--- # System prepended metadata title: 資安事件新聞週報 2025/6/9 ~ 2025/6/13 tags: [資安事件新聞週報] --- ###### tags: `資安事件新聞週報` # 資安事件新聞週報 2025/6/9 ~ 2025/6/13 1.重大弱點漏洞/後門/Exploit/Zero Day Palo Alto Networks修補安全瀏覽器、SSL VPN高風險漏洞 https://www.ithome.com.tw/news/169543 思科修補身分服務引擎ISE的驗證繞過漏洞 https://www.ithome.com.tw/news/169401 Cisco Data Center Network Manager https://nvd.nist.gov/vuln/detail/CVE-2025-20163 Cisco Identity Services Engine Software https://nvd.nist.gov/vuln/detail/CVE-2025-20286 VMware NSX存在XSS重要風險弱點 https://www.ithome.com.tw/news/169446 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25738 https://knowledge.broadcom.com/external/article?legacyId=88287 https://knowledge.broadcom.com/external/article/396986 https://nvd.nist.gov/vuln/detail/CVE-2025-22243 VMware Spring cloud Gateway https://nvd.nist.gov/vuln/detail/CVE-2025-41235 Fortinet FortiClientMac https://nvd.nist.gov/vuln/detail/CVE-2025-25251 Fortinet FortiProxy https://nvd.nist.gov/vuln/detail/CVE-2025-22252 研究人員揭露Microsoft 365 Copilot的零點擊AI漏洞 https://www.ithome.com.tw/news/169500 Patch Tuesday不相容部分Windows 11 24H2 PC,微軟罕見以例外更新部署 https://www.ithome.com.tw/news/169494 兩組研究人員公布Salesforce零時差漏洞,涉及SOQL物件查詢注入攻擊、低程式碼平臺組態配置不當 https://www.ithome.com.tw/news/169478 微軟發布6月例行更新,修補已被實際利用的WebDAV零時差漏洞 https://www.ithome.com.tw/news/169471 微軟發佈6月份安全性公告 https://www.ithome.com.tw/news/169471 https://msrc.microsoft.com/update-guide/releaseNote/2025-Jun Microsoft Patches 67 Vulnerabilities Including WEBDAV Zero-Day Exploited in the Wild https://thehackernews.com/2025/06/microsoft-patches-67-vulnerabilities.html Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction https://thehackernews.com/2025/06/zero-click-ai-vulnerability-exposes.html 網路流量解析工具Wireshark存在高風險漏洞 https://www.ithome.com.tw/news/169460 https://nvd.nist.gov/vuln/detail/CVE-2025-5601 IBM Tivoli Monitoring https://nvd.nist.gov/vuln/detail/CVE-2025-3357 IBM QRadar Suite Software https://nvd.nist.gov/vuln/detail/CVE-2025-25022 https://nvd.nist.gov/vuln/detail/CVE-2025-25021 CISA Adds Erlang SSH and Roundcube Flaws to Known Exploited Vulnerabilities Catalog https://thehackernews.com/2025/06/cisa-adds-erlang-ssh-and-roundcube.html Adobe Releases Patch Fixing 254 Vulnerabilities, Closing High-Severity Security Gaps https://thehackernews.com/2025/06/adobe-releases-patch-fixing-254.html Researchers Uncover 20+ Configuration Risks, Including Five CVEs, in Salesforce Industry Cloud https://thehackernews.com/2025/06/researchers-uncover-20-configuration.html ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks https://thehackernews.com/2025/06/connectwise-to-rotate-screenconnect.html 趨勢科技修補影響端點加密、安全管理平臺多項高風險漏洞 https://www.ithome.com.tw/news/169533 Acronis修補資料保護與備份軟體多個漏洞,包括資料外洩與非授權存取的重大漏洞 https://www.ithome.com.tw/news/169526 網路儲存設備Dell PowerScale存在重大漏洞,未經授權攻擊者可存取檔案系統 https://www.ithome.com.tw/news/169496 Insyde H2O UEFI韌體存在資安弱點,攻擊者可用於繞過安全開機 https://www.ithome.com.tw/news/169514 HPE修補備份平臺StoreOnce重大層級的身分驗證繞過漏洞 