資安事件新聞週報 2025/2/10 ~ 2025/2/14

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2025/2/10 ~ 2025/2/14 1.重大弱點漏洞/後門/Exploit/Zero Day Juniper Networks Junos OS https://nvd.nist.gov/vuln/detail/CVE-2024-39564 Fortinet公布已被用於攻擊防火牆的新漏洞，上網安全閘道也曝險 https://www.ithome.com.tw/news/167334 Palo Alto Networks修補防火牆作業系統身分驗證繞過漏洞 https://www.ithome.com.tw/news/167368 Palo Alto Networks Patches Authentication Bypass Exploit in PAN-OS Software https://thehackernews.com/2025/02/palo-alto-networks-patches.html F5 BIG-IP https://nvd.nist.gov/vuln/detail/CVE-2025-24497 https://nvd.nist.gov/vuln/detail/CVE-2025-24326 https://nvd.nist.gov/vuln/detail/CVE-2025-24312 https://nvd.nist.gov/vuln/detail/CVE-2025-23412 https://nvd.nist.gov/vuln/detail/CVE-2025-22891 https://nvd.nist.gov/vuln/detail/CVE-2025-22846 https://nvd.nist.gov/vuln/detail/CVE-2025-21091 https://nvd.nist.gov/vuln/detail/CVE-2025-21087 https://nvd.nist.gov/vuln/detail/CVE-2025-20058 https://nvd.nist.gov/vuln/detail/CVE-2025-20045 https://nvd.nist.gov/vuln/detail/CVE-2025-24320 https://nvd.nist.gov/vuln/detail/CVE-2025-23239 https://nvd.nist.gov/vuln/detail/CVE-2025-20029 Cisco 修補 Identity Services Engine 重大弱點 https://nvd.nist.gov/vuln/detail/CVE-2025-20124 https://nvd.nist.gov/vuln/detail/CVE-2025-20125 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multivuls-FTW9AOXF#fs https://www.ithome.com.tw/news/167250 Cisco IOS https://nvd.nist.gov/vuln/detail/CVE-2025-20169 https://nvd.nist.gov/vuln/detail/CVE-2025-20170 https://nvd.nist.gov/vuln/detail/CVE-2025-20171 https://nvd.nist.gov/vuln/detail/CVE-2025-20172 https://nvd.nist.gov/vuln/detail/CVE-2025-20173 https://nvd.nist.gov/vuln/detail/CVE-2025-20174 https://nvd.nist.gov/vuln/detail/CVE-2025-20175 https://nvd.nist.gov/vuln/detail/CVE-2025-20176 思科修補Meeting Management重大權限漏洞，可導致遠端提權攻擊 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11588 OpenSSL修補RPK金鑰認證不良漏洞，若不處理恐被用於中間人攻擊 https://www.ithome.com.tw/news/167345 OpenSSL存在高風險漏洞，若不處理恐被用於中間人攻擊 https://www.securityweek.com/high-severity-openssl-vulnerability-found-by-apple-allows-mitm-attacks/ 電子郵件系統Zimbra發布資安更新，修補SQL注入、XSS、SSRF漏洞 https://thehackernews.com/2025/02/zimbra-releases-security-updates-for.html Zimbra Releases Security Updates for SQL Injection, Stored XSS, and SSRF Vulnerabilities https://thehackernews.com/2025/02/zimbra-releases-security-updates-for.html Windows使用者介面爆零時差漏洞，傳出中國駭客組織Mustang Panda將其用於實際攻擊 https://www.ithome.com.tw/news/167379 微軟發布二月例行更新，修補4個零時差漏洞 https://www.ithome.com.tw/news/167325 Microsoft's Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation https://thehackernews.com/2025/02/microsofts-patch-tuesday-fixes-63-flaws.html 資安廠商BeyondTrust產品漏洞事故有新發現！系統搭配的PostgreSQL有零時差漏洞、恐遭串連濫用 https://www.ithome.com.tw/news/167376 PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks https://thehackernews.com/2025/02/postgresql-vulnerability-exploited.html SAP發布2月例行更新，修補19項資安漏洞 https://www.ithome.com.tw/news/167332 IBM QRadar SIEM is vulnerable to cross-site scripting (CVE-2024-56463) https://www.ibm.com/support/pages/node/7183251 IBM QRadar Deployment Intelligence app for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities https://www.ibm.com/support/pages/node/7182930 CISA Warns of Active Exploits