###### tags: `資安事件新聞週報` # 資安事件新聞週報 2025/5/5 ~ 2025/5/9 1.重大弱點漏洞/後門/Exploit/Zero Day SonicWall SMA 裝置遭攻擊，多個資安漏洞被利用 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11865 SonicWall針對防火牆用戶提出警告，SSL VPN漏洞已出現攻擊行動 https://www.bleepingcomputer.com/news/security/sonicwall-urges-admins-to-patch-vpn-flaw-exploited-in-attacks/ 思科修補風險滿分的IOS XE漏洞，攻擊者有機會透過JWT觸發 https://thehackernews.com/2025/05/cisco-patches-cve-2025-20188-100-cvss.html Cisco Patches CVE-2025-20188 (10.0 CVSS) in IOS XE That Enables Root Exploits via JWT https://thehackernews.com/2025/05/cisco-patches-cve-2025-20188-100-cvss.html PHP程式庫ADOdb存在滿分漏洞，280萬套已部署系統恐曝險 https://www.ithome.com.tw/news/168751 https://nvd.nist.gov/vuln/detail/CVE-2025-46337 Apache基金會修補Tomcat高風險資安漏洞 https://www.ithome.com.tw/news/168839 Critical Langflow Flaw Added to CISA KEV List Amid Ongoing Exploitation Evidence https://thehackernews.com/2025/05/critical-langflow-flaw-added-to-cisa.html WordPress外掛OttoKit重大漏洞已被積極利用，10萬網站曝險 https://securityonline.info/cve-2025-27007-critical-ottokit-wordpress-plugin-flaw-exploited-after-disclosure-100k-sites-at-risk/ OttoKit WordPress Plugin with 100K+ Installs Hit by Exploits Targeting Multiple Flaws https://thehackernews.com/2025/05/ottokit-wordpress-plugin-with-100k.html SysAid Patches 4 Critical Flaws Enabling Pre-Auth RCE in On-Premise Version https://thehackernews.com/2025/05/sysaid-patches-4-critical-flaws.html Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell https://thehackernews.com/2025/05/chinese-hackers-exploit-sap-rce-flaw.html 三星顯示器內容管理系統漏洞仍持續遭利用，修補程式疑無法緩解弱點 https://www.securityweek.com/improperly-patched-samsung-magicinfo-vulnerability-exploited-by-botnet/ 三星顯示器內容集中控管系統遭到鎖定，駭客利用已知漏洞挾持設備並部署惡意軟體 https://www.bleepingcomputer.com/news/security/samsung-magicinfo-9-server-rce-flaw-now-exploited-in-attacks/ 針對微軟4月修補的CLFS零時差漏洞，傳出Play勒索軟體駭客也加入利用的行列 https://www.ithome.com.tw/news/168824 Windows部署服務存在DoS漏洞，攻擊者有機會遠端發動零點擊攻擊 https://securityonline.info/unauthenticated-dos-vulnerability-crashes-windows-deployment-services-no-patch/ 圖像化LLM應用開發工具Langflow存在RCE漏洞，CISA證實已被用於實際攻擊 https://www.ithome.com.tw/news/168806 疑修補不全！針對Commvault修補的備份管理平臺滿分漏洞，研究人員發現仍然可被利用 https://www.darkreading.com/cyberattacks-data-breaches/researcher-patched-commvault-bug-exploitable 4月SAP修補的NetWeaver滿分漏洞再傳攻擊行動 https://securityaffairs.com/177522/hacking/experts-warn-of-a-second-wave-of-attacks-targeting-sap-netweaver-bug-cve-2025-31324.html 圖像化資料分析平臺Grafana出現高風險權限繞過漏洞 https://www.ithome.com.tw/news/168640 資料視覺化系統Kibana爆高風險原型污染漏洞 https://www.ithome.com.tw/news/168798 AWS Amplify Studio存在重大漏洞，攻擊者有機會執行任意JavaScript指令碼 https://securityonline.info/critical-aws-amplify-studio-flaw-allows-code-execution-update-now/ 2.銀行/金融/保險/證券/金融監理 新聞及資安 開鍘！台新銀信用卡出包資料外洩 上千客戶受害遭罰600萬元 https://reurl.cc/EVWGqk 天網AI模型抓警示戶有成 元大銀行獲ESG企業永續創新獎 https://money.udn.com/money/story/5613/8729268 央行打炒匯！金檢抓2缺失　重申銀行結匯落實3大規範 https://finance.ettoday.net/news/2957329 這樣做防盜刷 首家銀行導入FIDO驗證服務 https://reurl.cc/vQo73j 台幣強升銀行App系統塞車 金管會：民眾換匯量遽增 https://www.cna.com.tw/news/afe/202505050222.aspx 蘋信科技取得兩大銀行「金融業簡訊專用編碼」短碼發送服務採購案 https://money.udn.com/money/story/5635/8727354 3.信用卡/電子支付/行動支付/pay/支付系統/資安 北捷將開通多元行動支付！