資安事件新聞週報 2025/11/3 ~ 2025/11/7

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2025/11/3 ~ 2025/11/7 1.重大弱點漏洞/後門/Exploit/Zero Day 思科防火牆漏洞再發現新攻擊，癱瘓防火牆運作，並關閉事件記錄功能以防留下痕跡 https://www.ithome.com.tw/news/172095 思科修補軟體管理平臺UCCX重大漏洞，若不處理攻擊者可以root權限執行任意命令 https://www.bleepingcomputer.com/news/security/critical-cisco-uccx-flaw-lets-hackers-run-commands-as-root/ Cisco Warns of New Firewall Attack Exploiting CVE-2025-20333 and CVE-2025-20362 https://thehackernews.com/2025/11/cisco-warns-of-new-firewall-attack.html BadCandy鎖定思科IOS XE滿分漏洞，澳洲目前仍有1百多臺路由器遭駭 https://www.ithome.com.tw/news/172011 ASD Warns of Ongoing BADCANDY Attacks Exploiting Cisco IOS XE Vulnerability https://thehackernews.com/2025/11/asd-warns-of-ongoing-badcandy-attacks.html SonicWall說明9月防火牆組態備份服務遭駭，確認攻擊者是國家級駭客 https://www.ithome.com.tw/news/172080 微軟WSUS漏洞掃描活動遽增，攻擊者用於植入Skuld竊資軟體 https://www.ithome.com.tw/news/172031 China-Linked Tick Group Exploits Lanscope Zero-Day to Hijack Corporate Systems https://thehackernews.com/2025/10/china-linked-tick-group-exploits.html CISA and NSA Issue Urgent Guidance to Secure WSUS and Microsoft Exchange Servers https://thehackernews.com/2025/10/cisa-and-nsa-issue-urgent-guidance-to.html CISA Adds Gladinet and CWP Flaws to KEV Catalog Amid Active Exploitation Evidence https://thehackernews.com/2025/11/cisa-adds-gladinet-and-cwp-flaws-to-kev.html Google's AI 'Big Sleep' Finds 5 New Vulnerabilities in Apple's Safari WebKit https://thehackernews.com/2025/11/googles-ai-big-sleep-finds-5-new.html 美國CISA 警告：Linux 內核高危險漏洞遭勒索軟體集團攻擊利用 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12409 Claroty 修補遠端存取平台嚴重漏洞：驗證機制缺陷可繞過雙因素認證 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12408 OpenAI Atlas 瀏覽器存在多重安全漏洞，可能遭提示注入攻擊與記憶污染 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12390 MySQL 8.0明年4月終止支援，逾半數使用者仍未升級恐曝險 https://www.ithome.com.tw/news/171997 NPM套件React Native命令列工具存在重大漏洞，攻擊者恐在開發環境執行任意命令 https://www.ithome.com.tw/news/172082 NPM套件React Native CLI存在重大漏洞，數百萬開發人員電腦恐面臨風險 https://thehackernews.com/2025/11/critical-react-native-cli-flaw-exposed.html Docker漏洞可讓駭客在主機寫入檔案 https://www.ithome.com.tw/news/171999 Google發布Chrome 142大改版，修補多項V8引擎高風險漏洞，其中2項研究人員獲得5萬美元獎勵 https://securityaffairs.com/184149/security/chrome-142-released-two-high-severity-v8-flaws-fixed-100k-in-rewards-paid.html Google旗下AI資安代理Big Sleep再度立功，於Safari找到5項資安漏洞 https://www.ithome.com.tw/news/172057 WordPress佈景主題JobMonster存在重大層級身分驗證繞過漏洞，已被用於攻擊行動 https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-auth-bypass-flaw-in-jobmonster-wordpress-theme/ WordPress外掛Post SMTP存在重大漏洞，攻擊者以此挾持管理員帳號 https://www.bleepingcomputer.com/news/security/hackers-exploit-wordpress-plugin-post-smtp-to-hijack-admin-accounts/ 近兩年前揭露及修補的Linux核心漏洞CVE-2024-1086，已被用於勒索軟體攻擊 https://securityaffairs.com/184076/security/old-linux-kernel-flaw-cve-2024-1086-resurfaces-in-ransomware-attacks.html DNS伺服器軟體BIND存在高風險資安漏洞，迄今仍有超過6千臺系統尚未修補 