資安事件新聞週報 2024/10/21 ~ 2024/10/25

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2024/10/21 ~ 2024/10/25 1.重大弱點漏洞/後門/Exploit/Zero Day CVE-2024-23113：87,000多台Fortinet設備仍面臨攻擊風險，用戶應盡速更新 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11314 Fortinet網路設備管理平臺API漏洞出現零時差攻擊 https://www.ithome.com.tw/news/165661 針對Fortinet本週揭露的網路設備管理平臺零時差漏洞，研究人員指出6月就已遭到利用 https://www.ithome.com.tw/news/165689 Fortinet Warns of Critical Vulnerability in FortiManager Under Active Exploitation https://thehackernews.com/2024/10/fortinet-warns-of-critical.html SoincWall防火牆漏洞CVE-2024-40766傳出遭到勒索軟體Akira利用 https://securityonline.info/akira-ransomware-exploit-cve-2024-40766-in-sonicwall-sonicos/ 思科針對網路防火牆產品線的多個軟體平臺發布更新，總共修補51個弱點 https://www.ithome.com.tw/news/165693 F5 BIG-IP CVE-2024-45844 https://nvd.nist.gov/vuln/detail/CVE-2024-45844 VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability https://thehackernews.com/2024/10/vmware-releases-vcenter-server-update.html 北韓駭客ScarCruft利用IE零時差漏洞CVE-2024-38178散布惡意程式 https://www.ithome.com.tw/news/165601 北韓駭客Lazarus假借DeFi遊戲為誘餌，利用Chrome零時差漏洞CVE-2024-4947發動攻擊 https://www.ithome.com.tw/news/165669 Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices https://thehackernews.com/2024/10/lazarus-group-exploits-google-chrome.html Google發布Chrome 130更新，修補高風險漏洞 https://securityonline.info/chrome-patches-multi-vulnerabilities-in-latest-stable-release/ 5家雲端儲存平臺存在弱點，攻擊者可趁機濫用、洩露敏感資料 https://www.ithome.com.tw/news/165628 Researchers Discover Severe Security Flaws in Major E2EE Cloud Storage Providers https://thehackernews.com/2024/10/researchers-discover-severe-security.html Cisco Analog Telephone Adaptor (ATA) Software CVE-2024-20421 https://nvd.nist.gov/vuln/detail/CVE-2024-20421 Splunk Enterprise for Windows https://nvd.nist.gov/vuln/detail/CVE-2024-45731 https://nvd.nist.gov/vuln/detail/CVE-2024-45732 https://nvd.nist.gov/vuln/detail/CVE-2024-45733 Apache ActiveMQ Artemis CVE-2023-50780 https://nvd.nist.gov/vuln/detail/CVE-2023-50780 Oracle MySQL CVE-2024-21272 https://nvd.nist.gov/vuln/detail/CVE-2024-21272 Oracle WebLogic伺服器存在重大漏洞，若不處理攻擊者有機會得到完整控制權 https://securityonline.info/cve-2024-21216-cvss-9-8-oracle-weblogic-flaw-that-could-give-attackers-full-control/ Oracle Fusion Middleware https://nvd.nist.gov/vuln/detail/CVE-2024-21260 https://nvd.nist.gov/vuln/detail/CVE-2024-21234 https://nvd.nist.gov/vuln/detail/CVE-2024-21216 https://nvd.nist.gov/vuln/detail/CVE-2024-21274 Oracle Virtualization 的 Oracle VM VirtualBox CVE-2024-21259 https://nvd.nist.gov/vuln/detail/CVE-2024-21259 Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA https://www.fortinet.com/blog/threat-research/burning-zero-days-suspected-nation-state-adversary-targets-ivanti-csa Microsoft Reveals macOS Vulnerability that Bypasses Privacy Controls in Safari Browser https://thehackernews.com/2024/10/microsoft-reveals-macos-vulnerability.html 6月公布的Roundcube網頁郵件伺服器XSS漏洞，傳出駭客已用來竊取帳密資料 