###### tags: `資安事件新聞週報` # 資安事件新聞週報 2024/09/02 ~ 2024/09/06 1.重大弱點漏洞/後門/Exploit/Zero Day 思科授權管理軟體存在重大漏洞，攻擊者可用來取得管理者權限、竊取敏感資料 https://www.ithome.com.tw/news/164861 思科修補已被公開的身分驗證系統ISE權限提升漏洞 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-injection-6kn9tSxm Cisco Fixes Two Critical Flaws in Smart Licensing Utility to Prevent Remote Attacks https://thehackernews.com/2024/09/cisco-fixes-two-critical-flaws-in-smart.html VMware修補虛擬化平臺Fusion高風險漏洞 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24939 Breaking Down AD CS Vulnerabilities: Insights for InfoSec Professionals https://thehackernews.com/2024/08/breaking-down-ad-cs-vulnerabilities.html 俄羅斯、白俄羅斯遭到WinRAR漏洞攻擊 https://www.ithome.com.tw/news/164843 Hacktivists Exploits WinRAR Vulnerability in Attacks Against Russia and Belarus https://thehackernews.com/2024/09/hacktivists-exploits-winrar.html 美國機場航空運輸安全系統存在SQL注入漏洞，可被未經授權人士繞過安檢 https://www.bleepingcomputer.com/news/security/researchers-find-sql-injection-to-bypass-airport-tsa-security-checks/ 北韓駭客利用Chrome零時差漏洞，意圖植入rootkit程式Fudmodule https://www.ithome.com.tw/news/164801 North Korean Hackers Deploy FudModule Rootkit via Chrome Zero-Day Exploit https://thehackernews.com/2024/08/north-korean-hackers-deploy-fudmodule.html North Korean threat actor Citrine Sleet exploiting Chromium zero-day https://www.microsoft.com/en-us/security/blog/2024/08/30/north-korean-threat-actor-citrine-sleet-exploiting-chromium-zero-day/ Hacktivists Exploits WinRAR Vulnerability in Attacks Against Russia and Belarus https://thehackernews.com/2024/09/hacktivists-exploits-winrar.html IBM QRadar Assistant App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities (CVE-2024-39338, CVE-2024-4068, CVE-2021-23727) https://www.ibm.com/support/pages/node/7167607 Veeam發布9月更新，修補備份軟體重大漏洞 https://www.veeam.com/kb4649 Apache基金會修補ERP系統OFBiz高風險漏洞 https://www.rapid7.com/blog/post/2024/09/05/cve-2024-45195-apache-ofbiz-unauthenticated-remote-code-execution-fixed/ WordPress網站加速外掛LiteSpeed Cache再傳漏洞，6百萬網站曝露於遭到挾持的風險 https://patchstack.com/articles/critical-account-takeover-vulnerability-patched-in-litespeed-cache-plugin/ Yubico旗下FIDO裝置存在Eucleak弱點，攻擊者有機會取得ECDSA金鑰 https://ninjalab.io/wp-content/uploads/2024/09/20240903_eucleak.pdf 2.銀行/金融/保險/證券/金融監理 新聞及資安 安卓木馬Rocinante鎖定巴西用戶而來，偽製成銀行應用程式對其下手 https://www.ithome.com.tw/news/164871 Rocinante Trojan Poses as Banking Apps to Steal Sensitive Data from Brazilian Android Users https://thehackernews.com/2024/09/rocinante-trojan-poses-as-banking-apps.html 打擊詐欺犯罪，彰檢召開「檢、警、金」會議，成立「可疑帳戶預警中心」。 https://www.kingtop.com.tw/detail.php?type=lastest&id=32307 資安控管有缺失！「基富通證券」違反證券管理法　遭罰30萬 https://www.setn.com/News.aspx?NewsID=1525405 3.信用卡/電子支付/行動支付/pay/支付系統/資安 思科網路商店驚傳遭植入惡意JavaScript，信用卡資料、帳密恐外流 https://www.bleepingcomputer.com/news/security/hackers-inject-malicious-js-in-cisco-store-to-steal-credit-cards-credentials/ TWQR到底是什麼？