###### tags: `資安事件新聞週報` # 資安事件新聞週報 2024/10/28 ~ 2024/11/01 1.重大弱點漏洞/後門/Exploit/Zero Day Cisco 近日發布更新以解決多個產品的安全性弱點 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-statcred-dFC8tXT5 Cisco Adaptive Security Appliance (ASA) Software https://nvd.nist.gov/vuln/detail/CVE-2024-20329 https://nvd.nist.gov/vuln/detail/CVE-2024-20260 https://nvd.nist.gov/vuln/detail/CVE-2024-20402 https://nvd.nist.gov/vuln/detail/CVE-2024-20426 https://nvd.nist.gov/vuln/detail/CVE-2024-20494 https://nvd.nist.gov/vuln/detail/CVE-2024-20495 https://nvd.nist.gov/vuln/detail/CVE-2024-20268 https://nvd.nist.gov/vuln/detail/CVE-2024-20408 Cisco Firepower Management Center https://nvd.nist.gov/vuln/detail/CVE-2024-20424 思科緊急修補遭駭客積極利用的 ASA 與 FTD 軟體漏洞 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11336 Cisco Firepower Threat Defense Software https://nvd.nist.gov/vuln/detail/CVE-2024-20412 https://nvd.nist.gov/vuln/detail/CVE-2024-20330 https://nvd.nist.gov/vuln/detail/CVE-2024-20339 https://nvd.nist.gov/vuln/detail/CVE-2024-20351 FortiManager https://nvd.nist.gov/vuln/detail/CVE-2024-47575 群暉修補Pwn2Own發現的相簿應用程式弱點 https://securityonline.info/synology-fixes-critical-vulnerabilities-in-synology-photos-and-beephotos-after-pwn2own-exposure/ IBM QRadar App SDK for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities https://www.ibm.com/support/pages/node/7174420 IBM QRadar SIEM contains multiple vulnerabilities https://www.ibm.com/support/pages/node/7174634 Deployments may experience TCP Syslog Event ingestion issue after the 30 October 2024 Auto Update is completed https://www.ibm.com/support/pages/node/7174421 AI與ML系統的零時差漏洞應對策略 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11337 Researchers Uncover Vulnerabilities in Open-Source AI and ML Models https://thehackernews.com/2024/10/researchers-uncover-vulnerabilities-in.html New Research Reveals Spectre Vulnerability Persists in Latest AMD and Intel Processors https://thehackernews.com/2024/10/new-research-reveals-spectre.html 針對博通上個月修補的VMware vCenter重大漏洞，研究人員公布細節 https://securityonline.info/researcher-details-cve-2024-38812-cvss-9-8-critical-rce-flaw-in-vmware-vcenter/ Progress揭露WhatsUp Gold重大層級漏洞CVE-2024-7763 https://securityonline.info/whatsup-gold-users-beware-critical-authentication-bypass-flaw-exposed-cve-2024-7763-cvss-9-8/ RKE2重大漏洞恐曝露Windows節點，並讓攻擊者提升權限 https://securityonline.info/cve-2023-32197-rke2-flaw-exposes-windows-nodes-privilege-escalation/ 容器管理平臺SUSE Rancher存在重大層級漏洞，攻擊者有機會取得root權限 https://securityonline.info/cve-2024-22036-cvss-9-1-critical-rce-vulnerability-discovered-in-suse-rancher/ Amazon修補Cloud Development Kit帳戶接管漏洞 https://www.ithome.com.tw/news/165714 漏洞挖掘競賽Pwn2Own Ireland 2024找出逾70個零時差漏洞 https://www.bleepingcomputer.com/news/security/over-70-zero-day-flaws-get-hackers-1-million-at-pwn2own-ireland/ Trend Micro Apex One https://nvd.nist.gov/vuln/detail/CVE-2024-39753 Trend Micro Cloud Edge https://nvd.nist.gov/vuln/detail/CVE-2024-48904 Trend Micro Deep Security Agent https://nvd.nist.gov/vuln/detail/CVE-2024-48903 Trend Micro VPN (consumer) https://nvd.nist.gov/vuln/detail/CVE-2024-41183 Trend Micro Antivirus One https://nvd.nist.gov/vuln/detail/CVE-2024-45334 Trend Micro Deep Discovery Inspector (DDI) https://nvd.nist.gov/vuln/detail/CVE-2024-46902 LiteSpeed Cache Plugin Vulnerability Poses Significant Risk to WordPress Websites https://thehackernews.com/2024/10/litespeed-cache-plugin-vulnerability.html Opera Browser Fixes Big Security Hole That Could Have Exposed Your Information https://thehackernews.com/2024/10/opera-browser-fixes-big-security-hole.html 2.