Targeting Trimble Cityworks Vulnerability https://thehackernews.com/2025/02/cisa-warns-of-active-exploitation-in.html VeraCore零時差漏洞遭到鎖定，駭客組織XE Hacker Group企圖植入Web Shell https://thehackernews.com/2025/02/xe-hacker-group-exploits-veracore-zero.html XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells https://thehackernews.com/2025/02/xe-hacker-group-exploits-veracore-zero.html Ivanti Patches Critical Flaws in Connect Secure and Policy Secure – Update Now https://thehackernews.com/2025/02/ivanti-patches-critical-flaws-in.html 針對Nvidia去年9月修補的Contain Toolkit重大漏洞，研究人員公布相關細節 https://www.ithome.com.tw/news/167362 Researchers Find New Exploit Bypassing Patched NVIDIA Container Toolkit Vulnerability https://thehackernews.com/2025/02/researchers-find-new-exploit-bypassing.html Intel、AMD發布二月份例行更新 https://www.securityweek.com/chipmaker-patch-tuesday-intel-amd-nvidia-fix-high-severity-vulnerabilities/ WordPress管理流程強化外掛存在高風險漏洞，逾10萬網站恐曝險 https://www.ithome.com.tw/news/167310 遠端管理軟體SimpleHelp漏洞傳出遭積極利用，攻擊者藉此散布滲透測試工具Sliver https://www.bleepingcomputer.com/news/security/hackers-exploit-simplehelp-rmm-flaws-to-deploy-sliver-malware/ Power Platform的SharePoint連接器存在SSRF漏洞，攻擊者有機會冒充使用者的名義發送請求 https://www.ithome.com.tw/news/167294 2.銀行/金融/保險/證券/金融監理新聞及資安第一銀行數據分析雲端平臺正式上線，未來還要建立數據湖平臺 https://www.ithome.com.tw/news/167378 GetSmoked: UAC-0006 Returns With SmokeLoader Targeting Ukraine's Largest State-Owned Bank https://www.cloudsek.com/blog/getsmoked-uac-0006-returns-with-smokeloader-targeting-ukraines-largest-state-owned-bank India's RBI Introduces Exclusive "bank.in" Domain to Combat Digital Banking Fraud https://thehackernews.com/2025/02/indias-rbi-introduces-exclusive-bankin.html 3.信用卡/電子支付/行動支付/pay/支付系統/資安程式碼管理工具Google Tag Manager遭濫用，攻擊者用來對Magento網站側錄信用卡資料 https://www.ithome.com.tw/news/167304 Hackers Exploit Google Tag Manager to Deploy Credit Card Skimmers on Magento Stores https://thehackernews.com/2025/02/hackers-exploit-google-tag-manager-to.html 駭客利用CDN服務Webflow、圖靈驗證機制CAPTCHA，意圖竊取信用卡資料 https://thehackernews.com/2025/02/hackers-use-captcha-trick-on-webflow.html LINE Pay賺63億肥了韓國？網嘆台灣行動支付困境：可惜 https://reurl.cc/1XVLRm 公股銀強化台灣Pay功能推廣乘車碼服務、各類「數位券」 https://www.chinatimes.com/newspapers/20250213000419-260208?chdtv 線上支付盜刷「因這點」銀行難認帳 OTP簡訊綁定驗證機制再升級防詐 https://reurl.cc/46zD9L 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安密西根州提議將州政府資金投資加密貨幣 https://hk.investing.com/news/cryptocurrency-news/article-93CH-802409 Binance與SEC法律戰暫停新加密貨幣工作組成立 https://hk.investing.com/news/cryptocurrency-news/article-93CH-802412 南韓將分三階段開放加密貨幣交易 https://news.cnyes.com/news/id/5861413 台灣加密專法擬重罰：詐欺與操縱最高十年、無照經營最高七年、挪用資產最高五年 https://abmedia.io/taiwan-fsc-crypto-bill-draft-penalty 加密貨幣「Pi幣」2/20上主網！用戶數飆至1900萬人：3大官方資訊一次看 https://www.bnext.com.tw/article/82282/pi-network-february20-open-mainnet 手機免費挖礦！Pi幣暴紅為何被幣圈戲稱「傳銷幣」？真有價值嗎 https://www.ctee.com.tw/news/20250214700084-439901 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 微軟Graph API遭到濫用，駭客鎖定南美外交單位散布惡意軟體FinalDraft https://thehackernews.com/2025/02/finaldraft-malware-exploits-microsoft.html 勒索軟體RA World搭配中國網路間諜工具攻擊亞洲企業 https://www.bleepingcomputer.com/news/security/chinese-espionage-tools-deployed-in-ra-world-ransomware-attack/ 勒索軟體Sarcoma聲稱攻擊PCB大廠欣興電子，竊得337 GB內部資料 https://www.ithome.com.tw/news/167342 勒索軟體Kraken聲稱近期從思科竊得一批資料，該公司表示檔案來自3年前事故 https://www.ithome.com.tw/news/167360 北韓駭客Kimsuky發動ClickFix攻擊，利用PowerShell命令取得管理員權限，企圖植入惡意程式 https://www.bleepingcomputer.com/news/security/dprk-hackers-dupe-targets-into-typing-powershell-commands-as-admin/ 駭客發動ClickFix攻擊，意圖於受害電腦植入惡意程式NetSupport RAT進行遠端控制 http://thehackernews.com/2025/02/threat-actors-exploit-clickfix-to.html 假借提供應用程式散布惡意軟體出現新手法！