###### tags: `資安事件新聞週報` # 資安事件新聞週報 2024/5/27 ~ 2024/5/31 1.重大弱點漏洞/後門/Exploit/Zero Day Cisco 近日發布更新以解決多個產品的安全性弱點 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-sqli-WFFDnNOs 思科揭露Firepower網頁管理平臺SQL注入漏洞 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-sqli-WFFDnNOs Check Point Warns of Zero-Day Attacks on its VPN Gateway Products https://thehackernews.com/2024/05/check-point-warns-of-zero-day-attacks.html 針對Check Point VPN攻擊行動資安事故，兩家資安業者揭露更多細節，指出對方利用零時差漏洞取得AD帳密進行橫向移動 https://www.ithome.com.tw/news/163197 Check Point證實旗下的VPN系統遭到鎖定，駭客用來入侵企業網路環境 https://www.ithome.com.tw/news/163141 研究人員公布Fortinet旗下SIEM已知漏洞CVE-2024-23108細節 https://www.horizon3.ai/attack-research/cve-2024-23108-fortinet-fortisiem-2nd-order-command-injection-deep-dive/ The vCenter Server contains an authenticated remote code execution vulnerability https://nvd.nist.gov/vuln/detail/CVE-2024-22274 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24308 VMware Workstation and Fusion CVE-2024-22267 https://nvd.nist.gov/vuln/detail/CVE-2024-22267 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280 Zabbix server can perform command execution CVE-2024-22120 https://nvd.nist.gov/vuln/detail/CVE-2024-22120 https://support.zabbix.com/browse/ZBX-24505 Veeam Backup Enterprise Manager 發現重大安全漏洞，建議用戶立即更新 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11092 Veeam Backup Enterprise Manager https://nvd.nist.gov/vuln/detail/CVE-2024-29849 https://nvd.nist.gov/vuln/detail/CVE-2024-29850 https://nvd.nist.gov/vuln/detail/CVE-2024-29851 https://veeam.com/kb4581 Acrobat Reader CVE-2024-30279 CVE-2024-30280 https://nvd.nist.gov/vuln/detail/CVE-2024-30279 https://nvd.nist.gov/vuln/detail/CVE-2024-30280 https://helpx.adobe.com/security/products/acrobat/apsb24-29.html The SolarWinds Platform was determined to be affected by a reflected cross-site scripting vulnerability https://nvd.nist.gov/vuln/detail/CVE-2024-29000 https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1-1_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-29000 Update Chrome Browser Now: 4th Zero-Day Exploit Discovered in May 2024 https://thehackernews.com/2024/05/google-detects-4th-chrome-zero-day-in.html CISA Alerts Federal Agencies to Patch Actively Exploited Linux Kernel Flaw https://thehackernews.com/2024/05/cisa-alerts-federal-agencies-to-patch.html FlyingYeti Exploits WinRAR Vulnerability to Deliver COOKBOX Malware in Ukraine https://thehackernews.com/2024/05/flyingyeti-exploits-winrar.html RedTail Crypto-Mining Malware Exploiting Palo Alto Networks Firewall Vulnerability https://thehackernews.com/2024/05/redtail-crypto-mining-malware.html 3款WordPress外掛程式漏洞遭到利用，攻擊者藉此注入後門及惡意指令碼 https://www.fastly.com/blog/active-exploitation-unauthenticated-stored-xss-vulnerabilities-wordpress/ 新加坡針對近期公布的WordPress外掛程式重大漏洞提出警告，並指出已有部分出現攻擊行動 https://www.ithome.com.tw/news/163172 人工智慧服務供應商Replicate平臺存在重大漏洞，恐導致用戶自用的AI模型外流 https://www.ithome.com.tw/news/163148 開源資料處理框架Apache Flink在3年前公布的弱點，美國CISA證實被用於攻擊行動 https://www.ithome.com.tw/news/163135 Google修補本月第4個Chrome零時差漏洞CVE-2024-5274 https://www.ithome.com.tw/news/163115 Firefox用於存取PDF檔案的元件存在弱點，有可能被用於執行任意JavaScript程式碼 https://www.ithome.com.tw/news/163133 2.