https://www.ithome.com.tw/news/169491 HPE修補備份平臺StoreOnce重大漏洞 https://www.securityweek.com/hpe-patches-critical-vulnerability-in-storeonce/ Jenkins公布外掛程式的資安弱點,恐被用於繞過內容安全政策機制 https://gbhackers.com/jenkins-gatling-plugin-flaw/ 威聯通修補檔案同步系統Qsync重大漏洞 https://gbhackers.com/multiple-qnap-flaws-2/ Google、Mozilla發布Chrome 137與Firefox 139更新,修補高風險記憶體漏洞 https://www.securityweek.com/chrome-firefox-updates-resolve-high-severity-memory-bugs/ SAP修補NetWeaver重大層級漏洞 https://www.ithome.com.tw/news/169474 Adobe發布6月例行更新,修補254個漏洞創下今年新高 https://thehackernews.com/2025/06/adobe-releases-patch-fixing-254.html Insyde H2O UEFI韌體存在資安弱點,攻擊者可用於憑證注入攻擊 https://kb.cert.org/vuls/id/211341 Ivanti Workspace Control存在寫死金鑰弱點,搭配的SQL資料庫恐曝險 https://www.bleepingcomputer.com/news/security/ivanti-workspace-control-hardcoded-key-flaws-expose-sql-credentials/ Python壓縮檔模組tarfile存在重大資安弱點,恐導致檔案系統遭任意寫入 https://ithome.com.tw/news/169422 2.銀行/金融/保險/證券/金融監理 新聞及資安 駭客組織FIN6假借求職名義從事社交工程攻擊,意圖散布惡意軟體More_eggs https://www.bleepingcomputer.com/news/security/fin6-hackers-pose-as-job-seekers-to-backdoor-recruiters-devices/ 金融科技業者Chime上市首日大漲37% https://www.ithome.com.tw/news/169542 強化交易身分驗證與裝置指紋機制,並建立AI/ML詐欺模型 https://www.ithome.com.tw/news/169489 街口砸4億元買下京城證券 京城銀需認列損失1668萬元 https://reurl.cc/RYN0le 金融業導入CRI工具,KPMG:可有效提升資安治理及合規效率 https://money.udn.com/money/story/5636/8798541 王道銀行遭代辦冒名 金管會示警代辦貸款風險高 https://today.line.me/tw/v2/article/GgLoXnZ 銀行辦事注意!9家銀行停用「1便利服務」,包含台新、台銀、兆豐 https://reurl.cc/Z4mGmM 用自然人憑證開戶變人頭戶!逾10家銀行急喊卡 憑證怎淪「詐騙神器」 https://www.ctee.com.tw/news/20250609701034-430301 3.信用卡/電子支付/行動支付/pay/支付系統/資安 即時網釣手法已經氾濫,AiTM中間人攻擊技術助長此類威脅 https://www.ithome.com.tw/news/169487 2025中國信用卡盜刷網釣即服務百家爭鳴,甚至公然在即時通訊軟體頻道打廣告與教人盜刷 https://www.ithome.com.tw/news/169488 iPhone「嗶」進北捷成真,最快何時開放?Apple Pay、行動支付、電子支付怎麼刷能一次過關 https://reurl.cc/XAzW3E 北捷刷Apple Pay進站有譜 閘門多元支付預計10月建置完成 https://www.cna.com.tw/news/aloc/202506090266.aspx 議員憂淪行動支付孤鳥 悠遊卡洽蘋果公司尋合作 https://www.cna.com.tw/news/ahel/202505230154.aspx 中捷多元支付再升級!新增TWQR乘車碼與國際信用卡感應付款 提升搭乘便利性 https://www.taichung.gov.tw/2985297/post 「1動作」帳戶餘額歸零!LINE Pay詐騙升級,專家公布「5步驟」掏空錢包 https://www.storm.mg/article/11044931 1300萬Line pay用戶注意!1動作「存款被清空」…連資安專家都搖頭,一文拆解人心為何被操控 https://reurl.cc/W0n3WZ 支付平台「台灣里」驚傳倒閉! 商家怒告背信.侵占 https://reurl.cc/7KarqN 4.加密貨幣/數位貨幣/挖礦/區塊鍊/智能合約/WEB3 資安 Stripe將買下嵌入式錢包供應商Privy https://www.ithome.com.tw/news/169516 加密貨幣交易平臺Coinbase即將推出可回饋比特幣的信用卡Coinbase One Card https://www.ithome.com.tw/news/169546 BTCC交易所公布 2025年5月資產儲備證明,資產儲備率達 152% 持續保障 https://reurl.cc/5Kmr3y 追回2億加密幣黑金,詐團最怕的檢察官 合作警察誇:很怕被挖走 https://www.cw.com.tw/article/5135766 美國合眾銀行重啟加密貨幣託管業務 積極研究穩定幣未來潛力 https://news.pchome.com.tw/science/technice/20250612/index-74972037218842338005.html 黃金地位危險!邁睿預警:去中心化+高流動重塑價值載體軌跡 加密貨幣正取代黃金 https://reurl.cc/zqVeOk 金管會納管穩定幣 發行人採許可制 央行建議比照電子支付管理 https://today.line.me/tw/v2/article/8nlZRPk 央行看穩定幣監管 建議比照電子支付 https://money.udn.com/money/story/5613/8798538 5.資安事件新聞 A.