資安事件新聞週報 2024/09/16 ~ 2024/09/20

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2024/09/16 ~ 2024/09/20 1.重大弱點漏洞/後門/Exploit/Zero Day VMware vCenter伺服器存在重大漏洞，有可能讓攻擊者遠端執行任意程式碼 https://blogs.vmware.com/cloud-foundation/2024/09/17/vmsa-2024-0019-questions-answers/ Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution https://thehackernews.com/2024/09/patch-issued-for-critical-vmware.html Cisco IOS XR https://nvd.nist.gov/vuln/detail/CVE-2024-20381 https://nvd.nist.gov/vuln/detail/CVE-2024-20398 https://nvd.nist.gov/vuln/detail/CVE-2024-20489 https://nvd.nist.gov/vuln/detail/CVE-2024-20304 https://nvd.nist.gov/vuln/detail/CVE-2024-20317 https://nvd.nist.gov/vuln/detail/CVE-2024-20406 https://nvd.nist.gov/vuln/detail/CVE-2024-20483 Fortinet FortiClientEMS https://nvd.nist.gov/vuln/detail/CVE-2024-33508 FortiSOAR https://nvd.nist.gov/vuln/detail/CVE-2024-45327 Red Hat修補OpenShift重大層級漏洞 https://ithome.com.tw/news/165071 Microsoft 推出 2024 年 9 月 Patch Tuesday 每月例行更新修補包 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11244 Windows 10 版本 1507 https://nvd.nist.gov/vuln/detail/CVE-2024-43491 Windows 10 Version 1809 https://nvd.nist.gov/vuln/detail/CVE-2024-38045 https://nvd.nist.gov/vuln/detail/CVE-2024-38240 Windows 11 Version 24H2 https://nvd.nist.gov/vuln/detail/CVE-2024-43461 營造業者採用的會計軟體遭到鎖定，駭客利用SQL Server漏洞取得管理員權限 https://www.huntress.com/blog/cracks-in-the-foundation-intrusions-of-foundation-accounting-software Microsoft SQL Server 2017 (GDR) https://nvd.nist.gov/vuln/detail/CVE-2024-26186 https://nvd.nist.gov/vuln/detail/CVE-2024-26191 https://nvd.nist.gov/vuln/detail/CVE-2024-37335 https://nvd.nist.gov/vuln/detail/CVE-2024-37338 https://nvd.nist.gov/vuln/detail/CVE-2024-37339 https://nvd.nist.gov/vuln/detail/CVE-2024-37340 https://nvd.nist.gov/vuln/detail/CVE-2024-37341 https://nvd.nist.gov/vuln/detail/CVE-2024-37965 https://nvd.nist.gov/vuln/detail/CVE-2024-37980 https://nvd.nist.gov/vuln/detail/CVE-2024-37337 https://nvd.nist.gov/vuln/detail/CVE-2024-37342 https://nvd.nist.gov/vuln/detail/CVE-2024-37966 Microsoft SharePoint Enterprise Server 2016 https://nvd.nist.gov/vuln/detail/CVE-2024-38018 GitLab揭露CVSS滿分漏洞，若不盡快修補，恐被繞過SAML身分驗證 https://www.ithome.com.tw/news/165090 GitLab修補重大層級的管道執行漏洞 https://www.ithome.com.tw/news/165043 Docker修補電腦版應用程式RCE漏洞 https://www.ithome.com.tw/news/165044 Ivanti Warns of Active Exploitation of Newly Patched Cloud Appliance Vulnerability https://thehackernews.com/2024/09/ivanti-warns-of-active-exploitation-of.html 蘋果修補Vision Pro虛擬鍵盤漏洞GAZEploit https://thehackernews.com/2024/09/apple-vision-pro-vulnerability-exposed.html Apple Vision Pro Vulnerability Exposed Virtual Keyboard Inputs to Attackers https://thehackernews.com/2024/09/apple-vision-pro-vulnerability-exposed.html Progress WhatsUp Gold Exploited Just Hours After PoC Release for Critical Flaw https://thehackernews.com/2024/09/progress-whatsup-gold-exploited-just.html