###### tags: `資安事件新聞週報` # 資安事件新聞週報 2025/2/3 ~ 2025/2/7 1.重大弱點漏洞/後門/Exploit/Zero Day Palo Alto Networks防火牆韌體存在已知弱點，恐繞過安全開機防護機制 https://thehackernews.com/2025/01/palo-alto-firewalls-found-vulnerable-to.html Cacti https://nvd.nist.gov/vuln/detail/CVE-2024-54146 https://nvd.nist.gov/vuln/detail/CVE-2025-22604 SonicWall SMA1000 https://nvd.nist.gov/vuln/detail/CVE-2025-23006 合勤證實研究人員揭露的漏洞存在於12款DSL CPE設備，呼籲用戶應儘速汰換因應 https://www.ithome.com.tw/news/167236 合勤CPE設備存在零時差漏洞，傳出已被用於散布殭屍網路Mirai變種 https://www.ithome.com.tw/news/167183 兆勤防火牆應用程式簽章年前更新出包，USG FLEX、ATP系列需人工到場修復 https://www.ithome.com.tw/news/167159 思科修補網路存取控制系統ISE重大漏洞 https://www.ithome.com.tw/news/167250 Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc https://thehackernews.com/2025/02/cisco-patches-critical-ise.html Unknown log events which have IPv4 or IPv6 in the syslog header that would be associated with the SIM Generic logsource are being dropped https://www.ibm.com/support/pages/node/7182076 Azure AI臉部辨識服務與微軟帳號系統修補重大層級漏洞 https://www.ithome.com.tw/news/167225 Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score https://thehackernews.com/2025/02/microsoft-patches-critical-azure-ai.html Microsoft SharePoint Connector Flaw Could've Enabled Credential Theft Across Power Platform https://thehackernews.com/2025/02/microsoft-sharepoint-connector-flaw.html Microsoft Identifies 3,000+ Publicly Disclosed ASP.NET Machine Keys Vulnerable to Code Injection https://thehackernews.com/2025/02/microsoft-identifies-3000-publicly.html CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25 https://thehackernews.com/2025/02/cisa-adds-four-actively-exploited.html ZDI近日發布7-Zip的零時差漏洞 https://www.ithome.com.tw/news/167224 Russian Cybercrime Groups Exploiting 7-Zip Flaw to Bypass Windows MotW Protections https://thehackernews.com/2025/02/russian-cybercrime-groups-exploiting-7.html AMD Zen架構處理器存在微指令簽章驗證漏洞，影響SEV-SNP機密運算安全 https://www.ithome.com.tw/news/167207 AMD SEV-SNP Vulnerability Allows Malicious Microcode Injection with Admin Access https://thehackernews.com/2025/02/amd-sev-snp-vulnerability-allows.html Broadcom Patches VMware Aria Flaws – Exploits May Lead to Credential Theft https://thehackernews.com/2025/01/broadcom-patches-vmware-aria-flaws.html IBM QRadar SIEM contains multiple vulnerabilities https://www.ibm.com/support/pages/node/7182335 Oracle VM VirtualBox https://nvd.nist.gov/vuln/detail/CVE-2025-21571 Oracle WebLogic Server https://nvd.nist.gov/vuln/detail/CVE-2025-21549 https://nvd.nist.gov/vuln/detail/CVE-2025-21535 Red Hat Enterprise Linux 8 https://nvd.nist.gov/vuln/detail/CVE-2024-11218 Dell PowerProtect DD https://nvd.nist.gov/vuln/detail/CVE-2024-53295 https://nvd.nist.gov/vuln/detail/CVE-2024-51534 VMware Aria Operations https://nvd.nist.gov/vuln/detail/CVE-2025-22222 遠端監控與管理軟體SimpleHelp漏洞傳出實際攻擊行動 https://www.darkreading.com/cyberattacks-data-breaches/attackers-education-sector-hijack-microsoft-accounts