病毒木馬 / 殭屍網路 / 勒索軟體 / Adware /APT /後門程式/IOC 開源資安平臺Wazuh重大漏洞遭鎖定,兩個Mirai殭屍網路變種用於攻擊行動 https://www.ithome.com.tw/news/169540 竊資軟體AMOS冒充美國電信業者,針對macOS用戶展開ClickFix網釣攻擊 https://www.ithome.com.tw/news/169490 程式碼共享平臺Paste.ee遭濫用,駭客意圖散布XWorm和AsyncRAT https://hunt.io/blog/pasteee-xworm-asyncrat-infrastructure#XWorm_and_AsyncRat_Indicators_of_Compromise_IOCs 勒索軟體Fog濫用開源滲透測試工具、員工監控軟體Syteca從事攻擊 https://www.bleepingcomputer.com/news/security/fog-ransomware-attack-uses-unusual-mix-of-legitimate-and-open-source-tools/ 惡意軟體Myth Stealer同時鎖定Chrome、Firefox用戶而來,藉由冒牌遊戲網站散布 https://www.ithome.com.tw/news/169501 前勒索軟體Black Basta成員使用Teams和Python指令碼從事攻擊活動 https://thehackernews.com/2025/06/former-black-basta-members-use.html 惡意軟體AsyncRAT透過冒牌Booking.com訂房網站散布 https://www.ithome.com.tw/news/169451 程式碼共享平臺Paste.ee遭濫用,駭客意圖散布XWorm和AsyncRAT https://hunt.io/blog/pasteee-xworm-asyncrat-infrastructure#XWorm_and_AsyncRat_Indicators_of_Compromise_IOCs 以Rust打造的竊資軟體鎖定Chromium瀏覽器而來,企圖竊取敏感資料 https://gbhackers.com/new-rust-developed-infostealer/ 駭客盜用React Native、GlueStack維護團隊帳號,上架惡意NPM套件散布木馬 https://www.ithome.com.tw/news/169448 勒索軟體Qilin利用Fortinet已知漏洞從事攻擊行動 https://www.ithome.com.tw/news/169434 勒索及惡意軟體偽裝成AI工具散布 https://www.ithome.com.tw/news/169407 惡意軟體PathWiper鎖定關鍵基礎設施而來,意圖植入管理工具以便駭客後續作案 https://gbhackers.com/new-pathwiper-malware-targets-critical-infrastructure/ 遊戲玩家、指令碼小子遭鎖定,駭客企圖透過GitHub散布木馬程式Sakura RAT https://www.bleepingcomputer.com/news/security/hacker-targets-other-hackers-and-gamers-with-backdoored-github-code/ 後門程式GlueStack透過惡意NPM套件散布 https://thehackernews.com/2025/06/new-supply-chain-malware-operation-hits.html 程式碼共享平臺Paste.ee遭濫用,駭客意圖散布XWorm和AsyncRAT https://hunt.io/blog/pasteee-xworm-asyncrat-infrastructure#XWorm_and_AsyncRat_Indicators_of_Compromise_IOCs Analysis of the Triple Combo Threat of the Kimsuky Group https://www.genians.co.kr/en/blog/threat_intelligence/triple-combo New PathWiper Data Wiper Malware Disrupts Ukrainian Critical Infrastructure in 2025 Attack https://thehackernews.com/2025/06/new-pathwiper-data-wiper-malware.html Researchers Detail Bitter APT's Evolving Tactics as Its Geographic Scope Expands https://thehackernews.com/2025/06/bitter-hacker-group-expands-cyber.html New Supply Chain Malware Operation Hits npm and PyPI Ecosystems, Targeting Millions Globally https://thehackernews.com/2025/06/new-supply-chain-malware-operation-hits.html Malicious Browser Extensions Infect Over 700 Users Across Latin America Since Early 2025 https://thehackernews.com/2025/06/malicious-browser-extensions-infect-722.html Two Distinct Botnets Exploit Wazuh Server Vulnerability to Launch Mirai-Based Attacks https://thehackernews.com/2025/06/botnet-wazuh-server-vulnerability.html B.