資安事件新聞週報 2025/8/18 ~ 2025/8/22

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2025/8/18 ~ 2025/8/22 1.重大弱點漏洞/後門/Exploit/Zero Day 荷蘭國家資安中心警告：Citrix Netscaler漏洞CVE-2025-6543遭利用，多個重要機構遭入侵 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12131 荷蘭警告Citrix NetScaler出現重大漏洞攻擊行動，當地企業組織已傳出受害 https://www.ithome.com.tw/news/170651 思科修補防火牆管理平臺RCE滿分漏洞 https://www.ithome.com.tw/news/170663 Cisco Warns of CVSS 10.0 FMC RADIUS Flaw Allowing Remote Code Execution https://thehackernews.com/2025/08/cisco-warns-of-cvss-100-fmc-radius-flaw.html FBI示警，俄羅斯駭客鎖定思科路由器7年前的老舊已知漏洞下手 https://www.ithome.com.tw/news/170760 企業密碼儲存庫HashiCorp Vaults存在一系列資安漏洞 https://www.darkreading.com/cybersecurity-operations/critical-zero-day-bugs-cyberark-hashicorp-password-vaultshttps://www.darkreading.com/cybersecurity-operations/critical-zero-day-bugs-cyberark-hashicorp-password-vaults Windows的RPC通訊協定存在漏洞，攻擊者可用於欺騙及冒充伺服器 https://thehackernews.com/2025/08/researchers-detail-windows-epm.html Elastic旗下EDR系統存在零時差漏洞，攻擊者可用來迴避偵測、執行惡意程式，觸發BSOD畫面 https://gbhackers.com/elastic-edr-0-day-flaw/ Microsoft 推出 2025年8月 Patch Tuesday 每月例行更新修補包 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12127 HTTP/2新漏洞MadeYouReset可引發大規模DoS攻擊 https://www.ithome.com.tw/news/170632 New HTTP/2 'MadeYouReset' Vulnerability Enables Large-Scale DoS Attacks https://thehackernews.com/2025/08/new-http2-madeyoureset-vulnerability.html Pre-Auth Exploit Chains Found in Commvault Could Enable Remote Code Execution Attacks https://thehackernews.com/2025/08/pre-auth-exploit-chains-found-in.html WinRAR零時差漏洞遭RomCom駭客組織利用 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12122 Mozilla發布Firefox大改版142，修補5項高風險資安漏洞 https://www.ithome.com.tw/news/170767 Big Sleep再次立功，Google修補AI找到的Chrome資安漏洞 https://www.ithome.com.tw/news/170748 6款密碼管理器存在點擊挾持弱點，恐洩露機密資訊 https://www.bleepingcomputer.com/news/security/major-password-managers-can-leak-logins-in-clickjacking-attacks/ 微軟打算限縮部分中國MAPP成員存取內容，原因是中國政府傳出參與SharePoint零時差漏洞攻擊 https://www.ithome.com.tw/news/170747 SAP NetWeaver今年兩大漏洞已被串連，駭客以此打造反序列化工具，用於繞過身分驗證並執行RCE攻擊 https://www.ithome.com.tw/news/170728 Apache ActiveMQ滿分漏洞遭到利用，駭客在雲端環境部署惡意軟體DripDropper https://thehackernews.com/2025/08/apache-activemq-flaw-exploited-to.html N-able伺服器重大漏洞已遭利用，逾800臺主機仍尚未修補 https://www.ithome.com.tw/news/170706 雲端人資管理平臺Workday傳出CRM系統遭駭 https://www.ithome.com.tw/news/170701 Zoom修補Windows用戶端應用程式重大漏洞，攻擊者可用於提升權限 https://securityaffairs.com/181140/security/zoom-patches-critical-windows-flaw-allowing-privilege-escalation.html Commvault揭露備份軟體遠端執行程式碼重大漏洞，須盡速修補 https://www.ithome.com.tw/news/170772 2.銀行/金融/保險/證券/金融監理新聞及資安永豐金併京城銀啟動專案小組並處理IT系統整併規劃 https://money.udn.com/money/story/5613/8956773 轉帳備註「2字」銀行急打來關切！過來人曝嚴重下場：兩邊被鎖帳 https://news.tvbs.com.tw/life/2967249 1銀行新制今天上路了！忘記2規定「直接關帳戶、結清歸零」， ATM提款上限也有大改變 https://www.storm.mg/lifestyle/11061513 ERMAC V3.0 Banking Trojan Source Code Leak Exposes Full Malware Infrastructure https://thehackernews.com/2025/08/ermac-v30-banking-trojan-source-code.html 3.