跳到主要內容

發表文章

資安事件新聞週報 2019/12/2 ~ 2019/12/6

資安事件新聞週報  2019/12/2  ~  2019/12/6

1.重大弱點漏洞/後門/Exploit/Zero Day
MISP 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19379

Linux漏洞將允許駭客挾持VPN連線
https://ithome.com.tw/news/134652

安全預警- 某些華為設備中存在DoS安全漏洞
https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20191204-03-dos-cn

IBM WebSphere eXtreme Scale Admin Console點擊劫持漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4109

IBM DataPower Gateway 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4621

HP Workstation BIOS安全特征问题漏洞
https://support.hp.com/us-en/document/c06318199

可重複的模擬攻擊技術在漏洞管理領域的應用
https://www.chainnews.com/zh-hant/articles/215260357729.htm

索尼再現網站安全漏洞宣布關閉隱患網頁
https://nosec.org/home/detail/3252.html

GoAhead Web 服務器又現關鍵漏洞
https://www.chainnews.com/zh-hant/articles/100479860666.htm

Critical Flaw in GoAhead Web Server Could Affect Wide Range of IoT Devices
https://thehackernews.com/2019/12/goahead-web-server-hacking.html
最近的文章

資安事件新聞週報 2019/11/25 ~ 2019/11/29

資安事件新聞週報  2019/11/25  ~  2019/11/29

1.重大弱點漏洞/後門/Exploit/Zero Day
Google 已發布安全更新以解決多個產品中的弱點
https://chromereleases.googleblog.com/2019/11/stable-channel-update-for-desktop_18.html

CWE公布2019年最危險的25個軟體錯誤
https://www.ithome.com.tw/news/134475

Fortinet 多個產品存在加密金鑰弱點,可能造成中間人成功竊聽或披露機敏資訊
https://fortiguard.com/psirt/FG-IR-18-100

TOP25 漏洞類型 8 年後首次迎來更新
https://www.chainnews.com/zh-hant/articles/142025348603.htm

phpMyAdmin 遠端執行任意程式碼漏洞
https://www.phpmyadmin.net/security/PMASA-2019-5/

Red Hat JBoss Enterprise Application Platform 多個漏洞
https://www.auscert.org.au/bulletins/ESB-2019.4484/

部份Fortinet產品加密金鑰漏洞,可讓駭客竊聽用戶活動
https://ithome.com.tw/news/134415

一加公佈個人信息安全漏洞並向受影響客戶致歉
https://www.cnbeta.com/articles/tech/913985.htm

TP-Link TL-WR841N 遠端執行程式碼漏洞
https://www.zerodayinitiative.com/advisories/ZDI-19-992/

ClamAV CVE-2013-7088
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7088

ClamAV CVE-2013-7087
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7087

資安事件新聞週報 2019/11/18 ~ 2019/11/22

資安事件新聞週報  2019/11/18  ~  2019/11/22

1.重大弱點漏洞/後門/Exploit/Zero Day
中彈!高通晶片有漏洞 手機個資不保
https://www.chinatimes.com/realtimenews/20191118003422-260410?chdtv

透過智慧門鈴就可攻擊整個房子聯網設備!Amazon 已修補Ring Video Doorbell Pro 漏洞
https://blog.trendmicro.com.tw/?p=62657

Grin核心開發者解析Mimblewimble「漏洞」:非根本性缺陷,Grin很安全
https://news.knowing.asia/news/0cc8c2e7-222c-40e0-a7c8-5c010ede7023

Grin 隱私模型漏洞!駭客每週花費60美元的AWS服務,就能追蹤 96% 金流地址
https://www.blocktempo.com/former-google-engineer-uncovers-96-of-privacy-altcoin-addresses/

Fortinet FortOS 多個漏洞
https://www.hkcert.org/my_url/zh/alert/19111802

Fortinet FortiClient 多個漏洞
https://www.hkcert.org/my_url/zh/alert/19111901

Google動態郵件功能出現XSS漏洞,可讓駭客透過Gmail發動攻擊
https://www.ithome.com.tw/news/134279

IBM WebSphere Application 遠端執行任意程式碼漏洞
https://www.hkcert.org/my_url/zh/alert/19111801

HKCERT 呼籲關注Windows 7、Windows伺服器2008 及 2008 R2 終止支援服務
https://www.hkcert.org/my_url/zh/blog/19112201

