###### tags: `資安事件新聞週報` # 資安事件新聞週報 2024/12/9 ~ 2024/12/13 1.重大弱點漏洞/後門/Exploit/Zero Day Cisco 發布 NX-OS 安全性更新 https://www.cisa.gov/news-events/alerts/2024/12/05/cisco-releases-security-updates-nx-os-software https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-image-sig-bypas-pQDRQvjL 思科網路設備作業系統NX-OS存在漏洞，攻擊者有機會繞過映像檔檢核流程 https://www.ithome.com.tw/news/166428 SonicWall SMA100 SSLVPN https://nvd.nist.gov/vuln/detail/CVE-2024-53703 https://nvd.nist.gov/vuln/detail/CVE-2024-45318 https://nvd.nist.gov/vuln/detail/CVE-2024-40763 Windows新零時差漏洞曝光 https://www.ithome.com.tw/news/166427 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11452 https://blog.0patch.com/2024/12/url-file-ntlm-hash-disclosure.html Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability https://thehackernews.com/2024/12/microsoft-fixes-72-flaws-including.html 視窗作業系統出現NTLM零時差漏洞，使用者若被誘導以Windows檔案總管檢視惡意檔案，就有機會觸發 https://www.ithome.com.tw/news/166427 微軟發佈12月份安全性公告 https://msrc.microsoft.com/update-guide/releaseNote/2024-Dec https://www.cisa.gov/news-events/alerts/2024/12/10/microsoft-releases-december-2024-security-updates 微軟發布12月例行更新，修補已遭利用的零時差CLFS漏洞 https://www.ithome.com.tw/news/166452 WhatsUp Gold https://nvd.nist.gov/vuln/detail/CVE-2024-46909 https://nvd.nist.gov/vuln/detail/CVE-2024-8785 IBM QRadar SIEM contains multiple vulnerabilities https://www.ibm.com/support/pages/node/7178556 IBM AIX 7.2、7.3 和 VIOS 3.1 及 4.1 https://nvd.nist.gov/vuln/detail/CVE-2024-47115 SAP修補NetWeaver重大層級SSRF漏洞 https://www.securityweek.com/sap-patches-critical-vulnerability-in-netweaver/ Adobe 已發布安全更新 https://www.cisa.gov/news-events/alerts/2024/12/10/adobe-releases-security-updates-multiple-products https://helpx.adobe.com/security.html Adobe發布12月份例行更新，修補旗下16項產品 https://www.securityweek.com/adobe-patches-over-160-vulnerabilities-across-16-products/ Ivanti針對雲端服務設備CSA重大漏洞提出警告 https://www.bleepingcomputer.com/news/security/ivanti-warns-of-maximum-severity-csa-auth-bypass-vulnerability/ Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities https://thehackernews.com/2024/12/ivanti-issues-critical-security-updates.html WordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable Plugins https://thehackernews.com/2024/12/wordpress-hunk-companion-plugin-flaw.html WordPress表單外掛WPForms存在高風險漏洞，6百萬網站恐曝險 https://www.wordfence.com/blog/2024/12/6000000-wordpress-sites-protected-against-payment-refund-and-subscription-cancellation-vulnerability-in-wpforms-wordpress-plugin/ Hunk Companion外掛程式重大漏洞遭到利用，攻擊者用來對WordPress網站上下其手 https://www.bleepingcomputer.com/news/security/hunk-companion-wordpress-plugin-exploited-to-install-vulnerable-plugins/ DeepSeek、Claude AI存在提示注入漏洞 https://thehackernews.com/2024/12/researchers-uncover-prompt-injection.html 2.銀行/金融/保險/證券/金融監理 新聞及資安 台新銀行加入FIRST國際資安應變組織，成國內金融業首例 https://www.ithome.com.tw/news/166453 駭客假借徵才名義從事網釣攻擊，散布金融木馬Antidot https://thehackernews.com/2024/12/fake-recruiters-distribute-banking.html 安卓木馬DroidBot鎖定77家銀行客戶而來 https://www.ithome.com.tw/news/166437 騙子開設虛假帳戶行騙 道明銀行發起訴訟追款 https://www.epochtimes.com/b5/24/12/13/n14390420.htm 不顧銀行業反對 美CFPB新規限制收取透支費用 https://news.cnyes.com/news/id/5808092 3.