資安事件新聞週報 2021/4/12 ~ 2021/4/16

 資安事件新聞週報 2021/4/12  ~  2021/4/16

1.重大弱點漏洞/後門/Exploit/Zero Day
Cisco Will Not Patch Critical RCE Flaw Affecting End-of-Life Business Routers
https://thehackernews.com/2021/04/cisco-will-not-patch-critical-rce-flaw.html

Cisco 發布多種產品的安全更新
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-YuTVWqy

美國國家安全局發表 4 個最新 Microsoft Exchange Server 嚴重漏洞，應立即修補
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9167

快升級 Windows 10！微軟宣布 1909 等 3 個版本將於2021年5月終止支援
https://reurl.cc/V3ZgyA

Severe Bugs Reported in EtherNet/IP Stack for Industrial Systems
https://thehackernews.com/2021/04/severe-bugs-reported-in-ethernetip.html

New JavaScript Exploit Can Now Carry Out DDR4 Rowhammer Attacks
https://thehackernews.com/2021/04/new-javascript-exploit-can-now-carry.html

Chromium第二項漏洞又有概念驗證攻擊程式公布
https://www.ithome.com.tw/news/143851

Update Your Chrome Browser to Patch 2 New In-the-Wild 0-Day Exploits
https://thehackernews.com/2021/04/2-new-chrome-0-days-under-attack-update.html

Chrome 90問世：以HTTPS作為預設，嵌入隱私沙箱控制
https://www.ithome.com.tw/news/143874

RCE Exploit Released for Unpatched Chrome, Opera, and Brave Browsers
https://thehackernews.com/2021/04/rce-exploit-released-for-unpatched.html

資安事件新聞週報 2021/4/5 ~ 2021/4/9

 

資安事件新聞週報 2021/4/5  ~  2021/4/9

1.重大弱點漏洞/後門/Exploit/Zero Day
美國政府警告Fortinet軟體漏洞恐遭國家駭客開採
https://www.ithome.com.tw/news/143629

Critical Auth Bypass Bug Found in VMware Data Center Security Product
https://thehackernews.com/2021/04/critical-auth-bypass-bug-found-in.html

還不快更新FortiOS？極惡勒索軟體Cring開始攻擊歐洲公司
https://reurl.cc/9Zqpv8

FBI及CISA發現有國家支持的駭客組織，正在針對尚未修補Fortinet軟體已知漏洞的使用單位發動滲透攻擊
https://reurl.cc/V3g13Y

思科修補SD-WAN vManage的遠端程式攻擊漏洞
https://www.ithome.com.tw/news/143708

Oracle PeopleSoft Enterprise PeopleTools存在未明漏洞
https://vul.wangan.com/a/CNVD-2018-08455

VMware 發布多種產品的安全更新
https://www.vmware.com/security/advisories/VMSA-2021-0004.html

VMware Security Advisory VMSA-2021-0005
https://www.vmware.com/security/advisories/VMSA-2021-0005.html

Cisco Security Advisories April 7 2021
https://reurl.cc/Kx5QpM

資安事件新聞週報 2021/3/29 ~ 2021/4/2

 

 

資安事件新聞週報 2021/3/29  ~  2021/4/2

1.重大弱點漏洞/後門/Exploit/Zero Day
VMware Security Advisory VMSA-2021-0004
https://www.vmware.com/security/advisories/VMSA-2021-0004.html

VMware IT環境管理系統出現8.6分的重大漏洞，該公司發布公告
https://www.ithome.com.tw/news/143566

在所有受支持的Ubuntu版本中修補了一個Sudo漏洞
https://reurl.cc/R6Qa0Z

GitLab發現高達9.6分的嚴重漏洞，並發布公告
https://www.ithome.com.tw/news/143613

ClamAV 0.102.3隨附針對兩個安全漏洞的解決方案
https://ubunlog.com/zh-TW/clamav-0-102-3-llega-con-solucion-a-dos-fallos-de-seguridad/

Apple Issues Urgent Patch Update for Another Zero‑Day Under Attack
https://thehackernews.com/2021/03/apple-issues-urgent-patch-update-for.html

MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-27928

Chrome Browser Updates - March 30 2021
https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html

2021年 4 月份資安、社群活動分享

 

2021年 4 月份資安、社群活動分享

HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會 淡水 4/1
https://www.meetup.com/hackingthursday/events/ncgzdsyccgbcb/

HackingThursday 固定聚會 台北場 Taipei 4/1
https://www.meetup.com/hackingthursday/events/pbgzdsyccgbcb/

Dilution—How to Tame a Founder’s Biggest Fear Using Pro Forma Cap Tables 4/1
https://www.meetup.com/Taiwan-Startup-Idea-to-IPO/events/276937674/

FREE! Pitch Practice: How to Pitch to Investors and Get the Deal 4/1
https://www.meetup.com/Taiwan-Startup-Idea-to-IPO/events/nnjhzryccgbcb/

FREE! How to Avoid an Intellectual Property Disaster 4/2
https://www.meetup.com/Taiwan-Startup-Idea-to-IPO/events/277142915/

Coffee & Code 4/4
https://www.meetup.com/Innovate-Taiwan/events/277064650

吱吱盃黑客松 2021/04/02 18:30 ~ 2021/04/04 18:30
https://nsysuisc.kktix.cc/events/hackathon2020

