資安事件新聞週報 2025/7/14 ~ 2025/7/18

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2025/7/14 ~ 2025/7/18 1.重大弱點漏洞/後門/Exploit/Zero Day FortiWeb重大漏洞已出現濫用活動 https://www.ithome.com.tw/news/170108 Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257) https://thehackernews.com/2025/07/fortinet-releases-patch-for-critical.html CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises https://thehackernews.com/2025/07/cisa-adds-citrix-netscaler-cve-2025.html 思科網路存取控制平臺ISE用戶注意！不到一個月，又有另一個滿分資安漏洞要修補 https://www.ithome.com.tw/news/170123 Cisco Warns of Critical ISE Flaw Allowing Unauthenticated Attackers to Execute Root Code https://thehackernews.com/2025/07/cisco-warns-of-critical-ise-flaw.html Symantec Endpoint Management存在高風險弱點CVE-2025-5333 https://nvd.nist.gov/vuln/detail/CVE-2025-5333 https://www.tenable.com/cve/CVE-2025-5333 https://radar.offseq.com/threat/cve-2025-5333-vulnerability-in-broadcom-symantec-i-f5a1b248 https://www.lrqa.com/en/cyber-labs/remote-code-execution-in-broadcom-altiris-irm/ VMware修補虛擬化平臺重大層級的資安漏洞 https://www.ithome.com.tw/news/170081 Oracle發布2025第三季更新，修補309個漏洞 https://gbhackers.com/oracle-issues-critical-update/ ServiceNow Flaw CVE-2025-3648 Could Lead to Data Exposure via Misconfigured ACLs https://thehackernews.com/2025/07/servicenow-flaw-cve-2025-3648-could.html Microsoft 推出 2025年7月 Patch Tuesday 每月例行更新修補包 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12031 Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild https://thehackernews.com/2025/07/critical-wing-ftp-server-vulnerability.html Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads https://thehackernews.com/2025/07/critical-mcp-remote-vulnerability.html 技嘉主機板存在弱點，攻擊者可用於繞過安全開機 https://www.bleepingcomputer.com/news/security/gigabyte-motherboards-vulnerable-to-uefi-malware-bypassing-secure-boot/ 駭客聲稱握有WinRAR零時差漏洞，開價8萬美元 https://gbhackers.com/winrar-0%E2%80%91day-exploit-listed/ Google Gemini存在資安弱點，恐產生含有惡意內容的電子郵件摘要 https://www.bleepingcomputer.com/news/security/google-gemini-flaw-hijacks-email-summaries-for-phishing/ Google Gemini漏洞可被濫用，顯示詐騙信件內容 https://www.ithome.com.tw/news/170075 Meta Llama防火牆存在漏洞，攻擊者可透過提示注入繞過 https://gbhackers.com/researchers-bypass-metas-llama-firewall/ Google證實AI代理可幫忙找資安漏洞，SQLite零時差漏洞因此浮出檯面 https://www.ithome.com.tw/news/170101 Zimbra Collaboration Suite (ZCS) 存在高風險弱點 https://nvd.nist.gov/vuln/detail/CVE-2025-53645 https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.15#Security_Fixes https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.9#Security_Fixes https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P46#Security_Fixes https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories Chrome 138更新修補已被用於攻擊的GPU零時差漏洞 https://www.ithome.com.tw/news/170078 Urgent: Google Releases Critical Chrome Update for CVE-2025-6558 Exploit Active in the Wild https://thehackernews.com/2025/07/urgent-google-releases-critical-chrome.html Apachel HTTP