###### tags: `資安事件新聞週報` # 資安事件新聞週報 2025/4/7 ~ 2025/4/11 1.重大弱點漏洞/後門/Exploit/Zero Day Fortinet FortiWeb存在高風險弱點CVE-2025-25254 https://nvd.nist.gov/vuln/detail/CVE-2025-25254 https://www.fortiguard.com/psirt/FG-IR-24-474 https://www.tenable.com/plugins/nessus/234005 Fortinet修補交換器FortiSwitch重大層級漏洞，若不處理攻擊者能竄改密碼 https://thehackernews.com/2025/04/fortinet-urges-fortiswitch-upgrades-to.html Fortinet Fortigate存在高風險弱點 https://www.tenable.com/plugins/nessus/234003 https://www.fortiguard.com/psirt/FG-IR-24-046 https://nvd.nist.gov/vuln/detail/CVE-2024-50565 https://nvd.nist.gov/vuln/detail/CVE-2024-26013 Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Change Flaw https://thehackernews.com/2025/04/fortinet-urges-fortiswitch-upgrades-to.html Critical FortiSwitch flaw lets hackers change admin passwords remotely https://www.bleepingcomputer.com/news/security/critical-fortiswitch-flaw-lets-hackers-change-admin-passwords-remotely/ F5 Networks BIG-IP存在高風險弱點 https://www.tenable.com/plugins/nessus/233978 https://my.f5.com/manage/s/article/K000150749 https://nvd.nist.gov/vuln/detail/cve-2024-4032 Palo Alto Networks PAN-OS存在高風險弱點 https://www.tenable.com/plugins/nessus/234100 https://www.tenable.com/plugins/nessus/234092 https://security.paloaltonetworks.com/CVE-2025-0126 https://security.paloaltonetworks.com/CVE-2025-0127 駭客利用近2.4萬個IP位址掃描Palo Alto Networks GlobalProtect登入網站 https://www.ithome.com.tw/news/168288 Palo Alto Networks Warns of Brute-Force Attempts Targeting PAN-OS GlobalProtect Gateways https://thehackernews.com/2025/04/palo-alto-networks-warns-of-brute-force.html Juniper Junos OS存在高風險弱點 https://www.tenable.com/plugins/nessus/234094 https://www.tenable.com/plugins/nessus/234097 https://www.tenable.com/plugins/nessus/234093 https://www.tenable.com/plugins/nessus/234089 https://www.tenable.com/plugins/nessus/234088 https://www.tenable.com/plugins/nessus/234087 https://www.tenable.com/plugins/nessus/234086 https://www.tenable.com/plugins/nessus/234085 http://www.nessus.org/u?9266b766 http://www.nessus.org/u?c25dcbdd http://www.nessus.org/u?e936a87d http://www.nessus.org/u?2c9dac5e http://www.nessus.org/u?9d6f340d http://www.nessus.org/u?fd1ad581 http://www.nessus.org/u?426e19f4 https://nvd.nist.gov/vuln/detail/CVE-2025-30645 https://nvd.nist.gov/vuln/detail/CVE-2025-30648 https://nvd.nist.gov/vuln/detail/CVE-2025-30649 https://nvd.nist.gov/vuln/detail/CVE-2025-30660 https://nvd.nist.gov/vuln/detail/CVE-2025-30658 https://nvd.nist.gov/vuln/detail/CVE-2025-30656 https://nvd.nist.gov/vuln/detail/CVE-2025-30659 https://nvd.nist.gov/vuln/detail/CVE-2025-21601 HPE Aruba Networking Virtual Intranet Access存在高風險弱點 https://www.tenable.com/plugins/nessus/233997 http://www.nessus.org/u?64b63dc1 https://nvd.nist.gov/vuln/detail/CVE-2025-25041 https://nvd.nist.gov/vuln/detail/cve-2024-3661 思科發布Meraki、Enterprise Chat and Email設備更新，修補阻斷服務漏洞 https://www.securityweek.com/vulnerabilities-expose-cisco-meraki-and-ece-products-to-dos-attacks/ 微軟發布4月份例行更新，修補已被用於勒索軟體攻擊的CLFS零時差漏洞 