###### tags: `資安事件新聞週報` # 資安事件新聞週報 2025/6/2 ~ 2025/6/6 1.重大弱點漏洞/後門/Exploit/Zero Day 駭客利用vBulletin滿分漏洞來植入後門 https://www.ithome.com.tw/news/169300 思科修補身分服務引擎的驗證繞過漏洞 https://www.ithome.com.tw/news/169401 Critical Cisco ISE Auth Bypass Flaw Impacts Cloud Deployments on AWS, Azure, and OCI https://thehackernews.com/2025/06/critical-cisco-ise-auth-bypass-flaw.html Windows內建的OpenSSH元件被濫用，駭客試圖建立後門連線 https://www.ithome.com.tw/news/169361 微軟公布新一代Windows Update平臺，將納管第三方應用程式更新 https://www.ithome.com.tw/news/169251 郵件伺服器Roundcube存在10年重大漏洞，逾5,300萬主機恐曝險 https://www.ithome.com.tw/news/169358 Critical 10-Year-Old Roundcube Webmail Bug Allows Authenticated Users Run Malicious Code https://thehackernews.com/2025/06/critical-10-year-old-roundcube-webmail.html New Linux Flaws Allow Password Hash Theft via Core Dumps in Ubuntu, RHEL, Fedora https://thehackernews.com/2025/05/new-linux-flaws-allow-password-hash.html Google更新Chrome 137，修補已遭濫用的零時差漏洞 https://www.ithome.com.tw/news/169349 Google Chrome to Distrust Two Certificate Authorities Over Compliance and Conduct Issues https://thehackernews.com/2025/06/google-chrome-to-distrust-two.html New Chrome Zero-Day Actively Exploited; Google Issues Emergency Out-of-Band Patch https://thehackernews.com/2025/06/new-chrome-zero-day-actively-exploited.html HPE Issues Security Patch for StoreOnce Bug Allowing Remote Authentication Bypass https://thehackernews.com/2025/06/hpe-issues-security-patch-for-storeonce.html 網路儲存設備Dell PowerScale存在重大漏洞，未經授權攻擊者可存取檔案系統 https://gbhackers.com/critical-dell-powerscale-vulnerability/ IBM資安平臺QRadar Suite存在重大權限提升漏洞 https://www.ithome.com.tw/news/169379 高通修補GPU已被用於實際攻擊行動的零時差漏洞 https://www.ithome.com.tw/news/169342 杜浦數位安全揭露並修補端點防護程式高風險權限提升漏洞 https://www.ithome.com.tw/news/169339 Linux存在資訊洩露弱點，攻擊者恐藉此竊取密碼雜湊值 https://thehackernews.com/2025/05/new-linux-flaws-allow-password-hash.html Mozilla發布Firefox 139.0.1更新，修補Nvidia顯示晶片弱點 https://www.bleepingcomputer.com/news/software/mozilla-releases-firefox-13901-update-to-fix-artifacts-on-nvidia-gpus/ 2.銀行/金融/保險/證券/金融監理 新聞及資安 新光人壽導入模組化數位保險平臺，預計下半年在越南推出首波數位保險產品 https://www.ithome.com.tw/news/169414 新型Android銀行木馬「鱷魚」偽裝APP竊取個資、加密貨幣 https://news.pchome.com.tw/science/technice/20250605/index-74910635719562338005.html AI 驅動金融新未來 資安治理成永續轉型關鍵 https://www.businesstoday.com.tw/article/category/183015/post/202506040019/ 凱基證券主辦集團資安月 打造「人人是防線」資安文化 https://www.cna.com.tw/business/chinese/402614 金調聯防 將來銀行攜手調查局簽署資安聯防MOU https://news.pchome.com.tw/living/lifetoutiao/20250604/index-74904788488995315009.html 台中銀行帳戶不閒置 防範人頭帳戶進行詐騙、洗錢非法活動 https://money.udn.com/money/story/11799/8790356 警銀聯防升級 刑事局邀公股銀行實地參與反詐實務戰線 https://tyenews.com/2025/06/865438/ 3.信用卡/電子支付/行動支付/pay/支付系統/資安 DoJ Seizes 145 Domains Tied to BidenCash Carding Marketplace in Global Takedown https://thehackernews.com/2025/06/doj-seizes-145-domains-tied-to.html 美國Google Wallet本月將停止支援PayPal https://www.ithome.com.tw/news/169330 食藥署「禁摸錢又摸食」新制　有利行動支付普及率？　