資安事件新聞週報 2025/6/23 ~ 2025/6/27

###### tags: `資安事件新聞週報` # 資安事件新聞週報 2025/6/23 ~ 2025/6/27 1.重大弱點漏洞/後門/Exploit/Zero Day Citrix修補NetScaler重大層級的記憶體溢位漏洞，並指出已有遭到利用的情況 https://www.ithome.com.tw/news/169755 研究人員針對Citrix重大漏洞CVE-2025-5777提出警告，指出嚴重程度堪比Citrix Bleed https://www.ithome.com.tw/news/169735 Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC https://thehackernews.com/2025/06/citrix-releases-emergency-patches-for.html Critical Open VSX Registry Flaw Exposes Millions of Developers to Supply Chain Attacks https://thehackernews.com/2025/06/critical-open-vsx-registry-flaw-exposes.html 思科揭露兩項網路存取控制平臺ISE滿分資安漏洞 https://www.ithome.com.tw/news/169766 Critical RCE Flaws in Cisco ISE and ISE-PIC Allow Unauthenticated Attackers to Gain Root Access https://thehackernews.com/2025/06/critical-rce-flaws-in-cisco-ise-and-ise.html IBM發布應用程式伺服器WebSphere更新，修補任意程式碼執行漏洞 https://www.ithome.com.tw/news/169768 WinRAR修補高風險漏洞，若不處理恐被用於執行惡意程式碼 https://www.bleepingcomputer.com/news/security/winrar-patches-bug-letting-malware-launch-from-extracted-archives/ CISA將AMI的BMC韌體滿分漏洞列入KEV https://www.ithome.com.tw/news/169771 CISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet https://thehackernews.com/2025/06/cisa-adds-3-flaws-to-kev-catalog.html nOAuth Vulnerability Still Affects 9% of Microsoft Entra SaaS Apps Two Years After Discovery https://thehackernews.com/2025/06/noauth-vulnerability-still-affects-9-of.html MOVEit Transfer Faces Increased Threats as Scanning Surges and CVE Flaws Are Targeted https://thehackernews.com/2025/06/moveit-transfer-faces-increased-threats.html Mozilla發布Firefox、Thunderbird大改版140，修補高風險記憶體漏洞 https://gbhackers.com/firefox-140-launches-with-critical-code-execution-bug/ Windows版TeamViewer存在高風險漏洞，攻擊者可利用SYSTEM權限刪除檔案 https://gbhackers.com/teamviewer-for-windows-vulnerability/ Amazon EKS存在權限提升漏洞，恐曝露AWS帳密資料 https://gbhackers.com/amazon-eks-flaws-expose-aws-credentials/ Nvidia分散式訓練框架Megatron LM存在高風險漏洞，攻擊者可用於注入惡意程式碼 https://www.ithome.com.tw/news/169739 圖像化分析平臺Kibana存在重大漏洞，恐導致記憶體中斷、遠端執行任意程式碼 https://gbhackers.com/critical-kibana-flaws-enable-heap-corruption/ IBM修補SIEM平臺QRader重大層級漏洞，若不處理攻擊者可用來執行任意命令 https://www.ithome.com.tw/news/169691 IBM修補旗下SIEM平臺QRadar，若不處理攻擊者有機會執行任意命令 https://gbhackers.com/ibm-qradar-siem-bug/ WordPress佈景主題存在能挾持管理員帳號的漏洞，已有攻擊行動出現 https://www.bleepingcomputer.com/news/security/wordpress-motors-theme-flaw-mass-exploited-to-hijack-admin-accounts/ 2.銀行/金融/保險/證券/金融監理新聞及資安伊朗國營銀行遭駭民眾存款歸零？專家警示台灣金融體系嚴防 https://reurl.cc/QY8kY0 伊朗版共同富裕！國營銀行遭重大駭客攻擊客戶存款恐難恢復台灣要小心 https://reurl.cc/lz3jYv 中信銀黃文烈接任策略長中信金資訊安全長吳佑文出任 https://udn.com/news/story/7239/8835982 惡意軟體SuperCard挾持安卓手機，意圖將用戶金融卡資料轉送給駭客 https://cybersecuritynews.com/new-supercard-malware-using-hacked-android-phones/ Cyber Criminals Exploit Open-Source Tools to Compromise Financial Institutions Across Africa https://thehackernews.com/2025/06/cyber-criminals-exploit-open-source.html 安卓惡意軟體GodFather濫用虛擬化機制挾持銀行、加密貨幣App的帳密 https://www.ithome.com.tw/news/169657 Android惡意軟體攻擊金融行動APP，虛擬化技術成新威脅 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11972 美國保險業者Aflac遭駭，疑Scattered Spider駭客組織所為 https://www.ithome.com.tw/news/169675 金融業上雲是未來趨勢！