HackMDtags: 資安事件新聞週報
資安事件新聞週報 2025/3/17 ~ 2025/3/21
1.重大弱點漏洞/後門/Exploit/Zero Day
Fortinet發布FortiOS、FortiProxy的安全公告
https://www.ithome.com.tw/news/167334
https://www.fortiguard.com/psirt
Fortinet身分驗證繞過漏洞再傳遭濫用,勒索軟體SuperBlack藉此並串連新漏洞入侵受害組織
https://www.ithome.com.tw/news/167900
思科修補IOS XR的BGP聯盟實作漏洞,若不處理恐面臨DoS服務中斷攻擊
https://www.ithome.com.tw/news/167916
思科軟體授權管理工具存在重大漏洞,已有駭客試圖進行利用
https://www.securityweek.com/hackers-target-cisco-smart-licensing-utility-vulnerabilities/
cisco 針對IOS XR設備發布2025上半年例行更新
https://www.ithome.com.tw/news/167867
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-multicast-ERMrSvq7
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipv4uni-LfM3cfBu
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-priv-esc-GFQjxvOF
IBM公告AIX風險值10分的遠端指令執行漏洞
https://www.ithome.com.tw/news/167963
Microsoft 推出 2025年3月 Patch Tuesday 每月例行更新修補包
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11729
PHP已知重大漏洞再傳遭到利用,臺灣是主要攻擊目標
https://www.ithome.com.tw/news/167962
Tomcat漏洞揭露30小時後出現PoC,已被用於實際攻擊
https://www.ithome.com.tw/news/167913
Apache Tomcat Vulnerability Actively Exploited Just 30 Hours After Public Disclosure
https://thehackernews.com/2025/03/apache-tomcat-vulnerability-comes-under.html
QRadar Advisor With Watson for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
https://www.ibm.com/support/pages/node/7186423
QRadar Advisor With Watson for IBM QRadar SIEM is vulnerable to server-side request forgery (CVE-2024-49822)
https://www.ibm.com/support/pages/node/7186424
GitHub修補SAML程式庫ruby-saml重大漏洞,並公布問題細節
https://www.ithome.com.tw/news/167904
GitHub Action存在弱點,攻擊者將其用於洩露儲存庫機密資料
https://thehackernews.com/2025/03/github-action-compromise-puts-cicd.html
GitHub Action Compromise Puts CI/CD Secrets at Risk in Over 23,000 Repositories
https://thehackernews.com/2025/03/github-action-compromise-puts-cicd.html
Unpatched Windows Zero-Day Flaw Exploited by 11 State-Sponsored Threat Groups Since 2017
https://thehackernews.com/2025/03/unpatched-windows-zero-day-flaw.html
CISA Adds NAKIVO Vulnerability to KEV Catalog Amid Active Exploitation
https://thehackernews.com/2025/03/cisa-adds-nakivo-vulnerability-to-kev.html
ChatGPT存在漏洞,傳出被用於對美國政府及組織下手
https://www.securityweek.com/chatgpt-vulnerability-exploited-against-us-government-organizations/
去年公布的ChatGPT附加元件SSRF漏洞出現攻擊行動,美國政府機關是頭號目標
https://www.ithome.com.tw/news/167993
AMI旗下MegaRAC BMC存在重大漏洞,恐導致伺服器遭挾持
https://www.bleepingcomputer.com/news/security/critical-ami-megarac-bug-can-let-attackers-hijack-brick-servers/
產生JSON事件記錄的Python程式庫存在高風險漏洞,恐導致任意程式碼執行
https://www.ithome.com.tw/news/167905
Veeam修補備份軟體重大漏洞,駭客可利用漏洞執行遠端程式碼
https://www.ithome.com.tw/news/168007
Veeam修補備份軟體重大漏洞,駭客可利用漏洞執行遠端程式碼
https://www.ithome.com.tw/news/168007
Veeam and IBM Release Patches for High-Risk Flaws in Backup and AIX Systems
https://thehackernews.com/2025/03/veeam-and-ibm-release-patches-for-high.html
Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility
https://thehackernews.com/2025/03/ongoing-cyber-attacks-exploit-critical.html
WordPress資安外掛WP Ghost存在重大漏洞,攻擊者有機會發動RCE攻擊
