###### tags: `資安事件新聞週報` # 資安事件新聞週報 2025/7/7 ~ 2025/7/11 1.重大弱點漏洞/後門/Exploit/Zero Day Fortinet修補網頁應用程式防火牆重大SQL注入漏洞 https://www.ithome.com.tw/news/169971 Citrix修補VDI平臺本機權限提升資安漏洞 https://www.ithome.com.tw/news/169972 今年6月Citrix修補的兩項NetScaler重大漏洞已遭串連，用於實際攻擊 https://labs.watchtowr.com/how-much-more-must-we-bleed-citrix-netscaler-memory-disclosure-citrixbleed-2-cve-2025-5777/ CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises https://thehackernews.com/2025/07/cisa-adds-citrix-netscaler-cve-2025.html Trend Micro Apex Central釋出新的緊急修補程式 CVE-2025-49219、CVE-2025-49220 https://www.zerodayinitiative.com/advisories/ZDI-25-366/ https://www.zerodayinitiative.com/advisories/ZDI-25-367/ Splunk修補SOAR平臺第三方元件漏洞，其中包含已遭利用的Git重大漏洞 https://gbhackers.com/splunk-soar-addresses-vulnerabilities/ 微軟發布7月例行更新，修補130項資安漏洞 https://www.ithome.com.tw/news/169956 Microsoft Patches 130 Vulnerabilities, Including Critical Flaws in SPNEGO and SQL Server https://thehackernews.com/2025/07/microsoft-patches-130-vulnerabilities.html Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major Distros https://thehackernews.com/2025/07/critical-sudo-vulnerabilities-let-local.html Over 40 Malicious Firefox Extensions Target Cryptocurrency Wallets, Stealing User Assets https://thehackernews.com/2025/07/over-40-malicious-firefox-extensions.html CISA Adds Four Critical Vulnerabilities to KEV Catalog Due to Active Exploitation https://thehackernews.com/2025/07/cisa-adds-four-critical-vulnerabilities.html ServiceNow存在高風險資安漏洞，攻擊者可透過配置不當的ACL洩露資料 https://thehackernews.com/2025/07/servicenow-flaw-cve-2025-3648-could.html ServiceNow Flaw CVE-2025-3648 Could Lead to Data Exposure via Misconfigured ACLs https://thehackernews.com/2025/07/servicenow-flaw-cve-2025-3648-could.html Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild https://thehackernews.com/2025/07/critical-wing-ftp-server-vulnerability.html Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads https://thehackernews.com/2025/07/critical-mcp-remote-vulnerability.html SAP發布7月例行更新，修補7項重大漏洞 https://gbhackers.com/sap-july-2025-patch-day/ SAP修補供應商關係管理平臺重大漏洞，問題出在攻擊者能趁機以管理員身分執行OS命令 https://www.ithome.com.tw/news/169978 Next.js修補快取污染漏洞，防止靜態頁面DoS攻擊 https://www.ithome.com.tw/news/169927 Linux開機系統存在漏洞，攻擊者恐繞過安全開機防護機制 https://gbhackers.com/linux-boot-vulnerability/ 2.銀行/金融/保險/證券/金融監理 新聞及資安 中國信託銀行「挺安全」！首創「交易中安全提示」功能防詐更升級 https://reurl.cc/mY98mj 錢存銀行穩嗎？駭客攻擊讓存款歸零 專家曝台灣金融系統「921地震測過了」 https://reurl.cc/0WOA3o 民眾憂心街口支付帳戶 銀行局與台新銀行都回應了 https://ec.ltn.com.tw/article/breakingnews/5105086 金融監理再鬆綁！Fed擬放寬大銀行評估標準 https://news.cnyes.com/news/id/6060434 秒速登記1000元客家幣 不是客家人可以抽嗎 https://reurl.cc/Y36gKo 存在銀行的錢安全嗎？