###### tags: `資安事件新聞週報` # 資安事件新聞週報 2025/5/19 ~ 2025/5/23 1.重大弱點漏洞/後門/Exploit/Zero Day Russian Hackers Exploit Email and VPN Vulnerabilities to Spy on Ukraine Aid Logistics https://thehackernews.com/2025/05/russian-hackers-exploit-email-and-vpn.html SD-WAN維運平臺Versa Concerto存在滿分身分驗證旁路漏洞，尚未修補 https://thehackernews.com/2025/05/unpatched-versa-concerto-flaws-let.html VMware針對旗下虛擬化平臺、混合雲平臺修補高風險漏洞 https://www.ithome.com.tw/news/169108 漏洞挖掘競賽Pwn2Own Berlin 2025找出VMware ESXi漏洞，最高抱走15萬美元獎勵 https://www.ithome.com.tw/news/169049 VMware Aria Automation https://nvd.nist.gov/vuln/detail/CVE-2025-22249 OpenPGP存在高風險漏洞，攻擊者恐對已簽章及加密的訊息進行欺騙 https://www.theregister.com/2025/05/20/openpgp_js_flaw/ Fortinet FortiVoice https://nvd.nist.gov/vuln/detail/CVE-2025-32756 Adobe Connect https://nvd.nist.gov/vuln/detail/CVE-2025-43567 Adobe Bridge https://nvd.nist.gov/vuln/detail/CVE-2025-43545 https://nvd.nist.gov/vuln/detail/CVE-2025-43546 https://nvd.nist.gov/vuln/detail/CVE-2025-43547 Microsoft .NET 8.0 https://nvd.nist.gov/vuln/detail/CVE-2025-26646 Microsoft Defender for Endpoint for Linux https://nvd.nist.gov/vuln/detail/CVE-2025-47161 Microsoft Office 2019 https://nvd.nist.gov/vuln/detail/CVE-2025-30377 https://nvd.nist.gov/vuln/detail/CVE-2025-30386 https://nvd.nist.gov/vuln/detail/CVE-2025-32704 Microsoft Office LTSC for Mac 2021 https://nvd.nist.gov/vuln/detail/CVE-2025-30388 Windows Server 2025的dMSA服務帳號提權惹議，起因是遷移流程可被濫用 https://www.ithome.com.tw/news/169126 Critical Windows Server 2025 dMSA Vulnerability Enables Active Directory Compromise https://thehackernews.com/2025/05/critical-windows-server-2025-dmsa.html Kibana 已發布安全更新 https://www.ithome.com.tw/news/168798 https://discuss.elastic.co/t/kibana-8-17-6-8-18-1-or-9-0-1-security-update-esa-2025-07/377868 Apache已發布安全更新，以解決 Tomcat 中的高風險弱點 https://nvd.nist.gov/vuln/detail/CVE-2025-31650 https://nvd.nist.gov/vuln/detail/CVE-2025-31651 SAP 已發佈產品 NetWeaver 安全更新 https://www.nics.nat.gov.tw/core_business/information_security_information_sharing/Vulnerability_Alert_Announcements/96aabdef-2bea-4e12-aa37-e6ddd97b7fc4/ Google發佈Chrome緊急更新 https://www.ithome.com.tw/news/168977 https://nvd.nist.gov/vuln/detail/CVE-2025-4664 Google更新Chrome密碼管理機制，可偵測並更換已外洩的密碼 https://www.ithome.com.tw/news/169066 美國CISA警告：Chrome高危險漏洞CVE-2025-4664已遭攻擊利用 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11903 Mozilla修補Pwn2Own漏洞挖掘競賽找到的Firefox零時差漏洞 https://www.ithome.com.tw/news/169069 Firefox Patches 2 Zero-Days Exploited at Pwn2Own Berlin with $100K in Rewards https://thehackernews.com/2025/05/firefox-patches-2-zero-days-exploited.html Critical Versa Concerto Flaws Let Attackers Escape Docker and Compromise Hosts https://thehackernews.com/2025/05/unpatched-versa-concerto-flaws-let.html Jenkins揭露眾多外掛程式漏洞，包括可繞過身分驗證的CVE-2025-47889 https://www.ithome.com.tw/news/169006 GitLab Duo Vulnerability Enabled Attackers to Hijack AI Responses with Hidden Prompts https://thehackernews.com/2025/05/gitlab-duo-vulnerability-enabled.html 圖表資料呈現系統Grafana存在XSS高風險漏洞，傳出細節已遭公開 https://www.ithome.com.tw/news/169102 Lexmark印表機存在重大漏洞，攻擊者可發動RCE攻擊 https://gbhackers.com/critical-vulnerability-in-lexmark-printers/ WordPress存在可洩露未公開草稿標題的漏洞，10億網站曝險 https://www.ithome.com.tw/news/169047 Linux程式庫Glibc存在重大漏洞，恐被用於執行任意程式碼 https://www.ithome.com.tw/news/169043 開源API工具Insomnia曝重大漏洞，恐被用於範本注入攻擊 https://www.ithome.com.tw/news/169046 日本警告I-O Data網路儲存設備存在重大漏洞，恐被用於發動RCE攻擊 https://securityonline.info/critical-nas-risk-i-o-data-flaw-with-9-8-cvss-allows-remote-command-execution/ 2.