跳到主要內容

文章

資安事件新聞週報 2020/6/29 ~ 2020/7/3

資安事件新聞週報 2020/6/29  ~  2020/7/3

1.重大弱點漏洞/後門/Exploit/Zero Day
FortiAnalyzer 阻斷服務漏洞
https://fortiguard.com/psirt/FG-IR-20-036

ZyXEL CloudCNM SecuManager 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15324

IBM WebSphere Application Server漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4449

IBM Security Secret Server 跨站脚本漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4323

Cisco Data Center Network Manager跨站脚本漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3356

Cisco UCS Director路徑遍歷漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3241

微軟警告愈來愈多駭客開採Exchange伺服器漏洞
https://www.ithome.com.tw/news/138440

CVE-2020-1181: SharePoint 遠程代碼執行漏洞通告
https://blog.csdn.net/weixin_45728976/article/details/106929274

8萬臺印表機連接埠可從公開網路存取有被駭之虞,臺灣曝險印表機數量全球第三
https://www.ithome.com.tw/news/138421

Bitdefender防毒軟體遭爆含有遠端程式攻擊漏洞
https://www.ithome.com.tw/news/138418

BitDefender修复可致攻击者远程运行命令的漏洞
https://www.freebuf.com/column/241163.html
最近的文章

2020年 7 月份資安、社群活動分享

2020年 7 月份資安、社群活動分享

Elements of AI Online Study Group(0701)7/1
https://www.meetup.com/TaipeiWomeninTech/events/270416793/

IRCON 2020 臺灣資訊安全事件應變研討會 7/1
https://nchc-cdx.kktix.cc/events/ircon2020

Docker + K8s 讀書會 #10 7/1
https://www.meetup.com/GDGCloud-Kaohsiung/events/271284710/

高雄 Rails Meetup 7/1
https://www.meetup.com/rails-taiwan/events/271517257/

#32 TBD 7/1
https://www.meetup.com/Azure-Taiwan/events/271493233/

Android 11 Meetup - Machine Learning 7/2
https://www.meetup.com/GDG-Hualien/events/271372660/

資安事件新聞週報 2020/6/22 ~ 2020/6/26

資安事件新聞週報 2020/6/22  ~  2020/6/26

1.重大弱點漏洞/後門/Exploit/Zero Day
微軟六月發佈之漏洞修補數量,創有史以來最高
https://www.eset.tw/html/86/202006191/

Netgear路由器安全漏洞六個月後終於修復
https://bit.ly/315KOZz

瀚淶科技發佈NETGEAR 產品安全性通知 建議使用者更新韌體修補
https://bit.ly/3178OeE

國內網通設備廠商修復存於家用路由器的嚴重資安漏洞
https://www.twcert.org.tw/tw/cp-104-3721-9ca72-1.html

Cisco WebEx 被發現記憶體傾印資安漏洞
https://www.twcert.org.tw/tw/cp-104-3717-c993a-1.html

Webex修復兩個嚴重漏洞,兩者可使黑客運行任意程序以及代碼
https://www.expreview.com/74776.html

Cisco Wireless LAN Controller Software緩衝區溢出漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3273

物聯網設備「驚爆」底層漏洞
https://kknews.cc/tech/lv4xvvz.html

New Ripple20 Flaws Put Billions of Internet-Connected Devices at Risk of Hacking
https://thehackernews.com/2020/06/new-critical-flaws-put-billions-of.html

Oracle E-Business Suite Flaws Let Hackers Hijack Business Operations
https://thehackernews.com/2020/06/oracle-e-business-suite.html

IBM Security Guardium漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4193

資安事件新聞週報 2020/6/15 ~ 2020/6/19

資安事件新聞週報 2020/6/15  ~  2020/6/19

1.重大弱點漏洞/後門/Exploit/Zero Day
GeoVision門禁控制設備 - Shared cryptographic keys
https://www.twcert.org.tw/tw/cp-132-3696-6601c-1.html

中華資安國際發現CVE弱點,日本知名電子郵件系統具有跨網站指令碼漏洞
https://www.chtsecurity.com/news/ca1c22e7-d523-4c8d-86c2-ebb43aa193df

WordPress 多個漏洞
https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/

蘋果電腦存在硬體漏洞?黑客5分鐘就可以入侵
https://kknews.cc/digital/x4elgmo.html

Intel CPUs Vulnerable to New 'SGAxe' and 'CrossTalk' Side-Channel Attacks
https://thehackernews.com/2020/06/intel-sgaxe-crosstalk-attacks.html

CVE-2020-13844 | ARM CPU SLS漏洞通告
https://www.venustech.com.cn/article/1/11830.html

