###### tags: `資安事件新聞週報` # 資安事件新聞週報 2024/10/7 ~ 2024/10/11 1.重大弱點漏洞/後門/Exploit/Zero Day Palo Alto修補產品轉移工具多項重大漏洞 https://www.ithome.com.tw/news/165424 CVE-2024-9464 : Palo Alto Expedition Authenticated Command Injection https://github.com/horizon3ai/CVE-2024-9464 Palo Alto Networks warns of firewall hijack bugs with public exploit https://www.bleepingcomputer.com/news/security/palo-alto-networks-warns-of-firewall-hijack-bugs-with-public-exploit/ CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches https://thehackernews.com/2024/10/cisa-warns-of-critical-fortinet-flaw-as.html 今年初修補的Fortinet資安系統RCE漏洞被用於實際攻擊行動，並得到CISA證實 https://www.ithome.com.tw/news/165432 CISA says critical Fortinet RCE flaw now exploited in attacks https://www.bleepingcomputer.com/news/security/cisa-says-critical-fortinet-rce-flaw-now-exploited-in-attacks/ CISA Warns of Threat Actors Exploiting F5 BIG-IP Cookies for Network Reconnaissance https://thehackernews.com/2024/10/cisa-warns-of-threat-actors-exploiting.html Best Practices to Configure BIG-IP LTM Systems to Encrypt HTTP Persistence Cookies https://www.cisa.gov/news-events/alerts/2024/10/10/best-practices-configure-big-ip-ltm-systems-encrypt-http-persistence-cookies K14784: Configuring cookie encryption within the HTTP profile https://my.f5.com/manage/s/article/K14784 已終止維護的思科小型企業路由器存在高風險漏洞，可被用於提升權限或遠端執行程式碼 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv34x-privesc-rce-qE33TCms 跨站腳本（Cross-Site Scripting）、DoS和遠程代碼執行（Remote Code Execution）漏洞 (CVE-2024-41583 ~ CVE-2024-41596) https://reurl.cc/myAlAA 駭客鎖定Adobe Commerce、Magento購物網站漏洞CosmicSting下手 https://www.ithome.com.tw/news/165365 近2萬臺Zimbra郵件伺服器曝露於CVE-2024-45519的資安風險 https://securityonline.info/active-exploits-target-zimbra-collaboration-over-19k-systems-vulnerable-to-cve-2024-45519/ OATH Toolkit特權管理模組存在重大漏洞，恐導致攻擊者有機會藉由root進行存取 https://securityonline.info/cve-2024-47191-critical-flaw-in-oath-toolkit-pam-module-could-lead-to-root-exploits/ CVE-2024-7479 & CVE-2024-7481: exploit proof of concept https://github.com/PeterGabaldon/CVE-2024-7479_CVE-2024-7481 CVE-2024-45409: Ruby-SAML Auth Bypass in GitLab https://blog.projectdiscovery.io/ruby-saml-gitlab-auth-bypass/ QRadar: Deployments may experience an Event ingestion issue after the 4 October 2024 Auto Update is completed https://www.ibm.com/support/pages/node/7172215 Veeam備份軟體漏洞遭勒索軟體Akira、Fog濫用，至少發動4起攻擊行動 https://www.ithome.com.tw/news/165450 微軟發布10月例行更新，修補5個零時差漏洞 https://www.ithome.com.tw/news/165405 Windows Netlogon Elevation of Privilege Vulnerability CVE-2024-38124 https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38124 Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the Wild https://thehackernews.com/2024/10/microsoft-issues-security-update-fixing.html CVE-2024–44193 : Hacking Windows through iTunes Local Privilege Escalation 0-day https://github.com/mbog14/CVE-2024-44193 Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications https://thehackernews.com/2024/10/critical-apache-avro-sdk-flaw-allows.html NVIDIA Container