https://global.ptsecurity.com/analytics/pt-esc-threat-intelligence/fake-attachment-roundcube-mail-server-attacks-exploit-cve-2024-37383-vulnerability Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials https://thehackernews.com/2024/10/hackers-exploit-roundcube-webmail-xss.html CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack https://thehackernews.com/2024/10/cisa-adds-sciencelogic-sl1.html 圖像化資料分析系統Grafana修補重大漏洞，嚴重程度直逼滿分 https://www.ithome.com.tw/news/165593 群暉視訊攝影機存在重大漏洞，恐被用於DoS攻擊 https://www.synology.com/en-us/security/advisory/Synology_SA_24_17 Bitdefender防毒軟體存在重大漏洞，用戶恐曝露中間人攻擊 https://www.bitdefender.com/support/security-advisories/improper-certificate-validation-in-bitdefender-total-security-https-scanning-va-11158/ CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094) https://thehackernews.com/2024/10/cisa-warns-of-active-exploitation-of.html Windows 11 KB5044380 preview update lets you remap the Copilot key https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5044380-preview-update-lets-you-remap-the-copilot-key/ 美國警告SharePoint漏洞CVE-2024-38094出現實際攻擊行動 https://thehackernews.com/2024/10/cisa-warns-of-active-exploitation-of.html 針對微軟6月修補的一系列核心層級漏洞，資安業者Devcore警告可被用來提升權限 https://securityonline.info/microsoft-windows-flaw-cve-2024-30090-poc-exploit-published-posing-system-privilege-threat/ 微軟7月修補的遠端登錄檔漏洞WinReg，若不處理攻擊者可發動NTLM中繼攻擊 https://www.bleepingcomputer.com/news/security/exploit-released-for-new-windows-server-winreg-ntlm-relay-attack/ IBM QRadar Assistant App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities https://www.ibm.com/support/pages/node/7174015 IBM SOAR QRadar Plugin App is vulnerable to using components with known vulnerabilities https://www.ibm.com/support/pages/node/7174016 針對顯示晶片驅動程式，Nvidia修補8項高風險漏洞 https://www.securityweek.com/nvidia-patches-high-severity-flaws-in-windows-linux-graphics-drivers/ 蘋果修補macOS的HM Surf漏洞，目前已有嘗試利用的跡象 https://www.ithome.com.tw/news/165640 2.銀行/金融/保險/證券/金融監理新聞及資安一次資安事件就可能造成25億美元損失風險！歐洲的銀行機構如何預防數位金融中的資安漏洞 https://www.cio.com.tw/a-one-off-security-incident-could-put-a-2-5-billion-risk-of-loss-how-can-european-banking-institutions-prevent-the-security-gaps-in-digital-finance/ 金融木馬Grandoreiro變種鎖定墨西哥而來 https://thehackernews.com/2024/10/new-grandoreiro-banking-malware.html New Grandoreiro Banking Malware Variants Emerge with Advanced Tactics to Evade Detection https://thehackernews.com/2024/10/new-grandoreiro-banking-malware.html 刑事局與國泰金簽意向書合作再升級國泰世華阻詐位金融業之冠 https://reurl.cc/34VqxX Latrodectus 惡意程式攻擊升溫，金融、汽車與醫療產業成主要目標 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11333 律師游光德夥台銀行員組詐團騙179人億餘元首腦求處13年 https://udn.com/news/story/7321/8313093 合庫銀行2025年徵才計畫展開招募百名專業人才 https://today.line.me/tw/v2/article/oq3DoaP 3.信用卡/電子支付/行動支付/pay/支付系統/資安杜絕信用卡盜刷盜綁行動支付綁卡變麻煩 https://reurl.cc/WN9rp9 台灣人均擁1.26個電支帳戶！　「電子支付用戶數」排名大公開 https://finance.ettoday.net/news/2838779 把錢存放行動支付成風潮但有這個疑慮 https://www.worldjournal.com/wj/story/122985/8299645 Apple Pay滿10歲！使用者遍及全球78個市場蘋果追加新功能「付款更方便」 https://tech.udn.com/tech/story/123154/8301469 台人最愛用電子支付「是這款」！