###### tags: `資安事件新聞週報` # 資安事件新聞週報 2025/3/10 ~ 2025/3/14 1.重大弱點漏洞/後門/Exploit/Zero Day 思科針對IOS XR設備發布2025上半年例行更新，修補10項資安漏洞 https://www.ithome.com.tw/news/167867 GitLab修補重大層級SAML身分驗證繞過漏洞 https://www.ithome.com.tw/news/167865 Kibana 已發布安全更新 https://www.ithome.com.tw/news/167726 產生JSON事件記錄的Python程式庫存在高風險漏洞，恐導致任意程式碼執行 https://securityonline.info/popular-python-logging-library-vulnerable-to-remote-code-execution-cve-2025-27607/ 微軟發布3月份例行更新，修補7個零時差漏洞、其中6個已出現攻擊行動 https://www.ithome.com.tw/news/167819 針對微軟修補的Win32核心子系統零時差漏洞，傳出在2年前就遭到利用 https://www.ithome.com.tw/news/167839 URGENT: Microsoft Patches 57 Security Flaws, Including 6 Actively Exploited Zero-Days https://thehackernews.com/2025/03/urgent-microsoft-patches-57-security.html Over 400 IPs Exploiting Multiple SSRF Vulnerabilities in Coordinated Cyber Attack https://thehackernews.com/2025/03/over-400-ips-exploiting-multiple-ssrf.html 蘋果修補WebKit零時差漏洞，此弱點疑似已被用於攻擊舊版iOS手機 https://www.ithome.com.tw/news/167823 Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks https://thehackernews.com/2025/03/apple-releases-patch-for-webkit-zero.html Meta Warns of FreeType Vulnerability (CVE-2025-27363) With Active Exploitation Risk https://thehackernews.com/2025/03/meta-warns-of-freetype-vulnerability.html QRadar environment on physical appliances in High Availability to 750UP11 can cause the secondary to fail to upgrade https://www.ibm.com/support/pages/node/7185609 IBM QRadar SIEM contains multiple vulnerabilities https://www.ibm.com/support/pages/node/7185353 Broadcom緊急修補VMware多款產品的零日漏洞，CISA列KEV目錄 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11698 CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV List https://thehackernews.com/2025/03/cisa-adds-five-actively-exploited.html GitHub Uncovers New ruby-saml Vulnerabilities Allowing Account Takeover Attacks https://thehackernews.com/2025/03/github-uncovers-new-ruby-saml.html 字型程式庫FreeType存在任意程式碼執行漏洞，傳出已被用於攻擊行動 https://www.bleepingcomputer.com/news/security/facebook-discloses-freetype-2-flaw-exploited-in-attacks/ 人工智慧語音辨識系統Nvidia Riva存在漏洞，恐被用於提升權限、資料竄改 https://securityonline.info/nvidia-addresses-security-vulnerabilities-in-nvidia-riva-with-software-update/ Google針對Chrome 134發布更新，修補影響Mac電腦GPU的零時差漏洞 https://securityonline.info/chrome-update-5-security-fixes-high-risk-flaws-addressed-asap/ Apache基金會修補Tomcat可被用於遠端執行程式碼、資訊洩露的漏洞 https://securityonline.info/cve-2025-24813-flaw-in-apache-tomcat-exposes-servers-to-rce-data-leaks-update-immediately/ SAP修補Commerce、NetWeaver高風險漏洞 https://www.securityweek.com/sap-patches-high-severity-vulnerabilities-in-commerce-netweaver/ Adobe修補Acrobat、InDesign、Illustrator任意程式碼執行漏洞 https://www.securityweek.com/patch-tuesday-critical-code-execution-bugs-in-acrobat-and-reader/ PHP已知CGI漏洞出現攻擊行動，駭客針對日本科技公司、電信業者、遊戲娛樂產業而來 https://www.ithome.com.tw/news/167763 軟體開發CI持續整合工具Jenkins修補多個中度風險漏洞，類型涵蓋CSRF、開放重新導向、機敏資訊曝露 https://www.ithome.com.tw/news/167764 2.銀行/金融/保險/證券/金融監理 新聞及資安 駭客組織FIN7、FIN8利用惡意程式Ragnar Loader從事勒索軟體攻擊 https://thehackernews.com/2025/03/fin7-fin8-and-others-use-ragnar-loader.html FIN7, FIN8, and Others Use Ragnar Loader for Persistent Access and Ransomware Operations https://thehackernews.com/2025/03/fin7-fin8-and-others-use-ragnar-loader.html 銀行帳戶「交易太頻繁」被鎖6個月！