https://www.bleepingcomputer.com/news/security/wordpress-security-plugin-wp-ghost-vulnerable-to-remote-code-execution-bug/
2.銀行/金融/保險/證券/金融監理 新聞及資安
【首份日本金融業GenAI官方調查報告出爐】日本金融圈如何大膽擁抱GenAI
https://www.ithome.com.tw/news/167956
金融業最狂「搬家工程」—國泰金控要搬 100 套系統上雲,還要 AI 當設計師
https://aws.amazon.com/tw/events/taiwan/interviews/cathay_financial_holdings/
金檢取代信用管制 央行對銀行下2指令落實利率差異化
https://reurl.cc/Gnrq9A
國營銀行員工待遇福利不如人 財政部向政院提出五大留才方案
https://udn.com/news/story/7239/8620162
推動ESG資訊治理 玉山銀行實現永續
https://reurl.cc/xN0by5
銀行帳戶「交易太頻繁」被鎖6個月!他怨擾民 網教一招避免
https://udn.com/news/story/120911/8607952
元大銀行 LINE 個人化服務 即時交易通知
https://udn.com/news/story/7239/8617498
3.信用卡/電子支付/行動支付/pay/支付系統/資安
中資承接信用卡系統 認和科技遭罰217萬元
https://reurl.cc/5KqLm6
認和科技陸資爭議 金管會要求銀行公會檢視資安規範
https://money.udn.com/money/story/5613/8616265?from=edn_next_story
萬事達卡取消 16 位數卡號背後的支付革命與風險挑戰
https://www.techbang.com/posts/121795-the-payment-revolution-and-risk-challenges-behind-mastercards
LINE Pay 攜手韓國「現代卡」助 1200 萬韓國用戶遊台用行動支付
https://news.owlting.com/articles/965088
街口、玉山 Wallet 出海都靠它!HIVEX 是誰?如何讓全支付在韓國覆蓋率超越支付寶
https://www.managertoday.com.tw/articles/view/70079?
LINE Pay台韓全面進擊 全支付猛攻回饋衝30%
https://reurl.cc/XAkrvM
電子支付破3100萬人 1月兩項業務意外暴走
https://reurl.cc/nm0bQn
一定規模專營電子支付機構須設資安主管 6家業者均完成
https://udn.com/news/story/7239/8621431
手機就是交通卡 中市民搭公車專屬乘車碼
https://reurl.cc/RY1lnn
四川無人水果攤 18 個月零失竊 全賴電子支付加信任
https://unwire.hk/2025/03/19/no-man-fruit-stand/life-tech/epayment/
4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安
加密貨幣交易所是怎麼運作的?槓桿可以到200倍?交易所遇駭怎麼辦
https://reurl.cc/VYXvaN
全家點數將到期 幣託「點數兌換加密貨幣」大受歡迎
https://ec.ltn.com.tw/article/breakingnews/4986292
5.資安事件新聞
A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC
新型SuperBlack勒索軟體利用Fortinet身份驗證漏洞攻擊
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11739
中國駭客組織UNC3886使用TinyShell後門攻擊Juniper路由器
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11732
竊資軟體Arcane鎖定遊戲玩家,透過YouTube、Discord散布
https://www.bleepingcomputer.com/news/security/new-arcane-infostealer-infects-youtube-discord-users-via-game-cheats/
惡意軟體攻擊DollyWay入侵2萬個WordPress網站
https://www.bleepingcomputer.com/news/security/malware-campaign-dollyway-breached-20-000-wordpress-sites/
惡意軟體DCRat鎖定烏克蘭國防單位而來,藉由Singal訊息散布
https://thehackernews.com/2025/03/cert-ua-warns-dark-crystal-rat-targets.html
11組國家級駭客共散播上千個惡意LNK捷徑檔,劍指Windows尚無修補的零時差漏洞
https://www.ithome.com.tw/news/167944
供應鏈攻擊出現新手法Rules File Backdoor,恐波及AI編輯器用戶
https://thehackernews.com/2025/03/new-rules-file-backdoor-attack-lets.html
勒索軟體LockBit以色列籍開發人員被引渡到美國,即將接受司法審判
https://thehackernews.com/2025/03/alleged-israeli-lockbit-developer.html
木馬StilachiRAT鎖定逾20種加密貨幣錢包,挾持剪貼簿收集敏感資料
https://www.bleepingcomputer.com/news/security/microsoft-new-rat-malware-used-for-crypto-theft-reconnaissance/
駭客佯裝Booking.com從事ClickFix網釣,對旅館業者的人際網路散布惡意程式
https://www.ithome.com.tw/news/167917
駭客透過ClickFix手法散布各式竊資軟體
https://www.securityweek.com/clickfix-widely-adopted-by-cybercriminals-apt-groups/
駭客上架有問題的VS Code擴充套件,意圖散布勒索軟體
https://www.ithome.com.tw/news/168033
2萬個WordPress網站淪陷,遭到惡意軟體攻擊DollyWay入侵
https://www.ithome.com.tw/news/168034
