###### tags: `資安事件新聞週報` # 資安事件新聞週報 2025/2/17 ~ 2025/2/21 1.重大弱點漏洞/後門/Exploit/Zero Day Palo Alto 發布Palo Alto Networks PAN-OS的安全公告 https://security.paloaltonetworks.com/CVE-2025-0108 Palo Alto Networks警告防火牆漏洞遭到串連，攻擊者將其用於對網頁管理介面下手 https://www.ithome.com.tw/news/167473 Fortinet Fortianalyzer https://nvd.nist.gov/vuln/detail/CVE-2024-40584 Fortinet Fortios https://nvd.nist.gov/vuln/detail/CVE-2024-35279 https://nvd.nist.gov/vuln/detail/CVE-2024-40591 https://nvd.nist.gov/vuln/detail/CVE-2024-40591 https://nvd.nist.gov/vuln/detail/CVE-2025-24472 Fortinet Fortiportal https://nvd.nist.gov/vuln/detail/CVE-2025-24470 Fortinet Fortisandbox https://nvd.nist.gov/vuln/detail/CVE-2024-27781 Fortinet Fortiweb https://nvd.nist.gov/vuln/detail/CVE-2024-50567 Citrix Releases Security Fix for NetScaler Console Privilege Escalation Vulnerability https://thehackernews.com/2025/02/citrix-releases-security-fix-for.html Cisco Confirms Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks https://thehackernews.com/2025/02/cisco-confirms-salt-typhoon-exploited.html OpenSSH 已發布安全更新，以解決 OpenSSH 中的弱點 https://nvd.nist.gov/vuln/detail/CVE-2025-26465 https://www.ithome.com.tw/news/167452 OpenSSH修補可被用於中間人攻擊、造成阻斷服務的弱點 https://www.ithome.com.tw/news/167452 New OpenSSH Flaws Enable Man-in-the-Middle and DoS Attacks — Patch Now https://thehackernews.com/2025/02/new-openssh-flaws-enable-man-in-middle.html Apache Atlas https://nvd.nist.gov/vuln/detail/CVE-2024-46910 分散式資料庫系統Apache Ignite存在9.5分重大漏洞，攻擊者可用來任意執行程式碼 https://www.ithome.com.tw/news/167475 Cacti https://nvd.nist.gov/vuln/detail/CVE-2025-26520 New "whoAMI" Attack Exploits AWS AMI Name Confusion for Remote Code Execution https://thehackernews.com/2025/02/new-whoami-attack-exploits-aws-ami-name.html PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks https://thehackernews.com/2025/02/postgresql-vulnerability-exploited.html CISA Adds Palo Alto Networks and SonicWall Flaws to Exploited Vulnerabilities List https://thehackernews.com/2025/02/cisa-adds-palo-alto-networks-and.html Microsoft Patches Actively Exploited Power Pages Privilege Escalation Vulnerability https://thehackernews.com/2025/02/microsoft-patches-actively-exploited.html 微軟修補低程式碼網站建置平臺Power Pages零時差漏洞 https://www.bleepingcomputer.com/news/security/microsoft-fixes-power-pages-zero-day-bug-exploited-in-attacks/ 微軟針對WSUS服務棄用再度警告，並指出2個月後將停止驅動程式同步服務 https://www.bleepingcomputer.com/news/microsoft/microsoft-reminds-admins-to-prepare-for-wsus-driver-sync-deprecation/ 美國 CISA 與 FBI 聚焦緩衝區溢位漏洞，籲開發者採用記憶體安全程式語言 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11638 全錄印表機漏洞恐讓攻擊者能截取AD帳密資料，於受害組織網路環境持續活動 https://www.ithome.com.tw/news/167504 研究人員揭露LibreOffice近期修補的資安漏洞細節，指出攻擊者利用的過程無需使用者互動 https://www.ithome.com.tw/news/167494 MongoDB的程式庫Mongoose存在重大漏洞，攻擊者有機會竊取資料庫內容、執行任意程式碼 https://www.theregister.com/2025/02/20/mongoose_flaws_mongodb/ 登入模組PAM-PKCS#11存在重大漏洞，攻擊者恐繞過Linux主機身分驗證機制、提升權限 https://securityonline.info/cve-2025-24032-cve-2025-24531-and-more-critical-flaws-in-pam-pkcs11-expose-linux-authentication-to-attackers/ Google、Mozilla發布瀏覽器更新，修補記憶體高風險資安漏洞 https://www.ithome.com.tw/news/167479 Nvidia修補圖像處理程式庫漏洞，若不處理攻擊者可藉由特製JPEG2000檔案觸發 https://www.ithome.com.tw/news/167429 3年前列管的PHP重大漏洞突然浮上檯面，若不修補恐讓網站曝露於SQL注入風險 https://www.ithome.com.tw/news/167440 WordPress網頁建置外掛Brizy存在重大漏洞，8萬網站恐曝險 https://securityonline.info/critical-cve-2024-10960-flaw-in-brizy-plugin-puts-80000-wordpress-sites-at-risk/ CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks https://thehackernews.com/2025/02/cisa-flags-craft-cms-vulnerability-cve.html 2.