###### tags: `資安事件新聞週報` # 資安事件新聞週報 2024/12/16 ~ 2024/12/20 1.重大弱點漏洞/後門/Exploit/Zero Day 2.5萬臺SonicWall的SSL VPN設備存在重大漏洞 https://www.bleepingcomputer.com/news/security/over-25-000-sonicwall-vpn-firewalls-exposed-to-critical-flaws/ Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits https://thehackernews.com/2024/12/fortinet-warns-of-critical-fortiwlm.html Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools https://thehackernews.com/2024/12/hackers-exploiting-critical-fortinet.html Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation https://thehackernews.com/2024/12/sophos-fixes-3-critical-firewall-flaws.html Windows Common Log File System 驅動程式特權提升漏洞 https://nvd.nist.gov/vuln/detail/CVE-2024-49138 Microsoft 推出 2024 年 12月 Patch Tuesday 每月例行更新修補包 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11459 針對微軟今年6月修補的Windows核心模式驅動程式漏洞，美國警告已被用於攻擊 https://www.ithome.com.tw/news/166575 微軟資料整合服務Azure Data Factory存在漏洞Dirty DAG，整合的工作流程管理平臺Apache Airflow恐曝險 https://unit42.paloaltonetworks.com/azure-data-factory-apache-airflow-vulnerabilities/ IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities https://www.ibm.com/support/pages/node/7179506 Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected https://thehackernews.com/2024/12/patch-alert-critical-apache-struts-flaw.html Apache Struts存在重大層級的RCE漏洞，已有攻擊者試圖找出存在弱點的應用程式 https://www.ithome.com.tw/news/166558 390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits https://thehackernews.com/2024/12/390000-wordpress-credentials-stolen-via.html 「芝麻開門」漏洞威脅全球數萬台連網設備 中國銳捷網路雲平台遭爆嚴重安全漏洞 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11471 資安業者BeyondTrust修補遠端管理工具重大漏洞，若不處理攻擊者可注入命令得到網站使用者權限 https://thehackernews.com/2024/12/beyondtrust-issues-urgent-patch-for.html CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List https://thehackernews.com/2024/12/cisa-adds-critical-flaw-in-beyondtrust.html 2.銀行/金融/保險/證券/金融監理 新聞及資安 俄推金磚之橋 楊金龍：SWIFT不受影響、台灣不會被邊緣化 https://www.ctee.com.tw/news/20241212701269-430301 央行楊金龍：台灣跨境支付　不因地緣政治被邊緣化 https://finance.ettoday.net/news/2872520 銀行金融檢查 防制詐騙與資安成重點 https://udn.com/news/story/7239/8436847 DORA 新法規上路！歐盟金融機構須加強網路韌性 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11479 落實永續治理 打造資安堡壘 保障客戶權益 富邦人壽率先獲得NIST CSF認證，引領台灣金融業資安新標竿 https://reurl.cc/O5Mqr7 兆豐銀行首推「68017簡碼簡訊」 樹立數位金融防詐新標竿 https://www.mypeoplevol.com/Article/82637 金融 AI 應用的潛在風險 建立治理與問責機制 https://reurl.cc/xpa0v1 凱基行動銀行APP推QR Code收付款 https://news.pchome.com.tw/living/cna/20241220/index-17346779206744018009.html#google_vignette 香港銀行明年推「智安存」防騙 金管局擬讓存戶停高風險網上銀行功能 https://reurl.cc/5DvqRn 3.信用卡/電子支付/行動支付/pay/支付系統/資安 假買家詐騙! 女:帳戶被別手機連綁2行動支付 https://reurl.cc/b3VRDy 行動支付還能節能減碳做公益 https://www.gvm.com.tw/article/117472 中國移動支付便利度 9成外籍旅客肯定 99%願推薦遊中國 https://udn.com/news/story/7332/8435431 新研究：電子支付切斷了人與現金之間的情感 https://www.ntdtv.com/b5/2024/12/19/a103939319.html 2025金檢109項！