資安事件新聞週報 2024/2/19 ~ 2024/2/23

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2024/2/19 ~ 2024/2/23 1.重大弱點漏洞/後門/Exploit/Zero Day ESET修補高風險權限提升漏洞，影響Windows端點、Exchange Server、SharePoint Server、Azure等多項防護產品線 https://www.securityweek.com/eset-patches-high-severity-privilege-escalation-vulnerability/ 趨勢科技發現影響數百萬用戶的活躍中漏洞可讓駭客繞過Windows Defender防護，以便竊取資料和感染勒索病毒 https://www.ithome.com.tw/pr/161302 Microsoft Windows Defender - VBScript Detection Bypass https://www.exploit-db.com/exploits/51802 https://www.exploit-db.com/exploits/51801 ConnectWise針對遠端桌面連線軟體ScreenConnect身分驗證繞過漏洞提出警告 https://www.bleepingcomputer.com/news/security/connectwise-urges-screenconnect-admins-to-patch-critical-rce-flaw/ Microsoft 推出 2024 年 2 月 Patch Tuesday 每月例行更新修補包 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10943 微軟收信軟體Outlook存在重大漏洞Moniker Link，有可能被用於發動RCE攻擊 https://research.checkpoint.com/2024/the-risks-of-the-monikerlink-bug-in-microsoft-outlook-and-the-big-picture/ 近10萬臺Exchange Server恐曝露權限提升漏洞 https://www.bleepingcomputer.com/news/security/over-28-500-exchange-servers-vulnerable-to-actively-exploited-bug/ https://twitter.com/Shadowserver/status/1759555706166902819 https://dashboard.shadowserver.org/statistics/combined/visualisation/?date_range=1&source=exchange&source=exchange6&tag=cve-2024-21410%2B&tag=possible-cve-2024-21410%2B&dataset=unique_ips&limit=20&group_by=geo&count_as=avg&scale=lin&style=table VMware Alert: Uninstall EAP Now - Critical Flaw Puts Active Directory at Risk https://thehackernews.com/2024/02/vmware-alert-uninstall-eap-now-critical.html Elasticsearch - StackOverflow DoS https://www.exploit-db.com/exploits/51787 MISP 2.4.171 - Stored XSS https://www.exploit-db.com/exploits/51780 Splunk 9.0.4 - Information Disclosure https://www.exploit-db.com/exploits/51792 PCMan FTP Server 2.0 - 'pwd' Remote Buffer Overflow https://www.exploit-db.com/exploits/51767 俄羅斯駭客組織Winter Vivern利用郵件伺服器Roundcube漏洞，攻擊歐洲關鍵基礎設施 https://www.recordedfuture.com/russia-aligned-tag-70-targets-european-government-and-military-mail Critical Flaws Found in ConnectWise ScreenConnect Software - Patch Now https://thehackernews.com/2024/02/critical-flaws-found-in-connectwise.html WordPress Bricks Theme Under Active Attack: Critical Flaw Impacts 25,000+ Sites https://thehackernews.com/2024/02/wordpress-bricks-theme-under-active.html 內容管理系統Joomla存在XSS漏洞，恐被攻擊者用於遠端執行任意程式碼 https://www.darkreading.com/application-security/joomla-xss-bugs-open-millions-websites-rce Juniper-SRX-Firewalls&EX-switches - (PreAuth-RCE) (PoC) https://www.exploit-db.com/exploits/51776 2.