支援哪些電子支付及使用方法一次看懂 https://today.line.me/tw/v2/article/oq3gBJp icash Pay是什麼？好用嗎？2024年實用功能一次看懂 https://www.sogi.com.tw/articles/icash_pay/6262736 不用再換一堆日圓！街口支付日本可以直接用！使用教學一次看懂 https://www.sogi.com.tw/articles/jkopay/6262799 日本電子支付攻略》如何用全支付/街口/玉山Wallet 在日本 PayPay付款？有哪些優惠 https://www.cardu.com.tw/mpay/detail.php?53450 玉山Wallet創新推出跨境網購即查即繳電子支付服務 https://money.udn.com/money/story/5636/8211159 電子支付｜淘寶天貓將接入微信支付　微信：與淘寶平台商家功能適配正開通中、淘寶：積極探索互通合作 https://reurl.cc/eyyM1x 電子錢包｜騰訊舉行「久久公益節」　WeChat Pay HK用戶每捐1元、騰訊基金會香港配捐1元 https://inews.hket.com/article/3823623 阿里騰訊大和解！淘寶將引進微信支付 陸行動支付股走高、金融科技族群漲停慶祝 https://m.cnyes.com/news/id/5708278 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 Ex-Engineer Charged in Missouri for Failed $750,000 Bitcoin Extortion Attempt https://thehackernews.com/2024/09/ex-engineer-charged-in-missouri-for.html 比特幣減半神話已死？分析：2016年是最後機會，2020年暴漲只是偶然 https://www.blocktempo.com/bitcoin-halving-myth-shattered-crypto-vcs-claim-2016-was-the-last-chance/ 美國民主黨也將支持加密行業？賀錦麗的政治委員會已接受加密貨幣捐款 https://m.cnyes.com/news/id/5709992 比特幣生態日報（9.5）| 符文已產生超2200BTC的費用；Coloredbitcoin染色幣網站上線 https://news.cnyes.com/news/id/5710253 FTX災難性豪賭後！Thoma Bravo 創辦人發誓「永遠不再碰」加密貨幣 https://ec.ltn.com.tw/article/breakingnews/4791671 比特幣入門指南：幣安學院協助您從零開始了解加密貨幣 https://www.inside.com.tw/article/36125-Binance 川普承諾如果當選：將擁抱加密貨幣、讓馬斯克審計政府支出 https://blockcast.it/2024/09/06/trump-promises-to-embrace-crypto-and-create-government-efficiency-commission-led-by-elon-musk-if-elected/ 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 「佛地魔」惡意程式假冒全球各地稅務機關發動攻擊 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11222 半年前現身的RansomHub勒索軟體，受害者已超過210家 https://www.ithome.com.tw/news/164809 Atlassian Confluence重大漏洞遭到利用，攻擊者意圖挾持伺服器挖礦 https://www.ithome.com.tw/news/164812 後門程式Godzilla鎖定Atlassian Confluence發動攻擊 https://www.trendmicro.com/en_us/research/24/h/godzilla-fileless-backdoors.html 惡意軟體Voldemort濫用Google Sheets，意圖竊取全球企業組織稅務機關資料 https://www.ithome.com.tw/news/164818 鍵盤側錄器Snake Keylogger假借轉帳通知散布 https://securityonline.info/new-snake-keylogger-variant-slithers-into-phishing-campaigns/ 北韓駭客散布惡意NPM套件，意圖透過JavaScript指令碼進行多階段惡意軟體下載 https://blog.phylum.io/north-korea-still-attacking-developers-via-npm/ 馬來西亞政府及政治人物遭到鎖定，駭客對其散布木馬Babylon RAT https://www.ithome.com.tw/news/164891 惡意PyPI套件使用新的挾持手法，假冒正牌套件引誘受害者上當 https://www.ithome.com.tw/news/164865 美國石油及天然氣業者Halliburton傳出遭到勒索軟體RansomHub攻擊 https://www.bleepingcomputer.com/news/security/halliburton-cyberattack-linked-to-ransomhub-ransomware-gang/ RansomHub Ransomware Group Targets 210 Victims Across Critical Sectors https://thehackernews.com/2024/09/ransomhub-ransomware-group-targets-210.html New Rust-Based Ransomware Cicada3301 Targets Windows and Linux Systems https://thehackernews.com/2024/09/new-rust-based-ransomware-cicada3301.html