###### tags: `資安事件新聞週報` # 資安事件新聞週報 2025/3/24 ~ 2025/3/28 1.重大弱點漏洞/後門/Exploit/Zero Day 博通修補VMware Tools高風險身分驗證繞過漏洞 https://www.ithome.com.tw/news/168087 針對已遭利用的VMware虛擬化平臺逃逸漏洞，有資安業者指出可被用於勒索軟體攻擊 https://securityonline.info/web-shell-to-ransomware-new-vmware-attack-vector-exposed-by-sygnia/ New Security Flaws Found in VMware Tools and CrushFTP — High Risk, No Workaround https://thehackernews.com/2025/03/new-security-flaws-found-in-vmware.html CrushFTP存在身分驗證繞過漏洞，攻擊者可未經授權存取FTP伺服器 https://www.bleepingcomputer.com/news/security/crushftp-warns-users-to-patch-unauthenticated-access-flaw-immediately/ Splunk修補Splunk Enterprise、Secure Gateway高風險漏洞 https://www.securityweek.com/splunk-patches-dozens-of-vulnerabilities/ 思科軟體授權管理工具存在重大漏洞，已有駭客試圖進行利用 https://www.ithome.com.tw/news/168048 Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility https://thehackernews.com/2025/03/ongoing-cyber-attacks-exploit-critical.html Windows存在NTLM雜湊洩露零時差漏洞，攻擊者可引誘使用者開啟檔案觸發 https://www.ithome.com.tw/news/168084 Check Point旗下防毒產品ZoneAlarm元件傳出可被用於BYOVD攻擊，用戶應儘速套用更新 https://hackread.com/checkpoint-zonealarm-driver-flaw-user-credential-theft/ Java應用程式框架Spring存在高風險漏洞，可被用於繞過身分驗證流程 https://securityonline.info/spring-security-updates-address-authorization-bypass-and-password-length-vulnerabilities/ NetApp SnapCenter Flaw Could Let Users Gain Remote Admin Access on Plug-In Systems https://thehackernews.com/2025/03/netapp-snapcenter-flaw-could-let-users.html 開源應用程式框架Next.js存在漏洞，攻擊者恐透過中繼軟體繞過授權 https://zhero-web-sec.github.io/research-and-things/nextjs-and-the-corrupt-middleware CISA Warns of Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices https://thehackernews.com/2025/03/cisa-flags-two-six-year-old-sitecore.html Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks https://thehackernews.com/2025/03/critical-nextjs-vulnerability-allows.html NetApp SnapCenter存在重大層級權限提升漏洞 https://securityonline.info/netapp-snapcenter-users-at-risk-cvss-9-9-privilege-escalation-alert/ 用於K8s的Ingress Nginx Controller存在重大漏洞，6,500個叢集恐曝險 https://www.ithome.com.tw/news/168061 Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication https://thehackernews.com/2025/03/critical-ingress-nginx-controller.html Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks https://thehackernews.com/2025/03/zero-day-alert-google-releases-chrome.html Top 3 MS Office Exploits Hackers Use in 2025 – Stay Alert https://thehackernews.com/2025/03/top-3-ms-office-exploits-hackers-use-in.html 提供會員系統的WordPress外掛存在重大漏洞，6萬網站受到波及 https://www.ithome.com.tw/news/168100 WordPress外掛WP Ghost有重大漏洞，高達20萬個網站暴露在這個風險之下 https://www.ithome.com.tw/news/168047 開發工具Appsmith存在漏洞，攻擊者恐利用配置錯誤的PostgreSQL執行任意程式碼 https://securityonline.info/cve-2024-55963-appsmiths-default-postgresql-misconfiguration-leads-to-rce-poc-releases/ GitLab修補高風險XSS漏洞 https://securityonline.info/gitlab-alert-patch-now-xss-privilege-escalation-risks/ Google發布Chrome 134更新，修補可被用於沙箱逃逸的零時差漏洞 https://www.ithome.com.tw/news/168082 ServiceNow已知漏洞遭到鎖定，駭客試圖存取受害組織的資料庫 https://hackread.com/attacks-exploit-servicenow-flaws-israel-hit-hardest/ 研究人員揭露Nakivo備份軟體任意讀取檔案漏洞 https://www.ithome.com.tw/news/167782 Mozilla發布Windows版Firefox更新，修補沙箱逃逸漏洞 https://www.ithome.com.tw/news/168126 IBM AIX 7.2 和 7.3 https://www.ithome.com.tw/news/167963 2.