資安事件新聞週報 2024/11/18 ~ 2024/11/22

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2024/11/18 ~ 2024/11/22 1.重大弱點漏洞/後門/Exploit/Zero Day 9月揭露的VMware vCenter重大漏洞快修補！已出現被用於攻擊的情形 https://www.ithome.com.tw/news/166098 Warning: VMware vCenter and Kemp LoadMaster Flaws Under Active Exploitation https://thehackernews.com/2024/11/cisa-alert-active-exploitation-of.html 微軟 11 月更新修補 89 個漏洞兩個零時差漏洞遭積極利用中 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11375 中國駭客BrazenBamboo利用FortiClient零時差漏洞，開發能擷取VPN帳密的惡意程式 https://www.ithome.com.tw/news/166066 快修補！2千臺Palo Alto Networks防火牆疑似已遭漏洞攻擊 https://www.ithome.com.tw/news/166149 Palo Alto 產品 PAN-OS 存在多個安全性弱點 https://security.paloaltonetworks.com/CVE-2024-0012 https://security.paloaltonetworks.com/CVE-2024-9474 Palo Alto Networks修補已出現攻擊行動的防火牆零時差漏洞 https://www.ithome.com.tw/news/166075 CISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Attack Confirmed https://thehackernews.com/2024/11/cisa-flags-critical-palo-alto-network.html PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs and Patch Released https://thehackernews.com/2024/11/pan-os-firewall-vulnerability-under.html Kubernetes存在高風險漏洞，恐被用於執行任意命令 https://securityonline.info/cve-2024-10220-kubernetes-vulnerability-allows-arbitrary-command-execution/ PostgreSQL發布安全性更新，修補高風險任意程式碼執行漏洞 https://www.ithome.com.tw/news/166062 High-Severity Flaw in PostgreSQL Allows Hackers to Exploit Environment Variables https://thehackernews.com/2024/11/high-severity-flaw-in-postgresql-allows.html 網路流量監控系統LibreNMS存在重大漏洞，攻擊者有機會執行作業系統層級命令 https://securityonline.info/librenms-vulnerability-cve-2024-51092-mitigating-the-risk-of-server-compromise/ Ubuntu元件Needrestart存在漏洞，攻擊者有機會藉此得到root權限 https://www.ithome.com.tw/news/166136 Oracle針對產品生命週期管理系統Agile用戶提出警告，其零時差漏洞已傳出被用於攻擊 https://www.ithome.com.tw/news/166160 Oracle Security Alert Advisory - CVE-2024-21287 https://reurl.cc/EgzDDk Critical Patch Updates, Security Alerts and Bulletins https://reurl.cc/KdjDDn Oracle Warns of Agile PLM Vulnerability Currently Under Active Exploitation https://thehackernews.com/2024/11/oracle-warns-of-agile-plm-vulnerability.html QRadar Pulse application add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities https://www.ibm.com/support/pages/node/7176660 IBM QRadar Pre-Validation App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities https://www.ibm.com/support/pages/node/7176657 User Behavior Analytics application add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities https://www.ibm.com/support/pages/node/7176642 WordPress 熱門外掛爆重大漏洞全球400萬網站恐淪陷 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11388 WordPress安全外掛Really Simple Security存在重大漏洞，4百萬網站曝險 https://securityonline.info/cve-2024-10924-cvss-9-8-authentication-bypass-in-really-simple-security-plugin-affects-4-million-sites/ Urgent: Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites https://thehackernews.com/2024/11/urgent-critical-wordpress-plugin.html Decades-Old Security Vulnerabilities Found in Ubuntu's Needrestart Package https://thehackernews.com/2024/11/decades-old-security-vulnerabilities.html Google Vertex AI 驚現 ModeLeak 漏洞可提權竊取模型資料 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11383 Google's AI-Powered OSS-Fuzz Tool Finds 26 Vulnerabilities in Open-Source Projects https://thehackernews.com/2024/11/googles-ai-powered-oss-fuzz-tool-finds.html Intel處理器的Mac電腦遭到鎖定，駭客利用零時差漏洞從事攻擊行動 https://www.ithome.com.tw/news/166107 GitHub命令列存在高風險漏洞，攻擊者有機會遠端執行任意程式碼 https://www.ithome.com.tw/news/166109 2.