用戶數破656萬人 https://reurl.cc/nvgGLe 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 Michael Saylor支持銀行託管比特幣，Vitalik開嗆胡說八道：這不是加密精神 https://www.blocktempo.com/michael-saylors-support-for-bank-custody-of-bitcoin-is-rebutted-by-vitalik/ 中國突傳已破解加密貨幣？量子計算機「首次」威脅結構算法！全球研究市場炸鍋 https://hk.investing.com/news/economic-indicators/article-666675 印尼延長加密貨幣交易所獲取許可證期限 https://www.hk01.com/article/1069040?utm_source=01articlecopy&utm_medium=referral Chainalysis：加密商業服務在歐洲部分地區蓬勃發展 https://news.cnyes.com/news/id/5751712 日本民主黨選舉承諾將加密貨幣分離課稅上限 20%，推動日本為 Web3 強國 https://abmedia.io/japans-democratic-party-pledges-to-lower-crypto-tax-to-20 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC Ransom.Win64.CICADA.YXEHE 勒索病毒 https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.win64.cicada.yxehe 機車零配件廠豐祥遭受攻擊，傳出部分檔案遭到加密 https://mops.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=170123&SPOKE_DATE=20241022&COMPANY_ID=5288 日本馬達大廠尼得科傳出遭到勒索軟體攻擊，疑VPN帳密外流釀禍 https://www.ithome.com.tw/news/165644 越南駭客鎖定經營Meta廣告的從業人員，散布惡意程式Ducktail、Quasar RAT https://securityonline.info/ducktail-quasar-rat-vietnamese-threat-actors-target-meta-ads-professionals/ 惡意軟體Perfctl鎖定曝露的Docker API而來 https://securityonline.info/exposed-docker-apis-under-attack-new-malware-campaign-deploys-perfctl/ 木馬程式DarkVision RAT藉由載入工具PureCrypter Loader散布 https://thehackernews.com/2024/10/new-malware-campaign-uses-purecrypter.html 5月遭執法單位圍剿的惡意軟體Bumblebee傳出已捲士重來 https://www.bleepingcomputer.com/news/security/bumblebee-malware-returns-after-recent-law-enforcement-disruption/ 以Rust打造的Embargo勒索軟體鎖定美國企業而來 https://securityonline.info/new-rust-based-embargo-ransomware-threatens-us-companies-with-advanced-attack-techniques/ 勒索軟體Cicada3301鎖定VMware虛擬化平臺、NAS設備而來 https://www.ithome.com.tw/news/165625 勒索軟體NotLockBit鎖定macOS電腦而來 https://www.securityweek.com/notlockbit-ransomware-can-target-macos-devices/ 有人冒用LockBit名號發動勒索軟體攻擊，將竊得資料外傳AWS S3儲存桶 https://thehackernews.com/2024/10/ransomware-gangs-use-lockbits-fame-to.html FASTCash for Linux https://doubleagent.net/fastcash-for-linux/ 惡意軟體Hijack Loader攻擊出現變化，駭客結合ClickFix社交工程手法引誘使用者上勾 https://www.elastic.co/security-labs/tricks-and-treats HijackLoader evolution: abusing genuine signing certificates https://harfanglab.io/insidethelab/hijackloader-abusing-genuine-certificates/ Redirect Notice https://otx.alienvault.com/pulse/67164b71f4e08252fb08f5a9 The Mobile Malware Chronicles: Necro.N - Volume 101 https://www.zimperium.com/blog/the-necro-n-chronicles-volume-101/ https://github.com/Zimperium/IOC/blob/master/2024-10-Necro.N/domains.csv Inside the Latrodectus Malware Campaign https://www.forcepoint.com/blog/x-labs/inside-latrodectus-malware-phishing-campaign The Will of D: A Deep Dive into Divulge Stealer, Dedsec Stealer, and Duck Stealer https://www.cyfirma.com/research/the-will-of-d-a-deep-dive-into-divulge-stealer-dedsec-stealer-and-duck-stealer/ Crystal Rans0m: Hybrid ransomware with stealer capabilities https://outpost24.com/blog/crystal-ransom-hybrid-ransomware/ Fog Ransomware – Technical Analysis https://darkatlas.io/blog/fog-ransomware-technical-analysis Russian RomCom