惡意軟體攻擊Obscure#BAT透過社交工程手法散布,使用假的圖靈驗證讓使用者上當
https://hackread.com/new-obscurebat-malware-targets-users-fake-captchas/
OBSCURE#BAT Malware Uses Fake CAPTCHA Pages to Deploy Rootkit r77 and Evade Detection
https://thehackernews.com/2025/03/obscurebat-malware-uses-fake-captcha.html
Stopping Sobolan Malware with Aqua Runtime Protection
https://www.aquasec.com/blog/stopping-sobolan-with-aqua-runtime-protection/
APT37 - RokRat
https://zw01f.github.io/malware analysis/apt37/
Hundreds of thousands of rubles for your secrets: cyber spies disguise themselves as recruiters
https://bi.zone/expertise/blog/sotni-tysyach-rubley-za-vashi-sekrety-kibershpiony-squid-werewolf-maskiruyutsya-pod-rekruterov/
New Pulse: Desert Dexter.Attacks on Middle Eastern Countries
https://www.ptsecurity.com/ru-ru/research/pt-esc-threat-intelligence/desert-dexter-ataki-na-strany-blizhnego-vostoka/
Malicious PyPI Packages Stole Cloud Tokens—Over 14,100 Downloads Before Removal
https://thehackernews.com/2025/03/malicious-pypi-packages-stole-cloud.html
Alleged Israeli LockBit Developer Rostislav Panev Extradited to U.S. for Cybercrime Charges
https://thehackernews.com/2025/03/alleged-israeli-lockbit-developer.html
Live Ransomware Demo: See How Hackers Breach Networks and Demand a Ransom
https://thehackernews.com/2025/03/live-ransomware-demo-see-how-hackers.html
New MassJacker Malware Targets Piracy Users, Hijacking Cryptocurrency Transactions
https://thehackernews.com/2025/03/new-massjacker-malware-targets-piracy.html
SANS Institute Warns of Novel Cloud-Native Ransomware Attacks
https://thehackernews.com/2025/03/sans-institute-warns-of-novel-cloud.html
中國駭客MirrorFace從事新一波攻擊,散布惡意程式ANEL、AsyncRAT
https://www.ithome.com.tw/news/167954
China-Linked MirrorFace Deploys ANEL and AsyncRAT in New Cyber Espionage Operation
https://thehackernews.com/2025/03/china-linked-mirrorface-deploys-anel.html
China-Linked APT Aquatic Panda: 10-Month Campaign, 7 Global Targets, 5 Malware Families
https://thehackernews.com/2025/03/china-linked-apt-aquatic-panda-10-month.html
超過1百萬裝置遭殭屍網路BadBox 2.0綁架,用於廣告詐欺、非法代理伺服器
https://www.ithome.com.tw/news/167946
BADBOX 2.0 Botnet Infects 1 Million Android Devices for Ad Fraud and Proxy Abuse
https://thehackernews.com/2025/03/badbox-20-botnet-infects-1-million.html
Microsoft Warns of StilachiRAT: A Stealthy RAT Targeting Credentials and Crypto Wallets
https://thehackernews.com/2025/03/microsoft-warns-of-stilachirat-stealthy.html
New 'Rules File Backdoor' Attack Lets Hackers Inject Malicious Code via AI Code Editors
https://thehackernews.com/2025/03/new-rules-file-backdoor-attack-lets.html
CERT-UA Warns: Dark Crystal RAT Targets Ukrainian Defense via Malicious Signal Messages
https://thehackernews.com/2025/03/cert-ua-warns-dark-crystal-rat-targets.html
Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners
https://thehackernews.com/2025/03/hackers-exploit-severe-php-flaw-to.html
FHS - Medusa Ransomware IOCs
https://otx.alienvault.com/pulse/67dad3e83a91f558320ec815
YouTube Game Cheats Spread Arcane Stealer Malware to Russian-Speaking Users