他怨擾民 網教一招避免 https://udn.com/news/story/120911/8607952 「扣款未吐鈔」郵局ATM驚傳大當機 中華電信曝初步判斷結果 https://udn.com/news/story/7266/8606233 郵局網路異常原因找到了　中華電信「尖峰切換網路設備」釀禍 https://www.ettoday.net/news/20250314/2925282.htm 3.信用卡/電子支付/行動支付/pay/支付系統/資安 信用卡詐騙防不勝防？中信銀行推「刷卡安全提醒」 https://inews.setn.com/news/1619502 中信銀APP全新升級！首創刷卡安全提醒　達成任務抽張學友演唱會門票 https://pinview.com.tw/News/40800.html 防盜刷有招！善用銀行APP卡片安全鎖 https://news.housefun.com.tw/news/article/197387456091.html LINE Pay日均額有望破20億元 金管會證實已申請改列電支 將來可儲值轉帳 https://reurl.cc/3K1rYV 報稅季指南：使用國稅局電子支付選項獲得快速、安全的服務；避免罰款和利息 https://seattlechinesetimes.com/2025/03/12/tax-season-guide-get-fast-secure-service-with-irs-electronic-payment-options-avoid-penalties-and-interest/ 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 Bybit遭遇史上最大加密貨幣竊案 https://www.ithome.com.tw/news/167851 U.S. Secret Service Seizes Russian Garantex Crypto Exchange Website https://thehackernews.com/2025/03/us-secret-service-seizes-russian.html Safe{Wallet} Confirms North Korean TraderTraitor Hackers Stole $1.5 Billion in Bybit Heist https://thehackernews.com/2025/03/safewallet-confirms-north-korean.html 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 駭客利用AI設置假的GitHub儲存庫，企圖散布惡意程式SmartLoader、Lumma Stealer https://securityonline.info/ai-powered-deception-fake-github-repositories-spread-smartloader-and-lumma-stealer/ 勒索軟體SuperBlack透過Fortinet身分驗證繞過漏洞入侵受害組織 https://www.bleepingcomputer.com/news/security/new-superblack-ransomware-exploits-fortinet-auth-bypass-flaws/ 北韓駭客組織Lazarus仿冒6個知名NPM套件，發動軟體供應鏈攻擊 https://www.ithome.com.tw/news/167821 北韓駭客Moonstone Sleet傳出將勒索軟體Qilin納入武器庫 https://www.ithome.com.tw/news/167778 勒索軟體Black Basta、Cactus持續在受害組織活動，共通點是都用惡意軟體BackConnect攻擊 https://www.ithome.com.tw/news/167786 透過影音串流平臺散布惡意程式出現新手法！駭客要脅YouTuber必須協助散布惡意連結換取頻道不被關閉，藉此向觀眾散布惡意程式SilentCryptoMiner https://gbhackers.com/cybercriminals-exploit-youtubers-to-spread-silentcryptominer/ 惡意PyPI軟體set-utils從區塊鏈交易攔截以太坊私鑰搜括錢包 https://socket.dev/blog/new-pypi-malware-exfiltrates-ethereum-private-keys 逾1千個WordPress網站遭植入JavaScript後門程式 https://thehackernews.com/2025/03/over-1000-wordpress-sites-infected-with.html 惡意Chrome延伸套件偽裝成密碼管理工具展開攻擊 https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-can-spoof-password-managers-in-new-attack/ OBSCURE#BAT Malware Uses Fake CAPTCHA Pages to Deploy Rootkit r77 and Evade Detection https://thehackernews.com/2025/03/obscurebat-malware-uses-fake-captcha.html New MassJacker Malware Targets Piracy Users, Hijacking Cryptocurrency Transactions https://thehackernews.com/2025/03/new-massjacker-malware-targets-piracy.html Live Ransomware Demo: See How Hackers Breach Networks and Demand a Ransom https://thehackernews.com/2025/03/live-ransomware-demo-see-how-hackers.html This Malicious PyPI Package Stole Ethereum Private Keys via Polygon RPC Transactions https://thehackernews.com/2025/03/this-malicious-pypi-package-stole.html Microsoft Warns of Malvertising Campaign Infecting Over 1 Million Devices Worldwide https://thehackernews.com/2025/03/microsoft-warns-of-malvertising.html