銀行/金融/保險/證券/金融監理 新聞及資安 中輸銀升級資安防護 落實金融生態鏈的當責 助企業與全球競合 https://csr.cw.com.tw/article/43868 一次資安事件就可能造成25億美元損失風險！ 歐洲的銀行機構如何預防數位金融中的資安漏洞 https://ithome.com.tw/pr/165719 證交所四大方針 強化資安發展 https://reurl.cc/A2VLZY 落實負責任創新北富銀AI 打造金融安全防護網 https://www.chinatimes.com/newspapers/20241030000492-260210?chdtv 發展普惠金融 富邦期貨 期顧策略平台 降低交易門檻 https://www.chinatimes.com/newspapers/20241030000502-260210?chdtv 銀行和監管機構示警二維碼詐騙多　將增加企業資安成本 https://www.taiwannews.com.tw/zh/news/5959651 3.信用卡/電子支付/行動支付/pay/支付系統/資安 TWQR數位支付登場　日、韓、星手機嗶一聲都通 https://www.knews.com.tw/news/3D3F01BAAF216FF420B2D6F0D64CD660#google_vignette iPASS一卡通攜手HIVEX　推出跨境行動支付服務　 https://lifenews.com.tw/218862/ 跨境支付啟動 一卡通成第4家前進日本電支 https://www.chinatimes.com/realtimenews/20241029004031-260410?chdtv LINE Pay攜手富邦產險，再拓保險支付場景 https://www.moneydj.com/kmdj/news/newsviewer.aspx?a=4828534b-43ad-4b4f-abc4-8b2ca0845bb4 杜絕信用卡盜刷盜綁 行動支付綁卡變麻煩 https://reurl.cc/vvY4Mj 用戶數逾台灣一半人口！LINE Pay即將上市 明年可望升格電子支付 https://udn.com/news/story/7254/8313530 澳洲將禁止電子支付手續費轉嫁消費者，2026 年上路 https://technews.tw/2024/10/15/australia-digital-payment-debit-card-fee/ foodpanda、Uber Eats支付新選擇！金管會鬆綁電子支付規範 https://www.gvm.com.tw/article/116245 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 美國財政部將加密貨幣列為潛在風險 https://www.hk01.com/article/1071658?utm_source=01articlecopy&utm_medium=referral 川普67%超高勝選率造假? 加密平台Polymarket傳驚天虛假交易醜聞 https://newtalk.tw/news/view/2024-10-31/942565 用「央行數位貨幣」取代穩定幣？美財政部顧問團驚人建議曝光 https://blockcast.it/2024/10/31/us-treasury-releases-report-on-digital-assets-and-tokenization/ Coinbase 與 Visa 合作導入 Visa Direct 即時帳戶注資服務，一卡轉帳兼買幣 https://abmedia.io/coinbase-visa-cooperation-visa-direct 幣安新任命 Jeff Li 為產品副總裁：推動加密貨幣和 Web3 應用普及 https://www.blocktempo.com/binance-unveils-new-vp-of-product-jeff-li-at-bbw/ 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 中國駭客開發專偷雲端資料的惡意軟體工具包，前兩年臺灣有政府機關與宗教組織遇害 https://www.ithome.com.tw/news/165749 執法單位搗毀竊資軟體RedLine、Meta的基礎設施 https://www.ithome.com.tw/news/165776 勒索軟體Psaux鎖定伺服器管理介面CyberPanel而來，一度有近2.2萬臺設備曝險 https://www.ithome.com.tw/news/165767 後門程式Rekoobe鎖定交易社群網站TradingView用戶而來 https://securityonline.info/rekoobe-backdoor-and-typosquatting-domains-a-potential-threat-to-tradingview-users/ 中國駭客藉由殭屍網路Quad7竊取帳密資料 https://www.ithome.com.tw/news/165796 俄羅斯駭客UNC5812偽裝成與烏克蘭友好組織，意圖透過Telegram散布惡意程式 https://www.bleepingcomputer.com/news/security/russia-targets-ukrainian-conscripts-with-windows-android-malware/ 北韓駭客Andariel傳出與勒索軟體Play狼狽為奸 https://www.ithome.com.tw/news/165819 新型態降級攻擊可讓攻擊者植入惡意核心驅動程式、Rootkit https://www.ithome.com.tw/news/165721 勒索軟體Black Basta透過微軟Teams進行社交工程攻擊 https://www.ithome.com.tw/news/165815 勒索軟體Qilin出現變種，攻擊者採用更為複雜的方法埋藏加密金鑰 https://thehackernews.com/2024/10/new-qilinb-ransomware-variant-emerges.html 勒索軟體Beast鎖定Windows、NAS、VMware ESXi而來 https://www.cybereason.com/blog/threat-analysis-beast-ransomware 勒索軟體Black Basta透過微軟Teams進行社交工程攻擊 