5大手機搭車支付方式一次了解 https://www.commonhealth.com.tw/article/92624 iPhone更新後有望新增「悠遊卡」搭車功能？悠遊卡公司：積極討論中 https://reurl.cc/M39RYv 6家業者接近納管電支門檻 樂購蝦皮入列 https://www.cna.com.tw/news/afe/202505080332.aspx 街口支付啟動技術團隊擴編 聚焦跨境金流、嵌入式金融與多元支付場景 https://www.storm.mg/stylish/5370407 第三方支付告捷 智冠：藍新集團全年交易處理額破千億 https://udn.com/news/story/7241/8726267 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 38,000+ FreeDrain Subdomains Found Exploiting SEO to Steal Crypto Wallet Seed Phrases https://thehackernews.com/2025/05/38000-freedrain-subdomains-found.html 美國貨幣監理署：銀行可自由交易加密資產與託管，無需事先批准 https://www.blocktempo.com/banks-within-the-united-states-are-permitted-to-freely-trade-and-custody-crypto-assets/ 香港加密貨幣市場復出：取消質押禁令，阿聯聯盟成立 https://hao.cnyes.com/post/168211 Meta 再度挑戰加密貨幣！已在討論引進穩定幣作為支付方式 https://www.inside.com.tw/article/38391-meta-plans-on-stablecoin-deployment 寶博士葛如鈞：比特幣是數位時代的熱武器！台灣應把BTC納入儲備 https://www.blocktempo.com/legislator-ju-chun-ko-calls-for-taiwan-to-include-bitcoin-in-reserves/ 央行數位新台幣進展再跨步 北中南公聽會開跑 https://udn.com/news/story/7238/8729283 央行的「數位新台幣」七月試行！看懂 CBDC 是什麼、怎麼用 https://www.blocktempo.com/the-central-bank-promotes-digital-taiwan-dollars-and-will-pilot-a-new-platform-in-july/ 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 中國駭客MirrorFace鎖定臺灣、日本，散布惡意軟體RoamingMouse、Anel https://www.ithome.com.tw/news/168857 MirrorFace Targets Japan and Taiwan with ROAMINGMOUSE and Upgraded ANEL Malware https://thehackernews.com/2025/05/mirrorface-targets-japan-and-taiwan.html 資安業者SentinelOne證實遭鎖定，北韓IT員工、勒索軟體、中國駭客試圖對其下手 https://www.securityweek.com/sentinelone-targeted-by-north-korean-it-workers-ransomware-groups-chinese-hackers/ 惡意軟體佯裝資安工具入侵WordPress網站 https://www.ithome.com.tw/news/168777 勒索軟體Babuk繞過EDR防護出現新手法，利用本機安裝程式達到目的 https://www.ithome.com.tw/news/168773 惡意NPM套件鎖定CryptoJS用戶而來，企圖竊取加密貨幣錢包、MongoDB資料庫 https://hackread.com/npm-malware-crypto-wallets-mongodb-turkey-code/ 多家英國零售業者傳出遭到勒索軟體DragonForce攻擊 https://www.ithome.com.tw/news/168799 惡意軟體下載工具Phorpiex捲土重來，被用於散布LockBit 3.0勒索軟體 https://www.ithome.com.tw/news/168740 勒索軟體Rhysida聲稱對秘魯政府數位平臺下手，該國否認遭駭 https://www.ithome.com.tw/news/168754 駭客佯稱美國社會安全局，企圖散布ScreenConnect RAT並控制受害電腦 https://hackread.com/fake-ssa-emails-trick-users-installing-screenconnect-rat/ Interlock勒索集團以ClickFix技術偽冒安全工具，植入惡意PowerShell後門 https://www.ithome.com.tw/news/168615 Agenda Ransomware Group Adds SmokeLoader and NETXLOADER to Their Arsenal https://www.trendmicro.com/en_us/research/25/e/agenda-ransomware-group-adds-smokeloader-and-netxloader-to-their.html https://documents.trendmicro.com/assets/txt/NETXLOADER-IOCsy4h6Kis.txt Iranian Hackers Maintain 2-Year Access to Middle East CNI via VPN Flaws and Malware https://thehackernews.com/2025/05/iranian-hackers-maintain-2-year-access.html U.S. Charges Yemeni Hacker Behind Black Kingdom Ransomware Targeting 1,500 Systems https://thehackernews.com/2025/05/us-charges-yemeni-hacker-behind-black.html MintsLoader Drops GhostWeaver via Phishing, ClickFix — Uses DGA, TLS for Stealth Attacks https://thehackernews.com/2025/05/mintsloader-drops-ghostweaver-via.html Fake Security Plugin on WordPress Enables Remote Admin Access for Attackers