資安事件新聞週報 2025/1/6 ~ 2025/1/10

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2025/1/6 ~ 2025/1/10 1.重大弱點漏洞/後門/Exploit/Zero Day Trend Micro Apex One https://nvd.nist.gov/vuln/detail/CVE-2024-55917 https://nvd.nist.gov/vuln/detail/CVE-2024-55632 https://nvd.nist.gov/vuln/detail/CVE-2024-55631 https://nvd.nist.gov/vuln/detail/CVE-2024-52050 https://nvd.nist.gov/vuln/detail/CVE-2024-52049 https://nvd.nist.gov/vuln/detail/CVE-2024-52048 https://nvd.nist.gov/vuln/detail/CVE-2024-52047 Palo Alto Networks修補防火牆移轉工具多項弱點 https://www.ithome.com.tw/news/166910 SonicWall防火牆存在SSL VPN、SSH高風險漏洞 https://www.bleepingcomputer.com/news/security/sonicwall-urges-admins-to-patch-exploitable-sslvpn-bug-immediately/ 防火牆系統GFI KerioControl存在CRLF注入漏洞，傳出已被用於攻擊行動 https://www.bleepingcomputer.com/news/security/hackers-exploit-keriocontrol-firewall-flaw-to-steal-admin-csrf-tokens/ Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection https://thehackernews.com/2025/01/critical-rce-flaw-in-gfi-keriocontrol.html Major Vulnerabilities Patched in SonicWall, Palo Alto Expedition, and Aviatrix Controllers https://thehackernews.com/2025/01/major-vulnerabilities-patched-in.html 研究人員公布微軟12月修補的LDAP阻斷服務漏洞細節，指出攻擊者有可能藉此讓伺服器當機 https://www.ithome.com.tw/news/166868 資安業者Tenable傳出外掛程式更新出錯意外，端點代理程式停擺 https://www.ithome.com.tw/news/166848 資安業者Tenable傳出遭遇惡意外掛程式攻擊事故，駭客藉此將用戶的Nessus代理程式移除 https://www.bleepingcomputer.com/news/security/bad-tenable-plugin-updates-take-down-nessus-agents-worldwide/ Bad Tenable plugin updates take down Nessus agents worldwide https://www.bleepingcomputer.com/news/security/bad-tenable-plugin-updates-take-down-nessus-agents-worldwide/ ProjectDiscovery 開源弱掃工具 Nuclei 爆出嚴重漏洞，可繞過簽章執行惡意程式 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11524 開源弱點掃描工具Nuclei存在弱點，攻擊者有機會繞過身分驗證執行惡意程式碼 https://www.bleepingcomputer.com/news/security/nuclei-flaw-lets-malicious-templates-bypass-signature-verification/ Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution https://thehackernews.com/2025/01/researchers-uncover-nuclei.html CISA Flags Critical Flaws in Mitel and Oracle Systems Amid Active Exploitation https://thehackernews.com/2025/01/cisa-flags-critical-flaws-in-mitel-and.html Ivanti警告Connect Secure存在零時差漏洞，駭客企圖藉此植入惡意程式 https://www.bleepingcomputer.com/news/security/ivanti-warns-of-new-connect-secure-flaw-used-in-zero-day-attacks/ Ivanti Flaw CVE-2025-0282 Actively Exploited, Impacts Connect Secure and Policy Secure https://thehackernews.com/2025/01/ivanti-flaw-cve-2025-0282-actively.html IBM 產品 Engineering Lifecycle Optimization https://nvd.nist.gov/vuln/detail/CVE-2024-41766 https://nvd.nist.gov/vuln/detail/CVE-2024-41767 IBM WebSphere Automation https://nvd.nist.gov/vuln/detail/CVE-2024-54181 IBM QRadar SIEM Amazon Web Services protocol is vulnerable to stack overflow due to improper input validation (CVE-2024-7254) https://www.ibm.com/support/pages/node/7180462 IBM Security QRadar Analyst Workflow for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities https://www.ibm.com/support/pages/node/7180545 Mozilla基金會發布Firefox 134，修補3項高風險漏洞 https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/ Google發布Chrome更新，修補V8引擎類型混淆高風險漏洞 https://securityonline.info/chrome-update-addresses-high-severity-vulnerability-cve-2025-0291/ 生物科技業者Illumina的DNA檢測儀器BIOS存在漏洞，攻擊者有可能藉此持續於受害裝置活動 https://www.bleepingcomputer.com/news/security/bios-flaws-expose-iseq-dna-sequencers-to-bootkit-attacks/ Apache基金會修補圖像資料庫系統HugeGraph身分驗證繞過漏洞 https://www.ithome.com.tw/news/166745 2.