Server高風險漏洞遭到利用，駭客部署挖礦軟體 https://thehackernews.com/2025/07/hackers-exploit-apache-http-server-flaw.html Hackers Exploit Apache HTTP Server Flaw to Deploy Linuxsys Cryptocurrency Miner https://thehackernews.com/2025/07/hackers-exploit-apache-http-server-flaw.html Google AI "Big Sleep" Stops Exploitation of Critical SQLite Vulnerability Before Hackers Act https://thehackernews.com/2025/07/google-ai-big-sleep-stops-exploitation.html WordPress熱門表單外掛SureForms存在漏洞，逾20萬網站面臨惡意接管威脅 https://www.ithome.com.tw/news/170070 Critical NVIDIA Container Toolkit Flaw Allows Privilege Escalation on AI Cloud Services https://thehackernews.com/2025/07/critical-nvidia-container-toolkit-flaw.html 2.銀行/金融/保險/證券/金融監理新聞及資安【語音網釣實例】山形鐵道公司遭自動語音網釣詐騙近億日元，企業網路銀行帳密是攻擊者下手目標 https://www.ithome.com.tw/news/169980 國泰世華銀行成全台首家通過ISO/IEC 27017資安認證金融機構 https://finance.ettoday.net/news/2996077 普鴻推新一代國造金融機逆勢操作專屬機市場 https://www.cio.com.tw/94731/ 生成式AI來襲、資安成焦點！AWS白皮書揭密金融業上雲契機 https://www.bnext.com.tw/article/83886/aws_fintech 無密碼時代來了電商、金融業都在用的FIDO是什麼 https://reurl.cc/DOZxDN 3.信用卡/電子支付/行動支付/pay/支付系統/資安【面對OTP盜刷網釣威脅，支付與電商產業應對策略】強化交易身分驗證與裝置指紋機制，並建立AI/ML詐欺模型 https://www.ithome.com.tw/news/169489 街口支付風暴始末　董總48小時挨家「磕頭」，危機解除了嗎 https://www.cw.com.tw/article/5136360 全民疑問！為何不讓電子支付像信用卡每家都收？金管會說話了 https://reurl.cc/axNXRX LINE Pay獲准變電支可儲值轉帳了明年1/17年前需獲執照 https://reurl.cc/vLgEoA LINE Pay申設電子支付獲准　有望成第10家專營機構 https://www.cna.com.tw/news/afe/202507170322.aspx 遊日PayPay攻略｜台灣4大電子支付「免換匯、海外手續費」：優惠、使用教學一次整理 https://www.bnext.com.tw/article/83908/japan-taiwan-paypay-integration-2025? 一卡通iPASS MONEY通過114年企業數位信任場域驗證共築數位金流新防線 https://reurl.cc/EQZmbA 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 IDE開發工具Cursor AI用戶遭惡意延伸套件攻擊，50萬美元加密貨幣遭竊 https://www.ithome.com.tw/news/170059 三大加密貨幣法案眾議院過關幣圈迎里程碑 https://reurl.cc/daxpOq 區塊鏈項目Chainbase是什麼？怎麼看代幣C市場？Crypto全鏈數據與AI交會點 https://www.blocktempo.com/what-is-chainbase-and-token-c/ 加密貨幣集體跳水全網逾13萬人爆倉三大風險逼近 https://news.cnyes.com/news/id/6066587 穩定幣有助於轉帳、支付合法化！前十大全球股票基金漲幅一次看 https://finance.technews.tw/2025/07/18/ai-fintech-first/ 線上博弈行銷業者SharpLink Gaming所持有的以太幣數量超越以太坊 https://www.ithome.com.tw/news/170114 Wintermute 稱以太坊 OTC 市場「一幣難求」：投資人該讀懂的訊號 https://www.blocktempo.com/wintermute-said-ethereum-otc-supply-crunch/ 開發者提案凍結中本聰100萬枚比特幣，3步驟應對量子電腦危機 https://www.blocktempo.com/bitcoin-quantum-threat/ 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 開源惡意軟體暴增近2倍攻擊者鎖定開發人員竊取憑證 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12034 WordPress網站惡意軟體攻擊出現新手法，利用ZIP檔案將用戶重新導向 https://www.ithome.com.tw/news/170072 WordPress表單外掛Gravity Forms疑遭供應鏈攻擊，被植入後門程式 https://www.ithome.com.tw/news/170079 殭屍網路RondoDox鎖定TBK、四信連網設備而來，利用已知漏洞綁架DVR裝置 https://www.ithome.com.tw/news/170028 Inno Setup軟體安裝工具被濫用，駭客濫用內建指令碼功能引入惡意軟體 https://www.ithome.com.tw/news/170029 惡意軟體Matanbuchus 3.0透過協作平臺Teams散布 https://thehackernews.com/2025/07/hackers-leverage-microsoft-teams-to.html 惡意軟體HazyBeacon鎖定東南政府而來，濫用AWS Lambda竊取資料 