###### tags: `資安事件新聞週報` # 資安事件新聞週報 2025/8/4 ~ 2025/8/8 1.重大弱點漏洞/後門/Exploit/Zero Day CyberArk身分驗證資料管理平臺Conjur存在資安漏洞，攻擊者可進行串連，從而遠端執行任意程式碼 https://www.ithome.com.tw/news/170495 CISA Adds 3 D-Link Vulnerabilities to KEV Catalog Amid Active Exploitation Evidence https://thehackernews.com/2025/08/cisa-adds-3-d-link-router-flaws-to-kev.html Exchange Server混合環境存在重大提權攻擊漏洞 https://www.ithome.com.tw/news/170498 Microsoft Discloses Exchange Server Flaw Enabling Silent Cloud Access in Hybrid Setups https://thehackernews.com/2025/08/microsoft-discloses-exchange-server.html SonicWall防火牆零時差漏洞攻擊升溫，勒索軟體Akira加入戰局 https://www.ithome.com.tw/news/170409 SonicWall 防火牆遭 Akira 勒索軟體大規模攻擊，疑似零日漏洞遭利用 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12095 針對勒索軟體Akira疑似鎖定SonicWall防火牆零時差漏洞的攻擊行動，有新的調查結果出爐 https://thehackernews.com/2025/08/sonicwall-investigating-potential-ssl.html SonicWall Investigating Potential SSL VPN Zero-Day After 20+ Targeted Attacks Reported https://thehackernews.com/2025/08/sonicwall-investigating-potential-ssl.html SonicWall Confirms Patched Vulnerability Behind Recent VPN Attacks, Not a Zero-Day https://thehackernews.com/2025/08/sonicwall-confirms-patched.html NVIDIA Triton Bugs Let Unauthenticated Attackers Execute Code and Hijack AI Servers https://thehackernews.com/2025/08/nvidia-triton-bugs-let-unauthenticated.html 趨勢科技企業端點防護軟體Apex One爆2項RCE漏洞，已發現攻擊行動 https://www.ithome.com.tw/news/170467 Trend Micro Confirms Active Exploitation of Critical Apex One Flaws in On-Premise Systems https://thehackernews.com/2025/08/trend-micro-confirms-active.html Base44「vibe coding」爆重大認證漏洞 可完全繞過SSO存取受保護的應用程式 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12078 WordPress佈景主題Alone存在重大漏洞，已被用於實際攻擊行動 https://www.ithome.com.tw/news/170422 Adobe緊急修補電子表單平臺AEM Forms零時差漏洞 https://www.ithome.com.tw/news/170441 AI程式碼編輯器Cursor存在資安漏洞CurXecute，恐被用於提示注入攻擊 https://www.ithome.com.tw/news/170455 Dell商務筆電特定晶片存在漏洞，攻擊者恐藉此竊取敏感資料，影響逾100款機種、數百萬臺電腦曝險 https://hackread.com/dell-laptop-models-vulnerabilities-impacting-millions/ 蘋果發布多個作業系統平臺更新，修補已遭利用的Chrome零時差漏洞 https://www.ithome.com.tw/news/170408 Google Project Zero測試新漏洞揭露政策，將提早公布部分細節 https://www.ithome.com.tw/news/170415 2.銀行/金融/保險/證券/金融監理 新聞及資安 統一資訊揮軍金融圈，AI 結合資安！首辦金融資安趨勢研討會吸引高層關注 https://www.techbang.com/posts/124759-unisoft-ai-cybersecurity-finance-seminar 詐團人頭戶轉向法人戶？金管會要求銀行落實認識客戶 https://www.cna.com.tw/news/afe/202508070241.aspx 金管會擬修法打詐 建立銀行與 VASP 跨業照會機制 https://money.udn.com/money/story/5613/8923917 希臘各家銀行目前正共同研究「共用 ATM」模式 https://www.ttv.com.tw/finance/view/082025071114221683B7DAFC40769EC6C42437EF2EC2542E/587#google_vignette 中信銀獲准開辦「開放銀行第三階段業務」　新增跨平台交易功能 https://finance.ettoday.net/news/3010241 3.