###### tags: `資安事件新聞週報` # 資安事件新聞週報 2025/4/14 ~ 2025/4/18 1.重大弱點漏洞/後門/Exploit/Zero Day Fortinet針對FortiGate防火牆發出漏洞警告 https://www.ithome.com.tw/news/168399 https://www.fortinet.com/blog/psirt-blogs/analysis-of-threat-actor-activity Fortinet示警駭客利用符號連結技術繞過修補，持續存取FortiGate VPN https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11809 駭客聲稱握有Fortinet防火牆零時差漏洞，能未經身分驗證執行任意程式碼 https://www.ithome.com.tw/news/168408 啟用SSL VPN的Fortinet防火牆用戶注意！已知漏洞出現攻擊行動 https://www.ithome.com.tw/news/168399 逾1.6萬臺Fortinet防火牆曝露於「符號連結」弱點 https://www.bleepingcomputer.com/news/security/over-16-000-fortinet-devices-compromised-with-symlink-backdoor/ Fortinet FortiOS CVE-2023-37930 https://nvd.nist.gov/vuln/detail/CVE-2023-37930 Fortinet Warns Attackers Retain FortiGate Access Post-Patching via SSL-VPN Symlink Exploit https://thehackernews.com/2025/04/fortinet-warns-attackers-retain.html Palo Alto Networks Warns of Brute-Force Attempts Targeting PAN-OS GlobalProtect Gateways https://thehackernews.com/2025/04/palo-alto-networks-warns-of-brute-force.html Sophos Taegis Endpoint Agent (Linux) CVE-2024-13861 https://nvd.nist.gov/vuln/detail/CVE-2024-13861 CVE-2025-24054 Under Active Attack—Steals NTLM Credentials on File Download https://thehackernews.com/2025/04/cve-2025-24054-under-active.html CISA Flags Actively Exploited Vulnerability in SonicWall SMA Devices https://thehackernews.com/2025/04/cisa-flags-actively-exploited.html Oracle發布2025年4月更新，修補180個資安弱點 https://www.securityweek.com/oracle-patches-180-vulnerabilities-with-april-2025-cpu/ Oracle Critical Patch Update for April 2025 https://reurl.cc/eMzpbR Dell修補PowerScale系列NAS系統，包括接管高權限帳號的重大漏洞 https://www.ithome.com.tw/news/168402 Microsoft 推出 2025年4月 Patch Tuesday 每月例行更新修補包 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11804 Windows工作排程元件存在弱點，恐被用於提升權限 https://thehackernews.com/2025/04/experts-uncover-four-new-privilege.html PHP核心執行環境稽核揭露多項漏洞，衝擊PHP-FPM與加密模組安全性 https://www.ithome.com.tw/news/168439 IBM SOAR QRadar Plugin App is vulnerable to using components with known vulnerabilities https://www.ibm.com/support/pages/node/7231051 Elastic Kibana CVE-2024-12556 https://nvd.nist.gov/vuln/detail/CVE-2024-12556 OttoKit WordPress Plugin Admin Creation Vulnerability Under Active Exploitation https://thehackernews.com/2025/04/ottokit-wordpress-plugin-admin-creation.html Nvidia Container Toolkit修補不全，攻擊者有機會逃脫容器系統 https://www.ithome.com.tw/news/168410 Incomplete Patch in NVIDIA Toolkit Leaves CVE-2024-0132 Open to Container Escapes https://thehackernews.com/2025/04/incomplete-patch-in-nvidia-toolkit.html Gladinet's Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability https://thehackernews.com/2025/04/gladinets-triofox-and-centrestack-under.html Apache基金會修補部落格平臺Roller風險滿分的漏洞 https://www.darkreading.com/vulnerabilities-threats/max-severity-bug-apache-roller-persistent-access Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence https://thehackernews.com/2025/04/critical-apache-roller-vulnerability.html Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution https://thehackernews.com/2025/04/critical-erlangotp-ssh-vulnerability.html Google、Mozilla修補Chrome 135、Firefox 137高風險漏洞 https://www.securityweek.com/chrome-135-firefox-137-updates-patch-severe-vulnerabilities/ 檔案共享平臺CentreStack零時差漏洞出現攻擊行動 https://www.darkreading.com/vulnerabilities-threats/zero-day-centrestack-platform-under-attack Jenkins的Docker映像檔存在主機金鑰重覆使用的弱點 https://securityonline.info/jenkins-docker-images-vulnerable-to-ssh-host-key-reuse/ 2.