金管會瞄準五大重點 電支新增納入 https://reurl.cc/d1n5nD 北上電子支付｜境外APP可掃微信收款碼　4大香港電子錢包支援　須綁定銀聯卡 https://reurl.cc/XZGkG3 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 FT：北韓2024年藉加密貨幣駭客竊走13.4億美元 創史上新高 https://www.rti.org.tw/news/view/id/2232127 加密貨幣駭客攻擊暴增 全年損失逾720億 https://ec.ltn.com.tw/article/breakingnews/4899049 鮑爾不想涉入川普加密貨幣儲備計畫 比特幣下殺 https://today.line.me/tw/v2/article/oqQ2rn6 下個加密貨幣ETF不是SOL？彭博分析師：HBAR、LTC明年有望先上 https://www.blocktempo.com/bloomberg-analyst-more-cryptocurrency-etfs-to-come-next-year/ 幣圈知名媒體：北京或將解除比特幣交易禁令 https://www.ntdtv.com/b5/2024/12/18/a103938878.html 台灣虛擬資產合規元年將至！加密貨幣交易所BTCC市場發展總監：專法的推進是市場成熟的標誌 https://reurl.cc/Q5R3Z2 日本自民黨推動加密貨幣稅改革，提議實施20%的單獨稅率 https://www.panewslab.com/zh_hk/articledetails/917yrgj8.html 美聯儲釋放鷹派引發 4000 億美元加密貨幣拋售，模因幣 ETH、SOL 價格下跌 https://www.fxstreet.hk/news/jin-ri-jia-mi-huo-bi-mei-lian-chu-shi-fang-ying-pai-yin-fa-4000-yi-mei-yuan-jia-mi-huo-bi-pao-shou-mo-yin-bi-eth-sol-jia-ge-xia-die-202412200327 戒嚴還在收聽加密貨幣 AMA 的韓國前國會議員，因隱匿加密貨幣資產遭求刑六個月 https://abmedia.io/south-korea-stacks-ama-crypto Google Willow量子晶片與比特幣的關聯 為何讓金融業開始動起來 https://www.technice.com.tw/techmanage/infosecurity/155853/ 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 新型惡意程式IOCONTROL可入侵多種物聯網和工控系統設備 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11469 伊朗駭客鎖定美國、以色列關鍵基礎設施，散布工控惡意軟體Iocontrol https://www.ithome.com.tw/news/166533 報告：開源惡意程式碼數量較2023年暴增200% https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11462 惡意軟體HiatusRAT鎖定網路攝影機及DVR而來，在美、加、澳、紐、英5國發動大規模攻擊 https://www.ithome.com.tw/news/166578 惡意軟體Hiatus鎖定網路攝影機及DVR而來 https://www.bleepingcomputer.com/news/security/fbi-spots-hiatusrat-malware-attacks-targeting-web-cameras-dvrs/ 德國封鎖預載於安卓物聯網裝置的惡意軟體BadBox，感染設備至少3萬臺 https://www.ithome.com.tw/news/166548 為迴避偵測，攻擊者利用WebView2元件散布惡意程式CoinLurker https://thehackernews.com/2024/12/hackers-exploit-webview2-to-deploy.html 寶獅汽車法國經銷商傳出遭勒索軟體Cicada3301攻擊 https://hackread.com/cicada3301-ransomware-french-peugeot-dealership/ 針對Cleo旗下MFT檔案共享系統的零時差漏洞攻擊，勒索軟體Clop聲稱是他們所為 https://www.ithome.com.tw/news/166535 Linux惡意程式Pumakit利用隱身手法埋藏在系統運作 https://www.ithome.com.tw/news/166529 New Yokai Side-loaded Backdoor Targets Thai Officials https://github.com/netskopeoss/NetskopeThreatLabsIOCs/tree/main/Malware/Yokai/IOCs Thai Officials Targeted in Yokai Backdoor Campaign Using DLL Side-Loading Techniques https://thehackernews.com/2024/12/thai-officials-targeted-in-yokai.html Widespread Exploitation of Cleo File Transfer Software https://www.rapid7.com/blog/post/2024/12/10/etr-widespread-exploitation-of-cleo-file-transfer-software-cve-2024-50623/ 黏接PHP框架、增加隱匿度，中國駭客APT41打造PHP木馬程式Glutton https://www.ithome.com.tw/news/166541 New Glutton Malware Exploits Popular PHP Frameworks Like Laravel and ThinkPHP https://thehackernews.com/2024/12/new-glutton-malware-exploits-popular.html 德國封鎖預載於安卓物聯網裝置的惡意軟體BadBox https://www.bleepingcomputer.com/news/security/germany-blocks-badbox-malware-loaded-on-30-000-android-devices/ Germany Disrupts BADBOX Malware on 30,000 Devices Using Sinkhole Action https://thehackernews.com/2024/12/germany-disrupts-badbox-malware-on.html Bitter APT