###### tags: `資安事件新聞週報` # 資安事件新聞週報 2025/9/22 ~ 2025/9/26 1.重大弱點漏洞/後門/Exploit/Zero Day 美國 CISA 確認持續支援 CVE 計畫　強調「品質時代」發展重點 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12245 SonicWall緊急釋出SMA 100系列更新，防範Rootkit程式Overstep攻擊 https://www.ithome.com.tw/news/171356 思科警告IOS/IOS XE軟體發生零時差漏洞攻擊 https://www.ithome.com.tw/news/171371 思科ASA防火牆傳重大風險零時差漏洞攻擊 https://www.ithome.com.tw/news/171393 Cisco ASA Firewall Zero-Day Exploits Deploy RayInitiator and LINE VIPER Malware https://thehackernews.com/2025/09/cisco-asa-firewall-zero-day-exploits.html Urgent: Cisco ASA Zero-Day Duo Under Attack; CISA Triggers Emergency Mitigation Directive https://thehackernews.com/2025/09/urgent-cisco-asa-zero-day-duo-under.html Microsoft Entra ID重大漏洞曝光 駭客可劫持全球企業租戶 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12258 微軟修補Entra ID滿分漏洞，攻擊者有機會透過舊版Azure AD Graph API在任意租戶隨意讀寫 https://www.ithome.com.tw/news/171346 微軟修補Entra ID滿分漏洞，攻擊者有機會透過舊版Azure AD Graph API挖掘憑證 https://www.bleepingcomputer.com/news/security/microsoft-entra-id-flaw-allowed-hijacking-any-companys-tenant/ Microsoft Patches Critical Entra ID Flaw Enabling Global Admin Impersonation Across Tenants https://thehackernews.com/2025/09/microsoft-patches-critical-entra-id.html 微軟對歐盟Windows 10消費者提供免費ESU https://www.ithome.com.tw/news/171391 MFT系統GoAnywhere存在滿分漏洞，恐被用於命令注入攻擊 https://www.bleepingcomputer.com/news/security/fortra-warns-of-max-severity-flaw-in-goanywhere-mfts-license-servlet/ Fortra Releases Critical Patch for CVSS 10.0 GoAnywhere MFT Vulnerability https://thehackernews.com/2025/09/fortra-releases-critical-patch-for-cvss.html Fortra GoAnywhere CVSS 10 Flaw Exploited as 0-Day a Week Before Public Disclosure https://thehackernews.com/2025/09/fortra-goanywhere-cvss-10-flaw.html Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials https://thehackernews.com/2025/09/hackers-exploit-pandoc-cve-2025-51591.html State-Sponsored Hackers Exploiting Libraesva Email Security Gateway Vulnerability https://thehackernews.com/2025/09/state-sponsored-hackers-exploiting.html Cisco Warns of Actively Exploited SNMP Vulnerability Allowing RCE or DoS in IOS Software https://thehackernews.com/2025/09/cisco-warns-of-actively-exploited-snmp.html OpenAI修復ChatGPT Deep Research重大漏洞 駭客可零點擊竊取敏感資料 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12256 SolarWinds修補IT服務臺產品重大層級漏洞，若不處理可被用於遠端執行任意程式碼 https://thehackernews.com/2025/09/solarwinds-releases-hotfix-for-critical.html Supermicro基板管理控制器存在弱點，恐被用於部署後門 https://www.bleepingcomputer.com/news/security/new-supermicro-bmc-flaws-can-create-persistent-backdoors/ 針對Ivanti今年5月修補的行動裝置管理平臺漏洞，傳出中國駭客將其用於實際攻擊行動 https://www.bleepingcomputer.com/news/security/cisa-exposes-malware-kits-deployed-in-ivanti-epmm-attacks/ 2.