###### tags: `資安事件新聞週報` # 資安事件新聞週報 2025/6/30 ~ 2025/7/4 1.重大弱點漏洞/後門/Exploit/Zero Day Citrix緊急修補NetScaler重大漏洞 CVE-2025-6543遭攻擊者大規模利用 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11981 CISA將Citrix NetScaler重大漏洞CVE-2025-6543列入KEV https://www.ithome.com.tw/news/169851 逾1,200臺Citrix NetScaler設備尚未修補CitrixBleed 2漏洞而曝險 https://www.ithome.com.tw/news/169825 Citrix NetScaler重大漏洞CitrixBleed 2疑似已出現攻擊行動 https://www.ithome.com.tw/news/169799 Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials https://thehackernews.com/2025/07/critical-cisco-vulnerability-in-unified.html 思科整合通訊管理平臺CUCM存在危險程度達到滿分的漏洞，竟允許以預設root帳號登入 https://www.ithome.com.tw/news/169862 Tenable修補漏洞管理平臺代理程式Nessus資安漏洞，若不處理可對Windows電腦覆寫系統檔案 https://gbhackers.com/nessus-vulnerabilities-on-windows/ 鎖定MFT檔案傳輸系統MOVEit已知漏洞的攻擊行動升溫 https://www.ithome.com.tw/news/169789 Apache Tomcat、Camel遭到鎖定，駭客利用已知漏洞從事攻擊 https://gbhackers.com/apache-tomcat-and-camel-vulnerabilities/ Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major Distros https://thehackernews.com/2025/07/critical-sudo-vulnerabilities-let-local.html 多款IDE延伸套件檢驗機制存在瑕疵，攻擊者可讓惡意套件顯示「已通過驗證」徽章欺騙開發人員 https://www.ithome.com.tw/news/169892 多款IDE存在資安弱點，恐讓惡意延伸套件繞過檢驗機制 https://thehackernews.com/2025/07/new-flaw-in-ides-like-visual-studio.html New Flaw in IDEs Like Visual Studio Code Lets Malicious Extensions Bypass Verified Status https://thehackernews.com/2025/07/new-flaw-in-ides-like-visual-studio.html Google修補允許駭客執行惡意程式碼的Chrome零時差漏洞 https://www.ithome.com.tw/news/169848 Google發布Chrome 138更新，修補允許駭客執行惡意程式碼的零時差漏洞 https://www.ithome.com.tw/news/169848 Chrome Zero-Day CVE-2025-6554 Under Active Attack — Google Issues Security Update https://thehackernews.com/2025/07/google-patches-critical-zero-day-flaw.html Critical Vulnerability in Anthropic's MCP Exposes Developer Machines to Remote Exploits https://thehackernews.com/2025/07/critical-vulnerability-in-anthropics.html 圖形化資料分析平臺Grafana發布更新，修補圖像渲染外掛弱點 https://www.bleepingcomputer.com/news/security/grafana-releases-critical-security-update-for-image-renderer-plugin/ Azure API存在曝露VPN金鑰的弱點，恐授予特殊層級的存取權限 https://gbhackers.com/azure-api-vulnerabilities-expose-vpn-keys/ Linux命令列工具Sudo存在權限提升漏洞，近12年的版本都曝險 https://gbhackers.com/12-year-old-sudo-vulnerability/ WinRAR修補目錄穿越漏洞，防止攻擊者濫用解壓縮植入惡意程式 https://www.ithome.com.tw/news/169822 MongoDB存在預先身分驗證漏洞，恐導致阻斷服務 https://gbhackers.com/pre-auth-flaw-in-mongodb-server/ 2.銀行/金融/保險/證券/金融監理 新聞及資安 複雜雲端的智慧安全：OPSWAT 賦予價值 310 億美元的銀行資安防禦力 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11983 臺灣金融資安新里程碑：台新銀行成臺灣首家以銀行名義加入FIRST的業者 https://www.ithome.com.tw/news/169614 跨界合作攜手阻詐 富邦人壽結合科技打造金融安全防護網 https://ubrand.udn.com/ubrand/story/123652/8835952 駭客組織Blind Eagle利用防彈主機代管服務Proton66從事網釣，意圖攻擊哥倫比亞銀行 https://thehackernews.com/2025/06/blind-eagle-uses-proton66-hosting-for.html 3.