銀行/金融/保險/證券/金融監理 新聞及資安 永續報告書審閱盯品質 上市櫃每5年至少被查一次 https://udn.com/news/story/7251/7996988?from=udn-ch1_breaknews-1-0-news 保險經紀人公司台名發布資安重訊，坦承遭供應鏈攻擊，客戶個資恐外洩 https://www.ithome.com.tw/news/163206 駭客兜售ATM惡意軟體，號稱能對全球約六成的提款機下手 https://dailydarkweb.net/new-atm-malware-threatens-european-banking-security/ Google Play市集的應用程式夾帶金融木馬Anatsa https://www.ithome.com.tw/news/163173 巴西銀行用戶遭到金融木馬AllaSenha鎖定 https://harfanglab.io/en/insidethelab/allasenha-allakore-variant-azure-c2-steal-banking-latin-america/ 3.信用卡/電子支付/行動支付/pay/支付系統/資安 防範網購詐騙 聯卡中心6月陸續導入OTP驗證進階版 https://udn.com/news/story/7239/7996885?from=udn-ch1_breaknews-1-0-news Dcard為什麼要出金融卡？年輕人財力並非最雄厚，「Richart D卡」看上哪點 https://www.bnext.com.tw/article/79247/dcard-richart-credit-card 傳騰訊被陸官方要求降低微信支付市佔率 https://www.moneydj.com/kmdj/news/newsviewer.aspx?a=831b88a9-92e5-4d73-a8b9-83c071920b02&c=MB10 行動支付被暫時封鎖？ 很多是誘騙 https://www.kmdn.gov.tw/1117/1271/1272/566831 iPhone 行動支付捷徑：一鍵開啟 LINE Pay、街口、7-11 等不同 App 的付款條碼 https://applealmond.com/posts/232688 電子支付、行動支付、第三方支付差在哪？三種數位支付名詞 一次快速看懂 https://agirls.aotter.net/post/63303 金融機構遭到鎖定，駭客組織濫用「踩地雷」小遊戲程式碼打造惡意程式並散布 https://cert.gov.ua/article/6279419 WordPress外掛程式遭到濫用，駭客企圖植入PHP惡意程式，竊取電商網站的信用卡交易資料 https://www.ithome.com.tw/news/163175 WordPress Plugin Exploited to Steal Credit Card Data from E-commerce Sites https://thehackernews.com/2024/05/wordpress-plugin-exploited-to-steal.html Moroccan Cybercrime Group Steals Up to $100K Daily Through Gift Card Fraud https://thehackernews.com/2024/05/moroccan-cybercrime-group-steals-up-to.html 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 Indian National Pleads Guilty to $37 Million Cryptocurrency Theft Scheme https://thehackernews.com/2024/05/indian-national-pleads-guilty-to-37.html 紐約證交所：若監管更明確，考慮提供加密貨幣交易服務 https://www.blocktempo.com/nyse-would-consider-crypto-trading/ 全球支付！萬事達卡推加密貨幣支付 可跨幣種、跨鏈、跨 14 國轉帳 https://news.cnyes.com/news/id/5581534 加密貨幣詐騙一年高達53億元，真的抓不到嗎？常見詐騙手法揭秘：別當肥羊 https://www.bnext.com.tw/article/79292/crypto-scam-police-20240531182256-rwxiepgh 加密貨幣詐騙 編造誘人收益數據 https://www.epochtimes.com/b5/24/5/30/n14260546.htm 萬事達卡推出 P2P 加密貨幣支付：可跨幣種、跨鏈、跨 14 國轉帳 https://blockcast.it/2024/05/30/mastercard-introduces-crypto-credential-for-peer-to-peer-crypto-payments/ 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 駭客假借提供盜版Office軟體散布木馬程式、挖礦軟體、代理伺服器工具 https://www.ithome.com.tw/news/163224 駭客透過惡意程式讓美國ISP業者的60萬臺路由器停擺 https://www.ithome.com.tw/news/163230 歐美各國執法單位聯手合作進行執法行動Operation Endgame，摧毀數個專門散布特定惡意程式的殭屍網路 https://www.ithome.com.tw/news/163217 勒索軟體ShrinkLocker濫用BitLocker加密電腦，導致電腦無法進入作業系統 https://www.ithome.com.tw/news/163183 惡意PyPi套件鎖定執行macOS的電腦而來，企圖植入惡意程式 https://securitylabs.datadoghq.com/articles/malicious-pypi-package-targeting-highly-specific-macos-machines/ 日本傳出無業男子濫用生成式AI製造勒索軟體被捕 https://news.tvbs.com.tw/world/2499703 Stack Overflow遭到濫用，攻擊者假借回答問題散布惡意程式 https://www.sonatype.com/blog/pypi-crypto-stealer-targets-windows-users-revives-malware-campaign 全球執法單位聯手拆除專門綁架個人電腦的大型殭屍網路911 S5，近2千萬裝置遭到控制 https://www.ithome.com.tw/news/163191 駭客架設多個冒充不同廠牌防毒軟體的網站，針對Windows、安卓裝置散布惡意程式 