信用卡/電子支付/行動支付/pay/支付系統/資安 中國簡訊詐騙集團鎖定全球支付卡，利用數位錢包詐騙 https://www.ithome.com.tw/news/170503 Apple Pay遭Fintiv提告 指控蘋果盜用其行動錢包技術 https://www.technice.com.tw/techmanage/infosecurity/187144/ 行動支付決戰海外 LINE Pay搶進韓國鐵道各車站 https://reurl.cc/0W96Nb 公私協力！第三方支付公會推動產業自律 https://www.technice.com.tw/techmanage/digicom/186296/ 北韓平壤電子支付成主流　現金交易已成稀有現象 https://www.knews.com.tw/news/424AC497A756E85EAC3AA1238AD029BF 6月澳門零售業電子支付交易額 同比下跌1.5% https://www.aastocks.com/tc/stocks/news/aafn-con/ZT1327449/latest-news/ZHITONG 電子支付何時才普及？ 北市公有市場還有排隊名店要現金付 https://udn.com/news/story/7323/8924320 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 150個Firefox市集的延伸套件恐榨乾用戶的加密貨幣 https://www.bleepingcomputer.com/news/security/wave-of-150-crypto-draining-extensions-hits-firefox-add-on-store/ GreedyBear Steals $1M in Crypto Using 150+ Malicious Firefox Wallet Extensions https://thehackernews.com/2025/08/greedybear-steals-1m-in-crypto-using.html 川普放行401(k)退休基金投資數位資產 https://www.ithome.com.tw/news/170502 中國人民銀行要求金融機構：區塊鏈+AI納入「基礎設施」 https://www.blocktempo.com/china-finance-blockchain-ai-industrial-upgrade/ 薩爾瓦多暗示推出「比特幣銀行」，總統顧問：BTC 勢不可擋 https://www.blocktempo.com/el-salvador-bitcoin-bank/ 虛擬資產保管業務 四銀行試辦 https://www.ctee.com.tw/news/20250808700116-439901 國泰世華銀行能存比特幣了！試辦首波獲准，鎖定高淨值客戶 https://www.blocktempo.com/cathay-united-bank-crypto-custody/ 歐盟銀行加密持倉草案出爐！持有 BTC 需設定 1,250% 風險權重 https://abmedia.io/eu-bank-crypto-holding-rules-btc-risk-weight-1250 自2020年以來，全球主要銀行在區塊鏈領域投資超1000億美元 https://hao.cnyes.com/post/186573 賽場接連出現綠色「性玩具」 加密貨幣組織承認博宣傳 https://udn.com/news/story/7002/8926833 北斗警查獲加密貨幣詐騙面交 進而向上逮獲收水手 https://reurl.cc/9n71md Bybit加密貨幣洞察報告：全面解析Project Crypto https://www.taiwannews.com.tw/zh/news/6175073 加密貨幣監管新紀元——香港、美國、歐盟、新加坡穩定幣相關法規生效後，律所的新戰局 https://hao.cnyes.com/post/186520 穩定幣值得推嗎？兆豐金董座吐實：對消費者不公平，大企業更不該用 https://smart.businessweekly.com.tw/Reading/IndepArticle.aspx?id=6020084 送暖水患受災戶！幣安宣布空投3500萬加密幣　限這6縣市用戶 https://today.line.me/tw/v3/article/mWVlL8m 985學歷不如1萬粉絲，小紅書正成為加密貨幣交易所的新獵場 https://www.blocktempo.com/crypto-exchanges-target-xiaohongshu/ 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 兩家資安業者惡意網址檢測服務遭濫用，駭客用來隱藏有效酬載 https://www.ithome.com.tw/news/170420 勒索軟體加入利用SharePoint零時差漏洞的行列 https://www.bleepingcomputer.com/news/security/ransomware-gangs-join-attacks-targeting-microsoft-sharepoint-servers/ 勒索軟體DevMan聲稱一口氣對4家臺灣企業下手 https://www.ithome.com.tw/news/170463 微軟公布惡意程式逆向工程AI代理人Project Ire原型 https://www.ithome.com.tw/news/170481 新型竊密軟體Shuyal鎖定19款瀏覽器　連Tor等隱私瀏覽器也難逃 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12089 視訊鏡頭和麥克風存取通知也有假的！