Targets Turkish Defense Sector with WmRAT and MiyaRAT Malware https://thehackernews.com/2024/12/bitter-apt-targets-turkish-defense.html Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection https://thehackernews.com/2024/12/hackers-exploit-webview2-to-deploy.html The Mask APT Resurfaces with Sophisticated Multi-Platform Malware Arsenal https://thehackernews.com/2024/12/the-mask-apt-resurfaces-with.html CISA and FBI Raise Alerts on Exploited Flaws and Expanding HiatusRAT Campaign https://thehackernews.com/2024/12/cisa-and-fbi-raise-alerts-on-exploited.html Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware https://thehackernews.com/2024/12/attackers-exploit-microsoft-teams-and.html Iran-Linked IOCONTROL Malware Targets SCADA and Linux-Based IoT Platforms https://thehackernews.com/2024/12/iran-linked-iocontrol-malware-targets.html Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware https://thehackernews.com/2024/12/lazarus-group-spotted-targeting-nuclear.html Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack https://thehackernews.com/2024/12/rspack-npm-packages-compromised-with.html Thousands Download Malicious npm Libraries Impersonating Legitimate Tools https://thehackernews.com/2024/12/thousands-download-malicious-npm.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 UAC-0125 Abuses Cloudflare Workers to Distribute Malware Disguised as Army+ App https://thehackernews.com/2024/12/uac-0125-abuses-cloudflare-workers-to.html 安卓間諜軟體NoviSpy疑鎖定高通零時差漏洞而來 https://www.bleepingcomputer.com/news/security/new-android-novispy-spyware-linked-to-qualcomm-zero-day-bugs/ 俄羅斯駭客Gamaredon假借提供三星防護App為幌子，散布間諜軟體BoneSpy、PainGnome https://www.bleepingcomputer.com/news/security/russian-cyberspies-target-android-users-with-new-spyware/ C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 半導體業者盛群證實MCU競賽網站遭受網路攻擊 https://mops.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=172608&SPOKE_DATE=20241218&COMPANY_ID=6202 美國傳出打算以國家安全為由禁止政府部門使用TP-Link路由器，起因是這類設備被中國駭客納入殭屍網路用於攻擊行動 https://www.bleepingcomputer.com/news/security/us-considers-banning-tp-link-routers-over-cybersecurity-risks/ 曾攻擊臺灣無人機廠商的中國駭客組織Tidrone，今年下半開始鎖定韓國企業ERP軟體進攻 https://www.ithome.com.tw/news/166562 塞爾維亞記者遭到Pegasus監控，駭客利用零點擊HomeKit漏洞入侵 https://securityonline.info/zero-click-homekit-exploit-used-to-spy-on-serbian-journalists/ 泰國政府官員遭到鎖定，駭客利用檔案系統的資料流傳遞後門Yokai https://www.ithome.com.tw/news/166544 中國駭客鎖定東南亞而來，針對政府機關、航太、電信業者下手 https://thehackernews.com/2024/12/researchers-uncover-espionage-tactics.html Ukrainian Minors Recruited for Cyber Ops and Reconnaissance in Russian Airstrikes https://thehackernews.com/2024/12/ukrainian-minors-recruited-for-cyber.html APT29 Hackers Target High-Value Victims Using Rogue RDP Servers and PyRDP https://thehackernews.com/2024/12/apt29-hackers-target-high-value-victims.html INTERPOL Pushes for "Romance Baiting" to Replace "Pig Butchering" in Scam Discourse https://thehackernews.com/2024/12/interpol-pushes-for-romance-baiting-to.