信用卡/電子支付/行動支付/pay/支付系統/資安 國際兩大發卡組織推生物辨識支付 提升線上交易安全 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11450 行動支付還能節能減碳做公益 https://www.gvm.com.tw/article/117472 Visa 數位化金流雙引擎，加速商務無「現」再升級 https://www.storm.mg/localarticle/5292207 APP綁信用卡逐筆交易驗證鬆綁有望 3種交易免驗證將上路 https://reurl.cc/26Lr4m iPhone 行動支付捷徑：一鍵開啟 LINE Pay、街口、7-11 等不同 App 的付款條碼 https://applealmond.com/posts/232688#google_vignette 電子支付總用戶破3千萬　「一卡通」拿下冠軍寶座 https://innews.com.tw/205279/ 香港的士車隊推 6 座電動的士　用 App 預約 + 預先電子付款 + 全車攝錄系統 https://today.line.me/hk/v2/article/l2YzR9k AlipayHK：歡迎港府擬立法規定的士提供電子支付方式 http://www.aastocks.com/tc/usq/news/comment.aspx?source=AAFN&id=NOW.1403992&catg=1 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 Ultralytics AI Library Compromised: Cryptocurrency Miner Found in PyPI Versions https://thehackernews.com/2024/12/ultralytics-ai-library-compromised.html Cleo三款MFT檔案傳輸系統零時差漏洞已出現攻擊行動，駭客用來竊取企業內部資料 https://www.ithome.com.tw/news/166461 AI模型套件Ultralytics遭駭，數千用戶的開發環境恐遭植入挖礦軟體 https://www.ithome.com.tw/news/166417 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC Linux惡意程式Pumakit利用隱身手法埋藏在系統運作 https://www.bleepingcomputer.com/news/security/new-stealthy-pumakit-linux-rootkit-malware-spotted-in-the-wild/ 惡意軟體Iocontrol鎖定關鍵基礎設施而來 https://www.bleepingcomputer.com/news/security/new-iocontrol-malware-used-in-critical-infrastructure-attacks/ 羅馬尼亞電力公司Electrica傳出遭勒索軟體Lynx攻擊 https://www.ithome.com.tw/news/166482 Google AMP服務遭濫用！攻擊者鎖定製造業散布LummaC2、Amadey Bot https://cyble.com/blog/threat-actor-targets-manufacturing-industry-with-malware/ 羅馬尼亞能源供應商Electrica遭遇勒索軟體攻擊 https://www.bleepingcomputer.com/news/security/romanian-energy-supplier-electrica-hit-by-ransomware-attack/ 勒索軟體Black Basta攻擊手法出現轉變，利用電子郵件轟炸、QR Code、社交工程手法入侵目標組織 https://thehackernews.com/2024/12/black-basta-ransomware-evolves-with.html 8.5萬臺裝置遭殭屍網路Socks5Systemz擺布，駭客藉此提供非法代理伺服器服務 https://thehackernews.com/2024/12/socks5systemz-botnet-powers-illegal.html 心臟醫療器材製造商Artivion傳出遭遇勒索軟體攻擊 https://www.bleepingcomputer.com/news/security/ransomware-attack-hits-leading-heart-surgery-device-maker/ Blue Yonder遭駭導致多家零售業者停擺事故，勒索軟體Termite聲稱是元凶 https://www.ithome.com.tw/news/166416 遭俄羅斯軍方逮捕的軟體開發人員手機被植入間諜軟體 https://www.bleepingcomputer.com/news/security/new-android-spyware-found-on-phone-seized-by-russian-fsb/ New Linux Rootkit PUMAKIT Uses Advanced Stealth Techniques to Evade Detection https://thehackernews.com/2024/12/new-linux-rootkit-pumakit-uses-advanced.html Iran-Linked IOCONTROL Malware Targets SCADA and Linux-Based IoT Platforms https://thehackernews.com/2024/12/iran-linked-iocontrol-malware-targets.html Frequent freeloader part I: Secret Blizzard compromising Storm-0156 infrastructure for espionage https://www.microsoft.com/en-us/security/blog/2024/12/04/frequent-freeloader-part-i-secret-blizzard-compromising-storm-0156-infrastructure-for-espionage/ Socks5Systemz Botnet Powers Illegal Proxy Service with 85,000+ Hacked Devices https://thehackernews.com/2024/12/socks5systemz-botnet-powers-illegal.html Black Basta Ransomware Evolves with Email Bombing, QR Codes, and Social Engineering https://thehackernews.com/2024/12/black-basta-ransomware-evolves-with.html Secret Blizzard Deploys Kazuar Backdoor in Ukraine Using Amadey Malware-as-a-Service https://thehackernews.com/2024/12/secret-blizzard-deploys-kazuar-backdoor.html Windows內部元件可被用來迴避EDR偵測！