銀行/金融/保險/證券/金融監理新聞及資安金融軟體業者Finastra證實檔案傳輸平臺遭駭，傳出有人兜售竊得的內部資料 https://www.bleepingcomputer.com/news/security/fintech-giant-finastra-investigates-data-breach-after-sftp-hack/ 數位金融科技領先中信金控十度獲IDC肯定 https://market.ltn.com.tw/article/16819 國泰證與國泰期獲 BSI 數位信任獎高度重視資安防護 https://udn.com/news/story/7239/8377021 新光銀行落實資安個資保護　獲BSI「數位信任-精銳獎」肯定 https://www.nownews.com/news/6589472 資安專家警告「中國木馬竄全球」偽裝成常用APP竊取銀行帳密、存款 https://reurl.cc/74oWyy 3.信用卡/電子支付/行動支付/pay/支付系統/資安研究人員揭露Ghost Tap攻擊手法，濫用NFC及行動支付偷錢 https://www.threatfabric.com/blogs/ghost-tap-new-cash-out-tactic-with-nfc-relay 串連電支機構　華南銀致力打造支付生態圈 https://finance.ettoday.net/news/2859960 告別冗長流程！北市集中支付系統升級省時又便捷 https://www.storm.mg/localarticle/5278984 遊日本用PayPay付錢免手續費！台灣人如何用？哪些電子支付有支援一次看懂 https://www.sogi.com.tw/articles/how_to/6263370 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 Bitfinex Hacker Sentenced to 5 Years, Guilty of Laundering $10.5 Billion in Bitcoin https://thehackernews.com/2024/11/bitfinex-hacker-sentenced-to-5-years.html 5年前南韓13億以太幣被盜北韓駭的！僅追回1400萬 https://reurl.cc/5DqEk7 川普擬新設專責加密幣職位比特幣飆高挺進10萬美元 https://money.udn.com/money/story/5599/8376611 CoinMarketCap 是什麼？五大新手必會功能，輕鬆追蹤加密貨幣 https://m.cnyes.com/news/id/5787840 賺飽比特幣財政部要扣稅了交易所提醒1事 https://www.ctee.com.tw/news/20241122701158-430503 又一金融巨頭入局！嘉信理財要提供「加密貨幣現貨交易服務」 https://blockcast.it/2024/11/22/schwab-to-enter-spot-crypto-market-following-new-legislation/ 川普媒體進軍加密貨幣市場，註冊商標「TruthFi」包含數位錢包與加密支付服務 https://abmedia.io/trump-tmtg-truthfi 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC TrojanSpy.Win64.BASTRECON.A 木馬病毒 https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/trojanspy.win64.bastrecon.a 中國駭客Gelsemium改寫Windows版本的後門程式，對Linux主機發動攻擊 https://www.ithome.com.tw/news/166159 勒索軟體SafePay利用寄生攻擊停用內建防毒，繞過UAC提升權限 https://www.huntress.com/blog/its-not-safe-to-pay-safepay 勒索軟體Helldown藉由兆勤防火牆弱點入侵受害組織，攻擊Windows電腦及VMware虛擬化平臺 https://www.ithome.com.tw/news/166117 為增加攻擊成功的機會，多個勒索軟體組織向滲透測試人員招手 https://www.prnewswire.com/il/news-releases/new-threat-report-from-cato-networks-reveals-ransomware-gangs-recruiting-penetration-testers-to-improve-effectiveness-of-attacks-302309226.html 勒索軟體Akira威脅加劇，一天裡列出超過30個受害組織 https://cyberint.com/blog/research/akira-ransomware-what-soc-teams-need-to-know/ 美國奧克拉荷馬州醫療中心遭遇勒索軟體攻擊，影響13.3萬人 https://www.securityweek.com/ransomware-attack-on-oklahoma-medical-center-impacts-133000/ 多語言惡意程式BabbleLoader採用複雜回避偵測手法，有機會躲過AI打造的資安防護系統 https://securityonline.info/babbleloader-the-polyglot-malware-evading-both-traditional-and-ai-defenses/ 北韓駭客針對求職者下手，利用挾帶惡意程式的視訊會議軟體感染受害電腦 https://securityonline.info/north-korean-hackers-target-job-seekers-with-malware-laced-video-apps/ 