資安事件新聞週報 2025/4/21 ~ 2025/4/25

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2025/4/21 ~ 2025/4/25 1.重大弱點漏洞/後門/Exploit/Zero Day 群暉公布影響NAS機密性的資安漏洞細節 https://www.ithome.com.tw/news/168584 網路上有超過1.6萬臺Fortinet裝置含有符號連結後門 https://www.ithome.com.tw/news/168506 SSH程式庫Erlang/OTP存在風險滿分漏洞，攻擊者有機會未經授權執行任意程式碼 https://hackread.com/researchers-cvss-severity-rce-vulnerability-erlang-otp-ssh/ Erlang/OTP SSH函式庫爆出滿分等級漏洞 https://nvd.nist.gov/vuln/detail/CVE-2025-32433 https://www.ithome.com.tw/news/168538 Erlang/OTP SSH程式庫爆出滿分等級漏洞，攻擊者可未經驗證執行程式碼 https://www.ithome.com.tw/news/168538 CVE-2025-24054 Under Active Attack—Steals NTLM Credentials on File Download https://thehackernews.com/2025/04/cve-2025-24054-under-active.html Kimsuky Exploits BlueKeep RDP Vulnerability to Breach Systems in South Korea and Japan https://thehackernews.com/2025/04/kimsuky-exploits-bluekeep-rdp.html 資料備份與管理平臺Commvault存在滿分重大漏洞，可被用於發動RCE攻擊 https://www.darkreading.com/cyber-risk/max-severity-commvault-bug-researchers Critical Commvault Command Center Flaw Enables Attackers to Execute Code Remotely https://thehackernews.com/2025/04/critical-commvault-command-center-flaw.html New Critical SAP NetWeaver Flaw Exploited to Drop Web Shell, Brute Ratel Framework https://thehackernews.com/2025/04/sap-confirms-critical-netweaver-flaw.html 華碩修補工作站主機板BMC元件的資安重大漏洞 https://www.ithome.com.tw/news/168581 日本知名Web郵件系統Active! Mail爆重大漏洞，已出現攻擊導致服務中斷 https://www.ithome.com.tw/news/168586 日本網頁電子信箱系統存在重大漏洞，駭客用於攻擊當地大型企業組織 https://www.bleepingcomputer.com/news/security/active-mail-rce-flaw-exploited-in-attacks-on-japanese-orgs/ 記憶體資料庫Redis存在高風險漏洞，攻擊者有機會發動阻斷服務攻擊 https://securityonline.info/redis-vulnerability-exposes-servers-to-denial-of-service-attacks/ GCP編輯器工具存在權限提升漏洞，攻擊者可透過PyPI套件觸發 https://thehackernews.com/2025/04/gcp-cloud-composer-bug-let-attackers.html 深度學習框架PyTorch存在重大漏洞，恐被用於RCE攻擊 https://www.ithome.com.tw/news/168537 微軟3月修補的NTLM漏洞危機升溫，至少出現10起實際濫用的攻擊行動 https://www.ithome.com.tw/news/168503 針對微軟4月例行更新修補的權限提升漏洞CVE-2025-21204，研究人員公布細節 https://securityonline.info/cve-2025-21204-system-level-privilege-escalation-in-windows-update-stack-exposed-poc-released/ Windows工作排程工具遭揭多項弱點，恐被濫用於提升SYSTEM權限 https://www.ithome.com.tw/news/168502 2.銀行/金融/保險/證券/金融監理新聞及資安導致藍色當機畫面的RDP漏洞再次出現利用活動，Kimsuky用於攻擊韓國軟體、能源、金融產業 https://www.ithome.com.tw/news/168556 日本警告挾持證券帳號攻擊升溫，駭客網路下單中國股票並洗劫數億美元資產 https://therecord.media/japan-warns-of-unauthorized-trades-hacked-accounts 永豐金證券蟬聯 F-ISAC 證券資安情資分享首獎連兩年居證券組之冠 https://money.udn.com/money/story/5613/8694090?from=edn_newestlist_rank 致力打造安全金融生態系富邦金控三度受邀臺灣資安大會分享 https://udn.com/news/story/7238/8682658 富邦金四戰略守護客戶資安 https://money.udn.com/money/story/5613/8681994?from=edn_related_storybottom 玉山金控科技打詐預先發現警示帳戶 100元捐款最可疑 https://www.storm.mg/lifestyle/5363096 國泰金控：國泰世華CUBE App推出創新「帳戶安全險」用戶保障再加一 https://www.rmim.com.tw/news-detail-42677 騰訊雲支援天星銀行全面採用雲端服務打造更敏捷的數字銀行 https://www.taiwannews.com.tw/zh/news/6094475 臺灣金融韌性再強化，微軟 Azure 助跑銀行 BCDR 上雲行動 https://news.microsoft.com/zh-tw/azure-bcdr/ 3.信用卡/電子支付/行動支付/pay/支付系統/資安北市PAY.TAIPEI擬轉型規畫與LINE Pay牽手 https://reurl.cc/RYYOQr 行動支付可共用QR code了！