資安事件新聞週報 2024/12/23 ~ 2024/12/27

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2024/12/23 ~ 2024/12/27 1.重大弱點漏洞/後門/Exploit/Zero Day Sophos 近日發布更新以解決 Firewall 的安全性弱點 https://www.ithome.com.tw/news/166622 https://www.sophos.com/en-us/security-advisories/sophos-sa-20241219-sfos-rce https://nvd.nist.gov/vuln/detail/CVE-2024-12727 https://nvd.nist.gov/vuln/detail/CVE-2024-12728 https://nvd.nist.gov/vuln/detail/CVE-2024-12729 Sophos修補兩項防火牆重大漏洞，若不處理就有可能遭到SQL注入攻擊、曝露系統特權管理員帳號 https://www.ithome.com.tw/news/166622 Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation https://thehackernews.com/2024/12/sophos-fixes-3-critical-firewall-flaws.html Palo Alto Networks防火牆存在阻斷服務漏洞，傳出已有攻擊行動 https://www.ithome.com.tw/news/166717 Palo Alto Releases Patch for PAN-OS DoS Flaw — Update Immediately https://thehackernews.com/2024/12/palo-alto-releases-patch-for-pan-os-dos.html Fortinet FortiClient https://nvd.nist.gov/vuln/detail/CVE-2020-15934 Fortinet 發布FortiManager的安全公告 https://www.cisa.gov/news-events/alerts/2024/12/20/fortinet-releases-security-updates-fortimanager https://www.fortiguard.com/psirt/FG-IR-24-425 Fortinet FortiManager https://nvd.nist.gov/vuln/detail/CVE-2024-48889 https://nvd.nist.gov/vuln/detail/CVE-2021-32589 Fortinet FortiWAN https://nvd.nist.gov/vuln/detail/CVE-2021-26102 https://nvd.nist.gov/vuln/detail/CVE-2021-26115 Fortinet無線網路管理系統FortiWLM存在重大漏洞，若不處理攻擊者有機會接管設備 https://www.bleepingcomputer.com/news/security/fortinet-warns-of-critical-fortiwlm-bug-giving-hackers-admin-privileges/ Fortinet FortiWLM https://nvd.nist.gov/vuln/detail/CVE-2023-34990 Microsoft Excel https://nvd.nist.gov/vuln/detail/CVE-2024-43106 Acrobat Reader DC https://nvd.nist.gov/vuln/detail/CVE-2022-44512 https://nvd.nist.gov/vuln/detail/CVE-2022-44513 https://nvd.nist.gov/vuln/detail/CVE-2022-44514 https://nvd.nist.gov/vuln/detail/CVE-2022-44518 https://nvd.nist.gov/vuln/detail/CVE-2022-44520 Apache Tomcat https://nvd.nist.gov/vuln/detail/CVE-2024-50379 Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks https://thehackernews.com/2024/12/apache-tomcat-vulnerability-cve-2024.html Apache 已發布安全性更新來解決 Struts 2 的弱點 https://struts.apache.org/core-developers/file-upload-interceptor https://cwiki.apache.org/confluence/display/WW/S2-067 https://isc.sans.edu/diary/31520 https://www.ithome.com.tw/news/166558 Apache MINA CVE-2024-52046: CVSS 10.0 Flaw Enables RCE via Unsafe Serialization https://thehackernews.com/2024/12/apache-mina-cve-2024-52046-cvss-100.html Apache修補開源CDN軟體Traffic Control重大層級SQL注入漏洞 https://www.ithome.com.tw/news/166697 Apache基金會修補網頁伺服器元件Tomcat遠端程式碼執行漏洞 https://www.ithome.com.tw/news/166667 Chunghwa Telecom tbm-client https://nvd.nist.gov/vuln/detail/CVE-2024-12643 https://nvd.nist.gov/vuln/detail/CVE-2024-12644 https://nvd.nist.gov/vuln/detail/CVE-2024-12646 Chunghwa Telecom TenderDocTransfer https://nvd.nist.gov/vuln/detail/CVE-2024-12641 