銀行/金融/保險/證券/金融監理 新聞及資安 富邦金四戰略 守護客戶資安 https://money.udn.com/money/story/5613/8681994 富邦證獲F-ISAC「113年度情資分享表現特優機構」殊榮 https://reurl.cc/eMzQxK 富邦金資安聯防 拿下雙特優 https://udn.com/news/story/7239/8674340 積極參與金融情資共享！富邦人壽榮獲金管會頒發F-ISAC特優殊榮 https://money.udn.com/money/story/5636/8673718 富邦金控與子公司積極共享資安情報 唯一獲金管會「雙特優」肯定 https://udn.com/news/story/7239/8672945 金控銀行內控稽核制度大翻修 三道防線從對立變合作 https://www.ctee.com.tw/news/20250417702082-430301 金管會修法！資產上兆銀行須有設風控長　10家銀行趕年底前增設 https://finance.ettoday.net/news/2945211 金管會翻修金控、銀行內控架構，減輕重複作業、確保獨立性 https://www.businessyee.com/article/5923-financial-internal-control-audit-systems 臺灣金融韌性再強化，微軟 Azure 助跑銀行 BCDR 上雲行動 https://www.ithome.com.tw/pr/168379 台中銀行識詐有道 阻詐有力 https://money.udn.com/money/story/11799/8683449 3.信用卡/電子支付/行動支付/pay/支付系統/資安 行動支付可共用QR code了！為何只有LINE PAY不加入？「真實原因」曝光：不是因為市占率高 https://reurl.cc/knO9Zn 一卡通與LINE Pay分手　留客攻勢互不相讓 https://www.cardu.com.tw/news/detail.php?56600 LINE Pay支援Uber App支付車資 為行動支付第一家 https://udn.com/news/story/7266/8680794 7-11結帳系統疑出問題！無法行動、電子支付　統一回應了 https://www.ettoday.net/news/20250414/2942944.htm 電子支付甩開手續費 因為這原因日、韓據點激增 https://vip.udn.com/vip/story/122863/8670621 TWQR是什麼？支援哪些電子支付？LINE Pay可以用嗎？TWQR懶人包來了 https://www.bnext.com.tw/article/82727/what-is-twqr-2025 日韓電子支付有哪些？全支付、街口支付、一卡通回饋一次看 https://reurl.cc/xNaeEL 刑事局破電子支付盜刷集團｜循線再破槍枝改造工廠 https://reurl.cc/yRLWeO 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 Blockchain Offers Security Benefits – But Don't Neglect Your Passwords https://thehackernews.com/2025/04/blockchain-offers-security-benefits-but.html 川普關稅頻變！買家花20倍海運費運加密幣礦機 結果竟白忙一場 https://udn.com/news/story/124373/8681091 聯準會鮑威爾談到加密貨幣，對業界釋放了哪些利好訊號 https://news.cnyes.com/news/id/5943065 路透社報：中國正討論加密貨幣處置新規 https://www.binance.com/zh-TC/square/post/23076842492018 Bitget 統一帳戶重大升級 開放申請實盤交易功能 https://abmedia.io/bitget-major-upgrade-unified-account-open-application-real-time-trading-function 業者淚繳數百份資料！金管會《虛擬資產服務法》草案發布：執行與國際接軌仍存三大挑戰 https://abmedia.io/taiwan-fsc-crypto-law-draft-released 幣安助多國規劃比特幣戰略儲備　執行長：政府主動接洽 https://www.chinatimes.com/realtimenews/20250417005578-260408?chdtv 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 趨勢科技證實CrazyHunter鎖定臺灣而來，運用來自GitHub的工具犯案 https://www.ithome.com.tw/news/168479 北韓、伊朗、俄羅斯駭客發動ClickFix網釣攻擊，散布惡意軟體 https://thehackernews.com/2025/04/state-sponsored-hackers-weaponize.html 惡意Chrome延伸套件遭下載6百萬次，受害者恐遭監視上網行為 https://www.bleepingcomputer.com/news/security/chrome-extensions-with-6-million-installs-have-hidden-tracking-code/ 冒牌電腦版Line針對臺灣而來，恐導致電腦被植入木馬 https://www.ithome.com.tw/news/168431 惡意NPM套件鎖定PayPal用戶而來，企圖挾持加密貨幣交易 https://securityaffairs.com/176530/security/malicious-npm-packages-to-steal-paypal-credentials.html 