###### tags: `資安事件新聞週報` # 資安事件新聞週報 2025/3/17 ~ 2025/3/21 1.重大弱點漏洞/後門/Exploit/Zero Day Fortinet發布FortiOS、FortiProxy的安全公告 https://www.ithome.com.tw/news/167334 https://www.fortiguard.com/psirt Fortinet身分驗證繞過漏洞再傳遭濫用，勒索軟體SuperBlack藉此並串連新漏洞入侵受害組織 https://www.ithome.com.tw/news/167900 思科修補IOS XR的BGP聯盟實作漏洞，若不處理恐面臨DoS服務中斷攻擊 https://www.ithome.com.tw/news/167916 思科軟體授權管理工具存在重大漏洞，已有駭客試圖進行利用 https://www.securityweek.com/hackers-target-cisco-smart-licensing-utility-vulnerabilities/ cisco 針對IOS XR設備發布2025上半年例行更新 https://www.ithome.com.tw/news/167867 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-multicast-ERMrSvq7 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipv4uni-LfM3cfBu https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-priv-esc-GFQjxvOF IBM公告AIX風險值10分的遠端指令執行漏洞 https://www.ithome.com.tw/news/167963 Microsoft 推出 2025年3月 Patch Tuesday 每月例行更新修補包 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11729 PHP已知重大漏洞再傳遭到利用，臺灣是主要攻擊目標 https://www.ithome.com.tw/news/167962 Tomcat漏洞揭露30小時後出現PoC，已被用於實際攻擊 https://www.ithome.com.tw/news/167913 Apache Tomcat Vulnerability Actively Exploited Just 30 Hours After Public Disclosure https://thehackernews.com/2025/03/apache-tomcat-vulnerability-comes-under.html QRadar Advisor With Watson for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities https://www.ibm.com/support/pages/node/7186423 QRadar Advisor With Watson for IBM QRadar SIEM is vulnerable to server-side request forgery (CVE-2024-49822) https://www.ibm.com/support/pages/node/7186424 GitHub修補SAML程式庫ruby-saml重大漏洞，並公布問題細節 https://www.ithome.com.tw/news/167904 GitHub Action存在弱點，攻擊者將其用於洩露儲存庫機密資料 https://thehackernews.com/2025/03/github-action-compromise-puts-cicd.html GitHub Action Compromise Puts CI/CD Secrets at Risk in Over 23,000 Repositories https://thehackernews.com/2025/03/github-action-compromise-puts-cicd.html Unpatched Windows Zero-Day Flaw Exploited by 11 State-Sponsored Threat Groups Since 2017 https://thehackernews.com/2025/03/unpatched-windows-zero-day-flaw.html CISA Adds NAKIVO Vulnerability to KEV Catalog Amid Active Exploitation https://thehackernews.com/2025/03/cisa-adds-nakivo-vulnerability-to-kev.html ChatGPT存在漏洞，傳出被用於對美國政府及組織下手 https://www.securityweek.com/chatgpt-vulnerability-exploited-against-us-government-organizations/ 去年公布的ChatGPT附加元件SSRF漏洞出現攻擊行動，美國政府機關是頭號目標 https://www.ithome.com.tw/news/167993 AMI旗下MegaRAC BMC存在重大漏洞，恐導致伺服器遭挾持 https://www.bleepingcomputer.com/news/security/critical-ami-megarac-bug-can-let-attackers-hijack-brick-servers/ 產生JSON事件記錄的Python程式庫存在高風險漏洞，恐導致任意程式碼執行 https://www.ithome.com.tw/news/167905 Veeam修補備份軟體重大漏洞，駭客可利用漏洞執行遠端程式碼 https://www.ithome.com.tw/news/168007 Veeam修補備份軟體重大漏洞，駭客可利用漏洞執行遠端程式碼 https://www.ithome.com.tw/news/168007 Veeam and IBM Release Patches for High-Risk Flaws in Backup and AIX Systems https://thehackernews.com/2025/03/veeam-and-ibm-release-patches-for-high.html Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility https://thehackernews.com/2025/03/ongoing-cyber-attacks-exploit-critical.html WordPress資安外掛WP Ghost存在重大漏洞，攻擊者有機會發動RCE攻擊 https://www.bleepingcomputer.com/news/security/wordpress-security-plugin-wp-ghost-vulnerable-to-remote-code-execution-bug/ 2.