https://www.ithome.com.tw/news/168323 Windows 11 April update unexpectedly creates new 'inetpub' folder https://www.bleepingcomputer.com/news/microsoft/windows-11-april-update-unexpectedly-creates-new-inetpub-folder/ Microsoft: April 2025 updates break Windows Hello on some PCs https://www.bleepingcomputer.com/news/microsoft/microsoft-april-2025-updates-break-windows-hello-on-some-pcs/ Microsoft .NET Core存在高風險弱點CVE-2025-26682 https://www.tenable.com/plugins/nessus/234051 https://dotnet.microsoft.com/download/dotnet/8.0 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26682 https://dotnet.microsoft.com/download/dotnet/9.0 https://github.com/dotnet/announcements/issues/353 http://www.nessus.org/u?f84a2dd2 http://www.nessus.org/u?a63b5dd1 Microsoft Patches 125 Flaws Including Actively Exploited Windows CLFS Vulnerability https://thehackernews.com/2025/04/microsoft-patches-126-flaws-including.html Ivanti漏洞風險從「低」升級為「關鍵」：中國駭客組織UNC5221積極利用中 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11790 Ivanti SSL VPN漏洞攻擊拉警報，全球5千臺伺服器曝險 https://www.ithome.com.tw/news/168319 Dell 發布Dell Unity、Dell UnityVSA 和 Dell Unity XT 儲存系統中的多個安全性更新 https://www.ithome.com.tw/news/168192 https://www.dell.com/support/kbdoc/zh-tw/000300090/dsa-2025-116-security-update-for-dell-unity-dell-unityvsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities Rarlab 發布 WinRAR 的安全性更新 https://www.ithome.com.tw/news/168267 https://nvd.nist.gov/vuln/detail/CVE-2025-31334 https://jvn.jp/en/jp/JVN59547048/ Joomla存在高風險弱點CVE-2025-25227 https://nvd.nist.gov/vuln/detail/CVE-2025-25227 https://www.tenable.com/plugins/nessus/234029 http://www.nessus.org/u?a1091557 http://www.nessus.org/u?65247bfd http://www.nessus.org/u?26a07d6d SAP修補重大層級程式碼注入漏洞、身分驗證繞過漏洞 https://www.ithome.com.tw/news/168325 CentreStack RCE exploited as zero-day to breach file sharing servers https://www.bleepingcomputer.com/news/security/centrestack-rce-exploited-as-zero-day-to-breach-file-sharing-servers/ Langflow存在高風險弱點CVE-2025-3248 https://nvd.nist.gov/vuln/detail/CVE-2025-3248 https://www.horizon3.ai/attack-research/disclosures/unsafe-at-any-speed-abusing-python-exec-for-unauth-rce-in-langflow-ai/?fbclid=IwY2xjawJkklpleHRuA2FlbQIxMAABHulLqfA1c57RdmRCnixyQBW66oG0yGuCvrsmr_fFcEuDWs77paff6nCP2NeW_aem__M4Xp9alErKZR6wDslPUWg Yelp存在弱點CVE-2025-3155 https://nvd.nist.gov/vuln/detail/CVE-2025-3155 Sqlite存在高風險弱點CVE-2025-29087 https://nvd.nist.gov/vuln/detail/CVE-2025-29087 WinRAR含有可繞過微軟MotW安全警告的漏洞 https://www.ithome.com.tw/news/168267 開源欄式儲存格式Apache Parquet含有可被執行任意程式碼的嚴重漏洞 https://www.ithome.com.tw/news/168266 Critical Flaw in Apache Parquet Allows Remote Attackers to Execute Arbitrary Code https://thehackernews.com/2025/04/critical-flaw-in-apache-parquet-allows.html 駭客鎖定CrushFTP已知漏洞，以便在受害組織持續活動 https://www.securityweek.com/threat-actors-set-up-persistent-access-to-hosts-hacked-in-crushftp-attacks/ CISA Adds CrushFTP Vulnerability to KEV Catalog Following Confirmed Active Exploitation