Cicada3301 ransomware’s Linux encryptor targets VMware ESXi systems https://www.bleepingcomputer.com/news/security/cicada3301-ransomwares-linux-encryptor-targets-vmware-esxi-systems/ 惡意軟體WikiLoader透過SEO中毒散布，駭客聲稱提供特定資安業者VPN軟體作為誘餌 https://www.ithome.com.tw/news/164869 Hackers Use Fake GlobalProtect VPN Software in New WikiLoader Malware Attack https://thehackernews.com/2024/09/hackers-use-fake-globalprotect-vpn.html WikiLoader Malware Evolves with SEO Poisoning, Targets GlobalProtect Users https://securityonline.info/wikiloader-malware-evolves-with-seo-poisoning-targets-globalprotect-users/ 中國駭客Earth Lusca打造跨平臺後門KTLVdoor，攻擊當地貿易公司 https://www.ithome.com.tw/news/164895 Earth Lusca Uses KTLVdoor Backdoor for Multiplatform Intrusion https://www.trendmicro.com/content/dam/trendmicro/global/en/research/24/i/earth-lusca-uses-ktlvdoor-backdoor-for-multiplatform-intrusion--/Indicators%20of%20Compromise%20-%20Earth%20Lusca%20Uses%20KTLVdoor%20Backdoor%20for%20Multiplatform%20Intrusion.txt New Cross-Platform Malware KTLVdoor Discovered in Attack on Chinese Trading Firm https://thehackernews.com/2024/09/new-cross-platform-malware-ktlvdoor.html Cyberattackers Exploit Google Sheets for Malware Control in Likely Espionage Campaign https://thehackernews.com/2024/08/cyberattackers-exploit-google-sheets.html New Malware Masquerades as Palo Alto VPN Targeting Middle East Users https://thehackernews.com/2024/08/new-malware-masquerades-as-palo-alto.html Malicious npm Packages Mimicking 'noblox.js' Compromise Roblox Developers' Systems https://thehackernews.com/2024/09/malicious-npm-packages-mimicking.html 紅隊演練工具MacroPack遭到濫用，駭客藉此散布滲透測試工具Brute Ratel C4 https://www.ithome.com.tw/news/164855 Malware Attackers Using MacroPack to Deliver Havoc, Brute Ratel, and PhantomCore https://thehackernews.com/2024/09/malware-attackers-using-macropack-to.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 New Flaws in Microsoft macOS Apps Could Allow Hackers to Gain Unrestricted Access https://thehackernews.com/2024/09/new-flaws-in-microsoft-macos-apps-could.html Android Users Urged to Install Latest Security Updates to Fix Actively Exploited Flaw https://thehackernews.com/2024/09/google-confirms-cve-2024-32896.html Google發布安卓9月例行更新，修補6月揭露的Pixel權限提升漏洞 https://www.bleepingcomputer.com/news/security/google-backports-fix-for-pixel-eop-flaw-to-other-android-devices/ C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 2024上半年前三大企業資安風險：勒索病毒、APT及AI相關威脅 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11220 第二季網絡安全事件逾3千 AI「武器化」成資安風險之一 https://hk.epochtimes.com/news/2024-09-02/72250525#google_vignette 半導體大型會議SEMICON Taiwan於9月4日舉行，資安趨勢高峰論壇即將於明日登場 https://www.semicontaiwan.org/zh/Cybersecurity_Global_Summit_2024 針對Roblox平臺的NPM供應鏈攻擊已持續超過一年 https://www.ithome.com.tw/news/164824 