###### tags: `資安事件新聞週報` # 資安事件新聞週報 2025/8/11 ~ 2025/8/15 1.重大弱點漏洞/後門/Exploit/Zero Day 荷蘭警告Citrix NetScaler重大漏洞已被用於攻擊關鍵基礎設施 https://www.bleepingcomputer.com/news/security/netherlands-citrix-netscaler-flaw-cve-2025-6543-exploited-to-breach-orgs/ Dutch NCSC Confirms Active Exploitation of Citrix NetScaler CVE-2025-6543 in Critical Sectors https://thehackernews.com/2025/08/dutch-ncsc-confirms-active-exploitation.html Cisco Warns of CVSS 10.0 FMC RADIUS Flaw Allowing Remote Code Execution https://thehackernews.com/2025/08/cisco-warns-of-cvss-100-fmc-radius-flaw.html Fortinet揭露SIEM平臺存在重大漏洞，並警告已出現漏洞利用工具 https://www.ithome.com.tw/news/170606 Fortinet SSL VPN設備遭遇大規模暴力破解攻擊，駭客目標疑為同廠牌網路管理平臺 https://www.ithome.com.tw/news/170597 Fortinet SSL VPNs Hit by Global Brute-Force Wave Before Attackers Shift to FortiManager https://thehackernews.com/2025/08/fortinet-ssl-vpns-hit-by-global-brute.html 針對SonicWall防火牆近期遭攻擊事故，原廠定調是已知漏洞未修補所致 https://www.ithome.com.tw/news/170549 CyberArk and HashiCorp Flaws Enable Remote Vault Takeover Without Credentials https://thehackernews.com/2025/08/cyberark-and-hashicorp-flaws-enable.html 微軟發布8月例行更新，修補已被公開的Kerberos零時差漏洞 https://www.ithome.com.tw/news/170588 Microsoft August 2025 Patch Tuesday Fixes Kerberos Zero-Day Among 111 Total New Flaws https://thehackernews.com/2025/08/microsoft-august-2025-patch-tuesday.html Windows 11、Server 2025正式移除Windows 7時代的PowerShell 2.0 https://www.ithome.com.tw/news/170608 New HTTP/2 'MadeYouReset' Vulnerability Enables Large-Scale DoS Attacks https://thehackernews.com/2025/08/new-http2-madeyoureset-vulnerability.html WinRAR緊急修補零時差漏洞，俄羅斯駭客RomCom已用來散布惡意軟體 https://www.ithome.com.tw/news/170567 WinRAR Zero-Day Under Active Exploitation – Update to Latest Version Immediately https://thehackernews.com/2025/08/winrar-zero-day-under-active.html 全錄列印流程自動化軟體FreeFlow存在資安漏洞，恐被用於SSRF、RCE攻擊 https://www.ithome.com.tw/news/170634 Jenkins外掛程式存在重大漏洞，1.5萬臺伺服器恐曝險 https://hackread.com/jenkins-servers-risk-rce-vulnerability-cve-2025-53652/ CISA Adds Two N-able N-central Flaws to Known Exploited Vulnerabilities Catalog https://thehackernews.com/2025/08/cisa-adds-two-n-able-n-central-flaws-to.html Exchange Server權限提升漏洞有2.9萬臺系統曝險 https://www.ithome.com.tw/news/170552 Exchange Server混合部署模式存在重大提權漏洞 https://www.ithome.com.tw/news/170498 美國CISA 緊急示警！微軟 Exchange 極危險漏洞可導致整體網域失守 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12116 為防堵ZIP混淆攻擊，PyPI推新規保護Python套件安全 https://www.ithome.com.tw/news/170489 Nvidia緊急更新Triton推論伺服器，修補可遠端奪取AI控制權漏洞 https://www.ithome.com.tw/news/170619 Claude Code曝高風險漏洞，可被濫用存取檔案與執行未經授權命令 https://www.ithome.com.tw/news/170506 Google Calendar存在漏洞，攻擊者恐遠端挾持Gemini代理程式 https://www.bleepingcomputer.com/news/security/google-calendar-invites-let-researchers-hijack-gemini-to-leak-user-data/ SAP修補S/4HANA、Landscape Transformation重大漏洞 https://www.ithome.com.tw/news/170594 Dell商務筆電特定晶片存在ReVault漏洞，影響逾百款機型恐遭持久控制與資料竊取 https://www.ithome.com.tw/news/170492 2.銀行/金融/保險/證券/金融監理 新聞及資安 IFRS 17將上路　金管會搭配修正金控財報編製準則 https://www.cna.com.tw/news/afe/202508140342.aspx 大陸銀行打劫儲戶 中小銀行倒閉潮 https://www.epochtimes.com/b5/25/8/14/n14573731.htm 第一銀行運用科技強化金融安全防護 前7月阻詐逾2億元 https://howlife.cna.com.tw/financial/20250815s002.aspx 科技防詐「雙箭」齊發！