https://thehackernews.com/2025/04/cisa-adds-crushftp-vulnerability-to-kev.html CISA Warns of CentreStack's Hard-Coded MachineKey Vulnerability Enabling RCE Attacks https://thehackernews.com/2025/04/cisa-warns-of-centrestacks-hard-coded.html Adobe Patches 11 Critical ColdFusion Flaws Amid 30 Total Vulnerabilities Discovered https://thehackernews.com/2025/04/adobe-patches-11-critical-coldfusion.html Lovable AI Found Most Vulnerable to VibeScamming — Enabling Anyone to Build Live Scam Pages https://thehackernews.com/2025/04/lovable-ai-found-most-vulnerable-to.html OttoKit WordPress Plugin Admin Creation Vulnerability Under Active Exploitation https://thehackernews.com/2025/04/ottokit-wordpress-plugin-admin-creation.html Incomplete Patch in NVIDIA Toolkit Leaves CVE-2024-0132 Open to Container Escapes https://thehackernews.com/2025/04/incomplete-patch-in-nvidia-toolkit.html Kibana存在原型汙染威脅，攻擊者恐用於注入程式碼 https://securityonline.info/kibana-code-injection-vulnerability-prototype-pollution-threat-cve-2024-12556/ Joomla存在SQL注入漏洞，以及可繞過多因素驗證的弱點 https://securityonline.info/joomla-security-alert-critical-sql-injection-mfa-bypass-vulnerabilities-uncovered/ Google將修補已存在23年的瀏覽器歷史記錄洩露漏洞 https://www.ithome.com.tw/news/168292 OpenVPN存在資安弱點，若不處理恐被用於癱瘓伺服器運作 https://www.ithome.com.tw/news/168295 2.銀行/金融/保險/證券/金融監理 新聞及資安 兼顧資安與合規需求 IaC 助攻國泰金控踏穩上雲之路 https://www.cool3c.com/article/238410 日本金融界多敢用GAI https://www.ithome.com.tw/voice/168012 新光金控資安保證 通過 ISO/IEC 27001：2022國際驗證 https://money.udn.com/money/story/5613/8646792 駭客組織FIN7利用後門程式Anubis挾持Windows電腦 https://thehackernews.com/2025/04/fin7-deploys-anubis-backdoor-to-hijack.html 3.信用卡/電子支付/行動支付/pay/支付系統/資安 PyPI 平台發現惡意套件竊取敏感資訊並測試盜刷信用卡 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11800 PCI DSS v4.0：支付安全的新版標準 https://www.bsigroup.com/zh-TW/blog/Cybersecurity-and-Information-Resilience-Blog/2024/pci-dss-v4.0-the-new-standard-for-payment-security/ TWQR是什麼？支援哪些電子支付？LINE Pay可以用嗎？TWQR懶人包來了 https://www.bnext.com.tw/article/82727/what-is-twqr-2025 日韓電子支付有哪些？全支付、街口支付、一卡通回饋一次看 https://reurl.cc/QY4gm2 台灣電子支付已跨日韓 那PayPay等外國業者何時登台 https://vip.udn.com/vip/story/121938/8636122 TWQR乘車碼上線 https://www.bnext.com.tw/article/82709/twqr-transit-code 財金公司超給力 「TWQR乘車碼」刷進高雄捷運 https://www.ctee.com.tw/news/20250324701550-430503 Apple Pay安全嗎？會發生Apple Pay盜刷3原因和用戶如何防範 https://mrmad.com.tw/is-apple-pay-safe 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 泰國修訂法律以加強監管外國加密貨幣 P2P 交易平臺 https://www.mitrade.com/zh/insights/news/live-news/article-3-749346-20250409 下一代加密項目需構建更具協作性的代幣經濟學和市場結構 https://www.mitrade.com/zh/insights/news/live-news/article-3-749323-20250409 美國司法部解散加密貨幣執法小組，轉向重點打擊犯罪集團 https://technews.tw/2025/04/09/ncet/ 美國司法部減小對加密貨幣行業的執法力度 https://reurl.cc/0KEGko 美國司法部「解散加密貨幣執法部門」：會減少針對交易所、混幣器和冷錢包案件追查 https://www.blocktempo.com/us-department-of-justice-disbands-cryptocurrency-enforcement-unit/ 說好的「加密幣總統」？川普關稅重擊　比特幣重摔10%破7.8萬美元 https://www.ettoday.net/news/20250407/2938534.htm 美國比特幣挖礦崩盤「其實有賺頭？」