銀行/金融/保險/證券/金融監理新聞及資安安卓金融木馬Anatsa再度現身Google Play市集，鎖定歐洲國家而來 https://www.threatfabric.com/blogs/anatsa-trojan-returns-targeting-europe-and-expanding-its-reach 勒索軟體駭客組織BlackCat聲稱對LoanDepot、保德信發動攻擊 https://www.bleepingcomputer.com/news/security/alphv-ransomware-claims-loandepot-prudential-financial-breaches/ 供信用合作社使用的CUSG內容管理系統存在漏洞，攻擊者有機會取得超級管理員權限 https://www.lmgsecurity.com/news/critical-software-vulnerabilities-impacting-credit-unions-discovered-by-lmg-security-researcher-immediate-action-recommended/ 富邦金控：年檢舉近3百件詐騙偽冒案建議民眾「3不策略」守護財產 https://www.rmim.com.tw/news-detail-40562 券商資料保護先行指標富邦證獲BSI個資保護認證 https://reurl.cc/RWQnVn iPhone用戶注意！新木馬病毒「竊取臉部資訊」銀行帳戶被偷光 https://reurl.cc/D48nRe 3.信用卡/電子支付/行動支付/pay/支付系統/資安買東西常看到「先買後付 BNPL」？分析師揭 2 大原因 2024 年它會更流行 https://buzzorange.com/techorange/2024/02/16/buy-now-pay-later-trend-is-likely-to-continue-in-2024/ 線上到線下，第三方支付延伸商機更大 https://technews.tw/2024/02/20/third-party-payment-extension-business-opportunities-are-greater/ 新台幣發行數據顯示行動支付尚未普及化 https://www.ksnews.com.tw/w2024021627/ 一筆電費故意繳30次賺回饋台電怒關APP預繳電費服務 https://reurl.cc/M4G7bk 萬事達卡與Swoo Pay合作在非洲和東南亞等新興地區推出加密貨幣忠誠度計劃 https://www.panewslab.com/zh_hk/sqarticledetails/u619tbo4Ft.html 拜託回來結帳！電子支付沒完成　店家嘸確認 https://news.tvbs.com.tw/life/2396889 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安政府機關對加密貨幣服務鬆綁，北韓駭客改以比特幣混合器Yomix洗錢 http://www.chainalysis.com/blog/2024-crypto-money-laundering/ 以太坊年內上漲28%跑贏比特幣ETF炒作轉向第二大代幣提供者智通財經 https://hk.investing.com/news/stock-market-news/article-462731 英國加速加密貨幣監管！穩定幣和質押新法規，預計於6個月內完成立法 https://www.blocktempo.com/the-uk-is-expected-to-complete-new-legislation-on-stablecoins-and-staking-services-within-6-months/ 日本擬允許投資基金持有加密貨幣，進一步開放數位資產 https://reurl.cc/M4G7N3 吹哨人斯諾登談比特幣：人類貨幣制度以來最重要一次革新 https://www.chinatimes.com/realtimenews/20240220005078-260408?chdtv 昔虛擬貨幣金童悲慘現況　FTX創辦人瘦到像牙籤首張監獄照曝光 https://news.tvbs.com.tw/world/2401864 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC Akira勒索軟體正積極尋找尚未修補的Cisco ASA/FTD安全漏洞 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10942 CISA Warning: Akira Ransomware Exploiting Cisco ASA/FTD Vulnerability https://thehackernews.com/2024/02/cisa-warning-akira-ransomware.html 駭客偏好利用PDF惡意程式，藉此散布WikiLoader、Ursnif、DarkGate https://threatresearch.ext.hp.com/hp-wolf-security-threat-insights-report-q4-2023/ 非政府組織遭俄羅斯駭客組織Turla鎖定，植入後門程式TinyTurla-NG https://blog.talosintelligence.com/tinyturla-next-generation/ 美國破壞俄羅斯駭客APT28經營的殭屍網路Moobot https://www.justice.gov/opa/pr/justice-department-conducts-court-authorized-disruption-botnet-controlled-russian 研究人員揭露勒索軟體Alpha，疑為NetWalker東山再起 https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/alpha-netwalker-ransomware 惡意軟體HeadCrab 2.0行蹤更加隱密，以無檔案型態入侵Redis伺服器進行挖礦 https://blog.aquasec.com/headcrab-2.0-evolving-threat-in-redis-malware-landscape 惡意軟體Migo停用Redis伺服器的安全機制，將其用於挖礦 https://www.cadosecurity.com/migo-a-redis-miner-with-novel-system-weakening-techniques/ New Migo Malware Targeting Redis Servers for Cryptocurrency Mining https://thehackernews.com/2024/02/new-migo-malware-targeting-redis.html 