駭客透過臉書推送冒牌Bitwarden密碼管理工具的廣告，意圖散布惡意Chrome外掛 https://www.bleepingcomputer.com/news/security/fake-bitwarden-ads-on-facebook-push-info-stealing-chrome-extension/ 竊資軟體透過假AI影片產生工具散布，鎖定Windows與macOS用戶而來 https://www.bleepingcomputer.com/news/security/fake-ai-video-generators-infect-windows-macos-with- 惡意程式Melofee鎖定RHEL作業系統而來 https://securityonline.info/new-melofee-backdoor-variant-targets-linux-systems-with-advanced-stealth-tactics/ 越南駭客鎖定歐洲、亞洲，企圖部署竊資軟體PXA https://thehackernews.com/2024/11/vietnamese-hacker-group-deploys-new-pxa.html Warning: DEEPDATA Malware Exploiting Unpatched Fortinet Flaw to Steal VPN Credentials https://thehackernews.com/2024/11/warning-deepdata-malware-exploiting.html Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations https://thehackernews.com/2024/11/iranian-hackers-deploy-wezrat-malware.html New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems https://thehackernews.com/2024/11/new-helldown-ransomware-expands-attacks.html New Stealthy BabbleLoader Malware Spotted Delivering WhiteSnake and Meduza Stealers https://thehackernews.com/2024/11/new-stealthy-babbleloader-malware.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 NSO Group Exploited WhatsApp to Install Pegasus Spyware Even After Meta's Lawsuit https://thehackernews.com/2024/11/nso-group-exploited-whatsapp-to-install.html China-Backed Hackers Leverage SIGTRAN, GSM Protocols to Infiltrate Telecom Networks https://thehackernews.com/2024/11/china-backed-hackers-leverage-sigtran.html Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities https://thehackernews.com/2024/11/apple-releases-urgent-updates-to-patch.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力印表機製造商誠研傳出部分資訊系統遭受網路攻擊 https://mops.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=183621&SPOKE_DATE=20241119&COMPANY_ID=3494 網通業者中磊電子傳出菲律賓子公司遭受駭客攻擊 https://mops.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=193757&SPOKE_DATE=20241120&COMPANY_ID=5388 焊鍚業者晟楠科技外部伺服器遭遇網路攻擊 https://mops.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=2&SPOKE_TIME=170006&SPOKE_DATE=20241120&COMPANY_ID=3631 中國駭客Liminal Panda入侵南亞、非洲電信業者 https://www.ithome.com.tw/news/166128 中國駭客入侵美國多家電信業者，T-Mobile傳出也受害 https://www.ithome.com.tw/news/166096 體育節目遭到鎖定，攻擊者鎖定錯誤配置的Jupyter Notebook下手 https://www.securityweek.com/vulnerable-jupyter-servers-targeted-for-sports-piracy/ Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign https://thehackernews.com/2024/11/chinese-hackers-exploit-t-mobile-and.html Vietnamese Hacker Group Deploys New PXA Stealer Targeting Europe and Asia https://thehackernews.com/2024/11/vietnamese-hacker-group-deploys-new-pxa.html North Korean Front Companies Impersonate U.S. IT Firms to Fund Missile Programs https://thehackernews.com/2024/11/north-korean-front-companies.html 5 Scattered Spider Gang Members Indicted in Multi-Million Dollar Cybercrime Scheme https://thehackernews.com/2024/11/5-scattered-spider-gang-members.