有人複製大學網站聲稱提供思科VPN應用程式 https://www.malwarebytes.com/blog/news/2025/02/university-site-cloned-to-evade-ad-detection-distributes-fake-cisco-installer 竊資軟體Nova鎖定俄羅斯企業組織而來，假借合約的名義散布 https://bi.zone/eng/expertise/blog/nova-khorosho-zabytoe-staroe/ 2025年2月馬偕醫院遭勒索軟體攻擊事件歷程總整理 https://www.ithome.com.tw/news/167327 馬偕醫院傳出遭CrazyHunter勒索軟體攻擊，衛福部與資安署已成立快速應變小組協助因應 https://www.ithome.com.tw/news/167318 病歷資料打不開！馬偕醫院遭駭客勒索　資安專家進駐搶救 https://www.mirrormedia.mg/story/20250211edi044 美英等12國執法單位聯手，拿下勒索軟體8Base的資料洩露網站、逮捕4名嫌犯 https://thehackernews.com/2025/02/8base-ransomware-data-leak-sites-seized.html RansomHub Becomes 2024's Top Ransomware Group, Hitting 600+ Organizations Globally https://thehackernews.com/2025/02/ransomhub-becomes-2024s-top-ransomware.html The Anatomy of Abyss Locker Ransomware Attack https://www.sygnia.co/blog/abyss-locker-ransomware-attack-analysis/ KIMSUKY-APT43 🇰🇵 at main · TheRavenFile https://otx.alienvault.com/pulse/67aaf4058d376cf610611a49 Threat Actors Exploit ClickFix to Deploy NetSupport RAT in Latest Cyber Attacks https://thehackernews.com/2025/02/threat-actors-exploit-clickfix-to.html FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux https://thehackernews.com/2025/02/finaldraft-malware-exploits-microsoft.html Bitter https://otx.alienvault.com/pulse/67a2d1a8de311c499e498c5f FBI, Europol, and NCA Take Down 8Base Ransomware Data Leak and Negotiation Sites https://thehackernews.com/2025/02/8base-ransomware-data-leak-sites-seized.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 Google 修補已遭駭客利用的 Android 內核零時差漏洞 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11603 蘋果針對iPhone、iPad用戶修補已遭利用的零時差漏洞 https://www.ithome.com.tw/news/167302 DeepSeek App Transmits Sensitive User and Device Data Without Encryption https://thehackernews.com/2025/02/deepseek-app-transmits-sensitive-user.html Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update https://thehackernews.com/2025/02/apple-patches-actively-exploited-ios.html Google Confirms Android SafetyCore Enables AI-Powered On-Device Content Classification https://thehackernews.com/2025/02/google-confirms-android-safetycore.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力五眼聯盟針對網路邊際設備發布資安指引，呼籲製造商提升設備活動的能見度 https://www.bleepingcomputer.com/news/security/cyber-agencies-share-security-guidance-for-network-edge-devices/ 創見、華城發布重大訊息，指出部分資訊系統遭遇網路攻擊 https://mops.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=191659&SPOKE_DATE=20250209&COMPANY_ID=1519 https://mops.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=2&SPOKE_TIME=165059&SPOKE_DATE=20250207&COMPANY_ID=2451 利用ThinkPHP框架及雲端共享系統ownCloud已知漏洞的攻擊行動升溫 https://www.bleepingcomputer.com/news/security/surge-in-attacks-exploiting-old-thinkphp-and-owncloud-flaws/ 遭廢棄的 AWS S3 儲存空間成為駭客攻擊新目標 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11617 大規模暴力破解攻擊專門針對網路邊緣裝置而來，駭客透過280萬個IP位址發動攻勢 https://www.ithome.com.tw/news/167311 全球大規模暴力破解攻擊！