https://nvd.nist.gov/vuln/detail/CVE-2024-12642 IBM Security QRadar Log Management AQL Plugin contains multiple vulnerabilities (CVE-2024-45296, CVE-2024-8986, CVE-2024-21489) https://www.ibm.com/support/pages/node/7179757 IBM商業智慧分析套件Cognos Analytics存在重大漏洞，有可能導致敏感資訊曝光、系統當機 https://securityonline.info/cve-2024-51466-cvss-9-0-critical-vulnerability-found-in-ibm-cognos-analytics/ Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now https://thehackernews.com/2024/12/critical-sql-injection-vulnerability-in.html CISA Adds Acclaim USAHERDS Vulnerability to KEV Catalog Amid Active Exploitation https://thehackernews.com/2024/12/cisa-adds-acclaim-usaherds.html CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List https://thehackernews.com/2024/12/cisa-adds-critical-flaw-in-beyondtrust.html Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools https://thehackernews.com/2024/12/hackers-exploiting-critical-fortinet.html Cloud Atlas Deploys VBCloud Malware: Over 80% of Targets Found in Russia https://thehackernews.com/2024/12/cloud-atlas-deploys-vbcloud-malware.html FICORA and Kaiten Botnets Exploit Old D-Link Vulnerabilities for Global Attacks https://thehackernews.com/2024/12/ficora-and-kaiten-botnets-exploit-old-d.html 中國一家網路設備廠商的雲端集中管理平臺存在重大漏洞，攻擊者有機會用來控制列管設備 https://www.ithome.com.tw/news/166718 Java網路應用程式框架Apache MINA存在風險滿分的重大漏洞 https://securityonline.info/cve-2024-52046-cvss-10-critical-apache-mina-flaw-could-allow-remote-code-execution/ XML檔案解析程式庫libxml2存在重大漏洞，恐被用於XML外部實體攻擊 https://securityonline.info/cve-2024-40896-cvss-9-1-critical-xxe-vulnerability-discovered-in-libxml2/ 程式碼管理系統Gogs存在重大漏洞，若不處理攻擊者有機會執行任意命令、竊取代管的程式碼 https://www.ithome.com.tw/news/166703 檔案傳輸系統CrushFTP存在重大漏洞，攻擊者能藉此重設密碼控制用戶帳號 https://securityonline.info/cve-2024-53552-cvss-9-8-crushftp-flaw-exposes-users-to-account-takeover/ 控管Unix與Linux系統的開源套件Webmin有重大漏洞，一般帳號可趁機偷用root權限執行惡意命令 https://www.ithome.com.tw/news/166669 WordPress外掛WPLMS、VibeBP存在7項重大漏洞 https://patchstack.com/articles/multiple-critical-vulnerabilities-patched-in-wplms-and-vibebp-plugins/ MinIO修補物件儲存平臺弱點，包括允許任意使用者獲得完全管理權限的重大漏洞 https://www.ithome.com.tw/news/166613 2.銀行/金融/保險/證券/金融監理新聞及資安 DORA 新法規上路！歐盟金融機構須加強網路韌性 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11479 銀行金融檢查防制詐騙與資安成重點 https://udn.com/news/story/7239/8436847 金融 AI 應用的潛在風險建立治理與問責機制 https://reurl.cc/6jjngy 精進客戶金融體驗　中信銀行接軌國際　取得ISO10002、ISO10004雙驗證 https://finance.ettoday.net/news/2881376 日本三菱UFJ銀行網路銀行無法登入疑似遭網攻 https://news.pchome.com.tw/finance/cna/20241226/index-17352184936963118003.html#google_vignette 三菱日聯銀行網銀系統故障或因遭受攻擊 https://tchina.kyodonews.net/news/2024/12/9ca3d807c8c2--.html#google_vignette 金融監管總局擬加強銀行業金融機構高管人員任職資格管理 http://big5.news.cn/gate/big5/www.xinhuanet.com/fortune/20241227/6be12d5d56dd4eb1b42ef17a83571877/c.html 證交所攜手財金公司力推金融區塊鏈有價證券借貸銀行保證 https://reurl.cc/Q55Kdq 3.信用卡/電子支付/行動支付/pay/支付系統/資安行動支付新兵報到！