行動安全 / iPhone / Android /穿戴裝置 /App / 5G / 即時通訊 New Atomic macOS Stealer Campaign Exploits ClickFix to Target Apple Users https://thehackernews.com/2025/06/new-atomic-macos-stealer-campaign.html 蘋果iOS零點擊漏洞遭到濫用,間諜軟體Graphite鎖定記者而來 https://www.bleepingcomputer.com/news/security/graphite-spyware-used-in-apple-ios-zero-click-attacks-on-journalists/ Meta、Yandex被揭露監聽Android本機通訊埠,橋接瀏覽器與App身分進行追蹤,引發資安疑慮 https://www.ithome.com.tw/news/169394 逾20款惡意App上架Google Play市集,意圖加密貨幣錢包的竊取通關密語 https://hackread.com/malicious-apps-google-play-users-for-seed-phrases/ 中國資助的駭客利用iMessage零點擊漏洞Nickname,攻擊歐美重要人物 https://www.ithome.com.tw/news/169423 Android 16正式發布 先提供Pixel手機 https://www.ithome.com.tw/news/169493 Apple整合開發環境Xcode 26導入AI助理,增強自動化開發與多平臺支援 https://www.ithome.com.tw/news/169473 C.事件 / 駭客 / DDOS / APT / 雲端/ 暗網/ 徵才 / 國際資安事件 / 資安人力 迪士尼跟環球影業聯手控告AI新創Midjourney侵權 https://www.ithome.com.tw/news/169505 Google Cloud當機波及Cloudflare等客戶 https://www.ithome.com.tw/news/169541 新型供應鏈惡意軟體攻擊鎖定 npm 與 PyPI 生態,影響全球數百萬用戶 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11939 健康食品批發龍頭United Natural Foods遭網路攻擊,出貨受影響 https://www.ithome.com.tw/news/169469 中國駭客鎖定資安業者SentinelOne而來,意圖對用戶從事供應鏈攻擊 https://www.ithome.com.tw/news/169453 中國駭客Earth Lamia鎖定SQL Server、NetWeaver等應用系統而來,利用已知漏洞入侵受害組織 https://www.ithome.com.tw/news/169419 針對駭客兜售內部資料的情況,聯鈞光電發布資安重訊說明,指出在著手強化防禦過程再度遭到攻擊 https://mopsov.twse.com.tw/mops/web/ajax_t05sr01_1?firstin=true&stp=1&step=1&SEQ_NO=1&SPOKE_TIME=122607&SPOKE_DATE=20250609&COMPANY_ID=3450 歐洲刑警組織帶頭從事執法行動Operation Secure,撤下逾2萬個用於竊資軟體攻擊的IP位址 https://securityaffairs.com/178898/cyber-crime/operation-secure-interpol-dismantles-20000-malicious-ips-in-major-cybercrime-crackdown.html 中國駭客集團發動「ShadowPad」與「PurpleHaze」雙重攻擊,資安商成目標 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11941 韓國電子商務平臺Yes24遭勒索軟體攻擊 https://www.ithome.com.tw/news/169528 Apache Tomcat遭到大規模攻擊,400個IP位址對其暴力破解、登入嘗試 https://www.ithome.com.tw/news/169498 295 Malicious IPs Launch Coordinated Brute-Force Attacks on Apache Tomcat Manager https://thehackernews.com/2025/06/295-malicious-ips-launch-coordinated.html Former Black Basta Members Use Microsoft Teams and Python Scripts in 2025 Attacks https://thehackernews.com/2025/06/former-black-basta-members-use.html OpenAI Bans ChatGPT Accounts Used by Russian, Iranian, and Chinese Hacker Groups https://thehackernews.com/2025/06/openai-bans-chatgpt-accounts-used-by.html Rare Werewolf APT Uses Legitimate Software in Attacks on Hundreds of Russian Enterprises https://thehackernews.com/2025/06/rare-werewolf-apt-uses-legitimate.html Over 70 Organizations Across Multiple Sectors Targeted by China-Linked Cyber Espionage Group https://thehackernews.com/2025/06/over-70-organizations-across-multiple.html D.資料外洩/個資法/GDPR/網路詐騙/網路釣魚/盜刷/假新聞/網路霸凌/帳號安全 中國驚傳大規模資料外洩,40億筆民眾個資在網際網路裸奔一天 https://www.ithome.com.tw/news/169435 以Rust打造的竊資軟體鎖定Chromium瀏覽器而來,企圖竊取敏感資料 https://gbhackers.com/new-rust-developed-infostealer/ 北韓駭客Kinsuky同時藉由臉書、電子郵件、Telegram從事網釣攻擊 https://gbhackers.com/kimsuky-strikes/ 應用程式建置服務Passion.io資料庫未受保護,360萬開發者資料恐曝險 https://hackread.com/unsecured-database-exposes-passion-io-creators-data/?web_view=true MCP伺服器近8%為惡意用途,逾1.7萬個GitHub儲存庫曝險 https://blog.virustotal.com/2025/06/what-17845-github-repos-taught-us-about.html Google用戶的電話號碼驚傳可被暴力破解 https://www.ithome.com.tw/news/169449 