銀行/金融/保險/證券/金融監理 新聞及資安 越南國家信用資訊中心傳出遭ShinyHunters攻擊，駭客聲稱竊得1.6億筆記錄 https://www.ithome.com.tw/news/171314 富邦金控啟動技術人才升級 攜手 CloudMile 萬里雲培育金融轉型關鍵人才 https://www.thehubnews.net/archives/551208 從資安到合規：台灣金融業安全導入穩定幣與鏈上結算的必經之路 https://www.ctee.com.tw/news/20250918700139-439901 金管會最新統計 半導體與金融業名列資安險投資前兩大產業 https://udn.com/news/story/7239/9013938 金管會出手！成立亞資策進會 「金融市場卓越計畫」首度曝光 https://udn.com/news/story/7239/9018482 金控旗下期貨商可開證券戶 https://money.udn.com/money/story/5613/9024934 金控子公司間共銷辦法放寬證券業務　擬於年底前上路 https://www.cna.com.tw/news/afe/202509230342.aspx 「祖父級」程式碼撐起現代金融，英國銀行業隱憂浮現 https://technews.tw/2025/09/23/uk-banks-still-run-software-code-written-more-than-60-years-ago/ 凱基銀行推阻詐利器 積極守護民眾資產 「受款人戶名顯示」提高轉帳警覺 https://www.cna.com.tw/postwrite/chi/413414 中國六大國有銀行集體廢除監事會 公司治理迎來新變革 https://news.cnyes.com/news/id/6169697 跨銀行的金融Fast-ID 首波打頭陣的7家名單看這裡 https://udn.com/news/story/7239/9029683 打詐新措施！銀行轉帳將揭露受款人戶名 9月底前32家銀行率先上線 https://money.udn.com/money/story/5613/9009214 3.信用卡/電子支付/行動支付/pay/支付系統/資安 全盈支付提供電子支付 綁住消費力 https://udn.com/news/story/7239/9022417 十年磨一劍！電子支付公會10/1正式成立 金管會賦予三大任務 https://news.cnyes.com/news/id/6157097 香港证监会支持新电子交易平台发展，扩大代币化市场准入 https://www.binance.com/zh-TC/square/post/09-26-2025-30188047218057 淘寶香港站重新納八達通支付　分手近7年終復合、聯手推300減15優惠 https://reurl.cc/axY9yl Tally Solutions與印度銀行合作夥伴，以簡化和自動化中小企業的大眾電子付款 https://reurl.cc/ZNkGxA 黑客入侵韓國樂天信用卡 本月15萬客戶停用或註銷 https://www.ntdtv.com/b5/2025/09/24/a104023062.html iframe Security Exposed: The Blind Spot Fueling Payment Skimmer Attacks https://thehackernews.com/2025/09/iframe-security-exposed-blind-spot.html 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 美國金融業大變革：紐約州推動銀行數位資安升級，區塊鏈分析成反洗錢新利器 https://www.forecastock.tw/article/cmoneyairesearcher-2cb89b14-93f0-11f0-a371-6371df6dc26e 穆迪：新興市場採用加密貨幣或對金融韌性構成風險 https://m.cnyes.com/news/id/6169975 韓星黃正音挪用公款投資加密貨幣獲緩刑，凸顯韓國炒幣狂潮 https://blockcast.it/2025/09/26/korean-actor-hwang-jung-eum-get-suspended-prison-amid-3-million-crypto-theif/ 加密秩序重構：6大變遷重塑行業格局 https://news.cnyes.com/news/id/6169978 Bybit卡推出面向旅行者的史詩級全球加密貨幣挑戰賽，頭獎價值3萬個泰達幣 https://www.taiwannews.com.tw/zh/news/6208349 Bybit加密貨幣洞察報告：Aster與Hyperliquid在永續合約去中心化交易所熱潮中展開對決 https://news.pchome.com.tw/internation/xpm/20250925/index-17587728008936460011.html 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 嚴重影響歐洲多座機場營運的資安事故證實是勒索軟體攻擊，英國目前逮捕一名涉案中年男子 https://www.ithome.com.tw/news/171401 歐洲多座機場因網路攻擊影響航班運作，矛頭指向登機系統可能遭駭 https://www.ithome.com.tw/news/171330 發動勒索軟體攻擊影響歐洲多座機場營運的兇手找到了！