tw/news/167720 Vim修補與TAR壓縮檔有關的弱點，恐被用於觸發任意程式碼執行 https://securityonline.info/vim-users-warned-crafted-tar-files-could-trigger-code-execution-cve-2025-27423/ Google、Mozilla發布Chrome 134、Firefox 136新版瀏覽器，修補高風險越界存取漏洞 https://www.ithome.com.tw/news/167705 Mozilla Updates Firefox Terms Again After Backlash Over Broad Data License Language https://thehackernews.com/2025/03/mozilla-updates-firefox-terms-again.html Firefox新條款允許Mozilla存取用戶輸入內容惹議 https://www.ithome.com.tw/news/167617 MITRE Caldera 存在最高風險遠端程式碼執行漏洞，所有版本受影響 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11675 整合即時通訊軟體交談功能的WordPress外掛存在10分漏洞，攻擊者有機會挾持整個網站 https://securityonline.info/cve-2025-26776-cvss-10-in-chaty-pro-plugin-exposes-thousands-of-wordpress-sites-to-takeover/ PHP-CGI RCE Flaw Exploited in Attacks on Japan's Tech, Telecom, and E-Commerce Sectors https://thehackernews.com/2025/03/php-cgi-rce-flaw-exploited-in-attacks.html Elastic修補Kibana危險程度近乎滿分的漏洞，攻擊者有機會用來執行任意程式碼 https://www.ithome.com.tw/news/167726 Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution https://thehackernews.com/2025/03/elastic-releases-urgent-fix-for.html Nvidia修補人工智慧運算平臺HGX高風險漏洞，若不處理攻擊者有機會以管理員身分存取 https://securityonline.info/cve-2024-0114-nvidia-addresses-high-severity-hmc-vulnerability/ 自動化行銷平臺Mautic存在重大漏洞，攻擊者有機會遠端執行任意程式碼、刪除任意檔案 https://www.ithome.com.tw/news/167669 容器管理平臺Rancher存在高風險漏洞，恐被用於未經授權存取、阻斷服務攻擊 https://securityonline.info/flaws-in-rancher-cve-2025-23388-cve-2025-23389-expose-kubernetes-environments-to-attacks/ 伺服器管理平臺Webmin存在漏洞，攻擊者有機會繞過SSL憑證驗證流程 https://securityonline.info/webmin-vulnerability-allows-bypassing-of-ssl-certificate-authentication/ 2.銀行/金融/保險/證券/金融監理 新聞及資安 金融木馬TgToxic迴避偵測手法翻新，透過論壇隱匿C2蹤跡 https://thehackernews.com/2025/02/new-tgtoxic-banking-trojan-variant.html 引據規範並滾動調整，完善 AI 金融應用及風險治理 https://www.cio.com.tw/85981/ 華南銀行從A到A+全面升級 打造防詐網絡與客戶服務雙重體驗 https://market.ltn.com.tw/article/17171 270萬用戶注意！1銀行「大砍帳戶常用功能」，新規定3/29起生效，轉帳時要留意了 https://www.storm.mg/lifestyle/5321412 台灣警示帳戶狂增3萬戶！詐騙最愛用金融機構出爐　這銀行不再是「人頭戶冠軍」 https://www.storm.mg/article/5333124 警方顧ATM成常態？ 銀行啟動人臉辨識還需等這步 https://reurl.cc/geLvjR 香港金管局：留意由華僑銀行發出有關欺詐網站的新聞稿 https://hk.epochtimes.com/news/2025-03-07/55133142 3.信用卡/電子支付/行動支付/pay/支付系統/資安 LINE　Pay　跨境支付攜手韓國「樂天超市」拓展跨境版圖 https://news.housefun.com.tw/news/article/107365457110.html Orange Money布基納法索擴大與Comviva的合作，推動下一代行動支付服務 https://news.pchome.com.tw/internation/xpm/20250306/index-17412406203320260011.html 馬來西亞數位交易服務 開展電子支付與證券市場整合 https://www.ctee.com.tw/news/20250227700130-439901 信用卡詐騙防不勝防？中信銀行推「刷卡安全提醒」 https://inews.setn.com/news/1619502 下一世代的信用卡戰場在晶片卡的附加價值思考 https://ithome.com.tw/news/11139 日本4月起刷卡須「輸入4位PIN碼」！台灣銀行被打爆　達人揭真相 https://news.tvbs.com.tw/life/2783868 假身分訂高鐵票盜刷信用卡轉賣　7嫌海撈1300萬士檢起訴 https://cnews.com.tw/224250306a01/ 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 川普簽署行政命令以建立戰略性比特幣儲備 https://www.ithome.com.tw/news/167725 薩爾瓦多廢除列比特幣為法定貨幣 修法不到4年即以失敗告終 https://news.pts.org.tw/article/740626 今晚幣圈兩件大事定漲跌！川普將比特幣納入戰略儲備開啓新時代 https://www.binance.com/zh-TC/square/post/21222559731137 難怪川普要成立「儲備」！