Lazarus用於從事社交工程攻擊，散布PyLangGhost RAT https://gbhackers.com/lazarus-hackers-use-fake-camera-microphone/ 北韓駭客鎖定軟體開發及IT領域的求職者而來，意圖透過JavaScript惡意軟體滲透美國企業組織 https://gbhackers.com/chollima-apt-group-targets-job-seekers-and-organizations/ UAC-0099鎖定烏克蘭軍方而來，透過HTA檔案散布惡意程式載入工具MatchBoil https://gbhackers.com/uac-0099-hackers-weaponize-hta-files/ 8組勒索軟體駭客透過新的迴避偵測工具繞過EDR防護 https://www.bleepingcomputer.com/news/security/new-edr-killer-tool-used-by-eight-different-ransomware-groups/ 美國 CISA 釋出免費惡意軟體分析工具：Thorium https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12094 中國駭客Silver Fox聲稱提供Google翻譯工具，意圖散布惡意程式 https://gbhackers.com/silver-fox-hackers-exploit-weaponized-google-translate-tools/ 中國駭客組織Mustang Panda假借提供瀏覽器安裝程式，意圖散布後門ToneShell https://gbhackers.com/mustang-panda-targets-windows-users/ 中國駭客組織Storm-2603透過自帶驅動程式手法，散布惡意程式ak47c2 https://gbhackers.com/storm-2603-deploys-custom-malware-using-byovd/ Storm-2603 Deploys DNS-Controlled Backdoor in Warlock and LockBit Ransomware Attacks https://thehackernews.com/2025/08/storm-2603-exploits-sharepoint-flaws-to.html 西亞電信業去年遭中國駭客CL-STA-0969長期網攻，採用近10種專屬工具輪番滲透 https://www.ithome.com.tw/news/170407 中國駭客組織CL-STA-0969利用後門程式Plague透過SSH入侵Linux伺服器，濫用身分驗證模組PAM匿蹤 https://www.ithome.com.tw/news/170475 CL-STA-0969 Installs Covert Malware in Telecom Networks During 10-Month Espionage Campaign https://thehackernews.com/2025/08/cl-sta-0969-installs-covert-malware-in.html Malicious Go, npm Packages Deliver Cross-Platform Malware, Trigger Remote Data Wipes https://thehackernews.com/2025/08/malicious-go-npm-packages-deliver-cross.html SocGholish Malware Spread via Ad Tools; Delivers Access to LockBit, Evil Corp, and Others https://thehackernews.com/2025/08/socgholish-malware-spread-via-ad-tools.html CERT-UA Warns of HTA-Delivered C# Malware Attacks Using Court Summons Lures https://thehackernews.com/2025/08/cert-ua-warns-of-hta-delivered-c.html New 'Plague' PAM Backdoor Exposes Critical Linux Systems to Silent Credential Theft https://thehackernews.com/2025/08/new-plague-pam-backdoor-exposes.html AI-Generated Malicious npm Package Drains Solana Funds from 1,500+ Before Takedown https://thehackernews.com/2025/08/ai-generated-malicious-npm-package.html Akira Ransomware Exploits SonicWall VPNs in Likely Zero-Day Attack on Fully-Patched Devices https://thehackernews.com/2025/08/akira-ransomware-exploits-sonicwall.html Secret Blizzard Deploys Malware in ISP-Level AitM Attacks on Moscow Embassies https://thehackernews.com/2025/07/secret-blizzard-deploys-malware-in-isp.html 15,000 Fake TikTok Shop Domains Deliver Malware, Steal Crypto via AI-Driven Scam Campaign https://thehackernews.com/2025/08/15000-fake-tiktok-shop-domains-deliver.html Microsoft Launches Project Ire to Autonomously Classify Malware Using AI Tools https://thehackernews.com/2025/08/microsoft-launches-project-ire-to.html RubyGems, PyPI Hit by Malicious Packages Stealing Credentials, Crypto, Forcing Security Changes https://thehackernews.com/2025/08/rubygems-pypi-hit-by-malicious-packages.