逾8萬微軟Entra ID帳號遭密碼潑灑攻擊 https://www.bleepingcomputer.com/news/security/password-spraying-attacks-target-80-000-microsoft-entra-id-accounts/ Over 80,000 Microsoft Entra ID Accounts Targeted Using Open-Source TeamFiltration Tool https://thehackernews.com/2025/06/over-80000-microsoft-entra-id-accounts.html Researcher Found Flaw to Discover Phone Numbers Linked to Any Google Account https://thehackernews.com/2025/06/researcher-found-flaw-to-discover-phone.html Microsoft Helps CBI Dismantle Indian Call Centers Behind Japanese Tech Support Scam https://thehackernews.com/2025/06/microsoft-helps-cbi-dismantle-indian.html Popular Chrome Extensions Leak API Keys, User Data via HTTP and Hard-Coded Credentials https://thehackernews.com/2025/06/popular-chrome-extensions-leak-api-keys.html E.研究報告/工具 AI 重新定義雲端資安:從實際案例看主動防禦新戰略 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11933 AI審核機制可被繞過!研究人員揭露TokenBreak攻擊手法,透過更動單一字元達到目的 https://thehackernews.com/2025/06/new-tokenbreak-attack-bypasses-ai.html 73% 企業曾因不明或未受管理的資產而發生資安事件 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11931 Why DNS Security Is Your First Defense Against Cyber Attacks https://thehackernews.com/2025/06/why-dns-security-is-your-first-defense.html Empower Users and Protect Against GenAI Data Loss https://thehackernews.com/2025/06/empower-users-and-protect-against-genai.html Think Your IdP or CASB Covers Shadow IT? These 5 Risks Prove Otherwise https://thehackernews.com/2025/06/think-your-idp-or-casb-covers-shadow-it.html The Hidden Threat in Your Stack: Why Non-Human Identity Management is the Next Cybersecurity Frontier https://thehackernews.com/2025/06/the-hidden-threat-in-your-stack-why-non.html IAM Compliance Audits: How to Improve Outcomes https://thehackernews.com/expert-insights/2025/06/iam-compliance-audits-how-to-improve.html How to Build a Lean Security Model: 5 Lessons from River Island https://thehackernews.com/2025/06/how-to-build-lean-security-model-5.html Non-Human Identities: How to Address the Expanding Security Risk https://thehackernews.com/2025/06/non-human-identities-how-to-address.html F.商業 資安業者Securonix買下威脅情報公司ThreatQuotient https://www.securityweek.com/securonix-acquires-threat-intelligence-firm-threatquotient/ Palsys 宣布正式成為 Citrix 台灣授權代理商 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11930 Google發表Weather Lab互動網站以預測熱帶氣旋 https://www.ithome.com.tw/news/169547 F5買下代理程式型態AI的資安新創Fletch https://www.ithome.com.tw/news/169470 F5 擴大與Red Hat策略合作,加速實現可擴展、安全的企業級 AI 解決方案 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11938 Inside the Mind of the Adversary: Why More Security Leaders Are Selecting AEV https://thehackernews.com/2025/06/inside-mind-of-adversary-why-more.html IBM將於2029年交付史上首個可容錯的大型量子電腦Quantum Starling https://www.ithome.com.tw/news/169476 G.政府 不只數位信任失效,更是顧客信任崩壞 https://www.ithome.com.tw/voice/169538 預計今年7、8月上線!