資安業者揭露新型態惡意軟體攻擊手法 https://thehackernews.com/2024/12/new-malware-technique-could-exploit.html New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools https://thehackernews.com/2024/12/new-malware-technique-could-exploit.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 中國公安傳出利用安卓間諜軟體EagleMsgSpy監控行動裝置 https://www.ithome.com.tw/news/166483 Chinese EagleMsgSpy Spyware Found Exploiting Mobile Devices Since 2017 https://thehackernews.com/2024/12/chinese-eaglemsgspy-spyware-found.html FSB Uses Trojan App to Monitor Russian Programmer Accused of Supporting Ukraine https://thehackernews.com/2024/12/fsb-uses-trojan-app-to-monitor-russian.html Gamaredon Deploys Android Spyware "BoneSpy" and "PlainGnome" in Former Soviet States https://thehackernews.com/2024/12/gamaredon-deploys-android-spyware.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 2024臺灣企業加入FIRST國際資安應變組織再添8家，聯發科、鴻騰、威強電、華碩等入列，台新銀行成金融業首例 https://www.ithome.com.tw/news/166451 親俄駭客對臺DDoS手法大公開，安碁資訊解析HTTP洪水攻擊防禦之道 https://www.ithome.com.tw/news/166386 多家依賴 CDN 業者提供 WAF 服務的企業用戶因設定不當暴露於資安威脅 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11441 大規模採用中國光學雷達設備 恐對國家安全構成威脅 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11439 俄羅斯駭客Turla鎖定烏克蘭連網軍事設備而來，意圖從中竊取軍事情報 https://ithome.com.tw/news/166504 俄羅斯駭客Turla鎖定以星鏈連線的烏克蘭軍事設備而來 https://www.bleepingcomputer.com/news/security/russian-cyber-spies-hide-behind-other-hackers-to-target-ukraine/ 俄羅斯駭客BlueAlpha透過Cloudflare Tunnels隱匿攻擊行動 https://www.darkreading.com/cloud-security/russias-bluealpha-apt-cloudflare-tunnels 歐洲刑警組織號召15國合作，關閉27個非法DDoS租用服務 https://www.ithome.com.tw/news/166477 歐洲警方關閉網路犯罪市集Manson Market，逮捕兩名主要經營者 https://www.ithome.com.tw/news/166414 中國網路資安業者遭美國制裁，原因是該公司員工駭入美國企業 https://www.ithome.com.tw/news/166456 FBI Busts Rydox Marketplace with 7,600 PII Sales, Cryptocurrency Worth $225K Seized https://thehackernews.com/2024/12/fbi-busts-rydox-marketplace-with-7600.html Europol Dismantles 27 DDoS Attack Platforms Across 15 Nations; Admins Arrested https://thehackernews.com/2024/12/europol-dismantles-27-ddos-attack.html U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls https://thehackernews.com/2024/12/us-charges-chinese-hacker-for.html Ultralytics AI Library Compromised: Cryptocurrency Miner Found in PyPI Versions https://thehackernews.com/2024/12/ultralytics-ai-library-compromised.html Romania Cancels Presidential Election Results After Alleged Russian Meddling on TikTok https://thehackernews.com/2024/12/romania-cancels-presidential-election.html VSCode隧道功能遭到濫用，中國駭客用於遠端存取受害電腦 https://www.ithome.com.tw/news/166468 Hackers Weaponize Visual Studio Code Remote Tunnels for Cyber Espionage https://thehackernews.com/2024/12/hackers-weaponize-visual-studio-code.html Researchers Uncover Espionage Tactics of China-Based APT Groups in Southeast Asia https://thehackernews.com/2024/12/researchers-uncover-espionage-tactics.