銀行/金融/保險/證券/金融監理 新聞及資安 勒索軟體Nitrogen鎖定美、英、加金融業者而來 https://hackread.com/nitrogen-ransomware-targets-financial-firms-us-uk-canada/ 銀行APP科技阻詐 「翻蓋登出」、「卡片安全鎖」助攻 https://money.udn.com/money/story/5613/8516286 金融資安行動再升級 微軟強化金融業數位韌性與防禦能力 https://www.storm.mg/articles/712904 合庫人壽榮獲F-ISAC與ISO雙肯定 打造安心數位服務生態圈 https://www.cna.com.tw/postwrite/chi/402228 第一銀行公開最新GenAI行動方案GALA計畫，優先賦能員工素養，再聚焦兩大發展重點 https://www.ithome.com.tw/news/169052 第一銀行啟動數位創新引擎 「黑客松」競賽注入組織新動能 https://howlife.cna.com.tw/financial/20250523s004.aspx 玉山銀行揭露兩大AI核心計畫，今年將推出超過10項GenAI應用 https://www.ithome.com.tw/news/169084 國泰金控要靠自建金融知識LLM，打造臺灣首個金融AI Agent https://www.ithome.com.tw/news/169082 國泰金控採用NVIDIA NeMo平台　為台灣打造金融代理 https://finance.ettoday.net/news/2964656 銀行防詐再築防線 降提款額度 禁接代辦貸款 https://www.ctee.com.tw/news/20250522700098-439901 華人區ATM查出銀行卡盜刷器 兩男被控盜竊逾80萬 https://www.epochtimes.com/b5/25/5/23/n14515905.htm 3.信用卡/電子支付/行動支付/pay/支付系統/資安 議員憂悠遊卡淪行動支付孤鳥 https://reurl.cc/NYge1q 悠遊卡別成孤鳥 跨黨議員催 iPhone 嗶進北捷 https://www.epochtimes.com/b5/25/5/23/n14516380.htm iPhone嗶進捷運有譜？跨黨議員盼年底前上路　悠遊卡公司鬆口進度 https://www.knews.com.tw/news/6B85760446CF223BAA5B0DA5FC8D7D1D LINE Pay攜韓國新世界西蒙，拓跨境支付版圖 https://m.moneydj.com/f1a.aspx?a=e81d3754-58fd-4a52-91a0-b0ca8f842ee8 支付系統或癱瘓 荷蘭民眾需儲備現金 對香港有何啟示 https://reurl.cc/kn2A5K 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 Coinbase Agents Bribed, Data of ~1% Users Leaked; $20M Extortion Attempt Fails https://thehackernews.com/2025/05/coinbase-agents-bribed-data-of-1-users.html 美股也能變加密幣！蘋果、特斯拉代幣將在Kraken交易 https://news.cnyes.com/news/id/5990258 加密幣平台Kraken將推Nvidia、蘋果等代幣化股票 能全天候交易 https://udn.com/news/story/6811/8759792 BitGo 推出「加密貨幣即服務」平台，助金融科技公司和銀行輕鬆為客戶提供加密貨幣服務 https://abmedia.io/bitgo-launches-crypto-as-a-service-platform-to-help-fintechs-and-banks-easily-offer-cryptocurrency-services-to-their-customers 美國大型銀行正「組團發行穩定幣」，防禦加密行業入侵 https://www.blocktempo.com/big-banks-joint-stablecoin-together-into-crypto-war/ 台灣大虛擬資產交易所TWEX上線，主打安全、簡單操作 100元就能買比特幣、乙太幣 https://reurl.cc/5KQ97y 金管會揭虛擬資產保管業務申請近況！4銀行已送件、金管會6月再開放申請 https://www.ithome.com.tw/news/169056 中信、國泰世華等4銀行搶保管比特幣 第2季首案問世 https://money.udn.com/money/story/5613/8753115 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 駭客假冒影片生成模型Kling AI，散布惡意程式 https://www.ithome.com.tw/news/169085 Go語言惡意軟體鎖定Linux主機，濫用Redis組態不當植入挖礦軟體 https://thehackernews.com/2025/05/go-based-malware-deploys-xmrig-miner-on.html 惡意PyPI套件偽裝成加密貨幣Solana工具，意圖竊取開發者原始碼與機密資訊 https://www.ithome.com.tw/news/169026 Kimsuky透過PowerShell酬載散布RAT木馬XWorm https://gbhackers.com/kimsuky-apt-group-deploys-powershell-payloads/ 會自我複製的惡意軟體Dero鎖定Docker容器而來，意圖從事挖礦活動 https://securityonline.info/docker-containers-under-attack-new-self-replicating-dero-cryptominer/ 勒索軟體3AM透過電子郵件轟炸、電話網釣入侵受害組織 https://www.bleepingcomputer.com/news/security/3am-ransomware-uses-spoofed-it-calls-email-bombing-to-breach-networks/ 