https://www.ithome.com.tw/news/163149 美國旅館入住系統傳出遭植入間諜程式pcTattletale https://techcrunch.com/2024/05/22/spyware-found-on-hotel-check-in-computers/ JAVS法庭錄影軟體遭遇供應鏈攻擊，攻擊者在安裝程式植入後門 https://www.ithome.com.tw/news/163126 Unmasking AsukaStealer: The $80 Malware Threatening Digital Security https://www.seqrite.com/blog/unmasking-asukastealer-the-80-malware-threatening-your-digital-security/ Malware campaign attempts abuse of defender binaries https://news.sophos.com/en-us/2024/04/26/malware-campaign-abuses-legit-defender-binaries/ https://raw.githubusercontent.com/sophoslabs/IoCs/master/2404%20impersonation%20campaign.csv 間諜軟體LightSpy擴張攻擊範圍，從行動裝置延伸至macOS電腦 https://www.threatfabric.com/blogs/lightspy-implant-for-macos LightSpy: Implant for macOS https://www.threatfabric.com/blogs/lightspy-implant-for-macos Side Loading through IObit against Colombia https://otx.alienvault.com/pulse/66570c1afb9df27ddda04dc9 'Reptile Recon': Discovering CryptoChameleon fast flux IOFAs. Hundreds of domains, IPs, and ASNs discovered https://www.silentpush.com/blog/cryptochameleon/ Static Unpacking for the Widespread NSIS-based Malicious Packer https://research.checkpoint.com/2024/static-unpacking-for-the-widespread-nsis-based-malicious-packer-family/ ETIC Cybersecurity 2024-05-26 Port Scan https://otx.alienvault.com/pulse/66525f6fc956ba3ca6442687 Interesting Yara hits - .jpg files hitting for Hidden Cobra or TA17-318B, APT_Tetris, APT_Terracotaliudoor, and APT_Tetrisplugins, and APT_TA18_074A https://otx.alienvault.com/pulse/665153dddd3792af2df33a7f Beware: These Fake Antivirus Sites Spreading Android and Windows Malware https://thehackernews.com/2024/05/fake-antivirus-websites-deliver-malware.html 殭屍網路CatDDoS鎖定逾80個已知漏洞，入侵多個廠牌網路設備、應用系統並將其用於DDoS攻擊 https://www.ithome.com.tw/news/163220 Researchers Warn of CatDDoS Botnet and DNSBomb DDoS Attack Technique https://thehackernews.com/2024/05/researchers-warn-of-catddos-botnet-and.html Europol Shuts Down 100+ Servers Linked to IcedID, TrickBot, and Other Malware https://thehackernews.com/2024/05/europol-dismantles-100-servers-linked.html U.S. Dismantles World's Largest 911 S5 Botnet with 19 Million Infected Devices https://thehackernews.com/2024/05/us-dismantles-worlds-largest-911-s5.html Cybercriminals Abuse Stack Overflow to Promote Malicious Python Package https://thehackernews.com/2024/05/cybercriminals-abuse-stackoverflow-to.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 自Android 15起系統將支援顯示儲存晶片的剩餘壽命並優化，讓你的手機能用更久 https://www.techbang.com/posts/114796-from-android-15-onwards-the-system-will-support-the-display Android手機能防盜、還能抓詐騙電話！一次盤點Google七大AI秘密武器 https://reurl.cc/ezQMYL iPhone 16實體搶先看！對比舊機「4大變革」 超廣角畫素再升級了 https://reurl.cc/VznYVn 日本瘋搶10年前「老舊iPhone」！「真實原因曝光」驚呆網 https://reurl.cc/QRNYQo 不用羨慕iPhone！Android手機已發訊息也能重新編輯了 https://3c.ltn.com.tw/news/58361 LINE來電沒畫面接不起來！Android用戶快更新　現在有解了 https://www.setn.com/News.aspx?NewsID=1476183 iPhone防水/耐用度有幾勁？