跳到主要內容

發表文章

資安事件新聞週報 2019/3/11 ~ 2019/3/15

資安事件新聞週報  2019/3/11  ~  2019/3/15

1.重大弱點漏洞

F5 BIG-IP 安全漏洞  CVE-2019-6598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6598

Checkpoint Zonealarm  CVE-2018-8790
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-8790

NetApp Service Processor 遠端執行程式碼漏洞
https://security.netapp.com/advisory/ntap-20190305-0001/

pfSense 2.4.4-p1 (HAProxy Package 0.59_14) - Persistent Cross-Site Scripting
https://www.exploit-db.com/exploits/46538

PRTG Network Monitor 18.2.38 - Authenticated Remote Code Execution
https://www.exploit-db.com/exploits/46527

Sony Playstation 4 (PS4) < 6.20 - WebKit Code Execution (PoC)
https://www.exploit-db.com/exploits/46522

FreeBSD - Intel SYSRET Privilege Escalation (Metasploit)
https://www.exploit-db.com/exploits/46508

QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit)
https://www.exploit-db.com/exploits/46506

IBM DB2 提升權限漏洞
https://www.auscert.org.au/bulletins/77042
最近的文章

資安事件新聞週報 2019/3/4 ~ 2019/3/8

資安事件新聞週報  2019/3/4  ~  2019/3/8

1.重大弱點漏洞

NetApp SnapCenter Server 跨站脚本漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15515

QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit)
https://www.exploit-db.com/exploits/46506

Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit)
https://www.exploit-db.com/exploits/46509

FreeBSD - Intel SYSRET Privilege Escalation (Metasploit)
https://www.exploit-db.com/exploits/46508

部份單位「學生出入校園管理系統」存在資料庫注入攻擊漏洞
https://cert.tanet.edu.tw/images/20190306.jpg

Android TV 隱私出大包 暫停 Google Photos 連動,曝露數百帳號與資料圖片
https://www.kocpc.com.tw/archives/246931

Fortinet 產品FortiOS(5.6.0)等多個漏洞
https://www.auscert.org.au/bulletins/76446
https://www.auscert.org.au/bulletins/76450

Wireshark Radiotap解析器拒絕服務漏洞
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4ac83382dc49f9f7b62bffb3cfc508cdaa1e7be5

IBM WebSphere Application Server 跨站脚本漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4030

Xen 多個漏洞
https://www.au…

2019年3月資安及社群活動分享

Elixir台灣 台北 Meetup # Monday, March 4, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzfbgb/

 Greenhost 如何建立獨立且開放的雲端主機平台?主題二:網路資源及路由管理: IP, AS Number, DNS  3/4
 https://ocftw.kktix.cc/events/greenhost2

 如何推動關鍵基礎設施之醫療及工控系統的資安防護  3/6
 http://www.cisanet.org.tw/Services/express_more?id=2814

 網站弱點評估實務  3/7
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3825&from_course_list_url=homepage

 HackingThursday 固定聚會  March 7, 2019
 https://www.meetup.com/hackingthursday/events/vkhnnqyzfbkb/

 Arduino四軸飛行器開發實作,無人機硬體、無線遙控器、飛控軟體整合、飛行教學,一天學會  3/9
 https://bit.ly/2LdYJ5H

 AI於資訊安全之應用  3/9
 https://hackercollege.nctu.edu.tw/?p=1042

 【補助專班】AI人工智慧應用系列- AIoT智能物聯網開發人才就業養成班[免費諮詢]  3/12
 https://ittraining.kktix.cc/events/aiot-training-2019

資安事件新聞週報 2019/2/25 ~ 2019/3/1

資安事件新聞週報  2019/2/25  ~  2019/3/1

1.重大弱點漏洞

Avast:數位家庭最容易有漏洞的裝置是印表機、網路裝置及監視器
https://ithome.com.tw/news/128997

F5 BIG-IP Access Policy Manager 跨站腳本漏洞  CVE-2019-6595
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6595

MikroTik RouterOS < 6.43.12 (stable) / < 6.42.12 (long-term) - Firewall and NAT
https://www.exploit-db.com/exploits/46444

報告:前十大熱門Docker映像檔都有至少30個以上的漏洞
https://www.ithome.com.tw/news/129018

有攻擊者正利用Chrome的0day漏洞偷取他人信息
https://nosec.org/home/detail/2294.html

Chrome瀏覽器被曝存在漏洞攻擊者可通過PDF收集用戶信息
http://www.sohu.com/a/298175326_114774?sec=wd

Google Chrome zero-day used in the wild to collect user data via PDF files
https://www.zdnet.com/article/google-chrome-zero-day-used-in-the-wild-to-collect-user-data-via-pdf-files/#ftag=RSSbaffb68