SolarWinds修補權限管理系統ARM重大漏洞 https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28991 SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks https://thehackernews.com/2024/09/solarwinds-issues-patch-for-critical.html Google Fixes GCP Composer Flaw That Could've Led to Remote Code Execution https://thehackernews.com/2024/09/google-fixes-gcp-composer-flaw-that.html 新興AI系統AutoGPT存在重大漏洞，逾44萬個軟體程式碼專案恐曝險 https://www.ithome.com.tw/news/165060 重大層級macOS行事曆應用程式漏洞恐影響數百萬用戶，攻擊者有機會零點擊觸發 https://mikko-kenttala.medium.com/zero-click-calendar-invite-critical-zero-click-vulnerability-chain-in-macos-a7a434fc887b GCP存在漏洞CloudImposer，攻擊者有機會透過供應鏈攻擊利用 https://www.tenable.com/blog/cloudimposer-executing-code-on-millions-of-google-servers-with-a-single-malicious-package IBM QRadar SIEM contains multiple vulnerabilities https://www.ibm.com/support/pages/node/7168815 GitLab Patches Critical SAML Authentication Bypass Flaw in CE and EE Editions https://thehackernews.com/2024/09/gitlab-patches-critical-saml.html Google發布Chrome大改版129，修補V8引擎高風險漏洞 https://chromereleases.googleblog.com/2024/09/stable-channel-update-for-desktop_17.html Critical Ivanti Cloud Appliance Vulnerability Exploited in Active Cyberattacks https://thehackernews.com/2024/09/critical-ivanti-cloud-appliance.html Hackers Exploit Default Credentials in FOUNDATION Software to Breach Construction Firms https://thehackernews.com/2024/09/hackers-exploit-default-credentials-in.html Azure Stack Hub https://nvd.nist.gov/vuln/detail/CVE-2024-38220 Atlassian發布9月例行更新，修補會引發阻斷服務攻擊的漏洞 https://confluence.atlassian.com/security/security-bulletin-september-17-2024-1431249025.html 2.銀行/金融/保險/證券/金融監理新聞及資安勒索團體聲稱攻入中國工商銀行倫敦分行，偷走520萬個檔案，遭竊資料量高達6.2 TB https://www.theregister.com/2024/09/11/hunters_ransom_icbc_london/ 兆豐證實旗下證券投資信託子公司遭遇DDoS攻擊 https://mops.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=142142&SPOKE_DATE=20240917&COMPANY_ID=2886 兆豐金及旗下證券票券投信網站遭 DDoS 攻擊已恢復正常 https://money.udn.com/money/story/5613/8224646 兆豐金彰銀遭網攻、證交所主計總處網站一度當機親俄駭客宣稱犯案 https://www.cna.com.tw/news/afe/202409120361.aspx 中租、兆豐、彰銀接連發布重訊揭露遭DDoS攻擊，還有臺灣多個政府機關也是目標 https://www.ithome.com.tw/news/164999 金融產業資安解析 https://www.cio.com.tw/financial-industry-security-resolution/ 親俄駭客網攻台金融機構　藍轟資安不堪一擊 https://hk.crntt.com/doc/1600/5/0/3/160050330.html?coluid=0&kindid=0&docid=160050330&mdate=0916114725 公股金融機構總經理會議聚焦財部重兵防駭促資安不掉鏈 https://www.chinatimes.com/newspapers/20240917000105-260202?chdtv 網攻事件頻傳財部召行庫開會籲強化資安防護監控 https://udn.com/news/story/7239/8231851 親俄駭客盯上台灣! 證交所.金融機構.憲指部官網遭駭 https://reurl.cc/eypg9M 國泰金控獲金管會核准首家數據上雲的金融業者 https://ec.ltn.com.tw/article/breakingnews/4798659 TrickMo Android Trojan Exploits Accessibility Services for On-Device Banking Fraud https://thehackernews.com/2024/09/trickmo-android-trojan-exploits.html 3.信用卡/電子支付/行動支付/pay/支付系統/資安台灣行動支付難推廣？