Remcos RAT Targets Europe: New AMSI and ETW Evasion Tactics Uncovered https://www.sonicwall.com/blog/remcos-rat-targets-europe-new-amsi-and-etw-evasion-tactics-uncovered The Evolution of Dark Caracal Tools: Campaign Analysis Using the Poco RAT https://www.ptsecurity.com/ru-ru/research/pt-esc-threat-intelligence/ehvolyuciya-instrumentov-dark-caracal-analiz-kampanii-s-ispolzovaniem-poco-rat/#id14 New DDoS Botnet Discovered: Over 30,000 Hacked Devices, Majority of Observed Activity Traced to Iran https://www.greynoise.io/blog/new-ddos-botnet-discovered Astrill VPN and DPRK Remote Worker Fraud https://storage.googleapis.com/spur-astrill-vpn/ips.txt https://spur.us/astrill-vpn-and-remote-worker-fraud/ 勒索軟體Medusa攻擊持續升溫，今年1、2月已有超過40家企業組織受害 https://www.ithome.com.tw/news/167792 Medusa Ransomware Activity Continues to Increase https://www.security.com/threat-intelligence/medusa-ransomware-attacks 20250211 Most Active Threat Indicators https://otx.alienvault.com/pulse/67ab78ce80932615dd6b2150 CTM360 Uncovers a Large-Scale Fake Play Store Scam Targeting Global Users: PlayPraetor Trojan https://thehackernews.com/expert-insights/2025/03/ctm360-uncovers-large-scale-fake-play.html Desert Dexter Targets 900 Victims Using Facebook Ads and Telegram Malware Links https://thehackernews.com/2025/03/desert-dexter-targets-900-victims-using.html 殭屍網路Ballista綁架尚未修補的TP-Link設備，逾6千臺遭感染 https://www.ithome.com.tw/news/167842 Ballista Botnet Exploits Unpatched TP-Link Vulnerability, Targets Over 6,000 Devices https://thehackernews.com/2025/03/ballista-botnet-exploits-unpatched-tp.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 North Korea's ScarCruft Deploys KoSpy Malware, Spying on Android Users via Fake Utility Apps https://thehackernews.com/2025/03/north-koreas-scarcruft-deploys-kospy.html 順豐4.14起改用App發快件自取通知　專家指短訊多安全漏洞應取締 https://www.hk01.com/article/60219869?utm_source=01articlecopy&utm_medium=referral 落實工地安全管理 中市都發局：e化APP推播、加強專案稽查 https://www.chinatimes.com/realtimenews/20250307000001-260405?chdtv 擔憂國家安全！美政府擬禁用DeepSeek 還可能不給上架App商店 https://udn.com/news/story/6813/8594618 C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 社群網站X傳出遭到大規模DDoS攻擊，駭客組織Dark Storm聲稱是他們所為 https://www.bleepingcomputer.com/news/security/x-hit-by-massive-cyberattack-amid-dark-storms-ddos-claims/ 哥倫比亞司法機構遭到鎖定，駭客組織Blind Eagle發動大規模攻擊 https://thehackernews.com/2025/03/blind-eagle-hacks-colombian.html Desert Dexter.Attacks on Middle Eastern Countries https://www.ptsecurity.com/ru-ru/research/pt-esc-threat-intelligence/desert-dexter-ataki-na-strany-blizhnego-vostoka/ 中國駭客UNC3886對Juniper路由器設備下手，植入後門程式TinyShell變種 https://www.ithome.com.tw/news/167882 Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits https://thehackernews.com/2025/03/chinese-hackers-breach-juniper-networks.html WARNING: Expiring Root Certificate May Disable Firefox Add-Ons, Security Features, and DRM Playback https://thehackernews.com/2025/03/warning-expiring-root-certificate-may.html 印度駭客SideWinder鎖定海運及核能產業而來 https://thehackernews.com/2025/03/sidewinder-apt-targets-maritime-nuclear.html SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, Middle East, and Africa https://thehackernews.com/2025/03/sidewinder-apt-targets-maritime-nuclear.html Blind Eagle Hacks Colombian Institutions Using NTLM Flaw, RATs and GitHub-Based Attacks https://thehackernews.com/2025/03/blind-eagle-hacks-colombian.