從伊朗銀行遭駭反思台灣金融韌性 https://tfc-taiwan.org.tw/bank-hack-lessons-taiwan-financial-resilience/ 黃彥男：資安是一切基礎　FIDO 專場揭示企業驗證轉型 https://www.cio.com.tw/94373/ 金融資安專場圓滿落幕　聚焦零信任架構與人權平衡的未來挑戰 https://lifenews.com.tw/368452/ 國際資安組織大會台北登場 電商、金融業者討論FIDO應用 https://ec.ltn.com.tw/article/breakingnews/5102441 FIDO 再登板國際資安組織大會 揭示Passkey 無密碼時代將來臨 https://reurl.cc/0WOAro Anatsa Android Banking Trojan Hits 90,000 Users with Fake PDF App on Google Play https://thehackernews.com/2025/07/anatsa-android-banking-trojan-hits.html 3.信用卡/電子支付/行動支付/pay/支付系統/資安 受法院查封母公司衝擊，街口支付遭兩大電商停用，官方澄清財務與營運不受影響 https://www.ithome.com.tw/news/170024 街口支付爆「退用潮」澄清五大疑慮！董座梅驊：金流 100% 信託獨立經營 https://finance.technews.tw/2025/07/11/withdrawal/ 街口支付母公司無預警遭查封 金管會回應：2重點須釐清 https://reurl.cc/ek8RYm 街口支付爆用戶逃命潮 全國電子、momo即起也暫停使用 https://www.ctee.com.tw/news/20250711701274-430303 法院查封引用戶恐慌？街口：不會有如銀行擠兌發生 https://udn.com/news/story/124538/8866335 街口支付爆停用潮 財金公司：街口跨行轉帳及購物均正常 https://ec.ltn.com.tw/article/breakingnews/5104757 藍新集團x數位發展部 產官聯手共同守護網路交易安全 https://n.yam.com/Article/20250708172894#google_vignette 台灣電子支付用戶突破3220萬 iPASS一卡通奪冠、街口居次 https://news.pts.org.tw/article/760475 AI 爬蟲機器人也得行動支付 https://www.inside.com.tw/article/38895-ai-web-crawlers-now-required-to-make-mobile-payments 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 央行發數位貨幣 有譜 https://udn.com/news/story/7239/8826322 Alert: Exposed JDWP Interfaces Lead to Crypto Mining, Hpingbot Targets SSH for DDoS https://thehackernews.com/2025/07/alert-exposed-jdwp-interfaces-lead-to.html 信用卡點數可換比特幣、以太坊！日本金融巨頭 SBI 改寫加密貨幣入場起點 https://www.blocktempo.com/sbi-points-btc-japan/ 立法院三讀通過「全民普發一萬元」，拿來買比特幣會賺嗎 https://www.blocktempo.com/ntd10000-given-by-gover-to-buy-bitcoin-invest/ 新加坡加密貨幣新風向 https://hao.cnyes.com/post/181733?utm_source=cnyes&utm_medium=home&utm_campaign=postid 阿聯酋航空與 Crypto.com 簽訂合作意向書，將開放加密貨幣付款選項 https://abmedia.io/emirates-crypto-com-payment 老爸推法案、19歲小兒子狂撈11億！川普4年築起加密幣帝國 https://www.businessweekly.com.tw/Archive/Article?StrId=7012672&rf=google 英國加密數位銀行 Ziglu「宣布破產」進入清算，用戶資金卡死出不來 https://www.blocktempo.com/british-crypto-bank-ziglu-declares-bankruptcy/ 比特幣受機構推動與政策利多再創「歷史新高」 https://news.pchome.com.tw/pet/firenews/20250711/index-75221656938596341023.html 比特幣大會8月香港舉行 幣圈大佬雲集 https://reurl.cc/gYmVAV Bitfury 前高層出任美國 OCC 署長！誓言要終結加密產業「去銀行化」惡夢 https://blockcast.it/2025/07/11/senate-confirms-jonathan-gould-as-new-occ-leader/ 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 新型勒索軟體「Bert」鎖定醫療與科技業，跨國攻擊威脅升級 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12019 駭客濫用迴避偵測框架Shellter散布竊資軟體，企圖迴避防毒軟體與EDR偵測 https://www.ithome.com.tw/news/169984 駭客盯上Linux伺服器，惡意植入TinyProxy、Sing-box工具，將其充當代理伺服器 https://www.ithome.com.tw/news/169865 惡意軟體NordDragonScan鎖定Windows電腦而來，意圖竊取帳密資料 https://gbhackers.com/norddragonscan-targets-windows-users/ 竊資軟體GiftedCrook威脅加劇，從瀏覽器竊密成為情資收集工具 https://www.ithome.com.tw/news/169843 Inno Setup軟體部署工具被濫用，駭客用來打包、散布惡意軟體 https://gbhackers.com/hackers-abuse-legitimate-inno-setup-installer/ 