惡意軟體ResolverRAT鎖定藥廠及醫療保健產業而來 https://www.bleepingcomputer.com/news/security/new-resolverrat-malware-targets-pharma-and-healthcare-orgs-worldwide/ 俄羅斯遭到駭客組織Paper Werewolf鎖定，透過USB裝置散布蠕蟲 https://www.darkreading.com/threat-intelligence/paper-werewolf-targets-flash-drives-new-malware 巴基斯坦駭客SideCopy鎖定印度，散布Spark RAT、CurlBack RAT https://thehackernews.com/2025/04/pakistan-linked-hackers-expand-targets.html Pick your Poison - A Double-Edged Email Attack https://securityboulevard.com/2025/04/pick-your-poison-a-double-edged-email-attack/ Shuckworm Targets Foreign Military Mission Based in Ukraine https://www.security.com/threat-intelligence/shuckworm-ukraine-gammasteel Paper Werewolf Deploys PowerModul Implant in Targeted Cyberattacks on Russian Sectors https://thehackernews.com/2025/04/paper-werewolf-deploys-powermodul.html Pakistan-Linked Hackers Expand Targets in India with CurlBack RAT and Spark RAT https://thehackernews.com/2025/04/pakistan-linked-hackers-expand-targets.html Crypto Developers Targeted by Python Malware Disguised as Coding Challenges https://thehackernews.com/2025/04/crypto-developers-targeted-by-python.html ResolverRAT Campaign Targets Healthcare, Pharma via Phishing and DLL Side-Loading https://thehackernews.com/2025/04/resolverrat-campaign-targets-healthcare.html Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool https://thehackernews.com/2025/04/chinese-hackers-target-linux-systems.html Node.js Malware Campaign Targets Crypto Users with Fake Binance and TradingView Installers https://thehackernews.com/2025/04/nodejs-malware-campaign-targets-crypto.html State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns https://thehackernews.com/2025/04/state-sponsored-hackers-weaponize.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 蘋果修補已被用於實際攻擊iPhone的CoreAudio、RPAC零時差漏洞 https://www.ithome.com.tw/news/168453 Chinese Android Phones Shipped with Fake WhatsApp, Telegram Apps Targeting Crypto Users https://thehackernews.com/2025/04/chinese-android-phones-shipped-with.html SpyNote, BadBazaar, MOONSHINE Malware Target Android and iOS Users via Fake Apps https://thehackernews.com/2025/04/spynote-badbazaar-moonshine-malware.html Apple Patches Two Actively Exploited iOS Flaws Used in Sophisticated Targeted Attacks https://thehackernews.com/2025/04/apple-patches-two-actively-exploited.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 HTTPS憑證產業於3月新增兩項安全要求，7月禁止基於WHOIS的弱驗證 https://www.ithome.com.tw/news/168178 SSL、TLS憑證最長效期逐年縮短，2029年將減成47天 https://www.ithome.com.tw/news/168409 多組人馬運用NTLM資安漏洞從事攻擊行動 https://www.darkreading.com/cyberattacks-data-breaches/multiple-group-exploiting-ntlm-flaw MFT檔案共享系統Cleo受害者首度現身，租車業者Hertz證實受害 https://www.ithome.com.tw/news/168434 中國駭客Mustang Panda鎖定緬甸而來，利用StarProxy橫向移動 https://thehackernews.com/2025/04/mustang-panda-targets-myanmar-with.html 中國駭客UNC5221鎖定歐洲，散布後門程式BrickStorm https://securityonline.info/brickstorm-backdoor-targets-european-industries/ 中國駭客UNC5174鎖定Linux而來，散布SnowLight、VShell犯案 