網揭2背後因素：攤商根本不想用 https://udn.com/news/story/120912/8239968 善用行動電子支付，降低現金舞弊風險 https://reurl.cc/Gpavk3 自iOS 18.1起，蘋果將開放第三方行動支付使用NFC https://www.ithome.com.tw/news/164494 BNPL先買後付來襲！法制局提4監管建議 https://reurl.cc/nvp2zv 7月電子支付重返復甦悠遊付會員月增居冠 https://reurl.cc/lyp2Vl Master Your PCI DSS v4 Compliance with Innovative Smart Approvals https://thehackernews.com/2024/09/master-your-pci-dss-v4-compliance-with.html 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安北京大動作部署國家區塊鏈節點「長安鏈」擔重任，中國開放加密貨幣前奏 https://www.blocktempo.com/beijing-promotes-blockchain-construction/ 加密貨幣「挖礦業」正榨乾美國電網！還釀反中危機 https://www.gvm.com.tw/article/115815 路易斯安那州已允許居民用加密貨幣支付政府服務費用 https://www.hk01.com/article/1058903?utm_source=01articlecopy&utm_medium=referral 比特幣ATM在澳洲如雨後春筍般冒出 https://money.udn.com/money/story/122381/8239773 為什麼要關注比特幣的OP_CAT？閃電網路後的最大敘事 https://m.cnyes.com/news/id/5721103 川普首次使用比特幣付款強調「加密貨幣候選人」身份 https://news.cnyes.com/news/id/5720585 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC “7777” 殭屍網路鎖定Asus、D-Link、Netgear、Zyxel及其他多牌家用路由器與VPN設備 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11247 惡意程式Amadey竊取帳密資料有新招，利用瀏覽器的Kiosk模式來進行 https://www.ithome.com.tw/news/165038 駭客組織TeamTNT鎖定CentOS主機植入Rootkit https://www.group-ib.com/blog/teamtnt/ 130萬臺安卓電視機上盒遭植入後門 https://www.ithome.com.tw/news/165034 駭客組織Vice Society鎖定美醫療產業，散布勒索軟體INC Ransom https://www.ithome.com.tw/news/165096 殭屍網路Quad7鎖定兆勤VPN設備、Ruckus無線路由器而來 https://www.ithome.com.tw/news/165059 勒索軟體駭客濫用微軟Azure雲端服務竊取資料 https://www.modepush.com/blog/highway-blobbery-data-theft-using-azure-storage-explorer 惡意軟體Hadooken鎖定Oracle WebLogic伺服器而來 https://www.aquasec.com/blog/hadooken-malware-targets-weblogic-applications/ 大型中國殭屍網路Raptor Train感染逾20萬臺SOHO路由器、IP攝影機 https://ithome.com.tw/news/165079 勒索軟體劫持資料無處放，竟把歪腦筋動到Azure儲存桶與資料複製工具 https://www.ithome.com.tw/news/165095 美國破獲中國駭客主導的、由逾20萬個裝置組成的殭屍網路 https://www.ithome.com.tw/news/165079 北韓駭客鎖定能源及航太產業，散布惡意軟體Mistpen https://cloud.google.com/blog/topics/threat-intelligence/unc2970-backdoor-trojanized-pdf-reader DragonRank, a Chinese-speaking SEO manipulator service provider https://blog.talosintelligence.com/dragon-rank-seo-poisoning/ New Linux Malware Campaign Exploits Oracle Weblogic to Mine Cryptocurrency https://thehackernews.com/2024/09/new-linux-malware-campaign-exploits.html Binance Warns of Rising Clipper Malware Attacks Targeting Cryptocurrency Users https://thehackernews.com/2024/09/binance-warns-of-rising-clipper-malware.html 北韓駭客透過LinkedIn尋找目標，企圖散布惡意軟體RustDoor https://www.ithome.com.tw/news/165061 North Korean Hackers Target Cryptocurrency Users on LinkedIn with RustDoor Malware https://thehackernews.com/2024/09/north-korean-hackers-target.html North Korean Hackers Target Energy and Aerospace Industries with New MISTPEN Malware https://thehackernews.com/2024/09/north-korean-hackers-target-energy-and.html Microsoft Warns of New INC Ransomware Targeting U.S. Healthcare Sector https://thehackernews.com/2024/09/microsoft-warns-of-new-inc-ransomware.html NoName Ransomware Group Expands Their Operation https://otx.alienvault.com/pulse/66e482000173acafce70d8fa Wherever There's Ransomware, There's Service Account Compromise. Are You Protected https://thehackernews.com/2024/09/wherever-theres-ransomware-theres.