銀行/金融/保險/證券/金融監理 新聞及資安 【首份日本金融業GenAI官方調查報告出爐】日本金融圈如何大膽擁抱GenAI https://www.ithome.com.tw/news/167956 金融業最狂「搬家工程」—國泰金控要搬 100 套系統上雲，還要 AI 當設計師 https://aws.amazon.com/tw/events/taiwan/interviews/cathay_financial_holdings/ 金檢取代信用管制 央行對銀行下2指令落實利率差異化 https://reurl.cc/Gnrq9A 國營銀行員工待遇福利不如人 財政部向政院提出五大留才方案 https://udn.com/news/story/7239/8620162 推動ESG資訊治理 玉山銀行實現永續 https://reurl.cc/xN0by5 銀行帳戶「交易太頻繁」被鎖6個月！他怨擾民 網教一招避免 https://udn.com/news/story/120911/8607952 元大銀行 LINE 個人化服務 即時交易通知 https://udn.com/news/story/7239/8617498 3.信用卡/電子支付/行動支付/pay/支付系統/資安 中資承接信用卡系統 認和科技遭罰217萬元 https://reurl.cc/5KqLm6 認和科技陸資爭議 金管會要求銀行公會檢視資安規範 https://money.udn.com/money/story/5613/8616265?from=edn_next_story 萬事達卡取消 16 位數卡號背後的支付革命與風險挑戰 https://www.techbang.com/posts/121795-the-payment-revolution-and-risk-challenges-behind-mastercards LINE Pay 攜手韓國「現代卡」助 1200 萬韓國用戶遊台用行動支付 https://news.owlting.com/articles/965088 街口、玉山 Wallet 出海都靠它！HIVEX 是誰？如何讓全支付在韓國覆蓋率超越支付寶 https://www.managertoday.com.tw/articles/view/70079? LINE Pay台韓全面進擊 全支付猛攻回饋衝30% https://reurl.cc/XAkrvM 電子支付破3100萬人 1月兩項業務意外暴走 https://reurl.cc/nm0bQn 一定規模專營電子支付機構須設資安主管 6家業者均完成 https://udn.com/news/story/7239/8621431 手機就是交通卡 中市民搭公車專屬乘車碼 https://reurl.cc/RY1lnn 四川無人水果攤 18 個月零失竊　全賴電子支付加信任 https://unwire.hk/2025/03/19/no-man-fruit-stand/life-tech/epayment/ 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 加密貨幣交易所是怎麼運作的？槓桿可以到200倍？交易所遇駭怎麼辦 https://reurl.cc/VYXvaN 全家點數將到期 幣託「點數兌換加密貨幣」大受歡迎 https://ec.ltn.com.tw/article/breakingnews/4986292 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 新型SuperBlack勒索軟體利用Fortinet身份驗證漏洞攻擊 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11739 中國駭客組織UNC3886使用TinyShell後門攻擊Juniper路由器 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11732 竊資軟體Arcane鎖定遊戲玩家，透過YouTube、Discord散布 https://www.bleepingcomputer.com/news/security/new-arcane-infostealer-infects-youtube-discord-users-via-game-cheats/ 惡意軟體攻擊DollyWay入侵2萬個WordPress網站 https://www.bleepingcomputer.com/news/security/malware-campaign-dollyway-breached-20-000-wordpress-sites/ 惡意軟體DCRat鎖定烏克蘭國防單位而來，藉由Singal訊息散布 https://thehackernews.com/2025/03/cert-ua-warns-dark-crystal-rat-targets.html 11組國家級駭客共散播上千個惡意LNK捷徑檔，劍指Windows尚無修補的零時差漏洞 https://www.ithome.com.tw/news/167944 供應鏈攻擊出現新手法Rules File Backdoor，恐波及AI編輯器用戶 https://thehackernews.com/2025/03/new-rules-file-backdoor-attack-lets.html 勒索軟體LockBit以色列籍開發人員被引渡到美國，即將接受司法審判 https://thehackernews.com/2025/03/alleged-israeli-lockbit-developer.html 木馬StilachiRAT鎖定逾20種加密貨幣錢包，挾持剪貼簿收集敏感資料 https://www.bleepingcomputer.com/news/security/microsoft-new-rat-malware-used-for-crypto-theft-reconnaissance/ 駭客佯裝Booking.com從事ClickFix網釣，對旅館業者的人際網路散布惡意程式 https://www.ithome.com.tw/news/167917 駭客透過ClickFix手法散布各式竊資軟體 https://www.securityweek.com/clickfix-widely-adopted-by-cybercriminals-apt-groups/ 駭客上架有問題的VS Code擴充套件，意圖散布勒索軟體 https://www.ithome.com.tw/news/168033 2萬個WordPress網站淪陷，遭到惡意軟體攻擊DollyWay入侵 https://www.ithome.com.tw/news/168034 惡意軟體攻擊Obscure#BAT透過社交工程手法散布，使用假的圖靈驗證讓使用者上當 https://hackread.com/new-obscurebat-malware-targets-users-fake-captchas/ OBSCURE#BAT Malware Uses Fake CAPTCHA Pages to Deploy Rootkit r77 and Evade Detection https://thehackernews.com/2025/03/obscurebat-malware-uses-fake-captcha.html