為何只有LINE PAY不加入？「真實原因」曝光：不是因為市占率高 https://reurl.cc/vQQm8o 7-11結帳系統中午大當機只能收現金統一回應了 https://www.chinatimes.com/realtimenews/20250414002437-260405?chdtv 聯卡中心四大策略啟動六都以外縣市合作計畫推電子支付 https://udn.com/news/story/7239/8622325 「釣魚簡訊綁行動支付」狂盜刷 101.微風.全聯受害 https://reurl.cc/knnq3n 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安主嫌剛入手！幣想科技36交易所遭搜警查扣新改款法拉利 https://reurl.cc/Z441MW 全國最大「幣想科技」遭大搜索　每月助詐團洗錢上億...7人落網 https://www.ettoday.net/news/20250425/2949878.htm 傳北韓駭客在美設公司騙加密貨幣業開發者上當 https://www.rti.org.tw/news/view/id/2247221 川普開綠燈幣圈海撈？川普媒體進軍金融服務推加密貨幣、美國製造ETF https://reurl.cc/1KK0z8 黃仁勳喊「不要加密貨幣」！Nvidia突喊停Arbitrum合作，態度為何大轉彎 https://www.blocktempo.com/nvidia-halts-its-project-collaboration-with-arbitrum-signaling-its-opposition-to-cryptocurrencies/ 巴基斯坦電力過剩，想分給比特幣挖礦及 AI 資料中心 https://technews.tw/2025/04/25/pakistan-turns-to-bitcoin-miners-ai-data-centers-to-use-surplus-power/ 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 惡意NPM套件偽裝Telegram函式庫，植入SSH後門攻擊Linux開發者 https://www.ithome.com.tw/news/168546 研究人員揭露以惡意瀏覽器擴充程式，繞過雲端平臺MFA驗證的Cookie-Bite手法 https://www.ithome.com.tw/news/168580 NPM套件XRP Ledger遭遇供應鏈攻擊，被植入後門程式 https://hackread.com/backdoor-found-in-official-xrp-ledger-npm-package/ 謊稱美國政府效率部，勒索軟體Fog打著政府機構的名號犯案 https://www.ithome.com.tw/news/168543 中國駭客APT41有關的惡意程式伺服器曝光，駭客企圖針對日本知名公司下手 https://securityonline.info/apt41-redgolf-infrastructure-briefly-exposed-fortinet-zero-days-targeted-shiseido/ 伊朗駭客假借徵才名義發動攻擊，對以色列散布惡意軟體MurkyTour https://thehackernews.com/2025/04/iran-linked-hackers-target-israel-with.html 惡意NPM套件藏反向Shell，鎖定電商交易流程滲透伺服器 https://www.ithome.com.tw/news/168510 韓國大型電信業者SK Telecom警告用戶，駭客透過惡意軟體企圖取得USIM敏感資料 https://www.bleepingcomputer.com/news/security/sk-telecom-warns-customer-usim-data-exposed-in-malware-attack/ 惡意軟體鎖定Docker而來，利用Web3服務節點挖礦 https://thehackernews.com/2025/04/docker-malware-exploits-teneo-web3-node.html 殭屍網路RustoBot鎖定Totolink、居易路由器而來，在臺灣、日本、越南、墨西哥發動攻擊 https://www.ithome.com.tw/news/168560 惡意軟體攻擊行動Proton66鎖定重大漏洞而來，散布勒索軟體SuperBlack https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/proton66-part-1-mass-scanning-and-exploit-campaigns/ Node.js惡意軟體攻擊行動鎖定加密貨幣用戶而來，假借提供加密貨幣工具散布惡意酬載 https://thehackernews.com/2025/04/nodejs-malware-campaign-targets-crypto.html Introducing ToyMaker https://blog.talosintelligence.com/introducing-toymaker-an-initial-access-broker/ Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader https://thehackernews.com/2025/04/multi-stage-malware-attack-uses-jse-and.html 殭屍網路XorDDoS透過暴力破解入侵Linux設備，在全球廣泛發動攻擊 https://thehackernews.com/2025/04/experts-uncover-new-xorddos-controller.html Experts Uncover New XorDDoS Controller, Infrastructure as Malware Expands to Docker, Linux, IoT https://thehackernews.com/2025/04/experts-uncover-new-xorddos-controller.html Unmasking the new XorDDoS controller and infrastructure https://blog.talosintelligence.com/unmasking-the-new-xorddos-controller-and-infrastructure/ State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns https://thehackernews.com/2025/04/state-sponsored-hackers-weaponize.html Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery https://thehackernews.com/2025/04/hackers-abuse-russian-bulletproof-host.html APT29 Deploys GRAPELOADER Malware Targeting European Diplomats Through Wine-Tasting Lures https://thehackernews.com/2025/04/apt29-deploys-grapeloader-malware.html Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems https://thehackernews.com/2025/04/rogue-npm-packages-mimic-telegram-bot.html Lotus Panda Hacks SE Asian Governments With Browser Stealers and Sideloaded Malware https://thehackernews.com/2025/04/lotus-panda-hacks-se-asian-governments.html Ripple's xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack https://thehackernews.com/2025/04/ripples-xrpljs-npm-package-backdoored.html Docker Malware Exploits Teneo Web3 Node to Earn Crypto via Fake Heartbeat Signals https://thehackernews.com/2025/04/docker-malware-exploits-teneo-web3-node.html GCP Cloud Composer Bug Let Attackers Elevate Access via Malicious PyPI Packages https://thehackernews.com/2025/04/gcp-cloud-composer-bug-let-attackers.html Iran-Linked Hackers Target Israel with MURKYTOUR Malware via Fake Job Campaign https://thehackernews.com/2025/04/iran-linked-hackers-target-israel-with.html DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks https://thehackernews.com/2025/04/dslogdrat-malware-deployed-via-ivanti.html Lazarus Hits 6 South Korean Firms via Cross EX, Innorix Flaws and ThreatNeedle Malware https://thehackernews.com/2025/04/lazarus-hits-6-south-korean-firms-via.html Linux io_uring PoC Rootkit Bypasses System Call-Based Threat Detection Tools https://thehackernews.com/2025/04/linux-iouring-poc-rootkit-bypasses.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 Apple 揭兩個零時差漏洞遭「高度複雜攻擊」利用 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11837 安卓惡意軟體埋藏於地圖App，鎖定俄羅斯軍隊而來 https://www.bleepingcomputer.com/news/security/russian-army-targeted-by-new-android-malware-hidden-in-mapping-app/ 安卓惡意軟體SuperCard X橫行，透過NFC中繼攻擊竊取信用卡資料 https://www.ithome.com.tw/news/168562 安卓惡意軟體SuperCard X透過NFC中繼攻擊竊取信用卡資料 https://www.bleepingcomputer.com/news/security/supercard-x-android-malware-use-stolen-cards-in-nfc-relay-attacks/ SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks https://thehackernews.com/2025/04/supercard-x-android-malware-enables.html Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp https://thehackernews.com/2025/04/russian-hackers-exploit-microsoft-oauth.html WhatsApp Adds Advanced Chat Privacy to Blocks Chat Exports and Auto-Downloads https://thehackernews.com/2025/04/whatsapp-adds-advanced-chat-privacy-to.html Android Spyware Disguised as Alpine Quest App Targets Russian Military Devices https://thehackernews.com/2025/04/android-spyware-disguised-as-alpine.