兆豐銀行「短碼簡訊」、「ATM臉部辨識」成功阻詐獲表揚 https://reurl.cc/RkeVpD 中信銀科技創新積極防詐！打造安全金融環境　獲表揚「積極投入防詐之金融機構」 https://finance.ettoday.net/news/3014711 國泰世華銀行前客服涉盜刷信用卡688萬　金管會開罰1200萬 https://www.cna.com.tw/news/afe/202508110287.aspx New Android Malware Wave Hits Banking via NFC Relay Fraud, Call Hijacking, and Root Exploits https://thehackernews.com/2025/08/new-android-malware-wave-hits-banking.html 3.信用卡/電子支付/行動支付/pay/支付系統/資安 紐約州控告數位支付平臺Zelle放任詐欺活動 https://www.ithome.com.tw/news/170607 中國簡訊詐騙集團鎖定全球支付卡，利用數位錢包詐騙 https://www.ithome.com.tw/news/170503 首例！盜行動支付「刷575支iPhone」　詐騙話術曝光 https://www.taisounds.com/news/content/96/207097 軟銀大動作！傳日本行動支付公司PayPay赴美IPO 最快第四季登場 https://news.cnyes.com/news/id/6104758 真相驚人！台灣人還不習慣電子支付嗎？金管會內部數據曝光 https://reurl.cc/gY6AVz 電子支付恐比照銀行申報！勤業眾信提醒業者這樣準備 https://money.udn.com/money/story/6710/8933599 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 比特幣熱潮正走回「 NFT泡沫」路上？為何機構大量儲備，是加密市場的完美風暴 https://www.blocktempo.com/bitcoin-rally-nft-bubble-institutional-accumulation-perfect-storm-crypto-market-analysis/ 美國SEC主席：正動員所有部門將美國打造成爲全球加密貨幣中心 https://www.mitrade.com/zh/insights/news/live-news/article-3-1043692-20250815 第二家加密貨幣交易平臺Bullish登上美國股市 https://www.ithome.com.tw/news/170609 穩定幣UST創始人認罪 涉400億美元崩盤案 https://www.epochtimes.com/b5/25/8/13/n14572465.htm 台灣第一家比特幣儲備公司誕生！大大寬頻 / 大豐電會成台版微策略嗎 https://www.blocktempo.com/taiwan-first-bitcoin-reserve-company-is-established/ 花旗揮軍加密貨幣市場！鎖定穩定幣、比特幣 ETF 託管商機 https://blockcast.it/2025/08/15/citigroup-explores-custody-and-payment-services-for-stablecoins-and-crypto-etfs/ 解密何一：從鄉村到加密權力之巔，詮釋「加密女王」的破局之道 https://www.blocktempo.com/decoding-he-yi-journey-from-rural-roots-to-crypto-power-queen-strategy/ 中東土豪新寵！幣安等加密貨幣交易所推清真加密貨幣 鎖定中東5億年輕網民 https://reurl.cc/qYvRE0 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 新型EDR殺手工具橫掃八大勒索軟體集團：RansomHub打造終極安全繞過利器 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12119 俄羅斯駭客Curly COMrades鎖定前蘇聯國家，透過惡意程式MucorAgent從事隱密的網路間諜活動 https://www.ithome.com.tw/news/170631 勒索軟體Crypto24鎖定大型企業組織而來，透過EDR迴避偵測工具犯案 https://www.bleepingcomputer.com/news/security/crypto24-ransomware-hits-large-orgs-with-custom-edr-evasion-tool/ 駭客使用惡意程式CrossC2，將Cobalt Strike攻擊範圍延伸到macOS與Linux電腦 https://thehackernews.com/2025/08/researchers-warn-crossc2-expands-cobalt.html 美國拆解Royal與BlackSuit勒索軟體基礎設施，當地受害機構逾450家 https://www.ithome.com.tw/news/170568 Docker Hub驚傳埋入XZ Utils後門的映像檔，軟體供應鏈亮起紅燈 https://www.ithome.com.tw/news/170620 勒索軟體Anubis攻擊Windows、安卓裝置竊取資料、刪除檔案 https://www.ithome.com.tw/news/170417 450家美國企業慘遭勒索軟體Royal、BlackSuit毒手 https://www.bleepingcomputer.com/news/security/royal-and-blacksuit-ransomware-gangs-hit-over-450-us-companies/ 勒索軟體Charon鎖定中東而來，駭客疑似曾長期對臺灣下手 https://thehackernews.com/2025/08/charon-ransomware-hits-middle-east.html 惡意軟體PS1Bot透過廣告散布，以多階段記憶體內活動從事攻擊 https://thehackernews.com/2025/08/new-ps1bot-malware-campaign-uses.html 惡意Go、NPM套件散布跨平臺惡意套件，攻擊者可遠端抹除電腦資料 https://thehackernews.com/2025/08/malicious-go-npm-packages-deliver-cross.html SocGholish Malware