網紅公開Apple測試實驗：13支水柱狂射 https://www.hk01.com/article/1024285?utm_source=01articlecopy&utm_medium=referral C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 Google搜尋引擎內部工程文件驚傳外洩 https://www.ithome.com.tw/news/163204 針對精品拍賣業者佳士得遭駭，勒索軟體駭客組織RansomHub聲稱是他們所為 https://www.ithome.com.tw/news/163167 荷蘭HSD專家在臺揭露歐盟資安法規趨勢，NIS 2指令規範已不僅針對關鍵CI，並要董事會承擔責任 https://www.ithome.com.tw/news/163051 Hackers Created Rogue VMs to Evade Detection in Recent MITRE Cyber Attack https://thehackernews.com/2024/05/hackers-created-rogue-vms-to-evade.html 中國駭客組織鎖定中東、非洲、亞洲政府機關，發動Operation Diplomatic Specter攻擊行動，散布後門程式 https://www.ithome.com.tw/news/163129 非洲、加勒比地區政府機關遭中國駭客組織Sharp Panda盯上 https://research.checkpoint.com/2024/sharp-dragon-expands-towards-africa-and-the-caribbean/ 北韓駭客組織Moonstone Sleet運用勒索軟體FakePenny從事攻擊行動 https://www.ithome.com.tw/news/163179 Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks https://www.microsoft.com/en-us/security/blog/2024/05/28/moonstone-sleet-emerges-as-new-north-korean-threat-actor-with-new-bag-of-tricks/ Microsoft Uncovers 'Moonstone Sleet' — New North Korean Hacker Group https://thehackernews.com/2024/05/microsoft-uncovers-moonstone-sleet-new.html Werewolf Sharpening Known Stealer for New Attacks https://otx.alienvault.com/pulse/66570af4938058148e728779 Hellhounds: Operation Lahat https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/hellhounds-operation-lahat-part-2/ Pakistan-linked Hackers Deploy Python, Golang, and Rust Malware on Indian Targets https://thehackernews.com/2024/05/pakistan-linked-hackers-deploy-python.html 印度政府、國防、航太機構遭巴基斯坦駭客鎖定，被植入跨平臺惡意程式 https://blogs.blackberry.com/en/2024/05/transparent-tribe-targets-indian-government-defense-and-aerospace-sectors Cyber Espionage Alert: LilacSquid Targets IT, Energy, and Pharma Sectors https://thehackernews.com/2024/05/cyber-espionage-alert-lilacsquid.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 英國媒體BBC傳出資料外洩，歷任員工個資恐外流 https://www.bbc.co.uk/mypension/news/240528 俄羅斯駭客FlyingYeti利用WinRAR漏洞對烏克蘭發動網釣攻擊 https://blog.cloudflare.com/disrupting-flyingyeti-campaign-targeting-ukraine 美國售票平臺Ticketmaster遭駭客入侵，5.6億客戶資料流入暗網 https://www.ithome.com.tw/news/163194 臺灣電腦硬體製造商Cooler Master傳出資料外洩，50萬會員個資流出 https://www.ithome.com.tw/news/163199 北美大學師生遭到鎖定，駭客聲稱提供免費鋼琴寄送釣魚郵件 https://www.proofpoint.com/us/blog/threat-insight/security-brief-sing-us-song-youre-piano-scam 駭客濫用Cloudflare Workers從事透明網路釣魚、HTML挾持攻擊 https://www.netskope.com/blog/phishing-with-cloudflare-workers-transparent-phishing-and-html-smuggling 嵌入式設備採用的動態DNS服務恐導致資料曝光，甚至有可能招致攻擊 https://securityaffairs.com/163617/hacking/ddns-services-leads-information-disclosure.html 針對企業寄信測試員工資安意識，Google認為效果不彰，甚至可能帶來危害 https://www.ithome.com.tw/news/163082 烏克蘭針對駭客組織UAC-0006的攻擊行動升溫提出警告，對方大肆藉由釣魚郵件散布惡意軟體SmokeLoader https://cert.gov.ua/article/6276584 印度應用系統開發業者資料外洩，曝露當地軍方及警察生物辨識資料 https://www.websiteplanet.com/news/india-biometric-breach-report/ Phishing with Cloudflare Workers: Transparent Phishing and HTML Smuggling https://www.netskope.com/blog/phishing-with-cloudflare-workers-transparent-phishing-and-html-smuggling New Tricks in the Phishing Playbook: Cloudflare Workers, HTML Smuggling, GenAI https://thehackernews.com/2024/05/new-tricks-in-phishing-playbook.html Report: The Dark Side of Phishing Protection https://thehackernews.com/2024/05/report-dark-side-of-phishing-protection.html