資安事件新聞週報 2021/1/11 ~ 2021/1/15

 

 

資安事件新聞週報 2021/1/11  ~  2021/1/15

1.重大弱點漏洞/後門/Exploit/Zero Day
Zyxel近日發布更新以解決多個產品存在遠端程式碼執行弱點
https://reurl.cc/4ymjYV

Fortinet 近日發布更新以解決 FortiWeb 的安全性弱點
https://securityaffairs.co/wordpress/113129/hacking/fortinet-fortiweb-waf-flaws.html

小米路由器Ax6 授權問題漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14097

Juniper Networks Junos OS 授權問題漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0204

思科AnyConnect安全客戶端發現DDL注入裂縫,需要盡快升級
https://finance.sina.com.cn/tech/2021-01-15/doc-ikftpnnx7500878.shtml

Google揭露串連Chrome/Windows零時差漏洞、Android已知漏洞的攻擊行動
https://www.ithome.com.tw/news/142225

谷歌Chrome瀏覽器87版本發現多個重要漏洞,需要盡快升級
https://finance.sina.cn/tech/2021-01-08/detail-iiznezxt1204587.d.html?fromtech=1

谷歌瀏覽器又曝漏洞,黑客可劫持目標計算機
https://www.796t.com/article.php?id=227271

資安事件新聞週報 2021/1/4 ~ 2021/1/8

 

資安事件新聞週報 2021/1/4  ~  2021/1/8

1.重大弱點漏洞/後門/Exploit/Zero Day
FortiWeb 多個高危漏洞
https://nosec.org/home/detail/4637.html

Zend Framework 3.0含有遠程程序執行漏洞
http://read01.com/QAkdGP2.html

IsThereAnyDeal修復Steam登入相關漏洞
https://pttgamer.com/Steam/1VzwM3_l

Windows Background Intelligent Transfer 服務權限提升漏洞
https://msrc.microsoft.com/update-guide/zh-CN/vulnerability/CVE-2020-0787

Windows Office 訪問連接引擎遠程執行代碼漏洞
https://msrc.microsoft.com/update-guide/zh-cn/vulnerability/CVE-2019-0824

谷歌Chrome瀏覽器87版本發現多個重要漏洞,需要儘快升級
https://news.sina.com.tw/article/20210108/37340556.html

jackson-databind 反序列化遠程代碼執行漏洞預警(CVE-2020-36189、CVE-2020-36179)
https://www.huaweicloud.com/notice/2018/20210107172029072.html

資安事件新聞週報 2020/12/28 ~ 2021/1/1

 

資安事件新聞週報 2020/12/28  ~  2021/1/1

1.重大弱點漏洞/後門/Exploit/Zero Day
Citrix ADC網路閘道遭遇DDoS攻擊
https://www.ithome.com.tw/news/141873

Attackers Abusing Citrix NetScaler Devices to Launch Amplified DDoS Attacks
https://thehackernews.com/2020/12/citrix-adc-ddos-attack.html

HPE iLO Amplifier Pack server  CVE-2020-7203
https://nvd.nist.gov/vuln/detail/CVE-2020-7203

D-Link DSL-2888A devices  CVE-2020-24581
https://nvd.nist.gov/vuln/detail/CVE-2020-24581

Tenda AC1200 安全漏洞 CVE-2020-28094
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28094

Netgear NMS300 命令注入漏洞 CVE-2020-35789
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35789

Panasonic Security System 安全漏洞 CVE-2020-29193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29193

Webmin CVE-2020-35606
https://nvd.nist.gov/vuln/detail/CVE-2020-35606

IBM業務自動化解決方案發現信息洩露漏洞,需要盡快升級
https://finance.sina.com.cn/tech/2020-12-30/doc-iiznezxs9755473.shtml

2021年 1 月份資安、社群活動分享

 


Coffee & Code 2021/01/03
https://www.meetup.com/Innovate-Taiwan/events/275279796

黑魔法防禦術 - 給現代人的資安自保指南 2021/01/03
https://tdohackerparty.kktix.cc/events/dada-modern-self-defense

從Python到TensorFlow線上讀書會-首部曲(9)-物件與類別 2021/1/5
https://www.meetup.com/TensorFlow-User-Group-Taipei/events/274523011

WTM & GDG Workshop - D 搭 D 的浪漫與現實 #3 2021/1/9
https://www.meetup.com/GDGTaipei/events/275151173

交通大學亥客書院 AI於資訊安全之應用 2021/1/9 1/16
https://hackercollege.nctu.edu.tw/?p=1228

比特幣小聚: 比特幣重要性 2021/1/13
https://www.meetup.com/Taiwan-Bitcoin-Only-Meetup/events/274363177