Spread via Ad Tools; Delivers Access to LockBit, Evil Corp, and Others https://thehackernews.com/2025/08/socgholish-malware-spread-via-ad-tools.html PubyGems、PyPI用戶遭遇惡意套件攻擊，駭客意圖竊取帳密、加密貨幣，並竄改安全設定 https://thehackernews.com/2025/08/rubygems-pypi-hit-by-malicious-packages.html RubyGems, PyPI Hit by Malicious Packages Stealing Credentials, Crypto, Forcing Security Changes https://thehackernews.com/2025/08/rubygems-pypi-hit-by-malicious-packages.html GreedyBear Steals $1M in Crypto Using 150+ Malicious Firefox Wallet Extensions https://thehackernews.com/2025/08/greedybear-steals-1m-in-crypto-using.html Charon Ransomware Hits Middle East Sectors Using APT-Level Evasion Tactics https://thehackernews.com/2025/08/charon-ransomware-hits-middle-east.html Researchers Spot XZ Utils Backdoor in Dozens of Docker Hub Images, Fueling Supply Chain Risks https://thehackernews.com/2025/08/researchers-spot-xz-utils-backdoor-in.html New PS1Bot Malware Campaign Uses Malvertising to Deploy Multi-Stage In-Memory Attacks https://thehackernews.com/2025/08/new-ps1bot-malware-campaign-uses.html U.S. Sanctions Garantex and Grinex Over $100M in Ransomware-Linked Illicit Crypto Transactions https://thehackernews.com/2025/08/us-sanctions-garantex-and-grinex-over.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 蘋果修改設計　血氧量測得以在美國重回Apple Watch https://www.ithome.com.tw/news/170626 Google Requires Crypto App Licenses in 15 Regions as FBI Warns of $9.9M Scam Losses https://thehackernews.com/2025/08/google-requires-crypto-app-licenses-in.html New TETRA Radio Encryption Flaws Expose Law Enforcement Communications https://thehackernews.com/2025/08/new-tetra-radio-encryption-flaws-expose.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 針對勒索軟體駭客公布部分竊得資料，海華科技表示對公司無重大影響 https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=123724&SPOKE_DATE=20250811&COMPANY_ID=3694 故事化敘事結合多輪脈絡引導，可誘使GPT-5輸出危險內容 https://www.ithome.com.tw/news/170569 英國國家網路安全中心更新網路評估框架 強化關鍵基礎設施韌性 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12106 美國NIST輕量加密標準定案，採四種Ascon演算法保護物聯網與醫療裝置 https://www.ithome.com.tw/news/170621 俄羅斯駭客Curly COMrades鎖定前蘇聯國家，透過惡意程式MucorAgent從事隱密的網路間諜活動 https://www.ithome.com.tw/news/170631 北韓駭客Kimsuky內部資料遭公開，作案工具與目標名單曝光 https://www.bleepingcomputer.com/news/security/north-korean-kimsuky-hackers-exposed-in-alleged-data-breach/ Google近期揭露Salesforce系統資料外洩事故出現進展，傳出曝露潛在廣告主資訊 https://www.ithome.com.tw/news/170548 ShinyHunters、Scattered Spider狼狽為奸，鎖定Salesforce系統發動攻擊 https://www.ithome.com.tw/news/170623 對4月水壩遭到入侵，挪威指控是俄羅斯駭客所為，目的疑為展示能力 https://www.bleepingcomputer.com/news/security/pro-russian-hackers-blamed-for-water-dam-sabotage-in-norway/ Hackers Found Using CrossC2 to Expand Cobalt Strike Beacon's Reach to Linux and macOS https://thehackernews.com/2025/08/researchers-warn-crossc2-expands-cobalt.html Cybercrime Groups ShinyHunters, Scattered Spider Join Forces in Extortion Attacks on Businesses https://thehackernews.com/2025/08/cybercrime-groups-shinyhunters.html Linux-Based Lenovo Webcams' Flaw Can Be Remotely Exploited for BadUSB Attacks