https://thehackernews.com/2025/07/state-backed-hazybeacon-malware-uses.html 後門程式PhantomRemote鎖定俄羅斯醫療照護、IT產業而來 https://securityonline.info/new-phantomremote-backdoor-targets-russian-healthcare-it-linked-to-rainbow-hyena-attacks/ 新型態零點擊攻擊手法Rendershock可於後臺執行惡意程式 https://gbhackers.com/rendershock-0-click-exploit/ 惡意軟體SquidLoader以幾乎無法偵測的手法部署其他作案工具 https://gbhackers.com/squidloader-deploys-stealthy-malware/ 北韓駭客利用NPM套件散布惡意程式XORIndex https://www.ithome.com.tw/news/170083 North Korean Hackers Flood npm Registry with XORIndex Malware in Ongoing Attack Campaign https://thehackernews.com/2025/07/north-korean-hackers-flood-npm-registry.html New PHP-Based Interlock RAT Variant Uses FileFix Delivery Mechanism to Target Multiple Industries https://thehackernews.com/2025/07/new-php-based-interlock-rat-variant.html Stealthy PHP Malware Uses ZIP Archive to Redirect WordPress Visitors https://blog.sucuri.net/2025/07/stealthy-php-malware-uses-zip-archive-to-redirect-wordpress-visitors.html State-Backed HazyBeacon Malware Uses AWS Lambda to Steal Data from SE Asian Governments https://thehackernews.com/2025/07/state-backed-hazybeacon-malware-uses.html AsyncRAT's Open-Source Code Sparks Surge in Dangerous Malware Variants Across the Globe https://thehackernews.com/2025/07/asyncrats-open-source-code-sparks-surge.html 美國、以色列遭勒索軟體Pay2Key鎖定 https://www.darkreading.com/cyberattacks-data-breaches/pay2key-ransomware-gang-incentives-attack-us-israel Iranian-Backed Pay2Key Ransomware Resurfaces with 80% Profit Share for Cybercriminals https://thehackernews.com/2025/07/iranian-backed-pay2key-ransomware.html Fake Gaming and AI Firms Push Malware on Cryptocurrency Users via Telegram and Discord https://thehackernews.com/2025/07/fake-gaming-and-ai-firms-push-malware.html 惡意軟體ZuRu透過木馬化的SSH用戶端程式散布，針對macOS開發人員而來 https://www.ithome.com.tw/news/170068 New ZuRu Malware Variant Targeting Developers via Trojanized Termius macOS App https://thehackernews.com/2025/07/new-macos-malware-zuru-targeting.html Unmasking AsyncRAT: Navigating the labyrinth of forks https://www.welivesecurity.com/en/eset-research/unmasking-asyncrat-navigating-labyrinth-forks https://github.com/eset/malware-ioc/tree/master/asyncra New Konfety Malware Variant Evades Detection by Manipulating APKs and Dynamic Code https://thehackernews.com/2025/07/new-konfety-malware-variant-evades.html Hackers Leverage Microsoft Teams to Spread Matanbuchus 3.0 Malware to Targeted Firms https://thehackernews.com/2025/07/hackers-leverage-microsoft-teams-to.html UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit https://thehackernews.com/2025/07/unc6148-backdoors-fully-patched.html Infrastructure of Interest: Suspicious Domains https://otx.alienvault.com/pulse/6878cf24ada448ce32812890 Google Sues 25 Chinese Entities Over BADBOX 2.0 Botnet Affecting 10M Android Devices https://thehackernews.com/2025/07/google-sues-25-chinese-entities-over.html From Backup to Cyber Resilience: Why IT Leaders Must Rethink Backup in the Age of Ransomware https://thehackernews.com/2025/07/how-cyber-resilience-helps-it-defend-against-ransomwa.html Hackers Use GitHub Repositories to Host Amadey Malware and Data Stealers, Bypassing Filters https://thehackernews.com/2025/07/hackers-use-github-repositories-to-host.