資安事件新聞週報 2025/7/21 ~ 2025/7/25

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2025/7/21 ~ 2025/7/25 1.重大弱點漏洞/後門/Exploit/Zero Day Cisco Confirms Active Exploits Targeting ISE Flaws Enabling Unauthenticated Root Access https://thehackernews.com/2025/07/cisco-confirms-active-exploits.html 思科網路存取控制平臺ISE三項滿分漏洞已遭濫用 https://www.ithome.com.tw/news/170218 SonicWall SMA 100系列設備存在任意檔案上傳漏洞 https://www.bleepingcomputer.com/news/security/sonicwall-warns-of-critical-rce-flaw-in-sma-100-VPN-appliances/ Sophos修補防火牆軟體RCE、指令注入漏洞 https://www.ithome.com.tw/news/170236 生命週期終結的SonicWall資安設備遭鎖定，駭客植入惡意軟體Overstep竊取資料 https://www.ithome.com.tw/news/170128 Sophos and SonicWall Patch Critical RCE Flaws Affecting Firewalls and SMA 100 Devices https://thehackernews.com/2025/07/sophos-and-sonicwall-patch-critical-rce.html Ivanti SSL VPN系統零時差漏洞遭到利用，駭客用來散布MDifyLoader、Cobalt Strike https://www.ithome.com.tw/news/170149 Fire Ant Exploits VMware Flaws to Compromise ESXi Hosts and vCenter Environments https://thehackernews.com/2025/07/fire-ant-exploits-vmware-flaw-to.html 微軟緊急修補 SharePoint 零時差漏洞　全球政府機關遭大規模攻擊 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12053 SharePoint零時差漏洞攻擊事故傳出是多組中國駭客所為 https://www.ithome.com.tw/news/170221 SharePoint重大漏洞遭駭客濫用，近萬家企業組織曝險 https://www.ithome.com.tw/news/170186 中國駭客Storm-2603從事SharePoint零時差漏洞攻擊，意圖散布勒索軟體Warlock https://www.ithome.com.tw/news/170266 中國駭客APT41鎖定非洲政府IT基礎設施而來，入侵SharePoint伺服器充當C2 https://www.ithome.com.tw/news/170241 美國核武機構NNSA傳出遭遇SharePoint漏洞攻擊 https://www.ithome.com.tw/news/170248 Hackers Exploit SharePoint Zero-Day Since July 7 to Steal Keys, Maintain Persistent Access https://thehackernews.com/2025/07/hackers-exploit-sharepoint-zero-day.html Microsoft Releases Urgent Patch for SharePoint RCE Flaw Exploited in Ongoing Cyber Attacks https://thehackernews.com/2025/07/microsoft-releases-urgent-patch-for.html Microsoft Links Ongoing SharePoint Exploits to Three Chinese Hacker Groups https://thehackernews.com/2025/07/microsoft-links-ongoing-sharepoint.html Storm-2603 Exploits SharePoint Flaws to Deploy Warlock Ransomware on Unpatched Systems https://thehackernews.com/2025/07/storm-2603-exploits-sharepoint-flaws-to.html CISA Orders Urgent Patching After Chinese Hackers Exploit SharePoint Flaws in Live Attacks https://thehackernews.com/2025/07/cisa-orders-urgent-patching-after.html HPE修補Aruba無線路由器的密碼寫死漏洞 https://www.ithome.com.tw/news/170193 Hard-Coded Credentials Found in HPE Instant On Devices Allow Admin Access https://thehackernews.com/2025/07/hard-coded-credentials-found-in-hpe.html CrushFTP零時差漏洞已被用於攻擊行動，駭客藉此入侵伺服器 https://gbhackers.com/crushftp-0-day-vulnerability/ 為吸引用戶升級，微軟開放部分Exchange Server 2016、2019客戶購買延伸更新 https://www.ithome.com.tw/news/170150 Apache HTTP Server高風險漏洞遭濫用，主機淪為駭客挖礦工具 https://www.ithome.com.tw/news/170143 Nvidia Container Toolkit存在重大漏洞，攻擊者恐用於在AI雲端服務提升權限 https://www.ithome.com.tw/news/170172 2.