資安事件新聞週報 2021/10/18 ~ 2021/10/22

 

資安事件新聞週報 2021/10/18  ~  2021/10/22

1.重大弱點漏洞/後門/Exploit/Zero Day
Bug in Popular WinRAR Software Could Let Attackers Hack Your Computer
https://thehackernews.com/2021/10/bug-in-free-winrar-software-could-let.html

Oracle Critical Patch Update Advisory - October 2021
https://reurl.cc/aNevgY

Microsoft Warns of New Security Flaw Affecting Surface Pro 3 Devices
https://thehackernews.com/2021/10/microsoft-warns-of-new-security-flaw.html

微軟要求系統管理員更新 PowerShell,以修補 WDAC 資安防護跳過漏洞
https://reurl.cc/WX0dr9

微軟推出 2021 年 10 月 Patch Tuesday 資安修補包,修復多個嚴重及 0-day
https://reurl.cc/Mk3dDn

OWASP自2017年來首度更新弱點排名Top 10
https://blog.twnic.tw/2021/10/18/20252/

資安事件新聞週報 2021/10/11 ~ 2021/10/15

 


資安事件新聞週報 2021/10/11  ~  2021/10/15

1.重大弱點漏洞/後門/Exploit/Zero Day
Cisco 近日發布更新以解決多個產品的安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/10/07/cisco-releases-security-updates-multiple-products

Micro Focus ArcSight Enterprise Security Manager (ESM)  CVE-2021-38124
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-38124

Trend Micro ServerProtect
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-36745

Apache HTTP伺服器存在安全漏洞(CVE-2021-42013),允許攻擊者遠端執行任意程式碼
https://www.isda.org.tw/2021/10/09/0a4bf59c2d6b1fc5d36850718f1675f4/

資安事件新聞週報 2021/10/04 ~ 2021/10/08

 


資安事件新聞週報 2021/10/04  ~  2021/10/08

1.重大弱點漏洞/後門/Exploit/Zero Day
Apache修補已被開採的資料外洩漏洞
https://www.ithome.com.tw/news/147117

Apache Warns of Zero-Day Exploit in the Wild — Patch Your Web Servers Now
https://thehackernews.com/2021/10/apache-warns-of-zero-day-exploit-in.html

微軟強化伺服器韌體與網路安全
https://www.ithome.com.tw/tech/147018

關於微軟 Azure 安全漏洞 Azurescape,你必須知道的事情
https://www.netadmin.com.tw/netadmin/zh-tw/snapshot/C4A67EE8E049422F9B35A5460A7E2988

QNAP QTS 5.0 正式版登場:升級系統核心、強化資安,支援 WireGuard VPN,並內建免費 exFAT 授權
https://reurl.cc/ox723q

Google Chrome與Microsoft Edge瀏覽器存在安全漏洞(CVE-2021-37974~37976),允許攻擊者遠端執行任意程式碼,請儘速確認並進行更新
https://portal.boe.ttct.edu.tw/bulletin/view.php?sn=B110002811

資安事件新聞週報 2021/9/27 ~ 2021/10/01

 

資安事件新聞週報 2021/9/27  ~  2021/10/01

1.重大弱點漏洞/後門/Exploit/Zero Day
Cisco 近日發布更新以解決多個產品的安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/09/23/cisco-releases-security-updates-multiple-products

New Azure AD Bug Lets Hackers Brute-Force Passwords Without Getting Caught
https://thehackernews.com/2021/09/new-azure-ad-bug-lets-hackers-brute.html

WhatsUpGold 21.0.3 - Stored Cross-Site Scripting (XSS)
https://www.exploit-db.com/exploits/50366

Microsoft Windows cmd.exe - Stack Buffer Overflow
https://www.exploit-db.com/exploits/50331

NETGEAR Releases Security Updates for RCE Vulnerability
https://us-cert.cisa.gov/ncas/current-activity/2021/09/21/netgear-releases-security-updates-rce-vulnerability

VMware vCenter Server Vulnerability CVE-2021-22005 Under Active Exploit
https://us-cert.cisa.gov/ncas/current-activity/2021/09/24/vmware-vcenter-server-vulnerability-cve-2021-22005-under-active

Atlassian Confluence RCE Flaw Abused in Multiple Cyberattack Campaigns
https://thehackernews.com/2021/09/atlassian-confluence-rce-flaw-abused-in.html