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 Microsoft 365將預設關閉ActiveX https://www.ithome.com.tw/news/168534 資服業者倍力資訊遭到網路攻擊 https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=181017&SPOKE_DATE=20250423&COMPANY_ID=6874 萬海海運網站遭遇攻擊 https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=203520&SPOKE_DATE=20250418&COMPANY_ID=2615 中壢長慎醫院傳出遭駭客組織NightSpire攻擊，駭客聲稱竊得800 GB資料 https://www.ithome.com.tw/news/168544 萬潤科技部分資訊系統遭受病毒攻擊 https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=225229&SPOKE_DATE=20250420&COMPANY_ID=6187 CISA傳出將停止使用Censys及VirusTotal，恐波及美國政府資安防護能力 https://www.ithome.com.tw/news/168563 CVE漏洞資料庫專案業務一度出現中斷危機，歐盟替代方案受關注 https://www.ithome.com.tw/news/168557 Zoom遠端控制功能遭到濫用，駭客用於洗劫數位資產 https://www.bleepingcomputer.com/news/security/hackers-abuse-zoom-remote-control-feature-for-crypto-theft-attacks/ 中國駭客Mustang Panda鎖定緬甸而來，利用StarProxy存取未與網際網路連線的環境 https://www.ithome.com.tw/news/168528 北韓駭客Lazarus針對6家韓國公司發動水坑式攻擊 https://www.bleepingcomputer.com/news/security/lazarus-hackers-breach-six-companies-in-watering-hole-attacks/ 中國駭客鎖定東南亞而來，透過防毒軟體元件載入作案工具 https://www.security.com/threat-intelligence/billbug-china-espionage 北韓駭客利用俄羅斯基礎設施隱匿行蹤，藉此在歐美國家應徵遠距工作犯案 https://securityonline.info/russian-ip-networks-fuel-north-koreas-global-cybercrime-and-espionage-campaigns/ Google Drops Cookie Prompt in Chrome, Adds IP Protection to Incognito https://thehackernews.com/2025/04/google-drops-cookie-prompt-in-chrome.html Mustang Panda Targets Myanmar With StarProxy, EDR Bypass, and TONESHELL Updates https://thehackernews.com/2025/04/mustang-panda-targets-myanmar-with.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 FIDO 技術成資安亮點 Passkey 引領免密碼新趨勢 https://www.cio.com.tw/89108/ OAuth身分驗證流程遭到濫用，俄羅斯駭客用於挾持M365帳號 https://www.bleepingcomputer.com/news/security/hackers-abuse-oauth-20-workflows-to-hijack-microsoft-365-accounts/ 網釣攻擊濫用Google OAuth，並搭配DKIM中繼手法進行 https://www.bleepingcomputer.com/news/security/phishers-abuse-google-oauth-to-spoof-google-in-dkim-replay-attack/ WordPress廣告詐欺外掛一天產生14億請求 https://www.bleepingcomputer.com/news/security/scallywag-ad-fraud-operation-generated-14-billion-ad-requests-per-day/ DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack https://thehackernews.com/2025/04/dprk-hackers-steal-137m-from-tron-users.html Darcula Adds GenAI to Phishing Toolkit, Lowering the Barrier for Cybercriminals https://thehackernews.com/2025/04/darcula-adds-genai-to-phishing-toolkit.html Chinese Smishing Kit Powers Widespread Toll Fraud Campaign Targeting U.S. Users in 8 States https://thehackernews.com/2025/04/chinese-smishing-kit-behind-widespread.html Phishers Exploit Google Sites and DKIM Replay to Send Signed Emails, Steal Credentials https://thehackernews.com/2025/04/phishers-exploit-google-sites-and-dkim.html Microsoft Secures MSA Signing with Azure Confidential VMs Following Storm-0558 Breach https://thehackernews.com/2025/04/microsoft-secures-msa-signing-with.html Three Reasons Why the Browser is Best for Stopping Phishing Attacks https://thehackernews.com/2025/04/three-reasons-why-browser-is-best-for.html Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers https://thehackernews.com/2025/04/researchers-identify-rackstatic.html E.