銀行/金融/保險/證券/金融監理 新聞及資安 開源銀行系統Apache Fineract存在重大漏洞，恐被用於SQL注入攻擊 https://securityonline.info/cve-2024-32838-cvss-9-4-critical-sql-injection-flaw-threatens-apache-fineract-users/ 富邦金控連續三次通過台灣智慧財產管理制度 (TIPS) A級驗證 https://www.taiwannews.com.tw/zh/news/6042619 4大金控對手變朋友！「金融科技產業聯盟」用AI管AI、還要成立百億創新基金 https://www.bnext.com.tw/article/82355/fintech-industry-alliance-launch-2025 四大金控「金融科技產業聯盟」成立！彭金隆：打團體戰才是致勝關鍵 https://money.udn.com/money/story/5613/8558725 台新金控與日本山口縣政府簽署MOU 深化經貿交流 https://udn.com/news/story/7239/8563634 亞裔女嫌犯竊銀行信息 盜領婦女近三萬元存款 https://www.epochtimes.com/b5/25/2/21/n14442191.htm 前分行經理及理專勾結詐騙集團判刑確定 聯邦銀行獲緩起訴處分、支付公庫600萬 https://reurl.cc/Nb7D06 千萬存款遭盜領！全家10年血汗餘額剩0元 銀行拒賠嗆：你自己沒檢查 https://reurl.cc/96Ky4O 3.信用卡/電子支付/行動支付/pay/支付系統/資安 台灣Pay跨行轉帳2025全年免手續費！如何省下轉帳手續費一次看懂 https://www.sogi.com.tw/articles/taiwan-pay/6264395 日本旅遊刷卡新規定「4月起要輸密碼」？銀行業提解方 https://udn.com/news/story/7239/8561469 4月起日本刷卡要輸入PIN碼？金管會：我國信用卡不受影響 https://ec.ltn.com.tw/article/breakingnews/4957830 台灣、日本攜手推動無現金支付　甩開密碼煩惱日本「嗶」消費 https://www.knews.com.tw/news/AAE20089F86FC07FCEB6CEA8111FD492 日本信用卡協會訪台 聚焦非現金支付與防詐因應 https://reurl.cc/mRmXoW 台北 沒串接日本Pay Pay 悠遊付：研發中 https://reurl.cc/vpZXWe ANA Pay宣布3月5日起不再接受海外信用卡儲值，日eShop生路再斷一條 https://www.4gamers.com.tw/news/detail/70251/ana-pay-e-service-for-visa-cards-issued-outside-japan 日本PayPay刷一卡通 議員籲悠遊卡著手計畫 https://udn.com/news/story/7325/8553925 中資繞道來台承接信用卡系統？國泰世華︰無中資持股新加坡商 https://ec.ltn.com.tw/article/breakingnews/4951359 Cybercriminals Exploit Onerror Event in Image Tags to Deploy Payment Skimmers https://thehackernews.com/2025/02/cybercriminals-exploit-onerror-event-in.html PCI DSS 4.0 Mandates DMARC By 31st March 2025 https://thehackernews.com/2025/02/pci-dss-40-mandates-dmarc-by-31st-march.html 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 香港將完善虛擬資產監管並推動代幣化技術應用 https://www.binance.com/zh-TC/square/post/02-21-2025-20599408575730 香港續推加密貨幣發展！渣打、Animoca Brands、香港電訊將推港幣支持的穩定幣 https://news.cnyes.com/news/id/5869020 美國 SEC 成立新部門「CETU」，專注打擊加密貨幣、 AI 詐欺 https://blockcast.it/2025/02/21/sec-establishes-cyber-and-emerging-technologies-unit-to-combat-crypto-ai-fraud/ Google出大招：計畫Google登入「整合比特幣錢包」，會如何衝擊加密生態 https://www.blocktempo.com/google-integrates-access-to-bitcoin-wallets/ 「比特幣21條法則」：不尊重比特幣 就等著當小丑 https://ec.ltn.com.tw/article/breakingnews/4954806 美國約 20 州份啟動比特幣戰略儲備立法，推動數位資產融入傳統金融 https://blockcast.it/2025/02/21/bitcoin-strategic-reserve-act-gains-traction-across-20-us-states/ 山寨幣季來了？