Attacks Target Ukrainian Government with New SingleCamper RAT Variant https://thehackernews.com/2024/10/russian-romcom-attacks-target-ukrainian.html Researchers Uncover Cicada3301 Ransomware Operations and Its Affiliate Program https://thehackernews.com/2024/10/cross-platform-cicada3301-ransomware.html Crypt Ghouls Targets Russian Firms with LockBit 3.0 and Babuk Ransomware Attacks https://thehackernews.com/2024/10/crypt-ghouls-targets-russian-firms-with.html Bumblebee and Latrodectus Malware Return with Sophisticated Phishing Strategies https://thehackernews.com/2024/10/bumblebee-and-latrodectus-malware.html Malicious npm Packages Target Developers' Ethereum Wallets with SSH Backdoor https://thehackernews.com/2024/10/malicious-npm-packages-target.html Ransomware Gangs Use LockBit's Fame to Intimidate Victims in Latest Attacks https://thehackernews.com/2024/10/ransomware-gangs-use-lockbits-fame-to.html Akira ransomware continues to evolve https://blog.talosintelligence.com/akira-ransomware-continues-to-evolve/ Inside the Latrodectus Malware Campaign https://www.forcepoint.com/blog/x-labs/inside-latrodectus-malware-phishing-campaign B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊三星行動裝置SoC存在零時差漏洞，Google警告已遭到積極利用 https://www.darkreading.com/endpoint-security/samsung-zero-day-vuln-under-active-exploit-google-warns 三星修補已遭濫用的行動處理器Exynos漏洞 https://www.ithome.com.tw/news/165660 華為發表切割Android的HarmonyOS NEXT正式版 https://www.ithome.com.tw/news/165664 C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力未妥善揭露2020年SolarWinds供應鏈攻擊，Unisys與Check Point等4家業者遭SEC罰款 https://www.ithome.com.tw/news/165641 Internet Archive傳出再度遭駭 https://www.ithome.com.tw/news/165594 逾6千個WordPress網站遭到入侵，駭客用來從事ClickFix攻擊 https://www.bleepingcomputer.com/news/security/over-6-000-wordpress-hacked-to-install-plugins-pushing-infostealers/ 資安業者ESET以色列合作夥伴傳出遭攻擊，駭客企圖散布資料破壞軟體 https://www.ithome.com.tw/news/165629 自行車業者美利達傳出電子郵件系統帳號遭到攻擊 https://mops.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=155757&SPOKE_DATE=20241021&COMPANY_ID=9914 輪胎製造商正新加拿大子公司資訊系統遭到網路攻擊 https://mops.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=160407&SPOKE_DATE=20241021&COMPANY_ID=2105 被動元件製造商華新科技遭到網路攻擊 https://mops.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=142357&SPOKE_DATE=20241023&COMPANY_ID=2492 駭客組織 GoldenJackal開發專門入侵實體隔離系統的工具集，鎖定攻擊政府機構 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11316 微軟將在 Windows Server棄用 PPTP 和 L2TP VPN 協議 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11311 揭露中共資助2大駭客組織　國安局：駭侵政府、高機敏單位竊資或癱瘓破壞 https://www.storm.mg/article/5255002 國安局示警共軍謀奪取基礎設施控制權發動網攻 https://udn.com/news/story/10930/8308355 北韓IT人員到歐美企業遠距任職引發危機，可能導致商業機密遭竊、勒索 https://www.ithome.com.tw/news/165679 俄羅斯駭客傳出對日本DDoS攻擊，起因是美國與日本將進行軍事演習 https://www.bankinfosecurity.com/military-exercises-trigger-russian-ddos-attacks-on-japan-a-26561 俄羅斯遭駭客Crypt Ghouls鎖定，散布勒索軟體LockBit 3.0、Babuk https://securelist.com/crypt-ghouls-hacktivists-tools-overlap-analysis/114217/ 中國駭客組織IcePeony利用SQL注入手法，針對亞洲國家網頁伺服器下手 https://www.ithome.com.tw/news/165649 中國駭客APT41鎖定賭博、遊戲產業發動攻擊 https://www.ithome.com.tw/news/165606 U.S. and Allies Warn of Iranian Cyberattacks on Critical Infrastructure in Year-Long Campaign https://thehackernews.com/2024/10/us-and-allies-warn-of-iranian.html North Korean IT Workers in Western Firms Now Demanding Ransom for Stolen Data https://thehackernews.com/2024/10/north-korean-it-workers-in-western.