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 AWS錯誤配置成漏洞：駭客借企業郵件服務發動釣魚攻擊 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11695 假借訂房網站的名義從事ClickFix網釣攻擊，駭客針對旅館從業人員散布惡意程式 https://www.bleepingcomputer.com/news/security/clickfix-attack-delivers-infostealers-rats-in-fake-bookingcom-emails/ 微軟揭露大規模惡意廣告攻擊，全球近百萬臺裝置受到影響 https://www.ithome.com.tw/news/167733 日本電信業者NTT資料外洩，1.8萬家公司受到波及 https://securityaffairs.com/175090/data-breach/japanese-telecom-giant-ntt-data-breach.html Winos 4.0 Spreads via Impersonation of Official Email to Target Users in Taiwan https://otx.alienvault.com/pulse/67c8761ab854f0391937dddc https://www.fortinet.com/blog/threat-research/winos-spreads-via-impersonation-of-official-email-to-target-users-in-taiwan Phishing - Microsoft 365 https://otx.alienvault.com/pulse/67c6b3182c5240d9219fc161 Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails https://thehackernews.com/2025/03/microsoft-warns-of-clickfix-phishing.html E.研究報告/工具 數位治理新戰場：自由與監管的平衡 https://blog.ocf.tw/2025/03/whitebook.html GenAI 提示注入暗藏風險，連結陷阱竊取機敏資料 https://www.trendmicro.com/zh_tw/research/24/l/genai-prompt-injection-attack-threat.html 網路資安25年：Windows AD為何仍是攻擊焦點 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11705 研究人員公布名為Chirp的工具，攻擊者有機會暗中收集麥克風聲音並轉換成文字 https://www.bleepingcomputer.com/news/software/new-chirp-tool-uses-audio-tones-to-transfer-data-between-devices/ Steganography Explained: How XWorm Hides Inside Images https://thehackernews.com/2025/03/steganography-explained-how-xworm-hides.html Researchers Expose New Polymorphic Attack That Clones Browser Extensions to Steal Credentials https://thehackernews.com/2025/03/researchers-expose-new-polymorphic.html Pentesters: Is AI Coming for Your Role https://thehackernews.com/2025/03/pentesters-is-ai-coming-for-your-role.html Identity Attacks: Prevention isn't Enough https://thehackernews.com/expert-insights/2025/03/identity-attacksprevention-isnt-enough.html Future-Proofing Business Continuity: BCDR Trends and Challenges for 2025 https://thehackernews.com/2025/03/bcdr-2025-trends-and-challenges-for-msps-and-it-teams.html F.商業 CISO's Expert Guide To CTEM And Why It Matters https://thehackernews.com/2025/02/cisos-expert-guide-to-ctem-and-why-it.html AWS推出新量子運算晶片 採用可擴展架構以減少多達90%糾錯 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11692 Fortinet從總部帶頭節能減碳要在2030年實現零碳排，提高產品節能助企業減碳 https://www.ithome.com.tw/news/167852 G.政府 在全社會防衛的基礎上打造國家資安韌性，國家資通安全戰略2025即將正式公布 https://www.ithome.com.tw/news/167864 資安院將聚焦8大重點業務，強化供應鏈、OT並扶植資安產業生態強化資通安全 https://www.ithome.com.tw/news/167836 數發部3月底將啟動數位憑證皮夾沙盒試驗，拼12月進行特定應用試營運 https://www.ithome.com.tw/news/167766 是「證件載具」而非「電子錢包」！