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 iOS 18開始支援RCS，能與Android互通訊息 https://www.ithome.com.tw/news/165054 Apple Drops Spyware Case Against NSO Group, Citing Risk of Threat Intelligence Exposure https://thehackernews.com/2024/09/apple-drops-spyware-case-against-nso.html 歐盟將在半年內讓蘋果iOS及iPadOS與第三方應用互動 https://www.ithome.com.tw/news/165091 C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 TIDrone 駭客組織瞄準台灣無人機製造商 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11245 防毒業者Dr.Web驚傳遭到入侵，暫時切斷所有伺服器的連線 https://news.drweb.com/show/?i=14904&lng=en&c=5 以色列駭BB Call引爆？專家：被改造、通電就爆 https://reurl.cc/oyK6rl 真主黨致命錯誤！高層下令禁手機「改用BB Call」爆安全漏洞 https://www.ettoday.net/news/20240918/2819000.htm 黎巴嫩集體爆炸增至11死4000傷！　真主黨誓言報復以色列 https://www.ettoday.net/news/20240918/2818756.htm 台灣商製造爆炸BB call？網路湧大量異常操作　國安情資曝 https://www.ettoday.net/news/20240918/2819343.htm 呼叫器爆炸扯台灣「中國認知作戰？」　國安人士點名PTT帳號 https://tw.nextapple.com/politics/20240918/C501525F0281840A44A2B323706D6BC2 真主黨呼叫器爆炸事件讓台灣金阿波羅受關注但公司否認產品出自其手 https://www.bbc.com/zhongwen/trad/world-69353642 金阿波羅再切割曝爆炸BB Call製造商BAC詳細資訊 https://www.chinatimes.com/realtimenews/20240918003099-260405?chdtv 黎巴嫩「BB Call」爆炸案增至12死！包括2名兒童 https://www.ettoday.net/news/20240918/2819330.htm 針對0912親俄駭客對臺網站發動DDoS攻擊，4天之內已有45起事故 https://www.ithome.com.tw/news/165042 駭客組織Void Banshee利用MSHTML欺騙漏洞從事攻擊行動 https://www.trendmicro.com/en_us/research/24/g/CVE-2024-38112-void-banshee.html 中國駭客Earth Baxia針對臺灣政府機關下手，藉由GeoServer已知漏洞發動攻擊 https://www.ithome.com.tw/news/165092 中國駭客DragonRank攻擊亞洲、歐洲IIS伺服器，意圖操縱搜尋引擎排名 https://ithome.com.tw/news/165080 17-Year-Old Arrested in Connection with Cyber Attack Affecting Transport for London https://thehackernews.com/2024/09/17-year-old-arrested-in-connection-with.html Study of targeted attacks on Russian research institutes https://github.com/DoctorWebLtd/malware-iocs/blob/master/APT_DNSep/README.adoc https://st.drweb.com/static/new-www/news/2021/april/drweb_research_attacks_on_russian_research_institutes_en.pdf Iranian APT UNC1860 Linked to MOIS Facilitates Cyber Intrusions in Middle East https://thehackernews.com/2024/09/iranian-apt-unc1860-linked-to-mois.html Chinese Engineer Charged in U.S. for Years-Long Cyber Espionage Targeting NASA and Military https://thehackernews.com/2024/09/chinese-engineer-charged-in-us-for.