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全資安業者警告，多個熱門行動程式直接將AWS與Azure憑證寫入程式中 https://www.ithome.com.tw/news/165656 聯合國資料庫配置不當，曝露228 GB性暴力受害者資料 https://hackread.com/misconfigured-un-database-gender-violence-victims-data/ 台灣旅客個資外洩！76萬用戶資料恐遭駭客利用 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11313 Beware of phishing emails impersonating major domestic entertainment agencies https://asec.ahnlab.com/ko/83863/ 社交工程攻擊ClickFix正在蔓延，駭客透過冒牌Google Meet網頁散布竊資軟體 https://www.ithome.com.tw/news/165599 Beware: Fake Google Meet Pages Deliver Infostealers in Ongoing ClickFix Campaign https://thehackernews.com/2024/10/beware-fake-google-meet-pages-deliver.html Gophish Framework Used in Phishing Campaigns to Deploy Remote Access Trojans https://thehackernews.com/2024/10/gophish-framework-used-in-phishing.html Security Flaw in Styra's OPA Exposes NTLM Hashes to Remote Attackers https://thehackernews.com/2024/10/security-flaw-in-styras-opa-exposes.html Why Phishing-Resistant MFA Is No Longer Optional: The Hidden Risks of Legacy MFA https://thehackernews.com/2024/10/why-phishing-resistant-mfa-is-no-longer.html E.研究報告/工具地緣政治引發DDoS攻擊的有效防禦之道 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11318 5 Ways to Reduce SaaS Security Risks https://thehackernews.com/2024/01/5-ways-to-reduce-saas-security-risks.html Guide: The Ultimate Pentest Checklist for Full-Stack Security https://thehackernews.com/2024/10/guide-ultimate-pentest-checklist-for.html A Comprehensive Guide to Finding Service Accounts in Active Directory https://thehackernews.com/2024/10/a-comprehensive-guide-to-finding.html Researchers Reveal 'Deceptive Delight' Method to Jailbreak AI Models https://thehackernews.com/2024/10/researchers-reveal-deceptive-delight.html Think You're Secure? 49% of Enterprises Underestimate SaaS Risks https://thehackernews.com/2024/10/think-youre-secure-49-of-enterprises.html Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks https://thehackernews.com/2024/10/cybercriminals-exploiting-docker-api.html Researchers Reveal 'Deceptive Delight' Method to Jailbreak AI Models https://thehackernews.com/2024/10/researchers-reveal-deceptive-delight.html F.商業「代理」兼「特工」：NVIDIA 發布網路安全新藍圖 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11317 Palo Alto Networks：透過人工智慧驅動的網路安全加速5G https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11319 資安業者Sophos宣布以8.59億美元買下Secureworks https://news.sophos.com/en-us/2024/10/21/sophos-to-acquire-secureworks-to-accelerate-cybersecurity-services-and-technology-for-organizations-worldwide IBM推Guardium Data Security Center強化量子運算、AI與雲端資料安全 https://www.ithome.com.tw/news/165655 IBM提出智慧金融藍圖透過生成式AI打造參與式銀行 https://udn.com/news/story/7239/8313517 Google開源SynthID Text https://www.ithome.com.tw/news/165662 Amazon子公司eero發表戶外Wi-Fi路由器Outdoor 7 https://www.ithome.com.tw/news/165663 為強化Apple Intelligence雲端運算安全，蘋果祭出抓漏獎勵 https://www.ithome.com.tw/news/165690 Sophos宣布以8.59億美元買下資安廠商Secureworks https://www.ithome.com.tw/news/165636 G.