英國逮捕40歲嫌犯 https://uk%20arrests%20suspect%20for%20rtx%20ransomware%20attack%20causing%20airport%20disruptions/ 針對週末歐洲多個機場登機系統服務中斷事故，歐盟當局透露是勒索軟體攻擊所致 https://www.ithome.com.tw/news/171344 俄羅斯駭客APT28結合隱寫術、雲端C2從事新一波惡意軟體感染活動 https://thecyberexpress.com/apt28-recent-campaign-infection-chain/ 殭屍網路ShadowV2鎖定AWS環境的Docker容器，綁架用於提供受僱型DDoS攻擊服務 https://www.ithome.com.tw/news/171361 惡意軟體MalTerminal結合GPT-4，能動態產生勒索軟體、反向Shell程式碼 https://thehackernews.com/2025/09/researchers-uncover-gpt-4-powered.html 俄羅斯殭屍網路透過存在弱點的DNS組態，意圖綁架Mikro路由器 https://gbhackers.com/new-botnet-exploits-dns-flaws/ 北韓駭客鎖定加密貨幣業者而來，透過ClickFix網釣散布惡意軟體BeaverTail https://thehackernews.com/2025/09/dprk-hackers-use-clickfix-to-deliver.html 勒索軟體Kawa4096鎖定跨國企業而來，意圖竊取敏感資料 https://gbhackers.com/kawa4096-ransomware/ GitHub官方通知系統遭濫用，駭客以此傳遞惡意連結及有效酬載 https://gbhackers.com/github-notifications/ 資安業者揭露疑似全球最早的LLM驅動惡意程式MalTerminal https://www.ithome.com.tw/news/171338 惡意軟體GPUGate鎖定西歐IT業者而來，透過GPU晶片系統資訊迴避沙箱及VM https://www.ithome.com.tw/news/171179 中國駭客Mustang Panda鎖定泰國政府而來，散布USB蠕蟲SnakeDisk意圖滲透隔離網路環境 https://www.ithome.com.tw/news/171315 竊資軟體Xcseet鎖定macOS開發人員而來，並透過Xcode專案散布 https://www.bleepingcomputer.com/news/security/microsoft-warns-of-new-xcsset-macos-malware-variant-targeting-xcode-devs/ 密碼管理服務業者LastPass遭冒名，駭客設置GitHub儲存庫散布竊資軟體 https://www.ithome.com.tw/news/171349 LastPass Warns of Fake Repositories Infecting macOS with Atomic Infostealer https://thehackernews.com/2025/09/lastpass-warns-of-fake-repositories.html Researchers Uncover GPT-4-Powered MalTerminal Malware Creating Ransomware, Reverse Shell https://thehackernews.com/2025/09/researchers-uncover-gpt-4-powered.html UNC1549 Hacks 34 Devices in 11 Telecom Firms via LinkedIn Job Lures and MINIBIKE Malware https://thehackernews.com/2025/09/unc1549-hacks-34-devices-in-11-telecom.html ShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoS-for-Hire Service https://thehackernews.com/2025/09/shadowv2-botnet-exploits-misconfigured.html BadIIS Malware Spreads via SEO Poisoning — Redirects Traffic, Plants Web Shells https://thehackernews.com/2025/09/badiis-malware-spreads-via-seo.html ComicForm and SectorJ149 Hackers Deploy Formbook Malware in Eurasian Cyberattacks https://thehackernews.com/2025/09/comicform-and-sectorj149-hackers-deploy.html New YiBackdoor Malware Shares Major Code Overlaps with IcedID and Latrodectus https://thehackernews.com/2025/09/new-yibackdoor-malware-shares-major.html Two New Supermicro BMC Bugs Allow Malicious Firmware to Evade Root of Trust Security https://thehackernews.com/2025/09/two-new-supermicro-bmc-bugs-allow.html Malicious Rust Crates Steal Solana and Ethereum Keys — 8,424 Downloads Confirmed https://thehackernews.com/2025/09/malicious-rust-crates-steal-solana-and.html Vane Viper Generates 1 Trillion DNS Queries to Power Global Malware and Ad Fraud Network https://thehackernews.com/2025/09/vane-viper-generates-1-trillion-dns.