https://thehackernews.com/2025/08/linux-based-lenovo-webcams-flaw-can-be.html Researchers Reveal ReVault Attack Targeting Dell ControlVault3 Firmware in 100+ Laptop Models https://thehackernews.com/2025/08/researchers-reveal-revault-attack.html 新型Win-DDoS攻擊手法可將公開網域控制器變成DDoS殭屍網路 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12121 New Win-DDoS Flaws Let Attackers Turn Public Domain Controllers into DDoS Botnet via RPC, LDAP https://thehackernews.com/2025/08/new-win-ddos-flaws-let-attackers-turn.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 Booking.com網釣透過日文字元愚弄用戶 https://www.bleepingcomputer.com/news/security/bookingcom-phishing-campaign-uses-sneaky-character-to-trick-you/ 駭客公開安聯人壽被竊客戶、合作夥伴280萬筆資料 https://www.ithome.com.tw/news/170589 法國電信業者Bouygues Telecom傳資料外洩，影響640萬客戶 https://www.ithome.com.tw/news/170591 駭客組織PoisonSeed釣魚攻擊繞過MFA，入侵CRM與大量郵件發送服務 https://www.ithome.com.tw/news/170622 降級攻擊可突破Entra ID的FIDO身分驗證 https://www.bleepingcomputer.com/news/security/new-downgrade-attack-can-bypass-fido-auth-in-microsoft-entra-id/ AI Tools Fuel Brazilian Phishing Scam While Efimer Trojan Steals Crypto from 5,000 Victims https://thehackernews.com/2025/08/ai-tools-fuel-brazilian-phishing-scam.html E.研究報告/工具 6 Lessons Learned: Focusing Security Where Business Value Lives https://thehackernews.com/2025/08/6-lessons-learned-focusing-security.html Researchers Detail Windows EPM Poisoning Exploit Chain Leading to Domain Privilege Escalation https://thehackernews.com/2025/08/researchers-detail-windows-epm.html The Second Layer of Salesforce Security Many Teams Miss https://thehackernews.com/expert-insights/2025/08/the-second-layer-of-salesforce-security.html Leaked Credentials Up 160%: What Attackers Are Doing With Them https://thehackernews.com/2025/08/leaked-credentials-up-160-what.html The Ultimate Battle: Enterprise Browsers vs. Secure Browser Extensions https://thehackernews.com/2025/08/the-ultimate-battle-enterprise-browsers.html Simple Steps for Attack Surface Reduction https://thehackernews.com/2025/08/simple-steps-for-attack-surface.html Zero Trust + AI: Privacy in the Age of Agentic AI https://thehackernews.com/2025/08/zero-trust-ai-privacy-in-age-of-agentic.html F.商業 AI SOC 101: Key Capabilities Security Leaders Need to Know https://thehackernews.com/2025/08/ai-soc-101-key-capabilities-security.html 網頁伺服器NGINX原生支援ACME，現可自動申請與更新TLS憑證 https://www.ithome.com.tw/news/170625 亞利安攜手 Orca Security 聚焦修復導向的雲端安全革新 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12114 迎戰新興量子威脅：Fortinet擴展FortiOS全新功能 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12112 微軟測試Windows 365 Reserve服務，主打PC掛點無法使用電腦的員工 https://www.ithome.com.tw/news/170568 微軟Universal Print Anywhere功能全面上線，M365用戶可在任意印表機安全列印 https://www.ithome.com.tw/news/170618 G.