https://thehackernews.com/2025/03/youtube-game-cheats-spread-arcane.html
B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊
WhatsApp修補已遭間諜軟體利用的零時差漏洞
https://www.bleepingcomputer.com/news/security/whatsapp-patched-zero-day-flaw-used-in-paragon-spyware-attacks/
不只義大利!6國政府驚傳以間諜軟體Paragon及WhatsApp零時差漏洞進行監控
https://thehackernews.com/2025/03/six-governments-likely-use-israeli.html
歐盟要求蘋果開放iOS與iPadOS連結功能予第三方裝置
https://www.ithome.com.tw/news/167974
蘋果預告iOS將支援RCS 3.0全程加密,提升與安卓訊息互通安全性
https://www.ithome.com.tw/news/167897
GSMA Confirms End-to-End Encryption for RCS, Enabling Secure Cross-Platform Messaging
https://thehackernews.com/2025/03/gsma-confirms-end-to-end-encryption-for.html
Six Governments Likely Use Israeli Paragon Spyware to Hack IM Apps and Harvest Data
https://thehackernews.com/2025/03/six-governments-likely-use-israeli.html
安卓惡意軟體Vapor透過逾300個App散布,於Google Play市集被下載6千萬次
https://www.bleepingcomputer.com/news/security/malicious-android-vapor-apps-on-google-play-installed-60-million-times/
北韓駭客APT37透過Google Play市集散布惡意軟體KoSpy
https://www.securityweek.com/north-korean-hackers-distributed-android-spyware-via-google-play/
安卓木馬PlayPraetor藉由冒牌Google Play市集網站散布
https://gbhackers.com/playpraetor-malware-targets-android-users/
C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力
ClearFake攻擊染指逾9千個網站、散布竊資軟體,也濫用區塊鏈埋藏作案工具
https://www.ithome.com.tw/news/167980
Firefox憑證過期本周將導致瀏覽器外掛失效、Mozilla籲用戶儘速更新
https://www.ithome.com.tw/news/167969
Chrome改用Rust重寫字型處理程式庫Skrifa,取代FreeType提升安全性
https://www.ithome.com.tw/news/167975
中國駭客Volt Typhoon入侵美國OT環境接近一年
https://www.infosecurity-magazine.com/news/volt-typhoon-threatens-us-ot/
攻擊馬偕、彰基的CrazyHunter再度犯案,鎖定臺灣上市公司科定
https://www.ithome.com.tw/news/167907
英媒揭密:禁用電腦與網路的國家 為何北韓駭客技術高超
https://reurl.cc/NY6mjq
VASP專法來了!立委黃珊珊:應對所有業者敞開大門,只要你願意被納管,政府就沒有不管的道理
https://reurl.cc/QY3kd2
追蹤幣安冷熱錢包轉移:預測迷因幣暴漲的隱藏訊號
https://news.cnyes.com/news/id/5906911
繫繩庫將10億美元轉移到加密貨幣交易所htx
https://www.mitrade.com/zh/insights/news/live-news/article-3-707423-20250320
ByBit虛擬貨幣案:朝鮮黑客如何完成歷史上最大的劫案
https://www.bbc.com/zhongwen/articles/c62kx7k2709o/trad
專家:美國財政部擴大現金交易的金融監控範圍,此命令不適用於加密貨幣交易
https://www.mitrade.com/zh/insights/news/live-news/article-3-707835-20250320
慘了!台灣老電腦挖出150顆比特幣 價值高達4億元卻動不了
https://reurl.cc/1K4a4Y
CISA Warns of Active Exploitation in GitHub Action Supply Chain Compromise
https://thehackernews.com/2025/03/cisa-warns-of-active-exploitation-in.html
Kaspersky Links Head Mare to Twelve, Targeting Russian Entities via Shared C2 Servers
https://thehackernews.com/2025/03/kaspersky-links-head-mare-to-twelve.html
D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全
ClearFake Infects 9,300 Sites, Uses Fake reCAPTCHA and Turnstile to Spread Info-Stealers
https://thehackernews.com/2025/03/clearfake-infects-9300-sites-uses-fake.html
Leaked Black Basta Chats Suggest Russian Officials Aided Leader's Escape from Armenia
https://thehackernews.com/2025/03/leaked-black-basta-chats-suggest.html
汽車經銷商網站LESA遭遇供應鏈攻擊,駭客透過網站向使用者從事網釣
https://www.securityweek.com/100-car-dealerships-hit-by-supply-chain-attack/