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 美國特勤局拆除由逾10萬張SIM卡組成的貓池 https://www.ithome.com.tw/news/171360 Pixel 10相機與相簿啟用C2PA內容憑證，建立可驗證的拍攝與編輯鏈 https://www.ithome.com.tw/news/171173 自研WiFi晶片不給力？蘋果iPhone 17手機被爆定期斷連 https://hao.cnyes.com/post/196574 LINE被盜用快刪除APP？官方教你一鍵救回帳號 報告還原網傳「中鏢解方」 https://reurl.cc/ek2Elm Google App 將推出通話錄音功能！使用條件曝光 https://3c.ltn.com.tw/news/63383 C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 Cloudflare緩解22.2 Tbps新一波DDoS攻擊 https://www.ithome.com.tw/news/171359 Oracle Database Scheduler遭到鎖定，駭客以此滲透企業網路環境 https://gbhackers.com/oracle-database-scheduler/ 太歲頭上動土，駭客假冒FBI網路犯罪投訴中心 https://www.ithome.com.tw/news/171331 橫掃47家美企與倫敦交通局，兩名Scattered Spider成員被捕，恐面臨95年徒刑 https://www.ithome.com.tw/news/171291 駭客鎖定IIS伺服器而來，利用BadIIS模組推送惡意內容 https://gbhackers.com/iis-servers/ 英國車廠Jaguar Land Rover遭網攻，宣布停產延長到10月初 https://www.ithome.com.tw/news/171354 伊朗駭客Nimbus Manticore鎖定西歐而來，攻擊國防製造、電信、航空業 https://research.checkpoint.com/2025/nimbus-manticore-deploys-new-malware-targeting-europe/ 針對APT41攻擊與美中貿易談判有關的政府機關、智庫、學者，資安業者Proofpoint揭露相關細節 https://www.ithome.com.tw/news/171317 中國駭客Salt Typhoon鎖定電信基礎設施，範圍涵蓋臺灣、美國、歐盟 https://gbhackers.com/state-sponsored-hackers/ 中國駭客RedNovember網路間諜活動滲透多國，臺灣軍事單位、半導體產業、研究機構遭到鎖定 https://www.ithome.com.tw/news/171373 中國駭客UNC5221傳出對美國科技及法律領域企業組織下手，利用Brickstorm挖掘開發零時差漏洞資料 https://www.ithome.com.tw/news/171372 美國聯邦機構遭GeoServer漏洞攻擊，駭客試圖上傳中國菜刀及各式作案工具 https://www.securityweek.com/geoserver-flaw-exploited-in-us-federal-agency-hack/ 針對遭遇Scattered Spider攻擊的事故，英國消費者合作社Co-op認列逾1億美元營業損失 https://www.bleepingcomputer.com/news/security/co-op-says-it-lost-107-million-after-scattered-spider-attack/ Chinese Hackers RedNovember Target Global Governments Using Pantegana and Cobalt Strike https://thehackernews.com/2025/09/chinese-hackers-rednovember-target.html SystemBC Powers REM Proxy With 1,500 Daily VPS Victims Across 80 C2 Servers https://thehackernews.com/2025/09/systembc-powers-rem-proxy-with-1500.html DPRK Hackers Use ClickFix to Deliver BeaverTail Malware in Crypto Job Scams https://thehackernews.com/2025/09/dprk-hackers-use-clickfix-to-deliver.html Tech Overtakes Gaming as Top DDoS Attack Target, New Gcore Radar Report Finds https://thehackernews.com/2025/09/tech-overtakes-gaming-as-top-ddos.