信用卡/電子支付/行動支付/pay/支付系統/資安非法行動支付刷走2千萬 https://news.ltn.com.tw/news/society/paper/1720302 行動支付「亂得要命」？全網狂推LINE Pay：90%商家都可用 https://reurl.cc/7VV7W5 硬推電子支付傷感情？統一羅智先︰icash pay先做好生態再跨出去 https://ec.ltn.com.tw/article/breakingnews/5151645 證券交易結合電子支付　口袋證券攜手全盈+PAY開創金融新局 https://leho.com.tw/archives/180117 泰國允許外國遊客將加密貨幣兌換爲泰銖進行電子支付 https://www.mitrade.com/zh/insights/news/live-news/article-3-1045792-20250817 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安路透：中國最快 8 月底審議推動人民幣穩定幣 https://finance.technews.tw/2025/08/22/china-to-review-and-promote-rmb-stablecoin-as-early-as-the-end-of-august/ 歐盟傳正加速推進數位歐元計畫，考慮運行於以太坊等公有鏈 https://zombit.info/report-eu-speeds-digital-euro-plans/ 中國考慮推出「人民幣穩定幣」！最快月底審議、港滬率先落地 https://blockcast.it/2025/08/21/china-considering-yuan-backed-stablecoins/ 美國銀行報告：金融機構已不可迴避穩定幣，年增市值上看750億美元 https://www.blocktempo.com/bofa-stablecoin-report-from-genius-act/ JPYC 搶頭香！日本將首迎「日圓穩定幣」、最快今秋獲放行 https://blockcast.it/2025/08/18/japan-to-approve-yen-denominated-stablecoins-this-fall/ 穩定幣打開潘朵拉魔盒，銀行押寶能穩賺不賠 https://techorange.com/2025/08/22/crypto-stablecoin-bank-genius-act/ 從比特幣的誕生到現今web3發展歷程 https://hao.cnyes.com/post/188597 韓國總統召集四大銀行，與Circle研議韓元穩定幣，拼十月法案通過 https://www.cryptocity.tw/news/south-korea-banks-circle-won-stablecoin 泰國新招救觀光，推TouristDigiPay系統，讓旅客用加密貨幣換泰銖 https://www.cryptocity.tw/news/tourism-crypto-pay-thailand 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 惡意軟體Noodlophile Stealer透過版權爭議為誘餌散布 https://www.ithome.com.tw/news/170763 惡意軟體Noodlophile透過版權爭議為誘餌散布 https://thehackernews.com/2025/08/noodlophile-malware-campaign-expands.html 北韓駭客Kimsuky濫用GitHub散布XenoRAT木馬，攻擊駐韓歐洲大使館 https://www.ithome.com.tw/news/170742 勒索軟體RansomExx以ChatGPT應用程式為誘餌，搭配PipeMagic後門及CLFS零時差漏洞發動攻擊 https://www.ithome.com.tw/news/170734 惡意軟體XenoRAT鎖定駐韓大使館而來 https://www.bleepingcomputer.com/news/security/xenorat-malware-campaign-hits-multiple-embassies-in-south-korea/ 木馬程式GodRAT鎖定貿易公司下手 https://thehackernews.com/2025/08/new-godrat-trojan-targets-trading-firms.html 勒索軟體Blue Locker鎖定巴基斯坦石油、天然氣產業而來 https://securityaffairs.com/181173/malware/blue-locker-ransomware-targeting-oil-gas-sector-in-pakistan.html 勒索軟體Crypto24鎖定大型企業組織而來，透過迴避偵測工具、EDR廠商的公用程式犯案 https://www.ithome.com.tw/news/170717 俄羅斯駭客EncryptHub濫用MSC EvilTwin漏洞，意圖散布竊資軟體Fickle Stealer https://www.ithome.com.tw/news/170709 英國電信業者傳出遭勒索軟體WarLock攻擊，部分服務仍尚未恢復 https://www.ithome.com.tw/news/170692 8組勒索軟體駭客透過新的迴避偵測工具繞過EDR防護 https://www.bleepingcomputer.com/news/security/new-edr-killer-tool-used-by-eight-different-ransomware-groups/ 今年4月修補的CLFS零時差漏洞已遭利用，勒索軟體駭客RansomExx聲稱提供ChatGPT應用程式為誘餌，散布惡意程式PipeMagic https://thehackernews.com/2025/08/microsoft-windows-vulnerability.html New GodRAT Trojan Targets Trading Firms Using Steganography and Gh0st RAT Code https://thehackernews.com/2025/08/new-godrat-trojan-targets-trading-firms.html U.K. Government Drops Apple Encryption Backdoor Order After U.S. Civil Liberties Pushback https://thehackernews.com/2025/08/uk-government-drops-apple-encryption.html