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 初始入侵管道掮客聲稱握有4.5 TB思科遭竊資料 https://hackread.com/hackers-leak-partial-cisco-data-4-5tb-exposed-records/ 微軟Teams被用於電話網釣，駭客意圖散布RAT木馬DarkGate https://www.darkreading.com/cyberattacks-data-breaches/vishing-via-microsoft-teams-spreads-darkgate-rat 逾39萬筆WordPress帳密遭竊，攻擊者利用網釣與夾帶後門程式的身分檢查器進行滲透 https://www.ithome.com.tw/news/166539 逾39萬WordPress帳密資料遭竊，起因是軟體供應鏈攻擊 https://www.bleepingcomputer.com/news/security/390-000-wordpress-accounts-stolen-from-hackers-in-supply-chain-attack/ 出現鎖定NetScaler登入的密碼潑灑攻擊，Citrix警告系統恐遭滲透，也可能因身分驗證負擔過大而癱瘓 https://www.ithome.com.tw/news/166534 Meta Fined €251 Million for 2018 Data Breach Impacting 29 Million Accounts https://thehackernews.com/2024/12/meta-fined-251-million-for-2018-data.html New Investment Scam Leverages AI, Social Media Ads to Target Victims Worldwide https://thehackernews.com/2024/12/new-investment-scam-leverages-ai-social.html DeceptionAds Delivers 1M+ Daily Impressions via 3,000 Sites, Fake CAPTCHA Pages https://thehackernews.com/2024/12/deceptionads-delivers-1m-daily.html Dutch DPA Fines Netflix €4.75 Million for GDPR Violations Over Data Transparency https://thehackernews.com/2024/12/dutch-dpa-fines-netflix-475-million-for.html HubPhish Abuses HubSpot Tools to Target 20,000 European Users for Credential Theft https://thehackernews.com/2024/12/hubphish-exploits-hubspot-tools-to.html DoJ Indicts 14 North Koreans for $88M IT Worker Fraud Scheme Over Six Years https://thehackernews.com/2024/12/doj-indicts-14-north-koreans-for-88m-it.html E.研究報告/工具 針對AI隱私保護與安全分析需求，Anthropic發布Claude使用分析系統Clio https://www.ithome.com.tw/news/166538 臺灣資安研究員揭露視窗應用程式的ANSI漏洞WorstFit，攻擊者有機會用來執行任意程式碼 https://www.blackhat.com/eu-24/briefings/schedule/#worstfit-unveiling-hidden-transformers-in-windows-ansi-42637 5 Practical Techniques for Effective Cyber Threat Hunting https://thehackernews.com/2024/12/5-practical-techniques-for-effective.html Data Governance in DevOps: Ensuring Compliance in the AI Era https://thehackernews.com/2024/12/data-governance-in-devops-ensuring.html CISA Mandates Cloud Security for Federal Agencies by 2025 Under Binding Directive 25-01 https://thehackernews.com/2024/12/cisa-mandates-cloud-security-for.html F.商業 Fortinet預測2025資安趨勢：AI驅動攻防升級，專業化攻擊鏈成焦點 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11463 推動區域標準化 亞太數位身份聯盟 (APDI) 日本舉辦正式成立大會 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11467 趨勢科技公布2025資安預測：AI驅動的威脅崛起 中小企業資安風險升溫 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11475 新的PQC加密將讓攻擊者有機可趁，Palo Alto Networks強調網路安全產品也要識別隱藏於加密流量的網路威脅 https://www.ithome.com.tw/news/166540 Palo Alto Networks展現資安平臺大一統的產品發展趨勢，陸續納入雲端SIEM與企業瀏覽器技術 https://www.ithome.com.tw/news/166553 IDC公布2025年臺灣ICT市場五大關鍵趨勢預測，企業將重視建立AI BOM清單來強化資安防護力 https://www.ithome.com.tw/news/166500 資安業者Arctic Wolf傳出買下EDR業者Cylance https://techcrunch.com/2024/12/12/researchers-find-security-flaws-in-skoda-cars-that-may-let-hackers-remotely-track-them/ Not