高雄 Rails Meetup 4/7
https://www.meetup.com/rails-taiwan/events/qxfvjkyccgbkb/

敏捷團隊的「祿」「權」「科」「忌」 4/7
https://www.meetup.com/scrumoholics/events/277126875/

資安事件新聞週報 2021/3/22 ~ 2021/3/26

 

資安事件新聞週報 2021/3/22  ~  2021/3/26

1.重大弱點漏洞/後門/Exploit/Zero Day
WARNING: A New Android Zero-Day Vulnerability Is Under Active Attack
https://thehackernews.com/2021/03/warning-new-android-zero-day.html

修補「Exchange」重大漏洞！Windows 10 將強制安全更新
https://3c.ltn.com.tw/news/43687

微軟發布修補程式以來，「每天」仍有數不清的 Exchange Server 漏洞攻擊
https://technews.tw/2021/03/24/microsoft-exchange-server-attacks/

思科修補Jabber Windows用戶端軟體App重大漏洞
https://www.ithome.com.tw/news/143502

Cisco 發布 RV132W 和 RV134W 軟體安全更新
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-132w134w-overflow-Pptt4H2p

Cisco Security Advisories March 24 2021
https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&firstPublishedStartDate=2021%2F03%2F24&firstPublishedEndDate=2021%2F03%2F24&limit=50

PsExec Privilege Escalation in Windows Fixed
https://www.bleepingcomputer.com/news/security/microsoft-fixes-windows-psexec-privilege-elevation-vulnerability/
https://techcommunity.microsoft.com/t5/sysinternals-blog/tcpview-v4-0-psexec-v2-33-winobj-v3-02-and-sysmon-v13-02/ba-p/2230549

Critical F5 BIG-IP Bug Under Active Attacks After PoC Exploit Posted Online
https://thehackernews.com/2021/03/latest-f5-big-ip-bug-under-active.html

資安事件新聞週報 2021/3/15 ~ 2021/3/19

 

資安事件新聞週報 2021/3/15  ~  2021/3/19

1.重大弱點漏洞/後門/Exploit/Zero Day
grafana 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28146

微軟Exchange漏洞受矚 戴夫寇爾駁不實指控
https://money.udn.com/money/story/10860/5329940

Exchange Server零時差漏洞攻擊　Palo Alto Networks提出4招防範
https://finance.ettoday.net/news/1942640

FUEL CMS跨站請求偽造漏洞
https://vul.wangan.com/a/CNVD-2021-18031

發現11處安全漏洞！谷歌：駭客可攻擊多種操作系統
https://reurl.cc/Kx2LER

Apple Xcode < 7.2 多個漏洞(Mac OS X)
https://zh-cn.tenable.com/plugins/nessus/87737

phpMyAdmin 3.3.x / 3.4.x < 3.3.10.2 / 3.4.3.1 多種漏洞(PMASA-2011-5 - PMASA-2011-8)
https://zh-cn.tenable.com/plugins/nessus/57346

Apache Solr任意文件讀取與SSRF漏洞預警
https://www.secrss.com/articles/29973

Google Chrome與Microsoft Edge瀏覽器存在安全漏洞，速更新
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9119

GitLab開源代碼管理倉庫發現遠程代碼執行漏洞
https://news.sina.com.tw/article/20210319/37944572.html

黑客利用7個零日漏洞來感染網站並滲透iOS設備
https://www.cnbeta.com/articles/tech/1103813.htm

資安事件新聞週報 2021/3/8 ~ 2021/3/12

 

資安事件新聞週報 2021/3/8  ~  2021/3/12

1.重大弱點漏洞/後門/Exploit/Zero Day
來自台灣的 DEVCORE 領先全球揭露 並通報微軟的 Exchange Server 安全漏洞
https://reurl.cc/bzWO7E

FireEye揭露Accellion事故調查結果，攻擊者極為熟悉目標軟體的運作機制，並串連漏洞進行RCE攻擊
https://www.ithome.com.tw/news/143178

CISA也發出警告！F5公布多個RCE漏洞，並呼籲用戶盡快升級
https://www.ithome.com.tw/news/143171

F5 BIG-IP和BIG-IQ設備的RCE弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/03/10/f5-security-advisory-rce-vulnerabilities-big-ip-big-iq

Critical Pre-Auth RCE Flaw Found in F5 Big-IP Platform — Patch ASAP
https://thehackernews.com/2021/03/critical-pre-auth-rce-flaw-found-in-f5.html

QNAP NAS 已知漏洞遭駭侵者用以惡意挖礦
https://twcert.pixnet.net/blog/post/330990583

中華資安國際發現CVE弱點，國內某入口網資訊系統具有多項漏洞
https://www.chtsecurity.com/news/973edda3-35e8-4369-89de-912f9017a5ff

蘋果各平台安全更新 防惡意程式碼
https://reurl.cc/bzWODr

Apache Tomcat
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-25329

Cisco 近日發布更新以解決多個Cisco產品受Snort影響所造成安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/03/04/cisco-releases-security-updates

VMware 發布安全更新以解決 VMware View Planner弱點問題
https://us-cert.cisa.gov/ncas/current-activity/2021/03/04/vmware-releases-security-update

ProxyLogon PoC Exploit Released; Likely to Fuel More Disruptive Cyber Attacks
https://thehackernews.com/2021/03/proxylogon-exchange-poc-exploit.html