Apple Silicon晶片存在弱點，恐遭SLAP與FLOP側通道攻擊，洩漏用戶機敏資料 https://www.ithome.com.tw/news/167168 DeepSeek R1大型語言模型存在資安弱點，恐被越獄用於網路犯罪 https://blogs.cisco.com/security/evaluating-security-risk-in-deepseek-and-other-frontier-reasoning-models Veeam修補本地端與雲端備份軟體漏洞，駭客可用中間人攻擊伎倆破壞系統 https://www.ithome.com.tw/news/167241 Meta大型語言模型框架Llama存在漏洞，恐導致AI系統曝露遠端程式碼執行風險 https://thehackernews.com/2025/01/metas-llama-framework-flaw-exposes-ai.html 2.銀行/金融/保險/證券/金融監理 新聞及資安 India's RBI Introduces Exclusive "bank.in" Domain to Combat Digital Banking Fraud https://thehackernews.com/2025/02/indias-rbi-introduces-exclusive-bankin.html 富邦人壽通過NIST CSF，成為臺灣金融業率先取得相關驗證的公司 https://www.ithome.com.tw/news/167237 資安疑慮擴大　南韓政府、金融機構紛紛禁用DeepSeek https://www.taiwannews.com.tw/zh/news/6031404 產險業推廣資安險　保險局長建議優先找壽險公會、金融周邊單位合作 https://www.storm.mg/article/5319152 韓國政府機關接連禁用DeepSeek 金融機構也跟進 https://www.rti.org.tw/news/view/id/2237328 3.信用卡/電子支付/行動支付/pay/支付系統/資安 資安業者SlashNext揭露網路犯罪圈出現專門挾持信用卡資料的WordPress外掛程式PhishWP https://www.ithome.com.tw/news/166870 防範偽冒離線交易的新式詐騙手法，春節期間臺灣有商家暫停使用感應式行動支付 https://www.ithome.com.tw/news/167216 英國卡西歐網站遭植入信用卡側錄工具 https://hackread.com/casio-16-websites-double-entry-web-skimming-attack 經部預告增訂電子支付商業類別 助業者組公會自律 https://udn.com/news/story/7239/8524687 街口、全支付在日本也能用　串接電支龍頭PayPay的推手，新創鏈通是誰 https://www.cw.com.tw/article/5133925 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 Cross-Platform JavaScript Stealer Targets Crypto Wallets in New Lazarus Group Campaign https://thehackernews.com/2025/02/cross-platform-javascript-stealer.html 「以太幣現貨 ETF」選擇權交易也要來了！美國「這 2 家證交所」已遞件申請 https://blockcast.it/2025/02/06/cboe-bzx-proposes-options-trading-on-spot-ethereum-etfs/ Payza創辦人因隱匿比特幣被加刑 https://hk.investing.com/news/cryptocurrency-news/article-93CH-793518 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 勒索軟體駭客利用VMware虛擬化平臺的SSH加密存取，意圖建立存取受害組織內部環境的隱密管道 https://www.ithome.com.tw/news/167251 駭客組織Silver Fox假借提供瀏覽器、簡訊服務名義，意圖散布惡意軟體ValleyRAT https://www.ithome.com.tw/news/167254 北韓駭客假借徵才名義引誘macOS用戶上當，企圖散布惡意軟體Ferret https://thehackernews.com/2025/02/north-korean-hackers-deploy-ferret.html 惡意套件鎖定Go開發人員而來，假借提供代理伺服器工具散布 https://socket.dev/blog/malicious-package-exploits-go-module-proxy-caching-for-persistence Go模組快取機制遭濫用，惡意後門套件潛伏多年未被察覺 https://www.ithome.com.tw/news/167247 木馬程式AsyncRAT濫用TryCloudflare服務散布 https://www.ithome.com.tw/news/167244 曝露的ASP. NET金鑰遭到濫用，攻擊者用於散布惡意程式 https://www.bleepingcomputer.com/news/security/microsoft-says-attackers-use-exposed-aspnet-keys-to-deploy-malware/ 中國駭客Evasive Panda透過SSH處理程序挾持網路設備，注入惡意程式 https://www.bleepingcomputer.com/news/security/chinese-cyberspies-use-new-ssh-backdoor-in-network-device-hacks/ 勒索軟體駭客利用SSH隧道鎖定VMware虛擬化平臺 https://www.bleepingcomputer.com/news/security/ransomware-gang-uses-ssh-tunnels-for-stealthy-vmware-esxi-access/ 印度Tata集團旗下汽車設計公司證實遭遇勒索軟體攻擊 https://www.ithome.com.tw/news/167201 印度科技龍頭Tata證實遭遇勒索軟體攻擊 