Noodlophile Malware Campaign Expands Global Reach with Copyright Phishing Lures https://thehackernews.com/2025/08/noodlophile-malware-campaign-expands.html Microsoft Windows Vulnerability Exploited to Deploy PipeMagic RansomExx Malware https://thehackernews.com/2025/08/microsoft-windows-vulnerability.html DOJ Charges 22-Year-Old for Running RapperBot Botnet Behind 370,000 DDoS Attacks https://thehackernews.com/2025/08/doj-charges-22-year-old-for-running.html Apache ActiveMQ Flaw Exploited to Deploy DripDropper Malware on Cloud Linux Systems https://thehackernews.com/2025/08/apache-activemq-flaw-exploited-to.html Hackers Using New QuirkyLoader Malware to Spread Agent Tesla, AsyncRAT and Snake Keylogger https://thehackernews.com/2025/08/hackers-using-new-quirkyloader-malware.html Russian Group EncryptHub Exploits MSC EvilTwin Vulnerability to Deploy Fickle Stealer Malware https://thehackernews.com/2025/08/russian-group-encrypthub-exploits-msc.html U.S. Sanctions Garantex and Grinex Over $100M in Ransomware-Linked Illicit Crypto Transactions https://thehackernews.com/2025/08/us-sanctions-garantex-and-grinex-over.html Ex-Developer Jailed Four Years for Sabotaging Ohio Employer with Kill-Switch Malware https://thehackernews.com/2025/08/ex-developer-jailed-four-years-for.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊安卓虛擬機管理程式pKVM通過SESIP第5級最高安全認證 https://www.ithome.com.tw/news/170700 Sni5Gect攻擊手法鎖定5G網路而來，可竊取訊息並注入有效酬載 https://gbhackers.com/new-sni5gect-attack-targets-5g/ 俄羅斯要求所有手機與平板都必須預裝MAX傳訊程式，惹爭議 https://www.ithome.com.tw/news/170769 蘋果緊急修補ImageIO元件的零時差漏洞 https://www.ithome.com.tw/news/170738 Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks https://thehackernews.com/2025/08/apple-patches-cve-2025-43300-zero-day.html Scattered Spider Hacker Gets 10 Years, $13M Restitution for SIM Swapping Crypto Theft https://thehackernews.com/2025/08/scattered-spider-hacker-gets-10-years.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 Win-DDoS弱點恐被殭屍網路濫用，將網域控制器用於DDoS攻擊 https://thehackernews.com/2025/08/new-win-ddos-flaws-let-attackers-turn.html HTTP 請求走私攻擊新變種威脅數百萬網站 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12124 針對4月水壩閘門控制系統遭到入侵，挪威指控是俄羅斯駭客所為 https://www.ithome.com.tw/news/170657 加拿大眾議院遭網路攻擊，疑為微軟漏洞濫用事故 https://www.ithome.com.tw/news/170637 駭客組織Scattered Spider成員被捕，恐面臨10年徒刑 https://www.bleepingcomputer.com/news/security/scattered-spider-hacker-gets-sentenced-to-10-years-in-prison/ 美國逮捕、起訴22歲的殭屍網路Rapper Bot經營者 https://www.bleepingcomputer.com/news/legal/rapper-bot-malware-seized-alleged-developer-identified-and-charged/ 臺灣網站主機代管業者傳出遭攻擊，UAT-7237使用開源工具Mimikatz犯案 https://www.ithome.com.tw/news/170681 INTERPOL Arrests 1,209 Cybercriminals Across 18 African Nations in Global Crackdown https://thehackernews.com/2025/08/interpol-arrests-1209-cybercriminals.html Chinese Hackers Murky, Genesis, and Glacial Panda Escalate Cloud and Telecom Espionage https://thehackernews.com/2025/08/chinese-hackers-murky-genesis-and.html