感染近40萬臺電腦，微軟聯手資安業者及執法單位，摧毀竊資軟體Lumma網路 https://www.ithome.com.tw/news/169101 惡意軟體FrigidStealer假借Safari更新做為誘餌，攻擊macOS用戶 https://www.ithome.com.tw/news/169007 惡意軟體Defendnot冒充防毒軟體而來，並停用Windows內建防毒 https://www.bleepingcomputer.com/news/microsoft/new-defendnot-tool-tricks-windows-into-disabling-microsoft-defender/ 勒索軟體駭客提供密碼管理工具為誘餌，意圖對VMware虛擬化環境下手 https://www.bleepingcomputer.com/news/security/fake-keepass-password-manager-leads-to-esxi-ransomware-attack/ 勒索軟體駭客利用惡意軟體Skitnet進行遠端存取、竊取資料 https://thehackernews.com/2025/05/ransomware-gangs-use-skitnet-malware.html 惡意NPM套件濫用Unicode字元、Google行事曆，隱匿攻擊意圖 https://www.ithome.com.tw/news/169015 勒索軟體INC聲稱攻擊南非航空 https://www.ithome.com.tw/news/169013 中國印表機業者Procolored驅動程式驚傳挾帶惡意軟體XRedRAT、SnipVex https://www.bleepingcomputer.com/news/security/printer-maker-procolored-offered-malware-laced-drivers-for-months/ 300 Servers and €3.5M Seized as Europol Strikes Ransomware Networks Worldwide https://thehackernews.com/2025/05/300-servers-and-35m-seized-as-europol.html PureRAT Malware Spikes 4x in 2025, Deploying PureLogs to Target Russian Firms https://thehackernews.com/2025/05/purerat-malware-spikes-4x-in-2025.html Ransomware Gangs Use Skitnet Malware for Stealthy Data Theft and Remote Access https://thehackernews.com/2025/05/ransomware-gangs-use-skitnet-malware.html 系統資源分析工具RVTools網站遭駭，被用於散布惡意軟體Bumblebee http://thehackernews.com/2025/05/rvtools-official-site-hacked-to-deliver.html RVTools Official Site Hacked to Deliver Bumblebee Malware via Trojanized Installer https://thehackernews.com/2025/05/rvtools-official-site-hacked-to-deliver.html Go-Based Malware Deploys XMRig Miner on Linux Hosts via Redis Configuration Abuse https://thehackernews.com/2025/05/go-based-malware-deploys-xmrig-miner-on.html Chinese Hackers Deploy MarsSnake Backdoor in Multi-Year Attack on Saudi Organization https://thehackernews.com/2025/05/chinese-hackers-deploy-marssnake.html APT36 - In the Wake of Pahalgam Attack & Operation Sindhoor https://otx.alienvault.com/pulse/682741f588c0dcf1525e8550 殭屍網路HTTPBot鎖定Windows裝置而來，對遊戲產業從事DDoS攻擊 https://www.ithome.com.tw/news/169020 New HTTPBot Botnet Launches 200+ Precision DDoS Attacks on Gaming and Tech Sectors https://thehackernews.com/2025/05/new-httpbot-botnet-launches-200.html Fileless Remcos RAT Delivered via LNK Files and MSHTA in PowerShell-Based Attacks https://thehackernews.com/2025/05/fileless-remcos-rat-delivered-via-lnk.html 駭客組織Hazy Hawk濫用DNS組態不當配置，意圖挾持已棄用的受信任網域 https://ithome.com.tw/news/169073 Hazy Hawk Exploits DNS Records to Hijack CDC, Corporate Domains for Malware Delivery https://thehackernews.com/2025/05/hazy-hawk-exploits-dns-records-to.html 100+ Fake Chrome Extensions Found Hijacking Sessions, Stealing Credentials, Injecting Ads https://thehackernews.com/2025/05/100-fake-chrome-extensions-found.html FBI and Europol Disrupt Lumma Stealer Malware Network Linked to 10 Million Infections https://thehackernews.com/2025/05/fbi-and-europol-disrupt-lumma-stealer.html U.S. Dismantles DanaBot Malware Network, Charges 16 in $50M Global Cybercrime Operation https://thehackernews.com/2025/05/us-dismantles-danabot-malware-network.