https://thehackernews.com/2025/04/chinese-hackers-target-linux-systems.html 針對中國駭客Volt Typhoon的攻擊事故，中國坦承動機是美國支援臺灣 https://www.securityweek.com/china-admitted-to-us-that-it-conducted-volt-typhoon-attacks-report/ 中國駭客鎖定Ivanti Connect Secure已知漏洞，對臺灣在內的12個國家發動大規模攻擊 https://www.ithome.com.tw/news/168401 中國相關威脅行動者利用 Ivanti Connect Secure VPN 漏洞滲透多國單位 https://teamt5.org/tw/posts/china-nexus-apt-exploits-ivanti-connect-secure-vpn-vulnerability-to-infiltrate-multiple-entities/ 俄羅斯駭客APT29鎖定歐洲外交單位下手，散布WineLoader後門 https://www.bleepingcomputer.com/news/security/midnight-blizzard-deploys-new-grapeloader-malware-in-embassy-phishing/ New BPFDoor Controller Enables Stealthy Lateral Movement in Linux Server Attacks https://thehackernews.com/2025/04/new-bpfdoor-controller-enables-stealthy.html 針對MITRE維護CVE和CWE合約到期，美國政府延長合約因應 https://www.ithome.com.tw/news/168459 CVE與CWE專案的合約本周到期，恐將嚴重衝擊全球資安漏洞管理體系運作 https://www.ithome.com.tw/news/168432 U.S. Govt. Funding for MITRE's CVE Ends April 16, Cybersecurity Community on Alert https://thehackernews.com/2025/04/us-govt-funding-for-mitres-cve-ends.html Mustang Panda Targets Myanmar With StarProxy, EDR Bypass, and TONESHELL Updates https://thehackernews.com/2025/04/mustang-panda-targets-myanmar-with.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 網釣攻擊出現新手法，駭客在竊取帳密之前驗證電子郵件信箱 https://thehackernews.com/2025/04/phishing-campaigns-use-real-time-checks.html 網釣工具包濫用SVG圖檔發動攻擊 https://www.bleepingcomputer.com/news/security/tycoon2fa-phishing-kit-targets-microsoft-365-with-new-tricks/ Amazon Gift Card Email Hooks Microsoft Credentials https://securityboulevard.com/2025/04/amazon-gift-card-email-hooks-microsoft-credentials/ Meta Resumes E.U. AI Training Using Public User Data After Regulator Approval https://thehackernews.com/2025/04/meta-resumes-eu-ai-training-using.html Phishing Campaigns Use Real-Time Checks to Validate Victim Emails Before Credential Theft https://thehackernews.com/2025/04/phishing-campaigns-use-real-time-checks.html E.研究報告/工具 新攻擊手法RemoteMonologue能繞過LSASS防護機制 https://securityonline.info/remotemonologue-new-dcom-attack-bypasses-lsass-protection/ 憑證填充攻擊新工具！Atlantis AIO迅速測試數百萬組被竊取的帳密組合 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11796 「存取危險的雲端應用程式」排行第一危險事件 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11805 【當心提示注入、敏感資訊洩漏、錯誤資訊等問題】已在真實世界發生的LLM資安風險 https://www.ithome.com.tw/news/168424 AI同事雙面刃，網路犯罪即代理危機浮現 https://www.ithome.com.tw/news/168433 駭客運用Fast Flux手法建置基礎設施，意圖隱匿行蹤 https://thehackernews.com/2025/04/cisa-and-fbi-warn-fast-flux-is-powering.html Cybersecurity in the AI Era: Evolve Faster Than the Threats or Get Left Behind https://thehackernews.com/2025/04/cybersecurity-in-ai-era-evolve-faster.html Majority of Browser Extensions Can Access Sensitive Enterprise Data, New Report Finds https://thehackernews.com/2025/04/majority-of-browser-extensions-can.html From Third-Party Vendors to U.S. Tariffs: The New Cyber Risks Facing Supply Chains https://thehackernews.com/2025/04/from-third-party-vendors-to-us-tariffs.html AI 如何改變資安防護：從輔助功能邁向自主系統 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11801 Artificial Intelligence – What's all the fuss https://thehackernews.com/2025/04/artificial-intelligence-whats-all-fuss.html New Windows Task Scheduler Bugs Let Attackers Bypass UAC and Tamper with Logs https://thehackernews.com/2025/04/experts-uncover-four-new-privilege.html F.