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊平板也能做假！男進中國黑心平板灌水竄改規格　成本200賣3000 https://www.ctwant.com/article/431625/ 微軟9月推出iOS版Authenticator新備份系統，將移除個人帳戶登入要求 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12032 eSIM Vulnerability in Kigen's eUICC Cards Exposes Billions of IoT Devices to Malicious Attacks https://thehackernews.com/2025/07/esim-vulnerability-in-kigens-euicc.html 中製APP資安風險高資安院：民眾慎用避免個資外洩 https://newtalk.tw/news/view/2025-07-04/979945 小紅書抖音資安風險高　資安院籲檢查權限慎選APP https://hakkanews.tw/2025/07/04/xiaohongshu-and-douyin-face-210451/ 安卓惡意程式Konfety透過特製APK檔案迴避偵測 https://www.bleepingcomputer.com/news/security/android-malware-konfety-uses-malformed-apks-to-evade-detection/ C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力歐盟發布通用AI實踐準則 https://www.ithome.com.tw/news/170018 郵輪WiFi藏危機！女花8千買網路 24萬「瞬間被清空」 https://reurl.cc/qY1p6E 針對1.1.1.1公用DNS服務中斷，Cloudflare表示是組態不當釀禍，否認遭遇BGP挾持攻擊 https://www.bleepingcomputer.com/news/security/cloudflare-says-1111-outage-not-caused-by-attack-or-bgp-hijack/ 台灣聯鈞光電違反內控制度與重大訊息揭露規定，證交所開罰10萬元 https://www.twse.com.tw/zh/about/news/news/content.html?8a8216d697fc438f01980d72fa680043 中國駭客Salt Typhoon鎖定美國軍隊下手 https://www.securityweek.com/chinas-salt-typhoon-hacked-us-national-guard/ 為了攻破臺灣矽盾，中國駭客對臺灣半導體生態系狂發研究生求職釣魚信，投資分析師也遭鎖定 https://www.ithome.com.tw/news/170122 Chinese Hackers Target Taiwan's Semiconductor Sector with Cobalt Strike, Custom Backdoors https://thehackernews.com/2025/07/chinese-hackers-target-taiwans.html 中國研究人員揭露北美APT駭客NightEagle，指出駭客利用Exchage未知漏洞攻擊中國 https://www.darkreading.com/cyberattacks-data-breaches/north-american-apt-exchange-zero-day-attacks-china 駭客使用SVG圖檔挾帶JavaScript指令碼，將使用者帶往惡意網站 https://hackread.com/attackers-hide-javascript-svg-images-malicious-sites/ 美國大型律師事務所疑遭中國駭客入侵，目標可能是蒐集臺灣、貿易、美國關稅等機密資訊 https://www.ithome.com.tw/news/170048 Four Arrested in £440M Cyber Attack on Marks & Spencer, Co-op, and Harrods https://thehackernews.com/2025/07/four-arrested-in-440m-cyber-attack-on.html 處理器攻擊手法RowHammer出現變形，可對Nvidia GPU上的AI模型下手 https://thehackernews.com/2025/07/gpuhammer-new-rowhammer-attack-variant.html GPUHammer: New RowHammer Attack Variant Degrades AI Models on NVIDIA GPUs https://thehackernews.com/2025/07/gpuhammer-new-rowhammer-attack-variant.html AMD Warns of New Transient Scheduler Attacks Impacting a Wide Range of CPUs https://thehackernews.com/2025/07/amd-warns-of-new-transient-scheduler.html Hyper-Volumetric DDoS Attacks Reach Record 7.3 Tbps, Targeting Key Global Sectors https://thehackernews.com/2025/07/hyper-volumetric-ddos-attacks-reach.html 研究人員揭露鎖定新版Windows Server的攻擊手法Golden dMSA