銀行/金融/保險/證券/金融監理 新聞及資安 元富證券榮獲F-ISAC特優殊榮 展現資安治理實力 https://udn.com/news/story/7251/8638887 Hackers Use .NET MAUI to Target Indian and Chinese Users with Fake Banking, Social Apps https://thehackernews.com/2025/03/hackers-use-net-maui-to-target-indian.html Skype退役！金融機構都找「他」當通訊平台 超狂功能出爐 https://reurl.cc/9DOXXd 認和科技陸資爭議 金管會要求銀行公會檢視資安規範 https://money.udn.com/money/story/5613/8616265?from=edn_next_story ATM存錢「螢幕金額多400元」 內行曝銀行處理方式：別太高興 https://udn.com/news/story/120912/8638350?from=udn-ch1_breaknews-1-0-news 3.信用卡/電子支付/行動支付/pay/支付系統/資安 行動支付大升級更便捷！合作金庫銀行正式支援Apple Pay https://money.udn.com/money/story/11799/8625835 TWQR乘車碼正式上線 全台行動支付再升級 https://reurl.cc/QYjdyp TWQR是什麼？支援哪些電子支付？LINE Pay可以用嗎？TWQR懶人包來了 https://www.bnext.com.tw/article/82727/what-is-twqr-2025? 5大港人常用內地電子支付大比併 https://reurl.cc/paWdQb 「全支付」拿下日本再攻韓國！190萬據點都能刷 背後盤算曝光 https://www.chinatimes.com/realtimenews/20250324000002-260410?chdtv 一卡通與財金公司攜手 手機就是車票 一碼通行時代來臨 https://focusnews.com.tw/2025/03/635936/#google_vignette 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 川普持「加密幣立法」大旗開路！World Liberty Financial 趁勢推穩定幣 USD1 https://blockcast.it/2025/03/26/world-liberty-financial-plans-to-launch-usd1-stablecoin-as-donald-trump-continues-push-for-crypto-legislation/ 股票及加密貨幣交易所eToro申請IPO https://ithome.com.tw/news/168060 封鎖交易所約定轉帳！中華郵政終止虛擬通貨平台入金帳號服務：5 月 28 日生效 https://abmedia.io/taiwan-post-to-prohibit-large-deposit-to-vasp 跨境電商發展大躍進 DealShaker跨境電商平台首創加密貨幣支付 https://www.ctee.com.tw/news/20250325702020-431207 U.S. Treasury Lifts Tornado Cash Sanctions Amid North Korea Money Laundering Probe https://thehackernews.com/2025/03/us-treasury-lifts-tornado-cash.html Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories' CI/CD Secrets Exposed https://thehackernews.com/2025/03/github-supply-chain-breach-coinbase.html 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 供應鏈攻擊出現新手法Rules File Backdoor，恐波及GitHub Copilot用戶 https://www.ithome.com.tw/news/168098 俄羅斯駭客RedCurl盯上Hyper-V虛擬化平臺，打造能加密此類VM的勒索軟體 https://www.ithome.com.tw/news/168104 勒索軟體LockBit 4.0傳出東山再起，強化迴避偵測的手段 https://securityonline.info/lockbit-4-0-a-deep-dive-into-the-evolving-ransomware/ 國揚建設遭遇勒索軟體攻擊 https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=174955&SPOKE_DATE=20250325&COMPANY_ID=2505 駭客在Steam上架假的遊戲試玩版，意圖藉此散布竊資軟體 https://www.bleepingcomputer.com/news/security/steam-pulls-game-demo-infecting-windows-with-info-stealing-malware/ 微軟信賴簽發服務遭濫用，駭客用於簽署惡意軟體 https://www.ithome.com.tw/news/168059 勒索軟體Albabat將攻擊範圍延伸到Linux、macOS裝置 https://www.infosecurity-magazine.com/news/albabat-ransomware-linux-macos/ 惡意軟體VenomRAT鎖定資安研究員而來，透過虛擬磁碟散布 https://hackread.com/hackers-hide-venomrat-malware-virtual-hard-disk-files/ NPM惡意套件攻擊出現新手法，駭客鎖定其他合法套件植入後門 https://www.ithome.com.tw/news/168131 勒索軟體BlackLock針對資安業者而來 https://securityaffairs.com/175877/cyber-crime/blacklock-ransomware-targeted-by-cybersecurity-firm.html 惡意軟體ReaderUpdate鎖定macOS用戶而來 https://www.securityweek.com/macos-users-warned-of-new-versions-of-readerupdate-malware/ 