CryptoQuant 執行長：這次的「選擇性」山寨幣季與過去不同 https://abmedia.io/ki-young-ju-claimed-alt-season-is-coming 研究稱美國比特幣戰略儲備可抵消21萬億美元國債 https://www.binance.com/zh-TC/square/post/02-21-2025-21-20587118667162 投資者流行不再持私鑰　把資金全轉入比特幣ETF及BTC替代幣BTCBULL https://news.cnyes.com/news/id/5860923 渣打銀行、Animoca Brands、香港電訊將推出港元支援的穩定幣 https://hao.cnyes.com/post/136090 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 台灣首例醫院大規模遭駭：馬偕醫院遭勒索軟體攻擊，資安署進駐協助 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11629 美國警告勒索軟體Ghost橫行，駭客攻擊範圍橫跨全球70個國家 https://www.ithome.com.tw/news/167498 勒索軟體NailaoLocker鎖定歐洲地區醫療機構而來，疑為中國駭客用來掩蓋竊取資料的意圖 https://www.ithome.com.tw/news/167502 JAR檔案簽章工具遭到濫用，攻擊者藉此於受害電腦啟動惡意軟體XLoader https://thehackernews.com/2025/02/cybercriminals-use-eclipse-jarsigner-to.html 惡意軟體Snake Keylogger出現變種，透過Telegram機器人傳送竊得資料 https://hackread.com/snake-keylogger-variant-windows-data-telegram-bots/ 竊資軟體FrigidStealer假借瀏覽器更新散布，鎖定macOS用戶而來 https://thehackernews.com/2025/02/new-frigidstealer-malware-targets-macos.html 勒索軟體NailaoLocker鎖定歐洲地區醫療機構而來，疑為中國駭客所為 https://www.bleepingcomputer.com/news/security/new-nailaolocker-ransomware-used-against-eu-healthcare-orgs/ Go語言後門程式利用Telegram機器人的API進行C2通訊，藉此隱匿行蹤 https://thehackernews.com/2025/02/new-golang-based-backdoor-uses-telegram.html 中國駭客Earth Preta鎖定泰國用戶而來，假借打擊犯罪為由散布惡意程式 https://securityonline.info/earth-preta-apt-group-evades-detection-with-legitimate-and-malicious-components/ 駭客組織Earth Kapre利用Adobe元件側載惡意程式，並透過罕見雲端服務外送竊得資料 https://securityonline.info/stealth-attack-earthkapre-leverages-cloud-and-dll-sideloading-for-data-exfiltration/ 駭客組織TripleStrength同時對於本地及雲端發動攻擊，用勒索軟體加密本機電腦檔案，同時利用受害組織的雲端環境進行挖礦 https://securityonline.info/triplestrength-threat-actor-group-ransomware-mining-and-server-hacks/ 針對美國政府解密50年前遭暗殺的政治人物資料，有駭客將其當作散布惡意軟體的誘餌 https://hackread.com/scammers-exploit-jfk-files-release-malware-phishing/ Ivanti旗下SSL VPN系統零時差漏洞再傳遭到利用，駭客去年12月於日本散布惡意軟體SpawnChimera https://www.ithome.com.tw/news/167430 手法更高明，macOS惡意軟體XCSSET變種現身 https://www.ithome.com.tw/news/167434 北韓駭客Lazarus鎖定開發人員而來，企圖散布惡意JavaScript元件Marstech1 https://thehackernews.com/2025/02/lazarus-group-deploys-marstech1.html 北韓駭客Kimsuky對韓國企業及政府機關下手，利用PowerShell命令植入惡意程式 https://www.ithome.com.tw/news/167387 從事網路間諜行動的中國駭客發動勒索軟體RA World攻擊，向受害組織索討百萬美元贖金 https://www.ithome.com.tw/news/167385 微軟Graph API遭到濫用，駭客鎖定南美外交單位散布惡意軟體FinalDraft https://www.ithome.com.tw/news/167382 You've Got Malware: FINALDRAFT Hides in Your Drafts https://www.elastic.co/security-labs/finaldraft RansomHub Becomes 2024's Top Ransomware Group, Hitting 600+ Organizations Globally https://thehackernews.com/2025/02/ransomhub-becomes-2024s-top-ransomware.html New Golang-Based Backdoor Uses Telegram Bot API for Evasive C2 Operations https://thehackernews.com/2025/02/new-golang-based-backdoor-uses-telegram.html Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics https://thehackernews.com/2025/02/microsoft-uncovers-new-xcsset-macos.html Trojanized Game Installers Deploy Cryptocurrency Miner in Large-Scale StaryDobry Attack https://thehackernews.com/2025/02/trojanized-game-installers-deploy.html Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks https://thehackernews.com/2025/02/chinese-hackers-exploit-mavinjectexe-to.html New FrigidStealer Malware Targets macOS Users via Fake Browser Updates https://thehackernews.com/2025/02/new-frigidstealer-malware-targets-macos.html China-Linked Attackers Exploit Check Point Flaw to Deploy ShadowPad and Ransomware https://thehackernews.com/2025/02/chinese-linked-attackers-exploit-check.html Cybercriminals Use Eclipse Jarsigner to Deploy XLoader Malware via ZIP Archives https://thehackernews.com/2025/02/cybercriminals-use-eclipse-jarsigner-to.html North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware https://thehackernews.com/2025/02/north-korean-hackers-target-freelance.