攤商、電支業者心聲曝光 https://today.line.me/tw/v2/article/nXOGwOJ 高額醫療費恐成目標 私協示警現金風險高、推行動支付 https://udn.com/news/story/7266/8784612 電子支付注意！男子「1閃失」付款變做公益 https://news.ltn.com.tw/news/life/breakingnews/5063247 1300萬Line pay用戶注意！1動作「存款被清空」 https://www.businesstoday.com.tw/article/category/183030/post/202506060013/ LINE Pay付款「多噴一筆錢」！　1動作錢秒被吞 https://news.tvbs.com.tw/life/2889883 TWQR擴支付版圖 祭優惠搶客 https://reurl.cc/5K9vbV 5大港人常用內地電子支付大比併 https://reurl.cc/mxKMpl 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 USDC穩定幣開發商Circle上市首日股價大漲168% https://www.ithome.com.tw/news/169403 加密貨幣將取代美元、美債地位？伊森「關鍵托底力量」：是把雙刃劍 https://udn.com/news/story/7251/8788982 李在明當選韓國總統！「加密貨幣 ETF 、韓元穩定幣」蓄勢待發 https://blockcast.it/2025/06/04/south-korea-elects-lee-as-new-president-crypto-etfs-and-krw-stablecoins-on-horizon/ 比特幣進白宮、穩定幣進青瓦台？加密資產成川普、李在明國家級戰略的盤算 https://udn.com/news/story/6811/8789793 Uber第三次考慮讓乘客「加密貨幣支付」：穩定幣非常有錢途 https://www.blocktempo.com/uber-explores-stablecoin-integration-for-global-payments-to-reduce-cross-border/ 英國監管機構解除零售投資者購買加密貨幣ETN的禁令 https://hk.investing.com/news/cryptocurrency-news/article-93CH-960242 加密稅收邁向「全球通報」！瑞士批准74 個國家共享加密收入資訊 https://www.blocktempo.com/switzerland-crypto-tax-transparency-information-exchange/ 虛擬貨幣資安震撼：當加密世界撞上台灣教育迷思｜去中心化時代，我們準備好了嗎 https://reurl.cc/4LVrlK 對穩定幣的爭奪愈演愈烈 大型銀行也考慮加入 https://news.cnyes.com/news/id/6011018 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 新殭屍網路「AyySSHush」攻陷逾9000台華碩路由器 植入持續性SSH後門 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11924 針對遭殭屍網路AyySSHush利用的路由器漏洞，華碩針對這些資安弱點公告提出說明 https://www.ithome.com.tw/news/169322 勒索軟體Play威脅加劇，迄今已有逾900家企業組織受害 https://www.bleepingcomputer.com/news/security/fbi-play-ransomware-breached-900-victims-including-critical-orgs/ 竊資軟體Lumma捲土重來，透過俄羅斯C2試圖恢復運作 https://gbhackers.com/lumma-infostealer-developers/ 終局執法行動出現新進展，惡意軟體地下檢測服務AVCheck被查封 https://www.ithome.com.tw/news/169290 提供AI工具成駭客偏好誘餌，多款勒索軟體藉此管道散布 https://www.bleepingcomputer.com/news/security/cybercriminals-exploit-ai-hype-to-spread-ransomware-malware/ GitHub現成工具被用於挖礦攻擊，駭客藉此濫用DevOps API https://thehackernews.com/2025/06/cryptojacking-campaign-exploits-devops.html 假借提供DocuSign、Gitcode為誘餌，駭客意圖散布NetSupport RAT https://thehackernews.com/2025/06/fake-docusign-gitcode-sites-spread.html 惡意RubyGems套件冒充CI/CD外掛散布 https://www.bleepingcomputer.com/news/security/malicious-rubygems-pose-as-fastlane-to-steal-telegram-api-data/ 韓國網咖遭到Gh0st RAT挾持，被用於挖礦牟利 https://gbhackers.com/hackers-use-gh0st-rat-to-hijack-internet-cafe/ 惡意軟體AsyncRAT透過冒牌Booking.com散布 https://gbhackers.com/fake-booking-com-sites-spread-asyncrat-malware/ 以政治訴求為動機的駭客轉換跑道，從事勒索軟體攻擊牟取經濟利益 https://www.rapid7.com/blog/post/2025/06/03/from-ideology-to-financial-gain-exploring-the-convergence-from-hacktivism-to-cybercrime/ 勒索軟體Lyrix用Windows內建API對電腦發動攻擊，回避偵測、防止研究人員分析 https://www.ithome.com.tw/news/169384 New PathWiper Data Wiper Malware Disrupts Ukrainian Critical Infrastructure