勒索軟體VanHelsing針對Arm設備及VMware虛擬化平臺而來 https://www.bleepingcomputer.com/news/security/new-vanhelsing-ransomware-targets-windows-arm-esxi-systems/ New SparrowDoor Backdoor Variants Found in Attacks on U.S. and Mexican Organizations https://thehackernews.com/2025/03/new-sparrowdoor-backdoor-variants-found.html EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware https://thehackernews.com/2025/03/encrypthub-exploits-windows-zero-day-to.html 勒索軟體Medusa發動自帶驅動程式攻擊，利用惡意程式AbyssWorker迴避偵測 https://thehackernews.com/2025/03/medusa-ransomware-uses-malicious-driver.html Medusa Ransomware Uses Malicious Driver to Disable Anti-Malware with Stolen Certificates https://thehackernews.com/2025/03/medusa-ransomware-uses-malicious-driver.html Kaspersky Links Head Mare to Twelve, Targeting Russian Entities via Shared C2 Servers https://thehackernews.com/2025/03/kaspersky-links-head-mare-to-twelve.html FHS - Medusa Ransomware IOCs https://otx.alienvault.com/pulse/67dad3e7d0d8b8cf0d72859c VSCode Marketplace Removes Two Extensions Deploying Early-Stage Ransomware https://thehackernews.com/2025/03/vscode-marketplace-removes-two.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 微軟跨平臺應用程式框架遭到濫用，安卓惡意程式用來迴避偵測 https://www.bleepingcomputer.com/news/security/new-android-malware-uses-microsofts-net-maui-to-evade-detection/ New Android Malware Campaigns Evading Detection Using Cross-Platform Framework .NET MAUI https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-android-malware-campaigns-evading-detection-using-cross-platform-framework-net-maui/ S-1 Android版本的趨勢科技行動安全防護與防毒 https://www.mobile01.com/topicdetail.php?f=508&t=7055946 iPhone網路流量APP監控小工具終身限免，即時監控行動網路和WiFi用量 https://mrmad.com.tw/network-usage-monitor-app-lifetime#google_vignette C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 喬山健康科技遭遇網路資安事件，疑又是CrazyHunter所為 https://www.ithome.com.tw/news/168075 駭客組織Earth Lusca聽令中國資安業者安洵，從事網路間諜活動 https://www.ithome.com.tw/news/168088 駭客組織EncryptHub利用微軟管理主控臺零時差漏洞犯案 https://www.ithome.com.tw/news/168113 駭客組織Raspberry Robin轉換跑道，兜售初始入侵管道 https://thehackernews.com/2025/03/researchers-uncover-200-unique-c2.html 駭客組織EncryptHub利用微軟管理主控臺零時差漏洞犯案 https://www.bleepingcomputer.com/news/security/encrypthub-linked-to-zero-day-attacks-targeting-windows-systems/ 醫療產業頻繁支付贖金的做法助長駭客持續發動攻擊 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11759 瑞士電信業者遭鎖定，駭客組織Hellcat對全球Jira伺服器下手 https://www.bleepingcomputer.com/news/security/hellcat-hackers-go-on-a-worldwide-jira-hacking-spree/ 中國駭客FamousSparrow攻擊升溫！資安業者ESET指出這批人馬疑為攻擊美國電信業的Salt Typhoon https://www.bleepingcomputer.com/news/security/chinese-famoussparrow-hackers-deploy-upgraded-malware-in-attacks/ 中國菜刀再度出手！