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 網釣套件租用服務Lucid、Lighthouse橫行，範圍橫跨74國、攻擊316品牌 https://www.ithome.com.tw/news/171363 Jeep、Fiat母公司汽車集團Stellantis疑資料外洩，1,800萬筆北美客戶個資恐被竊 https://www.ithome.com.tw/news/171342 網釣工具租用服務RaccoonO365被查獲，微軟與Cloudflare聯手拿下338個網域名稱 https://thehackernews.com/2025/09/raccoono365-phishing-network-shut-down.html PyPI參與供應鏈攻擊GhostAction事件回應，註銷遭濫用的憑證 https://www.ithome.com.tw/news/171312 Notion大改版3.0新增AI代理，恐遭間接提示注入攻擊並洩露機敏資料 https://www.ithome.com.tw/news/171334 精品業者Tiffany證實被駭，外洩2600名客戶資料 https://www.ithome.com.tw/news/171339 Volvo北美分公司資料外洩，起因是第三方供應商遭勒索軟體攻擊 https://securityaffairs.com/182577/data-breach/volvo-north-america-disclosed-a-data-breach-following-a-ransomware-attack-on-it-provider-miljodata.html ShadowLeak Zero-Click Flaw Leaks Gmail Data via OpenAI ChatGPT Deep Research Agent https://thehackernews.com/2025/09/shadowleak-zero-click-flaw-leaks-gmail.html ShadowLeak零點擊攻擊影響ChatGPT深入研究功能，恐外洩Gmail資料 https://www.ithome.com.tw/news/171326 17,500 Phishing Domains Target 316 Brands Across 74 Countries in Global PhaaS Surge https://thehackernews.com/2025/09/17500-phishing-domains-target-316.html Threatsday Bulletin: Rootkit Patch, Federal Breach, OnePlus SMS Leak, TikTok Scandal & More https://thehackernews.com/2025/09/threatsday-bulletin-rootkit-patch.html E.研究報告/工具 GitHub導入後量子密碼學SSH防護 為量子威脅做好準備 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12239 研究人員揭露凍結EDR運作新手法，濫用Windows錯誤報告系統就能達到目的 https://www.ithome.com.tw/news/171397 當機器人擁有自主思考能力──解析具身AI的資安臨界點 https://www.ithome.com.tw/news/171292 How to Gain Control of AI Agents and Non-Human Identities https://thehackernews.com/2025/09/how-to-gain-control-of-ai-agents-and.html The State of DDoS Defenses: Unpacking a New Survey of 300 CISOs & Security Directors https://thehackernews.com/expert-insights/2025/09/the-state-of-ddos-defenses-unpacking.html Lean Teams, Higher Stakes: Why CISOs Must Rethink Incident Remediation https://thehackernews.com/2025/09/lean-teams-higher-stakes-why-cisos-must.html How One Bad Password Ended a 158-Year-Old Business https://thehackernews.com/2025/09/how-one-bad-password-ended-158-year-old.html Crash Tests for Security: Why BAS Is Proof of Defense, Not Assumptions https://thehackernews.com/2025/09/crash-tests-for-security-why-bas-is.html New macOS XCSSET Variant Targets Firefox with Clipper and Persistence Module https://thehackernews.com/2025/09/new-macos-xcsset-variant-targets.html F.商業 JFrog推出AppTrust自動化治理方案，確保應用程式可信交付 https://www.ithome.com.tw/news/171160 微軟、Palo Alto Networks、SentinelOne宣布退出MITRE資安評測 https://www.infosecurity-magazine.com/news/cyber-vendors-pull-out-mitre/ GitHub Mandates 2FA and Short-Lived Tokens to Strengthen npm Supply Chain Security https://thehackernews.com/2025/09/github-mandates-2fa-and-short-lived.html CTEM's Core: Prioritization and Validation https://thehackernews.com/2025/09/ctems-core-prioritization-and-validation.html G.