健保署聯手Google打造糖尿病風險預測AI,將於健保快易通App和家醫大平臺亮相 https://www.ithome.com.tw/news/169530 調查局與數位發展部數位產業署簽署防制洗錢及 打擊資恐、資武擴金融情資分享備忘錄 https://www.mjib.gov.tw/news/Details/1/1097 數位發展部不能只是「公部門的數發部」——從中華電信憑證信任危機談起 https://reurl.cc/eMrEG7 數位風獅爺變成搖尾哈巴狗 https://udn.com/news/story/7339/8762466 《資通安全管理法》修正草案的建議 https://voicettank.org/20250609-2/ H.工控系統/ICS/SCADA/IOT/物聯網/車聯網/電動車/人工智慧/AI/ML/人臉辨識/醫療 相關資安 3.5萬套太陽能發電系統暴露於網路成駭客攻擊目標 https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=11940 D-Link DCS-5020L https://nvd.nist.gov/vuln/detail/CVE-2025-5215 SinoTrack GPS Devices Vulnerable to Remote Vehicle Control via Default Passwords https://thehackernews.com/2025/06/sinotrack-gps-devices-vulnerable-to.html I.教育訓練 資安事件發生必要知道的復原程序,降低傷害 https://www.ithome.com.tw/pr/163614 iPAS資訊安全工程師中級筆記 https://hackmd.io/@Not/iPASInformationSecuritySpecialist iPas資安工程師證照考前研習 https://reurl.cc/GEbA3p iPAS◆資訊安全規劃實務◆中級測驗題庫彙編(123題) https://reurl.cc/orlD1g GCP Associate Cloud Engineer (ACE) 學習心得、教材資源與筆記分享 — 學習天然高可用與零信任設計 https://medium.com/blacksecurity/gcp-associate-cloud-engineer-78f736aee7ad Coursera 盤點 7 項雲端資安認證,高薪跳板都在這了! https://buzzorange.com/techorange/2022/07/12/cloud-security-certificates/ 一般人也能拿到國際資安認證!CSCU安全電腦使用者認證課程 https://www.ithome.com.tw/pr/160954 全球網絡安全勞動力失衡 (ISC)2免費課程及考試填補人才缺口 https://reurl.cc/m39MDj CISSP資安認證的8大領域 https://2formosa.blogspot.com/2022/12/CISSP-topic-domains.html CISSP考試心得 https://reurl.cc/KbY83j CISSP考試心得 – Benson https://reurl.cc/GbWvxd 目標導向-20天光速考過CISSP https://reurl.cc/2Zq6zn CISSP證照考試實戰心得 第一章:初期準備工作 https://netmag.tw/2022/06/17/the-cissp-has-learned-the-first-chapter-in-actual-combat CISSP證照考試實戰心得 第二章:規律且有紀律的讀書策略 https://netmag.tw/2022/07/01/the-cissp-is-in-the-field-of-combat-chapter-two-regular-and-disciplined-reading-strategies CISSP證照考試實戰心得 第三章:終極一戰 https://netmag.tw/2022/07/12/the-cissp-has-learned-a-third-chapter-in-actual-combat-experience-the-ultimate-battle Quick CISSP Infographic for IPSec https://www.studynotesandtheory.com/single-post/quick-cissp-infographic-for-ipsec CSSLP Certification - Security models in F# https://github.com/vbocan/csslp Certified Secure Software Lifecycle Professional in bullet points https://github.com/joeyhage/csslp-notes CPSA(CREST Practitioner Security Analyst) 資安分析師考試心得 https://tech-blog.cymetrics.io/posts/huli/crest-cpsa-prepare/ EC-Council CEH v11 考試心得、改版資訊以及準備方向 2021、2022 https://reurl.cc/1oyEM8 CEH v11 考試心得與準備方式 https://blog.sean.taipei/2022/01/ceh CEH https://github.com/a3cipher/CEH CodeRed by EC-Council https://github.com/codered-by-ec-council EC-Council CEH Practical / Master 準備心得 — 讓理論與實作相輔相成的學習 https://medium.com/blacksecurity/ceh-practical-master-3e80cac180a2 EC-Council CEHP考試準備心得 https://hackmd.io/@9dCJrgb6QHGd8dRfgHO0zg/r14xNn1po My ceh practical notes https://github.com/dhabaleshwar/CEHPractical/blob/main/Everything%20You%20Need.md CEHP課程筆記 https://hackmd.io/@nfu-johnny/B1Ju_BMPR ECSA v10 考試心得與讀書資料分享/ ECSA v10 Review and Study Materials https://medium.com/blacksecurity/ecsa-v10-1ec76c0eb7d4 EC-Council ECSA資安分析專家 v10 考試心得分享 