Taiwan Web Servers Breached by UAT-7237 Using Customized Open-Source Hacking Tools https://thehackernews.com/2025/08/taiwan-web-servers-breached-by-uat-7237.html 為防堵帳號接管及供應鏈攻擊，PyPI宣布將封鎖無效網域名稱有關帳號 https://www.ithome.com.tw/news/170732 Malicious PyPI and npm Packages Discovered Exploiting Dependencies in Supply Chain Attacks https://thehackernews.com/2025/08/malicious-pypi-and-npm-packages.html PyPI Blocks 1,800 Expired-Domain Emails to Prevent Account Takeovers and Supply Chain Attacks https://thehackernews.com/2025/08/pypi-blocks-1800-expired-domain-emails.html North Korea Uses GitHub in Diplomat Cyber Attacks as IT Worker Scheme Hits 320+ Firms https://thehackernews.com/2025/08/north-korea-uses-github-in-diplomat.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全針對勒索軟體Warlock兜售的資料，英國電信業者Colt坦承含有用戶個資 https://www.bleepingcomputer.com/news/security/colt-confirms-customer-data-stolen-as-warlock-ransomware-auctions-files/ 法國電信業者Orange上個月資料外洩調查出爐，85萬客戶受影響 https://www.bleepingcomputer.com/news/security/orange-belgium-discloses-data-breach-impacting-850-000-customers/ 英特爾內部網站存在一系列漏洞，恐導致27萬員工資料曝光，該公司表示已修復 https://www.ithome.com.tw/news/170765 Perplexity推出的AI瀏覽器Comet可被誘騙，研究人員引導至冒牌電商網站自動下單 https://www.ithome.com.tw/news/170746 遊戲代理商樂意傳播合作廠商疑似遭遇資料外洩事故 https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=180405&SPOKE_DATE=20250815&COMPANY_ID=7584 AI網站生成工具Lovable遭濫用，駭客以此打造釣魚網頁、詐欺網站 https://www.bleepingcomputer.com/news/security/ai-website-builder-lovable-increasingly-abused-for-malicious-activity/ 藉由ADFS重新導向，駭客企圖竊取微軟服務的登入帳密 https://www.bleepingcomputer.com/news/security/hackers-steal-microsoft-logins-using-legitimate-adfs-redirects/ 安聯人壽美國分公司資料外洩事故出現新的調查結果，110萬人個資曝險 https://www.bleepingcomputer.com/news/security/massive-allianz-life-data-breach-impacts-11-million-people/ 澳洲ISP業者iiNet資料外洩，28萬個電子郵件帳號遭竊 https://hackread.com/australia-isp-iinet-data-breach-customer-accounts-stolen/ Orange Belgium通報資料外洩，85萬客戶資料遭未授權存取 https://www.ithome.com.tw/news/170773 Weak Passwords and Compromised Accounts: Key Findings from the Blue Report 2025 https://thehackernews.com/2025/08/weak-passwords-and-compromised-accounts.html Cybercriminals Deploy CORNFLAKE.V3 Backdoor via ClickFix Tactic and Fake CAPTCHA Pages https://thehackernews.com/2025/08/cybercriminals-deploy-cornflakev3.html Weak Passwords and Compromised Accounts: Key Findings from the Blue Report 2025 https://thehackernews.com/2025/08/weak-passwords-and-compromised-accounts.html E.研究報告/工具趨勢科技示警基礎架構層的風險正因各種不同的元件而持續攀升 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12125 研究人員揭露資安弱點BitUnlocker，攻擊者有機會透過WinRE繞過磁碟防護機制 https://www.ithome.com.tw/news/170576 Why Your Security Culture is Critical to Mitigating Cyber Risk https://thehackernews.com/2025/08/why-your-security-culture-is-critical.html Defending Against Adversarial AI and Deepfake Attacks https://thehackernews.com/expert-insights/2025/08/defending-against-adversarial-ai-and.html From Impact to Action: Turning BIA Insights Into