引發 BSoD 的BlueKeep漏洞攻擊,造成系統崩潰的原因
https://blog.trendmicro.com.tw/?p=62621

High-Severity Windows UAC Flaw…

資安事件新聞週報 2019/11/11 ~ 2019/11/15

資安事件新聞週報  2019/11/11  ~  2019/11/15

1.重大弱點漏洞/後門/Exploit/Zero Day
開機載入程式Das U-Boot暗藏程式攻擊漏洞
https://ithome.com.tw/news/134091

McAfee antivirus software impacted by code execution vulnerability
https://www.zdnet.com/article/mcafee-antivirus-software-impacted-by-code-execution-vulnerability/#ftag=RSSbaffb68

JVNVU#91935870 Trend Micro Anti-Threat Toolkit (ATTK) における任意のコード実行が可能な脆弱性
https://jvn.jp/vu/JVNVU91935870/

蘋果 macOS 系統內建郵件功能藏重大漏洞!快用一招防堵個資遭外洩
https://3c.ltn.com.tw/news/38577

Apple Mail on macOS leaves parts of encrypted emails in plaintext
https://www.zdnet.com/article/apple-mail-on-macos-leaves-parts-of-encrypted-emails-in-plaintext/#ftag=RSSbaffb68

思科Talos發現LEADTOOLS工具包中存在多個漏洞,可能導致遠程代碼執行
https://www.t00ls.net/articles-53771.html

思科產品遠端執行任意程式碼漏洞
https://tools.cisco.com/security/center/publicationListing.x

Pulse Secure VPN Arbitrary Command Execution
https://packetstormsecurity.com/files/155277/pulse_secure_cmd_exec.rb.txt

資安事件新聞週報 2019/11/4 ~ 2019/11/8

資安事件新聞週報  2019/11/4  ~  2019/11/8

1.重大弱點漏洞/後門/Exploit/Zero Day
BlueKeep漏洞發生第一波大規模攻擊,引發藍色死亡螢幕
https://www.ithome.com.tw/news/133987

First Cyber Attack 'Mass Exploiting' BlueKeep RDP Flaw Spotted in the Wild
https://thehackernews.com/2019/11/bluekeep-rdp-vulnerability.html

Snyk釋出最新JavaScript框架安全性報告,不少熱門框架模組存在XSS漏洞
https://www.ithome.com.tw/news/134029

JavaScriptCore - Type Confusion During Bailout when Reconstructing Arguments Objects
https://www.exploit-db.com/exploits/47590

ZTE 9000E 權限許可和訪問控制問題漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3425

多款D-Link產品遠程代碼執行漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16920

F5 BIG-IP AFM SQL注入漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6658

資安事件新聞週報 2019/10/28 ~ 2019/11/1

資安事件新聞週報  2019/10/28  ~  2019/11/1

1.重大弱點漏洞/後門/Exploit/Zero Day

Symantec antivirus crashes something again. This time Chrome 78 browsers
https://www.zdnet.com/article/symantec-antivirus-crashes-something-again-this-time-chrome-78-browsers/#ftag=RSSbaffb68

VMWare vCenter 伺服器設備資料洩露漏洞
https://www.vmware.com/security/advisories/VMSA-2019-0018.html

MikroTik RouterOS 6.45.6 - DNS Cache Poisoning
https://www.exploit-db.com/exploits/47566

主流虛擬化平臺 QEMU-KVM 被曝存在漏洞,可完全控制宿主機及其虛擬機
https://www.chainnews.com/zh-hant/articles/730633063482.htm

Google Chrome/Microsoft Edge Chromium version 78.0.x error "Aw, Snap! Something went wrong while displaying this webpage." when using Endpoint Protection
https://support.symantec.com/us/en/article.tech256047.html

Where the beep is Reopen Closed Tab in Chrome 78? (and how to get it back)
https://www.zdnet.com/article/where-the-beep-is-reopen-closed-tab-in-chrome-78-and-how-to-get-it-back/#ftag=RSSbaffb68

Samba Releases Security Updates
https://www.samba.org/samba/sec…

11月份資安社群及教育訓練活動分享

OWASP AppSec Day Melbourne  11/1
 https://infosec-conferences.com/events-in-2019/owasp-appsec-day-melbourne/

 Hackfest 2019  11/1 ~ 11/3
 https://infosec-conferences.com/events-in-2019/hackfest-2019/

 行政院資安學院 物聯網資安培訓課程 11/3 ~ 11/30
 https://www.accupass.com/event/1810080517061259295030

  Elite East Coast CISO Summit 11/3~11/5
 https://infosec-conferences.com/events-in-2019/elite-east-coast-ciso-summit/

 Red Hat Forum Taipei 2019  11/5
 https://www.facebook.com/events/1390202967799392/