https://www.ithome.com.tw/news/172021 Google旗下AI資安代理Big Sleep再度立功，於Safari找到5項資安漏洞 https://thehackernews.com/2025/11/googles-ai-big-sleep-finds-5-new.html BIND9資安漏洞仍有超過6千臺DNS伺服器尚未修補 https://www.linkedin.com/posts/the-shadowserver-foundation_cybercivildefense-cybersecurity-riskmanagement-activity-7390751005115596800-6Dm_?utm_source=share&utm_medium=member_desktop&rcm=ACoAABO49rEB_XcR5tLyq9lkQKvasoroFrBEYzI Swift釋出FreeBSD版本預覽，開發者可原生編譯與執行Swift程式 https://www.ithome.com.tw/news/172114 Rust 1.91將Windows Arm64平臺提升為第一層級支援 https://www.ithome.com.tw/news/172023 2.銀行/金融/保險/證券/金融監理新聞及資安普發現金即將上路，財政部揭露有人架設冒牌網站企圖行騙 https://www.ithome.com.tw/news/172053 普發現金代領機制設計原則數發部：強調防偽冒與身分驗證安全 https://reurl.cc/qKmQYp 壽險公會宣布「理賠服務全程無紙化」正式達成，結合FIDO驗證與電子簽章，申請保險理賠不用跑醫院 https://www.ithome.com.tw/news/171983 AI助攻資安中信銀金融防詐升級 https://www.epochtimes.com/b5/25/11/7/n14631416.htm 關於2025金融資安Anti-DDoS演練，身為資安廠商執行長的探討 https://www.ithome.com.tw/pr/171452 From Tabletop to Turnkey: Building Cyber Resilience in Financial Services https://thehackernews.com/2025/11/from-tabletop-to-turnkey-building-cyber.html 3.信用卡/電子支付/行動支付/pay/支付系統/資安全支付被盜刷，8萬元一夜蒸發！從3大保障解構支付安全網：為什麼你該用「信用卡」 https://www.bnext.com.tw/article/84985/creditcard-bank-transfer-safety-risk 全支付盜刷爭議延燒、遭質疑個資外洩官方澄清：為假冒釣魚網站所致、籲勿轉傳暗網謠言 https://news.pchome.com.tw/living/foodnext/20251107/index-76247828455688286009.html 他用全支付被盜刷20筆逾8萬，稱沒點不明連結怎發生？官方發聲！釣魚網站iPASS MONEY、Netflix也中招 https://www.businesstoday.com.tw/article/category/183030/post/202511050013/ 全支付「盜刷事件」頻傳掀恐慌　官方急發4點聲明 https://www.storm.mg/article/11079373 全支付回應個資外洩疑雲　怒批謠言不實：資安無虞 https://today.line.me/tw/v3/article/gz57yaX 行動支付疑爆「600萬用戶數據外洩」包含網紅明星個資 https://reurl.cc/oK9WmV 電子支付淪詐騙工具　一卡通全支付急聲明 https://www.cardu.com.tw/news/detail.php?59709 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 DeFi通訊協定Balancer遭駭，歹徒盜走1.2億美元 https://www.bleepingcomputer.com/news/cryptocurrency/hacker-steals-over-120-million-from-balancer-defi-crypto-protocol/ 哈薩克正建立全國加密貨幣儲備基金，預計規模5億至10億美元 https://m.cnyes.com/news/id/6226024 MEXC 風控：以反詐騙防護、凍結處理與申訴制度建立用戶安全防線 https://www.blocktempo.com/mexc-risk-control-anti-fraud/ 香港最大宗加密貨幣騙案警首引打擊洗錢及恐怖分子例控16人 https://reurl.cc/Xae72a U.S. Sanctions 10 North Korean Entities for Laundering $12.7M in Crypto and IT Fraud https://thehackernews.com/2025/11/us-sanctions-10-north-korean-entities.html European Authorities Dismantle €600 Million Crypto Fraud Network in Global Sweep https://thehackernews.com/2025/11/europol-and-eurojust-dismantle-600.html 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 惡意軟體PromptFlux濫用Gemini動態改寫程式碼，企圖強化迴避偵測的能力 https://www.ithome.com.tw/news/172111 寄生攻擊出現新型態手法，攻擊者可濫用作業系統內建的AI平臺傳送惡意程式 https://www.darkreading.com/vulnerabilities-threats/lotl-attack-malware-windows-native-ai-stack 針對GlassWorm蠕蟲攻擊行動，OpenVSX公布調查結果，開發人員不慎曝露權杖釀禍 https://www.ithome.com.tw/news/172119 國家級駭客散布惡意軟體Airstalk，疑涉供應鏈攻擊 https://thehackernews.com/2025/10/nation-state-hackers-deploy-new.html 