「數位憑證皮夾」拚年底試營運 https://reurl.cc/La1jXx 建立可信賴的供應鏈，數發部將和產業聯手推動SEMI E187第三方驗證制度 https://www.ithome.com.tw/news/167596 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 Moxa修補PT交換器重大漏洞 https://www.ithome.com.tw/news/167831 Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches https://thehackernews.com/2025/03/moxa-issues-fix-for-critical.html 十億裝置使用的ESP32藍牙晶片含隱藏指令 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11716 應用在逾10億藍牙及Wi-Fi裝置的樂鑫晶片，驚傳含有可用來攻擊的隱藏功能 https://www.ithome.com.tw/news/167749 IoT安全從根本出發：硬體可信執行環境到網路行為分析的系統防禦架構 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11690 94%受訪者過去一年曾面臨OT資安事件風險 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11711 西門子公告伺服驅動馬達設備Sinamics S200重大漏洞，若不處理攻擊者可用來植入惡意韌體 https://www.ithome.com.tw/news/167869 兆勤修補旗下DSL、光纖、Wi-Fi訊號延伸設備高風險命令注入漏洞 https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-command-injection-vulnerabilities-in-certain-dsl-ethernet-cpe-fiber-ont-and-wifi-extender-devices-03-11-2025 三菱電機SCADA系統ICONICS系列存在高風險漏洞，恐被用於提升權限、操縱檔案、挾持DLL元件 https://www.ithome.com.tw/news/167830 8.6萬臺網路攝影機遭殭屍網路Eleven11bot綁架，用於發動DDoS攻擊 https://www.ithome.com.tw/news/167788 訊舟網路攝影機存在零時差漏洞，傳出已被用於殭屍網路Mirai攻擊行動 https://www.ithome.com.tw/news/167767 居易路由器存在重大漏洞，攻擊者有機會執行任意程式碼 https://securityonline.info/critical-flaws-uncovered-in-draytek-routers-backdoors-rce-and-weak-authentication-exposed/ I.教育訓練 資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 Global AI Bootcamp 2025, Philippines 2025/3/15 https://www.meetup.com/cloud-experts-group/events/303711073/ Global AI Bootcamp - Taipei 2025 2025/3/15 https://www.meetup.com/rladies-taipei/events/305281979/ DEVCORE CONFERENCE 2025 2025/3/15 https://devcore.kktix.cc/events/devcoreconf2025 2025智慧城市展-中保科技論壇 2025/3/18 - 2025/3/20 https://www.accupass.com/event/2502260646281183236650 網路自由小聚 [3月] ：全球數位人權大會 RightsCon 會後聚 - 聊聊你的國際新朋友 2025/3/19 https://ocftw.kktix.cc/events/internetfreedom-mar2025 DevSecOps 革新：開創全面威脅檢測與快速響應的新時代 2025/3/19 https://www.accupass.com/event/2502030327553680337280 Taipei dbt Meetup #34 for all folks working with data! (Hybrid 👫 + 🧑‍💻)2025/3/19 https://www.meetup.com/taipei-dbt-meetup/events/306252998/ How to Build a Consulting Side Hustle with AI In One Weekend 2025/3/19 https://www.meetup.com/shanghai-startup-idea-to-ipo/events/306152486/ How to Build AI Skills For Your Career 2025/3/20 https://www.meetup.com/shanghai-startup-idea-to-ipo/events/306113277/ [Online] Philippine Bitcoin meetup 2025/3/20 https://www.meetup.com/philippine-bitcoiners/events/304057810/ Workshop: Building a Quiz App with Angular & TypeScript 2025/3/21 https://www.meetup.com/treelevel-io/events/306204363/ 『投資型詐騙－科技防禦最前線』論壇 2025/3/21 https://www.accupass.com/event/2502140610163598385850 OWASP Meetup 高雄線上 2025/3/21 https://csa.kktix.cc/events/owasp20250321-live OWASP Meetup 高雄實體 2025/3/21 https://csa.kktix.cc/events/owasp20250321 Lunch & Learn: Test Automation for Complete Beginners 2025/3/24 https://www.meetup.com/magicpod-community/events/306394705/ Chinese Linguistics, History, and Etymology 2025/3/25 https://www.meetup.com/formosa-technology-and-philosophy-symposium/events/305061650/ AI EXPO Taiwan 2025 2025/3/26 https://aiexpo2025.kktix.cc/events/aiexpo2025 企業 IT 必修課：虛擬化備援 + 弱點掃描，打造無縫資安防護 2025/4/11 https://mstech.kktix.cc/events/d41efa20