Ocard 攜手 Pi 拍錢包推出 Ocard Pay https://finance.technews.tw/2024/12/25/ocard/ HIVEX攜手四大電支嗶進日本 https://www.chinatimes.com/newspapers/20241223000426-260208?chdtv 台灣人卡費年破4.2兆！人均擁4張⋯Visa揭台灣3大良機：電支為何不是對手 https://reurl.cc/V00bXA 香港八達通網絡新增PayMe付款提升的士支付便利性 https://www.epochtimes.com/b5/24/12/23/n14396603.htm 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 North Korean Hackers Pull Off $308M Bitcoin Heist from Crypto Firm DMM Bitcoin https://thehackernews.com/2024/12/north-korean-hackers-pull-off-308m.html 本週五「史上最大規模」140億美元比特幣期權到期，小心市場劇烈波動 https://www.blocktempo.com/bitcoin-faces-a-critical-period/ 美擴大301調查衝擊加密貨幣 https://www.ctee.com.tw/news/20241227700082-439901 國際支付准用比特幣！俄財長宣布「挖礦合法化」：抵抗西方制裁 https://news.tvbs.com.tw/world/2730149 無懼西方制裁！俄羅斯使用比特幣規避審查 https://reurl.cc/966mrO 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC Trojan.Win64.MALXMR.AA（又名 KASPERSKY）木馬病毒 https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/trojan.win64.malxmr.aa 後門程式OtterCookie鎖定軟體開發人員而來，北韓駭客假借徵才名義散布 https://www.bleepingcomputer.com/news/security/new-ottercookie-malware-used-to-backdoor-devs-in-fake-job-offers/ 後門程式LittleLamb、WoolTea鎖定Palo Alto Networks防火牆而來 https://securityonline.info/cve-2024-9474-exploited-littlelamb-wooltea-backdoor-discovered-in-palo-alto-devices/%20https://northwave-cybersecurity.com/hubfs/LITTLELAMB%20WOOLTEA%20technical%20writeup%20Schrijver%20and%20Oudenaarden.pdf 勒索軟體LockBit開發者傳出在以色列被捕 https://www.ithome.com.tw/news/166701 以Python打造的竊資軟體NodeStealer針對臉書廣告管理員而來 https://securityonline.info/nodestealer-infostealer-new-python-based-variant-targets-facebook-ads-manager/ 勒索軟體LockBit開發者傳出在以色列被捕 https://www.darkreading.com/cyberattacks-data-breaches/lockbit-ransomware-developer-arrested-israel 網釣工具包WikiKit鎖定汽車、製造、醫療而來，佯稱是受害者所屬企業來發動攻擊 https://securityonline.info/wikikit-phishing-kit-targets-major-industries-with-evasive-techniques/ Python惡意套件Zebo與Cometlogger被用於供應鏈攻擊，竊取帳密資料 https://www.ithome.com.tw/news/166653 跨平臺勒索軟體NotLockBit鎖定Windows、macOS電腦而來 https://securityonline.info/notlockbit-new-cross-platform-ransomware-threatens-windows-and-macos/ 殭屍網路Mirai變種Hail Cock鎖定Digiever網路視訊監視設備而來，利用RCE漏洞入侵受害設備 https://www.ithome.com.tw/news/166652 羅馬尼亞駭客組織Diicot鎖定Linux主機而來，企圖散布挖礦軟體 https://www.ithome.com.tw/news/166626 Juniper針對Session Smart Router提出警告，駭客利用預設帳密散布殭屍網路病毒Mirai https://www.ithome.com.tw/news/166594 駭客UAC-0125濫用Cloudflare Workers散布惡意程式，目的是攻佔烏克蘭軍隊個人電腦 https://www.ithome.com.tw/news/166625 Cyberattack: UAC-0125 using the theme "Army+" (CERT-UA#12559) https://cert.gov.ua/article/6281701 Recent Cases of Watering Hole Attacks, Part 1 https://blogs.jpcert.or.jp/en/2024/12/watering_hole_attack_part1.html 為了讓變種威脅更能掩人耳目，伊朗駭客Charming Kitten改用C++重寫既有的惡意程式 https://www.ithome.com.tw/news/166721 伊朗駭客Charming Kitten以C++改寫惡意程式，對亞洲企業組織發動攻擊 https://thehackernews.com/2024/12/irans-charming-kitten-deploys-bellacpp.html Iran's Charming Kitten Deploys BellaCPP: A New C++ Variant of BellaCiao Malware