Taiwan VR Meetup for January 2021/1/16
https://www.meetup.com/taiwanvirtualreality/events/274782875

BambooFox CTF 2021  2021/1/16
https://ctftime.org/event/1234

Taipei Speed Networking Party for Young Professionals(1/17 Sun)
https://www.meetup.com/Taipei-Speed-Networking-Meetup-Group/events/274489305

TeamT5 Security Camp 資安培訓營 2021/1/19(二)- 2021/2/3(三)
http://bit.ly/2KvD4da

交通大學亥客書院 企業網域控管-Active Directory攻擊與防禦 2021/1/23
https://hackercollege.nctu.edu.tw/?p=1230

2021 南新科技中心寒假營隊 [駭客攻防資安體驗營] 2021年1月21-22日
https://www.nsjh.tn.edu.tw/modules/tadnews/index.php?nsn=7790

資安事件新聞週報 2020/12/21 ~ 2020/12/25

 

資安事件新聞週報 2020/12/21  ~  2020/12/25

1.重大弱點漏洞/後門/Exploit/Zero Day
WSJ:思科、英特爾與Nvidia都安裝了含漏洞的SolarWinds Orion系統
https://www.ithome.com.tw/news/141803

Two Critical Flaws — CVSS Score 10 — Affect Dell Wyse Thin Client Devices
https://thehackernews.com/2020/12/two-critical-flaws-cvss-score-10-affect.html

Google Discloses Poorly-Patched, Now Unpatched, Windows 0-Day Bug
https://thehackernews.com/2020/12/google-discloses-poorly-patched-now.html

JAVA漏洞再度挑戰蘋果安全神話
https://www.huaweicloud.com/articles/d0f446d519f3438a52d3ef4a47acf4d5.html

資安事件新聞週報 2020/12/14 ~ 2020/12/18

 

資安事件新聞週報 2020/12/14  ~  2020/12/18

1.重大弱點漏洞/後門/Exploit/Zero Day
SUSE Linux 緩衝區錯誤漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-9983

WebKit 資源管理錯誤漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-13584

NZXT CAM漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13509

AdRem NetCrunch 跨站脚本漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14478

Mozilla 產品多個漏洞
https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/
https://www.mozilla.org/en-US/security/advisories/mfsa2020-55/
https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/

火狐瀏覽器修復一枚神秘嚴重漏洞,同時影響Chrome
https://www.secrss.com/articles/28016

CVE-2020-7200:HPE 0day漏洞
https://www.mdeditor.tw/pl/gpXA

HPE 披露最新版本 SIM 中存在零日漏洞
https://www.wangan.com/articles/2305

資安事件新聞週報 2020/12/7 ~ 2020/12/11

 

資安事件新聞週報 2020/12/7  ~  2020/12/11

1.重大弱點漏洞/後門/Exploit/Zero Day
QNAP Security Advisories - December 7th, 2020
https://www.bleepingcomputer.com/news/security/qnap-patches-qts-vulnerabilities-allowing-nas-device-takeover/
https://www.qnap.com/en/security-advisory/qsa-20-16
https://www.qnap.com/en/security-advisory/qsa-20-12
https://www.qnap.com/en/security-advisory/qsa-20-13
https://www.qnap.com/en/security-advisory/qsa-20-14
https://www.qnap.com/en/security-advisory/qsa-20-15

VERT Threat Alert: December 2020 Patch Tuesday Analysis
https://www.tripwire.com/state-of-security/vert/vert-threat-alert-december-2020-patch-tuesday-analysis/

Gafgyt Using Pulse Secure Vulnerability
https://prod-blog.avira.com/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218

NSA Warns Russian Hacker Exploiting VMware Bug to Breach Corporate Networks
https://thehackernews.com/2020/12/nsa-warns-russian-hacker-exploiting.html

WARNING — Critical Remote Hacking Flaws Affect D-Link VPN Routers
https://thehackernews.com/2020/12/warning-critical-remote-hacking-flaws.html

Apache 近日發布更新以解決Apache Struts 的安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2020/12/08/apache-releases-security-update-apache-struts-2

Apache發布針對Apache Tomcat的安全公告
http://mail-archives.us.apache.org/mod_mbox/www-announce/202012.mbox/%3C52858194-2efd-6f17-1821-9036c8494df0%40apache.org%3E

資安事件新聞週報 2021/1/11 ~ 2021/1/15

    資安事件新聞週報 2021/1/11  ~  2021/1/15 1.重大弱點漏洞/後門/Exploit/Zero Day Zyxel近日發布更新以解決多個產品存在遠端程式碼執行弱點 https://reurl.cc/4ymjYV Fortinet 近日發布更新以解決 F...