Your Old ActiveState: Introducing our End-to-End OS Platform https://thehackernews.com/2024/12/not-your-old-activestate-introducing.html ONLY Cynet Delivers 100% Protection and 100% Detection Visibility in the 2024 MITRE ATT&CK Evaluation https://thehackernews.com/2024/12/only-cynet-delivers-100-protection-and.html How to Generate a CrowdStrike RFM Report With AI in Tines https://thehackernews.com/2024/12/how-to-generate-crowdstrike-rfm-report.html G.政府 臺美資安合作升級！臺灣首度參與美國政府CISA網路風暴資安演練 https://www.ithome.com.tw/news/166595 深化國際聯防 數發部首次參與美國網路風暴演練、因應未來重大資安事件 https://reurl.cc/26YgL4 數發部職場霸凌調查完成：兩案成立 司長、副署長降為非管理職 https://reurl.cc/p93yLl 持續強化基建韌性　落實資安即國安 法規推高防禦力　打消駭客意圖 https://www.netadmin.com.tw/netadmin/zh-tw/viewpoint/09AF0F9742704E30A1A7CB9F32F14A36#google_vignette H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection https://thehackernews.com/2024/12/critical-openwrt-vulnerability-exposes.html 福斯車載資訊系統存在漏洞，攻擊者有機會遠端控制、跟蹤車輛位置 https://www.ithome.com.tw/news/166588 居易路由器設備存在零時差漏洞，傳出已被用於發動勒索軟體攻擊，逾300個企業組織受害 https://www.securityweek.com/undocumented-draytek-vulnerabilities-exploited-to-hack-hundreds-of-orgs/ 夏普無線基地臺存在重大漏洞，日本政府呼籲用戶應儘速更新韌體 https://securityonline.info/multiple-vulnerabilities-in-sharp-routers-demand-urgent-firmware-updates/ 美國針對水利設施提出警告，管理者應儘速處理曝露在網際網路的HMI https://www.ithome.com.tw/news/166561 福斯車載資訊系統存在漏洞，攻擊者有機會遠端控制、跟蹤車輛位置 https://techcrunch.com/2024/12/12/researchers-find-security-flaws-in-skoda-cars-that-may-let-hackers-remotely-track-them/ I.教育訓練 資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 Advanced Scrum Case Study 2024/12/21 https://www.meetup.com/silicon-valley-professional-scrum-bangkok/events/ghffptygcqbcc/ Saturday AI Chat: Insights with Zack Lim 2024/12/21 https://www.meetup.com/internet-entrepreneurs-network-vietnam/events/304628647/ “团队敏捷教练进阶课程” 12月21-22日 · A-CSM认证周末班 2024/12/21-2024/12/22 https://www.meetup.com/shanghai-agile-scrum-user-group/events/304244914/ Focus and Take Action - Entrepreneurs and Digital Nomads 2024/12/22 https://www.meetup.com/taipei-accountability-group/events/rjcdptygcqbdc/ [HOLD] An Exciting Flutter Meetup! (Flutter Meetup #20) 2024/12/24 https://www.meetup.com/flutter-taipei/events/304666982/ Algorithms Study Group! 2024/12/24 https://www.meetup.com/codeseoul/events/vgfcptygcqbgc/ Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/12/24 https://www.meetup.com/taiwan-code-camp/events/xfxtjtygcqbgc/ Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/12/25 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/bmzxltygcqbhc/ “全球金牌敏捷课程” - CSM认证（周末班）2024/12/28 https://www.meetup.com/shanghai-agile-scrum-user-group/events/304806511/ Focus and Take Action - Entrepreneurs and Digital Nomads 2024/12/29 https://www.meetup.com/taipei-accountability-group/events/rjcdptygcqbmc/ SecondLook Discussions 2024/12/29 https://www.meetup.com/secondlook-bangkok/events/pbfdptygcqbmc/ Algorithms Study Group! 2024/12/31 https://www.meetup.com/codeseoul/events/vgfcptygcqbpc/