商業 超越連接：5G 和 AI 如何重塑企業未來 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11799 安碁學苑：企業應從實務出發，打造涵蓋內外部人員角色的資安人才梯隊培訓藍圖 https://www.ithome.com.tw/news/168470 趨勢科技：企業可以LLM應用架構設計安全邊界檢視風險，以LEARN方法論強化LLM應用安全 https://www.ithome.com.tw/news/168451 AI時代駭客犯罪模式出現轉變，趨勢科技指出駭客將AI當傭兵，更容易從事網路犯罪 https://www.ithome.com.tw/news/168421 GitHub推出Security Campaigns，讓企業系統化處理資安債成開發日常 https://www.ithome.com.tw/news/168344 Product Walkthrough: A Look Inside Wing Security's Layered SaaS Identity Defense https://thehackernews.com/2025/04/product-walkthrough-look-inside-wing.html G.政府 臺灣資安戰略升級與AI產業投資並進：政府雙軌推動數位國安與產業發展 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11802 個資保護委員會籌備處建議用MFA確保使用者身分安全，並以高安全性多因子驗證來提高攻擊難度 https://www.ithome.com.tw/news/168469 前資安院副院長吳啟文：企業積極導入AI應用，資安防禦應也應擴及AI風險 https://www.ithome.com.tw/news/168429 賴清德總統四度親臨臺灣資安大會，從國家戰略到產業政策彰顯資安重要性 https://www.ithome.com.tw/news/168420 政府資安長齊聚2025年共識營活動 強化我資安聯防體系 https://money.udn.com/money/story/5613/8675569?from=edn_search_result H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 Experts Uncover New XorDDoS Controller, Infrastructure as Malware Expands to Docker, Linux, IoT https://thehackernews.com/2025/04/experts-uncover-new-xorddos-controller.html 重大漏洞影響工控設備！企業用戶應立即修復 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11824 成大資安基地與多家企業簽署合作備忘錄　共同推動工控場域防護 https://web.ncku.edu.tw/p/406-1000-279647,r3822.php?Lang=zh-tw I.教育訓練 資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 Hack The Box Meetup: #1 2025/4/21 https://www.meetup.com/hack-the-box-meetup-ph/events/306862104/ TWNIC網路治理論壇2025 2025/4/22-2025/4/24 https://forum.twnic.tw/2025/ Taipei dbt Meetup #35 for all folks working with data! (Hybrid 👫 + 🧑‍💻) 2025/4/23 https://www.meetup.com/taipei-dbt-meetup/events/306748734/ HYBRID EVENT 🌟 Cyber security basic training with Rakuten, session 1 2025/4/23 https://www.meetup.com/le-wagon-tokyo-coding-station/events/307018839/ 網路自由小聚 [4月] ：國家安全與數位權利 2025/4/24 https://ocftw.kktix.cc/events/internetfreedom-apr2025 [Online] Living off of Bitcoin 2025/4/24 https://www.meetup.com/philippine-bitcoiners/events/306825206/ MasterClass: Automated Content Creation & Social Media Management 2025/4/24 https://www.meetup.com/workoptional-ai-future-of-work/events/306253285/ [On-Line] AWS Global Community Gatherings #6 2025/4/25 https://www.meetup.com/awsglobalcommunitygatherings/events/306112237/ Agile Hsinchu 2025年3月份實體分享 2025/4/27 https://agilecommhc.kktix.cc/events/agilehsinchu20250427 AI 時代的資安新挑戰：如何讓開發更快速、更安全 2025/5/15 https://www.accupass.com/event/2503170831057559152230 Google Cloud Summit Taipei 2025/6/12 https://cloudonair.withgoogle.com/events/summit-taipei-2025 API 安全開發指南：漏洞修復與授權管理實務 2025/9/11-2025/9/12 https://www.accupass.com/event/2501021422337978365160