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 西班牙、秘魯聯手，破獲跨國大型電話網釣集團，逮捕83名嫌犯 https://www.ithome.com.tw/news/166502 比利時、荷蘭聯手，破獲跨國電話語音釣魚詐騙集團 https://www.ithome.com.tw/news/166479 逾30萬臺開源監控軟體Prometheus主機「裸奔」，恐曝露帳密及API金鑰、面臨DoS及RCE攻擊 https://ithome.com.tw/news/166503 Over 300K Prometheus Instances Exposed: Credentials and API Keys Leaking Online https://thehackernews.com/2024/12/296000-prometheus-instances-exposed.html 微軟MFA多因素驗證機制存在漏洞AuthQuake，駭客可能乘機發動暴力破解攻擊 https://www.ithome.com.tw/news/166501 微軟多因素驗證機制存在漏洞AuthQuake，攻擊者有機會用來進行暴力破解 https://thehackernews.com/2024/12/microsoft-mfa-authquake-flaw-enabled.html Microsoft MFA AuthQuake Flaw Enabled Unlimited Brute-Force Attempts Without Alerts https://thehackernews.com/2024/12/microsoft-mfa-authquake-flaw-enabled.html Hackers Using Fake Video Conferencing Apps to Steal Web3 Professionals' Data https://thehackernews.com/2024/12/hackers-using-fake-video-conferencing.html Phone Phishing Gang Busted: Eight Arrested in Belgium and Netherlands https://thehackernews.com/2024/12/phone-phishing-gang-busted-eight.html Ongoing Phishing and Malware Campaigns in December 2024 https://thehackernews.com/2024/12/ongoing-phishing-and-malware-campaigns.html CERT-UA Warns of Phishing Attacks Targeting Ukraine's Defense and Security Force https://thehackernews.com/2024/12/cert-ua-warns-of-phishing-attacks.html E.研究報告/工具 瀏覽器隔離被人找出滲透方法！ 資安廠商揭露用QR Code傳遞C2命令的攻擊手法 https://www.ithome.com.tw/news/166448 Researchers Uncover Flaws in Popular Open-Source Machine Learning Frameworks https://thehackernews.com/2024/12/researchers-uncover-flaws-in-popular.html Researchers Uncover Prompt Injection Vulnerabilities in DeepSeek and Claude AI https://thehackernews.com/2024/12/researchers-uncover-prompt-injection.html The Future of Network Security: Automated Internal and External Pentesting https://thehackernews.com/2024/12/the-future-of-network-security.html What is Nudge Security and How Does it Work https://thehackernews.com/2024/01/what-is-nudge-security-and-how-does-it.html How to Generate a CrowdStrike RFM Report With AI in Tines https://thehackernews.com/2024/12/how-to-generate-crowdstrike-rfm-report.html F.商業 Palo Alto Networks 預測 2025 年資安趨勢：平台整合與AI防禦成關鍵 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11438 強化協作及電子郵件安全，資安業者Fortinet買下郵件安全業者Perception Point https://www.fortinet.com/blog/business-and-technology/fortinet-acquires-perception-point Check Point 推出新版本 Quantum 防火牆軟體 R82，提升威脅防禦能力 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11442 Netron網創資訊透過 CyberArk 身分安全解決方案提升雲端安全與營運效率 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11437 AI帶動資安市場加速成長，Fortinet揭露自我轉型最新進度 https://www.ithome.com.tw/news/166336 Seven Bolt-Ons to Make Your Entra ID More Secure for Critical Sessions https://thehackernews.com/2024/12/seven-bolt-ons-to-make-your-entra-id.html SaaS Budget Planning Guide for IT Professionals https://thehackernews.com/2024/12/saas-budget-planning-guide-for-it.html G.