惡意軟體SesameOp濫用OpenAI的API從事攻擊行動 https://www.ithome.com.tw/news/172025 木馬程式SleepyDuck透過VS Code延伸套件散布，鎖定AI編輯器Cursor與Windsurf用戶而來 https://www.ithome.com.tw/news/172030 後門程式Kalambur偽裝ESET防毒，透過網釣攻擊在烏克蘭散布 https://thehackernews.com/2025/11/trojanized-eset-installers-drop.html 惡意軟體Gootloader休兵半年重出江湖，透過SEO中毒散布 https://www.bleepingcomputer.com/news/security/gootloader-malware-is-back-with-new-tricks-after-7-month-break/ 國家級駭客散布惡意軟體Airstalk，鎖定業務流程外包業者從事供應鏈攻擊 https://www.ithome.com.tw/news/172026 資產管理工具Lanscope存在零時差漏洞，中國駭客用於散布後門 https://www.bleepingcomputer.com/news/security/china-linked-hackers-exploited-lanscope-flaw-as-a-zero-day-in-attacks/ 裝置管理工具Lanscope存在重大漏洞，中國駭客Bronze Butler用於散布後門 https://www.ithome.com.tw/news/172029 Nation-State Hackers Deploy New Airstalk Malware in Suspected Supply Chain Attack https://thehackernews.com/2025/10/nation-state-hackers-deploy-new.html Ransomware Defense Using the Wazuh Open Source Platform https://thehackernews.com/2025/11/ransomware-defense-using-wazuh-open.html Operation SkyCloak Deploys Tor-Enabled OpenSSH Backdoor Targeting Defense Sectors https://thehackernews.com/2025/11/operation-skycloak-deploys-tor-enabled.html U.S. Prosecutors Indict Cybersecurity Insiders Accused of BlackCat Ransomware Attacks https://thehackernews.com/2025/11/us-prosecutors-indict-cybersecurity.html Microsoft Detects "SesameOp" Backdoor Using OpenAI's API as a Stealth Command Channel https://thehackernews.com/2025/11/microsoft-detects-sesameop-backdoor.html Malicious VSX Extension "SleepyDuck" Uses Ethereum to Keep Its Command Server Alive https://thehackernews.com/2025/11/malicious-vsx-extension-sleepyduck-uses.html Researchers Uncover BankBot-YNRK and DeliveryRAT Android Trojans Stealing Financial Data https://thehackernews.com/2025/11/researchers-uncover-bankbot-ynrk-and.html New HttpTroy Backdoor Poses as VPN Invoice in Targeted Cyberattack on South Korea https://thehackernews.com/2025/11/new-httptroy-backdoor-poses-as-vpn.html ThreatsDay Bulletin: AI Tools in Malware, Botnets, GDI Flaws, Election Attacks & More https://thehackernews.com/2025/11/threatsday-bulletin-ai-tools-in-malware.html Google Uncovers PROMPTFLUX Malware That Uses Gemini AI to Rewrite Its Code Hourly https://thehackernews.com/2025/11/google-uncovers-promptflux-malware-that.html Hidden Logic Bombs in Malware-Laced NuGet Packages Set to Detonate Years After Installation https://thehackernews.com/2025/11/hidden-logic-bombs-in-malware-laced.html VS Code延伸套件市集不設防？有人竟在此發布具有勒索軟體功能的外掛 https://www.ithome.com.tw/news/172115 Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities https://thehackernews.com/2025/11/vibe-coded-malicious-vs-code-extension.html Trojanized ESET Installers Drop Kalambur Backdoor in Phishing Attacks on Ukraine https://thehackernews.com/2025/11/trojanized-eset-installers-drop.