信用卡/電子支付/行動支付/pay/支付系統/資安 全支付獨家回應測試環境帳密外洩疑雲：證實禍源在「商戶個人電腦遭駭」，金流安全未受影響 https://www.ithome.com.tw/news/169880 資安專家爆料，駭客深網兜售全支付Pxpay Plus測試環境帳密 https://www.ithome.com.tw/news/169877 全支付與foodpanda聯手，電支進入美食外送場域 https://www.ithome.com.tw/news/169835 數發部警告詐騙新手法! 小心假買家、假冒第三方支付網站及客服向真賣家詐騙 https://www.ithome.com.tw/news/169893 Line Pay錢包停止iPASS MONEY倒數計時! 一卡通：明年起近700萬電支用戶全面移轉專用電支App https://www.ithome.com.tw/news/169846 iPASS MONEY與LINE Pay分手　700萬用戶2026起全面移轉App https://lifenews.com.tw/363978/ LINE Pay錢包用戶注意了！「1重大改變」2025年底上路，沒注意就無法轉帳付款 https://www.storm.mg/article/11049721 【OTP盜刷網釣現況大公開1】即時網釣手法已經氾濫，AiTM中間人攻擊技術助長此類威脅 https://www.ithome.com.tw/news/169487 【OTP盜刷網釣現況大公開2】2025中國信用卡盜刷網釣即服務百家爭鳴，甚至公然在即時通訊軟體頻道打廣告與教人盜刷 https://www.ithome.com.tw/news/169488 第三方支付業者拚打詐 藍新集團宣布啟動三大防護機制 https://udn.com/news/story/7239/8851297 中國駭客冒充知名品牌，企圖竊取消費者付款資訊 https://www.ithome.com.tw/news/169896 聯款通（AsiaPay）攜手泰和管理 推出「JOIE樂行」電子支付方案 提升香港計程車出行體驗 https://money.udn.com/money/story/123828/8848545 安省女子通過電子支付租金被盜 損失3,500元 https://www.epochtimes.com/b5/25/7/3/n14544375.htm 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 Europol Dismantles $540 Million Cryptocurrency Fraud Network, Arrests Five Suspects https://thehackernews.com/2025/06/europol-dismantles-540-million.html BitoPro疑遭北韓駭客攻擊 損失約3.2億台幣加密貨幣 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11994 濫用組態不當的Docker API挖礦再度出現，這次駭客搭配洋蔥網路藏匿攻擊來源 https://www.ithome.com.tw/news/169786 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 超過 200 個針對遊戲玩家和開發者的惡意 GitHub 程式庫攻擊活動曝光 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11991 65臺Exchange Server遭鎖定，駭客埋入鍵盤側錄工具，企圖挖掘用戶帳密資料 https://www.ithome.com.tw/news/169772 去年勒索軟體Qilin攻擊英國Synnovis的事故，導致當地醫院病人死亡 https://hackread.com/qilin-ransomware-attack-nhs-causes-patient-death-uk/ 殭屍網路Hpingbot濫用文字共享服務Pastebin散布有效酬載 https://gbhackers.com/new-hpingbot-exploits-pastebin-for-payload-delivery/ 駭客盯上Linux伺服器，惡意植入TinyProxy、Sing-Box工具作代理伺服器 https://www.ithome.com.tw/news/169865 北韓駭客鎖定macOS用戶散布惡意軟體NimDoor，意圖竊取各式帳密 https://gbhackers.com/new-macos-malware-uses-process-injection/ 韓國網頁伺服器遭鎖定，駭客散布惡意軟體MeshAgent、SuperShell https://gbhackers.com/threat-actors-exploit-windows-and-linux-server-vulnerabilities/ 中國駭客Silver Fox散布冒牌DeepSeek安裝檔，意圖散布惡意程式Sainbox RAT https://www.ithome.com.tw/news/169801 Windows內建的工作排程元件被濫用，駭客嵌入惡意軟體以便持續活動 https://gbhackers.com/threat-actors-leverage-windows-task-scheduler/ WordPress惡意軟體透過PHP後門散布木馬程式 https://blog.sucuri.net/2025/06/stealthy-wordpress-malware-drops-windows-trojan-via-php-backdoor.html North Korean Hackers Target Web3 with Nim Malware and Use ClickFix in BabyShark Campaign