###### tags: `資安事件新聞週報` # 資安事件新聞週報 2024/10/14 ~ 2024/10/18 1.重大弱點漏洞/後門/Exploit/Zero Day F5 BIG-IP設備被攻擊者用於偵察、映射網路環境的伺服器 https://www.cisa.gov/news-events/alerts/2024/10/10/best-practices-configure-big-ip-ltm-systems-encrypt-http-persistence-cookies CISA Warns of Threat Actors Exploiting F5 BIG-IP Cookies for Network Reconnaissance https://thehackernews.com/2024/10/cisa-warns-of-threat-actors-exploiting.html F5 BIG-IP存在高風險存取控制繞過漏洞 https://my.f5.com/manage/s/article/K000140061%20https://offsec.almond.consulting/privilege-escalation-f5-CVE-2024-45844.html F5 BIG-IP 存在高風險弱點 CVE-2024-45844 https://nvd.nist.gov/vuln/detail/CVE-2024-45844 https://my.f5.com/manage/s/article/K000140061 Juniper Networks Junos OS https://nvd.nist.gov/vuln/detail/CVE-2024-39515 https://nvd.nist.gov/vuln/detail/CVE-2024-39516 https://nvd.nist.gov/vuln/detail/CVE-2024-39525 https://nvd.nist.gov/vuln/detail/CVE-2024-39547 https://nvd.nist.gov/vuln/detail/CVE-2024-47491 https://nvd.nist.gov/vuln/detail/CVE-2024-47497 https://nvd.nist.gov/vuln/detail/CVE-2024-47499 https://nvd.nist.gov/vuln/detail/CVE-2024-47504 https://nvd.nist.gov/vuln/detail/CVE-2024-47490 https://nvd.nist.gov/vuln/detail/CVE-2024-47502 https://nvd.nist.gov/vuln/detail/CVE-2024-39563 SonicWall https://nvd.nist.gov/vuln/detail/CVE-2024-45316 趨勢科技資安閘道系統Cloud Edge修補命令注入漏洞 https://www.ithome.com.tw/news/165565 Cisco ATA 190 Series 存在高風險弱點 https://nvd.nist.gov/vuln/detail/CVE-2024-20421 https://nvd.nist.gov/vuln/detail/CVE-2024-20458 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multi-RDTEqRsy 逾8萬臺Fortinet設備曝露於今年2月公告的RCE漏洞 https://securityonline.info/thousands-of-fortinet-devices-remain-exposed-to-rce-cve-2024-23113-vulnerability/ 兆勤警告防火牆設備遭到鎖定，攻擊者利用已知漏洞建立SSL VPN通道 https://www.ithome.com.tw/news/165487 Palo Alto Expedition中的多個弱點導致防火牆憑證暴露 https://www.ithome.com.tw/news/165424 https://security.paloaltonetworks.com/PAN-SA-2024-0010 Oracle WebLogic Server存在高風險弱點CVE-2024-21216、CVE-2024-21274 https://nvd.nist.gov/vuln/detail/CVE-2024-21216 https://nvd.nist.gov/vuln/detail/CVE-2024-21274 https://www.oracle.com/security-alerts/cpuoct2024.html Oracle MySQL 存在高風險弱點CVE-2024-21272 https://nvd.nist.gov/vuln/detail/CVE-2024-21272 https://www.oracle.com/security-alerts/cpuoct2024.html Critical Patch Update for October 2024 https://www.oracle.com/security-alerts/cpuoct2024.html?source=:em:gbc:ie:cpo:::RC_WWMK210714P00017:SEV400368871 CVE-2024-37404: Ivanti Connect Secure - Authenticated RCE via OpenSSL CRLF Injection https://blog.amberwolf.com/blog/2024/october/cve-2024-37404-ivanti-connect-secure-authenticated-rce-via-openssl-crlf-injection/ GitHub修補重大層級的SAML身分驗證繞過漏洞 https://securityonline.info/github-enterprise-server-patches-critical-security-flaw-cve-2024-9487-cvss-9-5/ GitHub Patches Critical Flaw in Enterprise Server Allowing Unauthorized Instance Access https://thehackernews.com/2024/10/github-patches-critical-flaw-in.html AIM LINE Marketing Platform存在高風險弱點CVE-2024-9982 https://nvd.nist.gov/vuln/detail/CVE-2024-9982 https://www.twcert.org.tw/en/cp-139-8147-eb650-2.html https://www.twcert.org.tw/tw/cp-132-8146-497a2-1.html VMware HCX存在高風險弱點CVE-2024-38814 https://nvd.nist.gov/vuln/detail/CVE-2024-38814 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25019 Splunk修補重大層級的RCE漏洞 