Toolkit嚴重漏洞允許完全主機接管 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11285 Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits https://thehackernews.com/2024/10/qualcomm-urges-oems-to-patch-critical.html Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited https://thehackernews.com/2024/10/zero-day-alert-three-critical-ivanti.html Ivanti雲端服務設備CSA修補3個零時差漏洞，已出現濫用活動 https://www.ithome.com.tw/news/165408 SAP發布10月例行更新，修補BusinessObjects重大漏洞 https://support.sap.com/en/my-support/knowledge-base/security-notes-news/october-2024.html Okta修補能繞過登入政策的資安漏洞 https://hackread.com/okta-fixes-sign-on-policy-bypass-vulnerability/ 網路監控工具Cacti發布緊急更新，緩解RCE、XSS漏洞 https://securityonline.info/cacti-network-monitoring-tool-patches-security-flaws-including-rce-vulnerability/ Apache Avro軟體開發套件存在高風險漏洞，攻擊者有機會遠端於Java應用程式執行任意程式碼 https://thehackernews.com/2024/10/critical-apache-avro-sdk-flaw-allows.html Scriptcase低階程式碼開發平臺存在10分重大漏洞 https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-scriptcase Mozilla發布Firefox更新，修補已遭利用的零時差漏洞 https://www.ithome.com.tw/news/165442 A critical vulnerability (CVE-2024-9680) in Firefox is being actively exploited. https://thehackernews.com/2024/10/mozilla-warns-of-active-exploitation-in.html Firefox Zero-Day Under Attack: Update Your Browser Immediately https://thehackernews.com/2024/10/mozilla-warns-of-active-exploitation-in.html Researchers Uncover Major Security Vulnerabilities in Industrial MMS Protocol Libraries https://thehackernews.com/2024/10/researchers-uncover-major-security.html GitLab發布17.4.2新版，修補任意分支管道執行漏洞 https://about.gitlab.com/releases/2024/10/09/patch-release-gitlab-17-4-2-released/ New Critical GitLab Vulnerability Could Allow Arbitrary CI/CD Pipeline Execution https://thehackernews.com/2024/10/new-critical-gitlab-vulnerability-could.html Experts Warn of Critical Unpatched Vulnerability in Linear eMerge E3 Systems https://thehackernews.com/2024/10/experts-warn-of-critical-unpatched.html Adobe修補電子商務平臺重大層級漏洞 https://helpx.adobe.com/security/products/magento/apsb24-73.html 2.銀行/金融/保險/證券/金融監理 新聞及資安 刑事局聯手兆豐金控「金融阻駭打詐暨資安聯防」　簽署合作意向書 https://cnews.com.tw/244240930a03/ 網站昨遭駭客攻擊？證交所澄清：並未發生 https://news.pchome.com.tw/finance/nownews/20241009/index-72843318867007207003.html 遭駭客攻擊？證交所官網8日下午再度當機 https://udn.com/news/story/7238/8278495 無卡提款QR Code 規格統一 https://money.udn.com/money/story/122376/8282116 金控業界強攻生成式 AI 商機 https://money.udn.com/money/story/5613/8282115 凱基人壽加入Whoscall認證企業 接電話更安心 https://www.cna.com.tw/postwrite/chi/383569 臺銀人壽宣導打詐 提升軍校生法治觀念 https://www.inside.com.tw/article/36448-BankTaiwan 強化資安 證交所舉辦「113年證券商資通安全會議」 https://udn.com/news/story/7251/8281793 證交所緊盯券商資安 https://money.udn.com/money/story/5607/8276404 機敏個資流中國1╱資安國安雙崩盤！銀行券商總體檢　驚爆官網竟遭埋SDK https://www.setn.com/News.aspx?NewsID=1544856 機敏個資流中國2╱駭人！北京神策在台券商網埋碼　竟疑為台人牽線 https://inews.setn.com/news/1544861 機敏個資流中國3╱SDK暗藏追蹤功能　用戶交易恐外洩！專家憂國安漏洞 https://inews.setn.com/news/1544874 FIN7 hosting honeypot domains with malicious AI DeepNude Generators – New Silent Push research https://www.silentpush.com/blog/fin7-malware-deepfake-ai-honeypot/ 3.