###### tags: `資安事件新聞週報` # 資安事件新聞週報 2024/12/2 ~ 2024/12/6 1.重大弱點漏洞/後門/Exploit/Zero Day SailPoint IdentityIQ存在風險10分重大漏洞，恐洩漏敏感配置檔案、用戶資料 https://www.ithome.com.tw/news/166360 Critical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized Access https://thehackernews.com/2024/12/critical-sailpoint-identityiq.html Veeam發布新版備份集中管理工具，修補遠端執行程式碼重大漏洞 https://www.ithome.com.tw/news/166344 Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console https://thehackernews.com/2024/12/veeam-issues-patch-for-critical-rce.html 思科證實10年前公布的ASA設備XSS漏洞被用於攻擊行動 https://www.ithome.com.tw/news/166343 Progress於9月修補的WhatsUp Gold重大層級漏洞，發現問題的資安研究人員公布細節 https://www.ithome.com.tw/news/166345 企業 VPN 更新機制遭攻破，研究人員揭露權限提升攻擊鏈 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11421 滲透測試框架MobSF存在跨網站指令碼漏洞 https://gbhackers.com/mobsf-xss-vulnerability/ Windows Server 2012、2012 R2存在MotW零時差漏洞 https://www.ithome.com.tw/news/166305 微軟修補AI、雲端服務、ERP漏洞，已有部分出現攻擊行動 https://thehackernews.com/2024/11/microsoft-fixes-ai-cloud-and-erp.html Microsoft Dynamics 365 銷售欺騙弱點 https://nvd.nist.gov/vuln/detail/CVE-2024-49053 伺服器管理介面CyberPanel存在風險值10分漏洞，美國政府證實已被用於攻擊行動 https://www.ithome.com.tw/news/166363 Trellix公告資安管理平臺ESM重大漏洞，用戶若不處理攻擊者可執行RCE攻擊 https://securityonline.info/trellix-enterprise-security-manager-patches-critical-flaws-including-cve-2024-11482-cvss-9-8/ VMware Aria Operations https://nvd.nist.gov/vuln/detail/CVE-2024-38830 https://nvd.nist.gov/vuln/detail/CVE-2024-38831 https://nvd.nist.gov/vuln/detail/CVE-2024-38832 7-Zip發布新的安全性更新 https://reurl.cc/WA11Ex 軟體框架Apache Arrow的R套件存在重大漏洞 https://securityonline.info/cve-2024-52338-critical-security-flaw-in-apache-arrow-r-package-allows-arbitrary-code-execution/ Apache Arrow R package https://nvd.nist.gov/vuln/detail/CVE-2024-52338 Apache NimBLE https://nvd.nist.gov/vuln/detail/CVE-2024-51569 IBM Security verify Access Appliance https://nvd.nist.gov/vuln/detail/CVE-2024-49804 https://nvd.nist.gov/vuln/detail/CVE-2024-49806 https://nvd.nist.gov/vuln/detail/CVE-2024-49805 https://nvd.nist.gov/vuln/detail/CVE-2024-49803 IBM QRadar Use Case Manager app is vulnerable to using components with known vulnerabilities https://www.ibm.com/support/pages/node/7177981 NachoVPN Tool Exploits Flaws in Popular VPN Clients for System Compromise https://thehackernews.com/2024/12/nachovpn-tool-exploits-flaws-in-popular.html Mitel視訊協作平臺MiCollab存在零時差漏洞，研究人員公布相關細節 https://www.bleepingcomputer.com/news/security/mitel-micollab-zero-day-flaw-gets-proof-of-concept-exploit/ 2.銀行/金融/保險/證券/金融監理 新聞及資安 安卓木馬DroidBot鎖定77家銀行客戶而來 https://thehackernews.com/2024/12/this-3000-android-trojan-targeting.html 台新銀行加入國際資安事件應變小組論壇FIRST，為臺灣第一家參與該組織的金融機構 https://finance.ettoday.net/news/2866164 南韓戒嚴害慘金融業！網路銀行驚釀擠兌潮 一度暫停交易 https://ec.ltn.com.tw/article/breakingnews/4883621 數據與AI加持！中國信託銀行如何透過 「理專Dashboard」創新客戶經營模式 https://www.bnext.com.tw/article/81500/ctbc2024_12? 3.信用卡/電子支付/行動支付/pay/支付系統/資安 販賣機誘導人臉支付？