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 Securing the Open Android Ecosystem with Samsung Knox https://thehackernews.com/2025/11/securing-open-android-ecosystem-with.html X平台要求用戶在11月10日前重新註冊安全金鑰，否則帳號將鎖定 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12395 Google修補Android系統元件零點擊RCE漏洞 https://www.ithome.com.tw/news/172075 用戶注意了！LINE 官方：11/4 起舊版本全面停用，3 大族群將受影響 https://www.managertoday.com.tw/articles/view/71175 等到了！Sora App 安卓版正式上架，AI 影片創作不再是 iOS 獨享 https://www.techbang.com/posts/126362-openai-sora-android-release Star Vaults App正式登場：安全極致，體驗升級，開啟數位金融新紀元 https://news.pchome.com.tw/living/pronews/20251106/index-76243920064651353009.html iOS 26.2 允許日本使用第三方 App Store https://www.newmobilelife.com/2025/11/05/ios-26-2-japan-third-party-app-store/ 日本iPhone第三方App Store商店開放了！支援版本與如何下載 https://mrmad.com.tw/japan-iphone-third-party-app-store-conditions 統戰! "歸家App"讓台人一鍵投誠? 陸委會:若真有將下架 https://today.line.me/tw/v3/article/vX37PGo C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 AIxCC冠軍隊現身HITCON 2025，闡釋運用LLM自動發現修補漏洞的開發歷程 https://www.ithome.com.tw/news/171870 金屬包裝容器業者福貞旗下子公司遭網路攻擊 https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=190702&SPOKE_DATE=20251103&COMPANY_ID=8411 資安專家參與勒索軟體攻擊，遭美國司法部起訴 https://www.ithome.com.tw/news/172028 物流與貨運業者遭到鎖定，歹徒利用遠端管理工具入侵網路環境，竊取貨物牟取經濟利益 https://www.ithome.com.tw/news/172077 全球電信基礎設施供應商Ribbon遭國家級駭客入侵 https://www.ithome.com.tw/news/172033 ChatGPT爆七項資安弱點，零點擊與安全檢查繞過成隱憂 https://www.ithome.com.tw/news/172081 駭客組織鎖定伊朗與以色列局勢而來，鎖定學者與外交政策專家下手 https://thehackernews.com/2025/11/mysterious-smudgedserpent-hackers.html 北韓駭客Kimsuky鎖定韓國用戶而來，散布後門程式HTTPTroy https://www.darkreading.com/vulnerabilities-threats/kimsuky-httptroy-backdoor-south-korea-users 俄駭客Sandworm鎖定烏克蘭糧食機構而來，企圖透過資料破壞軟體重創該國經濟 https://www.bleepingcomputer.com/news/security/sandworm-hackers-use-data-wipers-to-disrupt-ukraines-grain-sector/ Sandworm鎖定俄羅斯軍事單位下手，透過OpenSSH後門程式與Tor網路活動 https://www.ithome.com.tw/news/172060 Windows捷徑零時差漏洞遭中國駭客UNC6384濫用，目標是歐洲多國外交官 https://www.ithome.com.tw/news/172003 南亞外交機構遭鎖定！SideWinder駭客組織採用全新ClickOnce攻擊手法 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12396 Hackers Weaponize Windows Hyper-V to Hide Linux VM and Evade EDR Detection https://thehackernews.com/2025/11/hackers-weaponize-windows-hyper-v-to.html Curly COMrades: Evasion and Persistence via Hidden Hyper-V Virtual Machines https://businessinsights.bitdefender.com/curly-comrades-evasion-persistence-hidden-hyper-v-virtual-machines A Cybercrime Merger Like No Other — Scattered Spider, LAPSUS$, and ShinyHunters Join Forces https://thehackernews.com/2025/11/a-cybercrime-merger-like-no-other.html China-Linked Hackers Exploit Windows Shortcut Flaw to Target European Diplomats https://thehackernews.com/2025/10/china-linked-hackers-exploit-windows.html Mysterious 'SmudgedSerpent' Hackers Target U.S. Policy Experts Amid Iran–Israel Tensions https://thehackernews.com/2025/11/mysterious-smudgedserpent-hackers.