https://www.bleepingcomputer.com/news/security/black-basta-ransomware-poses-as-it-support-on-microsoft-teams-to-breach-networks/ 勒索軟體Fog、Akira鎖定SonicWall防火牆的VPN功能而來，意圖入侵企業網路環境 https://www.ithome.com.tw/news/165817 勒索軟體Fog鎖定SonicWall防火牆的VPN功能而來，意圖入侵企業網路環境 https://www.bleepingcomputer.com/news/security/fog-ransomware-targets-sonicwall-vpns-to-breach-corporate-networks/ 惡意廣告透過臉書轉傳，意圖散布竊資軟體SYS01stealer https://thehackernews.com/2024/10/malvertising-campaign-hijacks-facebook.html 紡織業者力鵬傳出遭遇勒索軟體攻擊 https://mops.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=180929&SPOKE_DATE=20241028&COMPANY_ID=1447 Unauthorized RDP Connections For Cyberespionage Operations https://cyble.com/blog/heptax-unauthorized-rdp-connections-for-cyberespionage-operations/ Akira ransomware continues to evolve https://blog.talosintelligence.com/akira-ransomware-continues-to-evolve/ Four REvil Ransomware Members Sentenced in Rare Russian Cybercrime Convictions https://thehackernews.com/2024/10/four-revil-ransomware-members-sentenced.html Russian Espionage Group Targets Ukrainian Military with Malware via Telegram https://thehackernews.com/2024/10/russian-espionage-group-targets.html Researchers Uncover Python Package Targeting Crypto Wallets with Malicious Code https://thehackernews.com/2024/10/researchers-uncover-python-package.html Microsoft Warns of Chinese Botnet Exploiting Router Flaws for Credential Theft https://thehackernews.com/2024/11/microsoft-warns-of-chinese-botnet.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 間諜軟體LightSpy鎖定iOS裝置，可搭配近30種外掛發動各式攻擊 https://securityonline.info/threatfabric-reveals-dangerous-upgrades-in-lightspy-spyware-28-plugins-targeting-ios-devices/ New LightSpy Spyware Version Targets iPhones with Increased Surveillance Tactics https://thehackernews.com/2024/10/new-lightspy-spyware-version-targets.html AI+大數據加持！第一銀行App「安全管家」上線 智慧偵測防詐 https://news.cnyes.com/news/id/5754196 別讓企業App成為品牌不定時炸彈！App安全風險大解析 https://www.bnext.com.tw/article/80740/digicentre C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 兼顧快速與安全的系統通關方式 https://www.ithome.com.tw/voice/165793 跟上國際腳步，臺灣Passkey應用實例出爐 https://www.ithome.com.tw/news/165788 被動元件製造商華新科技上週公布遭駭重訊，勒索軟體RansomHub聲稱是他們發動攻擊所致 https://www.ithome.com.tw/news/165723 大型造船廠台船郵件系統遭受攻擊 https://mops.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=170029&SPOKE_DATE=20241025&COMPANY_ID=2208 駭客組織TeamTNT鎖定雲端環境發動攻擊，將受害主機租給他人牟利 https://thehackernews.com/2024/10/notorious-hacker-group-teamtnt-launches.html 因CrowdStrike大當機停擺多日，達美航空正式提告並求償5億美元 https://www.ithome.com.tw/news/165706 美國發布首個AI國家安全備忘錄 https://www.ithome.com.tw/news/165692 美國防部將以三年、四階段推動CMMC規則 https://www.ithome.com.tw/news/165688 美國政府證實電信業者遭到中國駭客入侵 https://www.ithome.com.tw/news/165750 香港、巴基斯坦關鍵基礎設施遭遇Cobalt Whisper攻擊 https://www.ithome.com.tw/news/165760 俄羅斯駭客APT29利用惡意RDP組態檔案入侵組織網路環境 https://thehackernews.com/2024/10/cert-ua-identifies-malicious-rdp-files.html 俄羅斯駭客Midnight Blizzard利用惡意RDP組態檔案，入侵全球超過100個組織的網路環境 https://www.ithome.com.tw/news/165774 中國駭客鎖定各家廠牌的網路設備、資安設備，挖掘零時差漏洞從事攻擊行動 https://www.ithome.com.tw/news/165810 North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack https://thehackernews.com/2024/10/north-korean-group-collaborates-with.html Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services