酒店、公共廁所到處「刷臉」　恐違法蒐個資 https://news.tvbs.com.tw/china/2708545 電子支付熱潮進入朝鮮 北韓政府下令大城市推動「QR Code條碼購物」 https://reurl.cc/EgRRN1 外國遊客轟內地到處拒收現金　的士無錢找：水都買不到，差點沒命 https://www.hk01.com/article/1081784?utm_source=01articlecopy&utm_medium=referral 刷銀行卡乘公交 維州啟動試點項目 https://www.epochtimes.com/b5/24/12/6/n14385917.htm 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 JavaScript軟體開發套件Solana Web3.js遭駭，從開發人員電腦竊走18萬美元加密貨幣 https://www.ithome.com.tw/news/166400 川普提名前PayPal營運長 擔任白宮AI與加密貨幣沙皇 https://www.rti.org.tw/news/view/id/2230437 冒充名人推薦 加密貨幣騙局令多人上當 https://www.epochtimes.com/b5/24/12/5/n14385392.htm 澳洲監管機構出手 限制加密貨幣作為犯罪工具 https://news.pchome.com.tw/society/firenews/20241206/index-73346357757616341002.html#google_vignette 加密貨幣勢不可擋！普丁震撼發聲：比特幣無人能禁 https://blockcast.it/2024/12/05/putin-says-no-one-will-be-able-to-ban-bitcoin/ 暴風雨前的平靜：這次非農要超20萬？中國下週有大事，比特幣還能漲 https://hk.investing.com/news/forex-news/article-729781 踏足幣圈 3 年，美圖不玩了！清倉比特幣、以太幣，獲利近 8 千萬美元 https://blockcast.it/2024/12/05/meitu-sold-all-of-its-crypto-holdings-before-bitcoin-hit-100k/ 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 維吾爾族及圖博人士遭鎖定，駭客搭配漏洞利用攻擊包MoonShine、後門程式DarkNimbus進行滲透 https://www.ithome.com.tw/news/166396 英國電信龍頭BT Group傳出遭遇勒索軟體Black Basta攻擊 https://www.ithome.com.tw/news/166391 資安業者iVerify揭露新的間諜軟體Pegasus威脅 https://iverify.io/blog/iverify-mobile-threat-investigation-uncovers-new-pegasus-samples MirrorFace攻擊行動鎖定日本而來，散布Anel、NoopDoor惡意程式 https://thehackernews.com/2024/12/anel-and-noopdoor-backdoors-weaponized.html Deloitte英國分公司驚傳遭勒索軟體Brain Cipher攻擊，駭客聲稱竊得1 TB資料 https://www.ithome.com.tw/news/166356 美國能源業者ENGlobal坦承遭遇勒索軟體攻擊，IT系統部分資料遭到加密 https://www.theregister.com/2024/12/03/us_energy_contractor_englobal_ransomware/ 勒索軟體Interlock疑從9月出現，對8個國家企業組織發動攻擊 https://www.fortinet.com/blog/threat-research/ransomware-roundup-interlock 安卓惡意軟體SpyLoan透過Google Play市集散布，已被下載800萬次 https://www.bleepingcomputer.com/news/security/spyloan-android-malware-on-google-play-installed-8-million-times/ 駭客組織UNC2465佯稱提供合法工具，散布後門程式Smokedham以從事勒索軟體攻擊 https://securityonline.info/smokedham-backdoor-unc2465s-stealth-weapon-for-extortion-and-ransomware-campaigns/ 富士電氣印尼子公司傳出遭遇勒索軟體攻擊 https://securityonline.info/fuji-electric-indonesia-suffers-ransomware-attack-business-partner-data-potentially-leaked/ 配置錯誤的Docker API成目標，攻擊者企圖部署惡意軟體Gafgyt，並發動DDoS攻擊 https://www.trendmicro.com/en_us/research/24/l/gafgyt-malware-targeting-docker-remote-api-servers.html 惡意程式RevC2、Venom Loader攻擊行動升溫 https://securityonline.info/revc2-and-venom-loader-exploit-maas-in-advanced-campaigns/ 收到報價相關電子郵件請注意！可能是釣魚！惡意軟體SmokeLoader鎖定臺灣企業下手 https://www.ithome.com.tw/news/166324 駭客組織MUT-8694同時針對NPM、PyPI開發者下手，意圖向Windows用戶散布竊資軟體 https://securitylabs.datadoghq.com/articles/mut-8964-an-npm-and-pypi-malicious-campaign-targeting-windows-users/ 惡意NPM套件鎖定Linux開發人員，偽裝熱門套件散布後門程式 https://socket.dev/blog/malicious-npm-packages-inject-ssh-backdoors-via-typosquatted-libraries 犯下Snowflake大規模勒索案的主嫌疑為美國軍人 https://krebsonsecurity.com/2024/11/hacker-in-snowflake-extortions-may-be-a-u-s-soldier/ 一年前揭露的UEFI漏洞LogoFAIL遭到利用，駭客企圖在Linux電腦植入Bootkitty https://www.ithome.com.tw/news/166285 Wanted Russian Hacker Linked to Hive and LockBit Ransomware Arrested https://thehackernews.com/2024/11/wanted-russian-cybercriminal-linked-to.html