勒索軟體Bert強制關閉VMware ESXi虛機，並透過50個執行緒加密檔案 https://www.ithome.com.tw/news/169962 macOS竊資軟體Atomic內建後門功能，讓攻擊者持續存取受害電腦 https://www.ithome.com.tw/news/169947 北韓駭客鎖定macOS用戶散布惡意軟體NimDoor，意圖竊取各式帳密並持續於受害電腦活動 https://www.ithome.com.tw/news/169948 竊資軟體Odyssey Stealer鎖定macOS使用者而來，透過ClickFix網釣散布 https://www.ithome.com.tw/news/169828 勒索軟體Hunters International宣布關閉業務，釋出解密金鑰 https://www.ithome.com.tw/news/169934 企業模擬攻防演練的工具驚傳遭濫用！駭客運用迴避偵測框架Shellter散布惡意程式 https://gbhackers.com/threat-actors-use-av-edr-evasion-framework/ 間諜軟體活動Batavia針對俄羅斯企業組織而來 https://www.bleepingcomputer.com/news/security/batavia-windows-spyware-campaign-targets-dozens-of-russian-orgs/ 勒索軟體AiLock採混合加密手法鎖住資料，脅迫受害組織就範 https://gbhackers.com/ailock-ransomware-emerges-with-hybrid-encryption-tactics/ Hackers Use Leaked Shellter Tool License to Spread Lumma Stealer and SectopRAT Malware https://thehackernews.com/2025/07/hackers-use-leaked-shellter-tool.html Patch, track, repeat https://otx.alienvault.com/pulse/6870edc63fa93756a8cf5744 NightEagle APT Exploits Microsoft Exchange Flaw to Target China's Military and Tech Sectors https://thehackernews.com/2025/07/nighteagle-apt-exploits-microsoft.html RondoDox Botnet Exploits Flaws in TBK DVRs and Four-Faith Routers to Launch DDoS Attacks https://thehackernews.com/2025/07/rondodox-botnet-exploits-flaws-in-tbk.html Researchers Uncover Batavia Windows Spyware Stealing Documents from Russian Firms https://thehackernews.com/2025/07/researchers-uncover-batavia-windows.html SEO Poisoning Campaign Targets 8,500+ SMB Users with Malware Disguised as AI Tools https://thehackernews.com/2025/07/seo-poisoning-campaign-targets-8500.html Malicious Pull Request Targets 6,000+ Developers via Vulnerable Ethcode VS Code Extension https://thehackernews.com/2025/07/malicious-pull-request-infects-6000.html 惡意軟體ZuRu透過木馬化的SSH用戶端程式散布，針對macOS開發人員而來 https://thehackernews.com/2025/07/new-macos-malware-zuru-targeting.html New ZuRu Malware Variant Targeting Developers via Trojanized Termius macOS App https://thehackernews.com/2025/07/new-macos-malware-zuru-targeting.html DoNot APT Expands Operations, Targets European Foreign Ministries with LoptikMod Malware https://thehackernews.com/2025/07/donot-apt-expands-operations-targets.html Iranian-Backed Pay2Key Ransomware Resurfaces with 80% Profit Share for Cybercriminals https://thehackernews.com/2025/07/iranian-backed-pay2key-ransomware.html Fake Gaming and AI Firms Push Malware on Cryptocurrency Users via Telegram and Discord https://thehackernews.com/2025/07/fake-gaming-and-ai-firms-push-malware.