美國「10 年賣掉 19.5 萬枚比特幣」錯失 166 億美元 https://blockcast.it/2025/03/07/us-governments-sale-of-confiscated-bitcoin-over-the-years-cost-taxpayers-billions/ 迪拜最大銀行Emirates NBD推出加密貨幣交易服務 https://www.mitrade.com/zh/insights/news/live-news/article-3-682023-20250307 U.S. Secret Service Seizes Russian Garantex Crypto Exchange Website https://thehackernews.com/2025/03/us-secret-service-seizes-russian.html Safe{Wallet} Confirms North Korean TraderTraitor Hackers Stole $1.5 Billion in Bybit Heist https://thehackernews.com/2025/03/safewallet-confirms-north-korean.html 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC PolarEdge 殭屍網路鎖定台灣：華碩、QNAP 和 Synology 設備面臨嚴重威脅 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11683 殭屍網路PolarEdge綁架華碩、威聯通、群輝網路設備 https://thehackernews.com/2025/02/polaredge-botnet-exploits-cisco-and.html 微軟Graph API、SharePoint同時遭到濫用，駭客發起ClickFix攻擊，意圖散布惡意程式框架Havoc https://www.ithome.com.tw/news/167735 微軟Graph API、SharePoint同時遭到濫用，駭客發起ClickFix攻擊，意圖散布C2框架Havoc https://thehackernews.com/2025/03/hackers-use-clickfix-trick-to-deploy.html 醫院面對勒索軟體攻擊的應變指南 https://hisac.nat.gov.tw/news?272 醫院被駭！蘇一峰自曝遭勒索「價值百萬比特幣」 揭最後悔1事 https://www.chinatimes.com/realtimenews/20250306003853-260405?chdtv 2025年3月彰化基督教醫院遭勒索軟體攻擊事件歷程總整理（持續更新中） https://www.ithome.com.tw/news/167671 衛福部公布彰基資安事故調查結果，指出該院遭到勒索軟體Crazy Hunter攻擊 https://www.ithome.com.tw/news/167677 勒索軟體駭客Crazy Hunter兜售大量馬偕醫院病人資訊 https://www.ithome.com.tw/news/167687 彰化基督教醫院二二八連假遭到網路攻擊，病毒取得管理權限造成部分主機當機 https://www.ithome.com.tw/news/167641 1月攻擊印度Tata Technologies的兇手浮出檯面，勒索軟體Hunters International聲稱是他們所為 https://www.ithome.com.tw/news/167672 勒索軟體駭客利用磁碟分割工具弱點從事自帶驅動程式攻擊 https://www.bleepingcomputer.com/news/security/ransomware-gangs-exploit-paragon-partition-manager-bug-in-byovd-attacks/ 勒索軟體Medusa今年已有超過40家企業組織受害，最高可能索討1,500萬美元贖金 https://thehackernews.com/2025/03/medusa-ransomware-hits-40-victims-in.html 中國、美國西岸的ISP被盯上，駭客對4千個IP位址發動攻擊，企圖部署竊資軟體及挖礦軟體 https://thehackernews.com/2025/03/over-4000-isp-networks-targeted-in.html 源自中國的竊資軟體Zhong Stealer鎖定金融科技業，透過客服對話散布 https://hackread.com/chinese-zhong-stealer-infects-fintech-customer-support/ 勒索軟體駭客組織Black Basta、Cactus透過惡意軟體BackConnect持續在受害組織活動 https://www.trendmicro.com/en_us/research/25/b/black-basta-cactus-ransomware-backconnect.html 針對惡意程式FinalDraft的攻擊行動，傳出是中國駭客組織所為 https://gbhackers.com/multi-vector-malware-exploiting-outlook-api-dns-icmp/ 駭客組織EncryptHub透過木馬化應用程式、惡意軟體散布服務，意圖散布勒索軟體、竊資軟體 https://thehackernews.com/2025/03/encrypthub-deploys-ransomware-and.html 臺灣企業收到聲稱抽查稅務的電子郵件請小心！駭客組織假冒國稅局散布惡意軟體Winos 4.0 https://www.ithome.com.tw/news/167619 隸屬於RansomHub、BlackSuit旗下駭客團體攻入超過600家企業組織，透過遠端管理工具植入竊資軟體、勒索軟體 https://www.bleepingcomputer.com/news/security/encrypthub-breaches-618-orgs-to-deploy-infostealers-ransomware/ 上網搜尋使用者手冊要小心！有人意圖利用假的CAPTCHA、惡意PDF檔案散布竊資軟體 https://thehackernews.com/2025/02/5000-phishing-pdfs-on-260-domains.html Fake CAPTCHA PDFs Spread Lumma Stealer via Webflow, GoDaddy, and Other Domains https://thehackernews.com/2025/02/5000-phishing-pdfs-on-260-domains.html Sticky Werewolf Uses Undocumented Implant to Deploy Lumma Stealer in Russia and Belarus https://thehackernews.com/2025/02/sticky-werewolf-uses-undocumented.html The New Ransomware Groups Shaking Up 2025 https://thehackernews.com/2025/03/the-new-ransomware-groups-shaking-up.html 惡意軟體Vo1d鎖定智慧電視而來，全球160萬臺電視遭到入侵 