銀行/金融/保險/證券/金融監理新聞及資安台灣知名銀行利用OPSWAT技術降低惡意軟體威脅並確保檔案傳輸安全 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11520 日本最大金融集團MUFG旗下銀行運用生成式AI加速業務銷售流程 https://www.ithome.com.tw/news/166756 DORA 新法規上路！歐盟金融機構須加強網路韌性 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11479 瑞思資訊全力推動 FCB 與零信任方案，助力金融業落實金融資安行動方案 2.0 https://ithome.com.tw/pr/166184 銀行金融檢查防制詐騙與資安成重點 https://anntw.com/articles/20241219-DPi7 王道銀行與北市調查處簽署「國家資通安全聯防與情資分享合作備忘錄」 https://reurl.cc/zpO37N 金融區塊鏈有價證券數位化將上線！呼應綠色金融打造電子保險箱 https://reurl.cc/L5eyZK 3.信用卡/電子支付/行動支付/pay/支付系統/資安駭客打造惡意WordPress外掛PhishWP，意圖藉由合法網站竊取購物者信用卡資料 https://www.ithome.com.tw/news/166870 跨境支付平台 HIVEX 正式開通韓國跨境行動支付服務 https://money.udn.com/money/story/5613/8473578 全支付布局國際再下一城攜手ZeroPay前進韓國 https://www.cna.com.tw/news/afe/202501070268.aspx LINE Pay強化公司治理董事監督功能女性董事占比逾４成 https://reurl.cc/G5g8QW 第三方支付升格電支鎖定LINE Pay等7家函查 https://reurl.cc/NbOvD6 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 Cybercriminals Target Ethereum Developers with Fake Hardhat npm Packages https://thehackernews.com/2025/01/russian-speaking-attackers-target.html 高雄個人幣商買賣USDT遭逮，私下交易加密貨幣恐觸法 https://www.blocktempo.com/the-first-case-in-taiwan-individual-currency-traders-were-arrested-for-illegal-currency-sales/ 未如實申報加密貨幣稅務，比特幣早期投資者被判刑並需交出私鑰 https://abmedia.io/bitcoin-investor-ordered-to-reveal-access-codes Google量子晶片「Willow」橫空出世 AI運算恐挑戰加密貨幣安全 https://reurl.cc/ZZ8KEA 取得盧森堡執照！渣打宣布：進軍歐洲「提供加密幣託管服務」 https://blockcast.it/2025/01/10/standard-chartered-to-expand-crypto-custody-services-in-eu-with-new-luxembourg-license/ 短信詐騙220萬元加密貨幣紐約州檢長代受害者提告追討 https://www.epochtimes.com/b5/25/1/10/n14410306.htm 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 竊資軟體Banshee鎖定蘋果電腦而來，冒用內建防毒XProtect的演算法迴避偵測 https://www.ithome.com.tw/news/166906 天然氣業者新海傳出遭遇勒索軟體攻擊，伺服器內部檔案被加密 https://mops.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=134501&SPOKE_DATE=20250109&COMPANY_ID=9926 逾4千個後門利用過期網域從事攻擊行為，研究人員註冊阻斷惡意活動 https://www.bleepingcomputer.com/news/security/over-4-000-backdoors-hijacked-by-registering-expired-domains/ 駭客假借資安業者CrowdStrike名義徵才，企圖散布挖礦軟體 https://www.bleepingcomputer.com/news/security/fake-crowdstrike-job-offer-emails-target-devs-with-crypto-miners/ PyPI隔離措施奏效，數月阻擋逾百惡意專案 https://www.ithome.com.tw/news/166832 針對鎖定四信工業路由器的殭屍網路攻擊，中國資安業者指出駭客亦使用其他已知及零時差漏洞攻擊連網設備 https://www.ithome.com.tw/news/166888 木馬程式NonEuclid RAT繞過UAC和AMSI安全機制活動 http://thehackernews.com/2025/01/researchers-expose-noneuclid-rat-using.html 新興應用程式安全測試OAST機制遭濫用，駭客藉此散布惡意NPM、PyPI、RubyGems套件 https://www.ithome.com.tw/news/166874 針對假冒烏克蘭軍方報告應用程式的惡意軟體攻擊，研究人員指出後門程式利用Tor網路隱匿行蹤 https://gbhackers.com/ssh-tor-malware-ukraine/ Researchers Expose NonEuclid RAT Using UAC Bypass and AMSI Evasion Techniques https://thehackernews.com/2025/01/researchers-expose-noneuclid-rat-using.html 中東政府機關、網際網路服務供應商遭鎖定，駭客企圖散布惡意程式Eagerbee https://www.bleepingcomputer.com/news/security/eagerbee-backdoor-deployed-against-middle-eastern-govt-orgs-isps/ New EAGERBEE Variant Targets ISPs and Governments with Advanced Backdoor Capabilities https://thehackernews.com/2025/01/new-eagerbee-variant-targets-isps-and.html EAGERBEE, with updated and novel components, targets the Middle