https://www.bleepingcomputer.com/news/security/indian-tech-giant-tata-technologies-hit-by-ransomware-attack/ 駭客假借提供AI工具DeepSeek的名義，在PyPI散布惡意軟體，不到一小時就有逾200人上當 https://www.ithome.com.tw/news/167206 殭屍網路病毒Aquabot鎖定Mitel網路電話而來，利用命令注入漏洞滲透設備 https://www.bleepingcomputer.com/news/security/new-aquabotv3-botnet-malware-targets-mitel-command-injection-flaw/ North Korean APT Kimsuky Uses forceCopy Malware to Steal Browser-Stored Credentials https://thehackernews.com/2025/02/north-korean-apt-kimsuky-uses-lnk-files.html Top 3 Ransomware Threats Active in 2025 https://thehackernews.com/2025/02/top-3-ransomware-threats-active-in-2025.html AsyncRAT Campaign Uses Python Payloads and TryCloudflare Tunnels for Stealth Attacks https://thehackernews.com/2025/02/asyncrat-campaign-uses-python-payloads.html Malicious Go Package Exploits Module Mirror Caching for Persistent Remote Access https://thehackernews.com/2025/02/malicious-go-package-exploits-module.html North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS https://thehackernews.com/2025/02/north-korean-hackers-deploy-ferret.html Crazy Evil Gang Targets Crypto with StealC, AMOS, and Angel Drainer Malware https://thehackernews.com/2025/02/crazy-evil-gang-targets-crypto-with.html CISA and FDA Warn of Critical Backdoor in Contec CMS8000 Patient Monitors https://thehackernews.com/2025/01/cisa-and-fda-warn-of-critical-backdoor.html Hackers Exploiting SimpleHelp RMM Flaws for Persistent Access and Ransomware https://thehackernews.com/2025/02/hackers-exploit-simplehelp-rmm-flaws.html Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking https://thehackernews.com/2025/02/fake-google-chrome-sites-distribute.html Ransomware Extortion Drops to $813.5M in 2024, Down from $1.25B in 2023 https://thehackernews.com/2025/02/ransomware-extortion-drops-to-8135m-in.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 義大利政府疑用Paragon間諜軟體監控記者、異議人士，業者急切割 https://www.ithome.com.tw/news/167253 90名記者、社會運動人士遭鎖定，攻擊者發動WhatsApp零點擊間諜軟體攻擊 https://thehackernews.com/2025/02/meta-confirms-zero-click-whatsapp.html 蘋果修補存在電腦與行動裝置的零時差漏洞，傳出已用於攻擊iPhone用戶 https://www.ithome.com.tw/news/167181 Google修補安卓作業系統核心的零時差漏洞 https://www.ithome.com.tw/news/167218 Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104 https://thehackernews.com/2025/02/google-patches-47-android-security.html Meta Confirms Zero-Click WhatsApp Spyware Attack Targeting 90 Journalists, Activists https://thehackernews.com/2025/02/meta-confirms-zero-click-whatsapp.html Google Bans 158,000 Malicious Android App Developer Accounts in 2024 https://thehackernews.com/2025/01/google-bans-158000-malicious-android.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 邑昇、尚立公告內部資訊系統遭受網路攻擊 https://mops.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=3&SPOKE_TIME=150944&SPOKE_DATE=20250205&COMPANY_ID=5291 https://mops.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=3&SPOKE_TIME=155935&SPOKE_DATE=20250205&COMPANY_ID=3360 欣興電子、美亞鋼鐵、南亞電路板發布重大訊息，證實部分資訊系統遭遇網路攻擊 https://mops.