https://www.ithome.com.tw/news/167623 Vo1d Botnet's Peak Surpasses 1.59M Infected Android TVs, Spanning 226 Countries https://thehackernews.com/2025/03/vo1d-botnets-peak-surpasses-159m.html Chinese APT Lotus Panda Targets Governments With New Sagerunex Backdoor Variants https://thehackernews.com/2025/03/chinese-apt-lotus-panda-targets.html Seven Malicious Go Packages Found Deploying Malware on Linux and macOS Systems https://thehackernews.com/2025/03/seven-malicious-go-packages-found.html Researchers Link CACTUS Ransomware Tactics to Former Black Basta Affiliates https://thehackernews.com/2025/03/researchers-link-cactus-ransomware.html Over 1,000 WordPress Sites Infected with JavaScript Backdoors Enabling Persistent Attacker Access https://thehackernews.com/2025/03/over-1000-wordpress-sites-infected-with.html Dark Caracal Uses Poco RAT to Target Spanish-Speaking Enterprises in Latin America https://thehackernews.com/2025/03/dark-caracal-uses-poco-rat-to-target.html This Malicious PyPI Package Stole Ethereum Private Keys via Polygon RPC Transactions https://thehackernews.com/2025/03/this-malicious-pypi-package-stole.html EncryptHub Deploys Ransomware and Stealer via Trojanized Apps, PPI Services, and Phishing https://thehackernews.com/2025/03/encrypthub-deploys-ransomware-and.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 Google發布3月安卓例行更新，修補2項零時差漏洞 https://www.ithome.com.tw/news/167657 塞爾維亞警方尋求鑑識公司協助，利用零時差漏洞解鎖安卓手機 https://www.bleepingcomputer.com/news/security/serbian-police-used-cellebrite-zero-day-hack-to-unlock-android-phones/ Amnesty Finds Cellebrite's Zero-Day Used to Unlock Serbian Activist's Android Phone https://thehackernews.com/2025/02/amnesty-finds-cellebrites-zero-day.html Google's March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities https://thehackernews.com/2025/03/googles-march-2025-android-security.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 富采控股旗下子公司晶成半導體VPN系統遭到攻擊 https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=154332&SPOKE_DATE=20250304&COMPANY_ID=3714 友輝光電、新織實業資訊系統遭遇網路攻擊 https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=165943&SPOKE_DATE=20250227&COMPANY_ID=4933 https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=2&SPOKE_TIME=163448&SPOKE_DATE=20250227&COMPANY_ID=1409 駭客組織JavaGhost鎖定AWS等雲端環境錯誤配置下手，濫用AWS服務從事網釣攻擊 https://securityonline.info/javaghosts-persistent-phishing-attacks-exploiting-cloud-environments-for-long-term-access/ 美國起訴中國資安業者安洵信息的員工，並指控該公司為中國軍情單位提供駭客服務 https://www.ithome.com.tw/news/167717 U.S. Charges 12 Chinese Nationals in State-Backed Hacking Operations https://thehackernews.com/2025/03/us-charges-12-chinese-nationals-in.html 微軟示警中國駭客組織Silk Typhoon攻擊IT供應鏈，威脅企業雲端安全 https://www.ithome.com.tw/news/167715 China-Linked Silk Typhoon Expands Cyber Attacks to IT Supply Chains for Initial Access https://thehackernews.com/2025/03/china-linked-silk-typhoon-expands-cyber.html 中國駭客Lotus Blossom鎖定臺灣、菲律賓、越南等國家，散布後門程式Sagerunex https://www.ithome.com.tw/news/167712 攻擊美政府、機構 駭1個帳戶獲酬逾萬元 10中國人被起訴 https://www.worldjournal.com/wj/story/121470/8589074 菲律賓軍隊傳出網路環境遭到駭客組織Exodus Security攻擊 https://therecord.media/philippines-army-confirms-hack 比利時軍情單位傳出遭中國駭客入侵，疑為利用Barracuda郵件安全閘道零時差漏洞下手 https://www.bleepingcomputer.com/news/security/belgium-probes-chinese-hack-behind-intelligence-service-breach/ Suspected Iranian Hackers Used Compromised Indian Firm's Email to Target U.A.E. Aviation Sector https://thehackernews.com/2025/03/suspected-iranian-hackers-used.html Over 4,000 ISP IPs Targeted in Brute-Force Attacks to Deploy Info Stealers and Cryptominers https://thehackernews.com/2025/03/over-4000-isp-networks-targeted-in.