https://securityonline.info/github-enterprise-server-patches-critical-security-flaw-cve-2024-9487-cvss-9-5/ 微軟發佈10月份安全性公告 https://www.cisa.gov/news-events/alerts/2024/10/08/microsoft-releases-october-2024-security-updates https://msrc.microsoft.com/update-guide/releaseNote/2024-Oct Microsoft 推出 2024 年 10 月 Patch Tuesday 每月例行更新修補包 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11305 Windows核心漏洞遭伊朗駭客OilRig用於提升權限，便於後續植入後門程式 https://www.ithome.com.tw/news/165484 OilRig Exploits Windows Kernel Flaw in Espionage Campaign Targeting UAE and Gulf https://thehackernews.com/2024/10/oilrig-exploits-windows-kernel-flaw-in.html 國家級駭客利用Ivanti CSA漏洞進行網路滲透 https://www.ithome.com.tw/news/165506 Iranian threat actor OilRig is exploiting a Windows Kernel https://thehackernews.com/2024/10/oilrig-exploits-windows-kernel-flaw-in.html Microsoft Outlook bug blocks email logins, causes app crashes https://www.bleepingcomputer.com/news/microsoft/microsoft-outlook-bug-blocks-email-logins-causes-app-crashes/ New Critical GitLab Vulnerability Could Allow Arbitrary CI/CD Pipeline Execution https://thehackernews.com/2024/10/new-critical-gitlab-vulnerability-could.html Tor瀏覽器用戶遭到Firefox零時差漏洞鎖定 https://blog.torproject.org/new-release-tails-6-8-1/ SAP發布10月例行更新，呼籲用戶儘速修補BusinessObjects重大漏洞 https://www.ithome.com.tw/news/165435 Apache Avro軟體開發套件存在高風險漏洞，攻擊者有機會遠端於Java應用程式執行任意程式碼 https://www.ithome.com.tw/news/165423 WordPress Plugin Jetpack Patches Major Vulnerability Affecting 27 Million Sites https://thehackernews.com/2024/10/wordpress-plugin-jetpack-patches-major.html Mozilla發布Firefox更新 https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/ https://www.ithome.com.tw/news/165442 企業協作平臺Team+存在重大漏洞，攻擊者有機會進行未經授權存取、操縱檔案 https://www.ithome.com.tw/news/165528 CISA Warns of Active Exploitation in SolarWinds Help Desk Software Vulnerability https://thehackernews.com/2024/10/cisa-warns-of-active-exploitation-in.html Kubernetes映像檔製作工具存在重大漏洞，恐曝露虛擬機器root權限 https://www.ithome.com.tw/news/165546 Critical Kubernetes Image Builder Vulnerability Exposes Nodes to Root Access Risk https://thehackernews.com/2024/10/critical-kubernetes-image-builder.html SolarWinds Platform存在高風險弱點CVE-2024-45715、CVE-2024-45710 https://nvd.nist.gov/vuln/detail/CVE-2024-45715 https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-45715 https://nvd.nist.gov/vuln/detail/CVE-2024-45710 https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-45710 SolarWinds的IT服務臺系統存在重大漏洞，疑似已出現未經授權的攻擊行動 https://www.ithome.com.tw/news/165572 SolarWinds Serv-U存在高風險弱點CVE-2024-45711 https://nvd.nist.gov/vuln/detail/CVE-2024-45711 https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-45711 2023年被用來攻擊的漏洞，高達70%為零日漏洞 https://www.ithome.com.tw/news/165559 Spring框架存在路徑穿越漏洞，恐對網頁應用程式造成資安風險 https://www.ithome.com.tw/news/165567 Apache基金會修補Solr身分驗證繞過漏洞 https://securityonline.info/cve-2024-45216-critical-authentication-bypass-vulnerability-patched-in-apache-solr/ Ubuntu身分驗證元件Authd存在高風險漏洞，攻擊者有機會發動UID欺騙攻擊 https://www.ithome.com.tw/news/165548 Nvidia生成式AI框架NeMo存在缺陷，攻擊者有機會執行程式碼或竄改資料 https://nvidia.custhelp.com/app/answers/detail/a_id/5580 Apache修補雲端基礎設施CloudStack高風險漏洞 https://cloudstack.apache.org/blog/security-release-advisory-4.18.2.4-4.19.1.2/ 開源套件進入點可被攻擊者用於指令劫持 https://www.ithome.com.tw/news/165512 IBM QRadar SIEM contains multiple vulnerabilities https://www.ibm.com/support/pages/node/7173420 Cacti CVE-2024-43363 https://nvd.nist.gov/vuln/detail/CVE-2024-43363 2.