礦企專家：川普關稅會讓其他國家礦機變超便宜 https://www.blocktempo.com/trumps-reciprocal-tariffs-could-make-bitcoin-mining-machines-in-asia-cheaper/ 渣打銀行唱多 XRP瑞波幣！預測未來 3 年暴漲 500% 、市值超越以太幣 https://blockcast.it/2025/04/09/standard-chartered-sees-xrp-jumping-over-500percent-to-12-50usd-by-2028/ 西班牙逮捕6名從事加密貨幣投資詐騙的嫌犯，不法所得近2千萬歐元 https://www.bleepingcomputer.com/news/security/six-arrested-for-ai-powered-investment-scams-that-stole-20-million/ 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 全球資安機構聯合示警：勒索軟體集團和國家級駭客廣泛使用Fast Flux 技術 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11789 中國駭客透過網路論壇散布惡意程式，針對臺灣、維吾爾、圖博人士而來 https://www.ithome.com.tw/news/168378 散布挖礦軟體的惡意VSCode延伸套件下載百萬次，有灌水騙取信任之嫌 https://www.ithome.com.tw/news/168294 中國駭客ToddyCat鎖定ESET防毒漏洞而來，以此暗中載入惡意程式 https://www.ithome.com.tw/news/168330 殭屍網路鎖定中國廠牌TVT的DVR設備，單日攻擊的IP位址數量超過2500個 https://www.ithome.com.tw/news/168347 惡意PyPI套件鎖定WooCommerce電子商務網站而來，已被下載3.4萬次 https://www.bleepingcomputer.com/news/security/carding-tool-abusing-woocommerce-api-downloaded-34k-times-on-pypi/ 勒索軟體Everest暗網網站遭到破壞，研究人員指出攻擊者利用WordPress漏洞得逞 https://www.bleepingcomputer.com/news/security/everest-ransomwares-dark-web-leak-site-defaced-now-offline/ 駭客假借提供Office附加元件為幌子，意圖在俄羅斯散布RAT木馬及挖礦軟體 https://thehackernews.com/2025/04/cryptocurrency-miner-and-clipper.html 烏克蘭遭到鎖定，駭客企圖透過惡意Excel檔案散布竊資軟體GiftedCrook https://thehackernews.com/2025/04/uac-0226-deploys-giftedcrook-stealer.html 美國感應器製造商Sensata遭勒索軟體攻擊 https://www.ithome.com.tw/news/168374 勒索軟體駭客組織Hunters International轉換攻擊策略，專注竊取資料並向企業勒索 https://securityboulevard.com/2025/04/hunters-international-dumps-ransomware-goes-full-on-extortion/ 北韓駭客Lazarus透過NPM套件散布惡意軟體BeaverTail，意圖竊取帳密資料及數位資產 https://www.ithome.com.tw/news/168291 PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware https://thehackernews.com/2025/04/pipemagic-trojan-exploits-windows-clfs.html 惡意程式AkiraBot濫用OpenAI的API，對網站表單進行轟炸 https://hackread.com/akirabot-abuses-openai-api-spam-website-contact-forms/ AkiraBot Targets 420,000 Sites with OpenAI-Generated Spam, Bypassing CAPTCHA Protections https://thehackernews.com/2025/04/akirabot-targets-420000-sites-with.html Critical Ivanti Flaw Actively Exploited to Deploy TRAILBLAZE and BRUSHFIRE Malware https://thehackernews.com/2025/04/critical-ivanti-flaw-actively-exploited.html OPSEC Failure Exposes Coquettte's Malware Campaigns on Bulletproof Hosting Servers https://thehackernews.com/2025/04/opsec-failure-exposes-coquetttes.html CERT-UA Reports Cyberattacks Targeting Ukrainian State Systems with WRECKSTEEL Malware https://thehackernews.com/2025/04/cert-ua-reports-cyberattacks-targeting.html Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware https://thehackernews.com/2025/04/microsoft-warns-of-tax-themed-email.html Malicious Python Packages on PyPI Downloaded 39,000+ Times, Steal Sensitive Data https://thehackernews.com/2025/04/malicious-python-packages-on-pypi.html North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages https://thehackernews.com/2025/04/north-korean-hackers-deploy-beavertail.html PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware https://thehackernews.com/2025/04/pipemagic-trojan-exploits-windows-clfs.html Europol Arrests Five SmokeLoader Clients Linked by Seized Database Evidence https://thehackernews.com/2025/04/europol-arrests-five-smokeloader.html New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner https://thehackernews.com/2025/04/new-tcesb-malware-found-in-active.html Malicious npm Package Targets Atomic Wallet, Exodus Users by Swapping Crypto Addresses https://thehackernews.com/2025/04/malicious-npm-package-targets-atomic.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 5款VPN 行動應用程式背景不單純！疑為與中國軍方有關的資安業者控制 https://www.ithome.com.tw/news/168272 5款APP破百萬人下載、「個資恐全被流出」！ iOS、安卓都淪陷 https://reurl.cc/RYvgge Meta修補電腦版WhatsApp可被用於欺騙的漏洞 https://www.securityweek.com/whatsapp-vulnerability-could-facilitate-remote-code-execution/ Verizon來電過濾App存在漏洞，攻擊者有機會存取其他用戶的事件記錄資料 https://www.bleepingcomputer.com/news/security/verizon-call-filter-api-flaw-exposed-customers-incoming-call-history/ 無線點對點檔案傳輸應用程式Quick Share存在弱點，可造成服務中斷、未經授權寫入檔案 https://www.ithome.com.tw/news/168270 Google發布4月份安卓例行更新，修補已遭利用的零時差漏洞 https://www.ithome.com.tw/news/168301 Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities https://thehackernews.com/2025/04/google-releases-android-update-to-patch.html SpyNote, BadBazaar, MOONSHINE Malware Target Android and iOS Users via Fake Apps https://thehackernews.com/2025/04/spynote-badbazaar-moonshine-malware.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 VMware 提告工業巨頭西門子使用盜版軟體達數千份，證據還是西門子自己交上來的 https://www.techbang.com/posts/122246-vmware-accused-industrial-giant-siemens-of-using-thousands 旅行箱製造商萬國通路遭遇網路攻擊 https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=3&SPOKE_TIME=174133&SPOKE_DATE=20250408&COMPANY_ID=9950 力特光電資訊系統遭受網路攻擊 https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=153258&SPOKE_DATE=20250407&COMPANY_ID=3051 第三方資安事件激增：2025 全球供應鏈資安事故報告揭攀升趨勢 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11783 俄羅斯駭客Gamaredon鎖定烏克蘭軍事行動而來，企圖透過外接式裝置竊取機密資料 https://www.bleepingcomputer.com/news/security/russian-hackers-attack-western-military-mission-using-malicious-drive/ 俄羅斯駭客EncryptHub遭起底，此人黑錢白錢都要拿，既從事網路犯罪卻又通報漏洞拿獎金 https://www.ithome.com.tw/news/168367 Microsoft Credits EncryptHub, Hacker Behind 618+ Breaches, for Disclosing Windows Flaws https://thehackernews.com/2025/04/microsoft-credits-encrypthub-hacker.html UAC-0226 Deploys GIFTEDCROOK Stealer via Malicious Excel Files Targeting Ukraine https://thehackernews.com/2025/04/uac-0226-deploys-giftedcrook-stealer.html Gamaredon Uses Infected Removable Drives to Breach Western Military Mission in Ukraine https://thehackernews.com/2025/04/gamaredon-uses-infected-removable.