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 惡意PyPI套件利用IG及抖音API，意圖驗證受害者電子郵件信箱有效性 https://thehackernews.com/2025/05/malicious-pypi-packages-exploit.html Malicious PyPI Packages Exploit Instagram and TikTok APIs to Validate User Accounts https://thehackernews.com/2025/05/malicious-pypi-packages-exploit.html 奇虎360與逾五款VPN存祕密關聯 存安全隱患 https://www.epochtimes.com/b5/25/4/1/n14472627.htm 快檢查！65款App違法蒐集個資 愛奇藝、愛剪輯平台全被點名 https://news.pchome.com.tw/science/enews/20250514/index-74721450433550339005.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 歐洲ETSI發布人工智慧系統資安防護基準標準 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11895 針對台積電供應鏈業者萬潤遭駭，勒索軟體駭客組織Bert聲稱從中竊得5 TB內部資料 https://www.ithome.com.tw/news/169053 博通傳出員工資料遭勒索軟體駭客外流，起因是付款系統供應商遭到攻擊 https://www.theregister.com/2025/05/16/broadcom_employee_data_stolen_by/ 資安新聞網站Krebs On Security驚傳遭大規模DDoS攻擊 https://www.ithome.com.tw/news/169091 伊朗駭客SideWinder利用Office已知漏洞從事活動 https://thehackernews.com/2025/05/south-asian-ministries-hit-by.html 研究人員公布Ivanti EPMM零時差漏洞細節，駭客用於散布滲透測試工具、挖掘資料庫內容 https://www.ithome.com.tw/news/169112 中國駭客利用Ivanti EPMM漏洞從事攻擊，對歐美、亞太地區出手 https://www.ithome.com.tw/news/169130 中國駭客鎖定沙烏地阿拉伯而來，散布後門程式MarsSnake https://thehackernews.com/2025/05/chinese-hackers-deploy-marssnake.html 韓國電信業者SK Telecom遭駭調查結果出爐，駭客已埋伏近3年並滲透23臺伺服器 https://www.ithome.com.tw/news/169065 APT28對援助烏克蘭的企業組織下手，從事供應鏈攻擊 https://www.bleepingcomputer.com/news/security/russian-hackers-breach-orgs-to-track-aid-routes-to-ukraine/ CISA Warns of Suspected Broader SaaS Attacks Exploiting App Secrets and Cloud Misconfigs https://thehackernews.com/2025/05/cisa-warns-of-suspected-broader-saas.html 資產管理系統Cityworks零時差漏洞傳出遭到利用，中國駭客對美國地方政府發動攻擊 https://www.ithome.com.tw/news/169134 Chinese Hackers Exploit Trimble Cityworks Flaw to Infiltrate U.S. Government Networks https://thehackernews.com/2025/05/chinese-hackers-exploit-trimble.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 Google揭露攻擊者運用AI真實現況，非挖掘零時差漏洞，而是最常用於社交工程攻擊的強化 https://www.ithome.com.tw/news/168949 Meta to Train AI on E.U. User Data From May 27 Without Consent; Noyb Threatens Lawsuit https://thehackernews.com/2025/05/meta-to-train-ai-on-eu-user-data-from.html Breach Fatalism is Over: Why Identity Threat Prevention Is the Future of Cybersecurity https://thehackernews.com/expert-insights/2025/05/breach-fatalism-is-over-why-identity.html How to Detect Phishing Attacks Faster: Tycoon2FA Example https://thehackernews.com/2025/05/how-to-detect-phishing-attacks-faster.html E.研究報告/工具 中型組織的資安佔 IT 總預算 13.6%，高於 2019 年6% https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11899 2024年亞太企業因API資安事件平均損失逾58萬美元 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11900 Researchers Expose New Intel CPU Flaws Enabling Memory Leaks and Spectre v2 Attacks https://thehackernews.com/2025/05/researchers-expose-new-intel-cpu-flaws.html Why CTEM is the Winning Bet for CISOs in 2025 https://thehackernews.com/2025/05/why-ctem-is-winning-bet-for-cisos-in.html Securing CI/CD workflows with Wazuh https://thehackernews.com/2025/05/securing-cicd-workflows-with-wazuh.html Researchers Expose PWA JavaScript Attack That Redirects Users to Adult Scam Apps https://thehackernews.com/2025/05/researchers-expose-pwa-javascript.html SafeLine WAF: Open Source Web Application Firewall with Zero-Day Detection and Bot Protection https://thehackernews.com/2025/05/safeline-waf-open-source-web.html F.