https://thehackernews.com/2024/10/chinese-hackers-use-cloudscout-toolset.html Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining https://thehackernews.com/2024/10/notorious-hacker-group-teamtnt-launches.html CERT-UA Identifies Malicious RDP Files in Latest Attack on Ukrainian Entities https://thehackernews.com/2024/10/cert-ua-identifies-malicious-rdp-files.html SEC Charges 4 Companies Over Misleading SolarWinds Cyber Attack Disclosures https://thehackernews.com/2024/10/sec-charges-4-companies-over-misleading.html Dutch Police Disrupt Major Info Stealers RedLine and MetaStealer in Operation Magnus https://thehackernews.com/2024/10/dutch-police-disrupt-major-info.html U.S. Government Issues New TLP Guidance for Cross-Sector Threat Intelligence Sharing https://thehackernews.com/2024/10/us-government-issues-new-tlp-guidance.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 大規模攻擊行動EmeraldWhale掃描曝露的Git組態，竊得1.5萬組雲端帳密資料 https://www.bleepingcomputer.com/news/security/hackers-steal-15-000-cloud-credentials-from-exposed-git-config-files/ 法國大型ISP業者Free證實資料遭到外流 https://www.ithome.com.tw/news/165751 美國醫療服務供應商UnitedHealth坦承1億用戶資料遭竊 https://www.ithome.com.tw/news/165715 【C2C電商平臺業Passkey應用實例：露天市集】電商會員帳號登入安全新作法，以無密碼對抗網釣 https://www.ithome.com.tw/news/165791 【觀光旅遊服務業Passkey應用實例：可樂旅遊】旅遊網站新增FIDO的快速登入，B2C與B2B都支援 https://www.ithome.com.tw/news/165790 【遊戲點數儲值服務業Passkey應用實例：智冠科技】MyCard帳號安全再強化，App登入有FIDO加持 https://www.ithome.com.tw/news/165789 A Sherlock Holmes Approach to Cybersecurity: Eliminate the Impossible with Exposure Validation https://thehackernews.com/2024/10/a-sherlock-holmes-approach-to.html Cybercriminals Use Webflow to Deceive Users into Sharing Sensitive Login Credentials https://thehackernews.com/2024/10/cybercriminals-use-webflow-to-deceive.html Massive Git Config Breach Exposes 15,000 Credentials; 10,000 Private Repos Cloned https://thehackernews.com/2024/11/massive-git-config-breach-exposes-15000.html New Phishing Kit Xiū gǒu Targets Users Across Five Countries With 2,000 Fake Sites https://thehackernews.com/2024/11/new-phishing-kit-xiu-gou-targets-users.html E.研究報告/工具 IAM致命盲區：非人類身份管理危機浮現 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11341 當 CPS 成為新戰場，ORB將成攻擊新常態 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11329 研究人員利用十六進位編碼、表情符號，繞過ChatGPT-4o防護措施 https://www.securityweek.com/first-chatgpt-jailbreak-disclosed-via-mozillas-new-ai-bug-bounty-program/ AMD與Intel處理器出現新的Spectre攻擊手法 https://securityexpress.info/amd-intel-cpus-vulnerable-to-new-spectre-like-attacks/ Researchers Discover Command Injection Flaw in Wi-Fi Alliance's Test Suite https://thehackernews.com/2024/10/researchers-discover-command-injection.html Eliminating AI Deepfake Threats: Is Your Identity Security AI-Proof https://thehackernews.com/2024/10/eliminating-ai-deepfake-threats-is-your.html Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel https://thehackernews.com/2024/10/researchers-uncover-os-downgrade.html Embarking on a Compliance Journey? Here's How Intruder Can Help https://thehackernews.com/2024/10/embarking-on-compliance-journey-heres.html 5 SaaS Misconfigurations Leading to Major Fu*%@ Ups https://thehackernews.com/2024/11/5-saas-misconfigurations-leading-to.html Researchers Uncover Python Package Targeting Crypto Wallets with Malicious Code https://thehackernews.com/2024/10/researchers-uncover-python-package.html Embarking on a Compliance Journey? Here's How Intruder Can Help https://thehackernews.com/2024/10/embarking-on-compliance-journey-heres.html F.