An NPM and PyPI Malicious Campaign Targeting Windows Users https://securitylabs.datadoghq.com/articles/mut-8964-an-npm-and-pypi-malicious-campaign-targeting-windows-users/ The Evolution of a Cyber Threat: From JinxLoader to Astolfo Loader https://blogs.blackberry.com/en/2024/11/jinxloader-evolution Python Crypto Library Updated to Steal Private Keys https://blog.phylum.io/python-crypto-library-updated-to-steal-private-keys/ Unveiling the Past and Present of APT-K-47 Weapon: Asyncshell https://medium.com/@knownsec404team/unveiling-the-past-and-present-of-apt-k-47-weapon-asyncshell-5a98f75c2d68 Know Thy Enemy: A Novel November Case on Persistent Remote Access https://www.huntress.com/blog/know-thy-enemy-a-novel-november-case-on-persistent-remote-access RobotDropper Automates the Delivery of Multiple Infostealers https://blogs.blackberry.com/en/2024/11/robotdropper-automates-delivery-of-multiple-infostealers Vidar - C2 IP/Domain Tracker https://otx.alienvault.com/pulse/6554e103fbeeea19ff6f5611 8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Play https://thehackernews.com/2024/12/8-million-android-users-hit-by-spyloan.html Horns&Hooves Campaign Delivers RATs via Fake Emails and JavaScript Payloads https://thehackernews.com/2024/12/horns-campaign-delivers-rats-via-fake.html SmokeLoader Malware Resurfaces, Targeting Manufacturing and IT in Taiwan https://thehackernews.com/2024/12/smokeloader-malware-resurfaces.html Researchers Uncover Backdoor in Solana's Popular Web3.js npm Library https://thehackernews.com/2024/12/researchers-uncover-backdoor-in-solanas.html 5 Strategies to Combat Ransomware and Ensure Data Security in Microsoft 365 https://thehackernews.com/expert-insights/2024/12/5-strategies-to-combat-ransomware-and.html ANEL and NOOPDOOR Backdoors Weaponized in New MirrorFace Campaign Against Japan https://thehackernews.com/2024/12/anel-and-noopdoor-backdoors-weaponized.html NCA Busts Russian Crypto Networks Laundering Funds and Evading Sanctions https://thehackernews.com/2024/12/nca-busts-russian-crypto-networks.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 巴西強制要求蘋果開放 App 側載 蘋果不滿裁決稱會影響用戶穩私安全 https://m.eprice.com.tw/mobile/talk/4544/5813713/1 Solo相機APP個資會被竊取嗎？全面解析隱私和安全度 https://mrmad.com.tw/solo-camera-app-security-and-privacy#google_vignette 加拿大下令解散TikTok境內業務　但仍可使用App https://www.nownews.com/news/6575566 C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 陽明海運傳出部分資訊系統遭遇網路攻擊 https://mops.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=165809&SPOKE_DATE=20241205&COMPANY_ID=2609 餐飲集團新天地傳出遭遇DDoS攻擊 https://mops.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=190626&SPOKE_DATE=20241203&COMPANY_ID=8940 配置臭蟲釀禍，Cloudflare遺失逾半數客戶事件記錄檔案 https://www.ithome.com.tw/news/166243 國際刑警組織與40個國家聯手執行大規模掃蕩，逮捕逾5千人、查獲4億美元不法所得 https://www.ithome.com.tw/news/166326 重大供應鏈攻擊又一樁! 