駭客假借提供微軟人工智慧聊天機器人服務,從事網路釣魚攻擊
https://cofense.com/blog/microsoft-copilot-spoofing-a-new-phishing-vector
加密貨幣騙局讓逾130名澳洲人中招
https://www.epochtimes.com/b5/25/3/20/n14462748.htm
E.研究報告/工具
針對近期醫療院所面對 CrazyHunter 勒索軟體攻擊事件技術過程探討說明
https://teamt5.org/tw/posts/the-case-study-hospital-crazyhunter-ransomware-attack/
WAF開源解決方案
https://www.uuu.com.tw/Public/content/article/25/20250317.htm
How to Protect Your Business from Cyber Threats: Mastering the Shared Responsibility Model
https://thehackernews.com/2025/03/how-to-protect-your-business-from-cyber.html
10 Critical Network Pentest Findings IT Teams Overlook
https://thehackernews.com/2025/03/10-critical-network-pentest-findings-it.html
How to Improve Okta Security in Four Steps
https://thehackernews.com/2025/03/how-to-improve-okta-security-in-four.html
5 Identity Threat Detection & Response Must-Haves for Super SaaS Security
https://thehackernews.com/2025/03/5-identity-threat-detection-response.html
How to Protect Your Business from Cyber Threats: Mastering the Shared Responsibility Model
https://thehackernews.com/2025/03/how-to-protect-your-business-from-cyber.html
Why Continuous Compliance Monitoring Is Essential For IT Managed Service Providers
https://thehackernews.com/2025/03/why-continuous-compliance-monitoring-is.html
F.商業
AI時代下的亞太高風險地:Google Cloud Security看台灣網安轉型與雲端防禦策略
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11736
資安365年會實錄:產官學攜手迎戰AI時代資安風險
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11720
Google發布開發人員漏洞掃描工具OSV-Scanner大改版2.0
https://www.securityweek.com/google-releases-major-update-for-open-source-vulnerability-scanner/
Google正式宣布將以320億美元買下資安新創Wiz
https://www.ithome.com.tw/news/167940
外傳Alphabet再度試圖買下資安新創Wiz,開價300億美元
https://www.ithome.com.tw/news/167914
SoftBank將以65億美元的現金買下晶片開發商Ampere
https://www.ithome.com.tw/news/167990
GCC 15首度整合COBOL 預設啟用C23並強化C++26支援
https://www.ithome.com.tw/news/167945
G.政府
資安署25年2月資安月報:駭客假冒財政部發動社交工程攻擊及冒牌軟體威脅增加
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11742
數發部警告駭客假冒財政部從事網釣攻擊,對政府機關及企業的財務人員下手
https://www.ithome.com.tw/news/167987
衛福部正式啟動臺灣醫療資訊標準大平台 推動醫療數據標準化
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11726
國軍官兵手機遭竊被賣到中國惹議,國防部表示未有機密資料外洩
https://www.ithome.com.tw/news/167886
稅務抽獎活動中獎人都是「彭家軍」!法務部調查局證實是駭客作弊擾亂抽獎結果
https://www.cna.com.tw/news/asoc/202503190387.aspx
昇銳電子傳出將中國監視器改標臺灣製造賣給公部門
https://www.cna.com.tw/news/asoc/202503200345.aspx
H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安
訊舟網路攝影機零時差漏洞去年上半遭到利用,兩組人馬散布殭屍網路Mirai
https://thehackernews.com/2025/03/unpatched-edimax-camera-flaw-exploited.html
Unpatched Edimax Camera Flaw Exploited for Mirai Botnet Attacks Since Last Year
https://thehackernews.com/2025/03/unpatched-edimax-camera-flaw-exploited.html
群暉公布去年Pwn2Own找到的NAS重大漏洞細節,並指出若不處理攻擊者有機會發動RCE攻擊
https://www.ithome.com.tw/news/168029
工控系統mySCADA myPRO存在重大漏洞,恐導致整個系統遭到挾持
https://thehackernews.com/2025/03/critical-myscada-mypro-flaws-could-let.html
Critical mySCADA myPRO Flaws Could Let Attackers Take Over Industrial Control Systems
https://thehackernews.com/2025/03/critical-myscada-mypro-flaws-could-let.html