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 ClickFix網釣威脅加劇，攻擊者鎖定多個作業系統用戶，透過影片誘導他們上當 https://www.bleepingcomputer.com/news/security/clickfix-malware-attacks-evolve-with-multi-os-support-video-tutorials/ 瑞典隱私保護局調查Miljödata外洩勒索案，150萬筆公部門個資流入暗網 https://www.ithome.com.tw/news/172062 日經Slack平臺遭駭，1.7萬人資料外洩 https://www.ithome.com.tw/news/172045 現代汽車旗下的北美IT服務供應商資料外洩，社會安全碼與駕照曝險 https://www.bleepingcomputer.com/news/security/hyundai-autoever-america-data-breach-exposes-ssns-drivers-licenses/ Apache軟體基金會否認OpenOffice專案資料外洩 https://www.ithome.com.tw/news/172044 Apache OpenOffice員工、程式碼資料疑遭Akira勒索軟體駭客竊取 https://www.ithome.com.tw/news/172027 安永會計師事務所資料庫雲端備份不設防，4 TB資料庫及機密資訊恐曝險 https://www.ithome.com.tw/news/172012 Oracle EBS零時差漏洞攻擊出現新的受害組織，工業設備巨擘Schneider、Emerson傳資料外洩 https://www.ithome.com.tw/news/171998 美國業務外包業者Conduent遭駭竊取客戶資料，恐影響上千萬人 https://www.ithome.com.tw/news/171988 【公私聯防，打詐新四法上路後最大規模帳號停權】消滅7.3萬個可疑帳號！LINE如何從源頭斬斷詐騙鏈條 https://www.ithome.com.tw/news/172088 Eclipse Foundation Revokes Leaked Open VSX Tokens Following Wiz Discovery https://thehackernews.com/2025/10/eclipse-foundation-revokes-leaked-open.html SonicWall Confirms State-Sponsored Hackers Behind September Cloud Backup Breach https://thehackernews.com/2025/11/sonicwall-confirms-state-sponsored.html E.研究報告/工具微分段技術加速事件應變、助企業降低資安保險成本 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12394 MITRE發布第18版資安框架ATT&CK，大幅調整偵測層面，遷移至結構化及行為為中心的策略 https://medium.com/mitre-attack/attack-v18-8f82d839ee9e 俄駭客利用Windows內建Hyper-V躲避資安偵測，私建輕量Linux VM偽裝WSL混淆系統監控 https://www.ithome.com.tw/news/172049 【從AI發現漏洞到自動修補的資安革新】解析美國DARPA AIxCC競賽，高品質修補成決賽勝出重點 https://www.ithome.com.tw/news/171723 研究人員揭露濫用Anthropic Claude的API竊取資料的攻擊手法 https://www.securityweek.com/claude-ai-apis-can-be-abused-for-data-exfiltration/ Implementing AI in the SOC: Lessons Learned from Redis https://thehackernews.com/expert-insights/2025/11/implementing-ai-in-soc-lessons-learned.html The Evolution of SOC Operations: How Continuous Exposure Management Transforms Security Operations https://thehackernews.com/2025/11/the-evolution-of-soc-operations-how.html Why SOC Burnout Can Be Avoided: Practical Steps https://thehackernews.com/2025/11/why-soc-burnout-can-be-avoided.html Enterprise Credentials at Risk – Same Old, Same Old https://thehackernews.com/2025/11/enterprise-credentials-at-risk-same-old.html F.商業 GPT-5 驅動 Aardvark 資安代理問世　自動偵測修補程式碼漏洞挑戰 Google https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=12403 OpenAI Unveils Aardvark: GPT-5 Agent That Finds and Fixes Code Flaws Automatically https://thehackernews.com/2025/10/openai-unveils-aardvark-gpt-5-agent.html OpenAI與AWS簽署7年合作協議 https://www.ithome.com.tw/news/172022 微軟分別向IREN及Lambda購買AI算力 https://www.ithome.com.tw/news/172024 GitLab 18.5強化DevSecOps運作，推出AI自動規畫與資安分析功能 https://www.ithome.com.tw/news/171871 Mozilla開始要求Firefox擴充程式開發者揭露資料蒐集作法 https://www.ithome.com.tw/news/171867 明年10月Chrome將預設優先造訪HTTPS網站 https://www.ithome.com.tw/news/171975 韓國資安領導品牌AhnLab授權湛揚科技為台灣區代理商 