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 PlayPraetor Android Trojan Infects 11,000+ Devices via Fake Google Play Pages and Meta Ads https://thehackernews.com/2025/08/playpraetor-android-trojan-infects.html Google發布8月安卓例行更新，修補兩項已遭利用的高通晶片漏洞 https://thehackernews.com/2025/08/google-fixes-3-android-vulnerabilities.html 漏洞挖掘競賽Pwn2Own Ireland 2025將於10月舉行，預告為WhatApp零點擊RCE漏洞祭出最高百萬美元獎勵 https://www.bleepingcomputer.com/news/security/pwn2own-hacking-contest-pays-1-million-for-whatsapp-exploit/ Windows、安卓用戶遭到勒索軟體Anubis鎖定，駭客不僅加密檔案，也竊取帳密 https://gbhackers.com/anubis-ransomware-targets-android-and-windows-users/ 攻擊行動ClickTok鎖定抖音購物者而來 https://www.bleepingcomputer.com/news/security/ctm360-spots-malicious-clicktok-campaign-targeting-tiktok-shop-users/ 中國駭客挾持全球逾1.1萬臺安卓裝置，惡意軟體租用模式威脅持續擴大 https://www.ithome.com.tw/news/170421 Android Studio升級導入Gemini代理模式與XR開發支援 https://www.ithome.com.tw/news/170485 C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 協作及線上會議平臺遭到濫用，駭客以Zoom及Teams架設C2 https://www.bleepingcomputer.com/news/security/new-ghost-calls-tactic-abuses-zoom-and-microsoft-teams-for-c2-operations/ Fortinet 揭露大規模攻擊微軟 SharePoint 的 ToolShell 行動內幕 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12080 四大SharePoint零時差漏洞ToolShell遭4L4MD4R勒索軟體濫用 https://www.ithome.com.tw/news/170434 Cursor AI Code Editor Fixed Flaw Allowing Attackers to Run Commands via Prompt Injection https://thehackernews.com/2025/08/cursor-ai-code-editor-fixed-flaw.html 巴基斯坦駭客APT36鎖定印度鐵路、石油、政府系統而來，利用惡意PDF檔案犯案 https://gbhackers.com/apt36-hackers-target-indian-railways-oil-and-government-systems/ 越南駭客透過竊資軟體PXA，攻擊4,000個IP位址、竊得20萬組帳密 https://thehackernews.com/2025/08/vietnamese-hackers-use-pxa-stealer-hit.html 越南駭客透過竊資軟體PXA從事大規模攻擊，4,000臺電腦受害、20萬組帳密遭竊 https://www.ithome.com.tw/news/170482 Vietnamese Hackers Use PXA Stealer, Hit 4,000 IPs and Steal 200,000 Passwords Globally https://thehackernews.com/2025/08/vietnamese-hackers-use-pxa-stealer-hit.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 歹徒以普發現金為由、冒名中央存保發動網釣攻擊，意圖騙取信用卡資料 https://www.ithome.com.tw/news/170424 針對去年的Snowflake供應鏈攻擊事故，駭客也從受害組織的Salesforce實體竊取資料 https://www.theregister.com/2025/08/06/google_salesforce_attacks/ 丹麥精品業者Pandora資料外洩，恐為Salesforce相關事件最新受害品牌 https://www.ithome.com.tw/news/170438 駭客鎖定Firefox附加元件開發者發動網釣攻擊 https://www.ithome.com.tw/news/170418 思科、Google雙雙發生員工遭網釣事故，致CRM資料外洩 https://www.ithome.com.tw/news/170439 法航、荷航傳客戶資料外洩，駭客疑似入侵第三方平臺得逞 https://www.ithome.com.tw/news/170491 法國電信業者Bouygues Telecom傳出資料外洩，影響640萬名客戶 https://www.bleepingcomputer.com/news/security/bouygues-telecom-confirms-data-breach-impacting-64-million-customers/ 微軟OAuth應用程式遭冒充，攻擊者以釣魚手法繞過多因素驗證 https://www.ithome.com.tw/news/170446 Attackers Use Fake OAuth Apps with Tycoon Kit to Breach Microsoft 365 Accounts https://thehackernews.com/2025/08/attackers-use-fake-oauth-apps-with.html Fake VPN and Spam Blocker Apps Tied to VexTrio Used in Ad Fraud, Subscription Scams https://thehackernews.com/2025/08/fake-vpn-and-spam-blocker-apps-tied-to.html E.