Latest WinRAR Flaw Being Exploited in the Wild to Hack Windows Computers
https://bit.ly/2H4ZAWr

研究人員揭露大批Thunderclap安全漏洞,允許惡意周邊裝置竊取記憶體機密資訊
https://www.ithome.com.tw/news/129021

新發現的thunderclap 漏洞允許黑客使用Thunderbolt/USB-C 外設攻擊PC
http://hackernews.cc/archives/24…

資安事件新聞週報 2019/2/18 ~ 2019/2/22

資安事件新聞週報  2019/2/18  ~  2019/2/22

1.重大弱點漏洞

多個廠商IP Camera未授權遠程命令執行漏洞
https://www.seebug.org/vuldb/ssvid-97810

Dell SonicWall SonicOS 安全漏洞  CVE-2018-9867
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9867

VyOS權限提升漏洞  CVE-2018-18556
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18556

WinRAR 被曝存在遺留19年的漏洞,影響全球多達5億用戶
https://www.freebuf.com/news/196281.html

存在 14 年的 WinRAR 安全漏洞終於修復
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=810

WinRAR versions released in the last 19 years impacted by severe security flaw
https://www.zdnet.com/article/winrar-versions-released-in-the-last-19-years-impacted-by-severe-security-flaw/#ftag=RSSbaffb68

Severe vulnerabilities uncovered in popular password managers
https://www.zdnet.com/article/critical-vulnerabilities-uncovered-in-popular-password-managers/#ftag=RSSbaffb68

安全播報:新型POODLE攻擊漏洞,影響TLS 1.2協議
https://wosign.com/news/news_2019021402.htm

D-Link DIR-823G無需驗證重啟漏洞  CVE-2018-17880
http://cve.mitre.org/cgi-bin/cvename.cgi?na…

資安事件新聞週報 2019/2/11 ~ 2019/2/15

資安事件新聞週報  2019/2/11  ~  2019/2/15

1.重大弱點漏洞

Imperva:2018 Web 應用漏洞數量比2017 增加了21%
https://www.codercto.com/a/51263.html

Cisco Network Assurance Engine(NAE) 存在安全性弱點
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190212-nae-dos

The State of Web Application Vulnerabilities in 2018
https://www.imperva.com/blog/the-state-of-web-application-vulnerabilities-in-2018/

Wordpress外掛漏洞讓駭客得以接管網站
https://www.ithome.com.tw/news/128704?fbclid=IwAR3Hc8Fphi-hjS985qUa3FjCqJH6hovv94R1TL7-YwcfJxRYcbV11SUJqo4

用戶投訴美國交友平台OKCupid:系統漏洞致帳號遭攻擊
https://news.sina.com.tw/article/20190211/29990794.html

微軟一口氣推出 77 項產品更新修補程式
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=800

微軟資安中心指出,0Day 攻擊比例日漸上升
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=798

數據揭示Windows漏洞的實際破壞性正在降低
https://news.sina.com.tw/article/20190211/29989630.html

微軟為何推Windows 10強制更新?黑客漏洞攻擊沒活路
https://www.ithome.com/0/408/663.htm

資安事件新聞週報 2/4 ~ 2/8

資安事件新聞週報  2/4  ~  2/8

1.重大弱點漏洞

Marvell Avastar Wi-Fi 多個漏洞
https://www.hkcert.org/my_url/zh/alert/19020802

Zyxel VMG3312-B10B DSL-491HNU-B1B v2 Modem - Cross-Site Request Forgery
https://www.exploit-db.com/exploits/46326

pfSense 2.4.4-p1 - Cross-Site Scripting
https://www.exploit-db.com/exploits/46316

Nessus 8.2.1 - Cross-Site Scripting
https://www.exploit-db.com/exploits/46315

phpMyAdmin 多個漏洞
https://www.hkcert.org/my_url/zh/alert/19020101

廈門航空客服系統任意文件下載漏洞
https://shuimugan.com/bug/view?bug_no=171322

某省出入境便民服务平台存在SQL注射漏洞
https://shuimugan.com/bug/view?bug_no=168827

研究人員發現macOS漏洞:可獲取用戶密碼
https://www.feng.com/iPhone/news/2019-02-07/The-researchers-found-that-the-macOS-to-get-the-user-password_700704.shtml

KeySteal零日漏洞曝光研究者希望蘋果提供macOS除蟲獎勵
https://m.cnbeta.com/view/816023.htm

MacOS 密碼金鑰「Keychain」現保安漏洞 研究員示範偷密碼過程
https://unwire.hk/2019/02/07/macoskeychain/tech-secure/