加密貨幣挾持攻擊Commando Cat鎖定曝露的Docker API下手 https://www.cadosecurity.com/the-nine-lives-of-commando-cat-analysing-a-novel-malware-campaign-targeting-docker/ 11個國家執法單位切斷勒索軟體駭客組織LockBit的運作 https://www.bleepingcomputer.com/news/security/lockbit-ransomware-disrupted-by-global-police-operation/ https://twitter.com/vxunderground/status/1759693943942287543 https://twitter.com/vxunderground/status/1759708760929390879 https://twitter.com/vxunderground/status/1759732862335504773 https://twitter.com/azalsecurity/status/1759740340209172548 https://twitter.com/vxunderground/status/1759795956218778068 國際執法機構關閉34臺LockBit伺服器，凍結逾200個加密貨幣帳號，逮捕2名嫌犯 https://www.ithome.com.tw/news/161379 https://www.europol.europa.eu/media-press/newsroom/news/law-enforcement-disrupt-worlds-biggest-ransomware-operation https://www.nationalcrimeagency.gov.uk/news/nca-leads-international-investigation-targeting-worlds-most-harmful-ransomware-group https://www.nomoreransom.org/zht_Hant/decryption-tools.html#Lockbit30 LockBit Ransomware's Darknet Domains Seized in Global Law Enforcement Raid https://thehackernews.com/2024/02/lockbit-ransomwares-darknet-domains.html RansomHouse am See https://www.trellix.com/blogs/research/ransomhouse-am-see/ RustDoor macOS Backdoor Targets Cryptocurrency Firms with Fake Job Offers https://thehackernews.com/2024/02/rustdoor-macos-backdoor-targets.html RustDoor and GateDoor: A New Pair of Weapons Disguised as Legitimate Software by Suspected Cybercriminal https://medium.com/s2wblog/rustdoor-and-gatedoor-a-new-pair-of-weapons-disguised-as-legitimate-software-by-suspected-34c94e558b40 Anatsa Android Trojan Bypasses Google Play Security, Expands Reach to New Countries https://thehackernews.com/2024/02/anatsa-android-trojan-bypasses-google.html FBI's Most-Wanted Zeus and IcedID Malware Mastermind Pleads Guilty https://thehackernews.com/2024/02/fbis-most-wanted-zeus-and-icedid.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 Signal Introduces Usernames, Allowing Users to Keep Their Phone Numbers Private https://thehackernews.com/2024/02/signal-introduces-usernames-allowing.html 以色列商業間諜公司NSO Group利用WhatsApp漏洞，利用MMS指紋追蹤用戶 https://www.hackread.com/israeli-nso-group-mms-fingerprint-attack-whatsapp/ 安卓間諜軟體SpyNote冒充加密貨幣錢包，意圖洗劫受害者存款 https://www.fortinet.com/blog/threat-research/android-spynote-moves-to-crypto-currencies Google Maps突添「導航神功能」網友大讚！仍藏1遺憾「Apple Maps早就有了」 https://tech.udn.com/tech/story/123154/7774508 C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力培訓與肯定降低資安人員的壓力與倦怠 https://news.owlting.com/articles/611186 任天堂Switch家長監控被兒子攻破　媽媽：我沒臉自稱系統工程師了 https://tw.nextapple.com/life/20240217/0D517AABB3D11FE147B098B81597832D 為降低軟體供應鏈資安風險，日本IT業者成立安全透明聯盟，迄今有10家公司參與 https://group.ntt/jp/newsrelease/2024/02/16/240216b.html 俄羅斯駭客組織APT28發動NTLM中繼攻擊 https://www.trendmicro.com/en_us/research/24/a/pawn-storm-uses-brute-force-and-stealth.html 散熱風扇製造商建準遭遇加密攻擊，強調資料未外流、未遭到勒索 https://mops.