https://thehackernews.com/2025/05/fake-security-plugin-on-wordpress.html 來自俄羅斯的Go套件Easyjson恐危及美國國家安全 https://www.ithome.com.tw/news/168761 Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack https://thehackernews.com/2025/05/malicious-go-modules-deliver-disk.html Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day to Breach U.S. Organization https://thehackernews.com/2025/05/play-ransomware-exploited-windows-cve.html Researchers Uncover Malware in Fake Discord PyPI Package Downloaded 11,500+ Times https://thehackernews.com/2025/05/researchers-uncover-malware-in-fake.html Russian Hackers Using ClickFix Fake CAPTCHA to Deploy New LOSTKEYS Malware https://thehackernews.com/2025/05/russian-hackers-using-clickfix-fake.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 專門提供美國政府客製即時通訊軟體的軟體業者驚傳遭駭 https://securityaffairs.com/177458/hacking/a-hacker-stole-data-from-telemessage-the-firm-that-sells-modified-versions-of-signal-to-the-u-s-gov.html Google發布安卓5月例行更新，修補已被用於攻擊的零時差漏洞 https://www.ithome.com.tw/news/168797 針對NSO Group濫用WhatsApp漏洞的判決出爐，需賠償1.6億美元 https://www.ithome.com.tw/news/168791 Wormable AirPlay Flaws Enable Zero-Click RCE on Apple Devices via Public Wi-Fi https://thehackernews.com/2025/05/wormable-airplay-flaws-enable-zero.html NSO Group Fined $168M for Targeting 1,400 WhatsApp Users With Pegasus Spyware https://thehackernews.com/2025/05/nso-group-fined-168m-for-targeting-1400.html Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android https://thehackernews.com/2025/05/google-rolls-out-on-device-ai.html Update ASAP: Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers https://thehackernews.com/2025/05/google-fixes-actively-exploited-android.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 資安團隊感的浮現 https://www.ithome.com.tw/voice/168861 醫材廠Masimo遭網路攻擊，影響產線運作 https://www.ithome.com.tw/news/168832 駭客組織Venom Spider冒充求職者，鎖定人力資源部門而來 https://www.darkreading.com/cyber-risk/venom-spider-phishing-scheme GreyNoise示警駭客正大規模掃描開發者配置檔，瞄準程式碼祕鑰 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11874 Meta 推 LlamaFirewall 框架以防止 AI 越獄、注入攻擊及不安全程式碼 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11867 Meta開源多項Llama安全護欄工具，防範AI越獄、提示注入、不安全外掛 https://www.ithome.com.tw/news/168715 伊朗駭客Lemon Sandstorm鎖定中東基礎設施而來 https://www.darkreading.com/cyberattacks-data-breaches/lemon-sandstorm-risks-middle-east-infrastructure 中國駭客組織利用 IPv6 SLAAC 執行中間人攻擊 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11866 Google警告中國網攻威脅達到空前高峰 https://www.ithome.com.tw/news/168802 Europol Shuts Down Six DDoS-for-Hire Services Used in Global Attacks https://thehackernews.com/2025/05/europol-shuts-down-six-ddos-for-hire.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 網釣工具包CoGUI被中國駭客利用，鎖定日本發動攻擊 https://www.darkreading.com/threat-intelligence/cogui-phishing-kit-chinese-hackers-japan xAI員工不慎於GitHub程式碼庫曝露API金鑰 https://www.ithome.com.tw/news/168801 新Microsoft帳戶將預設使用無密碼登入 https://www.ithome.com.tw/news/168721 教育內容出版商Pearson遭網攻外洩客戶資料、程式原始碼 https://www.ithome.com.tw/news/168860 電子商務平臺WooCommerce管理員遭鎖定，駭客佯稱網站有漏洞從事網釣 https://www.ithome.com.tw/news/168637 TikTok Slammed With €530 Million GDPR Fine for Sending E.U. Data