280萬個IP鎖定防火牆、VPN等設備 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11619 俄羅斯駭客Sandworm旗下團體發起攻擊行動BadPilot，利用已知漏洞掌握初始入侵管道 https://www.darkreading.com/threat-intelligence/microsoft-russian-sandworm-apt-exploits-edge-bugs-globally 中國駭客DragonRank鎖定IIS伺服器而來，透過搜尋引擎最佳化散布惡意程式BadIIS https://thehackernews.com/2025/02/dragonrank-exploits-iis-servers-with.html DragonRank Exploits IIS Servers with BadIIS Malware for SEO Fraud and Gambling Redirects https://thehackernews.com/2025/02/dragonrank-exploits-iis-servers-with.html AI共享平臺Hugging Face再傳惡意模型，駭客利用損壞的Pickle格式迴避偵測 https://thehackernews.com/2025/02/malicious-ml-models-found-on-hugging.html Malicious ML Models on Hugging Face Leverage Broken Pickle Format to Evade Detection https://thehackernews.com/2025/02/malicious-ml-models-found-on-hugging.html North Korean Hackers Exploit PowerShell Trick to Hijack Devices in New Cyberattack https://thehackernews.com/2025/02/north-korean-hackers-exploit-powershell.html North Korean APT43 Uses PowerShell and Dropbox in Targeted South Korea Cyberattacks https://thehackernews.com/2025/02/north-korean-apt43-uses-powershell-and.html Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ Countries https://thehackernews.com/2025/02/microsoft-uncovers-sandworm-subgroups.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全詐騙集團假冒Google搜尋廣告竊取微軟廣告帳號 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11593 BeyondTrust調查API金鑰盜取事件，17個SaaS用戶受影響 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11590 Cloudflare CDN漏洞恐洩露用戶位置資訊 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11589 新興AI生產力平臺OmniGPT驚傳資料外洩，駭客聲稱握有3萬用戶個資、3,400萬筆聊天記錄 https://www.ithome.com.tw/news/167370 有人聲稱從OpenAI竊得2千萬組帳密資料，該公司表示他們並未遭到入侵 https://www.ithome.com.tw/news/167356 Google修補影音串流平臺YouTube可能曝露使用者電子郵件信箱的弱點 https://www.bleepingcomputer.com/news/security/google-fixes-flaw-that-could-unmask-youtube-users-email-addresses/ 150家企業組織遭到鎖定，駭客藉由AD聯合身分驗證服務繞過多因素驗證，從而挾持帳號 https://www.ithome.com.tw/news/167291 DeepSeek的AI服務隱私防護遭質疑！資安業者指控恐將用戶輸入資料傳至中國國營電信業者 https://www.ithome.com.tw/news/167289 Microsoft Identifies 3,000 Leaked ASP.NET Keys Enabling Code Injection Attacks https://thehackernews.com/2025/02/microsoft-identifies-3000-publicly.html Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts https://thehackernews.com/2025/02/microsoft-russian-linked-hackers-using.html E.研究報告/工具遊戲產業的資安挑戰：開發過程中的威脅與虛擬經濟防護 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11618 下個生成式 AI 浪潮在邊緣端! 專家示警需權衡安全與效能 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11594 針對GitHub上個月修補的SAML身分驗證繞過漏洞，研究人員公布細節及概念驗證程式碼 https://www.ithome.com.tw/news/167374 資安研究人員聲稱突破OpenAI最新防禦機制，成功在新款機器學習模型o3-mini進行越獄 https://www.ithome.com.tw/news/167314 2025年全球風險報告出爐，錯假訊息、網路間諜名列短期10大風險 https://www.ithome.com.tw/news/167153 AI-Powered Social Engineering: Reinvented Threats https://thehackernews.com/2025/02/ai-powered-social-engineering.html Protecting Your Software Supply Chain: Assessing the Risks Before Deployment https://thehackernews.com/2025/02/protecting-your-software-supply-chain.html How to Steer AI Adoption: A CISO Guide https://thehackernews.com/2025/02/how-to-steer-ai-adoption-ciso-guide.html AI and Security - A New Puzzle to Figure Out https://thehackernews.com/2025/02/ai-and-security-new-puzzle-to-figure-out.html 4 Ways to Keep MFA From Becoming too Much of a Good Thing https://thehackernews.com/2025/02/4-ways-to-keep-mfa-from-becoming-too.html Hackers Use CAPTCHA Trick on Webflow CDN PDFs to Bypass Security Scanners https://thehackernews.com/2025/02/hackers-use-captcha-trick-on-webflow.html F.