in 2025 Attack https://thehackernews.com/2025/06/new-pathwiper-data-wiper-malware.html Chaos RAT Malware Targets Windows and Linux via Fake Network Tool Downloads https://thehackernews.com/2025/06/chaos-rat-malware-targets-windows-and.html Fake Docusign, Gitcode Sites Spread NetSupport RAT via Multi-Stage PowerShell Attack https://thehackernews.com/2025/06/fake-docusign-gitcode-sites-spread.html Malicious PyPI, npm, and Ruby Packages Exposed in Ongoing Open-Source Supply Chain Attacks https://thehackernews.com/2025/06/malicious-pypi-npm-and-ruby-packages.html Cybercriminals Target AI Users with Malware-Loaded Installers Posing as Popular Tools https://thehackernews.com/2025/05/cybercriminals-target-ai-users-with.html New Windows RAT Evades Detection for Weeks Using Corrupted DOS and PE Headers https://thehackernews.com/2025/05/new-windows-rat-evades-detection-for.html New EDDIESTEALER Malware Bypasses Chrome's App-Bound Encryption to Steal Browser Data https://thehackernews.com/2025/05/eddiestealer-malware-uses-clickfix.html Iran-Linked BladedFeline Hits Iraqi and Kurdish Targets with Whisper and Spearal Malware https://thehackernews.com/2025/06/iran-linked-bladedfeline-hits-iraqi-and.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 Google發布6月份安卓例行更新，修補27項資安漏洞 https://www.securityweek.com/over-30-vulnerabilities-patched-in-android/ Android Trojan Crocodilus Now Active in 8 Countries, Targeting Banks and Crypto Wallets https://thehackernews.com/2025/06/android-trojan-crocodilus-now-active-in.html 安卓惡意軟體Crocodilus於受害設備加入假的通訊錄，以便駭客打電話行騙 https://www.bleepingcomputer.com/news/security/android-malware-crocodilus-adds-fake-contacts-to-spoof-trusted-callers/ 蘋果iOS設備啟動後臺系統存在弱點，攻擊者有機會任意竄改相關配置 https://gbhackers.com/apple-ios-activation-flaw-enables-injection/ Meta、Yandex被揭露監聽Android本機通訊埠，橋接瀏覽器與App身分進行追蹤 https://www.ithome.com.tw/news/169394 C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 資安業者SentinelOne驚傳營運中斷，波及MDR代管及威脅情資接收 https://www.ithome.com.tw/news/169308 微軟、CrowdStrike合作彙整駭客代號對照表 https://www.ithome.com.tw/news/169323 數位發展部不能只是「公部門的數發部」——從中華電信憑證信任危機談起 https://reurl.cc/LaKWlX 中華電信8月起暫停簽發TLS網站憑證 https://www.ithome.com.tw/news/169347 合規改善不符要求，Chrome將從8月起停止預設信任中華電信TLS新憑證 https://www.ithome.com.tw/news/169318 逾250個Amazon代管的IP位址遭到濫用，鎖定多種應用系統發動攻擊 https://www.ithome.com.tw/news/169362 聯嘉光電資訊系統遭到攻擊，駭客試圖存取總部與部分子公司網路環境 https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=6&SPOKE_TIME=165352&SPOKE_DATE=20250605&COMPANY_ID=6288 駭客組織鎖定DevOps環境而來，濫用Nomad、Docker API等不當配置的情況從事挖礦攻擊 https://www.ithome.com.tw/news/169391 針對遭勒索的企業，澳洲政府要求通報支付贖金的金額 https://www.ithome.com.tw/news/169357 烏克蘭駭客Black Owl針對俄羅斯企業而來，意圖竊取財務資料 https://gbhackers.com/russian-hacker-black-owl-targets-critical-industries/ Researchers Detail Bitter APT's Evolving Tactics as Its Geographic Scope Expands https://thehackernews.com/2025/06/bitter-hacker-group-expands-cyber.html Cryptojacking