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=213800&SPOKE_DATE=20250201&COMPANY_ID=3037 https://mops.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=151432&SPOKE_DATE=20250202&COMPANY_ID=2020 https://mops.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=62021&SPOKE_DATE=20250203&COMPANY_ID=8046 運動用品製造商Mizuno美國子公司證實遭到入侵，駭客在內部網路環境活動長達2個月 https://www.bleepingcomputer.com/news/security/mizuno-usa-says-hackers-stayed-in-its-network-for-two-months/ 先進光電部分資訊系統遭受網路攻擊 https://mops.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=171652&SPOKE_DATE=20250203&COMPANY_ID=3362 北韓駭客利用RID挾持手法，在Windows電腦建立隱藏的管理員帳號 https://www.bleepingcomputer.com/news/security/hackers-use-windows-rid-hijacking-to-create-hidden-admin-account/ 中國駭客CL-STA-0048鎖定南亞電信業者而來 https://securityonline.info/cl-sta-0048-chinese-linked-apt-targets-telecoms-in-south-asia/ Google警告旗下AI機器人Gemini遭濫用，中國、俄羅斯、北韓國家級駭客企圖用於打造網路攻擊工具 https://thehackernews.com/2025/01/google-over-57-nation-state-threat.html 駭客組織Silent Lynx鎖定吉爾吉斯、土庫曼等中亞國家而來 https://thehackernews.com/2025/02/silent-lynx-using-powershell-golang-and.html TAG-124’s Multi-Layered TDS Infrastructure and Extensive User Base https://www.recordedfuture.com/research/tag-124-multi-layered-tds-infrastructure-extensive-user-base Cybercriminals Use Go Resty and Node Fetch in 13 Million Password Spraying Attempts https://thehackernews.com/2025/02/cybercriminals-use-axios-and-node-fetch.html Google: Over 57 Nation-State Threat Groups Using AI for Cyber Operations https://thehackernews.com/2025/01/google-over-57-nation-state-threat.html Authorities Seize Domains of Popular Hacking Forums in Major Cybercrime Crackdown https://thehackernews.com/2025/01/authorities-seize-domains-of-popular.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 HTTP用戶端工具遭濫用，駭客用來挾持M365帳號 https://www.ithome.com.tw/news/167233 150家企業組織遭到鎖定，駭客藉由AD聯邦服務繞過多因素驗證，從而挾持帳號 https://www.darkreading.com/cyberattacks-data-breaches/attackers-education-sector-hijack-microsoft-accounts DeepSeek聊天機器人恐將資料傳送給中國國營電信業者 https://www.securityweek.com/researchers-link-deepseeks-blockbuster-chatbot-to-chinese-telecom-banned-from-doing-business-in-us/ 爆紅中國AI服務DeepSeek資料庫配置錯誤，機敏事件記錄資料外洩 https://www.ithome.com.tw/news/167169 美國警告中國醫療設備恐存在後門，將病人資料外流 https://www.bleepingcomputer.com/news/security/backdoor-found-in-two-healthcare-patient-monitors-linked-to-ip-in-china/ 美國與荷蘭聯手，奪下39個用於兜售商業郵件詐騙作案工具的網域 https://www.ithome.com.tw/news/167190 U.S. and Dutch Authorities Dismantle 39 Domains Linked to BEC Fraud Network https://thehackernews.com/2025/02/us-and-dutch-authorities-dismantle-39.html Malvertising Scam Uses Fake Google Ads to Hijack Microsoft Advertising Accounts https://thehackernews.com/2025/02/malvertising-scam-uses-fake-google-ads.html 針對12月發生的零時差漏洞攻擊事故，BeyondTrust證實有17個SaaS客戶受害 https://thehackernews.com/2025/02/beyondtrust-zero-day-breach-exposes-17.html BeyondTrust Zero-Day Breach Exposed 17 SaaS Customers via Compromised API Key https://thehackernews.com/2025/02/beyondtrust-zero-day-breach-exposes-17.html Italy Bans Chinese DeepSeek AI Over Data Privacy and Ethical Concerns https://thehackernews.com/2025/01/italy-bans-chinese-deepseek-ai-over.html E.