信用卡/電子支付/行動支付/pay/支付系統/資安 樂天信用卡工程師盜賣27萬筆客戶個資 「意者私訊」公開招攬 https://money.udn.com/money/story/5648/8280247 為何加油站「禁用手機」卻能掃行動支付 中油給答案 https://www.chinatimes.com/realtimenews/20241005002110-260405?chdtv 電子支付打造更佳出行體驗　中信銀行(國際)支援的士業數碼轉型 https://www.hk01.com/article/1063221?utm_source=01articlecopy&utm_medium=referral 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 瑞波推出加密存儲服務，維護數字貨幣多樣化 https://hk.investing.com/news/economic-indicators/article-652153 勒索、洗錢、詐騙中使用的加密貨幣 https://www.blocktempo.com/billion-dollar-cyberfraud-industry-expands-in-southeast-asia-as-criminals-adopt-new-technologies/ 歐洲央行：穩定幣並非美國貨幣政策的「避風港」，實質內憂外患 https://abmedia.io/ecb-stable-risks-on-monetary-policy SEC、FBI和司法部合作起訴4家加密貨幣公司：涉市場操縱和詐欺 https://www.blocktempo.com/u-s-sec-charges-three-market-makers-with-fraud-and-market-manipulation/ 饒舌天后Cardi B推加密貨幣被誤會遭黑客入侵 網上爆粗否認大肚出軌指控 https://reurl.cc/yvaYel 愛爾蘭政府沒收 3.7 億美元比特幣卻無法變現：私鑰可能弄丟了 https://www.blocktempo.com/irish-government-loses-access-to-its-seized-bitcoin/ 金管會首開「銀行保管比特幣」！預計明年Q1試辦，3業者入局 https://www.blocktempo.com/the-financial-supervisory-commission-opens-the-first-bank-bitcoin-expected-to-hit-the-road-next-year/ 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 惡意程式Perfctl鎖定數百萬臺Linux伺服器而來 https://www.ithome.com.tw/news/165359 勒索軟體MedusaLocker出現變種BabyLockerKZ，歐盟、南美國家皆出現受害組織 https://blog.talosintelligence.com/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/ 馬來西亞駭客組織DragonForce 利用改良版LockBit和Conti勒索軟體發動攻擊 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11281 JPCERT分享Windows事件檢視器技巧有助發現勒索軟體攻擊 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11292 駭客偽裝成求職者散布後門程式More_eggs https://www.ithome.com.tw/news/165360 駭客濫用萬國碼在電商網站埋藏側錄工具Mongolian Skimmer https://jscrambler.com/blog/the-mongolian-skimmer Spyware Targeting iOS Devices in Western Europe: Analysis of Capabilities https://www.linkedin.com/pulse/xagent-spyware-targeting-ios-devices-western-europe-dmitry-bestuzhev-xunle/ New Gorilla Botnet Launches Over 300,000 DDoS Attacks Across 100 Countries https://thehackernews.com/2024/10/new-gorilla-botnet-launches-over-300000.html GoldenJackal Target Embassies and Air-Gapped Systems Using Malware Toolsets https://thehackernews.com/2024/10/goldenjackal-target-embassies-and-air.html Gamers Tricked Into Downloading Lua-Based Malware via Fake Cheating Script Engines https://thehackernews.com/2024/10/gamers-tricked-into-downloading-lua.html Contagious Interview: DPRK Threat Actors Lure Tech Industry Job Seekers to Install New Variants of BeaverTail and InvisibleFerret Malware https://unit42.paloaltonetworks.com/north-korean-threat-actors-lure-tech-job-seekers-as-fake-recruiters/ SUSP_GIF_Anomalies_RID2D89 - Steam Cache files hitting for unique yara rule https://otx.alienvault.com/pulse/670526393b32ccd989877578 B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 Google開始釋出安卓裝置的防盜功能 https://www.ithome.com.tw/news/165357 蘋果發布iPhone、iPad更新，修補VoiceOver可能洩露密碼的漏洞 https://www.ithome.com.tw/news/165367 Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability https://thehackernews.com/2024/10/apple-releases-critical-ios-and-ipados.html Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks https://thehackernews.com/2024/10/android-14-adds-new-security-features.html Google Blocks Unsafe Android App Sideloading in India for Improved Fraud Protection https://thehackernews.com/2024/10/google-blocks-unsafe-android-app.