https://www.cna.com.tw/business/chinese/416463 The MSP Cybersecurity Readiness Guide: Turning Security into Growth https://thehackernews.com/2025/10/the-msp-cybersecurity-readiness-guide.html Bitdefender Named a Representative Vendor in the 2025 Gartner® Market Guide for Managed Detection and Response https://thehackernews.com/2025/11/bitdefender-named-representative-vendor.html Google Launches New Maps Feature to Help Businesses Report Review-Based Extortion Attempts https://thehackernews.com/2025/11/google-launches-new-maps-feature-to.html G.政府資安院公布資安漏洞獵捕活動設備廠商參與情形，11家廠商報名並提供700萬元漏洞懸賞獎金 https://www.ithome.com.tw/news/172055 政府資安長共識營精進國家資安聯防機制 https://reurl.cc/dqV6Q6 數發部擬12月公布數位憑證皮夾3項PoC　建安全生態系 https://www.cna.com.tw/news/afe/202511060185.aspx CloudMile獲數發部AI認證　展現AI落地實力 https://finance.ettoday.net/news/3063287 高雄空大攜手高市府共同推動資安培訓全面提升公部門資安量能 https://www.bo6s.com.tw/news_detail.php?NewsID=104367 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安 TP-Link修補Omada閘道器4項漏洞，部分可允許執行任意指令 https://www.ithome.com.tw/news/171849 加拿大警示駭客濫用公開工控系統，多起水利與能源設施遭干擾 https://www.ithome.com.tw/news/171977 汽車業的物聯網轉型！V2V、V2I、V2X 是什麼？如何助汽車產業拿下近 4 千億美元市場 https://fc.bnext.com.tw/articles/view/4216? 內網安全新挑戰：中國品牌設備的偵測與風險評估實務 https://www.ithome.com.tw/pr/172100 IOT Data Hackathon第三屆盛勢回歸激發創新思維 https://news.pchome.com.tw/internation/xpm/20251106/index-17624169003723960011.html Cellular IoT連線持續成長　迎接物聯網生態轉型 https://www.eettaiwan.com/20251031nt21-cellular-iot-connectivity-continues-to-grow/ 9,000萬個智慧感測器放進門市！沃爾瑪、星巴克、聯合利華如何用 AI+IoT，打新零售戰爭 https://fc.bnext.com.tw/articles/view/4215 I.教育訓練資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g EC Council CASE.NET 認證準備 https://coolmandiary.blogspot.com/2025/04/ec-council-casenet.html EC Council CASE.NET(312-95)_筆記_Module1專有名詞及定義 https://coolmandiary.blogspot.com/2021/10/ec-council-casenet312-95module1.html GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會物聯網邊緣運算與資安實戰 2025/11/7 - 2025/11/8 https://www.accupass.com/event/2412260751154280345070 AI系統化應用實作班-11月台北班 2025/11/8 https://www.accupass.com/event/2510062023172119317658 領域驅動設計台灣 2025 年度成果發表會 2025/11/8 https://www.accupass.com/event/2508301008076132622520 ONLINE ⭐️ Programming for Everybody - Free 3-week course for beginners 2025/11/8 https://www.meetup.com/le-wagon-tokyo-coding-station/events/311639319/ AI Engineers Weekly Taipei 2025/11/8 https://www.meetup.com/ai-engineers-in-taiwan/events/311690390/ Coffee & Code 2025/11/8 https://www.meetup.com/innovate-taiwan/events/311619918/ MOPCON 2025 - 南台灣最大行動科技年會 2025/11/8 - 2025/11/9 https://mopcon.org/2025/ 守護者養成計畫：破解數位性別暴力與網路霸凌 2025/11/9 https://www.accupass.com/event/2510090621125574272760 Taiwan Multimedia Tech #11: Exploring FAST Streaming and Media Innovation 2025/11/10 https://www.meetup.com/taiwan-multimedia-technology/events/311661363/ ONLINE COURSE 🚀 Data Science & AI foundations for beginners 2025/11/10 