https://thehackernews.com/2024/12/irans-charming-kitten-deploys-bellacpp.html Researchers Uncover PyPI Packages Stealing Keystrokes and Hijacking Social Accounts https://thehackernews.com/2024/12/researchers-uncover-pypi-packages.html LockBit Developer Rostislav Panev Charged for Billions in Global Ransomware Damages https://thehackernews.com/2024/12/lockbit-developer-rostislav-panev.html Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware https://thehackernews.com/2024/12/lazarus-group-spotted-targeting-nuclear.html Rspack旗下NPM套件遭到供應鏈攻擊，開發人員電腦恐被植入挖礦軟體 https://www.ithome.com.tw/news/166665 Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack https://thehackernews.com/2024/12/rspack-npm-packages-compromised-with.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 U.S. Judge Rules Against NSO Group in WhatsApp Pegasus Spyware Case https://thehackernews.com/2024/12/us-judge-rules-against-nso-group-in.html 針對5年前間諜軟體供應商NSO Group被控利用WhatsApp零時差漏洞入侵逾1,400臺行動裝置，美國法院判決WhatsApp勝訴 https://www.ithome.com.tw/news/166670 間諜軟體供應商NSO Group利用WhatsApp零時差漏洞入侵逾1,400臺行動裝置 https://www.bleepingcomputer.com/news/security/us-court-finds-spyware-maker-nso-liable-for-whatsapp-hacks/ C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 AI模型對資安訓練陽奉陰違，策略性掩蓋偏好迎合訓練者 https://www.ithome.com.tw/news/166616 日本航空傳出對外網路停擺，部分機場班機出現延誤，當地媒體指出是遭遇網路攻擊 https://www.ithome.com.tw/news/166698 半導體材料供應商合晶美國子公司Helitek遭網路攻擊 https://mops.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=3&SPOKE_TIME=184557&SPOKE_DATE=20241226&COMPANY_ID=6182 核能工程師遭北韓駭客Lazarus鎖定，面臨惡意軟體CookiePlus攻擊 https://thehackernews.com/2024/12/lazarus-group-spotted-targeting-nuclear.html 資安業者TeamT5解析2024年中國APT攻擊態樣與假訊息潮流 https://www.ithome.com.tw/news/166623 中國駭客鎖定電信業發動大規模攻擊，CISA呼籲高風險用戶應改用支援E2EE的加密通訊軟體因應 https://www.ithome.com.tw/news/166655 俄羅斯駭客APT29架設RDP代理伺服器從事中間人攻擊，竊取帳密並部署惡意軟體 https://www.bleepingcomputer.com/news/security/russian-hackers-use-rdp-proxies-to-steal-data-in-mitm-attacks/ Ruijie Networks' Cloud Platform Flaws Could've Exposed 50,000 Devices to Remote Attacks https://thehackernews.com/2024/12/ruijie-networks-cloud-platform-flaws.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全思科10月傳出資料遭竊事故還沒結束？12月有駭客聲稱他們握有4.5 TB規模的資料 https://www.ithome.com.tw/news/166719 KYC客戶識別受到挑戰，資安業者警告駭客於暗網系統性彙整能用於通過驗證的資料 https://www.infosecurity-magazine.com/news/major-biometric-data-farming/ OpenAI違反GDPR，義大利政府判罰1,500萬歐元 https://www.ithome.com.tw/news/166702 萬豪國際及其子公司喜達屋因近年大規模資料外洩事故遭起訴，美國政府下令要求改善資安 https://www.ithome.com.tw/news/166663 鎖定M365帳號的網釣平臺FlowerStorm崛起，疑似Rockstar 2FA捲土重來 https://www.ithome.com.tw/news/166651 英國AI開發平臺Builder.ai資料庫配置不當，曝露300萬筆記錄資料 https://www.websiteplanet.com/news/builderai-breach-report/ 【錯誤】網傳「詐騙集團會假冒快遞員送包裹，當民眾掃碼簽收後，銀行存款就會被盜領一空」 https://reurl.cc/Egg57g Rockstar2FA Collapse Fuels Expansion of FlowerStorm Phishing-as-a-Service https://thehackernews.com/2024/12/rockstar2fa-collapse-fuels-expansion-of.html Brazilian Hacker Charged for Extorting $3.2M in Bitcoin After Breaching 300,000 Accounts https://thehackernews.com/2024/12/brazilian-hacker-charged-for-extorting.html Italy Fines OpenAI €15 Million for ChatGPT GDPR Data Privacy Violations https://thehackernews.com/2024/12/italy-fines-openai-15-million-for.html E.