美國供應鏈管理軟體大廠 Blue Yonder 遭勒索攻擊，星巴克等企業營運受阻 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11422 Cloudflare Pages、Workers服務遭到駭客濫用的情況大幅增加 https://www.bleepingcomputer.com/news/security/cloudflares-developer-domains-increasingly-abused-by-threat-actors/ 俄羅斯影響力活動Undercut鎖定烏克蘭及美國選舉而來 https://thehackernews.com/2024/11/ai-powered-fake-news-campaign-targets.html 韓國警方逮捕執行長及5名員工，起因是在生產的衛星接收器埋入DDoS攻擊功能 https://www.ithome.com.tw/news/166342 美國大型企業組織遭到中國駭客入侵，鎖定Exchange伺服器發動攻擊，目的是收集情報 https://www.ithome.com.tw/news/166390 俄羅斯駭客BlueAlpha透過Cloudflare Tunnels隱匿攻擊行動 https://www.darkreading.com/cloud-security/russias-bluealpha-apt-cloudflare-tunnels 美國針對中國駭客Salt Typhoon攻擊電信業者行動透露新的發現，指出範圍涵蓋數十個國家 https://www.bleepingcomputer.com/news/security/white-house-salt-typhoon-hacked-telcos-in-dozens-of-countries/ 伊朗駭客APT35鎖定航太及半導體產業，利用假徵才網站發動攻擊 https://www.ithome.com.tw/news/166340 Researchers Uncover 4-Month Cyberattack on U.S. Firm Linked to Chinese Hackers https://thehackernews.com/2024/12/researchers-uncover-4-month-cyberattack.html Joint Advisory Warns of PRC-Backed Cyber Espionage Targeting Telecom Networks https://thehackernews.com/2024/12/joint-advisory-warns-of-prc-backed.html North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks https://thehackernews.com/2024/12/north-korean-kimsuky-hackers-use.html INTERPOL Arrests 5,500 in Global Cybercrime Crackdown, Seizes Over $400 Million https://thehackernews.com/2024/12/interpol-arrests-5500-in-global.html Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks https://thehackernews.com/2024/11/microsoft-fixes-ai-cloud-and-erp.html AI-Powered Fake News Campaign Targets Western Support for Ukraine and U.S. Elections https://thehackernews.com/2024/11/ai-powered-fake-news-campaign-targets.html U.S. Citizen Sentenced for Spying on Behalf of China's Intelligence Agency https://thehackernews.com/2024/11/us-citizen-sentenced-for-spying-on.html Russia-Linked Turla Exploits Pakistani Hackers' Servers to Target Afghan and Indian Entities https://thehackernews.com/2024/12/russia-linked-turla-exploits-pakistani.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 以AI對付詐騙展現絕佳創意！英國電信業者O2祭出反詐騙新招，推出AI阿嬤和詐騙電話「過招」 https://www.ithome.com.tw/news/166393 MOVEit漏洞攻擊事故出現新的受害者，駭客公布76萬筆員工資料 https://www.ithome.com.tw/news/166359 網釣攻擊套件Rockstar 2FA鎖定M365帳號而來 https://www.ithome.com.tw/news/166295 Word檔案修復功能遭到濫用！攻擊者藉此繞過電腦資安防護機制，假借公司人資與員工福利的名義從事網路釣魚 https://www.ithome.com.tw/news/166325 Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks https://thehackernews.com/2024/11/phishing-as-service-rockstar-2fa.html E.研究報告/工具 Want to Grow Vulnerability Management into Exposure Management? Start Here https://thehackernews.com/2024/12/want-to-grow-vulnerability-management.html Protecting Tomorrow's World: Shaping the Cyber-Physical Future https://thehackernews.com/2024/11/protecting-tomorrows-world-shaping.html Securing Open Source: Lessons from the Software Supply Chain Revolution https://thehackernews.com/expert-insights/2024/12/securing-open-source-lessons-from.html 7 PAM Best Practices to Secure Hybrid and Multi-Cloud Environments https://thehackernews.com/2024/12/7-pam-best-practices-to-secure-hybrid.html How to Plan a New (and Improved!) Password Policy for Real-World Security Challenges https://thehackernews.com/2024/12/how-to-plan-new-and-improved-password.html F.