遭駭的監控公司Verkada被判罰295萬美元 https://www.ithome.com.tw/news/164825 以提供特定資安廠商SSL VPN軟體為誘餌，攻擊者鎖定中東組織散播冒牌程式 https://www.ithome.com.tw/news/164826 英國倫敦交通局證實遭遇網路攻擊 https://www.ithome.com.tw/news/164822 越南人權組織遭駭客OceanLotus鎖定攻擊，入侵超過4年 https://www.ithome.com.tw/news/164829 駭客組織APT-Q-12針對東北亞國家，利用零時差漏洞進行滲透 https://ti.qianxin.com/blog/articles/operation-deviltiger-0day-vulnerability-techniques-and-tactics-used-by-apt-q-12-disclosed-en/ 俄羅斯軍事單位從事全球網路攻擊，對烏克蘭資料破壞軟體WhisperGate https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-249a 「當兵抽籤，網路部隊先挑人」揭以色列怎麼變全球資安強權 https://www.businessweekly.com.tw/Archive/Article?StrId=7010867&rf=google 中國駭客組織Volt Typhoon 疑似利用 Versa 零時差漏洞攻擊美國網路服務供應商 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11213 New Cyberattack Targets Chinese-Speaking Businesses with Cobalt Strike Payloads https://thehackernews.com/2024/08/new-cyberattack-targets-chinese.html Iranian Hackers Set Up New Network to Target U.S. Political Campaigns https://thehackernews.com/2024/08/iranian-hackers-set-up-new-network-to.html North Korean Hackers Target Developers with Malicious npm Packages https://thehackernews.com/2024/08/north-korean-hackers-target-developers.html 北韓駭客利用冒牌視訊會議軟體FreeConference，鎖定求職者下手 https://www.group-ib.com/blog/apt-lazarus-python-scripts/ 北韓駭客Lazarus假借線上徵才名義與冒牌視訊會議軟體，鎖定求職者詐騙 https://www.ithome.com.tw/news/164889 North Korean Hackers Targets Job Seekers with Fake FreeConference App https://thehackernews.com/2024/09/north-korean-hackers-targets-job.html NIST Cybersecurity Framework (CSF) and CTEM – Better Together https://thehackernews.com/2024/09/nist-cybersecurity-framework-csf-and.html METIS_雲端資安工程師(台北或台中) https://www.1111.com.tw/job/130357543/ 資訊安全處-銀行資安專家 https://www.104.com.tw/job/87tuf?jobsource=google B-資訊安全處-銀行資安專家 https://www.1111.com.tw/job/113025126/ 約僱人員(應屆畢業生可) https://job.taiwanjobs.gov.tw/Internet/Index/JobDetail.aspx?EMPLOYER_ID=898506&HIRE_ID=13011967&R2=19 系統/網管/資安主管 https://job.taiwanjobs.gov.tw/internet/index/JobDetail.aspx?EMPLOYER_ID=2546767&HIRE_ID=13004257&R2=5 薪資上看7萬元 高雄銀徵才釋21項搶手職缺 https://ec.ltn.com.tw/amp/article/breakingnews/4788407 D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 半導體業者Microchip證實因攻擊事故導致資料外洩，勒索軟體Play宣稱是他們所為 https://www.bleepingcomputer.com/news/security/microchip-technology-confirms-data-was-stolen-in-cyberattack/ QR Code網釣濫用微軟Sway從事攻擊行動，意圖竊取M365帳號 https://www.ithome.com.tw/news/164820 美國石油公司Halliburton針對網路攻擊事故揭露新發現，證實內部資料遭到外流 https://www.sec.gov/Archives/edgar/data/45012/000004501224000052/hal-20240830.htm 數百臺大型語言模型伺服器恐曝露公司內部、個人健康狀態資料庫 https://www.darkreading.com/application-security/hundreds-of-llm-servers-expose-corporate-health-and-other-online-data 伊朗駭客組織發起GreenCharlie攻擊行動，鎖定美國政治團體進行網路釣魚、散布惡意軟體 https://www.recordedfuture.com/research/greencharlie-infrastructure-linked-us-political-campaign-targeting 