駭客組織Weaver Ant埋伏東南亞某電信業者環境4年 https://www.ithome.com.tw/news/168067 150,000 Sites Compromised by JavaScript Injection Promoting Chinese Gambling Platforms https://thehackernews.com/2025/03/150000-sites-compromised-by-javascript.html Hackers Using E-Crime Tool Atlantis AIO for Credential Stuffing on 140+ Platforms https://thehackernews.com/2025/03/hackers-using-e-crime-tool-atlantis-aio.html VanHelsing RaaS Launch: 3 Victims, $5K Entry Fee, Multi-OS, and Double Extortion Tactics https://thehackernews.com/2025/03/vanhelsing-raas-launch-3-victims-5k.html INTERPOL Arrests 306 Suspects, Seizes 1,842 Devices in Cross-Border Cybercrime Bust https://thehackernews.com/2025/03/interpol-arrests-306-suspects-seizes.html 駭客組織UAT-5918鎖定臺灣CI，電信、醫療保健、資訊科技等產業均為目標 https://www.ithome.com.tw/news/168051 UAT-5918 Targets Taiwan's Critical Infrastructure Using Web Shells and Open-Source Tools https://thehackernews.com/2025/03/uat-5918-targets-taiwans-critical.html China-Linked APT Aquatic Panda: 10-Month Campaign, 7 Global Targets, 5 Malware Families https://thehackernews.com/2025/03/china-linked-apt-aquatic-panda-10-month.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 美國NIST發布差分隱私規範，提升資料防護 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11748 絕對武力2遊戲玩家小心網釣！攻擊者想透過瀏覽器內的假視窗竊取Steam帳號 https://www.ithome.com.tw/news/168128 去年有近8成的網路入侵行動不再仰賴惡意程式，語音網路釣魚成為主力 https://www.ithome.com.tw/news/167620 微軟企業影音串流服務舊網域遭到挾持，被用於散布垃圾郵件 https://www.bleepingcomputer.com/news/microsoft/hijacked-microsoft-stream-classic-domain-spams-sharepoint-sites/ Microsoft Adds Inline Data Protection to Edge for Business to Block GenAI Data Leaks https://thehackernews.com/2025/03/microsoft-adds-inline-data-protection.html OpenAI Operator Agent 在概念驗證中成功執行釣魚攻擊 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11758 瀏覽器內的假視窗攻擊鎖定絕對武力2玩家而來，企圖竊取Steam帳號 https://www.bleepingcomputer.com/news/security/browser-in-the-browser-attacks-target-cs2-players-steam-accounts/ 駭客聲稱握有600萬筆Oracle雲端服務資料，該公司表示客戶資料並未外流 https://www.ithome.com.tw/news/168074 基因技術業者23andMe聲請破產保護，用戶DNA等敏感個資恐遭轉售 https://www.ithome.com.tw/news/168056 E.研究報告/工具 10 Critical Network Pentest Findings IT Teams Overlook https://thehackernews.com/2025/03/10-critical-network-pentest-findings-it.html How to Balance Password Security Against User Experience https://thehackernews.com/2025/03/how-to-balance-password-security.html The Surprising Gap in DDoS Protections: How Attackers Continue to Exploit DDoS Vulnerabilities https://thehackernews.com/expert-insights/2025/03/the-surprising-gap-in-ddos-protections.html AI-Powered SaaS Security: Keeping Pace with an Expanding Attack Surface https://thehackernews.com/2025/03/ai-powered-saas-security-keeping-pace.html Sparring in the Cyber Ring: Using Automated Pentesting to Build Resilience https://thehackernews.com/2025/03/sparring-in-cyber-ring-using-automated.html Researchers Uncover ~200 Unique C2 Domains Linked to Raspberry Robin Access Broker https://thehackernews.com/2025/03/researchers-uncover-200-unique-c2.html New Report Explains Why CASB Solutions Fail to Address Shadow SaaS and How to Fix It https://thehackernews.com/2025/03/new-report-explains-why-casb-solutions.html F.商業 AI 與半導體資安將有新突破！ 資策會與DEKRA德凱簽署戰略合作 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11753 Palo Alto Networks 推出 AI 存取安全 (AI Access Security) 方案 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11761 Google發表新版OSV弱點掃描工具，可以分層掃描容器映像檔漏洞 https://www.ithome.com.tw/news/168120 Keypasco獨家專利雙通道結構強化企業資安防護 來毅數位 MFA 為企業築起層層資安把關門 https://www.netadmin.com.tw/netadmin/zh-tw/snapshot/5591A3DCE88B42DF9AFA883A8D89FC28 誰說EASM個個要價不菲、難以入手？ 