商業 Gartner: 2028 年40% 的資訊長（CIO）需提供「守護智慧體」 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11413 趨勢科技守護醫療機構的雲端資料 滿足開發AI創新、安全與合規三項關鍵需求 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11418 G.政府 2024台灣資安通報應變年會：資安長高峰論壇 聚焦威脅應變與跨域協作 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11431 TWNIC報告：51.22%受訪者表示不信任政府有應對網路攻擊的能力 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11417 台灣「數位皮夾」最快 2025 上路，銀行開戶不用再帶實體雙證件 https://buzzorange.com/techorange/2024/12/06/taiwan-digital-wallet-2025/ 數位發展部召開首次「數位經濟發展諮詢會」 產、學、研齊獻策 https://www.tca.org.tw/tca_news1.php?n=2233 數發部爆霸凌官員辱罵「混蛋」 部長黃彥男道歉了 https://ec.ltn.com.tw/article/breakingnews/4883414 韌性建設司疑似職場霸凌案　數位發展部：已組成專案小組啟動調查 https://www.nownews.com/news/6599938 數發部司長鄭明宗涉霸凌！ 藍狠酸「拗點心達人」：動輒咆哮小南門之吼 https://reurl.cc/geMMXp H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 用戶盡速更新！研華EKI-6333系列Wi-Fi 基地台爆出逾二十個資安漏洞 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11428 研華工控無線基地臺存在重大漏洞，若不修補恐被用於繞過身分驗證、執行任意程式碼 https://www.ithome.com.tw/news/166291 德國針對兆勤防火牆漏洞提出警告，證實至少有5家企業受害 https://securityonline.info/cve-2024-11667-critical-vulnerability-in-zyxel-firewalls-actively-exploited/ 針對資安業者公布的工業用無線基地臺漏洞，研華科技提出進一步說明 https://www.ithome.com.tw/news/166327 日本警告IO-Data無線基地臺零時差漏洞已出現攻擊行動 https://www.ithome.com.tw/news/166367 盛達電業無線基地臺存在高風險漏洞 https://securityonline.info/cve-2024-11980-cvss-10-critical-flaw-in-billion-electric-routers/ Zyxel ATP series firmware https://nvd.nist.gov/vuln/detail/CVE-2024-11667 CISA Warns of Active Exploitation of Flaws in Zyxel, ProjectSend, and CyberPanel https://thehackernews.com/2024/12/cisa-warns-of-active-exploitation-of.html I.教育訓練 資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 2024 SITCON 台中 Hour of Code 2024/12/7 https://hackersir.kktix.cc/events/hoc2024 Advanced Scrum Case Study 2024/12/7 https://www.meetup.com/silicon-valley-professional-scrum-bangkok/events/304499855/ 【資安課程諮詢】物聯網資訊安全實務 2024/12/7 https://www.accupass.com/event/2411140712431025057591 JUMPSTARTER for One Earth Global Pitch Competition 2024/12/8 https://www.meetup.com/meetups-hk-science-park/events/303108822/ Focus and Take Action - Entrepreneurs and Digital Nomads 2024/12/8 https://www.meetup.com/taipei-accountability-group/events/rjcdptygcqblb/ Algorithms Study Group! 2024/12/10 https://www.meetup.com/codeseoul/events/304666082/ Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/12/10 https://www.meetup.com/taiwan-code-camp/events/304666209/ 設計xAI 創新方法論壇 D.Power x AI Driven Innovation Forum 2024/12/10 https://www.accupass.com/event/2411070657564550590390 Elasticsearch 年末終極指南：社群版 vs. 企業版 2024/12/11 https://www.accupass.com/event/2411280835499230595020 itSMF International - Webinar - ITSM at Its Best - Spotlight on Asia-Pacific 2024/12/11 https://www.meetup.com/itsmbkk/events/304789348/ How to Build AI Skills For Your Career 2024/12/11 https://www.meetup.com/shanghai-startup-idea-to-ipo/events/304320393/ Threat Analyst Summit 2024 威脅分析師高峰會 2024/12/11 ~ 2024/12/12 https://teamt5tw.kktix.cc/events/tas2024 資安五四三 2024/12/12 https://csa.kktix.cc/events/202412-543 WordPress 彩虹小 - 新手也能快速上手！