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 惡意軟體SparkKitty能從iOS、安卓裝置竊取照片 https://gbhackers.com/sparkkitty-malware-steals-photos/ 瀏覽器App市集存在18款惡意軟體，已被下載逾230萬次 https://www.ithome.com.tw/news/169961 研究人員針對蘋果今年3月修補的SMBClient重大漏洞公布細節，若不處理恐導致macOS核心損毀 https://gbhackers.com/macos-smbclient-flaw/ Google Ordered to Pay $314M for Misusing Android Users' Cellular Data Without Permission https://thehackernews.com/2025/07/google-ordered-to-pay-314m-for-misusing.html Massive Android Fraud Operations Uncovered: IconAds, Kaleidoscope, SMS Malware, NFC Scams https://thehackernews.com/2025/07/mobile-security-alert-352-iconads-fraud.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 駭客濫用Amazon、微軟雲端基礎設施架設CDN服務Funnull，意圖隱藏惡意基礎設施 https://gbhackers.com/funnull-uses-amazon-and-microsoft-cloud/ 聯想電腦預載可寫入資料的檔案，可能被用於突破Windows AppLocker安全防護 https://www.ithome.com.tw/news/169916 Linux迴避偵測工具RingReaper遭利用，可利用系統核心元件io_uring逃過EDR偵測 https://gbhackers.com/ringreaper-new-linux-edr-evasion-tool/ 海華科技資訊系統遭到駭客攻擊 https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=3&SPOKE_TIME=65007&SPOKE_DATE=20250708&COMPANY_ID=3694 日本製鐵子公司傳出遭到零時差漏洞攻擊 https://www.securityweek.com/nippon-steel-subsidiary-blames-data-breach-on-zero-day-attack/ 今年4月挪威水壩閘門遭到網路攻擊，被迫開啟放水數小時險釀禍 https://www.ithome.com.tw/news/169992 歐盟發布通用AI實踐準則 https://www.ithome.com.tw/news/170018 伊朗駭客BladedFeline部署新型IIS與Exchange後門，滲透中東多地區政府 https://www.ithome.com.tw/news/169949 駭客組織TAG-140鎖定印度政府、國防、鐵路領域而來，企圖散布Drat V2 RAT https://thehackernews.com/2025/07/tag-140-deploys-drat-v2-rat-targeting.html TAG-140 Deploys DRAT V2 RAT, Targeting Indian Government, Defense, and Rail Sectors https://thehackernews.com/2025/07/tag-140-deploys-drat-v2-rat-targeting.html 中國駭客Mustang Panda鎖定圖博而來，散布惡意軟體Pubload、Pubshell https://www.ithome.com.tw/news/169787 中國駭客組織「銀狐」假冒DeepSeek安裝程式 鎖定台灣進行網路間諜攻擊 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12000 美國在義大利逮捕涉嫌竊取COVID-19疫苗資訊的中國駭客 https://www.ithome.com.tw/news/170013 Chinese Hacker Xu Zewei Arrested for Ties to Silk Typhoon Group and U.S. Cyber Attacks https://thehackernews.com/2025/07/chinese-hacker-xu-zewei-arrested-for.html AMD Warns of New Transient Scheduler Attacks Impacting a Wide Range of CPUs https://thehackernews.com/2025/07/amd-warns-of-new-transient-scheduler.html Taiwan NSB Alerts Public on Data Risks from TikTok, Weibo, and RedNote Over China Ties https://thehackernews.com/2025/07/taiwan-nsb-alerts-public-on-data-risks.html U.S. Sanctions North Korean Andariel Hacker Behind Fraudulent IT Worker Scheme https://thehackernews.com/2025/07/us-sanctions-north-korean-andariel.html Gold Melody IAB Exploits Exposed ASP.NET Machine Keys for Unauthorized Access to Targets https://thehackernews.com/2025/07/gold-melody-iab-exploits-exposed-aspnet.html Four Arrested in £440M Cyber Attack on Marks & Spencer, Co-op, and Harrods https://thehackernews.com/2025/07/four-arrested-in-440m-cyber-attack-on.