OPSWAT Cloud Storage Security 如何幫助美國知名銀行提升雲端安全 https://www.ithome.com.tw/pr/169704 金融業導入CRI工具，KPMG：可有效提升資安治理及合規效率 https://money.udn.com/money/story/5636/8798541 善用微分段強化金融資安 Illumio 扮演金融產業最佳守護神 https://www.ithome.com.tw/pr/169639 提升交易安全聯卡中心資安加固 https://www.ctee.com.tw/news/20250619700343-439901 聯卡中心資料庫加密驗證完成提升資安維護用戶刷卡安全 https://money.udn.com/money/story/5613/8816070 1000元客家幣7月發放！看懂領取資格、時間、流程加碼先搶先贏 https://udn.com/news/story/7266/8827898 3.信用卡/電子支付/行動支付/pay/支付系統/資安 Mastercard攜手Chainlink，讓35億持卡人可直接購買加密貨幣 https://www.ithome.com.tw/news/169719 高中生破解悠遊卡「刷退變現」爽領數十萬　悠遊卡公司回應了 https://www.ettoday.net/news/20250626/2985598.htm 高中生輕鬆破解悠遊卡獲利數十萬這原因藏交易安全漏洞 https://udn.com/news/story/7266/8833676 電支使用率衝破8成　行動支付筆數遠高全球 https://www.cardu.com.tw/news/detail.php?57511 台灣行動支付首家！ LINE Pay與韓國觀光公社釜山觀光公社簽署MOU https://reurl.cc/knGjMG 三總攜手合庫導入數位自助繳費機電子支付便捷上線 https://news.pchome.com.tw/politics/mna/20250627/index-75099080061404230001.html 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安央行看穩定幣監管建議比照電子支付 https://money.udn.com/money/story/5613/8798538 Researchers Find Way to Shut Down Cryptominer Campaigns Using Bad Shares and XMRogue https://thehackernews.com/2025/06/researchers-find-way-to-shut-down.html 臺灣加密貨幣交易所幣託傳出5月遭遇攻擊事故，攻擊者身分是北韓駭客Lazarus https://www.ithome.com.tw/news/169681 加密貨幣價格追蹤網站CoinMarketCap遭駭，攻擊者藉由彈出式視窗榨乾用戶錢包 https://www.bleepingcomputer.com/news/security/coinmarketcap-briefly-hacked-to-drain-crypto-wallets-via-fake-web3-popup/ 專門「交易未來」的金融新創Kalshi創下20億美元估值 https://www.ithome.com.tw/news/169741 美國開始評估以加密貨幣作為借貸抵押資產 https://www.ithome.com.tw/news/169738 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 勒索軟體Dire Wolf鎖定科技業、製造業而來，攻擊範圍涵蓋臺灣等11個國家 https://www.ithome.com.tw/news/169740 惡意軟體Umbrella Stand、Shoe Rack鎖定Fortinet防火牆而來 https://www.ithome.com.tw/news/169714 惡意軟體Umbrella Stand鎖定Fortinet防火牆而來 https://gbhackers.com/ncsc-issues-alert-on-umbrella-stand-malware/ 巴黎迪士尼樂園傳出遭到勒索軟體Anubis攻擊 https://www.ithome.com.tw/news/169699 GitHub出現67個木馬專案，Banana Squad攻擊軟體供應鏈竊取開發者資料 https://www.ithome.com.tw/news/169686 殭屍網路Androxgh0st擴大勢力範圍，鎖定美國大學伺服器下手 https://hackread.com/androxgh0st-botnet-expand-exploit-us-university-servers/ 流量導向系統HelloTDS散布假圖靈驗證程式，感染數百萬裝置 https://www.ithome.com.tw/news/169577 惡意軟體Xdigo橫行，利用LNK漏洞攻擊東歐政府機關 https://thehackernews.com/2025/06/xdigo-malware-exploits-windows-lnk-flaw.html OneClik Malware Targets Energy Sector Using Microsoft ClickOnce and Golang Backdoors https://thehackernews.com/2025/06/oneclik-malware-targets-energy-sector.html Chinese Group Silver Fox Uses Fake Websites to Deliver Sainbox RAT and Hidden Rootkit https://thehackernews.com/2025/06/chinese-group-silver-fox-uses-fake.html 勒索軟體Qilin提供加盟主法律咨詢服務，意圖向受害組織施加更多壓力 https://www.ithome.com.tw/news/169710 勒索軟體Qilin加入打電話給律師的功能，意圖向受害組織施加更多壓力 https://thehackernews.com/2025/06/qilin-ransomware-adds-call-lawyer.html Qilin Ransomware Adds "Call Lawyer" Feature to Pressure Victims for Larger Ransoms https://thehackernews.com/2025/06/qilin-ransomware-adds-call-lawyer.html SonicWall警告駭客散布木馬化的SSL VPN用戶端程式，用戶帳號恐遭挾持 https://www.bleepingcomputer.com/news/security/sonicwall-warns-of-trojanized-netextender-stealing-vpn-logins/ SonicWall NetExtender Trojan and ConnectWise Exploits Used in Remote Access Attacks https://thehackernews.com/2025/06/sonicwall-netextender-trojan-and.