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 中國鎖定台積電赴美投資等時事對臺進行認知作戰，今年已出現超過51萬則爭議訊息 https://www.cna.com.tw/news/aipl/202504080109.aspx 傳甲骨文向雲端客戶通報資料外洩 https://www.ithome.com.tw/news/168322 AWS EC2自動化管理工具SSM Agent存在路徑穿越漏洞，攻擊者有機會用來執行任意指令碼、提升權限 https://www.ithome.com.tw/news/168346 AWS EC2代管的網站存在已知SSRF弱點，已被用於竊取AWS帳密資料 https://www.bleepingcomputer.com/news/security/hackers-target-ssrf-bugs-in-ec2-hosted-sites-to-steal-aws-credentials/ Hackers target SSRF bugs in EC2-hosted sites to steal AWS credentials https://www.bleepingcomputer.com/news/security/hackers-target-ssrf-bugs-in-ec2-hosted-sites-to-steal-aws-credentials/ Phishing kits now vet victims in real-time before stealing credentials https://www.bleepingcomputer.com/news/security/phishing-kits-now-vet-victims-in-real-time-before-stealing-credentials/ SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack https://thehackernews.com/2025/04/spotbugs-access-token-theft-identified.html CISA and FBI Warn Fast Flux is Powering Resilient Malware, C2, and Phishing Networks https://thehackernews.com/2025/04/cisa-and-fbi-warn-fast-flux-is-powering.html 網釣攻擊PoisonSeed鎖定CRM及行銷郵件管理系統而來，目標是進行供應鏈詐騙 https://www.bleepingcomputer.com/news/security/poisonseed-phishing-campaign-behind-emails-with-wallet-seed-phrases/ PoisonSeed Exploits CRM Accounts to Launch Cryptocurrency Seed Phrase Poisoning Attacks https://thehackernews.com/2025/04/poisonseed-exploits-crm-accounts-to.html 駭客假冒通行費收款機構E-ZPass發送iMessege與簡訊，意圖騙取民眾個資及信用卡資料 https://www.bleepingcomputer.com/news/security/toll-payment-text-scam-returns-in-massive-phishing-wave/ E.研究報告/工具 關於分分鐘拿下整個網域，你還疏忽了什麼 https://devco.re/blog/2025/04/10/taking-over-the-entire-domain-in-minutes-what-have-you-overlooked-in-active-directory/ Have We Reached a Distroless Tipping Point https://thehackernews.com/2025/04/have-we-reached-distroless-tipping-point.html Supercharging Security & Compliance with AI Copilots https://thehackernews.com/expert-insights/2025/04/supercharging-security-compliance-with.html Explosive Growth of Non-Human Identities Creating Massive Security Blind Spots https://thehackernews.com/2025/04/explosive-growth-of-non-human.html The Identities Behind AI Agents: A Deep Dive Into AI & NHI https://thehackernews.com/2025/04/the-identities-behind-ai-agents-deep.html F.商業 Gartner宣布2025年網路安全重要趨勢 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11785 來毅數位多因素身分認證MFA Keypasco獨家專利雙通道結構強化企業資安防護 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11784 SD-WAN革新企業網路 保障金融運作穩定與資訊安全 https://reurl.cc/EVGyav Gmail推出全程加密功能 https://www.ithome.com.tw/news/168220 中華資安注資奧義智慧6,500萬，共築AI資安防禦新格局 https://www.ithome.com.tw/news/168332 Google發表資安AI模型Sec-Gemini https://www.ithome.com.tw/news/168261 The New Frontier of Security Risk: AI-Generated Credentials https://thehackernews.com/expert-insights/2025/04/the-new-frontier-of-security-risk-ai.html Agentic AI in the SOC - Dawn of Autonomous Alert Triage https://thehackernews.com/2025/04/agentic-ai-in-soc-dawn-of-autonomous.html Initial Access Brokers Shift Tactics, Selling More for Less https://thehackernews.com/2025/04/initial-access-brokers-shift-tactics.html G.