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 最新詐騙手法！只憑1張卡「痛失2000萬」　台北房產遭抵押 https://news.tvbs.com.tw/life/2550486 防詐機制必須更普遍落實在各種連網設備上，Google提供新的做法 https://www.ithome.com.tw/news/167668 雙重威脅：微軟打擊 LLMjacking；1.2 萬組 API 密鑰在大語言模型訓練資料公開 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11686 開發人員在大型語言模型的培訓資料曝露1.2萬組API密碼 https://thehackernews.com/2025/02/12000-api-keys-and-passwords-found-in.html Microsoft Exposes LLMjacking Cybercriminals Behind Azure AI Abuse Scheme https://thehackernews.com/2025/02/microsoft-exposes-llmjacking.html 12,000+ API Keys and Passwords Found in Public Datasets Used for LLM Training https://thehackernews.com/2025/02/12000-api-keys-and-passwords-found-in.html Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail https://thehackernews.com/2025/03/hackers-exploit-aws-misconfigurations.html E.研究報告/工具 RDP: a Double-Edged Sword for IT Teams – Essential Yet Exploitable https://thehackernews.com/2025/02/rdp-double-edged-sword-for-it-teams.html How New AI Agents Will Transform Credential Stuffing Attacks https://thehackernews.com/2025/03/how-new-ai-agents-will-transform.html Outsmarting Cyber Threats with Attack Graphs https://thehackernews.com/2025/03/outsmarting-cyber-threats-with-attack.html F.商業 A10 Networks 收購 ThreatX Protect 擴展產品組合 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11679 思科推出簡潔性、安全性和人工智慧就緒的解決方案 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11680 安碁資訊發佈戰略發展計劃 聚焦AI與雲端安全 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11669 MWC：聯發科、高通展示5G-Advanced數據機晶片，5G網速推升至12Gbps https://www.ithome.com.tw/news/167745 2025全球資安局勢大解析 https://www.ithome.com.tw/article/167734 微軟棄用古老的DES加密，希望Windows用戶換用AES https://www.techbang.com/posts/121706-windows-11-24h2-windows-server-2025-des G.政府 資安署25年1月資安月報：駭客假冒資安院發動社交工程攻擊 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11674 資安院揭露DeepSeek AI測試結果，證實抵禦越獄攻擊的能力不足，且模型缺乏外加安全防護機制 https://www.ithome.com.tw/news/167647 數發部揭露2025打詐工作目標，將著重查核業者身分及驗證合規 https://www.ithome.com.tw/news/167596 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 物聯網設備成內網資安軟肋！勒索軟體駭客Akira被EDR攔下，竟轉向缺乏防護的網路攝影機下手 https://www.ithome.com.tw/news/167723 近5萬個智慧門禁管理系統配置錯誤，曝露於網際網路任人存取 https://www.bleepingcomputer.com/news/security/over-49-000-misconfigured-building-access-systems-exposed-online/ I.