Campaign Exploits DevOps APIs Using Off-the-Shelf Tools from GitHub https://thehackernews.com/2025/06/cryptojacking-campaign-exploits-devops.html U.S. DoJ Seizes 4 Domains Supporting Cybercrime Crypting Services in Global Operation https://thehackernews.com/2025/05/us-doj-seizes-4-domains-supporting.html China-Linked Hackers Exploit SAP and SQL Server Flaws in Attacks Across Asia and Brazil https://thehackernews.com/2025/05/china-linked-hackers-exploit-sap-and.html 軟體供應商ConnectWise遭遇國家級駭客攻擊，部分ScreenConnect用戶遭鎖定 https://www.ithome.com.tw/news/169337 軟體供應商ConnectWise遭遇網路攻擊，疑國家級駭客所為 https://www.bleepingcomputer.com/news/security/connectwise-breached-in-cyberattack-linked-to-nation-state-hackers/ ConnectWise遭疑似國家級駭客攻擊 ScreenConnect客戶成目標 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11928 ConnectWise Hit by Cyberattack; Nation-State Actor Suspected in Targeted Breach https://thehackernews.com/2025/05/connectwise-hit-by-cyberattack-nation.html Meta Disrupts Influence Ops Targeting Romania, Azerbaijan, and Taiwan with Fake Personas https://thehackernews.com/2025/05/meta-disrupts-influence-ops-targeting.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 Meta破獲虛假匿名專頁散布政軍腐敗論調 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11929 資料供應商LexisNexis資料外洩，影響逾36萬用戶 https://www.ithome.com.tw/news/169271 美國制裁專門提供詐騙基礎設施的菲律賓公司Funnull https://www.ithome.com.tw/news/169291 研究人員揭露新的Browser in the Middle攻擊竊密手法，Chrome、Edge、Safari都曝險 https://www.ithome.com.tw/news/169287 自動化資安合規業者Vanta軟體出錯，導致部分客戶資料能被其他用戶存取，受影響的企業可能有數百家 https://www.ithome.com.tw/news/169363 戶外用品與運動服飾業者The North Face遭遇帳號填充攻擊，部分客戶個資外洩 https://www.ithome.com.tw/news/169353 時尚業者Victoria’s Secret遭遇網路攻擊，網站一度離線 https://www.ithome.com.tw/news/169292 精品業者Cartier驚傳遭駭，客戶個資外洩 https://www.ithome.com.tw/news/169348 抖音傳出資料外洩，駭客兜售逾4億筆記錄 https://hackread.com/threat-actor-tiktok-breach-428-million-records-sale/ 中國網釣平臺「耗子」捲土重來，號稱買家無須寫程式碼就能犯案 https://hackread.com/chinese-phishing-service-haozi-criminal-profits/ Coinbase資料外洩事故傳出新消息，2名印度客服外包業者TaskUs員工涉案 https://www.ithome.com.tw/news/169378 加密貨幣交易所Coinbase資料外洩調查有新進展，疑印度客服外包業者TaskUs員工收賄流出 https://www.bleepingcomputer.com/news/security/coinbase-breach-tied-to-bribed-taskus-support-agents-in-india/ 由Azure代管的OpenAI環境存在DNS解析邏輯出錯，恐導致租戶資料外洩、中間人攻擊 https://unit42.paloaltonetworks.com/azure-openai-dns-resolution/ 研究人員揭露Azure AD重大漏洞，逾5萬用戶曝露於不安全的API而面臨風險 https://www.cloudsek.com/blog/50-000-azure-ad-users-exposed-via-unsecured-api-bevigil-uncovers-critical-flaw World ID 引領以人為本的網路身分驗證新時代 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11922 U.S. Sanctions Funnull for $200M Romance Baiting Scams Tied to Crypto Fraud https://thehackernews.com/2025/05/us-sanctions-funnull-for-200m-romance.html 駭客組織ShinyHunters挾持跨國企業的Salesforce帳號，意圖竊取機敏資訊 https://www.bleepingcomputer.com/news/security/google-hackers-target-salesforce-accounts-in-data-extortion-attacks/ Google Exposes Vishing Group