中華資安推出高性價比「資安眼」服務，讓企業輕易做好外部曝險管理 https://www.ithome.com.tw/pr/167622 G.政府 虛擬資產專法力拚上線　業者敲碗金管會當定海神針 https://finance.ettoday.net/news/2932416 台數發部測定DeepSeek有極高資安風險 陸委會籲台灣民眾審慎評估 https://www.epochtimes.com/b5/25/3/26/n14467481.htm 違規裝Zoom、小米軟體 北市府公務電腦恐成資安漏洞 https://www.chinatimes.com/realtimenews/20250328002588-260405?chdtv 北市府「紅電腦」！被爆裝華為、小米　議員轟資安大漏洞 https://tw.nextapple.com/life/20250328/8C87BE8B49FADBE548183FE8C9BD56E8 數位發展部導入生成式AI　未來「我的E政府」服務大升級 https://pinview.com.tw/News/41570.html 帶您看數位政府服務：MyData、行動自然人憑證及政府App https://www.gov.tw/News_Content_37_598409 數發部推數位皮夾實驗 記者會有點落漆！健保署：我們沒有要開放領藥 https://reurl.cc/9DOX6j 校園識詐巡迴宣導啟動 數發部攜手Google、 LINE、Meta 攜手防詐 https://www.tca.org.tw/tca_news1.php?n=2294 詐騙手法快速更新 侯友宜喊話數位發展部要加把勁 https://www.chinatimes.com/realtimenews/20250326002782-260402?chdtv H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 超過九成的Wi-Fi網路缺乏去認證攻擊防護機制 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11762 Fortinet OT安全營運平台再升級，強化關鍵基礎設施防護 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11756 群暉網路攝影機去年找到9.8分重大漏洞，這個月更新公告並揭露細節 https://www.ithome.com.tw/news/168046 I.教育訓練 資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 Chinese Linguistics, History, and Etymology 2025/4/1 https://www.meetup.com/formosa-technology-and-philosophy-symposium/events/305061650/ Startup Funding in Korea: How to Raise Money with VCs 2025/4/1 https://www.meetup.com/seoul-startup-founders-101/events/306893209/ 物聯網資訊安全實務 2025/4/2 https://www.accupass.com/event/2412260750552102835426 WordPress 彩虹小聚 ：色彩魔法｜提升網站吸引力的秘訣 2025/4/7 https://www.meetup.com/taipei-wordpress/events/306914356/ Chinese Linguistics, History, and Etymology 2025/4/8 https://www.meetup.com/formosa-technology-and-philosophy-symposium/events/xtjqqtyhcgblb/ 企業 IT 必修課：虛擬化備援 + 弱點掃描，打造無縫資安防護 2025/4/11 https://mstech.kktix.cc/events/d41efa20 CYBERSEC 2025 臺灣資安大會 2025/4/15 - 2025/4/17 https://cybersec.ithome.com.tw/2025/ Jamf 資安體驗館 - 2025 CYBERSEC 資安大會 2025/4/15 https://jamf.kktix.cc/events/cybersec2025-jamf Taipei dbt Meetup #35 for all folks working with data! (Hybrid 👫 + 🧑‍💻) 2025/4/16 https://www.meetup.com/taipei-dbt-meetup/events/306748734/ How to build a team to run your SOC and SIEM 2025/4/16 https://www.meetup.com/manageengine-philippines-events/events/306912388/ Hack The Box Meetup: #1 2025/4/21 https://www.meetup.com/hack-the-box-meetup-ph/events/306862104/ [Online] Living off of Bitcoin 2025/4/24 https://www.meetup.com/philippine-bitcoiners/events/306825206/ [On-Line] AWS Global Community Gatherings #6 2025/4/25 https://www.meetup.com/awsglobalcommunitygatherings/events/306112237/ Agile Hsinchu 2025年3月份實體分享 2025/4/27 https://agilecommhc.kktix.cc/events/agilehsinchu20250427 AI 時代的資安新挑戰：如何讓開發更快速、更安全 2025/5/15 https://www.accupass.com/event/2503170831057559152230 Google Cloud Summit Taipei 2025/6/12 https://cloudonair.withgoogle.com/events/summit-taipei-2025 API 安全開發指南：漏洞修復與授權管理實務 2025/9/11-2025/9/12 https://www.accupass.com/event/2501021422337978365160