I.教育訓練
資安事件發生必要知道的復原程序,降低傷害
https://www.ithome.com.tw/pr/163614
iPAS資訊安全工程師中級筆記
https://hackmd.io/@Not/iPASInformationSecuritySpecialist
iPas資安工程師證照考前研習
https://reurl.cc/GEbA3p
iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題)
https://reurl.cc/orlD1g
GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計
https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad
Coursera 盤點 7 項雲端資安認證,高薪跳板都在這了!
https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/
一般人也能拿到國際資安認證!CSCU安全電腦使用者認證課程
https://www.ithome.com.tw/pr/160954
全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口
https://reurl.cc/m39MDj
CISSP資安認證的8大領域
https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html
CISSP考試心得
https://reurl.cc/KbY83j
CISSP考試心得 – Benson
https://reurl.cc/GbWvxd
目標導向-20天光速考過CISSP
https://reurl.cc/2Zq6zn
CISSP證照考試實戰心得 第一章:初期準備工作
https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat
CISSP證照考試實戰心得 第二章:規律且有紀律的讀書策略
https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies
CISSP證照考試實戰心得 第三章:終極一戰
https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle
Quick CISSP Infographic for IPSec
https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec
CSSLP Certification - Security models in F#
https://github.com/vbocan/csslp
Certified Secure Software Lifecycle Professional in bullet points
https://github.com/joeyhage/csslp-notes
CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得
https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/
EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022
https://reurl.cc/1oyEM8
CEH v11 考試心得與準備方式
https://blog.sean.taipei/2022/01/ceh
CEH
https://github.com/a3cipher/CEH
CodeRed by EC-Council
https://github.com/codered-by-ec-council
EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習
https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2
EC-Council CEHP考試準備心得
https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po
My ceh practical notes
https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything You Need.md
CEHP課程筆記
https://hackmd.io/@nfu-johnny/B1Ju_BMPR
ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials
https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4
EC-Council ECSA資安分析專家 v10 考試心得分享
https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html
20180817 EC-Council ECSA v10 PASS
https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html
關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享
https://medium.com/@ChadSecurity/關於ec-council-cpent和lpt-master滲透測試證照準備方式及心得分享-efb63de00a8d
深度解析 CPENT 考試心得、以及與 OSCP 的比較
https://reurl.cc/41eL8v
EC-Council CPENT v1 滲透測試認證 – 內容及心得分享
https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review
CPENT 從暴力到破解
https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295
Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master
https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f
CPENT考試心得分享:一次拿到 LPT 滲透測試大師認證
https://ucom.uuu.com.tw/web/Testimony/Article/4404
kaizensecurity/CPENT
https://github.com/kaizensecurity/CPENT/tree/master
CPENT : Pentesting like NO OTHERS !