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 零信任之父親臨SEMICON Taiwan 2024，親自導讀零信任架構 https://www.ithome.com.tw/news/165397 俄羅斯駭客APT29鎖定Zimbra、TeamCity伺服器下手 https://www.bleepingcomputer.com/news/security/us-uk-warn-of-russian-apt29-hackers-targeting-zimbra-teamcity-servers/ 卡西歐傳出遭到網路攻擊 https://www.securityweek.com/casio-hit-by-cyberattack/ Unix列印套件CUPS漏洞可被用於發動DDoS攻擊 https://www.ithome.com.tw/news/165391 殭屍網路Gorilla發動超過30萬次DDoS攻擊，範圍橫跨100個國家 https://nsfocusglobal.com/over-300000-gorillabot-the-new-king-of-ddos-attacks/ 半導體IC設計業者世芯電子網站遭遇DDoS攻擊 https://mops.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=211109&SPOKE_DATE=20241007&COMPANY_ID=3661 儲存設備業者喬鼎資訊發布重大訊息，證實遭遇網路攻擊 https://mops.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=180811&SPOKE_DATE=20241007&COMPANY_ID=3057 資安業者Cloudflare揭露流量達到3.8 Tbps的DDoS攻擊事故 https://www.ithome.com.tw/news/165362 Cloudflare Thwarts Largest-Ever 3.8 Tbps DDoS Attack Targeting Global Sectors https://thehackernews.com/2024/10/cloudflare-thwarts-largest-ever-38-tbps.html 台塑化、緯創、聯電與多個公家單位遭DDoS攻擊，親俄駭客對臺灣的政府與企業網站發動第二波攻勢 https://www.ithome.com.tw/news/165356 中國駭客Salt Typhoon入侵美國ISP業者，可能已滲透竊聽系統 https://www.ithome.com.tw/news/165354 美國公用事業American Water傳出遭駭客入侵 https://www.ithome.com.tw/news/165388 北韓駭客Andariel針對美國企業組織發動勒索軟體攻擊 https://symantec-enterprise-blogs.security.com/threat-intelligence/stonefly-north-korea-extortion SHROUDED#SLEEP: A Deep Dive into North Korea’s Ongoing Campaign Against Southeast Asi https://www.securonix.com/blog/shroudedsleep-a-deep-dive-into-north-koreas-ongoing-campaign-against-southeast-asia/ WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks https://thehackernews.com/2024/10/wordpress-litespeed-cache-plugin.html Vulnerable APIs and Bot Attacks Costing Businesses Up to $186 Billion Annually https://thehackernews.com/2024/10/vulnerable-apis-and-bot-attacks-costing.html THN Cybersecurity Recap: Top Threats and Trends (Sep 30 - Oct 6) https://thehackernews.com/2024/10/thn-cybersecurity-recap-top-threats-and.html Cyberattack Group 'Awaken Likho' Targets Russian Government with Advanced Tools https://thehackernews.com/2024/10/cyberattack-group-awaken-likho-targets.html Pro-Ukrainian Hackers Strike Russian State TV on Putin's Birthday https://thehackernews.com/2024/10/pro-ukrainian-hackers-strike-russian.html Bohemia and Cannabia Dark Web Markets Taken Down After Joint Police Operation https://thehackernews.com/2024/10/bohemia-and-cannabia-dark-web-markets.html OpenAI Blocks 20 Global Malicious Campaigns Using AI for Cybercrime and Disinformation https://thehackernews.com/2024/10/openai-blocks-20-global-malicious.