to China https://thehackernews.com/2025/05/tiktok-slammed-with-530-million-gdpr.html Microsoft Sets Passkeys Default for New Accounts; 15 Billion Users Gain Passwordless Support https://thehackernews.com/2025/05/microsoft-sets-passkeys-default-for-new.html Golden Chickens Deploy TerraStealerV2 to Steal Browser Credentials and Crypto Wallet Data https://thehackernews.com/2025/05/golden-chickens-deploy-terrastealerv2.html Third Parties and Machine Credentials: The Silent Drivers Behind 2025's Worst Breaches https://thehackernews.com/2025/05/third-parties-and-machine-credentials.html Microsoft Warns Default Helm Charts Could Leave Kubernetes Apps Exposed to Data Leaks https://thehackernews.com/2025/05/microsoft-warns-default-helm-charts-for.html Entra ID Data Protection: Essential or Overkill https://thehackernews.com/2025/05/entra-id-data-protectionessential-or.html New Investment Scams Use Facebook Ads, RDGA Domains, and IP Checks to Filter Victims https://thehackernews.com/2025/05/new-investment-scams-use-facebook-ads.html Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials https://thehackernews.com/2025/05/malicious-npm-packages-infect-3200.html E.研究報告/工具 台灣居25年第一季亞太地區網攻次數之首 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11861 亞太區加速AI應用採用，在信任、安全與AI取代工作方面企業仍存疑 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11860 研究人員公布使用Linux io_uring迴避偵測的手法 https://www.ithome.com.tw/news/168650 How to Automate CVE and Vulnerability Advisory Response with Tines https://thehackernews.com/2025/05/how-to-automate-cve-and-vulnerability.html Perfection is a Myth. Leverage Isn't: How Small Teams Can Secure Their Google Workspace https://thehackernews.com/2025/05/perfection-is-myth-leverage-isnt-how.html AI, the Access-Trust Gap & The Droids We're Looking For https://thehackernews.com/expert-insights/2025/05/ai-access-trust-gap-droids-were-looking.html Reevaluating SSEs: A Technical Gap Analysis of Last-Mile Protection https://thehackernews.com/2025/05/reevaluating-sses-technical-gap.html Third Parties and Machine Credentials: The Silent Drivers Behind 2025's Worst Breaches https://thehackernews.com/2025/05/third-parties-and-machine-credentials.html Security Tools Alone Don't Protect You — Control Effectiveness Does https://thehackernews.com/2025/05/security-tools-alone-dont-protect-you.html Deploying AI Agents? Learn to Secure Them Before Hackers Strike Your Business https://thehackernews.com/2025/05/deploying-ai-agents-learn-to-secure.html Beyond Vulnerability Management – Can You CVE What I CVE https://thehackernews.com/2025/05/beyond-vulnerability-management-cves.html F.商業 思科推出AI 供應鏈風險管理安全控管機制 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11869 G.政府 最新國家資通安全發展方案出爐！