https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/
Journey of My CPENT Exam
https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917
[備考心得]CompTIA Security+ (SY0–601) 上篇
https://reurl.cc/M053DK
[備考心得]CompTIA Security+ (SY0–601) 下篇
https://reurl.cc/M053Gv
comptia-security-plus
https://github.com/ajfuto/comptia-security-plus
security-plus
https://github.com/fjavierm/security-plus
CompTIA Security+ Certification Practice Test Questions
https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette
不只是工程師才要懂的 App 資訊安全:取得資安檢測合格證書血淚史(iT邦幫忙鐵人賽系列書)
https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html
App防駭學,資安防護實戰課程全面提升安全觀念
https://www.ithome.com.tw/pr/161505
OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享
https://hackmd.io/@henry-ko/HyQ56e8eF
OSEP (Evasion Techniques and Breaching Defenses (PEN-300)
http://github.com/In3x0rabl3/OSEP
OSCP(Offensive Security Certified Professional)
https://github.com/0x584A/oscp-notes/tree/master
ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年
https://reurl.cc/aVLoX9
Learn NIST Inside Out With 21 Hours of Training @ 86% OFF
https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html
駭客與國家: 網路攻擊與地緣政治新常態
The hacker and the state: cyber attacks and the new normal of geopolitic
https://reurl.cc/D3nKKj
Practical Network Penetration Tester (PNPT) Certification Review
https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df
WUSON常用的基本詞彙
https://choson.lifenet.com.tw/?p=1958
證照仍是學習資安基本功的主要管道,有專家打造「資安證照地圖」
https://www.ithome.com.tw/news/156754
用證照證明自己實力之餘,更應將證照視為督促學習的最大動力
https://www.ithome.com.tw/news/156756
打破證照誤解與迷思,資安專家帶你釐清資安證照的意義
https://www.ithome.com.tw/news/156755
Accelerate Your Career with the Global Leader in Cyber Security Training
https://www.sans.org/mlp/promo-partnership-hacker-news/
【成大資安社社課】資安禁術 - 逆向工程地獄試煉
https://www.youtube.com/watch?v=4Yc3-9CjG6U
透過實務演練,教你建立實作標準的安全SOP流程
https://www.ithome.com.tw/pr/163514
6.近期資安活動及研討會
Lunch & Learn: Test Automation for Complete Beginners 2025/3/24
https://www.meetup.com/magicpod-community/events/306394705/
Chinese Linguistics, History, and Etymology 2025/3/25
https://www.meetup.com/formosa-technology-and-philosophy-symposium/events/305061650/
AI EXPO Taiwan 2025 2025/3/26
https://aiexpo2025.kktix.cc/events/aiexpo2025
企業 IT 必修課:虛擬化備援 + 弱點掃描,打造無縫資安防護 2025/4/11
https://mstech.kktix.cc/events/d41efa20
Google Cloud Summit Taipei 2025/6/12
https://cloudonair.withgoogle.com/events/summit-taipei-2025