不當蒐集人臉資料，Clearview AI被荷蘭判罰3,050萬歐元 https://www.ithome.com.tw/news/164841 Clearview AI Faces €30.5M Fine for Building Illegal Facial Recognition Database https://thehackernews.com/2024/09/clearview-ai-faces-305m-fine-for.html 美國扣押俄羅斯用來干預總統大選的32個網域名稱 https://www.ithome.com.tw/news/164863 U.S. Seizes 32 Pro-Russian Propaganda Domains in Major Disinformation Crackdown https://thehackernews.com/2024/09/us-seizes-32-pro-russian-propaganda.html Gogolook 連三年舉辦金融防詐論壇，聚焦 AI 防詐實務應用 https://www.ithome.com.tw/pr/164784 E.研究報告/工具 內部滲透測試在AI時代下對資安防護的重要性 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11217 研究人員公布Windows Downdate降級漏洞概念性驗證工具 https://www.bleepingcomputer.com/news/microsoft/windows-downdate-tool-lets-you-unpatch-windows-systems/ Prepare Raspberry Pi 3, 4 & 5 configurations using a virtual machine. https://github.com/ptrsr/pi-ci HaxUnit: The Ultimate Tool for Vulnerability Testing and Security Management https://en.hacks.gr/ergaleio-gia-pentest-dokimes/ "WireServing" Up Credentials: Escalating Privileges in Azure Kubernetes Services https://cloud.google.com/blog/topics/threat-intelligence/escalating-privileges-azure-kubernetes-services/ Next-Generation Attacks, Same Targets - How to Protect Your Users' Identities https://thehackernews.com/2024/09/next-generation-attacks-same-targets.html Secrets Exposed: Why Your CISO Should Worry About Slack https://thehackernews.com/2024/09/secrets-exposed-why-your-ciso-should.html F.商業 聚焦 CTEM：Gartner持續威脅曝險管理新分類 助力資安風險管理 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11216 F5發布 2024 年數位企業成熟度指數報告 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11219 智慧資安科技代理Claroty 攜手邁入工控、醫療資安防護新紀元 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11218 SAP企業雲端服務 選擇CyberArk保護全球大型企業 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11215 The New Effective Way to Prevent Account Takeovers https://thehackernews.com/2024/09/the-new-effective-way-to-prevent.html Palo Alto Networks宣布完成買下IBM QRadar SaaS業務 https://www.ithome.com.tw/news/164893 卡巴斯基美國用戶被轉給當地防毒廠商接手 https://www.ithome.com.tw/news/164886 精誠子公司攜日商 建跨國資安協防 https://reurl.cc/bYYWbv 興櫃添新兵 資拓宏宇登錄首日大漲 https://www.sinotrade.com.tw/richclub/news/66d697d332ba0c933190cda6 叡揚首發公文AI助理用對話式問答生成公文 https://www.cna.com.tw/postwrite/chi/380458 生成式 AI 成為 Cloud SOC 未來發展的前沿技術 https://www.netadmin.com.tw/netadmin/zh-tw/snapshot/676812E92B414B29B7F24B767344F327#google_vignette 安碁斥資7億增資子公司 https://www.sinotrade.com.tw/richclub/news/66d8921432ba0c933170bbb9 G.政府 衛福部舉辦年度資安攻防演練，防守方國泰醫院公開參與的過程與心得 https://www.ithome.com.tw/news/164831 衛福部年度資安攻防演練 國泰綜合醫院展現高度安全韌性 https://www.allnews.tw/news/65940 醫療資安實戰演練 國泰醫院獲選示範基地 https://reurl.cc/1bbKaD 數位發展部就行政院公共工程委員會「投標須知範本」第16點無人機條款之「無人機資安檢測需求」附表，訂定排除資安檢測適用之審查原則。 