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=2&SPOKE_TIME=155714&SPOKE_DATE=20240219&COMPANY_ID=2421 中國資安業者安洵信息內部資料在GitHub公開，曝露中國政府對西方國家的網路間諜攻擊手段 https://twitter.com/AzakaSekai_/status/1759326049262019025 https://twitter.com/AzakaSekai_/status/1759326049262019025 https://reurl.cc/37ZrRl https://www.coinlive.com/zh/news/inside-story-of-an-xun-self-built-pornographic-websites-phishing-and 中國駭客Volt Typhoon鎖定美國、非洲電力設施的工業控制系統發動攻擊 https://hub.dragos.com/report/voltzite-espionage-operations-targeting-u.s.-critical-systems 中國Volt Typhoon涉嫌滲透美、非國家電力設施! 台灣電力相關單位應立即採取網路防禦 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10939 微軟：中俄伊與北韓駭客使用OpenAI工具加強間諜能力 https://reurl.cc/OGe7xv Earth Preta Campaign Uses DOPLUGS to Target Asia https://www.trendmicro.com/en_us/research/24/b/earth-preta-campaign-targets-asia-doplugs.html Russian Hackers Target Ukraine with Disinformation and Credential-Harvesting Attacks https://thehackernews.com/2024/02/russian-hackers-target-ukraine-with.html Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaig https://go.recordedfuture.com/hubfs/reports/cta-2024-0217.pdf Russian-Linked Hackers Target 80+ Organizations via Roundcube Flaws https://thehackernews.com/2024/02/russian-linked-hackers-breach-80.html Iranian Hackers Target Middle East Policy Experts with New BASICSTAR Backdoor https://thehackernews.com/2024/02/iranian-hackers-target-middle-east.html Iran and Hezbollah Hackers Launch Attacks to Influence Israel-Hamas Narrative https://thehackernews.com/2024/02/iran-and-hezbollah-hackers-launch.html Warning of North Korean cyber threats targeting the Defense Sector https://www.verfassungsschutz.de/SharedDocs/publikationen/DE/cyberabwehr/2024-02-19-joint-cyber-security-advisory-englisch.pdf?__blob=publicationFile&v=2 New Report Reveals North Korean Hackers Targeting Defense Firms Worldwide https://thehackernews.com/2024/02/new-report-reveals-north-korean-hackers.html 彰銀招資安技術專業人員報名倒數計時 https://www.1111.com.tw/news/jobns/154999 D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全施耐德電機傳出資料外洩，勒索軟體Cactus聲稱竊得1.5 TB資料 https://www.bleepingcomputer.com/news/security/cactus-ransomware-claim-to-steal-15tb-of-schneider-electric-data/ 科技龍頭承諾共同對抗與選舉有關的AI欺騙性內容 https://www.aielectionsaccord.com/uploads/2024/02/Press-Release-AI-Elections-Accord-16-Feb-2024.pdf 中國、俄羅斯駭客組織針對歐盟發動攻擊，網路釣魚是入侵受害組織的主要管道 https://cert.europa.eu/publications/threat-intelligence/tlr2023/ 中國公關公司架設100多個WordPress網站，冒充世界各地新聞媒體散布對中國有利的訊息 https://citizenlab.ca/2024/02/paperwall-chinese-websites-posing-as-local-news-outlets-with-pro-beijing-content/ 假財務長深偽視訊會議跨國公司香港分部被騙8億 https://blog.trendmicro.com.tw/?p=80509#item1 她買麗禧溫泉券卻遭詐團騙怒提告公司搬出數發部的函、法院2理由不買帳 