https://thehackernews.com/2025/07/critical-golden-dmsa-attack-in-windows.html Critical Golden dMSA Attack in Windows Server 2025 Enables Cross-Domain Attacks and Persistent Access https://thehackernews.com/2025/07/critical-golden-dmsa-attack-in-windows.html 歐洲刑警摧毀俄羅斯DDoS駭客NoName057(16)基礎設施 https://www.bleepingcomputer.com/news/security/europol-disrupts-pro-russian-noname05716-ddos-hacktivist-group/ Europol Disrupts NoName057(16) Hacktivist Group Linked to DDoS Attacks Against Ukraine https://thehackernews.com/2025/07/europol-disrupts-noname05716-hacktivist.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 2025社交工程攻擊新趨勢！語音網釣、AI偽冒真實攻擊大增 https://www.ithome.com.tw/news/169977 全台個資遭洩！徵信社工程師暗網買9300萬筆個資戶役政資料達3千萬筆 https://udn.com/news/story/7315/8881611 新虛擬欺詐的通知：可以清空銀行帳戶的消息 https://reurl.cc/ekmpAb Amazon Prime Day購物季成詐騙溫床，逾千個惡意網域瞄準消費者 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12020 網釣手法FileFix再度出現，勒索軟體駭客Interlock以此散布RAT木馬程式 https://www.ithome.com.tw/news/170063 知名精品業者LV驚傳系統遭駭，導致部分客戶個資外洩，臺灣用戶也收到通知 https://www.ithome.com.tw/news/170054 LV土耳其傳客戶個資外洩，影響14萬人 https://www.ithome.com.tw/news/170106 麥當勞徵才對話機器人存在資安漏洞，6,400萬名求職者資料恐曝光 https://www.ithome.com.tw/news/170050 CBI Shuts Down £390K U.K. Tech Support Scam, Arrests Key Operatives in Noida Call Center https://thehackernews.com/2025/07/cbi-shuts-down-390k-uk-tech-support.html 逾600個Laravel應用程式特定資訊在GitHub遭洩露，恐被用於遠端執行任意程式碼 https://thehackernews.com/2025/07/over-600-laravel-apps-exposed-to-remote.html Over 600 Laravel Apps Exposed to Remote Code Execution Due to Leaked APP_KEYs on GitHub https://thehackernews.com/2025/07/over-600-laravel-apps-exposed-to-remote.html E.研究報告/工具甫正式發表的大型語言模型Grok-4遭到越獄 https://www.securityweek.com/grok-4-falls-to-a-jailbreak-two-days-after-its-release/ Securing Agentic AI: How to Protect the Invisible Identity Access https://thehackernews.com/2025/07/securing-agentic-ai-how-to-protect.html What Security Leaders Need to Know About AI Governance for SaaS https://thehackernews.com/2025/07/what-security-leaders-need-to-know.html AI Agents Act Like Employees With Root Access—Here's How to Regain Control https://thehackernews.com/2025/07/ai-agents-act-like-employees-with-root.html Deepfakes. Fake Recruiters. Cloned CFOs — Learn How to Stop AI-Driven Attacks in Real Time https://thehackernews.com/2025/07/deepfakes-fake-recruiters-cloned-cfos.html Newly Emerged GLOBAL GROUP RaaS Expands Operations with AI-Driven Negotiation Tools https://thehackernews.com/2025/07/newly-emerged-global-group-raas-expands.html CTEM vs ASM vs Vulnerability Management: What Security Leaders Need to Know in 2025 https://thehackernews.com/2025/07/ctem-vs-asm-vs-vulnerability-management.html AI Agents Act Like Employees With Root Access—Here's How to Regain Control https://thehackernews.com/2025/07/ai-agents-act-like-employees-with-root.html F.