銀行/金融/保險/證券/金融監理新聞及資安首度發現UI Automation遭濫用！Coyote惡意軟體瞄準民眾金融帳密下手 https://www.ithome.com.tw/news/170237 台新新光金控正式成立！未來要靠自建LLM「台新新光腦」提供客戶、員工更多AI服務 https://www.ithome.com.tw/news/170252 BBVA如何成為全球最創新的銀行 https://www.ithome.com.tw/voice/170142 AI 資安成金融轉型關鍵！勤業眾信：風險不控會反噬營運 https://money.udn.com/money/story/5613/8896380 七年分階段打下創新基礎，一銀要靠GAI蛻變科技金融 https://www.ithome.com.tw/people/170254 金融安全防線：勤業眾信攜手Thales引領資料保護新格局 https://n.yam.com/Article/20250725777055 國泰世華銀行成全台首家通過ISO/IEC 27017資安認證金融機構 https://finance.ettoday.net/news/2996077 3.信用卡/電子支付/行動支付/pay/支付系統/資安 iPASS MONEY將與LINE Pay分家，誰會是台灣現今最大電子支付龍頭 https://www.thenewslens.com/article/256119 從「我的卡號怎麼在這」聊聊信用卡資安與 PCI DSS https://life.huli.tw/2025/06/23/pcidss-and-credit-card-security/ 東京地下鐵推「感應支付」！明年起全線嗶進站　信用卡、手機都可以 https://www.taisounds.com/news/content/88/203583 第三方支付現信任亂象消費者常見問題、自保原則一次看 https://www.cna.com.tw/news/afe/202507230260.aspx 「台新pay+」跨境支付首波上線韓國　海外消費1.5%手續費免收 https://www.cardu.com.tw/mpay/detail.php?57921 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安川普簽署穩定幣監管法案《GENIUS Act》 https://www.ithome.com.tw/news/170148 美眾院通過三大加密幣法案　穩定幣監管與數位資產規範邁出關鍵一步 https://www.cmmedia.com.tw/home/articles/55728 最新！金管會虛擬通貨服務業者名單「僅剩12間」，台灣比特幣ATM將絕跡 https://www.blocktempo.com/only-12-virtual-asset-service-providers-remain-on-fscs-official-list/ 挑戰跨境支付天花板！「PayPal World」會是「穩定幣殺手」嗎 https://blockcast.it/2025/07/24/is-paypal-world-a-stablecoin-killer/ 佳士得房地產公司設加密貨幣部門，推動無銀行中介的豪宅交易 https://zombit.info/christies-offers-luxury-real-estate-paying-with-crypto/ 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 新型勒索軟體 Mamona 採離線作業模式　挑戰傳統防護體系 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12049 近三成 Mac 惡意軟體為資料竊取程式 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12048 中國駭客Silver Fox經營2,800個惡意網域，用於散布惡意程式 https://gbhackers.com/chinese-threat-actors-operate-2800-malicious-domains/ 日本警方釋出勒索軟體Phobos、8Base解密金鑰 https://www.ithome.com.tw/news/170151 駭客組織EncryptHub假借提供搶先體驗的遊戲，意圖散布惡意軟體 https://www.bleepingcomputer.com/news/security/hacker-sneaks-infostealer-malware-into-early-access-steam-game/ 駭客組織Fire Ant鎖定VMware虛擬化平臺而來，部署後門程式 https://thehackernews.com/2025/07/fire-ant-exploits-vmware-flaw-to.html Arch Linux惡意套件上架儲存庫，散布惡意軟體Chaos RAT https://www.bleepingcomputer.com/news/security/arch-linux-pulls-aur-packages-that-installed-chaos-rat-malware/ 熱門NPM套件遭到挾持，駭客上架新套件散布惡意程式，起因是維護者遭網釣導致Token外流 https://www.ithome.com.tw/news/170262 竊資軟體Lumma Stealer傳出捲土重來 https://www.ithome.com.tw/news/170225 竊資軟體Amadey、Lumma、Redline透過GitHub散布，鎖定烏克蘭而來 https://hackread.com/github-abused-amadey-lumma-redline-infostealers-ukraine/ 