East https://securelist.com/eagerbee-backdoor/115175/ Top 5 Malware Threats to Prepare Against in 2025 https://thehackernews.com/2025/01/top-5-malware-threats-to-prepare.html Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks https://thehackernews.com/2025/01/mirai-botnet-variant-exploits-four.html AI-Driven Ransomware FunkSec Targets 85 Victims Using Double Extortion Tactics https://thehackernews.com/2025/01/ai-driven-ransomware-funksec-targets-85.html RedDelta Deploys PlugX Malware to Target Mongolia and Taiwan in Espionage Campaigns https://thehackernews.com/2025/01/reddelta-deploys-plugx-malware-to.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊回不去了，小米手機的 bootloader 解鎖限制將更嚴格 https://m.eprice.com.tw/mobile/talk/4568/5814070/1 為打擊詐騙行為，Telegram導入第三方驗證機制 https://www.ithome.com.tw/news/166814 安卓竊資軟體FireScam假冒Telegram應用程式散布 https://www.bleepingcomputer.com/news/security/new-firescam-android-data-theft-malware-poses-as-telegram-premium-app/ Google發布2025年首波安卓例行更新，修補系統元件的重大層級漏洞 https://securityonline.info/cve-2024-43096-and-more-critical-rce-flaws-patched-in-android-security-update/ FireScam Android Malware Poses as Telegram Premium to Steal Data and Control Devices https://thehackernews.com/2025/01/firescam-android-malware-poses-as.html Google Project Zero Researcher Uncovers Zero-Click Exploit Targeting Samsung Devices https://thehackernews.com/2025/01/google-project-zero-researcher-uncovers.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力日本電信業者NTT DOCOMO傳出遭到DDoS攻擊 https://smbiz.asahi.com/article/15572291 青雲科技、世芯電子、大眾電腦、台塑接連遭DDoS攻擊，傳出是親俄駭客NoName057所為 https://www.ithome.com.tw/news/166831 華航遭遇DDoS攻擊 https://mops.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=163641&SPOKE_DATE=20250108&COMPANY_ID=2610 攸泰科技網站遭遇DDoS攻擊 https://mops.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=140120&SPOKE_DATE=20250107&COMPANY_ID=6928 臺灣2024每日遭到網路攻擊次數達到240萬，通訊傳播領域暴增6.5倍、電信業成為最熱門的網駭目標 https://www.ithome.com.tw/news/166827 擴充套件Pie Adblock侵權uBlock Origin，PayPal Honey團隊再掀爭議 https://www.ithome.com.tw/news/166809 回顧 2024 年：全球十大網路安全事件 https://cybersecurenews.com.tw/news-edit-124/ 針對中華電信海底電纜遭貨輪破壞事故，數發部公布後續因應措施 https://www.ithome.com.tw/news/166871 海纜中斷事件學者呼籲政府應強化國內通訊網路及服務韌性 https://www.ithome.com.tw/news/166914 中國船四處剪斷海底電纜劣跡斑斑智庫揭北京邪惡野心 https://ec.ltn.com.tw/article/breakingnews/4913351 惡質！疑中國貨輪註冊他國國籍拖斷我國海底電信纜線 https://today.line.me/tw/v2/article/JPWqK67 關島成中美網路戰前線，美政府急提升資安防禦能力 https://www.inside.com.tw/article/37236-guam-us-china-cyber-warfare-cybersecurity-defense 俄軍抱怨中國製電子戰設備是「不可靠的垃圾」　讓他們作戰風險劇增 https://today.line.me/tw/v2/article/NvLV8p1 邱垂正：應對中共滲透統戰台灣不會走入「麥卡錫化」 https://www.cna.com.tw/news/acn/202412280044.aspx 美國 CISA 發布國家網路事故應變計畫草案 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11514 針對美國電信業者遭遇中國駭客Salt Typhoon大規模攻擊事故，知情人士透露新的受害公司 https://www.ithome.com.tw/news/166851 美國政府制裁中國資安業者永信至誠，原因是該公司支援駭客組織Flax Typhoon的攻擊行動 https://www.ithome.com.tw/news/166829 U.S. Sanctions Chinese Cybersecurity Firm for State-Backed Hacking Campaigns https://thehackernews.com/2025/01/us-treasury-sanctions-beijing.html US sanctions Chinese company linked to Flax Typhoon hackers https://www.bleepingcomputer.com/news/security/us-sanctions-chinese-company-linked-to-flax-typhoon-hackers/ U.S. Sanctions Chinese Cybersecurity Firm for State-Backed Hacking Campaigns