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 Android's New Feature Blocks Fraudsters from Sideloading Apps During Calls https://thehackernews.com/2025/02/androids-new-feature-blocks-fraudsters.html Hackers Exploit Signal's Linked Devices Feature to Hijack Accounts via Malicious QR Codes https://thehackernews.com/2025/02/hackers-exploit-signals-linked-devices.html 美三州政府公務手機禁用DeepSeek，南韓封鎖應用程式下載 https://www.ithome.com.tw/news/167451 South Korea Suspends DeepSeek AI Downloads Over Privacy Violations https://thehackernews.com/2025/02/south-korea-suspends-deepseek-ai.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 中國駭客組織「鹽颱風」近期大規模攻擊思科設備，全球電信商成主要目標 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11642 2024年9月中國駭客入侵美國電信業者事故新事證出爐，近兩個月駭客針對思科設備已知漏洞發動大規模攻擊行動 https://www.ithome.com.tw/news/167390 俄羅斯駭客Sandworm旗下團體發起攻擊行動BadPilot，利用已知漏洞掌握初始入侵管道 https://www.ithome.com.tw/news/167386 Lazarus Group Deploys Marstech1 JavaScript Implant in Targeted Developer Attacks https://thehackernews.com/2025/02/lazarus-group-deploys-marstech1.html 日本企業傳出遭中國駭客APT41旗下團體攻擊，駭客利用ERP系統SQL注入漏洞部署Web Shell https://www.ithome.com.tw/news/167454 Winnti APT41 Targets Japanese Firms in RevivalStone Cyber Espionage Campaign https://thehackernews.com/2025/02/winnti-apt41-targets-japanese-firms-in.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 駭客佯稱提供Adobe應用程式從事OAuth同意網釣攻擊，意圖竊取M365帳號 https://cofense.com/blog/oauth-phishing-alert-fake-adobe-drive-x-app-abusing-microsoft-login 俄羅斯駭客鎖定歐洲、北美、非洲、中東而來，以要求裝置綁定為幌子進行網釣攻擊 https://www.ithome.com.tw/news/167448 惡意軟體I2PRAT透過網釣攻擊手法ClickFix散布，藉由多階段手法植入受害電腦 https://securityonline.info/new-i2prat-malware-advanced-undetectable/ 俄羅斯駭客Storm-2372鎖定歐洲、北美、非洲、中東而來，藉由裝置綁定碼進行網釣攻擊 https://securityaffairs.com/174270/apt/storm-2372-used-device-code-phishing-technique.html 網釣工具包Astaroth同時針對Gmail及微軟帳號而來，能繞過多因素驗證並挾持帳號 https://hackread.com/astaroth-phishing-kit-bypasses-2fa-hijack-gmail-microsoft/ 全台詐騙額單週破15億 兆豐比對手機門號防詐 https://reurl.cc/G53Dxv Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts https://thehackernews.com/2025/02/microsoft-russian-linked-hackers-using.html New Xerox Printer Flaws Could Let Attackers Capture Windows Active Directory Credentials https://thehackernews.com/2025/02/new-xerox-printer-flaws-could-let.html E.研究報告/工具 資安驗證革新：從被動到主動防禦的典範轉移 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11630 新型態名稱混淆攻擊手法染指AWS的映像檔！