https://today.line.me/tw/v2/article/aG3PyaG 資安不嚴消費者個資外洩遭詐騙　酒店及系統管理業者高院判賠 https://news.owlting.com/articles/611669 公司寄「調薪通知」假Mail測試資安意識員工全中鏢⋯網：實在太卑鄙 https://tech.udn.com/tech/story/123154/7769738?from=udn-indexnewnews_ch1024 Meta 推無廣告訂閱服務，歐盟大打臉這是逼我們付錢保護自己的隱私 https://buzzorange.com/techorange/2024/02/17/eu-privacy-group-opposes-meta-ad-free-subscription-service/ 「幫手」還是「幫兇」 https://i.win.org.tw/news_detail.php?SerialNo=1148&Type=1&currentPage=6 惡意Python指令碼濫用AWS 發送大量釣魚簡訊 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10940 偷心偷數據和隱私專家警告AI女友會讓你心碎 https://www.epochtimes.com/b5/24/2/16/n14182546.htm 非法买卖公民个人信息100余万条，16人被罚 https://reurl.cc/OGebYR TG上现频道主，数十天内泄露支付宝、外卖等数据高达230G！ https://reurl.cc/zl7yON Malicious 'SNS Sender' Script Abuses AWS for Bulk Smishing Attacks https://thehackernews.com/2024/02/malicious-sns-sender-script-abuses-aws.html U.S. State Government Network Breached via Former Employee's Account https://thehackernews.com/2024/02/us-state-government-network-breached.html New 'VietCredCare' Stealer Targeting Facebook Advertisers in Vietnam https://thehackernews.com/2024/02/new-vietcredcare-stealer-targeting.html E.研究報告/工具網路安全不再只有防火牆！資料科學如何搶先發現網路威脅 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10944 安全軟體開發需求激增「安全即設計」專業人才前景看好 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10938 為應對量子運算的安全挑戰，Linux基金會成後量子密碼學聯盟 https://www.linuxfoundation.org/press/announcing-the-post-quantum-cryptography-alliance-pqca 研究人員揭露濫用無線充電器的攻擊手法VoltSchemer，有可能注入語音命令、燒毀手機 https://arxiv.org/abs/2402.11423 研究人員解析Ivanti Connect Secure韌體，發現使用大量已終止支援的元件而容易受到攻擊 https://eclypsium.com/blog/flatlined-analyzing-pulse-secure-firmware-and-bypassing-integrity-checking/ 一个永久的网安攻防知识库 https://reurl.cc/54EgD7 【万字解析】SQL注入精粹：从0到1的注入之路 https://reurl.cc/QeOpNp How Businesses Can Safeguard Their Communication Channels Against Hackers https://thehackernews.com/2024/02/how-businesses-can-safeguard-their.html Why We Must Democratize Cybersecurity https://thehackernews.com/2024/02/why-we-must-democratize-cybersecurity.html How to Achieve the Best Risk-Based Alerting (Bye-Bye SIEM) https://thehackernews.com/2024/02/bye-bye-siem-hello-risk-based-alerting.html SaaS Compliance through the NIST Cybersecurity Framework https://thehackernews.com/2024/02/saas-compliance-through-nist.html Learn How to Build an Incident Response Playbook Against Scattered Spider in Real-Time https://thehackernews.com/2024/02/learn-how-to-build-incident-response.html 6 Ways to Simplify SaaS Identity Governance https://thehackernews.com/2024/02/6-ways-to-simplify-saas-identity.html Cybersecurity for Healthcare—Diagnosing the Threat Landscape and Prescribing Solutions for Recovery https://thehackernews.com/2024/02/cybersecurity-for-healthcarediagnosing.html F.