https://javaxtalk.blogspot.com/2019/05/ec-council-ecsa-v10.html 20180817 EC-Council ECSA v10 PASS https://www.ptt.cc/bbs/License/M.1534571704.A.5BA.html 關於EC-Council CPENT和LPT Master滲透測試證照準備方式及心得分享 https://medium.com/@ChadSecurity/%E9%97%9C%E6%96%BCec-council-cpent%E5%92%8Clpt-master%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6%E8%AD%89%E7%85%A7%E6%BA%96%E5%82%99%E6%96%B9%E5%BC%8F%E5%8F%8A%E5%BF%83%E5%BE%97%E5%88%86%E4%BA%AB-efb63de00a8d 深度解析 CPENT 考試心得、以及與 OSCP 的比較 https://reurl.cc/41eL8v EC-Council CPENT v1 滲透測試認證 – 內容及心得分享 https://hackercat.org/pentesting/ec-council-cpent-v1-experience-review CPENT 從暴力到破解 https://hackmd.io/@3WAsoRFgSlyy7pm10p60kg/ByO0zs295 Ec-Council CPENT心得 - 資安菜鳥從CEH到LPT Master https://4hsienyang.medium.com/cpent-lpt-master-ccaebf2dbc7f CPENT考試心得分享:一次拿到 LPT 滲透測試大師認證 https://ucom.uuu.com.tw/web/Testimony/Article/4404 kaizensecurity/CPENT https://github.com/kaizensecurity/CPENT/tree/master CPENT : Pentesting like NO OTHERS ! https://www.linkedin.com/pulse/cpent-pentesting-like-others-belly-rachdianto/ Journey of My CPENT Exam https://medium.com/techiepedia/journey-of-my-cpent-exam-3a5d7ee6d917 [備考心得]CompTIA Security+ (SY0–601) 上篇 https://reurl.cc/M053DK [備考心得]CompTIA Security+ (SY0–601) 下篇 https://reurl.cc/M053Gv comptia-security-plus https://github.com/ajfuto/comptia-security-plus security-plus https://github.com/fjavierm/security-plus CompTIA Security+ Certification Practice Test Questions https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#google_vignette 不只是工程師才要懂的 App 資訊安全:取得資安檢測合格證書血淚史(iT邦幫忙鐵人賽系列書) https://news.pchome.com.tw/living/books/20220202/index-64375841669874292009.html App防駭學,資安防護實戰課程全面提升安全觀念 https://www.ithome.com.tw/pr/161505 OSEP (Evasion Techniques and Breaching Defenses (PEN-300) 心得分享 https://hackmd.io/@henry-ko/HyQ56e8eF OSEP (Evasion Techniques and Breaching Defenses (PEN-300) http://github.com/In3x0rabl3/OSEP OSCP(Offensive Security Certified Professional) https://github.com/0x584A/oscp-notes/tree/master ISACA Certified Information Systems Auditor® (CISA) 國際電腦稽核師認證準備歷程心得、申請流程分享- 2023年 https://reurl.cc/aVLoX9 Learn NIST Inside Out With 21 Hours of Training @ 86% OFF https://thehackernews.com/2022/06/learn-nist-inside-out-with-21-hours-of.html 駭客與國家: 網路攻擊與地緣政治新常態 The hacker and the state: cyber attacks and the new normal of geopolitic https://reurl.cc/D3nKKj Practical Network Penetration Tester (PNPT) Certification Review https://tmc222.medium.com/practical-network-penetration-tester-pnpt-certification-review-4280e4e164df WUSON常用的基本詞彙 https://choson.lifenet.com.tw/?p=1958 證照仍是學習資安基本功的主要管道,有專家打造「資安證照地圖」 https://www.ithome.com.tw/news/156754 用證照證明自己實力之餘,更應將證照視為督促學習的最大動力 https://www.ithome.com.tw/news/156756 打破證照誤解與迷思,資安專家帶你釐清資安證照的意義 https://www.ithome.com.tw/news/156755 Accelerate Your Career with the Global Leader in Cyber Security Training https://www.sans.org/mlp/promo-partnership-hacker-news/ 【成大資安社社課】資安禁術 - 逆向工程地獄試煉 https://www.youtube.com/watch?v=4Yc3-9CjG6U 透過實務演練,教你建立實作標準的安全SOP流程 https://www.ithome.com.tw/pr/163514 6.