銀行/金融/保險/證券/金融監理 新聞及資安 證交所25年將「應定期申報」、「可量化是否達標」納入券商資安分級防護應辦事項表 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11300 北韓駭客散布惡意軟體FASTCash，意圖洗劫提款機 https://www.ithome.com.tw/news/165497 金融木馬TrickMo入侵1.3萬臺裝置，企圖竊取螢幕解鎖資訊 https://securityonline.info/banking-trojan-trickmo-compromised-13000-devices-now-steals-device-unlock-patterns-and-pins/ Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack https://thehackernews.com/2024/10/astaroth-banking-malware-resurfaces-in.html 3.信用卡/電子支付/行動支付/pay/支付系統/資安 PayPay數位發薪服務 押注日本 https://money.udn.com/money/story/122381/8289074 HIVEX跨境支付揪Zero Pay、ICB進軍韓國！拚再現「PayPay模式」，瞄準台人醫美商機 https://www.bnext.com.tw/article/80898/tbcasoft-hivex-1st-anniversary 台灣到底有多少種電子支付？　網推這2家：滿足99%客人 https://www.ctwant.com/article/369459/ 金管會：電子支付帳戶人數2951萬！比台灣人口還多 https://www.mirrormedia.mg/external/ftnn_319951 foodpanda、Uber Eats支付新選擇！金管會鬆綁電子支付規範 https://www.gvm.com.tw/article/116245 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 FBI Creates Fake Cryptocurrency to Expose Widespread Crypto Market Manipulation https://thehackernews.com/2024/10/fbi-creates-fake-cryptocurrency-to.html 灰階研究：美國大選對加密貨幣的潛在影響 https://m.cnyes.com/news/id/5745391 香港警方搗毀涉加密貨幣詐騙涉 3.6 億港元 https://www.hk01.com/article/1066711?utm_source=01articlecopy&utm_medium=referral Crystal Intelligence與台灣虛擬資產反洗錢協會（TVA3）合作在台灣提供加密貨幣合規培訓 https://money.udn.com/money/story/123828/8297298 幣圈最怕的四個字：死亡螺旋，$LUNA 事件怎麼發生的 https://news.cnyes.com/news/id/5745383 韓國炒幣仔離婚法院可追溯「加密貨幣」財產，別想躲掉贍養費 https://abmedia.io/korean-divorce-trail-on-crypto-division Canary Capital 提交「萊特幣現貨 ETF」申請，促進加密貨幣投資可及性 https://blockcast.it/2024/10/16/canary-capital-files-s-1-for-spot-litecoin-etf/ 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 卡西歐遭勒索軟體攻擊，攻擊者也曾駭入臺灣公司 https://www.ithome.com.tw/news/165467 駭客濫用GitHub儲存庫評論埋藏惡意軟體Remcos RAT https://cofense.com/blog/tax-extension-malware-campaign OpenAI 證實 ChatGPT 遭濫用於編寫惡意軟體 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11309 勒索軟體Inc捲土重來，駭客打造Lynx從事攻擊行動 https://unit42.paloaltonetworks.com/inc-ransomware-rebrand-to-lynx/ 惡意程式HORUS Protector號稱無法被資安系統偵測，吸引打手用於攻擊行動 https://blog.sonicwall.com/en-us/2024/10/horus-protector-part-2-the-new-malware-distribution-service/ 攻擊者挾持360防毒軟體散布惡意程式SSLoad https://any.run/cybersecurity-blog/phantomloader-and-ssload-analysis/ 勒索軟體駭客聲稱竊得汽車大廠福斯內部資料，該公司表示IT基礎設施不受影響 https://www.securityweek.com/volkswagen-says-it-infrastructure-not-affected-after-ransomware-gang-claims-data-theft/ 北韓駭客ScarCruft利用IE零時差漏洞散布惡意程式 https://asec.ahnlab.com/en/83877/ 木馬程式PipeMagic透過冒牌ChatGPT散布，攻擊沙烏地阿拉伯組織 https://www.kaspersky.com/about/press-releases/kaspersky-uncovers-pipemagic-backdoor-attacks-businesses-through-fake-chatgpt-application 駭客利用偷到的憑證為惡意程式Hijack Loader簽章 https://thehackernews.com/2024/10/researchers-uncover-hijack-loader.html Critical Veeam Vulnerability Exploited to Spread Akira and Fog Ransomware https://thehackernews.com/2024/10/critical-veeam-vulnerability-exploited.html Researchers Uncover Hijack Loader Malware Using Stolen Code-Signing Certificates https://thehackernews.com/2024/10/researchers-uncover-hijack-loader.html