UNC6040 Targeting Salesforce with Fake Data Loader App https://thehackernews.com/2025/06/google-exposes-vishing-group-unc6040.html 求職信網釣鎖定財務長與金融高層而來，駭客企圖植入遠端存取工具Netbird控制受害電腦 https://www.ithome.com.tw/news/169385 求職信網釣鎖定財務長而來，駭客利用遠端存取工具Netbird得逞 https://thehackernews.com/2025/06/fake-recruiter-emails-target-cfos-using.html Fake Recruiter Emails Target CFOs Using Legit NetBird Tool Across 6 Global Regions https://thehackernews.com/2025/06/fake-recruiter-emails-target-cfos-using.html Scattered Spider: Understanding Help Desk Scams and How to Defend Your Organization https://thehackernews.com/2025/06/scattered-spider-understanding-help.html Popular Chrome Extensions Leak API Keys, User Data via HTTP and Hard-Coded Credentials https://thehackernews.com/2025/06/popular-chrome-extensions-leak-api-keys.html E.研究報告/工具 大多數漏洞和攻擊來自不安全的設計模式、錯誤的設定 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11919 NotebookLM現在可讓使用者公開分享筆記 https://www.ithome.com.tw/news/169360 From the "Department of No" to a "Culture of Yes": A Healthcare CISO's Journey to Enabling Modern Care https://thehackernews.com/2025/05/from-department-of-no-to-culture-of-yes.html The Secret Defense Strategy of Four Critical Industries Combating Advanced Cyber Threats https://thehackernews.com/2025/06/the-secret-defense-strategy-of-four.html Redefining Cyber Value: Why Business Impact Should Lead the Security Conversation https://thehackernews.com/2025/06/redefining-cyber-value-why-business.html Solving the Enterprise Security Challenge: How to Validate Across Complex Networks https://thehackernews.com/expert-insights/2025/06/solving-enterprise-security-challenge.html Redefining Cyber Value: Why Business Impact Should Lead the Security Conversation https://thehackernews.com/2025/06/redefining-cyber-value-why-business.html F.商業 AWS正式啟用臺北區域資料中心，第一批啟用六十多項常見基礎服務 https://www.ithome.com.tw/news/169398 蘋果傳下一代macOS將命名為Tahoe、所有OS版本統一 https://www.ithome.com.tw/news/169319 微軟擴大提供歐盟各國政府免費安全服務 https://www.ithome.com.tw/news/169377 微軟Bing提供以Sora為基礎 但免費的影片生成工具 https://www.ithome.com.tw/news/169320 Angular v20正式棄用結構指令，反應式狀態管理進入穩定階段 https://www.ithome.com.tw/news/169355 Codex CLI改採Rust原生重寫，提升效能與跨平臺支援 https://www.ithome.com.tw/news/169341 HiTRUST 以 Veri-id 勇奪 2025 智慧創新大賞金牌 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11906 持續擴大身分安全防護產品陣容，Computex 2025臺廠展出多種硬體解決方案 https://www.ithome.com.tw/news/169198 臺灣企業如何因應地緣政治風險？從BCM 1.0升級2.0，專家建議從六大面向因應極端情境 https://www.ithome.com.tw/news/169208 Snowflake將收購PostgreSQL業者Crunchy Data https://www.ithome.com.tw/news/169327 漏洞管理業者Tenable買下AI資安新創Apex https://www.darkreading.com/cyber-risk/tenable-acquire-ai-security-apex Microsoft and CrowdStrike Launch Shared Threat Actor Glossary to Cut Attribution Confusion https://thehackernews.com/2025/06/microsoft-and-crowdstrike-launch-shared.html Identity-First Security: A Multilayered Approach to Reducing Identity Attack Risk https://thehackernews.com/expert-insights/2025/06/identity-first-security-multilayered.html G.