https://www.moi.gov.tw/News_Content.aspx?n=20280&sms=13546&s=319761 國安諮委李育杰出席雪梨對話 澳洲官員讚台灣資安絕佳夥伴 https://today.line.me/tw/v2/article/8nN3WPK 公務員AI研習 寫新聞稿更上手 https://today.line.me/tw/v2/article/7NgMnv8 線上申辦換護照今試辦　每日限額最高500件 https://hakkanews.tw/2024/09/03/online-bid-for-passport-holders-daily-quota-of-up-to-500/ 數發部預算年增2成 詐騙通報查詢網編近6000萬元 https://www.cna.com.tw/news/afe/202409030316.aspx 工研院資安長課程招生 10月8日開課 https://money.udn.com/money/story/5635/8205467 政院推動5大信賴產業 力拚自主研發6G基地台 https://udn.com/news/story/7238/8206889 政院5日核定「五大信賴產業推動方案」 拚總產值達近9兆元 https://reurl.cc/LllaG4 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 SANS Institute Unveils Critical Infrastructure Strategy Guide for 2024: A Call to Action for Securing ICS/OT Environments https://thehackernews.com/2024/08/sans-institute-unveils-critical.html D-Link一款終止支援的無線路由器有重大漏洞，恐被用於RCE攻擊 https://www.ithome.com.tw/news/164840 美國白宮發布強化網路路由安全性的藍圖，解決邊界閘道協定漏洞 https://www.ithome.com.tw/news/164839 兆勤揭露無線路由器重大漏洞，可被用於作業系統層級進行命令注入攻擊 https://www.ithome.com.tw/news/164838 Zyxel Patches Critical OS Command Injection Flaw in Access Points and Routers https://thehackernews.com/2024/09/zyxel-patches-critical-os-command.html TXOne Networks升級Edge系列3大核心 呼籲半導體強化資產生命週期防護 https://www.ctimes.com.tw/DispNews-tw.asp?O=HK892BX9HFKSAA00NO 駭客鎖定半導體鏈 半導體強化資產生命週期防護 OT營運環境更為要 https://reurl.cc/7ddKvN 社團法人台灣資通產業標準協會辦理之「2024物聯網資安標章推廣說明會」 https://reurl.cc/addeY3 I.教育訓練 資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 Rust 1.81 Release Party 2024/9/7 https://www.meetup.com/taipei-rust-users-group/events/302943196/ Flutter Formosa 2024 2024/9/7 https://www.meetup.com/flutter-taipei/events/302644342/ Just a chat - with no Expectations 2024/9/7 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/302900060/ 金融創新與安全的平衡：雲端時代的資安策略 2024/9/10 https://www.accupass.com/event/2408230149491982960319 Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/9/10 https://www.meetup.com/taiwan-code-camp/events/302956346/ Feature Planning @ SaaS workshop (programming, design, product) 2024/9/10 https://www.meetup.com/saas-workshop/events/303091472/ SyntaxError 2024/9/11 https://www.meetup.com/pythonhug/events/302977662/ 【新生茶會】黑客社 2024 新生茶會 2024/9/12 https://hackersir.kktix.cc/events/2024new HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會 淡水 2024/9/12 https://www.meetup.com/hackingthursday/events/302996951/ 從營養師到開發者，用Next.js 扭轉職場命運 2024/9/12 https://www.accupass.com/event/2408190315161445844218 乘著AI贏戰關鍵 資安戰略新趨勢 2024/9/13 https://www.accupass.com/event/2408130410311060558818 神機妙算料事準 洞悉威脅守安全：資安超前部署論壇 2024/9/13 https://www.accupass.com/event/2407220255211891189808 Taipei DevOps User Group 12th Event, supported by Wankuma Alliance 2024/9/13 https://www.meetup.com/taipei-devops-user-group/events/302826974/ Just a chat - with no Expectations 2024/9/14 