資安事件新聞週報 2025/9/8 ~ 2025/9/12

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2025/9/8 ~ 2025/9/12 1.重大弱點漏洞/後門/Exploit/Zero Day 美國CISA強化軟體採購安全：發布新工具與更新SBOM指引 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12193 微軟修補近乎滿分的權限提升、遠端程式碼執行漏洞 https://www.ithome.com.tw/news/171128 微軟9月例行更新來了！當中修補兩個已公開的零時差漏洞 https://www.ithome.com.tw/news/171095 Microsoft Fixes 80 Flaws — Including SMB PrivEsc and Azure CVSS 10.0 Bugs https://thehackernews.com/2025/09/microsoft-fixes-80-flaws-including-smb.html CISA Orders Immediate Patch of Critical Sitecore Vulnerability Under Active Exploitation https://thehackernews.com/2025/09/cisa-orders-immediate-patch-of-critical.html SAP修補NetWeaver、NetWeaver AS Java重大層級漏洞 https://www.ithome.com.tw/news/171090 上個月SAP修補的S/4HANA程式碼注入漏洞傳出已被用於實際攻擊 https://www.ithome.com.tw/news/171053 SAP S/4HANA重大漏洞CVE-2025-42957已遭攻擊！用戶應立即更新 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12205 SAP S/4HANA Critical Vulnerability CVE-2025-42957 Exploited in the Wild https://thehackernews.com/2025/09/sap-s4hana-critical-vulnerability-cve.html Adobe修補應用程式開發平臺、電子商務管理平臺重大層級資安漏洞 https://www.ithome.com.tw/news/171108 Adobe Commerce Flaw CVE-2025-54236 Lets Hackers Take Over Customer Accounts https://thehackernews.com/2025/09/adobe-commerce-flaw-cve-2025-54236-lets.html Argo CD存在滿分漏洞，API恐洩露儲存庫帳密 https://www.bleepingcomputer.com/news/security/max-severity-argo-cd-api-flaw-leaks-repository-credentials/ Sitecore零時差漏洞遭到利用，攻擊者用於植入後門 https://s4.itho.me/sites/default/files/images/viewstate-sitecore-fig1_max-900x900.png 2.銀行/金融/保險/證券/金融監理新聞及資安台積電變「中國台灣」的！？元大金控有匪諜？王定宇怒踢爆⋯⋯金管會斥「不容許這樣的事情再發生」 https://reurl.cc/DOEbZd 這家壽險公司內控和個資管理欠妥遭金管會開罰370萬元 https://money.udn.com/money/story/5613/9001801 金管會嚴重情境壓力測試結果出爐！「3家銀行、5家壽險」不合格 https://inews.setn.com/news/1719370 1銀行新制今天上路了！忘記2規定「直接關帳戶、結清歸零」， ATM提款上限也有大改變 https://www.storm.mg/lifestyle/11061513 兩男駭盜高鐵及銀行會員點數獲利70餘萬北檢起訴求刑4年、3年 https://reurl.cc/LnqQpa 3.信用卡/電子支付/行動支付/pay/支付系統/資安螞蟻夥亞洲電子錢包商建跨境支付保障機制　未授權交易可全額退款 https://www.dotdotnews.com/a/202509/11/AP68c2bf33e4b08d2905360ca5.html 雙北公車也能掃碼上車　6大行動支付年底上線 https://www.cardu.com.tw/news/detail.php?58616 首宗悠遊卡變提款卡！17歲主謀破解晶片　爽拿69萬分女友 https://www.ettoday.net/news/20250910/3031087.htm 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安加州餐館接受加密幣支付了手續費更便宜受年輕人歡迎 https://www.worldjournal.com/wj/story/121360/8995370 假招聘廣告暗藏加密駭客！惡意軟體ModStealer專竊用戶資料，瞄準加密貨幣錢包 https://www.blocktempo.com/new-malware-modstealer-threatens-global-cryptocurrency-users/ 陸媒指北京對穩定幣方向有變但報導遭下架 https://money.udn.com/money/story/5603/9000524 香港提議銀行加密貨幣分類和資本規則 https://m.cnyes.com/news/id/6152702 Coinbase：已解決部分用戶無法進行加密貨幣轉帳問題 https://m.cnyes.com/news/id/6151147 比特幣信仰領袖Charlie Kirk中彈身亡，加密社群上鏈哀悼：自由已死 https://www.blocktempo.com/charlie-kirk-utah-shooting-bitcoin-reaction/ 全國首例！