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 Fortinet遭大規模資料洩漏亞太區客戶受影響 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11246 針對Fortinet資料外洩事故，研究人員揭露更多發現 https://www.darkreading.com/cloud-security/fortinet-customer-data-breach-third-party 臺美國防工業會議相關人士遭到鎖定，駭客發動網釣攻擊企圖竊取機密 https://ithome.com.tw/news/165078 逾1千臺SerivceNow伺服器配置不當，恐曝露企業機敏資訊 https://appomni.com/ao-labs/servicenow-knowledge-bases-data-exposures-uncovered/ 義大利使用者遭巴西駭客鎖定，藉由釣魚郵件散布惡意程式SambaSpy https://securelist.com/sambaspy-rat-targets-italian-users/113851/ 重機製造商Kawasaki歐洲分公司傳出遭駭，勒索軟體RansomHub聲稱竊得487 GB資料 https://hackread.com/ransomhub-ransomware-group-kawasaki-europe-data-leak/ Say Goodbye to Phishing: Must-Haves to Eliminate Credential Theft https://thehackernews.com/2024/09/say-goodbye-to-phishing-must-haves-to.html Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks https://thehackernews.com/2024/09/cybercriminals-exploit-http-headers-for.html DoJ: Chinese Man Used Spear-Phishing to Obtain Software From NASA, Military https://www.securityweek.com/doj-chinese-man-used-spear-phishing-to-obtain-software-from-nasa-military/ E.研究報告/工具 How to Investigate ChatGPT activity in Google Workspace https://thehackernews.com/2024/09/how-to-investigate-chatgpt-activity-in.html How Does Threat Intelligence Apply to SaaS Security? And Why You Should Care https://thehackernews.com/expert-insights/2024/09/how-does-threat-intelligence-apply-to.html From Breach to Recovery: Designing an Identity-Focused Incident Response Playbook https://thehackernews.com/2024/09/from-breach-to-recovery-designing.html Why Pay A Pentester https://thehackernews.com/2024/09/why-pay-pentester.html GSMA Plans End-to-End Encryption for Cross-Platform RCS Messaging https://thehackernews.com/2024/09/gsma-plans-end-to-end-encryption-for.html Healthcare's Diagnosis is Critical: The Cure is Cybersecurity Hygiene https://thehackernews.com/2024/09/healthcares-diagnosis-is-critical-cure.html Passwordless AND Keyless: The Future of (Privileged) Access Management https://thehackernews.com/2024/09/passwordless-and-keyless-future-of.html F.商業漢昕科技2024 Solution Day：資安自動化的重要性及其實踐策略 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11231 F5 與英特爾攜手合作簡化AI服務的安全性和交付 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11242 Gartner發佈2024年新興技術成熟度曲線：重點關注開發者生產力、全方位體驗、AI與安全 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11238 Palo Alto Networks 完成收購 IBM 的 QRadar SaaS 業務 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11236 Privileged Identity Management (PIM): For Many, a False Sense of Security https://thehackernews.com/expert-insights/2024/09/privileged-identity-management-pim-for.html Chrome Introduces One-Time Permissions and Enhanced Safety Check for Safer Browsing https://thehackernews.com/2024/09/chrome-introduces-one-time-permissions.html Google Chrome Switches to ML-KEM for Post-Quantum Cryptography Defense https://thehackernews.com/2024/09/google-chrome-switches-to-ml-kem-for.html Chrome Users Can Now Sync Passkeys Across Devices with New Google PIN Feature https://thehackernews.com/2024/09/chrome-users-can-now-sync-passkeys.html Google強化瀏覽器密碼管理功能，讓使用者能跨平臺運用Passkey https://www.ithome.com.tw/news/165093 Google在搜尋與廣告產品中應用C2PA標準，強化數位內容透明度 https://www.ithome.com.tw/news/165082 Elasticsearch重新開源後，AWS也將OpenSearch移交Linux基金會 https://www.ithome.com.tw/news/165064 The Microsoft 365 Backup Game Just Changed: Ransomware Recovery Revolutionized https://thehackernews.com/expert-insights/2024/09/the-microsoft-365-backup-game-just.html G.