Stopping Sobolan Malware with Aqua Runtime Protection https://www.aquasec.com/blog/stopping-sobolan-with-aqua-runtime-protection/ APT37 - RokRat https://zw01f.github.io/malware%20analysis/apt37/ Hundreds of thousands of rubles for your secrets: cyber spies disguise themselves as recruiters https://bi.zone/expertise/blog/sotni-tysyach-rubley-za-vashi-sekrety-kibershpiony-squid-werewolf-maskiruyutsya-pod-rekruterov/ New Pulse: Desert Dexter.Attacks on Middle Eastern Countries https://www.ptsecurity.com/ru-ru/research/pt-esc-threat-intelligence/desert-dexter-ataki-na-strany-blizhnego-vostoka/ Malicious PyPI Packages Stole Cloud Tokens—Over 14,100 Downloads Before Removal https://thehackernews.com/2025/03/malicious-pypi-packages-stole-cloud.html Alleged Israeli LockBit Developer Rostislav Panev Extradited to U.S. for Cybercrime Charges https://thehackernews.com/2025/03/alleged-israeli-lockbit-developer.html Live Ransomware Demo: See How Hackers Breach Networks and Demand a Ransom https://thehackernews.com/2025/03/live-ransomware-demo-see-how-hackers.html New MassJacker Malware Targets Piracy Users, Hijacking Cryptocurrency Transactions https://thehackernews.com/2025/03/new-massjacker-malware-targets-piracy.html SANS Institute Warns of Novel Cloud-Native Ransomware Attacks https://thehackernews.com/2025/03/sans-institute-warns-of-novel-cloud.html 中國駭客MirrorFace從事新一波攻擊，散布惡意程式ANEL、AsyncRAT https://www.ithome.com.tw/news/167954 China-Linked MirrorFace Deploys ANEL and AsyncRAT in New Cyber Espionage Operation https://thehackernews.com/2025/03/china-linked-mirrorface-deploys-anel.html China-Linked APT Aquatic Panda: 10-Month Campaign, 7 Global Targets, 5 Malware Families https://thehackernews.com/2025/03/china-linked-apt-aquatic-panda-10-month.html 超過1百萬裝置遭殭屍網路BadBox 2.0綁架，用於廣告詐欺、非法代理伺服器 https://www.ithome.com.tw/news/167946 BADBOX 2.0 Botnet Infects 1 Million Android Devices for Ad Fraud and Proxy Abuse https://thehackernews.com/2025/03/badbox-20-botnet-infects-1-million.html Microsoft Warns of StilachiRAT: A Stealthy RAT Targeting Credentials and Crypto Wallets https://thehackernews.com/2025/03/microsoft-warns-of-stilachirat-stealthy.html New 'Rules File Backdoor' Attack Lets Hackers Inject Malicious Code via AI Code Editors https://thehackernews.com/2025/03/new-rules-file-backdoor-attack-lets.html CERT-UA Warns: Dark Crystal RAT Targets Ukrainian Defense via Malicious Signal Messages https://thehackernews.com/2025/03/cert-ua-warns-dark-crystal-rat-targets.html Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners https://thehackernews.com/2025/03/hackers-exploit-severe-php-flaw-to.html FHS - Medusa Ransomware IOCs https://otx.alienvault.com/pulse/67dad3e83a91f558320ec815 YouTube Game Cheats Spread Arcane Stealer Malware to Russian-Speaking Users https://thehackernews.com/2025/03/youtube-game-cheats-spread-arcane.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 WhatsApp修補已遭間諜軟體利用的零時差漏洞 https://www.bleepingcomputer.com/news/security/whatsapp-patched-zero-day-flaw-used-in-paragon-spyware-attacks/ 不只義大利！