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/303033211/ Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/9/17 https://www.meetup.com/taiwan-code-camp/events/303093426/ SyntaxError 2024/9/18 https://www.meetup.com/pythonhug/events/303113974/ 資安長零信任的第一堂課（九月場） 2024/9/19 https://jamf.kktix.cc/events/applexjamf-sep HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會 淡水 2024/9/19 https://www.meetup.com/hackingthursday/events/303134460/ 線上職能講座｜安碁學苑「資安專門職能：資訊安全工程師」 2024/9/19 https://acsiacad.kktix.cc/events/webinar919 【2024/09】WordPress 彩虹小聚 @言文字 2024/9/19 https://www.meetup.com/taipei-wordpress/events/303071742/ 法律科技新視野 — 高效營運與資安合規雙贏策略 2024/9/19 https://www.accupass.com/event/2408270143151973484167 【實體活動】結合智能與自動化，創造 IT 維運管理新篇章！Red Hat 與 Atlassian 的強強整合運用 2024/9/20 https://www.meetup.com/taipei-atlassian-community-events/events/302995998/ HITCON 社群活動 - HITCON CTF 揭秘 2024/9/21 https://hitcon.kktix.cc/events/discoverctf240921 Just a chat - with no Expectations 2024/9/21 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/lsmkqsygcmbcc/ Taoyuan WordPress Café 桃園咖啡小聚 #40 2024/9/21 https://www.meetup.com/taoyuan-wordpress-meetup/events/303111843/ Cloud Collaboration Era: Atlassian Cloud Platform Best Practices Sharing Session 2024/9/21 https://www.meetup.com/hang-zhou-atlassian-community-events/events/302573284/ 【安碁學苑】資安技術人才培育計畫｜資安新手實戰培訓第二梯次開跑 2024/9/23 https://acsiacad.kktix.cc/events/a2f3d0ef Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/9/24 https://www.meetup.com/taiwan-code-camp/events/xfxtjtygcmbgc/ IT x CT x OT Cybersecurity全方位資安聯防生態系論壇 2024/9/25 https://www.accupass.com/event/2408120640402164854890 SyntaxError 2024/9/25 https://www.meetup.com/pythonhug/events/pqnsctygcmbhc/ Taiwan Digital Night #202409 2024/9/25 https://www.meetup.com/taiwan-digital-nomads-hub-%E5%8F%B0%E7%81%A3%E6%95%B8%E4%BD%8D%E9%81%8A%E7%89%A7%E8%80%85%E7%A4%BE%E7%BE%A4/events/302696281/ SECURITY SUMMIT 2024 多層次企業資安防護 2024/9/25 ~ 2024/9/26 https://www.digitimes.com.tw/seminar/securitySummit/index.html HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會 淡水 2024/9/26 https://www.meetup.com/hackingthursday/events/psspctygcmbjc/ AI 世代下的雲端資安攻防戰：遷移與防禦新航道 2024/9/26 https://www.accupass.com/event/2408270307021284798836 Just a chat - with no Expectations 2024/9/28 https://www.meetup.com/taipei-%E6%9A%97%E5%8F%B7%E9%80%9A%E8%B2%A8-cryptocurrency-meetup/events/lsmkqsygcmblc/ 資訊安全系列課程 2024/9/30 https://www.accupass.com/event/2407011640161317038989 資訊安全系列課程 2024/10/12 https://www.accupass.com/event/2407011633417884074930 第二屆台南Web3產業國際博覽會 TAINAN WEB3 INTERNATIONAL FAIR 2024/10/18 https://www.accupass.com/event/2406150525111725753130 HITCON Enterprise 2024 台灣駭客年會 2024/10/30 https://hitcon.kktix.cc/events/hitcon-ent-2024 Threat Analyst Summit 2024 威脅分析師高峰會 2024/12/11 ~ 2024/12/12 https://teamt5tw.kktix.cc/events/tas2024