聯邦銀行攜手 MaiCoin 正式開辦「虛擬資產保管試辦業務」 https://today.line.me/tw/v3/article/mWVaJ8w 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 肯亞電影製作人傳出警方透過間諜軟體FlexiSPY暗中追蹤 https://gbhackers.com/flexispy-spyware/ AI程式碼編輯器Cursor存在RCE弱點，裝置恐自動執行惡意程式碼 https://www.ithome.com.tw/news/171133 RAT木馬ZynorRAT、後門程式ChillyHell鎖定Windows、Linux、macOS電腦而來 https://thehackernews.com/2025/09/chillyhell-macos-backdoor-and-zynorrat.html 後門程式Buterat在企業組織及政府網路環境流竄 https://hackread.com/buterat-backdoor-malware-enterprise-govt-networks/ 假PDF編輯器藏惡意軟體TamperedChef，靠Google廣告擴散竊憑證 https://www.ithome.com.tw/news/171056 惡意程式MostereRAT透過AnyDesk、TightVNC完全存取受害電腦 https://hackread.com/mostererat-windows-anydesk-tightvnc-access/ 惡意軟體GPUGate鎖定IT業者而來，透過廣告及GitHub散布 https://thehackernews.com/2025/09/gpugate-malware-uses-google-ads-and.html 勒索軟體Killsec攻擊巴西醫療保健機構 https://securityaffairs.com/182063/cyber-crime/killsec-ransomware-is-attacking-healthcare-institutions-in-brazil.html 巴拿馬經濟暨財政部遭INC Ransom勒索軟體攻擊駭客聲稱竊走1.5TB資料 https://www.ithome.com.tw/news/171152 巴拿馬財政部傳出遭遇勒索軟體Inc 攻擊 https://www.bleepingcomputer.com/news/security/panama-ministry-of-economy-discloses-breach-claimed-by-inc-ransomware/ New HybridPetya Ransomware Bypasses UEFI Secure Boot With CVE-2024-7344 Exploit https://thehackernews.com/2025/09/new-hybridpetya-ransomware-bypasses.html CHILLYHELL macOS Backdoor and ZynorRAT RAT Threaten macOS, Windows, and Linux Systems https://thehackernews.com/2025/09/chillyhell-macos-backdoor-and-zynorrat.html Chinese APT Deploys EggStreme Fileless Malware to Breach Philippine Military Systems https://thehackernews.com/2025/09/chinese-apt-deploys-eggstreme-fileless.html 惡意軟體AsyncRAT透過ScreenConnect竊取帳密資料及挖礦 https://thehackernews.com/2025/09/asyncrat-exploits-connectwise.html AsyncRAT Exploits ConnectWise ScreenConnect to Steal Credentials and Crypto https://thehackernews.com/2025/09/asyncrat-exploits-connectwise.html 總下載量每週達26億次的多款熱門NPM套件被植入惡意軟體，起因是開發者帳號遭奪取 https://www.ithome.com.tw/news/171137 20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack https://thehackernews.com/2025/09/20-popular-npm-packages-with-2-billion.html Malicious npm Packages Impersonate Flashbots, Steal Ethereum Wallet Keys https://thehackernews.com/2025/09/malicious-npm-packages-impersonate.html TAG-150 Develops CastleRAT in Python and C, Expanding CastleLoader Malware Operations https://thehackernews.com/2025/09/tag-150-develops-castlerat-in-python.html 惡意軟體分析平臺VirusTotal加入分析SVG圖檔功能，發現假冒哥倫比亞司法單位的網釣攻擊 https://thehackernews.com/2025/09/virustotal-finds-44-undetected-svg.html VirusTotal Finds 44 Undetected SVG Files Used to Deploy Base64-Encoded Phishing Pages https://thehackernews.com/2025/09/virustotal-finds-44-undetected-svg.html Russian APT28 Deploys "NotDoor" Outlook Backdoor Against Companies in NATO Countries https://thehackernews.com/2025/09/russian-apt28-deploys-notdoor-outlook.html 勒索軟體Akira利用SonicWall已知重大SSL VPN漏洞入侵受害組織的態勢加劇 https://www.ithome.com.tw/news/171147 SonicWall SSL VPN Flaw and Misconfigurations Actively Exploited by Akira Ransomware Hackers https://thehackernews.com/2025/09/sonicwall-ssl-vpn-flaw-and.html Senator Wyden Urges FTC to Probe Microsoft for Ransomware-Linked Cybersecurity Negligence https://thehackernews.com/2025/09/senator-wyden-urges-ftc-to-probe.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 iPhone 17系列搭載全新MIE，預設啟用更強健的記憶體安全防護 https://www.ithome.com.tw/news/171131 蘋果iPhone 17系列出爐，僅有eSIM的iPhone Air登場 https://www.ithome.com.tw/news/171088 Signal安卓版安全備份功能進入測試階段，支援加密與付費擴充 https://www.ithome.com.tw/news/171067 Google Pixel 10 Adds C2PA Support to Verify AI-Generated Media Authenticity https://thehackernews.com/2025/09/google-pixel-10-adds-c2pa-support-to.html Apple iPhone Air and iPhone 17 Feature A19 Chips With Spyware-Resistant Memory Safety https://thehackernews.com/2025/09/apple-iphone-air-and-iphone-17-feature.html RatOn Android Malware Detected With NFC Relay and ATS Banking Fraud Capabilities https://thehackernews.com/2025/09/raton-android-malware-detected-with-nfc.