Resilient Recovery https://thehackernews.com/2025/08/turning-bia-insights-into-resilient-recovery.html How to Defend Against Root-of-Trust Attacks: Lessons from Secret Blizzard https://thehackernews.com/expert-insights/2025/08/how-to-defend-against-root-of-trust.html DOM-Based Extension Clickjacking Exposes Popular Password Managers to Credential and Data Theft https://thehackernews.com/2025/08/dom-based-extension-clickjacking.html When Theft Replaces Encryption: Blue Report 2025 on Ransomware & Infostealers https://www.bleepingcomputer.com/news/security/when-theft-replaces-encryption-blue-report-2025-on-ransomware-and-infostealers/ Automation Is Redefining Pentest Delivery https://thehackernews.com/2025/08/automation-is-redefining-pentest.html F.商業網頁伺服器NGINX原生支援ACME，現可自動申請與更新TLS憑證 https://www.ithome.com.tw/news/170625 微軟釋出Wassette，讓AI代理可從雲端安全載入Wasm工具 https://www.ithome.com.tw/news/170617 Why Traditional Approaches to Patch Management Fail in the Era of SaaS Sprawl and BYOD https://thehackernews.com/expert-insights/2025/08/why-traditional-approaches-to-patch.html Zero Trust + AI: Privacy in the Age of Agentic AI https://thehackernews.com/2025/08/zero-trust-ai-privacy-in-age-of-agentic.html G.政府 TWNIC揭未來營運3核心策略，將透過加強域名安全、網路識別建構以數位信任為基礎的網路世界 https://www.ithome.com.tw/news/170719 防詐更進一步，數發部與Line聯手推出政府機關官方Line帳號認證計畫 https://www.ithome.com.tw/news/170716 數發部將強化醫療領域關鍵基礎設施資安，衛福部擬為中小型醫療機構建立區域聯防機制 https://www.ithome.com.tw/news/170650 數發部長黃彥男8月底借調期滿，已向院長請辭回歸中研院 https://www.ithome.com.tw/news/170778 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安聯想USB網路攝影機存在漏洞，可被用於發動BadUSB攻擊 https://www.ithome.com.tw/news/170581 Erlang/OTP SSH 遠端程式碼執行漏洞攻擊激增，70% 攻擊目標為工控防火牆 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12130 從Iot到AIot，Moxa 認為AI進入工業領域有三大關鍵 https://www.techbang.com/posts/125043-iot-to-aiot-moxa-3-keys-for-ai-in-industry I.教育訓練資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g EC Council CASE.NET 認證準備 https://coolmandiary.blogspot.com/2025/04/ec-council-casenet.html EC Council CASE.NET(312-95)_筆記_Module1專有名詞及定義 https://coolmandiary.blogspot.com/2021/10/ec-council-casenet312-95module1.html GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 Saturday AI Hangout with Zack Lim 2025/8/23 https://www.meetup.com/internet-entrepreneurs-network-thailand/events/310143607/ NISRA Enlightened 2025 2025/8/25 ~ 2025/8/28 https://nisra.kktix.cc/events/2025enlightened 資安事件比你想像更靠近！ |《主動式防禦，從 Google SecOps 開始！》 2025/ 8/27 https://www.accupass.com/event/2507250822501753616659 MaiCoin 反詐騙講座 2025/ 8/27 https://www.accupass.com/event/2506290707563443008580 Taipei dbt Meetup #39 GenBI 2025/8/28 https://www.meetup.com/taipei-dbt-meetup/events/310250569/ API 安全開發指南：漏洞修復與授權管理實務 2025/9/11-2025/9/12 https://www.accupass.com/event/2501021422337978365160 2025年9月-iPAS 資訊安全工程師(初級)能力培訓班 2025/9/20 https://www.accupass.com/event/2505080338266282560860 ISO 27001:2022 資訊安全管理系統主導稽核員訓練課程 2025/9/22 https://www.accupass.com/event/2505190352351691427965