商業兆勤科技取得CVE編號管理者最高等級Provider身分 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10941 Akamai推出Content Protector 阻止網頁爬蟲攻擊 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=10937 Google Open Sources Magika: AI-Powered File Identification Tool https://thehackernews.com/2024/02/google-open-sources-magika-ai-powered.html G.政府公投電子連署系統4月上線中選會：考量強化資安時程 https://news.pts.org.tw/article/681140 菸酒事業使用之APP或網站，須因應新技術之演進適時更新相關資安防護 https://www.miaoli.gov.tw/finance/News_Content.aspx?n=495&s=724285 資安院接手TWCERT/CC業務，民間企業資安事件通報從8x5改為24x7 https://www.ithome.com.tw/news/161395 任務丟回行政院資安署倒退成資安處 https://ec.ltn.com.tw/article/paper/1631011 資安演練不溝通立委批像無頭蒼蠅 https://ec.ltn.com.tw/article/paper/1631013 上下難溝通、難留才資安院淪大技服 https://ec.ltn.com.tw/amp/article/paper/1631012 刁難深偽分析、婉拒台美合作數發部打假玩假的 https://ec.ltn.com.tw/article/paper/1631009 遭批打假訊息不力數位部：積極督導資安院加碼防詐 https://news.pchome.com.tw/finance/cna/20240217/index-17081474883110418003.html 數位部積極督導資安院加碼防詐從未刪減數位訊息業務員額 https://reurl.cc/D48nze 全國性公投電子連署系統將上線李忠憲：台灣社會信任基礎恐遭摧毁 https://today.line.me/tw/v2/article/JP7Xx9J 外界質疑！唐鳳出席IGF 自貶官方身分 https://ec.ltn.com.tw/article/paper/1631229 唐鳳出席聯合國會議數位部：未損國家尊嚴實質參與 https://www.rti.org.tw/news/view/id/2196128 太過被動立委︰數發部僚氣重 https://ec.ltn.com.tw/article/paper/1631232 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安勒索軟體駭客組織間互通有無，以較少的攻擊次數對工控系統帶來更大傷害 https://www.dragos.com/blog/dragos-industrial-ransomware-analysis-q4-2023/ 智慧家庭設備業者Wyze出現服務異常，該公司表示是遭遇資安問題導致 https://www.bleepingcomputer.com/news/security/wyze-investigating-security-issue-amid-ongoing-outage/ 醫療物聯網(IoMT)的資安新挑戰 https://blog.twnic.tw/2024/02/17/29658/ Zyxel zysh - Format string https://www.exploit-db.com/exploits/51786 TP-LINK TL-WR740N - Multiple HTML Injection https://www.exploit-db.com/exploits/51769 TP-Link TL-WR740N - UnAuthenticated Directory Transversal https://www.exploit-db.com/exploits/51768 I.教育訓練 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 6.近期資安活動及研討會 2024H1資安實戰演練大會AI爆發時代的企業資安聯合軍演 2024/3/6 https://buzzorange.com/techorange/forum/2024h1-cybersecurity-combat-exercise/ 資安事件調查與實務分析 2024/3/6（三） https://docs.google.com/forms/d/1bO_IhZ9gxZ-nFNGVva7ZfRWyX5B3n-sKEdW6nkPtj50/edit .NET / Java 安全程式開發達人集訓班（高雄場） 2024/3/6 ~ 2024/3/8 https://www.accupass.com/event/2401100307112987621850 【安碁學苑】資安技術人才培育｜實戰培訓首發班 2024/3/11 ~ 2024/3/29 https://acsiacad.kktix.cc/events/6ebd7fbd-copy-2 DEVCORE CONFERENCE 2024 2024/3/16 https://devcore.kktix.cc/events/devcoreconf2024 【企業資安講堂】資安教育免費線上課程 2024/3/19 ~ 2024/11/19 https://acercsi.kktix.cc/events/2024csr 黑客視角：網站漏洞挖掘與防禦 2024/3/20 https://docs.google.com/forms/d/1OGcXzbo2vG9_DU5oQ9DCAF2zWJtewqrd4OM28zdatw4/edit 社團法人台灣駭客協會 113 年度會員春酒 2024/3/27 https://hitcon.kktix.cc/events/hit-banquet-113 中區(實體)--校園資安作業與外部審查實務 2024/4/8 https://tp2rc.tanet.edu.tw/node/790 AI應用系統開發與生成式AI應用人才培訓班第一梯次 2024/6/27 ~ 2024/8/9 https://www.accupass.com/event/2401100729511706489107