商業 主動防禦！NDR打造企業安全的第二道防線 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11322 Apple 推出私有雲計算虛擬機，邀請研究人員尋找漏洞 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11339 Apple Opens PCC Source Code for Researchers to Identify Bugs in Cloud AI Security https://thehackernews.com/2024/10/apple-opens-pcc-source-code-for.html 微軟打造假 Azure 租戶 主動誘捕網釣攻擊者 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11323 Microsoft Delays Windows Copilot+ Recall Release Over Privacy Concerns https://thehackernews.com/2024/11/microsoft-delays-windows-copilot-recall.html 微軟首度提供Windows 10個人用戶延伸安全更新，1年要價30美元 https://www.ithome.com.tw/news/165795 全景軟體上櫃 強打資安 https://udn.com/news/story/7254/8327180 G.政府 〈台北金融科技展〉刷碼就能領！政府「數位券」平台明年全面上線 任一App都通 https://reurl.cc/xv54zZ 財金公司數位券平台明年介接數發部 民眾領券更便利 https://reurl.cc/jyzYbp 數發部人事地震 林盈達明年1月掌資安院 https://ec.ltn.com.tw/article/breakingnews/4849277 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 Sailing the Seven Seas Securely from Port to Port – OT Access Security for Ships and Cranes https://thehackernews.com/2024/10/sailing-seven-seas-securely-from-port.html PTZ視訊鏡頭重大層級的零時差漏洞遭到鎖定 https://www.bleepingcomputer.com/news/security/hackers-target-critical-zero-day-vulnerability-in-ptz-cameras/ I.教育訓練 資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 Taipei dbt Meetup #29 for all folks working with data! (Hybrid 👫 + 🧑‍💻)2024/11/2 https://www.meetup.com/taipei-dbt-meetup/events/303712613/ OKRs for Startup Success - Online 2024/11/2 https://www.meetup.com/startup-agile-bangkok/events/303580689/ Launch Pad: Igniting Innovation 2024/11/2 https://www.meetup.com/aws-cloud-club-in-philippines/events/304137646/ Just a chat - with no Expectations 2024/11/2 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/lsmkqsygcpbdb/ 用户故事地图实操工作坊 2024/11/3 https://www.meetup.com/shanghai-agile-scrum-user-group/events/304230951/ 2024 FinTechOn Conference 2024金融科技趨勢論壇《迎向黎明：虛擬資產監管與反詐行動》 2024/11/4 https://www.accupass.com/event/2410010730391206912911 [Lunch & Learn] 數碼時代的個人資料保護與法律責任 2024/11/4 https://www.meetup.com/meetups-hk-science-park/events/304155797/ Trustrade weekly TUESDAY ZOOM meeting! 2024/11/5 https://www.meetup.com/hong-kong-blockchain-business/events/304281151/ Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/11/5 https://www.meetup.com/taiwan-code-camp/events/304039365/ Trustrade Business Networking powered by ZOOM 2024/11/5 https://www.meetup.com/sophisticated-blockchain-cryptocurrency-professionals/events/304281179/ Silicon Valley Business Networking (Online) 2024/11/5 https://www.meetup.com/hong-kong-startup-idea-to-ipo/events/304283394/ Monthly WasmEdge Community Meeting, the runtime for LLM/AGI 2024/11/5 https://www.meetup.com/wasm-rust-meetup/events/304105323/ Algorithms Study Group! 