政府中鋼用AI驅動數位轉型，以4大對策克服少子化缺工、經驗傳承難題 https://www.ithome.com.tw/news/165653 資安即國安賴總統：持續提升資安產業發展 https://money.udn.com/money/story/5613/8311178 賴清德：台灣是境外網路攻擊一級戰區盼提升整體資安能力 https://reurl.cc/dyZ4mz 數位部展示高空氣球通訊平臺，可為災區或偏鄉建立通訊網路 https://www.ithome.com.tw/news/165673 數發部強化台灣通訊韌性，拚年底衛星 24 小時通訊 https://reurl.cc/ReMv3g H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安美國CISA：駭客使用「簡易手法」攻擊工控系統 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11291 TXOne Networks推出Edge V2.1版　強化工控網路安全 https://tw.nextapple.com/finance/20241008/C5FF99A44B4B59A293A081525AEBFF69 資安成工控體系轉型升級關鍵　工業物聯網控管風險不損效率 IT融合OT實踐數位應用　安全營運接軌國際標準 https://www.netadmin.com.tw/netadmin/zh-tw/trend/FD897C3068C1442080C6D5381A4BB472#google_vignette 天生一對：AI 與物聯網 (IoT) https://www.cio.com.tw/born-to-a-pair-ai-and-the-internet-of-things-iot/ Synaptics擴大在台業務量能全力衝刺 IoT 物聯網以及邊緣 AI 領域 https://money.udn.com/money/story/5612/8311032 I.教育訓練資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 Just a chat - with no Expectations 2024/10/26 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/lsmkqsygcnbjc/ MOPCON 2024 行動科技年會 - 早鳥票 / 一般票 / 團體票 2024/10/26 - 2024/10/27 https://mopcon.kktix.cc/events/mopcon-2024 Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/10/29 https://www.meetup.com/taiwan-code-camp/events/xfxtjtygcnbmc/ Jamf Nation Live 2024 台北站 - 教育經驗分享專場 2024/10/29 https://jamf.kktix.cc/events/jamfnationlive-2024-edu HITCON Cyber Range 2024 企業藍隊－競賽導覽 2024/10/30 https://hitcon.kktix.cc/events/hitcon-cr-2024-guidedtour HITCON Enterprise 2024 台灣駭客年會 2024/10/30 https://hitcon.kktix.cc/events/hitcon-ent-2024 SyntaxError 2024/10/30 https://www.meetup.com/pythonhug/events/pqnsctygcnbnc/ Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/10/30 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/303635198/ HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會淡水 2024/10/31 https://www.meetup.com/hackingthursday/events/psspctygcnbpc/ Just a chat - with no Expectations 2024/11/2 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/lsmkqsygcpbdb/ 【安碁學苑】資安職能培訓｜安全程式開發管理師 2024/11/23 ~ 2024/12/21 https://acsiacad.kktix.cc/events/308914 Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/11/27 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/bmzxltygcpbkc/ 【2024 RMN ASIA】AI 驅動零售變革 · RMN重新定義行銷生態 2024/11/28 https://www.accupass.com/event/2409050256092193763570 【TIRI線上董事、公司治理主管進修課程】漫談資安治理的盲點與對策 2024/11/29 https://www.accupass.com/event/2408290602361963077719 Threat Analyst Summit 2024 威脅分析師高峰會 2024/12/11 ~ 2024/12/12 https://teamt5tw.kktix.cc/events/tas2024 Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/12/25 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/bmzxltygcqbhc/