https://thehackernews.com/2025/07/north-korean-hackers-target-web3-with.html 逾40款Firefox冒牌外掛上架市集，意圖榨乾用戶加密貨幣錢包 https://www.bleepingcomputer.com/news/security/dozens-of-fake-wallet-add-ons-flood-firefox-store-to-drain-crypto/ Over 40 Malicious Firefox Extensions Target Cryptocurrency Wallets, Stealing User Assets https://thehackernews.com/2025/07/over-40-malicious-firefox-extensions.html TA829 and UNK_GreenSec Share Tactics and Infrastructure in Ongoing Malware Campaigns https://thehackernews.com/2025/07/ta829-and-unkgreensec-share-tactics-and.html GIFTEDCROOK Malware Evolves: From Browser Stealer to Intelligence-Gathering Tool https://thehackernews.com/2025/06/giftedcrook-malware-evolves-from.html PUBLOAD and Pubshell Malware Used in Mustang Panda's Tibet-Specific Attack https://thehackernews.com/2025/06/pubload-and-pubshell-malware-used-in.html Chinese Group Silver Fox Uses Fake Websites to Deliver Sainbox RAT and Hidden Rootkit https://thehackernews.com/2025/06/chinese-group-silver-fox-uses-fake.html U.S. Sanctions Russian Bulletproof Hosting Provider for Supporting Cybercriminals Behind Ransomware https://thehackernews.com/2025/07/us-sanctions-russian-bulletproof.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 國安局認證5款熱門中國App存在嚴重資安風險，原因是過度蒐集個資與權限濫用 https://www.ithome.com.tw/news/169871 Android惡意軟體攻擊金融行動APP，虛擬化技術成新威脅 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11972 防堵SIM卡置換攻擊，美國電信業者AT&T祭出新措施Wireless Account Lock https://www.ithome.com.tw/news/169845 Google Ordered to Pay $314M for Misusing Android Users' Cellular Data Without Permission https://thehackernews.com/2025/07/google-ordered-to-pay-314m-for-misusing.html Massive Android Fraud Operations Uncovered: IconAds, Kaleidoscope, SMS Malware, NFC Scams https://thehackernews.com/2025/07/mobile-security-alert-352-iconads-fraud.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 IMA發起Taiwan Tongues推動台灣語料庫，要讓台灣在地語言在AI世界發聲 https://www.ithome.com.tw/news/169900 逾60家企業要求歐盟延後實施AI Act https://www.ithome.com.tw/news/169895 臺灣第一個以企業科技品牌名稱加入FIRST，華碩電腦ASUS打造資安新里程碑，一趟務實的資安國際之旅 https://www.ithome.com.tw/news/169767 國際刑事法院透露遭遇手法複雜的目標式網路攻擊 https://www.bleepingcomputer.com/news/security/international-criminal-court-hit-by-new-sophisticated-cyberattack/ 今年4月挪威水壩閘門遭到網路攻擊，被迫連續開啟數小時 https://hackread.com/norwegian-dam-valve-forced-open-hours-in-cyberattack/ 殯葬業者搶生意不擇手段！