教育訓練 資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 Atlassian x Canva社群分享會 Women Talk 數位創新管理經驗談 2025/3/8 https://www.meetup.com/taipei-atlassian-community-events/events/306188088/ Communication skills 2025/3/8 https://www.meetup.com/i-t-social-cafe/events/306393224/ Dart Programming Workshop for Mobile Developers 2025/3/8 https://www.meetup.com/ffdg-seoul/events/306342698/ Build an Enterprise RAG App Locally with DeepSeek-R1 & Ollama-No Cloud, No Cost! 2025/3/8 https://www.meetup.com/cloud-experts-group/events/306401417/ Coffee & Code 2025/3/8 https://www.meetup.com/innovate-taiwan/events/306339574/ 2025年資安教育免費線上課程 2025/3/11 https://acsiacad.kktix.cc/events/9fbd241c 迎戰AI時代 零信任重塑資安格局 2025/3/12 https://www.accupass.com/event/2502070639411668728700 How to Land a Software Engineering Job in 2025 2025/3/13 https://www.meetup.com/shanghai-startup-idea-to-ipo/events/306112008/ 從設計、開發到部署：AI 時代下的安全開發策略 2025/3/13 https://www.accupass.com/event/2501230205491979359914 數位時代的法律新思維：從市場競爭到科技監管 2025/3/13 https://www.accupass.com/event/2502190651501680073059 AWS Innovate Online Conference 2025/3/13 https://www.meetup.com/meetups-hk-science-park/events/306132116/ 2025 資安長零信任的第一堂課（三月場）2025/3/13 https://jamf.kktix.cc/events/applexjamf-2025march Rust Programming Meetup 2025/3/13 https://www.meetup.com/taipei-rust-users-group/events/306393950/ Microsoft Season of AI - Best of AI @ Ignite 2024 (Season 3) 2025/3/13 https://www.meetup.com/phinug/events/305836109/ Risk-based testing (RBT) of software: test safer, work smarter. 2025/3/13 https://www.meetup.com/qa-guild-by-mgm-vietnam/events/306413131/ Identities are the new passwords 2025/3/13 https://www.meetup.com/manageengine-hong-kong-events/events/306433229/ 打穩安全的根基：深入威脅建模與自動化測試實務 2025/3/13-2025/3/14 https://www.accupass.com/event/2412190125131865336269 Global AI Bootcamp 2025, Philippines 2025/3/15 https://www.meetup.com/cloud-experts-group/events/303711073/ Global AI Bootcamp - Taipei 2025 2025/3/15 https://www.meetup.com/rladies-taipei/events/305281979/ DEVCORE CONFERENCE 2025 2025/3/15 https://devcore.kktix.cc/events/devcoreconf2025 2025智慧城市展-中保科技論壇 2025/3/18 - 2025/3/20 https://www.accupass.com/event/2502260646281183236650 DevSecOps 革新：開創全面威脅檢測與快速響應的新時代 2025/3/19 https://www.accupass.com/event/2502030327553680337280 Taipei dbt Meetup #34 for all folks working with data! (Hybrid 👫 + 🧑‍💻)2025/3/19 https://www.meetup.com/taipei-dbt-meetup/events/306252998/ How to Build a Consulting Side Hustle with AI In One Weekend 2025/3/19 https://www.meetup.com/shanghai-startup-idea-to-ipo/events/306152486/ How to Build AI Skills For Your Career 2025/3/20 https://www.meetup.com/shanghai-startup-idea-to-ipo/events/306113277/ [Online] Philippine Bitcoin meetup 2025/3/20 https://www.meetup.com/philippine-bitcoiners/events/304057810/ Workshop: Building a Quiz App with Angular & TypeScript 2025/3/21 https://www.meetup.com/treelevel-io/events/306204363/ 『投資型詐騙－科技防禦最前線』論壇 2025/3/21 https://www.accupass.com/event/2502140610163598385850 OWASP Meetup 高雄線上 2025/3/21 https://csa.kktix.cc/events/owasp20250321-live OWASP Meetup 高雄實體 2025/3/21 https://csa.kktix.cc/events/owasp20250321 Lunch & Learn: Test Automation for Complete Beginners 2025/3/24 https://www.meetup.com/magicpod-community/events/306394705/ Chinese Linguistics, History, and Etymology 2025/3/25 https://www.meetup.com/formosa-technology-and-philosophy-symposium/events/305061650/ AI EXPO Taiwan 2025 2025/3/26 https://aiexpo2025.kktix.cc/events/aiexpo2025 企業 IT 必修課：虛擬化備援 + 弱點掃描，打造無縫資安防護 2025/4/11 https://mstech.kktix.cc/events/d41efa20