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 【Deepfake偽冒實例】美國白宮幕僚長遭語音偽冒，意圖以此欺騙其他官員進行索資 https://www.ithome.com.tw/news/169994 【Deepfake偽冒實例】新加坡警方揭露跨國公司財務主管遭AI深偽詐騙，Deepfake視訊會議詐騙案增加 https://www.ithome.com.tw/news/169982 【語音網釣實例】山形鐵道公司遭自動語音網釣詐騙近億日元，企業網路銀行帳密是攻擊者下手目標 https://www.ithome.com.tw/news/169980 【Deepfake偽冒實例】義大利石油富商遭「AI深偽」電話詐騙百萬歐元，國防部長成偽冒對象 https://www.ithome.com.tw/news/169993 2025社交工程攻擊新趨勢！語音網釣、AI偽冒真實攻擊大增 https://www.ithome.com.tw/news/169977 AI偽冒美國國務卿，聯繫官員企圖竊取政府資 https://www.ithome.com.tw/news/169958 大規模詐騙新聞網站攻擊活動BaitTrap鎖定50個國家而來，目的是進行網路投資詐欺 https://www.ithome.com.tw/news/169973 BaitTrap: Over 17,000 Fake News Websites Caught Fueling Investment Fraud Globally https://thehackernews.com/2025/07/baittrap-over-17000-fake-news-websites.html Azure存在曝露VPN金鑰及過高授權漏洞，恐致敏感資訊外流 https://www.ithome.com.tw/news/169933 網釣攻擊LogoKit濫用Cloudflare Turnstile、Amazon S3，冒充受到信任的組織從事攻擊 https://gbhackers.com/new-logokit-phishing-campaign/ E.研究報告/工具 Your AI Agents Might Be Leaking Data — Watch this Webinar to Learn How to Stop It https://thehackernews.com/2025/07/your-ai-agents-might-be-leaking-data.html Manufacturing Security: Why Default Passwords Must Go https://thehackernews.com/2025/07/manufacturing-security-why-default.html How To Automate Ticket Creation, Device Identification and Threat Triage With Tines https://thehackernews.com/2025/07/how-to-automate-ticket-creation-device.html What Security Leaders Need to Know About AI Governance for SaaS https://thehackernews.com/2025/07/what-security-leaders-need-to-know.html Securing Data in the AI Era https://thehackernews.com/2025/07/securing-data-in-ai-era.html F.商業 構築製造業資安核心 零信任架構的落地實戰 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12018 企業資安防禦全面革新 AI × SASE × IAM × MDR https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12005 Cloudflare率先預設封鎖AI爬蟲 網站擁有者可自主決定內容授權 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12002 GenAI流量暴增890%，「影子 AI 」成關鍵資安風險 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11996 AWS揭露用生成式AI幫助資安的5種場景，不只程式碼修補、API安全測試，還有日誌分析速度快50倍 https://www.ithome.com.tw/news/169968 奧義智慧攜手臺灣AI業者APMIC，打造新世代AI防火牆安全模組 https://www.ithome.com.tw/news/169867 三星收購美國數位健康平臺Xealth https://www.ithome.com.tw/news/170014 Automation ≠ Autopilot: Rethinking AI in Corporate Security and Compliance https://thehackernews.com/expert-insights/2025/07/automation-autopilot-rethinking-ai-in.html 5 Ways Identity-based Attacks Are Breaching Retail https://thehackernews.com/2025/07/5-ways-identity-based-attacks-are.html G.政府 葛如鈞質疑雙憑證機制無效，數發部：從使用者端刪除憑證無法測試雙憑證機制 https://www.ithome.com.tw/news/170027 「雙憑證機制」是世紀大騙局！葛如鈞：數發部敷衍卸責釀國安危機 https://www.tcpttw.com/political/2025/07/10/180823/ 推動數位馬祖再邁步 連江縣拜會數位部爭取11項建設 https://udn.com/news/story/7327/8838934 「脆」涉詐已上千件！ 數發部打詐平台新增Threads 9/15生效 https://reurl.cc/yAgdN6 刑事局封鎖涉毒網址轉檔作業出包，Azurewebsites.net根網域遭屏蔽近2小時，連TWNIC公文系統都被封 https://www.ithome.com.tw/news/170025 支持數位發展部！