https://thehackernews.com/2025/01/us-treasury-sanctions-beijing.html 美國政府指出BeyondTrust零時差漏洞攻擊事故並未影響財政部以外的聯邦機構 https://www.bleepingcomputer.com/news/security/cisa-says-recent-government-hack-limited-to-us-treasury/ CISA: No Wider Federal Impact from Treasury Cyber Attack, Investigation Ongoing https://thehackernews.com/2025/01/cisa-no-wider-federal-impact-from.html 中國駭客MirrorFace對日本從事5年逾200起攻擊行動，企圖竊取國家安全及先進技術機密 https://www.ithome.com.tw/news/166880 MirrorFace Leverages ANEL and NOOPDOOR in Multi-Year Cyberattacks on Japan https://thehackernews.com/2025/01/mirrorface-leverages-anel-and-noopdoor.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全國安局首公佈中共爭訊樣態 PTT淪假訊平台 https://def.ltn.com.tw/article/breakingnews/4912172 潛伏9個月才下手華女PayPal比特幣遭詐騙團夥盜賣 https://www.worldjournal.com/wj/story/121473/8467503 Sophos：網路釣魚即服務 (PaaS) 生態系統發生顯著變化 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11515 網釣攻擊Butcher Shop鎖定法律、政府、營造業而來，企圖挾持M365帳號 https://www.obsidiansecurity.com/blog/butcher-shop-phishing-campaign-targets-organizations/ 卡西歐去年勒索軟體事件造成員工、客戶近8,500人個資外洩，部分系統尚未恢復 https://www.ithome.com.tw/news/166889 易飛旅遊遭遇供應鏈攻擊，部分資料遭到竊取 https://www.ithome.com.tw/news/166806 Over 3 million mail servers without encryption exposed to sniffing attacks https://www.bleepingcomputer.com/news/security/over-3-million-mail-servers-without-encryption-exposed-to-sniffing-attacks/ PLAYFULGHOST Delivered via Phishing and SEO Poisoning in Trojanized VPN Apps https://thehackernews.com/2025/01/playfulghost-delivered-via-phishing-and.html From $22M in Ransom to +100M Stolen Records: 2025's All-Star SaaS Threat Actors to Watch https://thehackernews.com/2025/01/from-22m-in-ransom-to-100m-stolen.html PLAYFULGHOST Delivered via Phishing and SEO Poisoning in Trojanized VPN Apps https://thehackernews.com/2025/01/playfulghost-delivered-via-phishing-and.html India Proposes Digital Data Rules with Tough Penalties and Cybersecurity Requirements https://thehackernews.com/2025/01/india-proposes-digital-data-rules-with.html E.U. Commission Fined for Transferring User Data to Meta in Violation of Privacy Laws https://thehackernews.com/2025/01/eu-commission-fined-for-transferring.html CrowdStrike Warns of Phishing Scam Targeting Job Seekers with XMRig Cryptominer https://thehackernews.com/2025/01/crowdstrike-warns-of-phishing-scam.html E.研究報告/工具什麼是遠端存取木馬（RATs） https://teamt5.org/tw/posts/what-are-remote-access-trojans-rats/ 企業資安防禦指南【2025 最新版】 https://teamt5.org/tw/posts/2025-enterprise-cybersecurity-guide/ 【實務案例】面對零時差攻擊，該如何應對 https://teamt5.org/tw/posts/how-to-deal-with-zero-day-attacks/ 供應鏈資安風險管理將成2025年關鍵議題 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11516 利用AI技術的網路威脅越來越多將如何改變資安戰局 https://www.technice.com.tw/techmanage/infosecurity/158064/ 研究人員揭露新的DoubleClickjacking手法，能繞過點擊挾持防護 https://www.ithome.com.tw/news/166806 New AI Jailbreak Method 'Bad Likert Judge' Boosts Attack Success Rates by Over 60% https://thehackernews.com/2025/01/new-ai-jailbreak-method-bad-likert.html Farewell to the Fallen: The Cybersecurity Stars We Lost Last Year https://thehackernews.com/2025/01/farewell-to-fallen-cybersecurity-stars.html Researchers Uncover Major Security Flaw in Illumina iSeq 100 DNA Sequencers https://thehackernews.com/2025/01/researchers-uncover-major-security-flaw.html Neglected Domains Used in Malspam to Evade SPF and DMARC Security Protections https://thehackernews.com/2025/01/neglected-domains-used-in-malspam-to.html F.