後門程式GhostContainer鎖定政府機關、高科技產業，利用已知漏洞攻擊Exchange伺服器 https://www.ithome.com.tw/news/170196 駭客組織EncryptHub鎖定Web3開發者而來，藉由冒牌AI牌散布竊資軟體Fickle Stealer https://thehackernews.com/2025/07/encrypthub-targets-web3-developers.html 協作平臺Zoho的雲端檔案共用機制WorkDrive遭濫用，成惡意軟體PureRAT散布的管道 https://gbhackers.com/cybercriminals-use-zoho-workdrive-folders/ 竊資軟體Amadey、Lumma、Redline透過GitHub散布，鎖定烏克蘭而來 https://hackread.com/github-abused-amadey-lumma-redline-infostealers-ukraine/ EncryptHub Targets Web3 Developers Using Fake AI Platforms to Deploy Fickle Stealer Malware https://thehackernews.com/2025/07/encrypthub-targets-web3-developers.html Hackers Deploy Stealth Backdoor in WordPress Mu-Plugins to Maintain Admin Access https://thehackernews.com/2025/07/hackers-deploy-stealth-backdoor-in.html Soco404 and Koske Malware Target Cloud Services with Cross-Platform Cryptomining Attacks https://thehackernews.com/2025/07/soco404-and-koske-malware-target-cloud.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊傳 Samsung Galaxy S26 Ultra 將帶來充電規格提升 https://m.eprice.com.tw/mobile/talk/4523/5816777/1#google_vignette 伊朗駭客假借提供VPN應用程式，意圖散布安卓惡意軟體DCHSpy https://thehackernews.com/2025/07/iran-linked-dchspy-android-malware.html Iran-Linked DCHSpy Android Malware Masquerades as VPN Apps to Spy on Dissidents https://thehackernews.com/2025/07/iran-linked-dchspy-android-malware.html 中東商業監控業者利用SS7攻擊手法追蹤行動電話位置 https://techcrunch.com/2025/07/18/a-surveillance-vendor-was-caught-exploiting-a-new-ss7-attack-to-track-peoples-phone-locations/ C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 HazyBeacon濫用AWS Lambda隱匿活動，意圖竊取東南亞政府關稅貿易資料 https://www.ithome.com.tw/news/170119 Google起訴25個經營殭屍網路Badbox 2.0的企業組織與個人 https://thehackernews.com/2025/07/google-sues-25-chinese-entities-over.html Dell傳出遭駭客組織World Leaks勒索，該公司坦承實驗室測試平臺遭駭 https://www.ithome.com.tw/news/170190 針對一年前的CrowdStrike EDR大當機事故，美國估計有超過750家醫院營運中斷 https://www.wired.com/story/at-least-750-us-hospitals-faced-disruptions-during-last-years-crowdstrike-outage-study-finds/ CitrixBleed 2已出現大規模攻擊，超過100家企業組織遭駭 https://www.ithome.com.tw/news/170210 歐洲刑警與12國執法機關聯手，摧毀俄羅斯DDoS駭客NoName057(16)基礎設施 https://www.ithome.com.tw/news/170163 駭客組織UNG0002鎖定中國、香港、巴基斯坦，利用LNK檔案從事攻擊 https://thehackernews.com/2025/07/ung0002-group-hits-china-hong-kong.html 中國駭客Salt Typhoon鎖定美國軍隊下手 https://www.securityweek.com/chinas-salt-typhoon-hacked-us-national-guard/ 英國計畫禁止公部門、關鍵基礎設施業者付錢給勒索軟體歹徒 https://www.ithome.com.tw/news/170224 新加坡關鍵基礎設施遭中國駭客UNC3886鎖定，或透過路由器與資安設備滲透 https://www.ithome.com.tw/news/170195 中國駭客聲稱提供達賴喇嘛應用程式，對圖博從事間諜活動 https://thehackernews.com/2025/07/china-based-apts-deploy-fake-dalai-lama.html 中國駭客集團大舉攻擊台灣半導體產業　四個未知APT組織展開多重攻勢 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12046 China-Linked Hackers Launch Targeted Espionage