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全零售業個資維護新規範出爐 6800家業者半年內需完成資安計畫 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11379 針對零售業個資保護範圍擴大，經濟部納管6800家業者 https://www.cna.com.tw/news/afe/202411130389.aspx 美國太空科技業者Maxar傳出員工資料外洩 https://www.bleepingcomputer.com/news/security/us-space-tech-giant-maxar-discloses-employee-data-breach/ 駭客兜售福特逾4萬名顧客資料，該公司表示起因是第三方業者遭駭 https://www.ithome.com.tw/news/166108 中國駭客SilkSpecter以黑色星期五為誘餌，發動網釣攻擊，騙取信用卡與個資 https://www.ithome.com.tw/news/166095 釣魚郵件利用SVG圖檔迴避偵測的情況日趨頻繁 https://www.bleepingcomputer.com/news/security/phishing-emails-increasingly-use-svg-attachments-to-evade-detection/ 臺灣遊戲業者智冠導入FIDO身分驗證機制，上線3個月使用量突破百萬人次 https://www.soft-world.com/News/NewsDetail?Sn=20356 Researchers Warn of Privilege Escalation Risks in Google's Vertex AI ML Platform https://thehackernews.com/2024/11/researchers-warn-of-privilege.html Gmail's New Shielded Email Feature Lets Users Create Aliases for Email Privacy https://thehackernews.com/2024/11/shielded-email-googles-latest-tool-for.html Fake Discount Sites Exploit Black Friday to Hijack Shopper Information https://thehackernews.com/2024/11/fake-discount-sites-exploit-black.html Privileged Accounts, Hidden Threats: Why Privileged Access Security Must Be a Top Priority https://thehackernews.com/2024/11/privileged-accounts-hidden-threats-why.html E.研究報告/工具【研討會影片】帳密悄悄洩，杜浦解危新戰略 https://teamt5.org/tw/posts/webinar-deep-dark-web/ How AI Is Transforming IAM and Identity Security https://thehackernews.com/2024/11/how-ai-is-transforming-iam-and-identity.html Beyond Compliance: The Advantage of Year-Round Network Pen Testing https://thehackernews.com/2024/11/beyond-compliance-advantage-of-year.html F.商業漏洞修補絕招：以 TeamT5 解決方案為例 https://teamt5.org/tw/posts/vulnerability-patch-by-using-teamt5-solution/ 思科擴大雲端保護方案布局，揭露Hypershield與eBPF將是未來發展重點 https://www.ithome.com.tw/news/166037 Check Point 發佈 2024 年下半年資安數據統計 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11374 IBM推出Guardium資料安全中心協助企業妥善應對AI與量子安全 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11385 思科推出智慧且安全可靠的 Wi-Fi 7 專為韌性與安全連線所設計 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11377 BSI呼籲重視AI科技風險，強調臺灣企業要提升AI治理力 https://www.ithome.com.tw/news/166130 Thin Client搭上雲端運算特快車，微軟公布混合式雲端PC裝置Windows 365 Link https://www.ithome.com.tw/news/166104 微軟舉行獎金提高50至100%的資安漏洞攻防賽Zero Day Quest https://www.ithome.com.tw/news/166111 Python供應鏈信任措施升級，PyPI導入數位見證機制 https://www.ithome.com.tw/news/166054 The Problem of Permissions and Non-Human Identities - Why Remediating Credentials Takes Longer Than You Think https://thehackernews.com/2024/11/the-problem-of-permissions-and-non-human-identities.html NHIs Are the Future of Cybersecurity: Meet NHIDR https://thehackernews.com/2024/11/nhis-are-future-of-cybersecurity-meet.html Microsoft Launches Windows Resiliency Initiative to Boost Security and System Integrity https://thehackernews.com/2024/11/microsoft-launches-windows-resiliency.html 10 Most Impactful PAM Use Cases for Enhancing Organizational Security https://thehackernews.com/2024/11/10-most-impactful-pam-use-cases-for.html G.政府強化台灣數位韌性數發部：國安會正推動成立國家級資安應變中心 https://www.rti.org.tw/news/view/id/2228786 抗詐行動再一波！