79款Netgear路由器被曝遠程劫持0day,暫無補丁
https://www.secrss.com/articles/20405

Cisco WebEx 被發現記憶體傾印資安漏洞
https://www.twcert.org.tw/tw/cp-104-3717-c993a-1.html

多款Cisco產品輸入驗證錯誤漏洞(CNVD-2020-32900)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3228

IBM QRadar SIEM代碼問題漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4509

資安事件新聞週報 2020/6/8 ~ 2020/6/12

資安事件新聞週報 2020/6/8  ~  2020/6/12

1.重大弱點漏洞/後門/Exploit/Zero Day
Totolink等多家廠商無線分享器存在漏洞,已遭駭客鎖定駭入並設定VPN作為跳板
https://www.ithome.com.tw/news/138103

Fortinet FortiAnalyzer 跨站脚本漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6640

思科(Cisco)路由器和交換機重大漏洞:可被控製或導致癱瘓
https://tech.sina.com.cn/roll/2020-06-08/doc-iirczymk5859335.shtml

Sophos 防火牆作業系統爆0日漏洞,應用伺服器被批量掛勒索病毒
https://kknews.cc/tech/oq295gm.html

UPNP 協議存在嚴重漏洞 , 攻擊者可劫持智能設備發起 DDoS 攻擊
https://www.chainnews.com/zh-hant/articles/964410354333.htm

CallStranger UPnP漏洞影響了數十億台設備
https://zhuanlan.zhihu.com/p/147188406

系統或遭完全控制?Cisco IOS路由器中存在嚴重漏洞
https://www.easyaq.com/news/2147307851.shtml

資安事件新聞週報 2020/6/1 ~ 2020/6/5

資安事件新聞週報 2020/6/1  ~  2020/6/5

1.重大弱點漏洞/後門/Exploit/Zero Day
VMware Security Advisories VMSA-2020-0011
https://www.vmware.com/security/advisories/VMSA-2020-0011.html

VMware雲監測平台被曝嚴重漏洞,可導致黑客接管企業服務器
https://www.secrss.com/articles/19954

Critical VMware Cloud Director Flaw Lets Hackers Take Over Corporate Servers
https://thehackernews.com/2020/06/vmware-cloud-director-exploit.html

研究員從主流操作系統上發現26個USB驅動漏洞
https://www.secrss.com/articles/19860

IBM MQ 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4352

Chrome瀏覽器重大資安問題7成都出在記憶體?Google回應這麼說
https://bit.ly/2XfxL5d

MINDSHARE: HARDWARE REVERSING WITH THE TP-LINK TL-WR841N ROUTER
https://www.zerodayinitiative.com/blog/2019/9/2/mindshare-hardware-reversing-with-the-tp-link-tl-wr841n-router

MINDSHARE: HARDWARE REVERSING WITH THE TP-LINK TL-WR841N ROUTER - PART 2
https://www.zerodayinitiative.com/blog/2019/12/2/mindshare-hardware-reversing-with-the-tp-link-tl-wr841n-router-part-2

資安事件新聞週報 2020/5/25 ~ 2020/5/29

資安事件新聞週報 2020/5/25  ~  2020/5/29

1.重大弱點漏洞/後門/Exploit/Zero Day
針對8萬個應用程式的調查發現,有7成程式含有開源漏洞
https://www.ithome.com.tw/news/137846

美國安局警告,俄羅斯駭客正在開採Exim漏洞
https://www.ithome.com.tw/news/137947

STATE OF SOFTWARE SECURITY Open Source Edition
https://www.veracode.com/sites/default/files/pdf/resources/reports/state-of-software-security-open-source-edition-veracode-report.pdf

多種DNS解析程序被發現漏洞允許攻擊者發動拒絕服務攻擊
https://www.cnbeta.com/articles/tech/982263.htm

一個新的 DNS 安全漏洞被曝出,可引發大規模的 DDoS“轟炸
https://www.chainnews.com/zh-hant/articles/855208189865.htm

NXNSAttack:DNS協議安全漏洞通告
https://www.anquanke.com/post/id/207004

研究人員發現DNS查詢遞迴漏洞,影響多數DNS伺服器,企業應儘速採取修補作業
https://www.ithome.com.tw/news/137777

Microsoft Warns of Vulnerability Affecting Windows DNS Server
https://www.darkreading.com/threat-intelligence/microsoft-warns-of-vulnerability-affecting-windows-dns-server/d/d-id/1337872

New DNS Vulnerability Lets Attackers Launch Large-Scale DDoS Attacks
https://thehackernews.com/2020/05/dns-server-ddos-attack.html

Fortinet FortiClient 安…