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 網傳PChome疑似資料庫外洩，網路家庭澄清並無此事，研判用戶帳號盜用可能遭撞庫攻擊 https://www.ithome.com.tw/news/165347 Whoscall：三成台灣人遇到詐騙後一小時內受騙 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11283 Zoom文件共用功能遭到濫用，駭客企圖竊取用戶的微軟帳號 https://cofense.com/blog/from-collaboration-to-deception-the-zoom-phishing-threat 樂高網站遭入侵，駭客竄改內容從事加密貨幣詐騙 https://www.ithome.com.tw/news/165394 幫使用者過濾釣魚網站，Google搜尋測試藍勾勾功能 https://www.ithome.com.tw/news/165358 樂天平台賣苦茶油 女登入後台加LINE遭詐19萬 https://reurl.cc/XRb4qD 成衣公司假交易真詐騙 多家銀行2年被詐上億 https://reurl.cc/2jOE5X 富達投資被駭，7.7萬客戶資料外洩 https://www.ithome.com.tw/news/165431 Internet Archive遭駭，逾3,100萬筆帳號外洩 https://www.ithome.com.tw/news/165426 涉假交易詐銀行上億元 鋕達實業負責人被搜索約談 https://video.ltn.com.tw/article/t1-rY8LsMzk/PLI7xntdRxhw0r6oz4YWJY9xRScLkoe0Wi Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks https://thehackernews.com/2024/10/microsoft-detects-growing-use-of-file.html U.S. and Microsoft Seize 107 Russian Domains in Major Cyber Fraud Crackdown https://thehackernews.com/2024/10/us-and-microsoft-seize-107-russian.html E.U. Court Limits Meta's Use of Personal Facebook Data for Targeted Ads https://thehackernews.com/2024/10/eu-court-limits-metas-use-of-personal.html Social Media Accounts: The Weak Link in Organizational SaaS Security https://thehackernews.com/2024/10/social-media-accounts-weak-link-in.html Cybercriminals Use Unicode to Hide Mongolian Skimmer in E-Commerce Platforms https://thehackernews.com/2024/10/cybercriminals-use-unicode-to-hide.html E.研究報告/工具 SQL Server遭鎖定，駭客得逞後運用遠端管理工具GotoHTTP進行控制 https://www.ithome.com.tw/news/165370 如何防禦 DDoS 攻擊：最佳實踐與有效策略指南 https://www.securityverse.tw/index.php/2024/09/15/elementor-1470/ MegaMedusa, RipperSec’s Public Web DDoS Attack Tool https://www.radware.com/blog/security/2024/08/megamedusa-rippersec-public-web-ddos-attack-tool/ MegaMedusa Machine Layer-7 DDoS Tool v3.2 https://github.com/TrashDono/MegaMedusa Medusa - DoS Attack Script to bypass Cloudflare https://github.com/FujiwaraChoki/medusa Streaming vulnerabilities from Windows Kernel - Proxying to Kernel - Part I https://devco.re/blog/2024/08/23/streaming-vulnerabilities-from-windows-kernel-proxying-to-kernel-part1/ Streaming vulnerabilities from Windows Kernel - Proxying to Kernel - Part II https://devco.re/blog/2024/10/05/streaming-vulnerabilities-from-windows-kernel-proxying-to-kernel-part2/ A Beginner’s guide into Router Hacking and Firmware Emulation https://secnigma.wordpress.com/2022/01/18/a-beginners-guide-into-router-hacking-and-firmware-emulation/ The orginal RDPthief https://github.com/0x09AL/RdpThief Now as a Powershell script made by The-Viper-One (not on X afaik) https://github.com/The-Viper-One/Invoke-RDPThief Pentesting 101: Kubernetes Pentesting Complete Guide for Beginners https://cloud.hacktricks.xyz/pentesting-cloud/kubernetes-security The Secret Weakness Execs Are Overlooking: Non-Human Identities https://thehackernews.com/2024/10/the-secret-weakness-execs-are.html New Case Study: The Evil Twin Checkout Page