Campaign on African IT Infrastructure https://thehackernews.com/2025/07/china-linked-hackers-launch-targeted.html China-Based APTs Deploy Fake Dalai Lama Apps to Spy on Tibetan Community https://thehackernews.com/2025/07/china-based-apts-deploy-fake-dalai-lama.html 大規模挖礦活動濫用3,500個網站滲透用戶裝置，並透過WebSocket隱匿流量 https://www.ithome.com.tw/news/170200 3,500 Websites Hijacked to Secretly Mine Crypto Using Stealth JavaScript and WebSocket Tactics https://thehackernews.com/2025/07/3500-websites-hijacked-to-secretly-mine.html CISA Warns: SysAid Flaws Under Active Attack Enable Remote File Access and SSRF https://thehackernews.com/2025/07/cisa-warns-sysaid-flaws-under-active.html Europol Arrests XSS Forum Admin in Kyiv After 12-Year Run Operating Cybercrime Marketplace https://thehackernews.com/2025/07/europol-arrests-xss-forum-admin-in-kyiv.html Docker、電商平臺Magento遭到鎖定，駭客運用多種隱密的手法挖礦、架設代理伺服器 https://www.ithome.com.tw/news/170240 Threat Actor Mimo Targets Magento and Docker to Deploy Crypto Miners and Proxyware https://thehackernews.com/2025/07/threat-actor-mimo-targets-magento-and.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全時尚美妝品牌Dior向客戶通知年初資料外洩事件 https://www.ithome.com.tw/news/170260 【Deepfake偽冒實例】美國白宮幕僚長遭語音偽冒，意圖以此欺騙其他官員進行索資 https://www.ithome.com.tw/news/169994 【Deepfake偽冒實例】義大利石油富商遭「AI深偽」電話詐騙百萬歐元，國防部長成偽冒對象 https://www.ithome.com.tw/news/169993 【Deepfake偽冒實例】新加坡警方揭露跨國公司財務主管遭AI深偽詐騙，Deepfake視訊會議詐騙案增加 https://www.ithome.com.tw/news/169982 NPM套件遭到挾持，駭客上架新套件散布惡意程式，起因是維護者遭網釣 https://www.bleepingcomputer.com/news/security/popular-npm-linter-packages-hijacked-via-phishing-to-drop-malware/ 網釣攻擊以備份軟體Veeam為誘餌，透過武器化的WAV音檔散布惡意程式 https://gbhackers.com/new-veeam-themed-phishing-attack/ 網釣手法PoisonSeed可突破FIDO金鑰防護 https://www.darkreading.com/remote-workforce/poisonseed-attacker-fido-keys PoisonSeed Hackers Bypass FIDO Keys Using QR Phishing and Cross-Device Sign-In Abuse https://thehackernews.com/2025/07/poisonseed-hackers-bypass-fido-keys.html Critical Mitel Flaw Lets Hackers Bypass Login, Gain Full Access to MiVoice MX-ONE Systems https://thehackernews.com/2025/07/critical-mitel-flaw-lets-hackers-bypass.html CastleLoader Malware Infects 469 Devices Using Fake GitHub Repos and ClickFix Phishing https://thehackernews.com/2025/07/castleloader-malware-infects-469.html E.研究報告/工具 AI 戰爭已然降臨，透過自動化流程大規模發起高度針對性攻擊 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12042 約2千臺MCP伺服器缺乏存取控制，恐影響AI模型安全 https://www.darkreading.com/vulnerabilities-threats/2000-mcp-servers-security Overcoming Risks from Chinese GenAI Tool Usage https://thehackernews.com/2025/07/overcoming-risks-from-chinese-genai.html Assessing the Role of AI in Zero Trust https://thehackernews.com/2025/07/assessing-role-of-ai-in-zero-trust.html How to "Go Passwordless" Without Getting Rid of Passwords https://thehackernews.com/expert-insights/2025/07/how-to-go-passwordless-without-getting.html How to Advance from SOC Manager to CISO https://thehackernews.com/2025/07/how-to-advance-from-soc-manager-to-ciso.html Kerberoasting Detections: A New Approach to a Decade-Old Challenge https://thehackernews.com/2025/07/kerberoasting-detections-new-approach.html Pentests once a year? Nope. It's time to build an offensive SOC https://thehackernews.com/2025/07/pentests-once-year-nope-its-time-to.html Everything to Know about Runtime Reachability https://thehackernews.com/expert-insights/2025/07/everything-to-know-about-runtime.html F.商業 Okta 與 Palo Alto Networks 聯手打造 AI 驅動資安防線共同打擊身分識別攻擊 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12045 Google釋出OSS Rebuild確保開源套件安全 https://www.ithome.com.tw/news/170265 Google Launches OSS Rebuild to Expose Malicious Code in Widely Used Open-Source Packages https://thehackernews.com/2025/07/google-launches-oss-rebuild-to-expose.html 強化雲端組態安全，3大公有雲CIS Benchmark是資安專家推薦首選 https://www.ithome.com.tw/news/170220 為保護用戶隱私，Brave加入封鎖Windows 11 Recall功能的行列 https://www.bleepingcomputer.com/news/security/brave-blocks-windows-recall-from-screenshotting-your-browsing-activity/ G.政府資安署25年6月資安月報：入侵威脅重回榜首公務網路電話遭盜用詐騙 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12052 數位憑證皮夾應用擴大數發部攜產業打造可信數位生態 https://udn.com/news/story/7239/8896797 AI公務人才發展辦公室揭牌　數發部打造智慧政府服務 https://www.cna.com.tw/news/afe/202507220286.aspx 跨界共學！思科與資安院打造NPO資安韌性生態系 https://wantrich.chinatimes.com/news/20250725900152-420501 衛福部揭臨床AI取證驗證中心進展，已有8項AI產品驗證中 https://www.ithome.com.tw/news/170253 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安 Mitel整合式通訊系統MX-ONE存在重大漏洞，恐被用於繞過身分驗證 https://www.bleepingcomputer.com/news/security/mitel-warns-of-critical-mivoice-mx-one-authentication-bypass-flaw/ 藍牙框架存在資安漏洞PerfektBlue，影響賓士、VW、Skoda車載系統 https://www.ithome.com.tw/news/170073 I.教育訓練資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g EC Council CASE.NET 認證準備 https://coolmandiary.blogspot.com/2025/04/ec-council-casenet.html EC Council CASE.NET(312-95)_筆記_Module1專有名詞及定義 https://coolmandiary.blogspot.com/2021/10/ec-council-casenet312-95module1.html GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 HITCON 2025 台灣駭客年會 2025/8/15 ~ 2025/8/16 https://hitcon.kktix.cc/events/hitcon-2025 2025年8月-iPAS 資訊安全工程師(初級)能力培訓班-高雄場 2025/8/21 https://www.accupass.com/event/2504240921341381390216 API 安全開發指南：漏洞修復與授權管理實務 2025/9/11-2025/9/12 https://www.accupass.com/event/2501021422337978365160 2025年9月-iPAS 資訊安全工程師(初級)能力培訓班 2025/9/20 https://www.accupass.com/event/2505080338266282560860 ISO 27001:2022 資訊安全管理系統主導稽核員訓練課程 2025/9/22 https://www.accupass.com/event/2505190352351691427965