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊美國國會禁止公家裝置安裝WhatsApp https://www.ithome.com.tw/news/169694 Swift程式語言將Android納入官方支援平臺 https://www.ithome.com.tw/news/169769 U.S. House Bans WhatsApp on Official Devices Over Security and Data Protection Issues https://thehackernews.com/2025/06/us-house-bans-whatsapp-on-official.html WhatsApp Adds AI-Powered Message Summaries for Faster Chat Previews https://thehackernews.com/2025/06/whatsapp-adds-ai-powered-message.html C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力大規模DDoS攻擊鎖定主機代管業者而來，7.3 Tbps流量轟炸45秒 https://www.ithome.com.tw/news/169668 科技業者熒茂光學遭遇檔案加密攻擊 https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=175439&SPOKE_DATE=20250623&COMPANY_ID=4729 飲料製造商黑松內部郵件通訊錄遭竊 https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=141531&SPOKE_DATE=20250625&COMPANY_ID=1234 加拿大電信業者傳出遭受中國駭客Salt Typhoon攻擊 https://www.ithome.com.tw/news/169688 伊朗駭客傳出對美國網路環境發動攻擊，美國介入以色列與伊朗衝突疑為導火線 https://thehackernews.com/2025/06/dhs-warns-pro-iranian-hackers-likely-to.html 中國駭客Silver Fox假借提供醫療照護軟體，針對公共設施而來 https://gbhackers.com/silver-fox-apt-uses-weaponized-medical-software/ 北韓駭客組織Kimsuky濫用GitHub、Dropbox服務，對韓國發動APT攻擊 https://www.ithome.com.tw/news/169695 北韓駭客假借徵才名義散布惡意NPM套件 https://gbhackers.com/north-korean-hackers-pose-as-recruiters-target-developers/ Iranian Educated Manticore Targets Leading Tech Academics https://research.checkpoint.com/2025/iranian-educated-manticore-targets-leading-tech-academics/ New FileFix Method Emerges as a Threat Following 517% Rise in ClickFix Attacks https://thehackernews.com/2025/06/new-filefix-method-emerges-as-threat.html Iranian APT35 Hackers Targeting Israeli Tech Experts with AI-Powered Phishing Attacks https://thehackernews.com/2025/06/iranian-apt35-hackers-targeting-israeli.html North Korea-linked Supply Chain Attack Targets Developers with 35 Malicious npm Packages https://thehackernews.com/2025/06/north-korea-linked-supply-chain-attack.html APT28利用即時通訊軟體Signal散布惡意軟體，針對烏克蘭政府機關而來 https://www.bleepingcomputer.com/news/security/apt28-hackers-use-signal-chats-to-launch-new-malware-attacks-on-ukraine/ APT28 Uses Signal Chat to Deploy BEARDSHELL Malware and COVENANT in Ukraine https://thehackernews.com/2025/06/apt28-uses-signal-chat-to-deploy.html China-linked Salt Typhoon Exploits Critical Cisco Vulnerability to Target Canadian Telecom https://thehackernews.com/2025/06/china-linked-salt-typhoon-exploits.html Echo Chamber Jailbreak Tricks LLMs Like OpenAI and Google into Generating Harmful Content https://thehackernews.com/2025/06/echo-chamber-jailbreak-tricks-llms-like.html Pro-Iranian Hacktivist Group Leaks Personal Records from the 2024 Saudi Games https://thehackernews.com/2025/06/pro-iranian-hacktivist-group-leaks.html 濫用組態不當的Docker API挖礦再度出現，這次駭客透過洋蔥網路得逞 https://thehackernews.com/2025/06/hackers-exploit-misconfigured-docker.html Hackers Exploit Misconfigured Docker APIs to Mine Cryptocurrency via Tor Network https://thehackernews.com/2025/06/hackers-exploit-misconfigured-docker.html Google Adds Multi-Layered Defenses to Secure GenAI from Prompt Injection Attacks https://thehackernews.com/2025/06/google-adds-multi-layered-defenses-to.html Scattered Spider Behind Cyberattacks on M&S and Co-op, Causing Up to $592M in Damages https://thehackernews.com/2025/06/scattered-spider-behind-cyberattacks-on.