6國政府驚傳以間諜軟體Paragon及WhatsApp零時差漏洞進行監控 https://thehackernews.com/2025/03/six-governments-likely-use-israeli.html 歐盟要求蘋果開放iOS與iPadOS連結功能予第三方裝置 https://www.ithome.com.tw/news/167974 蘋果預告iOS將支援RCS 3.0全程加密，提升與安卓訊息互通安全性 https://www.ithome.com.tw/news/167897 GSMA Confirms End-to-End Encryption for RCS, Enabling Secure Cross-Platform Messaging https://thehackernews.com/2025/03/gsma-confirms-end-to-end-encryption-for.html Six Governments Likely Use Israeli Paragon Spyware to Hack IM Apps and Harvest Data https://thehackernews.com/2025/03/six-governments-likely-use-israeli.html 安卓惡意軟體Vapor透過逾300個App散布，於Google Play市集被下載6千萬次 https://www.bleepingcomputer.com/news/security/malicious-android-vapor-apps-on-google-play-installed-60-million-times/ 北韓駭客APT37透過Google Play市集散布惡意軟體KoSpy https://www.securityweek.com/north-korean-hackers-distributed-android-spyware-via-google-play/ 安卓木馬PlayPraetor藉由冒牌Google Play市集網站散布 https://gbhackers.com/playpraetor-malware-targets-android-users/ C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 ClearFake攻擊染指逾9千個網站、散布竊資軟體，也濫用區塊鏈埋藏作案工具 https://www.ithome.com.tw/news/167980 Firefox憑證過期本周將導致瀏覽器外掛失效、Mozilla籲用戶儘速更新 https://www.ithome.com.tw/news/167969 Chrome改用Rust重寫字型處理程式庫Skrifa，取代FreeType提升安全性 https://www.ithome.com.tw/news/167975 中國駭客Volt Typhoon入侵美國OT環境接近一年 https://www.infosecurity-magazine.com/news/volt-typhoon-threatens-us-ot/ 攻擊馬偕、彰基的CrazyHunter再度犯案，鎖定臺灣上市公司科定 https://www.ithome.com.tw/news/167907 英媒揭密：禁用電腦與網路的國家 為何北韓駭客技術高超 https://reurl.cc/NY6mjq VASP專法來了！立委黃珊珊：應對所有業者敞開大門，只要你願意被納管，政府就沒有不管的道理 https://reurl.cc/QY3kd2 追蹤幣安冷熱錢包轉移：預測迷因幣暴漲的隱藏訊號 https://news.cnyes.com/news/id/5906911 繫繩庫將10億美元轉移到加密貨幣交易所htx https://www.mitrade.com/zh/insights/news/live-news/article-3-707423-20250320 ByBit虛擬貨幣案：朝鮮黑客如何完成歷史上最大的劫案 https://www.bbc.com/zhongwen/articles/c62kx7k2709o/trad 專家：美國財政部擴大現金交易的金融監控範圍，此命令不適用於加密貨幣交易 https://www.mitrade.com/zh/insights/news/live-news/article-3-707835-20250320 慘了！台灣老電腦挖出150顆比特幣 價值高達4億元卻動不了 https://reurl.cc/1K4a4Y CISA Warns of Active Exploitation in GitHub Action Supply Chain Compromise https://thehackernews.com/2025/03/cisa-warns-of-active-exploitation-in.html Kaspersky Links Head Mare to Twelve, Targeting Russian Entities via Shared C2 Servers https://thehackernews.com/2025/03/kaspersky-links-head-mare-to-twelve.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 ClearFake Infects 9,300 Sites, Uses Fake reCAPTCHA and Turnstile to Spread Info-Stealers https://thehackernews.com/2025/03/clearfake-infects-9300-sites-uses-fake.html Leaked Black Basta Chats Suggest Russian Officials Aided Leader's Escape from Armenia https://thehackernews.com/2025/03/leaked-black-basta-chats-suggest.html 汽車經銷商網站LESA遭遇供應鏈攻擊，駭客透過網站向使用者從事網釣 https://www.securityweek.com/100-car-dealerships-hit-by-supply-chain-attack/ 駭客假借提供微軟人工智慧聊天機器人服務，從事網路釣魚攻擊 https://cofense.com/blog/microsoft-copilot-spoofing-a-new-phishing-vector 加密貨幣騙局讓逾130名澳洲人中招 https://www.epochtimes.com/b5/25/3/20/n14462748.htm E.