商業中華資安國際紅隊演練服務榮獲2024資安精品獎 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11497 WatchGuard收購MDR業者ActZero，看準MSP市場 https://www.ithome.com.tw/news/166916 密碼管理解決方案業者1Password買下SaaS存取管理供應商Trelica https://www.darkreading.com/identity-access-management-security/1password-acqiures-saas-access-management-trelica 以安全為由，AI之父參與連署要求法院阻止OpenAI走向營利化 https://www.ithome.com.tw/news/166860 程式碼分析業者Veracode買下資安新創Phylum https://www.veracode.com/press-release/veracode-acquires-phylum-inc-technology-to-transform-software-supply-chain-security Product Walkthrough: How Reco Discovers Shadow AI in SaaS https://thehackernews.com/2025/01/product-review-how-reco-discovers.html Taking the Pain Out of Cybersecurity Reporting: A Practical Guide for MSPs https://thehackernews.com/2025/01/taking-pain-out-of-cybersecurity.html G.政府花蓮縣政府說明今日通報資安事件處置情形 https://n.yam.com/Article/20250110638906 資安署建全國性資安業務推動系統　提升防護能量 https://finance.ettoday.net/news/2882615 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安 1電腦控制1萬台無人機　深圳創2世界紀錄 https://today.line.me/tw/v2/article/ML1qgwj?utm_source=copyshare OT/ICS 工程工作站遭受新型惡意程式攻擊威脅 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11513 如何導入醫療器材資安新標準？安華聯網解讀SDL與IEC 81001-5-1應用 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11511 美國政府公布物聯網裝置網路安全標章U.S. Cyber Trust Mark https://www.ithome.com.tw/news/166867 臺廠Moxa部分工業用路由器、防火牆存在重大漏洞，已發布新版韌體修補 https://www.ithome.com.tw/news/166842 部分工業用路由器、網路設備存在重大漏洞，臺廠Moxa發布新版韌體修補 https://securityonline.info/cve-2024-9138-and-cve-2024-9140-cvss-9-8-moxa-calls-for-immediate-security-action/ 聯發科發布1月份例行更新，修補無須使用者互動就能利用的RCE漏洞 https://securityonline.info/cve-2024-20154-critical-rce-flaw-in-mediatek-chipsets-impacts-millions/ D-Link DIR-823G https://nvd.nist.gov/vuln/detail/CVE-2024-13030 Moxa Alerts Users to High-Severity Vulnerabilities in Cellular and Secure Routers https://thehackernews.com/2025/01/moxa-alerts-users-to-high-severity.html FCC Launches 'Cyber Trust Mark' for IoT Devices to Certify Security Compliance https://thehackernews.com/2025/01/fcc-launches-cyber-trust-mark-for-iot.html I.教育訓練資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 2025 Yourator x TechOrange 數位職涯博覽會暨 AI 人才高峰會｜職涯進化論 AI · SDGs · SLASHIE 2925/1/11 https://www.accupass.com/event/2410231001162027531377 Focus and Take Action - Entrepreneurs and Digital Nomads 2025/1/12 https://www.meetup.com/taipei-accountability-group/events/rjcdptyhccbqb/ How to Build AI Skills For Your Career in 2025 2025/1/13 https://www.meetup.com/shanghai-startup-idea-to-ipo/events/305195103/ Algorithms Study Group! 2025/1/14 https://www.meetup.com/codeseoul/events/305093939/ Chinese Linguistics, History, and Etymology 2025/1/15 https://www.meetup.com/formosa-technology-and-philosophy-symposium/events/305263199/ 海纜又（被）斷了！？