LINE 聯手數位發展部推「防詐動態警報」 https://linecorp.com/tw/pr/news/2024/1114/ 南投逾7成鄉鎮數位發展落後　游顥要求數發部專項補助減少落差 https://www.ettoday.net/news/20241121/2859384.htm 數位發展部2年撒238億連堵詐也做不了在野立委質疑存在價值 https://reurl.cc/1X4zn9 數發部砸3億「網站點擊最高僅2位數」黃國昌揭近7千萬人事費：在養人嗎 https://reurl.cc/b3Ry46 數發部100億資金助攻！AI、電商、遊戲新創都能申請 https://meet.bnext.com.tw/articles/view/51831? H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安 Over 145,000 Industrial Control Systems Across 175 Countries Found Exposed Online https://thehackernews.com/2024/11/over-145000-industrial-control-systems.html 老舊產品的資安漏洞問題陰魂不散！D-Link揭露已終止支援的VPN路由器存在RCE漏洞 https://www.ithome.com.tw/news/166141 殭屍網路Water Barghest綁架逾2萬臺物聯網裝置 https://securityonline.info/water-barghest-botnet-hijacks-20000-iot-devices-for-profit/ 針對工控惡意軟體FrostyGoop影響烏克蘭暖氣供應事故，研究人員公布進一步調查結果 https://unit42.paloaltonetworks.com/frostygoop-malware-analysis/ 已終止支援的GeoVision視訊監控設備存在重大漏洞，傳出被用於攻擊行動 https://www.ithome.com.tw/news/166063 I.教育訓練資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會【安碁學苑】資安職能培訓｜安全程式開發管理師 2024/11/23 ~ 2024/12/21 https://acsiacad.kktix.cc/events/308914 Taoyuan WordPress Café 桃園咖啡小聚 #42 2024/11/23 https://www.meetup.com/taoyuan-wordpress-meetup/events/304123625/ #130 swirl: The Package for Learning and Teaching Data Science in R 2024/11/23 https://www.meetup.com/r-user-group-philippines/events/296013262/ Exploring Azure AI Services and Certification Pathways 2024/11/25 https://www.meetup.com/rladies-taipei/events/303989737/ Algorithms Study Group! 2024/11/26 https://www.meetup.com/codeseoul/events/rslrltygcpbjc/ Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/11/26 https://www.meetup.com/taiwan-code-camp/events/xfxtjtygcpbjc/ Trustrade Business Networking powered by ZOOM 2024/11/26 https://www.meetup.com/sophisticated-blockchain-cryptocurrency-professionals/events/ffdghsygcpbjc/ Trustrade weekly TUESDAY ZOOM meeting! 2024/11/26 https://www.meetup.com/hong-kong-blockchain-business/events/rzkwqsygcpbjc/ Silicon Valley Business Networking (Online) 2024/11/26 https://www.meetup.com/hong-kong-startup-idea-to-ipo/events/xppjhtygcpbjc/ Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/11/27 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/bmzxltygcpbkc/ 【2024 RMN ASIA】AI 驅動零售變革 · RMN重新定義行銷生態 2024/11/28 https://www.accupass.com/event/2409050256092193763570 Slot 1 (APAC/EMEA) 2024/11/28 https://www.meetup.com/coop-casual-conference/events/lxqrltygcpblc/ HackingThursday 固定聚會台北場 Taipei 2024/11/28 https://www.meetup.com/hackingthursday/events/fcmtntygcpblc/ 【TIRI線上董事、公司治理主管進修課程】漫談資安治理的盲點與對策 2024/11/29 https://www.accupass.com/event/2408290602361963077719 金融反詐 X AI深偽：資安實務專題講座（北部場） 2024/11/29 https://isipevent.kktix.cc/events/n165isip Threat Analyst Summit 2024 威脅分析師高峰會 2024/12/11 ~ 2024/12/12 https://teamt5tw.kktix.cc/events/tas2024 金融反詐 X AI深偽：資安實務專題講座（中部場）2024/12/16 https://isipevent.kktix.cc/events/m165isip Free Startup Fundraising Office Hours Expert AMA with Angel Investor Scott Fox! 2024/12/25 https://www.meetup.com/taipei-startups-investors-masterminds-network/events/bmzxltygcqbhc/