North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware https://thehackernews.com/2024/10/north-korean-scarcruft-exploits-windows.html Lynx Ransomware: A Rebranding of INC Ransomware https://unit42.paloaltonetworks.com/inc-ransomware-rebrand-to-lynx/ Threat actors use ChatGPT to write malware https://www.bleepingcomputer.com/news/security/openai-confirms-threat-actors-use-chatgpt-to-write-malware/ North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware https://thehackernews.com/2024/10/north-korean-scarcruft-exploits-windows.html Hackers Abuse EDRSilencer Tool to Bypass Security and Hide Malicious Activity https://thehackernews.com/2024/10/hackers-abuse-edrsilencer-tool-to.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 別讓企業App成為品牌不定時炸彈！App安全風險大解析 https://www.bnext.com.tw/article/80740/digicentre 蘋果深夜爆災情！App Store無法下載應用程式 https://www.ctwant.com/article/369849/ 歐盟金融科技業交易App 搶攻散戶 https://money.udn.com/money/story/122381/8289481 因應中共頻繁擾台 陳冠廷促效法以色列開發「防空APP」 https://news.ltn.com.tw/news/politics/breakingnews/4833471 「網路詐騙通報查詢網」App第一階段公測結束 半個月通報逾2萬訊息 https://reurl.cc/WNQkXk Google反壟斷官司吞敗後再受挫 Android須開放給第三方App商店 https://www.cna.com.tw/news/aopl/202410080074.aspx Google著手推送Android 15，主打裝置防盜能力 https://www.ithome.com.tw/news/165521 C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 Cloudflare 揭史上最大規模 3.8 Tbps DDoS 攻擊 全球多產業成為目標 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11297 紅隊演練工具EDRSilencer傳出遭濫用，駭客可藉此阻斷EDR連外而無法通報異常 https://www.ithome.com.tw/news/165571 微軟宣布棄用Windows Server的PPTP、L2TP VPN通訊協定 https://www.bleepingcomputer.com/news/microsoft/microsoft-deprecates-pptp-and-l2tp-vpn-protocols-in-windows-server/ 通訊零售業者神腦國際傳出外部網路伺服器被駭客攻擊 https://mops.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=2&SPOKE_TIME=172839&SPOKE_DATE=20241016&COMPANY_ID=2450 9月俄羅斯防毒軟體業者Dr.Web遇網攻，有烏克蘭駭客聲稱是他們所為 https://www.ithome.com.tw/news/165448 OpenAI取締駭客用AI進行認知作戰 https://www.ithome.com.tw/news/165466 友訊發布重大訊息，證實外部網路伺服器遭到攻擊 https://mops.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=175238&SPOKE_DATE=20241015&COMPANY_ID=2332 中國上海大學科學家聲稱：已用量子電腦突破軍用級加密 https://reurl.cc/Or8pqD 美國FTC通過新規定，讓取消訂閱跟訂閱一樣容易 https://www.ithome.com.tw/news/165540 美國防部10月15日公布CMMC 2.0版，12月16日開始分階段實施 https://www.ithome.com.tw/news/165527 美國防部公布CMMC規則，認證等級從原先五級簡化為三級 https://www.ithome.com.tw/news/165527 Advanced Cyberattacks Against UAE and Gulf Regions https://www.trendmicro.com/en_us/research/24/j/earth-simnavaz-cyberattacks-uae-gulf-regions.html China Accuses U.S. of Fabricating Volt Typhoon to Hide Its Own Hacking Campaigns https://thehackernews.com/2024/10/china-accuses-us-of-fabricating-volt.html Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems https://thehackernews.com/2024/10/supply-chain-attacks-exploit-entry.html Bohemia and Cannabia Dark Web Markets Taken Down After Joint Police Operation https://thehackernews.com/2024/10/bohemia-and-cannabia-dark-web-markets.html OpenAI Blocks 20 Global Malicious Campaigns Using AI for Cybercrime and Disinformation https://thehackernews.com/2024/10/openai-blocks-20-global-malicious.html 國家級駭客利用Ivanti CSA漏洞進行網路滲透 https://www.ithome.com.tw/news/165506 Nation-State Attackers Exploiting Ivanti CSA Flaws for Network Infiltration https://thehackernews.com/2024/10/nation-state-attackers-exploiting.html