研究報告/工具 如何實踐遵循國際資安標準的Microsoft365雲端資訊架構（第一集） https://www.uuu.com.tw/Public/content/article/25/20250203.htm 企業資安防禦指南【2025 最新版】 https://teamt5.org/tw/posts/2025-enterprise-cybersecurity-guide/ 資安事件應變處理：從基礎概念到實務處理 https://teamt5.org/tw/posts/cybersecurity-incident-response-handling-from-basic-concepts-to-practical-handling/ 資安業者揭露瀏覽器同步挾持手法Syncjacking，攻擊者可藉由惡意延伸套件控制電腦 https://www.bleepingcomputer.com/news/security/new-syncjacking-attack-hijacks-devices-using-chrome-extensions/ The Evolving Role of PAM in Cybersecurity Leadership Agendas for 2025 https://thehackernews.com/2025/02/the-evolving-role-of-pam-in.html Navigating the Future: Key IT Vulnerability Management Trends https://thehackernews.com/2025/02/navigating-future-key-it-vulnerability.html Watch Out For These 8 Cloud Security Shifts in 2025 https://thehackernews.com/2025/02/watch-out-for-these-8-cloud-security.html What Is Attack Surface Management https://thehackernews.com/2025/02/what-is-attack-surface-management.html Top 5 AI-Powered Social Engineering Attacks https://thehackernews.com/2025/01/top-5-ai-powered-social-engineering.html AI-Powered Social Engineering: Reinvented Threats https://thehackernews.com/2025/02/ai-powered-social-engineering.html F.商業 Sophos宣布完成併購Secureworks，將著重MDR業務 https://www.ithome.com.tw/news/167191 漏洞管理解決方案業者Tenable以1.5億美元買下曝險管理新創Vulcan Cyber https://www.securityweek.com/tenable-to-acquire-vulcan-cyber-for-150-million/ G.政府 Taiwan Bans DeepSeek AI Over National Security Concerns, Citing Data Leakage Risks https://thehackernews.com/2025/02/taiwan-bans-deepseek-ai-over-national.html 新任數位發展部資安署署長蔡福隆走馬上任，將迎接挑戰、積極對話，打造可信賴的資安環境 https://www.ithome.com.tw/news/167245 行政院要求公務機關全面禁用AI服務DeepSeek https://www.ithome.com.tw/news/167184 數位發展部數位產業署 5G專網創新應用創新局 https://www.watchmedia01.com/archives/338569 金管會新人事！銀行局副局長林志吉改任主祕 https://reurl.cc/zpjgM6 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 Netgear公布Wi-Fi無線基地臺、路由器重大層級漏洞，6款設備曝險 https://www.ithome.com.tw/news/167221 速霸陸車聯網存在重大漏洞，攻擊者恐遠端控制車輛 https://www.ithome.com.tw/news/167148 I.教育訓練 資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 Use Predictive and Generative AI to Solve Problems 预测式和生成式人工智能 2025/2/8 https://www.meetup.com/hands-on-ai/events/305411588/ 自動化新視界：解鎖流程優化與工具整合實用策略課堂 2025/2/8 ~ 2025/2/15 https://www.accupass.com/event/2412020803131836788493 機器學習主管的跨國工作分享聚- PeiPei Chen 2025/2/9 https://www.meetup.com/taipeiwomenintech/events/305692495/ 科技媽媽的親子讀書分享 2025/2/9 https://www.meetup.com/taipeiwomenintech/events/304950913/ T-box 工作坊: 掌握《區域全面經濟夥伴關係協定》商機 – 電子商貿 2025/2/10 https://www.meetup.com/meetups-hk-science-park/events/305750386/ Innovation Zero Awards 2025/2/11 https://www.meetup.com/meetups-hk-science-park/events/305837103/ LLM Application Development in Azure 2025/2/12 https://www.meetup.com/global-ai-taoyuan/events/305379392/ How to Build a Consulting Side Hustle with AI In One Weekend! 