RCE Vulnerability in Hikvision Cameras (CVE-2021-36260)
https://us-cert.cisa.gov/ncas/current-activity/2021/09/28/rce-vulnerability-hikvision-cameras-cve-2021-36260

2021年 10 月份資安、社群活動分享

 

2021年 10 月份資安、社群活動分享

內控2.0:統計預測、數據分析、資訊安全與舞弊偵防 10/1
https://www.caa.org.tw/coursedetail-3605.html

Cyber Defense Summit 2021 Oct. 4-7, 2021
https://summit.fireeye.com/

Taipei Creative Coders Meetup #13 10/6
https://www.meetup.com/tpecreativecoders/events/280959754

資訊系統與通信傳輸查核 10/6
https://www.caa.org.tw/coursedetail-3524.html

資料庫稽核與個資保護 10/7
https://www.caa.org.tw/coursedetail-3607.html

中華電信學院 自主式移動機器人ROS開發實戰班 10/07、10/08
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=318

資安事件新聞週報 2021/9/20 ~ 2021/9/24

 

資安事件新聞週報 2021/9/20  ~  2021/9/24

1.重大弱點漏洞/後門/Exploit/Zero Day
New Nagios Software Bugs Could Let Hackers Take Over IT Infrastructures
https://thehackernews.com/2021/09/new-nagios-software-bugs-could-let.html

VMware 發布多個產品的安全更新
https://us-cert.cisa.gov/ncas/current-activity/2021/09/21/vmware-releases-security-updates

Cisco Releases Patches 3 New Critical Flaws Affecting IOS XE Software
https://thehackernews.com/2021/09/cisco-releases-patches-3-new-critical.html

Netgear 修復多款路由器嚴重漏洞
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9470

Netgear 修復多款路由器嚴重漏洞,可導致駭侵者遠端執行任意程式碼
https://www.twcert.org.tw/tw/cp-104-5108-edb59-1.html

Aruba Operating System
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-37724

ArubaOS 存在安全弱點
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-37723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-37718

蘋果修補舊款裝置的零時差攻擊漏洞
https://www.ithome.com.tw/news/146869

macOS含有一個可用來執行任意程式的安全漏洞
https://www.ithome.com.tw/news/146816

Urgent Apple iOS and macOS Updates Released to Fix Actively Exploited Zero-Days
https://thehackernews.com/2021/09/urgent-apple-ios-and-macos-updates.html

Microsoft Exchange Bug Exposes ~100,000 Windows Domain Credentials
https://thehackernews.com/2021/09/microsoft-exchange-bug-exposes-100000.html

用戶快更新!Windows出現嚴重漏洞 點開Office文件恐遭駭
https://reurl.cc/bnkG8E

資安事件新聞週報 2021/9/13 ~ 2021/9/17

 

資安事件新聞週報 2021/9/13  ~  2021/9/17

1.重大弱點漏洞/後門/Exploit/Zero Day
FBI警告:國家級駭客正在開採Zoho的自助式密碼管理平臺漏洞
https://www.ithome.com.tw/news/146787

Update Google Chrome to Patch 2 New Zero-Day Flaws Under Attack
https://thehackernews.com/2021/09/update-google-chrome-to-patch-2-new.html

Critical Bug Reported in NPM Package With Millions of Downloads Weekly
https://thehackernews.com/2021/09/critical-bug-reported-in-npm-package.html

全景 TSSServiSignAdapter Windows版 - Improper Input Validation
https://www.twcert.org.tw/tw/cp-132-5093-76f04-1.html

Third Critical Bug Affects Netgear Smart Switches — Details and PoC Released
https://thehackernews.com/2021/09/third-critical-bug-affects-netgear.html

Critical Flaws Discovered in Azure App That Microsoft Secretly Installs on Linux VMs
https://thehackernews.com/2021/09/critical-flaws-discovered-in-azure-app.html

Cisco 近日發布更新以解決產品 IOS XR Software 的多個安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/09/09/cisco-releases-security-updates-multiple-products

Adobe 已發布安全更新,以解決多個 Adobe 產品中的弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/09/14/adobe-releases-security-updates-multiple-products

資安事件新聞週報 2021/10/18 ~ 2021/10/22

  資安事件新聞週報 2021/10/18  ~  2021/10/22 1.重大弱點漏洞/後門/Exploit/Zero Day Bug in Popular WinRAR Software Could Let Attackers Hack Your Computer http...