竟找駭客監聽消防救護系統，目的是能更早到事故現場攬客 https://www.ithome.com.tw/news/169876 駭客聲稱入侵俄羅斯國防外包商，竊得海軍作戰系統等機密文件 https://www.ithome.com.tw/news/169887 曾攻擊欣興電子的Sarcoma也攻擊非營利組織　取得瑞士政府資料 https://www.ithome.com.tw/news/169850 法國企業組織遭中國駭客UNC5174鎖定，透過Ivanti CSA設備零時差漏洞入侵 https://www.ithome.com.tw/news/169870 微軟揭露北韓遠端IT工作者滲透全球企業的手法 https://www.ithome.com.tw/news/169826 北韓駭客Kimsuky從事ClickFix攻擊，於受害電腦執行惡意指令碼 https://gbhackers.com/kimusky-hackers-employ-clickfix-technique/ Scattered Spider鎖定北美航太、交通產業而來 https://www.ithome.com.tw/news/169804 Scattered Spider發動Scorched Earth攻擊活動，鎖定財務長而來 https://www.darkreading.com/cloud-security/scattered-spider-cfo-scorched-earth-attack 德國指控DeepSeek非法將個資傳送至中國，要求蘋果與Google將其下架 https://www.ithome.com.tw/news/169798 Chinese Hackers Exploit Ivanti CSA Zero-Days in Attacks on French Government, Telecoms https://thehackernews.com/2025/07/chinese-hackers-exploit-ivanti-csa-zero.html U.S. Agencies Warn of Rising Iranian Cyber Attacks on Defense, OT Networks, and Critical Infrastructure https://thehackernews.com/2025/06/us-agencies-warn-of-rising-iranian.html Over 1,000 SOHO Devices Hacked in China-linked LapDogs Cyber Espionage Campaign https://thehackernews.com/2025/06/over-1000-soho-devices-hacked-in-china.html U.S. Arrests Facilitator in North Korean IT Worker Scheme; Seizes 29 Domains and Raids 21 Laptop Farms https://thehackernews.com/2025/07/us-arrests-key-facilitator-in-north.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 研究人員揭露新的FileFix網釣手法，攻擊者可繞過MoTW執行惡意指令碼 https://www.bleepingcomputer.com/news/security/new-filefix-attack-runs-jscript-while-bypassing-windows-motw-alerts/ 竊資軟體Odyssey Stealer鎖定macOS使用者而來，透過ClickFix網釣散布 https://www.ithome.com.tw/news/169828 臺灣、日本遭遇APT攻擊活動Swan Vector鎖定，意圖透過履歷表與財務文件從事網釣 https://www.ithome.com.tw/news/169788 竊資軟體GiftedCrook威脅加劇，從瀏覽器竊密成為情資收集工具 https://thehackernews.com/2025/06/giftedcrook-malware-evolves-from.html 勒索軟體攻擊手法升級：Python腳本結合Microsoft Teams釣魚成新威脅 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11978 Verizon、T-Mobile上億筆美國用戶資料遭兜售，兩大電信業者否認發生資料外洩事故 https://www.ithome.com.tw/news/169883 澳洲航空Qantas被駭，危及600萬客戶資料 https://www.ithome.com.tw/news/169869 瑞士政府傳出資料外洩，起因是非營利組織Radix遭勒索軟體攻擊 https://www.ithome.com.tw/news/169850 Hackers Using PDFs to Impersonate Microsoft, DocuSign, and More in Callback Phishing Campaigns https://thehackernews.com/2025/07/hackers-using-pdfs-to-impersonate.html FBI Warns of Scattered Spider's Expanding Attacks on Airlines Using Social Engineering https://thehackernews.com/2025/06/fbi-warns-of-scattered-spiders.html Facebook's New AI Tool Asks to Upload Your Photos for Story Ideas, Sparking Privacy Concerns https://thehackernews.com/2025/06/facebooks-new-ai-tool-requests-photo.html 微軟Authenticator自7月終止支援密碼管理服務 https://www.ithome.com.tw/news/169819 Microsoft Removes Password Management from Authenticator App Starting August 2025 https://thehackernews.com/2025/07/microsoft-removes-password-management.html Vercel's v0 AI Tool Weaponized by Cybercriminals to Rapidly Create Fake Login Pages at Scale https://thehackernews.com/2025/07/vercels-v0-ai-tool-weaponized-by.html Zscaler ThreatLabz 2025 Phishing Report: Phishing Evolves With GenAI https://thehackernews.com/expert-insights/2025/05/zscaler-threatlabz-2025-phishing-report.html E.