2025/2/12 https://www.meetup.com/shanghai-startup-idea-to-ipo/events/305582446/ ONLINE WORKSHOP 🌟 Build your first Line chatbot2025/2/12 https://www.meetup.com/le-wagon-seoul/events/305855434/ ONLINE WORKSHOP 🌟 Build your first Line chatbo t2025/2/12 https://www.meetup.com/le-wagon-tokyo-coding-station/events/305838937/ The Importance of Cosmos DB in AI Applications 2025/2/12 https://www.meetup.com/jssug-japan/events/305749996/ Funding the Future of Healthcare: From Serial Entrepreneur to Specialist VC 2025/2/12 https://www.meetup.com/tokyo-startup-founder-101/events/305723931/ [ONLINE OPEN CAMPUS] Discover our Web Development & Data Science bootcamps! 2025/2/13 https://www.meetup.com/le-wagon-seoul/events/305789214/ How to Build a Side Hustle as a Social Media Influencer 2025/2/13 https://www.meetup.com/shanghai-startup-idea-to-ipo/events/305280988/ Advanced Scrum Case Study 2025/2/15 https://www.meetup.com/silicon-valley-professional-scrum-bangkok/events/ghffptyhcdbtb/ Free OPEN Passes to DeveloperWeek 2025 - Live Online 2025/2/19 https://www.meetup.com/r-user-group-philippines/events/305759741/ ManageEngine ADManager Plus product demo 2025/2/19 https://www.meetup.com/manageengine-hong-kong-events/events/305838082/ Taipei dbt Meetup #33 for all folks working with data! (Hybrid 👫 + 🧑‍💻)2025/2/19 https://www.meetup.com/taipei-dbt-meetup/events/305272974/ #133 PUPMCR & other PUPX Packages: Advancing Research in Mycology & Chemistry 2025/2/19 https://www.meetup.com/r-user-group-philippines/events/305760876/ Cybersecurity on a budget:Practical strategies for 2025 Tools,allocation,and ROI 2025/2/20 https://www.meetup.com/manageengine-hong-kong-events/events/305860097/ [Online] Philippine Bitcoin meetup 2025/2/20 https://www.meetup.com/philippine-bitcoiners/events/300961130/ 第八屆《Hit AI & Blockchain》人工智慧暨區塊鏈產業高峰會 2025/2/20 https://www.accupass.com/event/2411261044223773652370 Season of AI: Exploring Current Trends and Advancements 2025/2/22 https://www.meetup.com/cloud-experts-group/events/305847254/ Startup Teaming (Online) 2025/2/22 https://www.meetup.com/startup-agile-group-thanh-pho-ho-chi-minh/events/305527890/ How to Save 10 Hours a Week at Work with AI 2025/2/25 https://www.meetup.com/shanghai-startup-idea-to-ipo/events/305603934/ Advanced Scrum Case Study 2025/3/1 https://www.meetup.com/silicon-valley-professional-scrum-bangkok/events/ghffptyhcfbcb/ DEVCORE CONFERENCE 2025 2025/3/15 https://devcore.kktix.cc/events/devcoreconf2025 [Online] Philippine Bitcoin meetup 2025/3/20 https://www.meetup.com/philippine-bitcoiners/events/304057810/