SEO文章撰寫與設定的成功法則 2024/12/12 https://www.meetup.com/taipei-wordpress/events/304664742/ How to Build AI Sills For Your Career 2024/12/12 https://www.meetup.com/seoul-startup-idea-to-ipo/events/304320354/ [CHANGE MASTER SERIES] Essential CM for de-risking your ERP implementation 2024/12/13 https://www.meetup.com/hong-kong-organization-change-meetup-group/events/304756330/ IT Tech & Hobby Talk-Taipei 3rd Event, supported by Wankuma Alliance Japan 2024/12/13 https://www.meetup.com/it-tech-and-hobby-talk-taipei/events/304412387/ Taipei dbt Meetup #31 for all folks working with data! (Hybrid 👫 + 🧑‍💻)2024/12/13 https://www.meetup.com/taipei-dbt-meetup/events/304593126/ Saturday AI Chat: Insights with Zack Lim 2024/12/14 https://www.meetup.com/internet-entrepreneurs-network-vietnam/events/304628614/ SecondLook Discussions 2024/12/15 https://www.meetup.com/secondlook-bangkok/events/304753213/ Focus and Take Action - Entrepreneurs and Digital Nomads 2024/12/15 https://www.meetup.com/taipei-accountability-group/events/rjcdptygcqbtb/ 金融反詐 X AI深偽：資安實務專題講座（中部場）2024/12/16 https://isipevent.kktix.cc/events/m165isip 【資安講座】錢錢沒有不見，只是進入別人的口袋裡了 2024/12/16 https://hackersir.kktix.cc/events/2024-12-16 Algorithms Study Group! 2024/12/17 https://www.meetup.com/codeseoul/events/304792219/ Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/12/17 https://www.meetup.com/taiwan-code-camp/events/304791930/ 台灣的全球網路自由分數竟被扣在這！！政府打詐封網措施「 DNS RPZ 停止解析」過度了嗎 2024/12/19 https://ocftw.kktix.cc/events/internetfreedom-dec2024 Advanced Scrum Case Study 2024/12/21 https://www.meetup.com/silicon-valley-professional-scrum-bangkok/events/ghffptygcqbcc/ Saturday AI Chat: Insights with Zack Lim 2024/12/21 https://www.meetup.com/internet-entrepreneurs-network-vietnam/events/304628647/ “团队敏捷教练进阶课程” 12月21-22日 · A-CSM认证周末班 2024/12/21-2024/12/22 https://www.meetup.com/shanghai-agile-scrum-user-group/events/304244914/ Focus and Take Action - Entrepreneurs and Digital Nomads 2024/12/22 https://www.meetup.com/taipei-accountability-group/events/rjcdptygcqbdc/ [HOLD] An Exciting Flutter Meetup! (Flutter Meetup #20) 2024/12/24 https://www.meetup.com/flutter-taipei/events/304666982/ Algorithms Study Group! 2024/12/24 https://www.meetup.com/codeseoul/events/vgfcptygcqbgc/ Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/12/24 https://www.meetup.com/taiwan-code-camp/events/xfxtjtygcqbgc/ Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/12/25 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/bmzxltygcqbhc/ “全球金牌敏捷课程” - CSM认证（周末班）2024/12/28 https://www.meetup.com/shanghai-agile-scrum-user-group/events/304806511/ Focus and Take Action - Entrepreneurs and Digital Nomads 2024/12/29 https://www.meetup.com/taipei-accountability-group/events/rjcdptygcqbmc/ SecondLook Discussions 2024/12/29 https://www.meetup.com/secondlook-bangkok/events/pbfdptygcqbmc/ Algorithms Study Group! 2024/12/31 https://www.meetup.com/codeseoul/events/vgfcptygcqbpc/