研究報告/工具認識威脅情資與威脅格局的運用方式 https://teamt5.org/tw/posts/whitepaper-tw-understanding-threat-intelligence-and-the-threat-landscape-with-team-t5/ 當 APT 威脅埋伏於環境中，該如何有效處置 https://teamt5.org/tw/posts/ir-use-case-how-to-respond-to-advanced-persistent-threat-apt/ 實戰威脅狩獵所面臨的挑戰 https://teamt5.org/tw/posts/challenges-of-threat-hunting/ Linux 攻擊場域：常見惡意手法 https://teamt5.org/tw/posts/linux-attack-method-analysis-on-common-malicious-attack-methods/ 研究人員揭露針對DNSSEC防護措施而來的阻斷服務攻擊KeyTrap https://www.darkreading.com/cloud-security/dnssec-denial-of-service-attacks-show-fragility Windows應用程式控制機制WDAC可被利用，研究人員展示停止EDR系統運作 https://securityonline.info/weaponizing-windows-defender-new-attack-bypasses-edr/ AI Could Generate 10,000 Malware Variants, Evading Detection in 88% of Case https://thehackernews.com/2024/12/ai-could-generate-10000-malware.html F.商業 TeamT5 再度獲得國際肯定，Frost & Sullivan 頒發臺灣最佳威脅情資公司 https://reurl.cc/WAAmY9 Top 10 Cybersecurity Trends to Expect in 2025 https://thehackernews.com/2024/12/top-10-cybersecurity-trends-to-expect.html 台北市電腦商業同業公會頒發2024資安精品獎，6項產品及服務獲獎 https://www.tca.org.tw/tca_news1.php?n=2257 G.政府數發部：台灣AI發展將聚焦微調國際大型模型及開發特定領域應用 https://www.sinotrade.com.tw/richclub/news/676e7aa431c1ba247abf7915 數發部首次參與美國網路風暴演練深化資安聯防 https://www.rti.org.tw/news/view/id/2231792 持續強化基建韌性　落實資安即國安法規推高防禦力　打消駭客意圖 https://www.netadmin.com.tw/netadmin/zh-tw/viewpoint/09AF0F9742704E30A1A7CB9F32F14A36#google_vignette 臺東大學攜手資安院　深耕資安領域　共創更安全未來 https://www.1111.com.tw/news/jobns/158946 台積電、資安院簽MOU 提升半導體產業供應鏈資安韌性 https://news.cnyes.com/news/id/5810519 資安院與台積電簽署資通安全合作備忘錄　攜手實現資安共好 https://www.knews.com.tw/news/5665367847FC9B98D8BA409B7BFAE39A#google_vignette H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安西門子UMC元件存在重大漏洞，攻擊者有機會遠端執行任意程式碼 https://securityonline.info/cve-2024-49775-cvss-9-8-critical-vulnerability-in-siemens-umc-exposes-systems-to-remote-exploitation/ Rockwell能源控制監視器PowerMonitor存在重大漏洞，攻擊者有機會取得工控環境的存取權限 https://www.securityweek.com/rockwell-powermonitor-vulnerabilities-allow-remote-hacking-of-industrial-systems/ 鎖定物聯網裝置的惡意軟體BadBox攻擊升溫，19萬臺安卓裝置遭綁架、組成殭屍網路 https://www.ithome.com.tw/news/166649 I.教育訓練資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 “全球金牌敏捷课程” - CSM认证（周末班）2024/12/28 https://www.meetup.com/shanghai-agile-scrum-user-group/events/304806511/ Focus and Take Action - Entrepreneurs and Digital Nomads 2024/12/29 https://www.meetup.com/taipei-accountability-group/events/rjcdptygcqbmc/ SecondLook Discussions 2024/12/29 https://www.meetup.com/secondlook-bangkok/events/pbfdptygcqbmc/ Algorithms Study Group! 2024/12/31 https://www.meetup.com/codeseoul/events/vgfcptygcqbpc/