政府 元件漏洞與憑證問題占比逾8成，關鍵基礎設施安全風險高 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12259 金管會公告VASP名單：9家虛擬資產業者獲准營業，優先考量資安防護 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12260 資安署25年8月資安月報：《資通安全管理法》修正案三讀通過；工控設備遭入侵連線殭屍網路 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12238 強化臺灣產品資安，資安院漏洞獵捕計畫正式推出 https://www.ithome.com.tw/news/171392 資安院推中小企業資安防護指南手冊，預告臺版Cyberseek明年上線 https://www.ithome.com.tw/news/171261 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 西門子SIMATIC PCS neo工控平臺曝高風險漏洞，恐致遠端程式碼執行與當機 https://www.ithome.com.tw/news/171175 改變空戰規則！德國AI無人戰鬥機 2029年加入戰場 https://newtalk.tw/news/view/2025-09-26/995909 俄頻越界北約國家 無人機防禦成歐洲新戰略焦點 https://news.pts.org.tw/article/772378 受不了無人機像蒼蠅 美將成立專責擊落的快速反應部隊 https://def.ltn.com.tw/article/breakingnews/5188861 I.教育訓練 資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g EC Council CASE.NET 認證準備 https://coolmandiary.blogspot.com/2025/04/ec-council-casenet.html EC Council CASE.NET(312-95)_筆記_Module1專有名詞及定義 https://coolmandiary.blogspot.com/2021/10/ec-council-casenet312-95module1.html GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 物聯網邊緣運算與資安實戰 2025/10/3 https://www.accupass.com/event/2412260751154280345070 AI賦能工作術：打造高效工作的數位工具實戰 2025/10/9 https://www.accupass.com/event/2509220640331297833950 智慧船舶與科技大潮：AI驅動、資安守護、永續前行 2025/10/9 https://www.accupass.com/event/2509160611022104098623 MaiCoin 小學堂-進階版 2025/10/12 https://www.accupass.com/event/2509261134232146650654 AI AGENT 崛起 資安攻防的應用及治理 2025/10/14 https://www.accupass.com/event/2509251300466102227370 PostgreSQL 資安升級指南：解析 EDB 的 TDE 加密技術 2025/10/15 https://www.accupass.com/event/2508270912454412964680 AI 導入關鍵藍圖：用 Google Workspace 打造企業第二成長引擎 2025/10/16 https://www.accupass.com/event/2509010239149102951450 HITCON 菁英人才培育 Ｘ 攻防論壇 2025/10/17 ~ 2025/10/18 https://hitcon.kktix.cc/events/hitcon-forum-2025 Scrum Bricks Workshop｜積木 Scrum 體驗營 2025/10/18 https://www.accupass.com/event/2508311255041428913730 AI 破浪者論壇︱駕馭未來職場新賽局－新北有課 UKO X Yourator 2025/10/18 https://www.accupass.com/event/2508181019567712755010 資安講座：網站不再被DDOS，就等這一場 2025/10/21 https://www.accupass.com/event/2508290706271662815486 Elastic Security 攻防解析：AI 時代的威脅獵捕新戰法 2025/10/22 https://www.accupass.com/event/2509160743349781667840 趨勢科技一日遊 2025/10/22 https://hackersir.kktix.cc/events/2fc3c79e 從RED-DA到CRA 產品資安合規攻略 2025/10/23 https://www.accupass.com/event/2509090956311767741406 AI智慧化流程與管理應用專業人員班 2025/11/12 https://www.accupass.com/event/2509120400472009022575 DQS 年度論壇：迎接全球化，AI 驅動下的供應鏈韌性 2025/11/14 https://www.accupass.com/event/2509250347388679111730