BreachForums Returns Just Weeks After FBI Seizure - Honeypot or Blunder https://thehackernews.com/2024/05/breachforums-returns-just-weeks-after.html 身分驗證解決方案業者Okta針對帳號填充攻擊提出警告，自4月起有客戶成為歹徒目標 https://www.ithome.com.tw/news/163192 Okta Warns of Credential Stuffing Attacks Targeting Customer Identity Cloud https://thehackernews.com/2024/05/okta-warns-of-credential-stuffing.html Russian Hackers Target Europe with HeadLace Malware and Credential Harvesting https://thehackernews.com/2024/05/russian-hackers-target-europe-with.html E.研究報告/工具 Analysis of APT Attack Cases Using Dora RAT Against Companies https://asec.ahnlab.com/en/66088/ Experts Find Flaw in Replicate AI Service Exposing Customers' Models and Data https://thehackernews.com/2024/05/experts-find-flaw-in-replicate-ai.html DevOps Dilemma: How Can CISOs Regain Control in the Age of Speed https://thehackernews.com/2024/05/devops-dilemma-how-can-cisos-regain.html 4-Step Approach to Mapping and Securing Your Organization's Most Critical Assets https://thehackernews.com/2024/05/4-step-approach-to-mapping-and-securing.html New Research Warns About Weak Offboarding Management and Insider Risks https://thehackernews.com/2024/05/new-research-warns-about-weak.html How to Build Your Autonomous SOC Strategy https://thehackernews.com/2024/05/how-to-build-your-autonomous-soc.html Beyond Threat Detection – A Race to Digital Security https://thehackernews.com/2024/05/beyond-threat-detection-race-to-digital.html OpenAI, Meta, and TikTok Crack Down on Covert Influence Campaigns, Some AI-Powered https://thehackernews.com/2024/05/openai-meta-tiktok-disrupt-multiple-ai.html F.商業 Check Point 公布《2024 年雲端安全報告》：雲端安全事件劇增 154%，AI 驅動的主動威脅防禦成焦點 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11091 Fortinet實踐資安資訊公開透明承諾 呼籲重視安全產品開發流程 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11093 GitHub加速器資助11個開源AI專案，涵蓋普及化、資安、當責應用 https://www.ithome.com.tw/news/163171 OpenAI成立新的安全委員會 https://www.ithome.com.tw/news/163166 Zoom Workplace導入後量子端對端加密解決方案 https://www.ithome.com.tw/news/163022 G.政府 今年TWCERT/CC交由資安院維運，不只要從產業供應鏈推動，更要用主動服務來促進聯防 https://www.ithome.com.tw/news/163174 軍演帶動網攻 政府資安攔截奏功 https://www.chinatimes.com/newspapers/20240529000457-260118?chdtv 國安3.0戰略 新政府應提高資安三個韌性以維護民主發展 https://reurl.cc/9v0DK8 賴清德準總統公開承諾，新政府仍將繼續支持資安產業發展 https://www.ithome.com.tw/news/162873 台灣與索馬利蘭攜手向前 政府資訊與資安系統再升級 https://www.cna.com.tw/postwrite/chi/371839 評估友邦關係機密文件疑外洩 資安專家：最大風險在外館 https://reurl.cc/OMQYOg H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 CISA 將兩個 D-Link 路由器漏洞加入已知被利用漏洞名單 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11090 省成本、低耗時、一試多證，SESIP躍居炙手可熱的IoT資安認證 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11095 Rockwell Automation針對工業控制系統攻擊行動升溫提出警告，呼籲管理員勿將設備連接網際網路以策安全 https://www.ithome.com.tw/news/163146 ASUS routers supporting custom OpenVPN profiles are vulnerable to a code execution vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2024-0401 https://vulncheck.com/advisories/asus-ovpn-rce TP-Link Gaming Router Vulnerability Exposes Users to Remote Code Attacks https://thehackernews.com/2024/05/tp-link-gaming-router-vulnerability.html TP-Link修補C5400X路由器重大層級漏洞 https://onekey.com/blog/security-advisory-remote-command-execution-on-tp-link-archer-c5400x/ I.