沒網路手機也打不通怎麼辦 2025/1/16 https://ocftw.kktix.cc/events/internetfreedom-jan2025 HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會淡水 2025/1/16 https://www.meetup.com/hackingthursday/events/psspctyhccbvb/ HackingThursday 固定聚會台北場 Taipei 2025/1/16 https://www.meetup.com/hackingthursday/events/fcmtntyhccbvb/ 讀書分享 Q1’25 之管理類餐聚(請自行跟餐廳預約保留座） 2025/1/16 https://www.meetup.com/taipeiwomenintech/events/304376021/ Transformed: Moving to the Product Operating Model - with Marty Cagan 2025/1/16 https://www.meetup.com/producttank-bangkok/events/304283973/ [Online] Philippine Bitcoin meetup 2025/1/16 https://www.meetup.com/philippine-bitcoiners/events/300961129/ Saturday AI Hangout with Zack Lim 2025/1/18 https://www.meetup.com/internet-entrepreneurs-network-vietnam/events/305234492/ Advanced Scrum Case Study 2025/1/18 https://www.meetup.com/silicon-valley-professional-scrum-bangkok/events/305079789/ Focus and Take Action - Entrepreneurs and Digital Nomads 2025/1/19 https://www.meetup.com/taipei-accountability-group/events/rjcdptyhccbzb/ Algorithms Study Group! 2025/1/21 https://www.meetup.com/codeseoul/events/305093940/ Chinese Linguistics, History, and Etymology 2025/1/22 https://www.meetup.com/formosa-technology-and-philosophy-symposium/events/mkgkptyhccbdc/ The wild innovations of end 2024 and what 2025 will bring (online session) 2025/1/22 https://www.meetup.com/taipei-education-technology-meetup-group/events/305143337/ HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會淡水 2025/1/23 https://www.meetup.com/hackingthursday/events/psspctyhccbfc/ HackingThursday 固定聚會台北場 Taipei 2025/1/23 https://www.meetup.com/hackingthursday/events/fcmtntyhccbfc/ Saturday AI Hangout with Zack Lim 2025/1/25 https://www.meetup.com/internet-entrepreneurs-network-vietnam/events/305234530/ Focus and Take Action - Entrepreneurs and Digital Nomads 2025/1/26 https://www.meetup.com/taipei-accountability-group/events/rjcdptyhccbjc/ Algorithms Study Group! 2025/1/28 https://www.meetup.com/codeseoul/events/305093942/ Chinese Linguistics, History, and Etymology 2025/1/29 https://www.meetup.com/formosa-technology-and-philosophy-symposium/events/mkgkptyhccbmc/ HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會淡水 2025/1/30 https://www.meetup.com/hackingthursday/events/psspctyhccbnc/ HackingThursday 固定聚會台北場 Taipei 2025/1/30 https://www.meetup.com/hackingthursday/events/fcmtntyhccbnc/ IC TAIWAN GRAND CHALLENGE: GLOBAL CALL FOR PROPOSALS 2025/1/31 https://www.meetup.com/meetups-hk-science-park/events/304872613/ Advanced Scrum Case Study 2025/2/1 https://www.meetup.com/silicon-valley-professional-scrum-bangkok/events/ghffptyhcdbcb/ Focus and Take Action - Entrepreneurs and Digital Nomads 2025/2/2 https://www.meetup.com/taipei-accountability-group/events/rjcdptyhcdbdb/ Algorithms Study Group! 2025/2/4 https://www.meetup.com/codeseoul/events/305093944/ Chinese Linguistics, History, and Etymology 2025/2/5 https://www.meetup.com/formosa-technology-and-philosophy-symposium/events/mkgkptyhcdbhb/ 自動化新視界：解鎖流程優化與工具整合實用策略課堂 2025/2/8 ~ 2025/2/15 https://www.accupass.com/event/2412020803131836788493 Advanced Scrum Case Study 2025/2/15 https://www.meetup.com/silicon-valley-professional-scrum-bangkok/events/ghffptyhcdbtb/ [Online] Philippine Bitcoin meetup 2025/2/20 https://www.meetup.com/philippine-bitcoiners/events/300961130/ 第八屆《Hit AI & Blockchain》人工智慧暨區塊鏈產業高峰會 2025/2/20 https://www.accupass.com/event/2411261044223773652370 Advanced Scrum Case Study 2025/3/1 https://www.meetup.com/silicon-valley-professional-scrum-bangkok/events/ghffptyhcfbcb/ DEVCORE CONFERENCE 2025 2025/3/15 https://devcore.kktix.cc/events/devcoreconf2025 [Online] Philippine Bitcoin meetup 2025/3/20 https://www.meetup.com/philippine-bitcoiners/events/304057810/