資安事件新聞週報  2019/9/2  ~  2019/9/6

1.重大弱點漏洞/後門/Exploit/Zero Day
PSV、PS3雙雙獲得韌體更新，但似乎忘了把漏洞補上
https://www.techbang.com/posts/72481-psv-ps3-double-get-stolic-update-but-seem-to-forget-to-fill-in-the-vulnerability

發現美國海軍網站的敏感信息洩露和SQL注入漏洞
https://nosec.org/home/detail/2909.html

企業修補進度慢！近期臺灣資安業者揭露的SSL VPN漏洞，傳出已遭駭客鎖定
https://www.ithome.com.tw/news/132764

SonarQube檢測出的bug、漏洞以及異味的修復整理
https://cloud.tencent.com/developer/article/1497624

Zimbra-RCE
https://github.com/rek7/Zimbra-RCE

Trend Micro OfficeScan (OSCE) DLL Side-Loading安全性弱點通告
https://nvd.nist.gov/vuln/detail/CVE-2019-9492

Hiding in Plain Text: Jenkins Plugin Vulnerabilities
https://blog.trendmicro.com/trendlabs-security-intelligence/hiding-in-plain-text-jenkins-plugin-vulnerabilities/

Lightning Network用戶敦促因漏洞而緊急更新軟件
https://0xzx.com/201908302043248275.html

SA103 : October 2015 NTP Security Vulnerabilities
https://support.symantec.com/us/en/article.SYMSA1335.html

SA98 : OpenSSL Security Advisory 11-June-2015
https://support.symantec.com/us/en/article.SYMSA1325…

資安事件新聞週報  2019/8/26  ~  2019/8/30

1.重大弱點漏洞/後門/Exploit/Zero Day
2019年HITCON ZeroDay漏洞通報現況，注意弱密碼問題通報數量增，還有人才媒合新功能上線
https://www.ithome.com.tw/news/132620

企業弱密碼今年狂被駭！HITCON資安漏洞申報平台連台電、群暉都拜託「抓漏」
http://bit.ly/2PfQM5x

Kubernetes嚴重漏洞致服務器DoS攻擊
https://www.4hou.com/vulnerable/19863.html

IBM WebSphere Application Server 多個漏洞
https://www-01.ibm.com/support/docview.wss?uid=ibm10964780

台灣資安公司揭露多家企業級 VPN 服務漏洞後，駭客便用來攔截流量
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=919

Palo Alto PAN-OS 多個漏洞
https://securityadvisories.paloaltonetworks.com/Home/Detail/159
https://securityadvisories.paloaltonetworks.com/Home/Detail/160
https://securityadvisories.paloaltonetworks.com/Home/Detail/161

Palo Alto Networks PAN-OS 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1582

Cisco 多個產品發布新的安全更新
https://www.us-cert.gov/ncas/current-activity/2019/08/22/cisco-releases-security-updates

思科 NX-OS 多個漏洞
https://tools.cisco.com/security/center/publicationListing.x

9月份資安社群及教育訓練活動分享


 HITCON HackDoor 駭入辦公室 7/2 ~ 9/28
 https://www.accupass.com/event/1906050355291064968019

 MLDM Monday｜用開放資料玩出政府創新應用 : 當雨神來臨時  9/2
 https://www.meetup.com/Taiwan-R/events/262992081/

 Taipei Rails Meetup  9/3
 https://www.meetup.com/rails-taiwan/events/dlgzljyzmbfb/

 高雄 Rails Meetup 9/4
 https://www.meetup.com/rails-taiwan/events/qxfvjkyzmbgb/

 Android Code Club(Taipei) 9/4
 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bsctnqyzmbgb/

 SyntaxError 9/4
 https://www.meetup.com/pythonhug/events/tnzzgpyzmbgb/

 工業控制系統資安研討會 9/5
 http://bit.ly/2NsMvt5

 HackingThursday 固定聚會 9/5
 https://www.meetup.com/hackingthursday/events/vkhnnqyzmbhb/