研究報告/工具 Leveraging Credentials As Unique Identifiers: A Pragmatic Approach To NHI Inventories https://thehackernews.com/2025/06/leveraging-credentials-as-unique.html A New Maturity Model for Browser Security: Closing the Last-Mile Risk https://thehackernews.com/2025/07/a-new-maturity-model-for-browser.html That Network Traffic Looks Legit, But it Could be Hiding a Serious Threat https://thehackernews.com/2025/07/that-network-traffic-looks-legit-but-it.html F.商業 Google強化AI安全防護 對抗間接提示詞注入攻擊 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11992 微軟Windows 11 25H2釋出預覽版 強調升級快速 https://www.ithome.com.tw/news/169827 防止CrowdStrike事件重演　微軟可能不再讓第三方防毒軟體存取Windows核心 https://www.ithome.com.tw/news/169866 微軟調漲Exchange、SharePoint伺服器產品本地部署授權費10% https://www.ithome.com.tw/news/169882 Cloudflare開放容器服務，預設全球部署並與Workers深度整合 https://www.ithome.com.tw/news/169875 三大關鍵步驟建構具備韌性的雲端資安態勢 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11976 如何從0到1實作MCP？奧丁丁揭4大步驟 https://www.ithome.com.tw/news/169898 奧義智慧攜手臺灣AI業者APMIC，打造新世代AI防火牆安全模組 https://www.ithome.com.tw/news/169867 Business Case for Agentic AI SOC Analysts https://thehackernews.com/2025/06/business-case-for-agentic-ai-soc.html The Hidden Weaknesses in AI SOC Tools that No One Talks About https://thehackernews.com/2025/07/the-hidden-weaknesses-in-ai-soc-tools.html Your AI Agents Might Be Leaking Data — Watch this Webinar to Learn How to Stop It https://thehackernews.com/2025/07/your-ai-agents-might-be-leaking-data.html G.政府 政府簡訊發送平臺升級，新增用戶手機末三碼、機關名稱提升辨識度 https://www.ithome.com.tw/news/169805 臉書廣告服務管理系統出包，又有23件廣告未即時揭露託播者訊息，遭數發部開罰1,500萬元 https://www.ithome.com.tw/news/169820 因廣告服務存在系統缺失，數發部對Meta二度開罰1,500萬元 https://www.cna.com.tw/news/afe/202506300205.aspx H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 藍牙晶片存在資安漏洞，近30款音訊設備恐遭監聽 https://www.bleepingcomputer.com/news/security/bluetooth-flaws-could-let-hackers-spy-through-your-microphone/ 生命週期已結束的D-Link路由器存在重大漏洞，攻擊者恐用於遠端執行任意程式碼 https://gbhackers.com/critical-d-link-router-flaws/ 加拿大以國家安全為由，終止海康威視當地業務，政府機關與國有企業停用該廠牌設備 https://www.ithome.com.tw/news/169823 三菱電機HVAC大樓空調系統存在重大漏洞，攻擊者可用來繞過身分驗證 https://gbhackers.com/mitsubishi-electric-ac-flaw/ I.