政府 數發部：今年目標扶植資服業者開發至少150個AI應用領域模型 https://www.ithome.com.tw/news/169344 調查局與數位發展部數位產業署簽署防制洗錢及 打擊資恐、資武擴金融情資分享備忘錄 https://www.mjib.gov.tw/news/Details/1/1097 數位經濟提前破兆、打詐見效　黃彥男續發三支箭 https://www.cio.com.tw/92213/ 數發部：公共數位服務用台灣簽發雙憑證 不受Chrome信任政策影響 https://www.cna.com.tw/news/afe/202506030275.aspx 數發部提前部署因應Google移除中華電信憑證 數位經濟產業產值破兆提前達標 https://news.cnyes.com/news/id/5997028 打詐不力？數發部長黃彥男：上任一年下架11萬件詐騙訊息 https://udn.com/news/story/124490/8781338 數位基礎建設、AI應用與資安防護並進　數發部布局台灣數位新局 https://www.netadmin.com.tw/netadmin/zh-tw/snapshot/A84F310825874B989E05378F467431AF 數發部長黃彥男就任週年，揭示施政成果與未來藍圖 https://technews.tw/2025/06/03/moda-huang/ 強化台灣資安 政府攜手產業共築韌性防護網 https://www.epochtimes.com/b5/25/5/27/n14518665.htm H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 Nokia將率領逾40個組織共同打造一個由歐盟贊助的無人載具專案，以保護重大基礎設施 https://www.ithome.com.tw/news/169381 正崴集團子公司星科發表AI巡檢機器狗，瞄準工廠、辦公大樓等不同場域智慧巡檢、安防需求 https://www.ithome.com.tw/news/169369 聯發科修補藍牙驅動程式高風險漏洞 https://www.ithome.com.tw/news/169400 智慧製造3.0時代，MES與ERP如何打通IoT資料命脈 https://www.thehubnews.net/archives/514429 I.教育訓練 資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 Flutter Tokyo #8 2025/6/7 https://www.meetup.com/flutter-meetup-tokyo/events/308078305/ Taiwan Digital Fest 臺灣數位嘉年華 - The Biggest Nomad Fest in Asia! 2025/6/7 https://www.meetup.com/taiwan-digital-nomads-hub-%E5%8F%B0%E7%81%A3%E6%95%B8%E4%BD%8D%E9%81%8A%E7%89%A7%E8%80%85%E7%A4%BE%E7%BE%A4/events/307616875/ 物聯網邊緣運算與資安實戰 2025/6/7 https://www.accupass.com/event/2412260751154280345070 Atlassian TEAM'25 台灣社群大會 2025/6/7 https://www.meetup.com/taipei-atlassian-community-events/events/307519419/ iPAS AI應用規劃師 × 資策會生成式AI能力認證 最強陪跑班第一期 2025/6/8 https://www.accupass.com/event/2505210136041031208432 iPAS 資訊安全工程師中級證照培訓班：引領你掌握職涯未來 2025/6/8 https://acsiacad.kktix.cc/events/a2f3d0ef-ipascyberengineer-copy-1 標準引領．韌性共建：CRA 時代下的 ISA 資安治理新篇章 2025/6/10 https://isatw.kktix.cc/events/isa-2025q2-isataiwan-meeting AMA with VCs, featuring Linh Nguyen, Investment Associate, Ansible Ventures 2025/6/10 https://www.meetup.com/hanoi-startup-founder-101/events/308085450/ 風傳媒反詐新戰術2.0《剖析詐騙內幕》論壇 2025/6/10 https://www.accupass.com/event/2505060252006801588340 Workshop: Building a Quiz App with Angular & TypeScript 2025/6/11 https://www.meetup.com/treelevel-io/events/306859952/ 打造中小企業精準抗勒索防護方程式研討會 2025/6/11 https://www.accupass.com/event/2505261049291928593618 數位資產與穩定幣論壇：新法規、新格局、新機遇 2025/6/11 https://www.accupass.com/event/2505080859005008557500 Google Cloud Summit Taipei 2025/6/12 https://cloudonair.withgoogle.com/events/summit-taipei-2025 開源授權管理與 .NET/Java 安全程式開發課程 2025/6/12 https://www.accupass.com/event/2412190240311871400665 Masterclass | Warren Redlich - Why All Musk Companies Are AI Native 2025/6/12 https://www.meetup.com/workoptional-ai/events/307932191/ 物聯網智造基地主題式課程－智慧裝置X資安防護：物聯網資安實務全攻略 2025/6/13 