教育訓練 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 6.近期資安活動及研討會 Just a chat - with no Expectations 2024/6/1 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/300975648/ Find a Cofounder, Help or Join a Tech Startup 2024/6/2 https://www.meetup.com/startup-oasis-taipei/events/300932648/ Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/6/2 https://www.meetup.com/taiwan-code-camp/events/xfxtjtygckbdb/ Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/6/4 https://www.meetup.com/taiwan-code-camp/events/300732273/ 資通安全概論--中區--考前複習班 2024/6/4 https://moltke.nccu.edu.tw/Registration/registration.do?action=conferenceInfo&conferenceID=X22767 SyntaxError 2024/6/5 https://www.meetup.com/pythonhug/events/301057250/ 高雄 Rails Meetup 2024/6/5 https://www.meetup.com/rails-taiwan/events/301057497/ 資通安全成熟度模型驗證(CMMC)企業合規培訓課程 2024/6/5 ~ 2024/6/6 https://www.accupass.com/event/2405090148008901775100 HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會 淡水 2024/6/6 https://www.meetup.com/hackingthursday/events/301078115/ 國家高速網路與計算中心 教育訓練 粒子式電漿電磁模擬軟體VSim進階課程 2024/6/6 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4104&from_course_list_url=homepage 老朋友，三年了！ - WordPress 台中小聚 #25 2024/6/8 https://www.meetup.com/taichung-wordpress-meetup/events/301177363 Just a chat - with no Expectations 2024/6/8 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/301114364/ Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/6/11 https://www.meetup.com/taiwan-code-camp/events/301173252/ SyntaxError 2024/6/12 https://www.meetup.com/pythonhug/events/301195397/ 高雄 Rails Meetup 2024/6/12 https://www.meetup.com/rails-taiwan/events/301195646/ HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會 淡水 2024/6/13 https://www.meetup.com/hackingthursday/events/301215829/ AI前哨助手：使用Local LLM輔助日常開發原碼檢測工作坊 2024/6/14 https://acsiacad.kktix.cc/events/securecodews 邁入AI新境界 Copilot for Microsoft 365 技巧攻略與數據安全實踐 2024/6/14 https://www.accupass.com/event/2405251012141511840161 2024 第三屆安全達人養成計劃 2024/6/14 https://www.accupass.com/event/2405100449202104766405 Just a chat - with no Expectations 2024/6/15 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/301253254/ WordPress Taoyuan 午茶小聚 Linner Meetup #37 2024/6/15 https://www.meetup.com/taoyuan-wordpress-meetup/events/301012751/ AIoT智慧物聯網邊緣運算與資安實戰 2024/6/16 https://www.accupass.com/event/2404120334053507827320 Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/6/18 https://www.meetup.com/taiwan-code-camp/events/301314042/ Improving Your API Security Posture With GraphQL Protection And API Policy 2024/6/18 https://www.meetup.com/api-security-group-in-taipei/events/301214669/? 