From Misuse to Abuse: AI Risks and Attacks https://thehackernews.com/2024/10/from-misuse-to-abuse-ai-risks-and.html America v China: who controls Asia’s internet https://www.economist.com/asia/2024/10/08/america-v-china-who-controls-asias-internet U.S. Charges Two Sudanese Brothers for Record 35,000 DDoS Attacks https://thehackernews.com/2024/10/us-charges-two-sudanese-brothers-for.html SideWinder APT Strikes Middle East and Africa With Stealthy Multi-Stage Attack https://thehackernews.com/2024/10/sidewinder-apt-strikes-middle-east-and.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks https://thehackernews.com/2024/10/github-telegram-bots-and-qr-codes.html 寶可夢電玩遊戲開發商證實遭遇資料外洩事故 https://www.ithome.com.tw/news/165503 FIDO聯盟發表新規範以推動憑證可攜 https://www.ithome.com.tw/news/165496 駭客冒充Google企圖竊取Gmail用戶帳密資料 https://securityonline.info/gmail-scam-alert-hackers-spoof-google-to-steal-credentials/ 奧丁丁雲端儲存庫配置不當，近7萬臺灣旅客訂房資料曝險 https://www.ithome.com.tw/news/165514 台灣旅客個資外洩！76萬用戶資料恐遭駭客利用 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11313 駭客兜售聲稱竊自思科的開發、憑證資料，可能殃及微軟、AT&T https://www.ithome.com.tw/news/165513 超過千人受害！「4台灣人」印度大搞詐騙　姓名全被公開 https://www.ettoday.net/news/20241016/2836417.htm?from=ettoday_app FIDO Alliance Drafts New Protocol to Simplify Passkey Transfers Across Different Platforms https://thehackernews.com/2024/10/fido-alliance-drafts-new-protocol-to.html Amazon將全面擁抱Passkey https://www.ithome.com.tw/news/165515 幫使用者過濾釣魚網站，Google搜尋測試藍勾勾功能 https://www.ithome.com.tw/news/165358 E.研究報告/工具 YARA：資安研究的利器 開源工具助力惡意程式分析 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11301 導入零信任架構的五步驟：從內向外的安全策略 https://www.ithome.com.tw/news/165398 開源套件進入點可被攻擊者用於指令劫持 https://www.ithome.com.tw/news/165512 Windows Drivers Reverse Engineering Methodology https://voidsec.com/windows-drivers-reverse-engineering-methodology/ How Hybrid Password Attacks Work and How to Defend Against Them https://thehackernews.com/2024/10/how-hybrid-password-attacks-work-and.html 穿梭於秘密通道：揭密那些深藏在 VPN 的漏洞 https://teamt5.org/tw/posts/shuttling-through-secret-pipes-unveiling-vulnerabilities-in-leading-vp-ns-vpn/ Android 漏洞研究介紹 https://teamt5.org/tw/posts/introduction-to-android-vulnerability-research/ 5 Steps to Boost Detection and Response in a Multi-Layered Cloud https://thehackernews.com/2024/10/5-steps-to-boost-detection-and-response.html 5 Techniques for Collecting Cyber Threat Intelligence https://thehackernews.com/2024/10/5-techniques-for-collecting-cyber.html 5 Ways to Reduce SaaS Security Risks https://thehackernews.com/2024/01/5-ways-to-reduce-saas-security-risks.html F.商業 安永攜手UiPath推動財會部門AI自動化轉型　助企業提升效能 https://tw.nextapple.com/finance/20241017/DF3DD7AD0E61DEA4B7128E3CA86C3FE3 Amazon宣布投資核能專案 https://www.ithome.com.tw/news/165538 G.政府 非資安事件…台南市政府網站大當機 緊急修復恢復服務 https://udn.com/news/story/7323/8297060 「保護資安就是保護民主」 民進黨邀泰國智庫交流、強化數位韌性 https://newtalk.tw/news/view/2024-10-17/940602 網路詐騙通報查詢網挨批 數發部：結束公測、下架精進 https://reurl.cc/93NOWV 數位皮夾11月內測 拚明年上路 https://ec.ltn.com.tw/article/paper/1671401 數發部5年期政府AI發展戰略計畫 擬2026年啟動 https://udn.com/news/story/7238/8288783 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 CVE-2024-9570: A vulnerability was found in D-Link DIR-619L B1 2.06 and classified as critical https://github.com/dylvie/CVE-2024-9570_D-Link-DIR-619L-bof 車輛中心與德國TÜV SÜD攜手 建立自駕與資安驗證技術進軍歐盟 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11299 TXOne Networks 推出新一代Edge系列工控網路防護方案 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11306 工控製造訊息規範MMS通訊協定存在重大漏洞 https://thehackernews.com/2024/10/researchers-uncover-major-security.html 工業用路由器存在重大漏洞，臺廠Moxa發布新版韌體修補 https://www.ithome.com.tw/news/165523 國安新威脅！