政府資安法上路五年藍委質疑預算暴增仍難防駭客攻擊 https://reurl.cc/kyp27d 親俄駭客揚言癱瘓全台政府網站　資安署公開應對方法：比照總統大選辦理 https://www.storm.mg/article/5238677 親俄駭客對台發動DDoS攻擊45起數發部：已啟動資安聯防體系 https://news.cnyes.com/news/id/5717769 盜用高鐵會員點數手法曝光逾500人受害、補償措施出爐 https://udn.com/news/story/7266/8239753 會員點數被盜！換禮券轉贈　高鐵：個資未外洩 https://news.ttv.com.tw/news/11309200014300I H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安 D-Link修補Wi-Fi路由器高風險漏洞 https://www.ithome.com.tw/news/165062 New "Raptor Train" IoT Botnet Compromises Over 200,000 Devices Worldwide https://thehackernews.com/2024/09/new-raptor-train-iot-botnet-compromises.html I.教育訓練資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 HITCON 社群活動 - HITCON CTF 揭秘 2024/9/21 https://hitcon.kktix.cc/events/discoverctf240921 Just a chat - with no Expectations 2024/9/21 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/lsmkqsygcmbcc/ Taoyuan WordPress Café 桃園咖啡小聚 #40 2024/9/21 https://www.meetup.com/taoyuan-wordpress-meetup/events/303111843/ Cloud Collaboration Era: Atlassian Cloud Platform Best Practices Sharing Session 2024/9/21 https://www.meetup.com/hang-zhou-atlassian-community-events/events/302573284/ 【安碁學苑】資安技術人才培育計畫｜資安新手實戰培訓第二梯次開跑 2024/9/23 https://acsiacad.kktix.cc/events/a2f3d0ef Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/9/24 https://www.meetup.com/taiwan-code-camp/events/xfxtjtygcmbgc/ IT x CT x OT Cybersecurity全方位資安聯防生態系論壇 2024/9/25 https://www.accupass.com/event/2408120640402164854890 SyntaxError 2024/9/25 https://www.meetup.com/pythonhug/events/pqnsctygcmbhc/ Taiwan Digital Night #202409 2024/9/25 https://www.meetup.com/taiwan-digital-nomads-hub-%E5%8F%B0%E7%81%A3%E6%95%B8%E4%BD%8D%E9%81%8A%E7%89%A7%E8%80%85%E7%A4%BE%E7%BE%A4/events/302696281/ SECURITY SUMMIT 2024 多層次企業資安防護 2024/9/25 ~ 2024/9/26 https://www.digitimes.com.tw/seminar/securitySummit/index.html HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會淡水 2024/9/26 https://www.meetup.com/hackingthursday/events/psspctygcmbjc/ AI 世代下的雲端資安攻防戰：遷移與防禦新航道 2024/9/26 https://www.accupass.com/event/2408270307021284798836 Just a chat - with no Expectations 2024/9/28 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/lsmkqsygcmblc/ 資訊安全系列課程 2024/9/30 https://www.accupass.com/event/2407011640161317038989 資訊安全系列課程 2024/10/12 https://www.accupass.com/event/2407011633417884074930 第二屆台南Web3產業國際博覽會 TAINAN WEB3 INTERNATIONAL FAIR 2024/10/18 https://www.accupass.com/event/2406150525111725753130 HITCON Enterprise 2024 台灣駭客年會 2024/10/30 https://hitcon.kktix.cc/events/hitcon-ent-2024 Threat Analyst Summit 2024 威脅分析師高峰會 2024/12/11 ~ 2024/12/12 https://teamt5tw.kktix.cc/events/tas2024