研究報告/工具 You Are What You Eat: Why Your AI Security Tools Are Only as Strong as the Data You Feed Them https://thehackernews.com/2025/08/you-are-what-you-eat-why-your-ai.html Man-in-the-Middle Attack Prevention Guide https://thehackernews.com/2025/08/man-in-middle-attack-prevention-guide.html The Wild West of Shadow IT https://thehackernews.com/2025/08/the-wild-west-of-shadow-it.html Misconfigurations Are Not Vulnerabilities: The Costly Confusion Behind Security Risks https://thehackernews.com/2025/08/misconfigurations-are-not.html How Top CISOs Save Their SOCs from Alert Chaos to Never Miss Real Incidents https://thehackernews.com/2025/08/how-top-cisos-save-their-socs-from.html Researchers Uncover ECScape Flaw in Amazon ECS Enabling Cross-Task Credential Theft https://thehackernews.com/2025/08/researchers-uncover-ecscape-flaw-in.html F.商業 Palo Alto Networks 宣布收購 CyberArk https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12087 Claude Code支援GitHub，AI自動安全審查即時提供漏洞修正建議 https://www.ithome.com.tw/news/170483 趨勢科技在黑帽大會展現AI資安創新，虛擬紅藍隊為主要焦點，另強調重視資料安全與Agentic SIEM的發展 https://www.ithome.com.tw/news/170465 IBM宣稱新一代Power11伺服器可在1分鐘內偵測勒索軟體 https://www.ithome.com.tw/news/169959 PyPI推新規防堵ZIP混淆攻擊保護Python套件安全 https://www.ithome.com.tw/news/170489 Gemini CLI GitHub Actions上線，AI助自動化程式開發與團隊協作 https://www.ithome.com.tw/news/170486 蘋果在美投資總額擴大至6,000億美元，要在美國建置端至端晶片供應鏈 https://www.ithome.com.tw/news/170472 G.政府 國內首次啟動災害漫遊機制，臺南七股、嘉義布袋8月7日將啟動災害漫遊 https://www.ithome.com.tw/news/170448 勞動力發展數位平台 提供AI、物聯網、Python課程 https://udn.com/news/story/7269/8924519 數發部「數據賦能 公益創新」再升級 NGO/NPO與政府機關雙軌輔導新登場 https://moda.gov.tw/press/press-releases/16988 APEC發表首份數位AI部長宣言！數發部長黃彥男提臺灣AI生態系 https://www.technice.com.tw/issues/ai/187148/ AI WAVE SHOW 周四登場 數位發展部數位產業署打造四大主題館 https://money.udn.com/money/story/5612/8903739 數位發展部攜手民間推動次世代通訊應用 「星韌通訊」展現臺灣自主衛星通訊與資安整合實力 https://moda.gov.tw/ADI/news/latest-news/16942 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 Niagara 框架存在嚴重資安漏洞 威脅全球智慧建築與工業控制系統 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12077 Honeywell 修復 Experion PKS 系統漏洞！未更新恐致工業製程遭操控 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12098 Silicon Labs成為首家通過PSA 4級認證的物聯網晶片商 https://reurl.cc/yAYm8M NineSmart與Uniforce聯合推出智能物業及保安解決方案 https://itpromag.com/2025/08/08/ninesmart-uniforce/ 環境物聯網受關注 加速應用落地商轉 https://reurl.cc/daLe3y 新研究：有趣與社群討論度是採用 IoT 的首要考量，其次是易用與有幫助 https://today.line.me/tw/v3/article/zNkX0zj Airfide 於日本 COMNEXT 展會推出搭載摩爾斯微電子Wi-Fi HaLow 的佔用感測器 https://www.ithome.com.tw/pr/170405 I.