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全求職信網釣鎖定財務長與金融高層而來，駭客企圖植入遠端存取工具Netbird控制受害電腦 https://www.ithome.com.tw/news/169385 應用程式專用密碼遭到濫用！俄羅斯駭客藉此挾持Gmail帳號 https://www.ithome.com.tw/news/169675 研究人員揭露新型態網釣手法FileFix，攻擊者濫用檔案上傳視窗執行惡意指令 https://www.ithome.com.tw/news/169733 研究人員揭露新型態網釣手法FileFix https://www.bleepingcomputer.com/news/security/filefix-attack-weaponizes-windows-file-explorer-for-stealthy-powershell-commands/ 逾70臺Exchange Server遭鎖定，駭客企圖挖掘帳密資料 https://thehackernews.com/2025/06/hackers-target-65-microsoft-exchange.html 研究人員揭露160億筆帳密資料外洩，疑透過竊資軟體收集、拼湊而成 https://www.ithome.com.tw/news/169666 巴基斯坦駭客Transparent Tribe針對印度國防部從事網釣 https://gbhackers.com/apt36-hackers-target-indian-defense-personnel/ 遠端存取工具ScreenConnect遭濫用，駭客用於驗證碼填充攻擊 https://www.bleepingcomputer.com/news/security/hackers-turn-screenconnect-into-malware-using-authenticode-stuffing/ Minecraft遊戲玩家遭到鎖定，駭客假借提供修改工具竊取帳密資料 https://www.ithome.com.tw/news/169665 惡意軟體Mocha Manakin透過Click網釣散布，目的是於受害電腦部署NodelnitRAT https://hackread.com/mocha-manakin-malware-nodeinitrat-via-clickfix-attack/ New U.S. Visa Rule Requires Applicants to Set Social Media Account Privacy to Public https://thehackernews.com/2025/06/new-us-visa-rule-requires-applicants-to.html E.研究報告/工具 How AI-Enabled Workflow Automation Can Help SOCs Reduce Burnout https://thehackernews.com/2025/06/how-ai-enabled-workflow-automation-can.html 6 Steps to 24/7 In-House SOC Success https://thehackernews.com/2025/06/6-steps-to-247-in-house-soc-success.html Beware the Hidden Risk in Your Entra Environment https://thehackernews.com/2025/06/beware-hidden-risk-in-your-entra.html The Hidden Risks of SaaS: Why Built-In Protections Aren't Enough for Modern Data Resilience https://thehackernews.com/2025/06/the-hidden-risks-of-saas-why-built-in.html F.商業臺灣第一個以企業科技品牌名稱加入FIRST，華碩電腦ASUS打造資安新里程碑，一趟務實的資安國際之旅 https://www.ithome.com.tw/news/169767 蔡祈岩：不只培訓AI人才，臺灣要善用開源創造國際影響力 https://www.ithome.com.tw/news/169758 VCF大改版從5.2直接跳到9.0，從多產品套裝變成通管VM和容器的單一平臺 https://www.ithome.com.tw/news/169763 不只瞄準GAI流程和資料整合需求，SAP更大揭各產品線AI發展藍圖 https://www.ithome.com.tw/news/169716 Meta也贏得以版權內容訓練AI的官司，但法官澄清是控方論點太薄弱 https://www.ithome.com.tw/news/169737 65% 企業過去一年內曾遭雲端安全事件，僅6% 即時補救 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11970 VPN模式變動帶動企業架構調整 Array ZTAG系列助力穩定連線 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11969 釋放AI潛力：在成長中兼顧資安防護 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11965 以色列資安業者Cellebrite買下Arm架構虛擬化技術開發商Corellium https://www.ithome.com.tw/news/169405 Google開源命令列AI工具Gemini CLI https://www.ithome.com.tw/news/169736 Between Buzz and Reality: The CTEM Conversation We All Need https://thehackernews.com/2025/06/between-buzz-and-reality-ctem.html 微軟新增Windows 10用戶兩種取得延伸安全更新的方案、開放企業訂閱 https://www.ithome.com.tw/news/169709 Microsoft Extends Windows 10 Security Updates for One Year with New Enrollment Options https://thehackernews.com/2025/06/microsoft-extends-windows-10-security.html Business Case for Agentic AI SOC Analysts https://thehackernews.com/2025/06/business-case-for-agentic-ai-soc.html 臺灣人工智慧實驗室推出FedGPT AgentTeam平臺產品，瞄準RAG、微調和自建工作流程3大功能 https://www.ithome.com.tw/news/169724 Waymo與Uber合作於亞特蘭大推出無人駕駛計程車服務 https://www.ithome.com.tw/news/169717 G.