政府 國家資通安全戰略2025出爐 擬建立戰情協同應變中心 https://www.cna.com.tw/news/afe/202504090197.aspx 國家資通安全戰略2025本週正式公布 https://www.ithome.com.tw/news/168380 政府預算遭凍結危機敲響國安警鐘，資安業者面臨多重衝擊 https://www.ithome.com.tw/news/168271 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 九成醫療機構使用最具資安風險的物聯網設備 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11782 電網安全與你我高度相關！ MetaDefender Drive如何成為丹麥風力發電廠的深度防禦網路安全策略 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11781 殭屍網路鎖定中國廠牌TVT的DVR設備，單日攻擊的IP位址數量超過2500個 https://www.ithome.com.tw/news/168347 Rockwell、ABB、西門子、施耐德電機發布4月份例行更新 https://www.securityweek.com/ics-patch-tuesday-vulnerabilities-addressed-by-rockwell-abb-siemens-schneider/ I.教育訓練 資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 Tokyo Indie Hackers Meetup 2025/4/13 https://www.meetup.com/tokyo-indie-hackers/events/306891802/ CYBERSEC 2025 臺灣資安大會 2025/4/15 - 2025/4/17 https://cybersec.ithome.com.tw/2025/ Jamf 資安體驗館 - 2025 CYBERSEC 資安大會 2025/4/15 https://jamf.kktix.cc/events/cybersec2025-jamf Digital Rogue Meetup #07 2025/4/15 https://www.meetup.com/taiwan-digital-rogue/events/307040574/ 2025資安大會_數聯資安 AI 戰情室 2025/4/15 - 2025/4/17 https://www.accupass.com/event/2504010948318292701610 Taipei dbt Meetup #35 for all folks working with data! (Hybrid 👫 + 🧑‍💻) 2025/4/16 https://www.meetup.com/taipei-dbt-meetup/events/306748734/ How to Build a Side Hustle with AI in One Weekend 2025/4/16 https://www.meetup.com/shanghai-startup-idea-to-ipo/events/306699962/ How to build a team to run your SOC and SIEM 2025/4/16 https://www.meetup.com/manageengine-philippines-events/events/306912388/ 2025台灣產業AI化大調查暨AI落地指引發佈會 2025/4/17 https://www.accupass.com/event/2503100549105962692750 最即時的 7x24 MDR 服務 從雲端到端點，打造滴水不漏的防護網 2025/4/18 https://www.accupass.com/event/2503281010151330038742 GenAI 打開潘朵拉的盒子 ─「跨領域」和「面對未知」將成為新生存法則 2025/4/18 https://www.accupass.com/event/2503110835176314212290 Hack The Box Meetup: #1 2025/4/21 https://www.meetup.com/hack-the-box-meetup-ph/events/306862104/ Taipei dbt Meetup #35 for all folks working with data! (Hybrid 👫 + 🧑‍💻) 2025/4/23 https://www.meetup.com/taipei-dbt-meetup/events/306748734/ HYBRID EVENT 🌟 Cyber security basic training with Rakuten, session 1 2025/4/23 https://www.meetup.com/le-wagon-tokyo-coding-station/events/307018839/ [Online] Living off of Bitcoin 2025/4/24 https://www.meetup.com/philippine-bitcoiners/events/306825206/ [Online] Living off of Bitcoin 2025/4/24 https://www.meetup.com/philippine-bitcoiners/events/306825206/ MasterClass: Automated Content Creation & Social Media Management 2025/4/24 https://www.meetup.com/workoptional-ai-future-of-work/events/306253285/ [On-Line] AWS Global Community Gatherings #6 2025/4/25 https://www.meetup.com/awsglobalcommunitygatherings/events/306112237/ Agile Hsinchu 2025年3月份實體分享 2025/4/27 https://agilecommhc.kktix.cc/events/agilehsinchu20250427 AI 時代的資安新挑戰：如何讓開發更快速、更安全 2025/5/15 https://www.accupass.com/event/2503170831057559152230 Google Cloud Summit Taipei 2025/6/12 https://cloudonair.withgoogle.com/events/summit-taipei-2025 API 安全開發指南：漏洞修復與授權管理實務 2025/9/11-2025/9/12 https://www.accupass.com/event/2501021422337978365160