商業 Rust邁向第十年，新版強化匿名管道與安全程式庫設計 https://www.ithome.com.tw/news/169048 Docker要以安全映像檔防護企業生產環境的容器 https://www.ithome.com.tw/news/169041 Check Point揭露新型AI駭客兵團雛型 https://www.ithome.com.tw/news/169016 資安業者Proofpoint宣布買下競爭對手Hornetsecurity https://www.ithome.com.tw/news/168996 Top 10 Best Practices for Effective Data Protection https://thehackernews.com/2025/05/top-10-best-practices-for-effective.html The Crowded Battle: Key Insights from the 2025 State of Pentesting Report https://thehackernews.com/2025/05/the-crowded-battle-key-insights-from.html Google Chrome's Built-in Manager Lets Users Update Breached Passwords with One Click https://thehackernews.com/2025/05/google-chrome-can-now-auto-change.html JPMorgan CISO Spotlights SaaS Security Concerns. What Now https://thehackernews.com/expert-insights/2025/05/jpmorgan-ciso-spotlights-saas-security.html Identity Security Has an Automation Problem—And It's Bigger Than You Think https://thehackernews.com/2025/05/identity-security-has-automation.html Cover Your SaaS: Why SaaS Data Protection is the Foundation of Modern Business https://thehackernews.com/expert-insights/2025/05/cover-your-saas-why-saas-data.html G.政府 資安署25年4月資安月報：資訊蒐集類威脅居首 PIF惡意附件攻擊興起 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11902 臉書遭數發部開罰百萬 民團批「未把關成詐團幫凶」擬告分公司 https://reurl.cc/lz2KqE 特定非公務機關未通報資安事件 最重罰1千萬 https://today.line.me/tw/v2/article/zN17evD 資安法「檢查非公務機關」霸王條款再闖關 美方態度居關鍵 https://reurl.cc/QYgKzo 資安法修正藏禁抖音條款民企亦適用　電視廣播新聞網站遭鎖定 https://www.ctwant.com/article/418595/ 批資安法草案擴權濫授 葛如鈞：資訊安全與自由應並重 https://www.chinatimes.com/realtimenews/20250522004364-260407?chdtv H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 美國太陽能發電採用中國製設備，驚傳埋有惡意元件，有可能讓中國政府遠端控制 https://securityaffairs.com/178005/hacking/rogue-devices-in-chinese-made-power-inverters-used-worldwide.html AutomationDirect旗下Modbus工控閘道設備存在10分漏洞，暫無修補程式 https://securityonline.info/industrial-alert-automationdirect-mb-gateway-flaw-rated-cvss-10-no-software-fix/ D-Link DCS-932L https://nvd.nist.gov/vuln/detail/CVE-2025-4841 https://nvd.nist.gov/vuln/detail/CVE-2025-4842 https://nvd.nist.gov/vuln/detail/CVE-2025-4843 D-Link DI-7003GV2 https://nvd.nist.gov/vuln/detail/CVE-2025-4749 https://nvd.nist.gov/vuln/detail/CVE-2025-4755 D-Link DI-8100 https://nvd.nist.gov/vuln/detail/CVE-2025-4883 機器流量超車人類流量！占比所有網路流量51% https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11891 網路犯罪者全球大規模收集網路基礎設施弱點 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11897 I.教育訓練 資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 臺灣的下一步-國安青年論壇 2025/5/24 https://www.accupass.com/event/2504200843571170341738 【財訊資安論壇】AI時代的資安新解方 2025/5/26 https://www.accupass.com/event/2504150825081036102809 Elastic 資安 AI 實戰 — 攻擊偵測 & 威脅狩獵全攻略 2025/5/28 https://www.accupass.com/event/2504110633451794495661 Google Cloud Summit Taipei 2025/6/12 https://cloudonair.withgoogle.com/events/summit-taipei-2025 API 安全開發指南：漏洞修復與授權管理實務 2025/9/11-2025/9/12 https://www.accupass.com/event/2501021422337978365160