政府 數發部將強化醫療領域關鍵基礎設施資安，衛福部擬為中小型醫療機構建立區域聯防機制 https://www.ithome.com.tw/news/170650 資安署推四大措施 強化醫療關鍵基礎設施資安防護 https://today.line.me/tw/v3/article/PGN0RBV 第七期資安發展方案啟動 資安署祭四策略強化醫療領域防護 https://wantrich.chinatimes.com/news/20250815900576-420501 資安署攜衛福部四策略強化醫界防護 資安將納醫院評鑑 https://news.owlting.com/articles/1103398 立委指防詐App下載數偏低　數位部：盡量宣傳 https://www.cna.com.tw/news/aipl/202508150304.aspx 數位經濟發展諮詢會再次召開 數發部聚焦2大AI議題 https://ec.ltn.com.tw/article/breakingnews/5142530 數位產業署率臺灣資安產業赴泰拓銷 深化合作並啟動在地資安服務據點 https://moda.gov.tw/ADI/news/latest-news/17000 粉專遭下架、KOL帳號被錯殺 葛如鈞：政府「數位管制」愈打愈詐 https://www.tcpttw.com/political/2025/08/15/191067/ 數發部協力AI驅動 資訊軟體服務成下一個兆元級產業 https://reurl.cc/MzjQKn H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 開放電信平臺的SSH程式庫滿分漏洞出現攻擊行動，7成鎖定OT環境而來 https://www.ithome.com.tw/news/170615 Researchers Spot Surge in Erlang/OTP SSH RCE Exploits, 70% Target OT Firewalls https://thehackernews.com/2025/08/researchers-spot-surge-in-erlangotp-ssh.html 聯想網路攝影機存在漏洞，可被用於遠端發動BadUSB攻擊 https://thehackernews.com/2025/08/linux-based-lenovo-webcams-flaw-can-be.html 佳能旗下視訊監控系統存在重大漏洞，6,500臺主機面臨被挾持的風險 https://thehackernews.com/2025/08/6500-axis-servers-expose-remoting.html NIST輕量加密標準定案，採四種Ascon演算法保護物聯網與醫療裝置 https://www.ithome.com.tw/news/170621 I.教育訓練 資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g EC Council CASE.NET 認證準備 https://coolmandiary.blogspot.com/2025/04/ec-council-casenet.html EC Council CASE.NET(312-95)_筆記_Module1專有名詞及定義 https://coolmandiary.blogspot.com/2021/10/ec-council-casenet312-95module1.html GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 [ONLINE] EE Business Networking (free!) 2025/8/16 https://www.meetup.com/cebu-business-networking/events/ 物聯網資訊安全實務 2025/8/16 https://www.accupass.com/event/2506270910121558046175 用 30 分鐘學會 Apigee 全面守護資料安全 |《API 治理升級，迎戰資安與法遵挑戰》 2025/ 8/19 https://www.accupass.com/event/2507170605488819292550 Drupal PH Online Meetup (Aug. 2025): Presentation of DrupalCon Nara Japan 2025/ 8/19 https://www.meetup.com/drupal-ph/events/308865542/ Webinar Introduction: ITSM, Open Source, and a Deep Dive into iTop CMDB 2025/8/19 https://www.meetup.com/itsmbkk/events/308959293/ ONLINE 🌟 Info Session for Le Wagon's PART-TIME coding & AI bootcam ps2025/ 8/19 https://www.meetup.com/le-wagon-tokyo-coding-station/events/310223561/ 2025年8月-iPAS 資訊安全工程師(初級)能力培訓班-高雄場 2025/8/21 https://www.accupass.com/event/2504240921341381390216 Elastic AI 實戰：透過實機操作體驗主動式可觀測性與故障排除 2025/8/21 https://www.accupass.com/event/2506160332041624033313 [On-Line] AWS Global Community Gatherings #10 2025/8/22 https://www.meetup.com/awsglobalcommunitygatherings/events/307473399/ Saturday AI Hangout with Zack Lim 2025/8/23 https://www.meetup.com/internet-entrepreneurs-network-thailand/events/310143607/ NISRA Enlightened 2025 2025/8/25 ~ 2025/8/28 https://nisra.kktix.cc/events/2025enlightened 資安事件比你想像更靠近！ |《主動式防禦，從 Google SecOps 開始！》 2025/ 8/27 https://www.accupass.com/event/2507250822501753616659 MaiCoin 反詐騙講座 2025/ 8/27 https://www.accupass.com/event/2506290707563443008580 Taipei dbt Meetup #39 GenBI 2025/8/28 https://www.meetup.com/taipei-dbt-meetup/events/310250569/ API 安全開發指南：漏洞修復與授權管理實務 2025/9/11-2025/9/12 https://www.accupass.com/event/2501021422337978365160 2025年9月-iPAS 資訊安全工程師(初級)能力培訓班 2025/9/20 https://www.accupass.com/event/2505080338266282560860 ISO 27001:2022 資訊安全管理系統主導稽核員訓練課程 2025/9/22 https://www.accupass.com/event/2505190352351691427965