2024/11/5 https://www.meetup.com/codeseoul/events/304280673/ 後量子密碼學 (PQC) 在汽車產業的遷移應用與資安挑戰 2024/11/7 https://www.accupass.com/event/2410280713202287891940 HackingThursday 固定聚會 台北場 Taipei 2024/11/7 https://www.meetup.com/hackingthursday/events/fcmtntygcpbkb/ Slot 1 (APAC/EMEA) 2024/11/7 https://www.meetup.com/coop-casual-conference/events/lxqrltygcpbkb/ Demystifying Xanadu and GenAI 2024/11/7 https://www.meetup.com/manila-servicenow-meetup-group/events/304074776/ 資安沙龍活動 | 透視資安威脅 掌握企業風險 2024/11/8 https://csa.kktix.cc/events/s-salon IT Tech & Hobby Talk-Taipei 2nd Event, supported by Wankuma Alliance 2024/11/8 https://www.meetup.com/it-tech-and-hobby-talk-taipei/events/303932586/ Lets talk about Entertainment 2024/11/9 https://www.meetup.com/i-t-social-cafe/events/304176693/ ISC2 Taipei Chapter 2024年度會員大會暨「共益資安 共榮台灣」資訊安全研討會 2024/11/9 https://isc2taipei.kktix.cc/events/allforsecuritysecurityforall Use Predictive and Generative AI to Solve Problems 预测式和生成式人工智能 2024/11/9 https://www.meetup.com/hands-on-ai/events/304040666/ 八王子 WordPress Meetup 2024年11月度「一からノーコードでWordPressサイト制作・3」2024/11/9 https://www.meetup.com/tokyo-wordpress-meetup/events/304177700/ HITCON 菁英人才交流活動 2024/11/9 - 2024/11/10 https://hitcon.kktix.cc/events/hitcon-ctf 【2024/11】WordPress 彩虹小聚：重塑網站靈魂｜如何運用文字打造網站獨特個性2024/11/11 https://www.meetup.com/taipei-wordpress/events/304093283/ DQS Taiwan: TISAX® 國際車載資安驗證標準研討會 2024/11/11 https://www.accupass.com/event/2410030757211689575196 Algorithms Study Group! 2024/11/12 https://www.meetup.com/codeseoul/events/rslrltygcpbqb/ Trustrade Business Networking powered by ZOOM 2024/11/12 https://www.meetup.com/sophisticated-blockchain-cryptocurrency-professionals/events/ffdghsygcpbqb/ Trustrade weekly TUESDAY ZOOM meeting! 2024/11/12 https://www.meetup.com/hong-kong-blockchain-business/events/rzkwqsygcpbqb/ Silicon Valley Business Networking (Online) 2024/11/12 https://www.meetup.com/hong-kong-startup-idea-to-ipo/events/304262951/ Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/11/12 https://www.meetup.com/taiwan-code-camp/events/304159943/ 後量子密碼安全產品開發工作坊-加密資安共識會議 2024/11/12 https://www.accupass.com/event/2410300724121165776300 Free OPEN Passes to CloudX 2024 2024/11/12 https://www.meetup.com/aws-user-group-philippines/events/304057059/ [ONLINE OPEN CAMPUS] Discover our Web Development & Data Science bootcamps!2024/11/13 https://www.meetup.com/le-wagon-seoul/events/304140213/ [HYBRID OPEN CAMPUS] Discover our Web Development & Data Science bootcamps! 2024/11/13 https://www.meetup.com/le-wagon-tokyo-coding-station/events/303914082/ HackingThursday 固定聚會 台北場 Taipei 2024/11/14 https://www.meetup.com/hackingthursday/events/fcmtntygcpbsb/ 國際自動化協會臺灣分會：融合與創新：數位轉型下的工控場域資安挑戰 2024/11/14 https://isatw.kktix.cc/events/isa-2024q4-isataiwan-meeting 網路自由小聚 [11月] ：全球數位人權大會 RightsCon 25 Taipei 前導介紹會 2024/11/14 https://ocftw.kktix.cc/events/internetfreedom-nov2024 Slot 1 (APAC/EMEA) 2024/11/14 https://www.meetup.com/coop-casual-conference/events/lxqrltygcpbsb/ Pitch Your Ideas to Investors, Online 2024/11/14 https://www.meetup.com/hanoi-startup-founder-101/events/303786941/ 打造 Microsoft 365 資料安全堡壘 2024/11/15 https://www.accupass.com/event/2410240717102969754260 2024 第九屆區塊鏈愛好者年會 2024/11/18 https://www.accupass.com/event/2409130849071943030502 Trustrade weekly TUESDAY ZOOM meeting! 