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力特殊印刷業者政伸、電子商務業者夠麻吉發資安重訊，指出資訊系統遭遇網路攻擊 https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=115453&SPOKE_DATE=20250908&COMPANY_ID=8481 https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=162938&SPOKE_DATE=20250908&COMPANY_ID=8472 Salesloft Drift供應鏈攻擊事故引爆點找到了！駭客入侵GitHub儲存庫而得逞 https://www.ithome.com.tw/news/171051 針對曝露的Docker API攻擊行動升級，駭客透過Tor網路犯案，疑綁架用於殭屍網路 https://www.bleepingcomputer.com/news/security/hackers-hide-behind-tor-in-exposed-docker-api-breaches/ 研究人員警告以思科ASA裝置為對象的掃描活動激增 https://www.ithome.com.tw/news/171064 Scattered Lapsus$ Hunters要脅Google開除特定資安專家，並停止調查，換取遭竊資料不被外流 https://hackread.com/scattered-lapsus-hunters-google-fire-experts-data-leak/ 俄羅斯駭客Noisy Bear鎖定哈蕯克能源產業而來 https://thehackernews.com/2025/09/noisy-bear-targets-kazakhstan-energy.html 新型態VMScape攻擊可對AMD、Intel處理器下手 https://www.bleepingcomputer.com/news/security/new-vmscape-attack-breaks-guest-host-isolation-on-amd-intel-cpus/ 國家級駭客成漏洞主要攻擊者，ClickFix手法升溫 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12203 阿爾巴尼亞任命AI機器人擔任部長以杜絕貪污 https://www.ithome.com.tw/news/171154 美國FTC出手要求Google、OpenAI、Meta等業者提供AI機器人如何影響兒童與青少年的資訊 https://www.ithome.com.tw/news/171162 中國駭客Salt Typhoon疑與鎖定Barracuda漏洞的駭客共用基礎設施 https://thehackernews.com/2025/09/45-previously-unreported-domains-expose.html%20https://www.silentpush.com/blog/salt-typhoon-2025/ Kubernetes的DNS被濫用，駭客以此從ArgoCD截取Git帳密 https://gbhackers.com/attackers-abuse-kubernetes-dns/ TOR-Based Cryptojacking Attack Expands Through Misconfigured Docker APIs https://thehackernews.com/2025/09/tor-based-cryptojacking-attack-expands.html China-Linked APT41 Hackers Target U.S. Trade Officials Amid 2025 Negotiations https://thehackernews.com/2025/09/china-linked-apt41-hackers-target-us.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全中美貿易談判前夕傳出APT41試圖探聽敵情，假冒美國議員從事網釣攻擊 https://www.ithome.com.tw/news/171132 駭客濫用公用程式Axios與網釣工具包Salty 2FA，意圖挾持M365帳號 https://thehackernews.com/2025/09/axios-abuse-and-salty-2fa-kits-fuel.html 上櫃公司奈米醫材子公司遭遇商業郵件詐騙，預估損失高達140萬美元 https://www.ithome.com.tw/news/171075 供應鏈攻擊GhostAction鎖定GitHub而來，竊取逾3千個帳密及金鑰 https://www.ithome.com.tw/news/171071 Nx供應鏈攻擊影響範圍擴大，逾2千個GitHub帳號受波及 https://www.bleepingcomputer.com/news/security/ai-powered-malware-hit-2-180-github-accounts-in-s1ngularity-attack/ Nx供應鏈攻擊影響範圍擴大，6,700多個GitHub私人儲存庫被公開 https://www.ithome.com.tw/news/171070 逾18個熱門NPM套件因網釣攻擊而被駭客接管 https://www.ithome.com.tw/news/171063 熱門NPM套件開發者遭網釣，每週下載26億次的套件面臨供應鏈攻擊 https://www.bleepingcomputer.com/news/security/hackers-hijack-npm-packages-with-2-billion-weekly-downloads-in-supply-chain-attack/ 針對近期的資安事故，英國車廠Jaguar Land Rover證實部分資料外洩 https://www.bleepingcomputer.com/news/security/jaguar-land-rover-jlr-confirms-data-theft-after-recent-cyberattack/ iCloud行事曆服務遭到濫用，攻擊者以此透過蘋果伺服器寄送釣魚郵件 https://www.bleepingcomputer.com/news/security/icloud-calendar-abused-to-send-phishing-emails-from-apples-servers/ Fake Madgicx Plus and SocialMetrics Extensions Are Hijacking Meta Business Accounts https://thehackernews.com/2025/09/fake-madgicx-plus-and-socialmetrics.html Noisy Bear Campaign Targeting Kazakhstan Energy Sector Outed as a Planned Phishing Test https://thehackernews.com/2025/09/noisy-bear-targets-kazakhstan-energy.html From MostereRAT to ClickFix: New Malware Campaigns Highlight Rising AI and Phishing Risks https://thehackernews.com/2025/09/from-mostererat-to-clickfix-new-malware.html Watch Out for Salty2FA: New Phishing Kit Targeting US and EU Enterprises https://thehackernews.com/2025/09/watch-out-for-salty2fa-new-phishing-kit.html E.研究報告/工具量子時代將至，企業如何透過 PQC 完成加密轉型 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12200 Fastly發現網站AI流量多來自爬蟲，即時擷取卻成最大壓力源 https://www.ithome.com.tw/news/170730 OpenAI發現評測機制獎勵猜測，促使大型語言模型出現幻覺 https://www.ithome.com.tw/news/171052 Zero Trust + AI: Protecting What Firewalls Can't https://thehackernews.com/videos/2025/09/zero-trust-ai-protecting-what-firewalls.html You Didn't Get Phished — You Onboarded the Attacker https://thehackernews.com/2025/09/you-didnt-get-phished-you-onboarded.html How to Get the Most Out of Your DDoS Testing https://thehackernews.com/expert-insights/2025/09/how-to-get-most-out-of-your-ddos-testing.html Beyond Buzzwords: The Hidden Dangers of Ephemeral Accounts in Cybersecurity https://thehackernews.com/expert-insights/2025/09/beyond-buzzwords-hidden-dangers-of.html How Leading CISOs are Getting Budget Approval https://thehackernews.com/2025/09/how-leading-cisos-are-getting-budget.html How to Build an Identity Firewall With the Risk Signals You Already Collect https://thehackernews.com/expert-insights/2025/09/how-to-build-identity-firewall-with.html The Time-Saving Guide for Service Providers: Automating vCISO and Compliance Services https://thehackernews.com/2025/09/the-time-saving-guide-for-service.html Cracking the Boardroom Code: Helping CISOs Speak the Language of Business https://thehackernews.com/2025/09/cracking-boardroom-code-helping-cisos.html Cloud-Native Security in 2025: Why Runtime Visibility Must Take Center Stage https://thehackernews.com/2025/09/cloud-native-security-in-2025-why.html Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories https://thehackernews.com/2025/09/cursor-ai-code-editor-flaw-enables.html F.商業微軟將於十月強制實施 Azure CLI的多因子驗證 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12198 微軟免除開發人員在Microsoft Store發布App的費用 https://www.ithome.com.tw/news/171151 傳微軟Office 365引進Anthropic AI技術減少對OpenAI的依賴 https://www.ithome.com.tw/news/171119 Visual Studio 2026 Insiders開放下載，AI深度融入開發流程 https://www.ithome.com.tw/news/171121 AGP 8.12引入最佳化資源縮減，更精確移除未使用資源與程式碼 https://www.ithome.com.tw/news/171116 影片共享平臺Vimeo以14億美元賣給了歐洲應用巨擘Bending Spoons https://www.ithome.com.tw/news/171122 外傳OpenAI與甲骨文簽署高達3,000億美元的AI運算合約 https://www.ithome.com.tw/news/171123 瞄準行動裝置端低延遲、省電AI應用，Arm推出全新的Lumex CSS運算平臺 https://www.ithome.com.tw/news/171111 Go 1.25實驗性JSON API上線，強化資料正確性檢查與串流效能 https://www.ithome.com.tw/news/171109 F5推ADSP平台應對AI時代的「火球」效應 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12201 TRM Labs推出可即時偵測非法加密貨幣活動的Beacon Network https://www.ithome.com.tw/news/170745 中華資安正式掛牌上市，成首家上市資安服務業者 https://www.chtsecurity.com/news/e1e4bf10-f351-43e8-b61a-89f969c9dfad 三菱電機9億美元買下資安廠商Nozomi Networks https://www.ithome.com.tw/news/171087 Automation Is Redefining Pentest Delivery https://thehackernews.com/2025/09/automation-is-redefining-pentest.html G.