政府 國家實驗研究院與資安社群聯手舉辦CGGC網路守護者挑戰賽，生成式AI與虛實整合實體設備均列入競賽考題 https://www.ithome.com.tw/news/166449 資安院與中興大學合作培育企業資安應變人才 https://www.cna.com.tw/postwrite/chi/389478 資安即國安 數發部：國安會擬建立國家級資安應變中心 https://www.cna.com.tw/news/afe/202411220118.aspx 數位發展部長黃彥男：醫療演變使AI技術發展重要 也需做好資安 https://udn.com/news/story/7326/8424096 數位發展部召開首次「數位經濟發展諮詢會」 產、學、研齊獻策 https://www.tca.org.tw/tca_news1.php?n=2233 數發部：員警聯防通報警示帳戶作業 已有線上系統 https://udn.com/news/story/7238/8423003 建構更具韌性的資安機制 多國專家齊聚台灣ACE會議共商管理之道 https://reurl.cc/36xaLV H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 物聯網裝置作業系統OpenWrt系統ASU更新模組存在弱點，攻擊者有機會植入惡意映像檔 https://www.ithome.com.tw/news/166470 物聯網裝置作業系統OpenWrt系統更新模組存在弱點，攻擊者有機會植入惡意映像檔 https://www.bleepingcomputer.com/news/security/openwrt-sysupgrade-flaw-let-hackers-push-malicious-firmware-images/ 威聯通修補漏洞挖掘競賽Pwn2Own揭露的NAS高風險漏洞 https://www.securityweek.com/qnap-patches-vulnerabilities-exploited-at-pwn2own/ Zyxel VMG8825-T50K https://nvd.nist.gov/vuln/detail/CVE-2024-8748 Zyxel VMG4005-B50A https://nvd.nist.gov/vuln/detail/CVE-2024-9200 I.教育訓練 資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 Saturday AI Chat: Insights with Zack Lim 2024/12/14 https://www.meetup.com/internet-entrepreneurs-network-vietnam/events/304628614/ SecondLook Discussions 2024/12/15 https://www.meetup.com/secondlook-bangkok/events/304753213/ Focus and Take Action - Entrepreneurs and Digital Nomads 2024/12/15 https://www.meetup.com/taipei-accountability-group/events/rjcdptygcqbtb/ 金融反詐 X AI深偽：資安實務專題講座（中部場）2024/12/16 https://isipevent.kktix.cc/events/m165isip 【資安講座】錢錢沒有不見，只是進入別人的口袋裡了 2024/12/16 https://hackersir.kktix.cc/events/2024-12-16 Algorithms Study Group! 2024/12/17 https://www.meetup.com/codeseoul/events/304792219/ Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/12/17 https://www.meetup.com/taiwan-code-camp/events/304791930/ 台灣的全球網路自由分數竟被扣在這！！政府打詐封網措施「 DNS RPZ 停止解析」過度了嗎 2024/12/19 https://ocftw.kktix.cc/events/internetfreedom-dec2024 Advanced Scrum Case Study 2024/12/21 https://www.meetup.com/silicon-valley-professional-scrum-bangkok/events/ghffptygcqbcc/ Saturday AI Chat: Insights with Zack Lim 2024/12/21 https://www.meetup.com/internet-entrepreneurs-network-vietnam/events/304628647/ “团队敏捷教练进阶课程” 12月21-22日 · A-CSM认证周末班 2024/12/21-2024/12/22 https://www.meetup.com/shanghai-agile-scrum-user-group/events/304244914/ Focus and Take Action - Entrepreneurs and Digital Nomads 2024/12/22 https://www.meetup.com/taipei-accountability-group/events/rjcdptygcqbdc/ [HOLD] An Exciting Flutter Meetup! (Flutter Meetup #20) 2024/12/24 https://www.meetup.com/flutter-taipei/events/304666982/ Algorithms Study Group! 2024/12/24 https://www.meetup.com/codeseoul/events/vgfcptygcqbgc/ Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/12/24 https://www.meetup.com/taiwan-code-camp/events/xfxtjtygcqbgc/ Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/12/25 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/bmzxltygcqbhc/ “全球金牌敏捷课程” - CSM认证（周末班）2024/12/28 https://www.meetup.com/shanghai-agile-scrum-user-group/events/304806511/ Focus and Take Action - Entrepreneurs and Digital Nomads 2024/12/29 https://www.meetup.com/taipei-accountability-group/events/rjcdptygcqbmc/ SecondLook Discussions 2024/12/29 https://www.meetup.com/secondlook-bangkok/events/pbfdptygcqbmc/ Algorithms Study Group! 2024/12/31 https://www.meetup.com/codeseoul/events/vgfcptygcqbpc/