https://thehackernews.com/2024/10/new-case-study-evil-twin-checkout-page.html TIDRONE Targets Military and Satellite Industries in Taiwan https://www.trendmicro.com/en_us/research/24/i/tidrone-targets-military-and-satellite-industries-in-taiwan.html 6 Simple Steps to Eliminate SOC Analyst Burnout https://thehackernews.com/2024/10/6-simple-steps-to-eliminate-soc-analyst.html OpenBAS: A Powerful Open-Source Platform for Cyber Adversary Simulations https://securityonline.info/openbas-a-powerful-open-source-platform-for-cyber-adversary-simulations/#google_vignette イセトーのランサムウェア被害、感染経路はVPN　調査結果で明らかに https://www.itmedia.co.jp/enterprise/articles/2410/09/news078.html#utm_term=share_sp How Hybrid Password Attacks Work and How to Defend Against Them https://thehackernews.com/2024/10/how-hybrid-password-attacks-work-and.html F.商業 How to Get Going with CTEM When You Don't Know Where to Start https://thehackernews.com/2024/10/how-to-get-going-with-ctem-when-you.html 趨勢科技：裝置與帳號為高風險資產 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11286 Gartner發佈2024年數位政務服務技術成熟度曲線： 六項技術將在五年內產生顛覆性影響 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11290 M365端點防護可偵測不安全的Wi-Fi網路，並提供VPN保護連線內容 https://www.ithome.com.tw/news/165274 Google Joins Forces with GASA and DNS RF to Tackle Online Scams at Scale https://thehackernews.com/2024/10/google-joins-forces-with-gasa-and-dns.html Gogolook揭露併購ScamAdviser的後續發展 https://www.ithome.com.tw/news/165220 G.政府 2024資安法修法條文面面觀 https://www.ithome.com.tw/article/165317 台灣成為駭客攻擊熱點 數發部長黃彥男坦言：被當試驗場 https://udn.com/news/story/7239/8281373 防詐騙！數發部：網路詐騙通報查詢網APP開放下載測試 https://reurl.cc/dyoL2z 數位發展部部長黃彥男 推動 AI 分級 控管風險 https://udn.com/news/story/7241/8222317 王世堅痛罵「飯桶數發部」 劉世芳備詢台上忍不住偷笑 https://reurl.cc/4dMj1j 數發部「網路詐騙通報查詢網」拖到 12 月上線，APP 開發費用 1300 萬 https://abmedia.io/moda-fraud-report-platform-delayed H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 美國CISA：駭客使用「簡易手法」攻擊工控系統 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11291 西門子電力監控設備存在重大漏洞，攻擊者有機會輕易得到管理權限 https://cert-portal.siemens.com/productcert/html/ssa-850560.html 車輛電子控制元件ECU存在嚴重漏洞，駭客有可能藉此掌控 https://securityonline.info/critical-zero-day-automotive-systems-vulnerabilities-exposed/ I.教育訓練 資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 資訊安全系列課程 2024/10/12 https://www.accupass.com/event/2407011633417884074930 Simple curcuits and LEDs 2024/10/12 https://www.meetup.com/electronics-workshop/events/303213155/ Just a chat - with no Expectations 2024/10/12 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/303580882/ Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/10/15 https://www.meetup.com/taiwan-code-camp/events/303638715/ 從數據到智慧：ELK在AI/ML的產業應用案例分享 2024/10/16 https://www.accupass.com/event/2407160249006539823800 SyntaxError 2024/10/16 https://www.meetup.com/pythonhug/events/303660161/ AgileGirls 2024十月聚會：從建立個人品牌到實踐數位游牧 2024/10/16 https://agilecommtw.kktix.cc/events/agilegirls202410 Taipei dbt Meetup #28 for all folks working with data! (Hybrid 👫 + 🧑‍💻)2024/10/16 https://www.meetup.com/taipei-dbt-meetup/events/303598095/ HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會 淡水 2024/10/17 https://www.meetup.com/hackingthursday/events/303681206/ 小紅書、Tiktok及網路社群中的性別與統戰議題 2024/10/17 https://www.accupass.com/event/2409250632161255214277 第二屆台南Web3產業國際博覽會 TAINAN WEB3 INTERNATIONAL FAIR 2024/10/18 https://www.accupass.com/event/2406150525111725753130 Rust 1.82 Release Party 2024/10/19 https://www.meetup.com/taipei-rust-users-group/events/303481501/ Just a chat - with no Expectations 2024/10/19 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/lsmkqsygcnbzb/ Taoyuan WordPress Café 桃園咖啡小聚 #41 2024/10/19 https://www.meetup.com/taoyuan-wordpress-meetup/events/303579694 資安沙龍活動 2024/10/22 https://csa.kktix.cc/events/s-salon Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/10/22 https://www.meetup.com/taiwan-code-camp/events/xfxtjtygcnbdc/ SyntaxError 2024/10/23 https://www.meetup.com/pythonhug/events/pqnsctygcnbfc/ 數位轉型 永續前行-永續轉型下一步，資拓宏宇打造雲端智能生態圈 2024/10/23 https://www.accupass.com/event/2409040538442023020384 破解資安挑戰：應對開發人才短缺及安全漏洞 2024/10/24 https://www.accupass.com/event/2409230215124045210950 HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會 淡水 2024/10/24 https://www.meetup.com/hackingthursday/events/psspctygcnbgc/ Vault 實戰工作坊：配置、策略與治理，打造堅不可摧的企業級資料防護 2024/10/25 https://www.accupass.com/event/2409100237076012078380 Just a chat - with no Expectations 2024/10/26 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/lsmkqsygcnbjc/ MOPCON 2024 行動科技年會 - 早鳥票 / 一般票 / 團體票 2024/10/26 - 2024/10/27 https://mopcon.kktix.cc/events/mopcon-2024 Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/10/29 https://www.meetup.com/taiwan-code-camp/events/xfxtjtygcnbmc/ Jamf Nation Live 2024 台北站 - 教育經驗分享專場 2024/10/29 https://jamf.kktix.cc/events/jamfnationlive-2024-edu HITCON Cyber Range 2024 企業藍隊－競賽導覽 2024/10/30 https://hitcon.kktix.cc/events/hitcon-cr-2024-guidedtour HITCON Enterprise 2024 台灣駭客年會 2024/10/30 https://hitcon.kktix.cc/events/hitcon-ent-2024 SyntaxError 2024/10/30 https://www.meetup.com/pythonhug/events/pqnsctygcnbnc/ Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/10/30 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/303635198/ HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會 淡水 2024/10/31 https://www.meetup.com/hackingthursday/events/psspctygcnbpc/ Just a chat - with no Expectations 2024/11/2 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/lsmkqsygcpbdb/ 【安碁學苑】資安職能培訓｜安全程式開發管理師 2024/11/23 ~ 2024/12/21 https://acsiacad.kktix.cc/events/308914 Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/11/27 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/bmzxltygcpbkc/ 【2024 RMN ASIA】AI 驅動零售變革 · RMN重新定義行銷生態 2024/11/28 https://www.accupass.com/event/2409050256092193763570 【TIRI線上董事、公司治理主管進修課程】漫談資安治理的盲點與對策 2024/11/29 https://www.accupass.com/event/2408290602361963077719 Threat Analyst Summit 2024 威脅分析師高峰會 2024/12/11 ~ 2024/12/12 https://teamt5tw.kktix.cc/events/tas2024 Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/12/25 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/bmzxltygcqbhc/