https://www.accupass.com/event/2505200140446281638930 sciwork seminar 2025 2025/6/14 https://sciwork.kktix.cc/events/sciworkseminar-202506 WordPress 彩虹小聚 ：開源專案變桌遊：快速體驗《開源星手村》 2025/6/16 https://www.meetup.com/taipei-wordpress/events/308102467/ PrestoCon Day 2025 2025/6/17 https://www.meetup.com/presto-meetup-shanghai/events/308087734/ #137 GenAI Series 2 2025/6/18 https://www.meetup.com/r-user-group-philippines/events/307026465/ Online Workshop 🎨 UX for beginner s2025/6/18 https://www.meetup.com/le-wagon-tokyo-coding-station/events/308078454/ 智能資安解決方案：Elastic AI+ML Security，打破傳統 SIEM 限制 2025/6/18 https://www.accupass.com/event/2504280713232836866920 【AI 防洩密偵測術】ARES PP 線上資安研討會 2025/6/18 https://www.accupass.com/event/2505060949206034400380 識詐風雲：虛擬資產防詐反洗錢課程 2025/6/19 https://www.accupass.com/event/2503170733116092889810 2025 TILO 「人工智慧X資訊安全」研討會 2025/6/20 https://www.accupass.com/event/2505270448471809413622 GitHub Copilot Global Bootcamp | Microsoft Makati 2025/6/20 https://www.meetup.com/microsoftph/events/307172864/ Season of AI Agents: Build the Future with AI 2025/6/21 https://www.meetup.com/cloud-experts-group/events/307650330/ Elasticsearch x RAG：從架構到部署，帶你學會 RAG 應用實作流程 2025/6/25 https://www.accupass.com/event/2505210739587773218720 2025 TAICS 論壇 2025/6/25 https://www.accupass.com/event/2505200823402070149514 智慧產學新藍圖—智慧教育 x 產業創新 2025/6/26 https://www.accupass.com/event/2505230743101674621110 ISO資安×隱私×AI 三合一內部稽核員訓練課程 2025/6/26 https://www.accupass.com/event/2504140907521623826500 [On-Line] AWS Global Community Gatherings #8 2025/6/27 https://www.meetup.com/awsglobalcommunitygatherings/events/307414965/ ESG再升級 -- 資訊安全如何撐起企業永續力 2025/6/27 https://www.accupass.com/event/2505230142041886681305 Taiwan Robotics Meetup 六月場 2025/6/27 https://www.meetup.com/taipei-robotics-meetup-group/events/308129341/ 2025年6月-iPAS 資訊安全工程師(中級)能力培訓班 2025/6/28 https://www.accupass.com/event/2504240832428194630570 Startup Teaming (Online) 2025/6/28 https://www.meetup.com/startup-agile-bangkok/events/307437160/ CraftCon Taiwan 2025/7/4 https://www.accupass.com/event/2504040359201021066990 2025 鋼索上管理課：國際資安/工安職人達人交流會 2025/7/6 https://www.accupass.com/event/2505010751034173651060 國際證照：AI人工智慧核心能力 2025/7/6 https://www.accupass.com/event/2503161022177054945860 InfoSec Taiwan 2025 國際資安組織大會 2025/7/9 https://csa.kktix.cc/events/infosectaiwan2025 HITCON Cyber Range 2025 企業藍隊競賽 2025/7/18 https://hitcon.kktix.cc/events/hitcon-cyberrange-2025 台灣駭客年會 HITCON Training 2025 2025/7/23 https://hitcon.kktix.cc/events/hitcon-training-2025 2025年8月-iPAS 資訊安全工程師(初級)能力培訓班-高雄場 2025/8/21 https://www.accupass.com/event/2504240921341381390216 API 安全開發指南：漏洞修復與授權管理實務 2025/9/11-2025/9/12 https://www.accupass.com/event/2501021422337978365160 2025年9月-iPAS 資訊安全工程師(初級)能力培訓班 2025/9/20 https://www.accupass.com/event/2505080338266282560860 ISO 27001:2022 資訊安全管理系統主導稽核員訓練課程 2025/9/22 https://www.accupass.com/event/2505190352351691427965