高雄 Rails Meetup 2024/6/19 https://www.meetup.com/rails-taiwan/events/301337672/ SyntaxError 2024/6/19 https://www.meetup.com/pythonhug/events/301337487/ Taipei dbt Meetup #24 for all folks working with data! (Hybrid 👫 + 🧑‍💻)2024/6/19 https://www.meetup.com/taipei-dbt-meetup/events/300586249/ 國家高速網路與計算中心 教育訓練 NVIDIA 大語言應用 2024/6/19 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4093&from_course_list_url=homepage HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會 淡水 2024/6/20 https://www.meetup.com/hackingthursday/events/301359329/ Just a chat - with no Expectations 2024/6/22 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/lsmkqsygcjbdc/ AI 無法無天？沒法度可管？真人現身說法 2024/6/23 https://www.accupass.com/event/2405140314463639696970 Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/6/25 https://www.meetup.com/taiwan-code-camp/events/xfxtjtygcjbhc/ 高雄 Rails Meetup 2024/6/26 https://www.meetup.com/rails-taiwan/events/qxfvjkygcjbjc/ SyntaxError 2024/6/26 https://www.meetup.com/pythonhug/events/pqnsctygcjbjc/ Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/6/26 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/299702428/ 數據掌權時代 解鎖資料解決方案的完整攻略 2024/6/26 https://www.accupass.com/event/2405251051471673260983 HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會 淡水 2024/6/27 https://www.meetup.com/hackingthursday/events/psspctygcjbkc/ AI應用系統開發與生成式AI應用人才培訓班第一梯次 2024/6/27 https://www.accupass.com/event/2401100729511706489107 市場趨勢--不怕被AI取代，企業資安關鍵人才剖析 2024/6/27 https://www.accupass.com/event/2405230228276957814350 AI應用系統開發與生成式AI應用人才培訓班第一梯次 2024/6/27 ~ 2024/8/9 https://www.accupass.com/event/2401100729511706489107 永續轉型：綠色供應鏈x資訊安全x多元共融 2024/6/28 https://smeoda.kktix.cc/events/2024-1 Just a chat - with no Expectations 2024/6/29 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/lsmkqsygcjbmc/ 高雄 Rails Meetup 2024/7/3 https://www.meetup.com/rails-taiwan/events/qxfvjkygckbfb/ SyntaxError 2024/7/3 https://www.meetup.com/pythonhug/events/pqnsctygckbfb/ HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會 淡水 2024/7/4 https://www.meetup.com/hackingthursday/events/psspctygckbgb/ 國家高速網路與計算中心 教育訓練 RSC The Merck Index資料庫中文線上 2024/7/4 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4105&from_course_list_url=homepage ISO 27001：2022資訊安全管理系統主導稽核員訓練 2024/7/8 ~ 2024/7/12 https://www.accupass.com/event/2403090707238144555890 國家高速網路與計算中心 教育訓練 ABAQUS基礎訓練課程 2024/7/9 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4099&from_course_list_url=homepage InfoSec Taiwan 2024 國際資安組織大會 2024/7/9 ~ 2024/7/11 https://csa.kktix.cc/events/infosectaiwan2024 .NET / Java 安全程式開發達人集訓班 2024/7/11 ~ 2024/7/12 https://www.accupass.com/event/2405280149081202805431 CraftCon Taiwan 奧義 AI 資安年會 2024/7/12 https://www.accupass.com/event/2404221057531664149101 【第1期】2024企業資訊安全基礎課程 2024/7/17 https://www.accupass.com/event/2402020448251773447860 Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/7/24 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/299702433/ 國家高速網路與計算中心 教育訓練 NVIDIA GPU 計算 2024/7/24 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=4094&from_course_list_url=homepage HITCON Cyber Range 2024 企業藍隊競賽 2024/7/26 ~ 2024/10/30 https://hitcon.kktix.cc/events/hitcon-cyberrange-2024 【安碁學苑】資安職能培訓｜系統網路安全管理師 2024/7/27 ~ 2024/8/24 https://acsiacad.kktix.cc/events/6ebd7fbd-copy-4 Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/8/28 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/299702435/