 TWJUG 201909 聚會 9/5
 https://www.meetup.com/taiwanjug/events/264123847/

資安事件新聞週報  2019/8/19  ~  2019/8/23

1.重大弱點漏洞/後門/Exploit/Zero Day
卡巴斯基殺毒軟件被曝出用戶上網痕跡洩露漏洞
https://zhuanlan.zhihu.com/p/78480931

被HTTP/2漏洞拖累，所有Kubernetes版本受影響
https://www.kubernetes.org.cn/5746.html

UK cybersecurity agency warns devs to drop Python 2 due to looming EOL & security risks
https://www.zdnet.com/article/uk-cybersecurity-agency-warns-devs-to-drop-python-2-due-to-looming-eol-security-risks/#ftag=RSSbaffb68

npm撤下含有可竊取登入憑證的bb-builder套件
https://www.ithome.com.tw/news/132572

npm Pulls Malicious Package that Stole Login Passwords
https://www.bleepingcomputer.com/news/security/npm-pulls-malicious-package-that-stole-login-passwords/

The NPM package that walked away with all your passwords
https://blog.reversinglabs.com/blog/the-npm-package-that-walked-away-with-all-your-passwords

IBM WebSphere Application Server 多個漏洞
https://www-01.ibm.com/support/docview.wss?uid=ibm10964780

資安事件新聞週報  2019/8/12  ~  2019/8/16

1.重大弱點漏洞/後門/Exploit/Zero Day
Steam驚爆安全漏洞 逾1億玩家恐受影響
https://newtalk.tw/news/view/2019-08-11/284396

托最新藍牙漏洞的“福”，我險些把小電影和賬戶密碼親手給黑客
https://tech.ifeng.com/c/7p8gRStrlcA

JVNVU#90240762 Bluetooth BR/EDR での暗号鍵エントロピーのネゴシエーションにおける問題
https://jvn.jp/vu/JVNVU90240762/

賽門鐵克防毒軟體和Windows SHA-2不相容，微軟暫停更新
https://www.ithome.com.tw/news/132435

Kasper-Spy: Kaspersky Anti-Virus puts users at risk
https://www.heise.de/ct/artikel/Kasper-Spy-Kaspersky-Anti-Virus-puts-users-at-risk-4496138.html

Kaspersky Antivirus Flaw Exposed Users to Cross-Site Tracking Online
https://thehackernews.com/2019/08/kaspersky-antivirus-online-tracking.html

Trend Micro fixes privilege escalation security flaw in Password Manager
https://www.zdnet.com/article/trend-micro-fixes-hijack-security-flaw-in-password-manager/#ftag=RSSbaffb68

Trend Micro Password Manager - Privilege Escalation to SYSTEM
https://safebreach.com/Post/Trend-Micro-Password-Manager-Privilege-Escalation-to-SYSTEM

HTTP/2含有多個服務阻斷漏…

資安事件新聞週報  2019/8/5  ~  2019/8/9

1.重大弱點漏洞/後門/Exploit/Zero Day
PuTTY繼0.71版本修正8個高風險漏洞後，再次更新0.72版本
http://bit.ly/2YDMIM5

修補 Fortigate SSL VPN Web門戶中的不正當授權漏洞
https://ithelp.ithome.com.tw/articles/10212691

研究者警告：眾多Jira伺服器的錯誤配置，讓員工及專案資訊全曝光
https://www.ithome.com.tw/news/132265

研究人員發現可劫持數百萬Android裝置的高通晶片漏洞
https://www.ithome.com.tw/news/132291

DRAGONBLOOD新漏洞劫持WPA3密碼
https://www.4hou.com/vulnerable/19554.html

IBM WebSphere Application Server 多個漏洞
https://www-01.ibm.com/support/docview.wss?uid=ibm10960159
https://www-01.ibm.com/support/docview.wss?uid=ibm10888425

NVIDIA Patches High Severity Flaws in Windows GPU Display Driver
https://www.bleepingcomputer.com/news/security/nvidia-patches-high-severity-flaws-in-windows-gpu-display-driver/

NVIDIA顯卡驅動被曝5個高危漏洞官方建議升級最新版
http://www.elecfans.com/emb/dsp/201908041031073.html

VMWare 產品多個漏洞
https://www.vmware.com/security/advisories/VMSA-2019-0012.html