政府資安署25年5月資安月報：情資蒐整量暴增 HiNet冒名釣魚攻擊現蹤 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11974 國網中心新AI超級電腦Nano 5助攻，加速半導體研發、AI產業發展 https://www.ithome.com.tw/news/169720 行政院召開今年度生技產業策略諮議委員會預備會議，鎖定AI賦能、精準健康等6大議題 https://www.ithome.com.tw/news/169725 擴大衛星應用落地，數發部開放衛星行動通信頻譜申請 https://www.ithome.com.tw/news/169693 H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療相關資安 Iran's State TV Hijacked Mid-Broadcast Amid Geopolitical Tensions; $90M Stolen in Crypto Heist https://thehackernews.com/2025/06/irans-state-tv-hijacked-mid-broadcast.html 中國駭客透過ORB網路LapDogs發動網攻，利用後門程式ShortLeash控制1千多臺連網裝置 https://www.ithome.com.tw/news/169697 「LapDogs」殭屍網路鎖定小型辦公室與家用設備！藉ShortLeash後門進行網路間諜活動 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11973 全球超過四萬台監視攝影機暴露於網路可遭遠端入侵 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11963 I.教育訓練資安事件發生必要知道的復原程序，降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g EC Council CASE.NET 認證準備 https://coolmandiary.blogspot.com/2025/04/ec-council-casenet.html EC Council CASE.NET(312-95)_筆記_Module1專有名詞及定義 https://coolmandiary.blogspot.com/2021/10/ec-council-casenet312-95module1.html GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證，高薪跳板都在這了！ https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證！CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得第一章：初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得第二章：規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得第三章：終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享：一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全：取得資安檢測合格證書血淚史（iT邦幫忙鐵人賽系列書） https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學，資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP（Offensive Security Certified Professional） https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道，有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘，更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思，資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練，教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 2025年6月-iPAS 資訊安全工程師(中級)能力培訓班 2025/6/28 https://www.accupass.com/event/2504240832428194630570 Startup Teaming (Online) 2025/6/28 https://www.meetup.com/startup-agile-bangkok/events/307437160/ CraftCon Taiwan 2025/7/4 https://www.accupass.com/event/2504040359201021066990 2025 鋼索上管理課：國際資安/工安職人達人交流會 2025/7/6 https://www.accupass.com/event/2505010751034173651060 國際證照：AI人工智慧核心能力 2025/7/6 https://www.accupass.com/event/2503161022177054945860 InfoSec Taiwan 2025 國際資安組織大會 2025/7/9 https://csa.kktix.cc/events/infosectaiwan2025 HITCON Cyber Range 2025 企業藍隊競賽 2025/7/18 https://hitcon.kktix.cc/events/hitcon-cyberrange-2025 台灣駭客年會 HITCON Training 2025 2025/7/23 https://hitcon.kktix.cc/events/hitcon-training-2025 2025年8月-iPAS 資訊安全工程師(初級)能力培訓班-高雄場 2025/8/21 https://www.accupass.com/event/2504240921341381390216 API 安全開發指南：漏洞修復與授權管理實務 2025/9/11-2025/9/12 https://www.accupass.com/event/2501021422337978365160 2025年9月-iPAS 資訊安全工程師(初級)能力培訓班 2025/9/20 https://www.accupass.com/event/2505080338266282560860 ISO 27001:2022 資訊安全管理系統主導稽核員訓練課程 2025/9/22 https://www.accupass.com/event/2505190352351691427965