研究報告/工具 How AI and IoT are Supercharging the DDoS Threat https://thehackernews.com/expert-insights/2025/04/how-ai-and-iot-are-supercharging-ddos.html Why NHIs Are Security's Most Dangerous Blind Spot https://thehackernews.com/2025/04/why-nhis-are-securitys-most-dangerous.html F.商業 Google宣布將保留Chrome中的第三方Cookie https://www.ithome.com.tw/news/168554 備份廠商群起聚焦「備份乾淨度」，固守勒索軟體防護的最後屏障 https://www.ithome.com.tw/news/168555 AI時代的資安攻防：趨勢科技揭「網路犯罪即代理」趨勢 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11825 中芯數據揭CrazyHunter關鍵戰術 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11826 5 Reasons Device Management Isn't Device Trust https://thehackernews.com/2025/04/5-reasons-device-management-isnt-device.html 5 Major Concerns With Employees Using The Browser https://thehackernews.com/2025/04/5-major-concerns-with-employees-using.html Automating Zero Trust in Healthcare: From Risk Scoring to Dynamic Policy Enforcement Without Network Redesign https://thehackernews.com/2025/04/automating-zero-trust-in-healthcare.html G.政府後量子資安產業聯盟成立屆滿一年，數產署頒布專為臺灣設計的PQC遷移指引 https://www.ithome.com.tw/news/168481 資策會導讀臺灣最新出爐的PQC遷移指引，預告兩週後將推出自動化加密盤點工具 https://www.ithome.com.tw/news/168489 審計部：部分機關用資安疑慮、非公務軟體計733項 https://www.epochtimes.com/b5/25/4/25/n14491355.htm 賴清德推資安3大戰略藍議員、學者提2點呼應：軟硬體設施都要升級 https://reurl.cc/1KK0lm 賴總統：打造資安國家隊訂四年計畫 https://money.udn.com/money/story/7307/8676905 推資通安全3大戰略賴清德：目標成資安堅韌之島 https://www.epochtimes.com/b5/25/4/15/n14483282.htm 2025國家資通安全戰略擬建立戰情協同應變中心 https://www.ydn.com.tw/news/newsInsidePage?chapterID=1757160 揪駭客找產品漏洞資安院擬啟動國家級獵捕計畫 https://www.cna.com.tw/news/aie/202503120133.aspx 數發部舉辦政府資安長共識營盼精進國家聯防機制 https://www.cna.com.tw/news/afe/202504150222.aspx 資安署25年3月資安月報：入侵攻擊持續居首 Line偽冒網站威脅增加 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11827 逾20機關遭DDoS攻擊 3月資安事件通報創半年新高 https://www.rti.org.tw/news/view/id/2246434 數發部攜手地方政府　共啟AI智慧治理新篇章 https://ocacnews.net/article/396245 Google攜手臺灣數發部建立夥伴關係黃彥男：公私協力降低台詐騙率 https://news.pchome.com.tw/science/technice/20250425/index-74555081916001338005.html 台灣成Google防詐核心　攜數發部啟動合作 https://tw.nextapple.com/finance/20250425/B0BA3967573E68842C1A9BC30016DCC1 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安啟用AiCloud功能的華碩路由器存在重大漏洞，恐被用於繞過身分驗證流程 https://www.bleepingcomputer.com/news/security/asus-warns-of-critical-auth-bypass-flaw-in-routers-using-aicloud/ ASUS Confirms Critical Flaw in AiCloud Routers; Users Urged to Update Firmware https://thehackernews.com/2025/04/asus-confirms-critical-flaw-in-aicloud.html 卡巴斯基ICS CERT分享對2025年的預測 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11821 華碩智慧物聯網榮獲IEC 62443-4-1認證工控資安再升級 https://news.cnyes.com/news/id/5949575 重大漏洞影響工控設備！企業用戶應立即修復 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11824 I.教育訓練資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 Agile Hsinchu 2025年3月份實體分享 2025/4/27 https://agilecommhc.kktix.cc/events/agilehsinchu20250427 AI 時代的資安新挑戰：如何讓開發更快速、更安全 2025/5/15 https://www.accupass.com/event/2503170831057559152230 Google Cloud Summit Taipei 2025/6/12 https://cloudonair.withgoogle.com/events/summit-taipei-2025 API 安全開發指南：漏洞修復與授權管理實務 2025/9/11-2025/9/12 https://www.accupass.com/event/2501021422337978365160