已有數千個AWS帳號淪陷 https://www.ithome.com.tw/news/167436 研究人員揭露新型態名稱混淆攻擊手法whoAMI，攻擊者可發布AMI映像檔得到以任意AWS帳號執行程式碼的能力 https://thehackernews.com/2025/02/new-whoami-attack-exploits-aws-ami-name.html AI-Powered Social Engineering: Ancillary Tools and Techniques https://thehackernews.com/2025/02/ai-powered-social-engineering-ancillary.html AI-Powered Deception is a Menace to Our Societies https://thehackernews.com/2025/02/ai-powered-deception-is-menace-to-our.html Debunking the AI Hype: Inside Real Hacker Tactics https://thehackernews.com/2025/02/debunking-ai-hype-inside-real-hacker.html F.商業 Google、Discord、OpenAI攜手「ROOST計畫」免費開源工具建構AI安全網路 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11624 NVIDIA推網路安全 AI，攜手資安品牌護航關鍵基礎設施安全 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11634 Check Point 以 AI 創新升級 Infinity 平台，強化統一安全管理 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11632 Microsoft's End of Support for Exchange 2016 and 2019: What IT Teams Must Do Now https://thehackernews.com/2025/02/microsoft-end-of-support-for-exchange-2016-and-exchange-2019.html 資安業者CyberArk以1.65億美元買下身分治理與管理業者Zilla https://www.darkreading.com/identity-access-management-security/cyberark-makes-identity-security-play-zilla-acquisition Google透過AI提升瀏覽器安全防護機制 https://www.bleepingcomputer.com/news/google/google-chromes-ai-powered-security-feature-rolls-out-to-everyone/ G.政府 臺灣年底將以醫療領域舉行跨國網路攻防演練 https://www.ithome.com.tw/news/167485 新任資安署長蔡福隆：4策略打造可信賴的資安環境 https://reurl.cc/V0de3N 大型企業、醫院頻遭駭客入侵！ 新任資安署長蔡福隆：將建立資安驗證制度 https://www.taisounds.com/news/content/76/174264 新資安署長蔡福隆上任！提4大策略、研發本土資安產品 https://news.pchome.com.tw/science/technice/20250219/index-73993062545354338005.html 數發部持續強化數位韌性與創新發展 打造可信任數位經濟高速路網 https://www.ey.gov.tw/Page/88F151FFCE5C741E/5238af97-2421-428b-8ff6-d88d299c1e2b 數發部證實DeepSeek有嚴重資安漏洞 https://ec.ltn.com.tw/article/paper/1692765 數發部調查：企業對數位工具掌握度提高並往中高階移動 AI應用尚在萌芽使用率僅1成 https://news.cnyes.com/news/id/5864325 專訪數發部長黃彥男　淺談新興數位技術的政策支持 https://news.owlting.com/articles/943194 韓國下架DeepSeek台灣未跟進 數發部：要看是否違反個資法 https://reurl.cc/ZZ6MGg H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 醫療物聯網威脅！美國FDA與CISA示警陸製病患生理監測儀藏後門 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11591 報告：第三方風險與醫療物聯網防禦成2025醫療資安焦點 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11562 Mirai 殭屍網路利用 1.3 萬台 IoT 裝置創下 5.6Tbps DDoS 攻擊 https://netmag.tw/2025/01/30/mirai-botnet-hits-5-6tbps-ddos 中共「殭屍」群起網攻 國安局示警物聯網設備密碼漏洞成風險 https://def.ltn.com.tw/article/breakingnews/4913750 2025年物聯網迎來「2大趨勢」 結合3大技術重新定義IoT https://www.technice.com.tw/techmanage/iot/157827/ 工控資安進化論：SANS五大控制框架下的現況與關鍵啟示 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11602 I.教育訓練 資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 Season of AI: Exploring Current Trends and Advancements 2025/2/22 https://www.meetup.com/cloud-experts-group/events/305847254/ Startup Teaming (Online) 2025/2/22 https://www.meetup.com/startup-agile-group-thanh-pho-ho-chi-minh/events/305527890/ How to Save 10 Hours a Week at Work with AI 2025/2/25 https://www.meetup.com/shanghai-startup-idea-to-ipo/events/305603934/ Advanced Scrum Case Study 2025/3/1 https://www.meetup.com/silicon-valley-professional-scrum-bangkok/events/ghffptyhcfbcb/ DEVCORE CONFERENCE 2025 2025/3/15 https://devcore.kktix.cc/events/devcoreconf2025 [Online] Philippine Bitcoin meetup 2025/3/20 https://www.meetup.com/philippine-bitcoiners/events/304057810/