2024/11/19 https://www.meetup.com/hong-kong-blockchain-business/events/rzkwqsygcpbzb/ Algorithms Study Group! 2024/11/19 https://www.meetup.com/codeseoul/events/rslrltygcpbzb/ Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/11/19 https://www.meetup.com/taiwan-code-camp/events/304284758/ Trustrade Business Networking powered by ZOOM 2024/11/19 https://www.meetup.com/sophisticated-blockchain-cryptocurrency-professionals/events/ffdghsygcpbzb/ Silicon Valley Business Networking (Online) 2024/11/19 https://www.meetup.com/hong-kong-startup-idea-to-ipo/events/xppjhtygcpbzb/ 資安五四三 2024/11/20 https://csa.kktix.cc/events/202411-543 Machine Learning Tech Talks 2024/11/20 https://www.meetup.com/machine-learning-tech-talks/events/304154748/ Slot 1 (APAC/EMEA) 2024/11/21 https://www.meetup.com/coop-casual-conference/events/lxqrltygcpbcc/ Session #9: Google AI Seminar (Virtual) 2024/11/21 https://www.meetup.com/meetup-group-epigxybb/events/304205745/ HackingThursday 固定聚會 台北場 Taipei 2024/11/21 https://www.meetup.com/hackingthursday/events/fcmtntygcpbcc/ [Online] Philippine Bitcoin meetup 2024/11/21 https://www.meetup.com/philippine-bitcoiners/events/300961127/ 【安碁學苑】資安職能培訓｜安全程式開發管理師 2024/11/23 ~ 2024/12/21 https://acsiacad.kktix.cc/events/308914 Taoyuan WordPress Café 桃園咖啡小聚 #42 2024/11/23 https://www.meetup.com/taoyuan-wordpress-meetup/events/304123625/ #130 swirl: The Package for Learning and Teaching Data Science in R 2024/11/23 https://www.meetup.com/r-user-group-philippines/events/296013262/ Exploring Azure AI Services and Certification Pathways 2024/11/25 https://www.meetup.com/rladies-taipei/events/303989737/ Algorithms Study Group! 2024/11/26 https://www.meetup.com/codeseoul/events/rslrltygcpbjc/ Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/11/26 https://www.meetup.com/taiwan-code-camp/events/xfxtjtygcpbjc/ Trustrade Business Networking powered by ZOOM 2024/11/26 https://www.meetup.com/sophisticated-blockchain-cryptocurrency-professionals/events/ffdghsygcpbjc/ Trustrade weekly TUESDAY ZOOM meeting! 2024/11/26 https://www.meetup.com/hong-kong-blockchain-business/events/rzkwqsygcpbjc/ Silicon Valley Business Networking (Online) 2024/11/26 https://www.meetup.com/hong-kong-startup-idea-to-ipo/events/xppjhtygcpbjc/ Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/11/27 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/bmzxltygcpbkc/ 【2024 RMN ASIA】AI 驅動零售變革 · RMN重新定義行銷生態 2024/11/28 https://www.accupass.com/event/2409050256092193763570 Slot 1 (APAC/EMEA) 2024/11/28 https://www.meetup.com/coop-casual-conference/events/lxqrltygcpblc/ HackingThursday 固定聚會 台北場 Taipei 2024/11/28 https://www.meetup.com/hackingthursday/events/fcmtntygcpblc/ 【TIRI線上董事、公司治理主管進修課程】漫談資安治理的盲點與對策 2024/11/29 https://www.accupass.com/event/2408290602361963077719 金融反詐 X AI深偽：資安實務專題講座（北部場） 2024/11/29 https://isipevent.kktix.cc/events/n165isip Threat Analyst Summit 2024 威脅分析師高峰會 2024/12/11 ~ 2024/12/12 https://teamt5tw.kktix.cc/events/tas2024 金融反詐 X AI深偽：資安實務專題講座（中部場）2024/12/16 https://isipevent.kktix.cc/events/m165isip Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/12/25 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/bmzxltygcqbhc/