綠委揭中國電動車恐成政府資安破口　國安局回應了 https://www.ftvnews.com.tw/news/detail/2024A16W0098 I.教育訓練 資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 Rust 1.82 Release Party 2024/10/19 https://www.meetup.com/taipei-rust-users-group/events/303481501/ Just a chat - with no Expectations 2024/10/19 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/lsmkqsygcnbzb/ Taoyuan WordPress Café 桃園咖啡小聚 #41 2024/10/19 https://www.meetup.com/taoyuan-wordpress-meetup/events/303579694 資安沙龍活動 2024/10/22 https://csa.kktix.cc/events/s-salon Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/10/22 https://www.meetup.com/taiwan-code-camp/events/xfxtjtygcnbdc/ SyntaxError 2024/10/23 https://www.meetup.com/pythonhug/events/pqnsctygcnbfc/ 數位轉型 永續前行-永續轉型下一步，資拓宏宇打造雲端智能生態圈 2024/10/23 https://www.accupass.com/event/2409040538442023020384 破解資安挑戰：應對開發人才短缺及安全漏洞 2024/10/24 https://www.accupass.com/event/2409230215124045210950 HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會 淡水 2024/10/24 https://www.meetup.com/hackingthursday/events/psspctygcnbgc/ Vault 實戰工作坊：配置、策略與治理，打造堅不可摧的企業級資料防護 2024/10/25 https://www.accupass.com/event/2409100237076012078380 Just a chat - with no Expectations 2024/10/26 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/lsmkqsygcnbjc/ MOPCON 2024 行動科技年會 - 早鳥票 / 一般票 / 團體票 2024/10/26 - 2024/10/27 https://mopcon.kktix.cc/events/mopcon-2024 Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/10/29 https://www.meetup.com/taiwan-code-camp/events/xfxtjtygcnbmc/ Jamf Nation Live 2024 台北站 - 教育經驗分享專場 2024/10/29 https://jamf.kktix.cc/events/jamfnationlive-2024-edu HITCON Cyber Range 2024 企業藍隊－競賽導覽 2024/10/30 https://hitcon.kktix.cc/events/hitcon-cr-2024-guidedtour HITCON Enterprise 2024 台灣駭客年會 2024/10/30 https://hitcon.kktix.cc/events/hitcon-ent-2024 SyntaxError 2024/10/30 https://www.meetup.com/pythonhug/events/pqnsctygcnbnc/ Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/10/30 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/303635198/ HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會 淡水 2024/10/31 https://www.meetup.com/hackingthursday/events/psspctygcnbpc/ Just a chat - with no Expectations 2024/11/2 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/lsmkqsygcpbdb/ 【安碁學苑】資安職能培訓｜安全程式開發管理師 2024/11/23 ~ 2024/12/21 https://acsiacad.kktix.cc/events/308914 Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/11/27 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/bmzxltygcpbkc/ 【2024 RMN ASIA】AI 驅動零售變革 · RMN重新定義行銷生態 2024/11/28 https://www.accupass.com/event/2409050256092193763570 【TIRI線上董事、公司治理主管進修課程】漫談資安治理的盲點與對策 2024/11/29 https://www.accupass.com/event/2408290602361963077719 Threat Analyst Summit 2024 威脅分析師高峰會 2024/12/11 ~ 2024/12/12 https://teamt5tw.kktix.cc/events/tas2024 Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/12/25 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/bmzxltygcqbhc/