臉書違反打詐專法 數發部重罰1500萬別平台可以Meta做不到 https://rise-mediacorp.com/archives/51809 防詐簡訊新機制上路　數位發展部升級三重驗證防詐騙 https://enn.tw/630233/ 國科會揭高齡科技落地成果，下一步要照護機構採用國際醫療資料交換標準FHIR https://www.ithome.com.tw/news/170023 賴清德總統高度關注！台灣資安打出國際王牌　與世界接軌不退讓 https://www.setn.com/News.aspx?NewsID=1686313 數位發展部認可 ! 20題快速評估工控資安實力 https://www.ithome.com.tw/pr/169861 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 Kia車載系統存在漏洞，讓攻擊者利用PNG圖檔注入惡意程式 https://www.ithome.com.tw/news/169967 Ruckus網路設備集中管理平臺存在一系列資安漏洞 https://www.bleepingcomputer.com/news/security/ruckus-networks-leaves-severe-flaws-unpatched-in-management-devices/ I.教育訓練 資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g EC Council CASE.NET 認證準備 https://coolmandiary.blogspot.com/2025/04/ec-council-casenet.html EC Council CASE.NET(312-95)_筆記_Module1專有名詞及定義 https://coolmandiary.blogspot.com/2021/10/ec-council-casenet312-95module1.html GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 Web3 Development @ MRT Gongguan 2025/7/13 https://www.meetup.com/electronics-workshop/events/308538317/ Digital Rogue Meetup #10 2025/7/14 https://www.meetup.com/taiwan-digital-rogue/events/308584095/ Hong Kong ICT Awards (HKICTA) opens for enrolment! 2025/7/14 https://www.meetup.com/meetups-hk-science-park/events/308155266/ UX Researcher vs. Designer: Choosing Your Path 2025/7/15 https://www.meetup.com/galary-ux-ui-design-community/events/308579344/ ONLINE 🌟 Build your first game with JavaScript 2025/7/16 https://www.meetup.com/le-wagon-tokyo-coding-station/events/308534190/ 什麼都不懂，也可以一起來玩WordCamp！現場志工經驗分享 + 一點小「腸」識 2025/7/17 https://www.meetup.com/taipei-wordpress/events/308648589/ HITCON Cyber Range 2025 企業藍隊競賽 2025/7/18 https://hitcon.kktix.cc/events/hitcon-cyberrange-2025 物聯網資訊安全實務 2025/7/19 https://www.accupass.com/event/2506270910121558046175 Season of AI Agents: Build the Future with AI 2025/7/19 https://www.meetup.com/cloud-experts-group/events/307650330/ 台灣駭客年會 HITCON Training 2025 2025/7/23 https://hitcon.kktix.cc/events/hitcon-training-2025 T-box工作坊:「信用風險管理及國際貿易欺詐的應對」 2025/7/23 https://www.meetup.com/meetups-hk-science-park/events/308683985/ 司法警政AI智慧防詐高峰論壇 – 加密貨幣暨鏈結安全智慧共同聯防新未來 2025/7/24 https://www.accupass.com/event/2506060428065681753110 [On-Line] AWS Global Community Gatherings #9 2025/7/25 https://www.meetup.com/awsglobalcommunitygatherings/events/307473302/ 2025年8月-iPAS 資訊安全工程師(初級)能力培訓班-高雄場 2025/8/21 https://www.accupass.com/event/2504240921341381390216 API 安全開發指南：漏洞修復與授權管理實務 2025/9/11-2025/9/12 https://www.accupass.com/event/2501021422337978365160 2025年9月-iPAS 資訊安全工程師(初級)能力培訓班 2025/9/20 https://www.accupass.com/event/2505080338266282560860 ISO 27001:2022 資訊安全管理系統主導稽核員訓練課程 2025/9/22 https://www.accupass.com/event/2505190352351691427965