商業 CyberArk 與 SentinelOne 攜手合作推動端點與身分安全的縱深防禦 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11609 Google 發布開源軟體分析檢測工具OSV-SCALIBR https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11586 微軟宣布AI機器人Copilot的漏洞懸賞專案加碼，新增抓漏範圍、鼓勵通報中度風險弱點 https://www.ithome.com.tw/news/167335 G.政府數發部啟動「AI新創100億投資計畫」！射三支箭深化數位產業、從4大領域著手 https://www.bnext.com.tw/article/82243/moda-2025-strategy 持續推動「數發三箭」數發部：打造可信任數位經濟高速路網 https://newtalk.tw/news/view/2025-02-10/956177 數發部持續強化數位韌性與創新發展打造可信任數位經濟高速路網 https://www.ey.gov.tw/Page/88F151FFCE5C741E/5238af97-2421-428b-8ff6-d88d299c1e2b 數發部開放衛星手機通訊頻段最快第2季可申請 https://www.rti.org.tw/news/view/id/2238291 台灣首例醫院大規模遭駭：馬偕醫院遭勒索軟體攻擊，資安署進駐協助 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11629 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安工控資安進化論：SANS五大控制框架下的現況與關鍵啟示 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11602 合勤科技：停產路由器漏洞不予修補，建議用戶汰換設備 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11605 醫療物聯網威脅！美國FDA與CISA示警陸製病患生理監測儀藏後門 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11591 I.教育訓練資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 Advanced Scrum Case Study 2025/2/15 https://www.meetup.com/silicon-valley-professional-scrum-bangkok/events/ghffptyhcdbtb/ Free OPEN Passes to DeveloperWeek 2025 - Live Online 2025/2/19 https://www.meetup.com/r-user-group-philippines/events/305759741/ ManageEngine ADManager Plus product demo 2025/2/19 https://www.meetup.com/manageengine-hong-kong-events/events/305838082/ Taipei dbt Meetup #33 for all folks working with data! (Hybrid 👫 + 🧑‍💻)2025/2/19 https://www.meetup.com/taipei-dbt-meetup/events/305272974/ #133 PUPMCR & other PUPX Packages: Advancing Research in Mycology & Chemistry 2025/2/19 https://www.meetup.com/r-user-group-philippines/events/305760876/ Cybersecurity on a budget:Practical strategies for 2025 Tools,allocation,and ROI 2025/2/20 https://www.meetup.com/manageengine-hong-kong-events/events/305860097/ [Online] Philippine Bitcoin meetup 2025/2/20 https://www.meetup.com/philippine-bitcoiners/events/300961130/ 第八屆《Hit AI & Blockchain》人工智慧暨區塊鏈產業高峰會 2025/2/20 https://www.accupass.com/event/2411261044223773652370 Season of AI: Exploring Current Trends and Advancements 2025/2/22 https://www.meetup.com/cloud-experts-group/events/305847254/ Startup Teaming (Online) 2025/2/22 https://www.meetup.com/startup-agile-group-thanh-pho-ho-chi-minh/events/305527890/ How to Save 10 Hours a Week at Work with AI 2025/2/25 https://www.meetup.com/shanghai-startup-idea-to-ipo/events/305603934/ Advanced Scrum Case Study 2025/3/1 https://www.meetup.com/silicon-valley-professional-scrum-bangkok/events/ghffptyhcfbcb/ DEVCORE CONFERENCE 2025 2025/3/15 https://devcore.kktix.cc/events/devcoreconf2025 [Online] Philippine Bitcoin meetup 2025/3/20 https://www.meetup.com/philippine-bitcoiners/events/304057810/