教育訓練 資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g EC Council CASE.NET 認證準備 https://coolmandiary.blogspot.com/2025/04/ec-council-casenet.html EC Council CASE.NET(312-95)_筆記_Module1專有名詞及定義 https://coolmandiary.blogspot.com/2021/10/ec-council-casenet312-95module1.html GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 COSCUP x RubyConf Taiwan 2025 2025/8/9 https://www.accupass.com/event/2507150546509433708170 GitLab 的真相時刻：CE 還是 EE 2025/8/13 https://www.accupass.com/event/2507140739432001286350 Build Fast, Build Smart: How Founders Can Kickstart Their MVP & Tech Stack 2025/8/13 https://www.meetup.com/manila-startup-founder-101/events/309982665/ AI 時代下的系統分析與設計的 7 堂課 2025/8/15 https://mystudyway.kktix.cc/events/analysis-for-ai HITCON 2025 台灣駭客年會 2025/8/15 ~ 2025/8/16 https://hitcon.kktix.cc/events/hitcon-2025 [ONLINE] EE Business Networking (free!) 2025/8/16 https://www.meetup.com/cebu-business-networking/events/ 物聯網資訊安全實務 2025/8/16 https://www.accupass.com/event/2506270910121558046175 用 30 分鐘學會 Apigee 全面守護資料安全 |《API 治理升級，迎戰資安與法遵挑戰》 2025/ 8/19 https://www.accupass.com/event/2507170605488819292550 Drupal PH Online Meetup (Aug. 2025): Presentation of DrupalCon Nara Japan 2025/ 8/19 https://www.meetup.com/drupal-ph/events/308865542/ Webinar Introduction: ITSM, Open Source, and a Deep Dive into iTop CMDB 2025/8/19 https://www.meetup.com/itsmbkk/events/308959293/ ONLINE 🌟 Info Session for Le Wagon's PART-TIME coding & AI bootcam ps2025/ 8/19 https://www.meetup.com/le-wagon-tokyo-coding-station/events/310223561/ 2025年8月-iPAS 資訊安全工程師(初級)能力培訓班-高雄場 2025/8/21 https://www.accupass.com/event/2504240921341381390216 Elastic AI 實戰：透過實機操作體驗主動式可觀測性與故障排除 2025/8/21 https://www.accupass.com/event/2506160332041624033313 [On-Line] AWS Global Community Gatherings #10 2025/8/22 https://www.meetup.com/awsglobalcommunitygatherings/events/307473399/ Saturday AI Hangout with Zack Lim 2025/8/23 https://www.meetup.com/internet-entrepreneurs-network-thailand/events/310143607/ NISRA Enlightened 2025 2025/8/25 ~ 2025/8/28 https://nisra.kktix.cc/events/2025enlightened 資安事件比你想像更靠近！ |《主動式防禦，從 Google SecOps 開始！》 2025/ 8/27 https://www.accupass.com/event/2507250822501753616659 MaiCoin 反詐騙講座 2025/ 8/27 https://www.accupass.com/event/2506290707563443008580 Taipei dbt Meetup #39 GenBI 2025/8/28 https://www.meetup.com/taipei-dbt-meetup/events/310250569/ API 安全開發指南：漏洞修復與授權管理實務 2025/9/11-2025/9/12 https://www.accupass.com/event/2501021422337978365160 2025年9月-iPAS 資訊安全工程師(初級)能力培訓班 2025/9/20 https://www.accupass.com/event/2505080338266282560860 ISO 27001:2022 資訊安全管理系統主導稽核員訓練課程 2025/9/22 https://www.accupass.com/event/2505190352351691427965