研究報告/工具 針對近期醫療院所面對 CrazyHunter 勒索軟體攻擊事件技術過程探討說明 https://teamt5.org/tw/posts/the-case-study-hospital-crazyhunter-ransomware-attack/ WAF開源解決方案 https://www.uuu.com.tw/Public/content/article/25/20250317.htm How to Protect Your Business from Cyber Threats: Mastering the Shared Responsibility Model https://thehackernews.com/2025/03/how-to-protect-your-business-from-cyber.html 10 Critical Network Pentest Findings IT Teams Overlook https://thehackernews.com/2025/03/10-critical-network-pentest-findings-it.html How to Improve Okta Security in Four Steps https://thehackernews.com/2025/03/how-to-improve-okta-security-in-four.html 5 Identity Threat Detection & Response Must-Haves for Super SaaS Security https://thehackernews.com/2025/03/5-identity-threat-detection-response.html How to Protect Your Business from Cyber Threats: Mastering the Shared Responsibility Model https://thehackernews.com/2025/03/how-to-protect-your-business-from-cyber.html Why Continuous Compliance Monitoring Is Essential For IT Managed Service Providers https://thehackernews.com/2025/03/why-continuous-compliance-monitoring-is.html F.商業 AI時代下的亞太高風險地：Google Cloud Security看台灣網安轉型與雲端防禦策略 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11736 資安365年會實錄：產官學攜手迎戰AI時代資安風險 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11720 Google發布開發人員漏洞掃描工具OSV-Scanner大改版2.0 https://www.securityweek.com/google-releases-major-update-for-open-source-vulnerability-scanner/ Google正式宣布將以320億美元買下資安新創Wiz https://www.ithome.com.tw/news/167940 外傳Alphabet再度試圖買下資安新創Wiz，開價300億美元 https://www.ithome.com.tw/news/167914 SoftBank將以65億美元的現金買下晶片開發商Ampere https://www.ithome.com.tw/news/167990 GCC 15首度整合COBOL 預設啟用C23並強化C++26支援 https://www.ithome.com.tw/news/167945 G.政府 資安署25年2月資安月報：駭客假冒財政部發動社交工程攻擊及冒牌軟體威脅增加 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11742 數發部警告駭客假冒財政部從事網釣攻擊，對政府機關及企業的財務人員下手 https://www.ithome.com.tw/news/167987 衛福部正式啟動臺灣醫療資訊標準大平台 推動醫療數據標準化 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11726 國軍官兵手機遭竊被賣到中國惹議，國防部表示未有機密資料外洩 https://www.ithome.com.tw/news/167886 稅務抽獎活動中獎人都是「彭家軍」！法務部調查局證實是駭客作弊擾亂抽獎結果 https://www.cna.com.tw/news/asoc/202503190387.aspx 昇銳電子傳出將中國監視器改標臺灣製造賣給公部門 https://www.cna.com.tw/news/asoc/202503200345.aspx H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 訊舟網路攝影機零時差漏洞去年上半遭到利用，兩組人馬散布殭屍網路Mirai https://thehackernews.com/2025/03/unpatched-edimax-camera-flaw-exploited.html Unpatched Edimax Camera Flaw Exploited for Mirai Botnet Attacks Since Last Year https://thehackernews.com/2025/03/unpatched-edimax-camera-flaw-exploited.html 群暉公布去年Pwn2Own找到的NAS重大漏洞細節，並指出若不處理攻擊者有機會發動RCE攻擊 https://www.ithome.com.tw/news/168029 工控系統mySCADA myPRO存在重大漏洞，恐導致整個系統遭到挾持 https://thehackernews.com/2025/03/critical-myscada-mypro-flaws-could-let.html Critical mySCADA myPRO Flaws Could Let Attackers Take Over Industrial Control Systems https://thehackernews.com/2025/03/critical-myscada-mypro-flaws-could-let.html I.教育訓練 資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 Lunch & Learn: Test Automation for Complete Beginners 2025/3/24 https://www.meetup.com/magicpod-community/events/306394705/ Chinese Linguistics, History, and Etymology 2025/3/25 https://www.meetup.com/formosa-technology-and-philosophy-symposium/events/305061650/ AI EXPO Taiwan 2025 2025/3/26 https://aiexpo2025.kktix.cc/events/aiexpo2025 企業 IT 必修課：虛擬化備援 + 弱點掃描，打造無縫資安防護 2025/4/11 https://mstech.kktix.cc/events/d41efa20 Google Cloud Summit Taipei 2025/6/12 https://cloudonair.withgoogle.com/events/summit-taipei-2025