政府數發部長林宜敬以五大政策工具發展AI產業，共築數位韌性社會 https://www.ithome.com.tw/news/171055 數發部長林宜敬︰打詐、資安與數位憑證三路並進 https://ec.ltn.com.tw/article/breakingnews/5175760 數發部數產署串聯國產資安能量守護臺灣半導體供應鏈安全 https://moda.gov.tw/ADI/news/latest-news/17376 綠委轟5G「做半套」 NCC：督促3大業者「降價」 https://reurl.cc/GNOGZy 資安院推資安週報林盈達：看得到才能治得到 https://www.epochtimes.com/b5/25/9/12/n14592576.htm 資安院發布「資安週報」數據驅動台灣資安治理新模式 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12219 資安院推資安周報！透過受眾、內容定位區隔讓社會各方掌握資安趨勢 https://udn.com/news/story/7240/8999208 WinRAR遭駭客攻擊資安院籲立即更新 https://www.ydn.com.tw/news/newsInsidePage?chapterID=1794687 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安 TP-Link路由器爆新零日漏洞，美國CISA警告其他漏洞已遭攻擊利用 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12206 TP-Link路由器曝CWMP漏洞，影響Archer AX10與AX1500機型 https://www.ithome.com.tw/news/171081 美國警告兩項TP-Link路由器的已知漏洞遭到利用 https://www.ithome.com.tw/news/171026 物聯網裝置、MikroTik路由器遭綁架，發動1.5 Bpps大規模DDoS攻擊 https://www.bleepingcomputer.com/news/security/ddos-defender-targeted-in-15-bpps-denial-of-service-attack/ 西門子SIMATIC PCS neo工控平臺曝高風險漏洞，恐致遠端程式碼執行與當機 https://www.ithome.com.tw/news/171175 西門子修補SIVaaS的使用者管理元件重大漏洞 https://securityonline.info/cve-2025-40795-cvss-9-8-critical-flaw-in-siemens-sivaas-exposes-network-share-without-authentication/ Rockwell修補工控交換器重大漏洞 https://securityonline.info/cve-2025-7350-critical-rce-flaw-in-rockwell-stratix-switches-scores-cvss-9-6/ 從IP攝影機到雲端AI，捷克資安主管機關把對中資料傳輸與遠端維運列高風險威脅 https://www.ithome.com.tw/news/171047 I.教育訓練資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g EC Council CASE.NET 認證準備 https://coolmandiary.blogspot.com/2025/04/ec-council-casenet.html EC Council CASE.NET(312-95)_筆記_Module1專有名詞及定義 https://coolmandiary.blogspot.com/2021/10/ec-council-casenet312-95module1.html GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 MaiCoin 小學堂-進階版 2025/9/14 https://www.accupass.com/event/2506290659076526787040 ISA/IEC 62443 x CRA x 全球標準接軌：實務導入與跨域經驗啟示 2025/9/17 https://isatw.kktix.cc/events/isa-2025q3-isataiwan-meeting Taipei dbt Meetup #40 Design x Data 2025/9/17 https://www.meetup.com/taipei-dbt-meetup/events/310727110/ AI時代下，認識ISO/IEC 42001對企業人工智慧倫理的重要性 2025/9/18 https://www.accupass.com/event/2508150556471424431833 【資安課程諮詢】物聯網資訊安全實務 2025/9/19 https://www.accupass.com/event/2506270910121558046175 AI 時代下的系統分析與設計的 7 堂課（第二堂） 2025/9/19 https://mystudyway.kktix.cc/events/analysis-for-ai-2 2025年9月-iPAS 資訊安全工程師(初級)能力培訓班 2025/9/20 https://www.accupass.com/event/2505080338266282560860 ISO 27001:2022 資訊安全管理系統主導稽核員訓練課程 2025/9/22 https://www.accupass.com/event/2505190352351691427965 WordPress 彩虹小聚｜遠端工作經驗談 2025/9/23 https://www.meetup.com/taipei-wordpress/events/310762339/ MaiCoin 反詐騙講座 2025/9/24 https://www.accupass.com/event/2506290709471003672601 ONLINE 🌟 Intro to SQL for beginners 2025/9/24 https://www.meetup.com/le-wagon-tokyo-coding-station/events/310691490/ [On-Line] AWS Global Community Gatherings #11 2025/9/26 https://www.meetup.com/awsglobalcommunitygatherings/events/308856858/