商業我的固態硬碟會自爆，Team針對高資安需求推出具自毀功能的P250Q-M80 https://www.techbang.com/posts/124310-team-p250q-m80 兩年內超過半數商業決策將由 AI 代理人輔助或自動完成 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12030 製造業身分爆炸時代　九成業者需管控逾2500個有效身分 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12028 容器管理工具Docker Compose升級整合AI代理，連結雲端算力擴展應用彈性 https://www.ithome.com.tw/news/170065 OpenAI、Google、Anthropic與xAI各獲得2億美元的國防部合約 https://www.ithome.com.tw/news/170067 G.政府刑事局封鎖涉毒網址轉檔作業出包，Azurewebsites.net根網域遭屏蔽近2小時，連TWNIC公文系統都被封 https://www.ithome.com.tw/news/170025 葛如鈞質疑雙憑證機制無效，數發部表示從使用者端刪除憑證無法測試雙憑證機制 https://www.ithome.com.tw/news/170027 數發部預告促創條例草案盼主流AI模型納入台灣觀點 https://news.pts.org.tw/article/760853 數發部預告促進資料創新利用發展條例草案，政府機關將設立資料長 https://www.ithome.com.tw/news/170062 資安院接手TWCERT/CC維運，號召4千家企業，共築臺灣數位韌性新防線 https://www.ithome.com.tw/news/170120 建置台灣主權AI語料庫數發部：第4季釋出首批資料 https://udn.com/news/story/6656/8873624 資安院首發資安周報近一周網路攻擊集中在「網頁應用」服務 https://wantrich.chinatimes.com/news/20250718900523-420501 Coupang 酷澎攜手數位發展部打造 FIDO 免密碼新世代數位信任防線 https://news.owlting.com/articles/1075591 資安署長蔡福隆守護台灣網路主權 https://udn.com/news/story/7240/8877250 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安 Ruckus Networks 網路管理設備存在多個未修補的嚴重資安漏洞 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12035 藍牙框架存在資安漏洞PerfektBlue，影響賓士、VW、Skoda車載系統 https://www.ithome.com.tw/news/170073 PerfektBlue Bluetooth Vulnerabilities Expose Millions of Vehicles to Remote Code Execution https://thehackernews.com/2025/07/perfektblue-bluetooth-vulnerabilities.html 火車控制系統存在資安缺陷，攻擊者恐用來緊急剎車 https://securityaffairs.com/179940/hacking/an-attacker-using-a-500-radio-setup-could-potentially-trigger-train-brake-failures-or-derailments-from-a-distance.html I.教育訓練資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g EC Council CASE.NET 認證準備 https://coolmandiary.blogspot.com/2025/04/ec-council-casenet.html EC Council CASE.NET(312-95)_筆記_Module1專有名詞及定義 https://coolmandiary.blogspot.com/2021/10/ec-council-casenet312-95module1.html GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會物聯網資訊安全實務 2025/7/19 https://www.accupass.com/event/2506270910121558046175 Season of AI Agents: Build the Future with AI 2025/7/19 https://www.meetup.com/cloud-experts-group/events/307650330/ 台灣駭客年會 HITCON Training 2025 2025/7/23 https://hitcon.kktix.cc/events/hitcon-training-2025 T-box工作坊:「信用風險管理及國際貿易欺詐的應對」 2025/7/23 https://www.meetup.com/meetups-hk-science-park/events/308683985/ 司法警政AI智慧防詐高峰論壇 – 加密貨幣暨鏈結安全智慧共同聯防新未來 2025/7/24 https://www.accupass.com/event/2506060428065681753110 [On-Line] AWS Global Community Gatherings #9 2025/7/25 https://www.meetup.com/awsglobalcommunitygatherings/events/307473302/ 2025年8月-iPAS 資訊安全工程師(初級)能力培訓班-高雄場 2025/8/21 https://www.accupass.com/event/2504240921341381390216 API 安全開發指南：漏洞修復與授權管理實務 2025/9/11-2025/9/12 https://www.accupass.com/event/2501021422337978365160 2025年9月-iPAS 資訊安全工程師(初級)能力培訓班 2025/9/20 https://www.accupass.com/event/2505080338266282560860 ISO 27001:2022 資訊安全管理系統主導稽核員訓練課程 2025/9/22 https://www.accupass.com/event/2505190352351691427965