未來4年將以4大策略強化我國資通安全韌性 https://www.ithome.com.tw/news/168845 詐騙通報週增32% 數發部：Meta通報最多、投資詐騙最常見 https://www.technice.com.tw/techmanage/infosecurity/172211/ 數位轉型與國安並重，臺灣在數位浪潮下的資安突圍 https://ithome.com.tw/article/168475 響應國家數位發展 遠傳5G遠距診療深入高雄茂林偏鄉 https://market.ltn.com.tw/article/17354 拚資安業產值逾1200億 政院4年砸88億強化資安防護網 https://news.pchome.com.tw/science/technice/20250509/index-74675558495967338005.html 審計部：縣市政府餘38系統未導入核心資通系統 https://www.epochtimes.com/b5/25/5/9/n14503153.htm 攻防演練從IT到醫療設備　防禦成本仍低於事故代價 跨機關合作應對攻擊　持續強化醫院資安防線 https://www.netadmin.com.tw/netadmin/zh-tw/viewpoint/9D0AB0E648F944C2A62D3FFE68DE657D#google_vignette 打擊虛擬幣洗錢詐騙 鍾佳濱要求政院研擬措施扣押贓款 https://reurl.cc/eMnDxQ H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 Hackers Exploit Samsung MagicINFO, GeoVision IoT Flaws to Deploy Mirai Botnet https://thehackernews.com/2025/05/hackers-exploit-samsung-magicinfo.html GeoVision物聯網裝置遭到鎖定，殭屍網路利用已知漏洞滲透 https://www.ithome.com.tw/news/168841 臺廠普萊德修補交換器、網路設備管理軟體重大漏洞 https://www.ithome.com.tw/news/168811 Ubiquiti網路攝影機存在滿分漏洞，攻擊者能遠端執行任意程式碼 https://securityonline.info/cve-2025-23123-cvss-10-critical-unifi-protect-cameras-flaw-demands-immediate-updates/ I.教育訓練 資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 Startup Teaming (Online) 2025/5/10 https://www.meetup.com/startup-agile-group-thanh-pho-ho-chi-minh/events/307437032/ ONLINE COURSE 🚀 Data Science & AI foundations for beginners 2025/5/10 https://www.meetup.com/le-wagon-tokyo-coding-station/events/307332883/ Microcontroller (ESP32) Discussion @ Gongguan MRT Exit 3 2025/5/10 https://www.meetup.com/electronics-workshop/events/307361975/ Taipei dbt Meetup #36 Bitter Lessons from data Freelancing (Hybrid 👫 + 🧑‍💻) 2025/5/12 https://www.meetup.com/taipei-dbt-meetup/events/307160339/ 被世界低估的「資安」人才缺口：變動世代的隱藏主線 2025/5/14 https://www.accupass.com/event/2504170215051522930322 ONLINE 🌟 Intro to Geospatial Analysis workshop 2025/5/14 https://www.meetup.com/le-wagon-tokyo-coding-station/events/307396626/ Masterclass: Warren Redlich: Tesla, AI & the Future of Innovation 2025/5/15 https://www.meetup.com/workoptional-ai-future-of-work/events/306870563/ 從工地到雲端！e秒簽助攻營造業管理 2025/5/15 https://www.accupass.com/event/2504240851162098989769 AI 時代的資安新挑戰：如何讓開發更快速、更安全 2025/5/15 https://www.accupass.com/event/2503170831057559152230 一鍵保護SaaS資料！實測Keepit快速備份與還原 2025/5/16 https://www.accupass.com/event/2504160409167319207120 Digital Rogue Meetup #08 2025/5/19 https://www.meetup.com/taiwan-digital-rogue/events/307397895/ 智慧 ITSM 時代！Jira ITSM 自動化 2025/5/21 https://www.meetup.com/taipei-atlassian-community-events/events/307355629/ 數位資產與企業創新 2025/5/22 https://www.accupass.com/event/2504100336192273049230 前輩領航計畫｜破解中小企業轉型困境 2025/5/22 https://www.accupass.com/event/2504110857316439952740 How to Build AI Skills For Your Career 2025/5/22 https://www.meetup.com/techtalks-ph-manila/events/307352456/ Taipei dbt Meetup #37 for all folks working with data! (Hybrid 👫 + 🧑‍💻) 2025/5/23 https://www.meetup.com/taipei-dbt-meetup/events/307317858/ The No Hype Guide to Online Business Success 2025/5/23 https://www.meetup.com/internet-entrepreneurs-network-thailand/events/307318369/ 臺灣的下一步-國安青年論壇 2025/5/24 https://www.accupass.com/event/2504200843571170341738 【財訊資安論壇】AI時代的資安新解方 2025/5/26 https://www.accupass.com/event/2504150825081036102809 Elastic 資安 AI 實戰 — 攻擊偵測 & 威脅狩獵全攻略 2025/5/28 https://www.accupass.com/event/2504110633451794495661 Google Cloud Summit Taipei 2025/6/12 https://cloudonair.withgoogle.com/events/summit-taipei-2025 API 安全開發指南：漏洞修復與授權管理實務 2025/9/11-2025/9/12 https://www.accupass.com/event/2501021422337978365160