https://www.meetup.com/le-wagon-tokyo-coding-station/events/311685301/ ONLINE ⭐️ Programming for Everybody - Free 3-week course for beginne rs2025/11/11 https://www.meetup.com/le-wagon-shanghai-coding-bootcamp/events/311661332/ AI智慧化流程與管理應用專業人員班 2025/11/12 https://www.accupass.com/event/2509120400472009022575 小、微型企業ISO 27001導入全攻略，有效運用預算、紮實建構資安 2025/11/13 https://www.accupass.com/event/2510281215371080054961 AI 時代下的系統分析與設計的 7 堂課（第三堂）- 現有系統維護的挑戰讓 AI 理解你的系統 2025/11/14 https://mystudyway.kktix.cc/events/analysis-for-ai-3 DQS 年度論壇：迎接全球化，AI 驅動下的供應鏈韌性 2025/11/14 https://www.accupass.com/event/2509250347388679111730 az:Repo: The Code and Cloud Agentic Workshop 2025/11/14 https://www.meetup.com/globalaiphilippines/events/311234627/ Building a Chat Agent Using Chainlit 2025/11/14 https://www.meetup.com/data-engineering-pilipinas/events/311577394/ Hack The Box Meetup: #1 2025/11/15 https://www.meetup.com/meetup-group-ksunfhaf/events/311641592/ MaiCoin 小學堂-進階版 2025/11/16 https://www.accupass.com/event/2510290804011861255824 運用「直覺聊天介面」加速知識搜尋與決策 | 雲端技術講座 2025/11/18 https://www.accupass.com/event/2510070906172879494180 MaiCoin 講堂【寫在意外之前：遺囑與繼承基本觀】 2025/11/18 https://www.accupass.com/event/2510280157542083440124 Taipei dbt Meetup #41 Databricks + dbt 2025/11/19 https://www.meetup.com/taipei-dbt-meetup/events/311670084/ 發燒互動 2025 策略增長線上發表會｜AI時代的忠誠方程式！打造遊戲化顧客互動劇本 2025/11/19 https://www.accupass.com/event/2510211224041706619042 Get Feedback for Your Startup Pitch 2025/11/20 https://www.meetup.com/mnl-projects-for-founders-developers-tech-professionals/events/311541013/ 11月讀書分享- 詩 2025/11/20 https://www.meetup.com/taipeiwomenintech/events/311215444/ [On-Line] AWS Global Community Gatherings #13 2025/11/21 https://www.meetup.com/awsglobalcommunitygatherings/events/310622555/ Tech & Tea 2025/11/22 https://www.meetup.com/innovate-taiwan/events/311710516/ Amarathon 2025 2025/11/22 https://www.meetup.com/gcr-aws-usergroup/events/311779758/ Taiwan KUG Conference 2025 2025/11/22 https://www.meetup.com/taiwan-kotlin-user-group/events/311564439/ MaiCoin 反詐騙講座 2025/11/26 https://www.accupass.com/event/2510290804091189108084 Flutter Tokyo #11 2025/11/26 https://www.meetup.com/flutter-meetup-tokyo/events/311758235/ ISC2 Taipei Chapter 2025年第二屆第二次會員大會暨「共益資安共榮台灣」資訊安全研討會 2025/11/29 https://isc2taipei.kktix.cc/events/2025agm Atelli × Meta ｜廣告新時代使用A.I Agent找到高價值客群 2025/12/3 https://www.accupass.com/event/2510150230273871962330 Threat Analyst Summit 2025 威脅分析師高峰會 2025/12/3 - 2025/12/4 https://teamt5.kktix.cc/events/tas2025 從 AI 浪潮看 2026 資安挑戰與治理策略 2025/12/5 https://www.accupass.com/event/2509190930571905392080 國立臺北商業大學資管系AI賦能論壇 2025/12/6 https://www.accupass.com/event/2510150928422567903790 2025 INSIDE Future Day｜人機共築未來新紀元：Next - Gen AI Agents 2025/12/9 https://www.accupass.com/event/2508170359001755695360 軟體開發安全意識與 .NET/Java 安全程式開發課程 2025/12/11-2025/12/12 https://www.accupass.com/event/2501021437092334513410