近期資安活動及研討會 sciwork seminar 2025 2025/6/14 https://sciwork.kktix.cc/events/sciworkseminar-202506 WordPress 彩虹小聚 :開源專案變桌遊:快速體驗《開源星手村》 2025/6/16 https://www.meetup.com/taipei-wordpress/events/308102467/ PrestoCon Day 2025 2025/6/17 https://www.meetup.com/presto-meetup-shanghai/events/308087734/ #137 GenAI Series 2 2025/6/18 https://www.meetup.com/r-user-group-philippines/events/307026465/ Online Workshop 🎨 UX for beginner s2025/6/18 https://www.meetup.com/le-wagon-tokyo-coding-station/events/308078454/ 智能資安解決方案:Elastic AI+ML Security,打破傳統 SIEM 限制 2025/6/18 https://www.accupass.com/event/2504280713232836866920 【AI 防洩密偵測術】ARES PP 線上資安研討會 2025/6/18 https://www.accupass.com/event/2505060949206034400380 識詐風雲:虛擬資產防詐反洗錢課程 2025/6/19 https://www.accupass.com/event/2503170733116092889810 2025 TILO 「人工智慧X資訊安全」研討會 2025/6/20 https://www.accupass.com/event/2505270448471809413622 GitHub Copilot Global Bootcamp | Microsoft Makati 2025/6/20 https://www.meetup.com/microsoftph/events/307172864/ Season of AI Agents: Build the Future with AI 2025/6/21 https://www.meetup.com/cloud-experts-group/events/307650330/ Elasticsearch x RAG:從架構到部署,帶你學會 RAG 應用實作流程 2025/6/25 https://www.accupass.com/event/2505210739587773218720 2025 TAICS 論壇 2025/6/25 https://www.accupass.com/event/2505200823402070149514 智慧產學新藍圖—智慧教育 x 產業創新 2025/6/26 https://www.accupass.com/event/2505230743101674621110 ISO資安×隱私×AI 三合一內部稽核員訓練課程 2025/6/26 https://www.accupass.com/event/2504140907521623826500 [On-Line] AWS Global Community Gatherings #8 2025/6/27 https://www.meetup.com/awsglobalcommunitygatherings/events/307414965/ ESG再升級 -- 資訊安全如何撐起企業永續力 2025/6/27 https://www.accupass.com/event/2505230142041886681305 Taiwan Robotics Meetup 六月場 2025/6/27 https://www.meetup.com/taipei-robotics-meetup-group/events/308129341/ 2025年6月-iPAS 資訊安全工程師(中級)能力培訓班 2025/6/28 https://www.accupass.com/event/2504240832428194630570 Startup Teaming (Online) 2025/6/28 https://www.meetup.com/startup-agile-bangkok/events/307437160/ CraftCon Taiwan 2025/7/4 https://www.accupass.com/event/2504040359201021066990 2025 鋼索上管理課:國際資安/工安職人達人交流會 2025/7/6 https://www.accupass.com/event/2505010751034173651060 國際證照:AI人工智慧核心能力 2025/7/6 https://www.accupass.com/event/2503161022177054945860 InfoSec Taiwan 2025 國際資安組織大會 2025/7/9 https://csa.kktix.cc/events/infosectaiwan2025 HITCON Cyber Range 2025 企業藍隊競賽 2025/7/18 https://hitcon.kktix.cc/events/hitcon-cyberrange-2025 台灣駭客年會 HITCON Training 2025 2025/7/23 https://hitcon.kktix.cc/events/hitcon-training-2025 2025年8月-iPAS 資訊安全工程師(初級)能力培訓班-高雄場 2025/8/21 https://www.accupass.com/event/2504240921341381390216 API 安全開發指南:漏洞修復與授權管理實務 2025/9/11-2025/9/12 https://www.accupass.com/event/2501021422337978365160 2025年9月-iPAS 資訊安全工程師(初級)能力培訓班 2025/9/20 https://www.accupass.com/event/2505080338266282560860 ISO 27001:2022 資訊安全管理系統主導稽核員訓練課程 2025/9/22 https://www.accupass.com/event/2505190352351691427965