教育訓練 資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g EC Council CASE.NET 認證準備 https://coolmandiary.blogspot.com/2025/04/ec-council-casenet.html EC Council CASE.NET(312-95)_筆記_Module1專有名詞及定義 https://coolmandiary.blogspot.com/2021/10/ec-council-casenet312-95module1.html GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 Startup Teaming (Online) 2025/7/5 https://www.meetup.com/startup-agile-bangkok/events/307437160/ Mastering on WordPress Design: Elementor & WordPress Site Editor 2025/7/6 https://www.meetup.com/guwahati-wordpress-meetup/events/308546243/ 2025 鋼索上管理課：國際資安/工安職人達人交流會 2025/7/6 https://www.accupass.com/event/2505010751034173651060 國際證照：AI人工智慧核心能力 2025/7/6 https://www.accupass.com/event/2503161022177054945860 Outstanding Protocol and Ash 2025/7/8 https://www.meetup.com/erlang-elixir-asia/events/308607721/ InfoSec Taiwan 2025 國際資安組織大會 2025/7/9 https://csa.kktix.cc/events/infosectaiwan2025 【臺灣鏈接世界：掌握Web3革命浪潮】國際產業峰會 2025/7/9 https://www.accupass.com/event/2505270709321899171265 Taiwan Multimedia Tech #10: Beyond Playback 2025/7/9 https://www.meetup.com/taiwan-multimedia-technology/events/308536102/ 运用 Atlassian System of Work 实现企业从目标到成果的无缝连接 2025/7/10 https://www.meetup.com/hang-zhou-atlassian-community-events/events/308662041/ Web3 Development @ MRT Gongguan 2025/7/13 https://www.meetup.com/electronics-workshop/events/308538317/ Digital Rogue Meetup #10 2025/7/14 https://www.meetup.com/taiwan-digital-rogue/events/308584095/ Hong Kong ICT Awards (HKICTA) opens for enrolment! 2025/7/14 https://www.meetup.com/meetups-hk-science-park/events/308155266/ UX Researcher vs. Designer: Choosing Your Path 2025/7/15 https://www.meetup.com/galary-ux-ui-design-community/events/308579344/ ONLINE 🌟 Build your first game with JavaScript 2025/7/16 https://www.meetup.com/le-wagon-tokyo-coding-station/events/308534190/ 什麼都不懂，也可以一起來玩WordCamp！現場志工經驗分享 + 一點小「腸」識 2025/7/17 https://www.meetup.com/taipei-wordpress/events/308648589/ HITCON Cyber Range 2025 企業藍隊競賽 2025/7/18 https://hitcon.kktix.cc/events/hitcon-cyberrange-2025 物聯網資訊安全實務 2025/7/19 https://www.accupass.com/event/2506270910121558046175 Season of AI Agents: Build the Future with AI 2025/7/19 https://www.meetup.com/cloud-experts-group/events/307650330/ 台灣駭客年會 HITCON Training 2025 2025/7/23 https://hitcon.kktix.cc/events/hitcon-training-2025 T-box工作坊:「信用風險管理及國際貿易欺詐的應對」 2025/7/23 https://www.meetup.com/meetups-hk-science-park/events/308683985/ 司法警政AI智慧防詐高峰論壇 – 加密貨幣暨鏈結安全智慧共同聯防新未來 2025/7/24 https://www.accupass.com/event/2506060428065681753110 [On-Line] AWS Global Community Gatherings #9 2025/7/25 https://www.meetup.com/awsglobalcommunitygatherings/events/307473302/ 2025年8月-iPAS 資訊安全工程師(初級)能力培訓班-高雄場 2025/8/21 https://www.accupass.com/event/2504240921341381390216 API 安全開發指南：漏洞修復與授權管理實務 2025/9/11-2025/9/12 https://www.accupass.com/event/2501021422337978365160 2025年9月-iPAS 資訊安全工程師(初級)能力培訓班 2025/9/20 https://www.accupass.com/event/2505080338266282560860 ISO 27001:2022 資訊安全管理系統主導稽核員訓練課程 2025/9/22 https://www.accupass.com/event/2505190352351691427965