2021年 12 月份資安、社群活動分享

 

Coffee & Code 12/5
https://www.meetup.com/Innovate-Taiwan/events/282227800/

【面對駭客 不能事後聰明】資安事件分析研討會-北部場 12/7
https://www.accupass.com/event/2111181150051005578019

Swift Meetup 63 12/7
https://www.meetup.com/Swift-Taipei-User-Group/events/282420492/

OT資安健診 捍衛製造業資訊安全 12/8
https://www.teema.org.tw/education.aspx?infoid=37143

Android Code Club(Taipei) 12/8
https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/282446898/

SyntaxError 12/8
https://www.meetup.com/pythonhug/events/282446928/

資安事件新聞週報 2021/11/29 ~ 2021/12/04

 

資安事件新聞週報 2021/11/29  ~  2021/12/04

1.重大弱點漏洞/後門/Exploit/Zero Day
多款HP雷射印表機、多功能事務機及掃描器存在安全漏洞(CVE-2021-39237與CVE-2021-39238),
允許遠端攻擊者執行任意程式碼
https://www.nccst.nat.gov.tw/VulnerabilityDetail?lang=zh&seq=1192

Apache HTTP Server 2.4.50 - Remote Code Execution (RCE) (3)
https://www.exploit-db.com/exploits/50512

ASUS ROG Rapture GT-AX11000、RT-AX3000、RT-AX55、RT-AX56U、
RT-AX56U_V2、RT-AX58U、RT-AX82U、RT-AX82U GUNDAM EDITION、
RT-AX86系列( RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION,
RT-AX88U, RT-AX92U, TUF Gaming AX3000,
TUF Gaming AX5400 (TUF-AX5400), ASUS Zen0WiFi XD6,
ASUS ZenWiFi AX (XT8) 3. 0.4.386.45898 和 3.0.0.4.386.45911
(含)之前 RT-AX68U 允許未經身份驗證的遠端攻擊者透過發送特製的 HTTP 數據包進行 DoS。
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-41436
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-41435

Dell EMC CloudLink 7.1 (含)之前版本,有硬編碼密碼漏洞。
硬編碼憑證的遠端高特權攻擊者,可能會利用此弱點未經授權訪問系統。
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-36312
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-36313
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-36314

資安事件新聞週報 2021/11/22 ~ 2021/11/26

 

資安事件新聞週報 2021/11/22  ~  2021/11/26

1.重大弱點漏洞/後門/Exploit/Zero Day
Eavesdropping Bugs in MediaTek Chips Affect 37% of All Smartphones and IoT Globally
https://thehackernews.com/2021/11/eavesdropping-bugs-in-mediatek-chips.html

聯發科晶片遭曝資安漏洞,逾三成Android手機恐受影響! 官方釋出修補
https://3c.ltn.com.tw/news/46805

聯發科手機SoC存資安疑慮? 聯發科:已排除問題
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000624283_ZJ415EJQ9SAV232RI8H6O&cf=A21

聯發科平台傳出竊聽安全漏洞,不過在未傳出實際攻擊前已被修復
https://www.cool3c.com/article/168994

資安公司揭聯發科晶片漏洞!37%安卓手機、IoT設備用戶面臨竊聽風險
https://www.bnext.com.tw/article/66376/mediatek-cybersecurity-soc

600 萬台英國 Sky 寬頻用戶端路由器的資安漏洞,修復期間長達 17 個月
https://www.twcert.org.tw/tw/cp-104-5331-12ade-1.html

資安事件新聞週報 2021/11/15 ~ 2021/11/19

 

資安事件新聞週報 2021/11/15  ~  2021/11/19

1.重大弱點漏洞/後門/Exploit/Zero Day
美、英、澳共同發聲:伊朗駭客正在開採微軟Exchange及Fortinet漏洞
https://www.ithome.com.tw/news/147916

GitHub修補可讓駭客更新任何套件的Npm漏洞
https://www.ithome.com.tw/news/147896

New Blacksmith Exploit Bypasses Current Rowhammer Attack Defenses
https://thehackernews.com/2021/11/new-blacksmith-exploit-bypasses-current.html

Hackers Exploit macOS Zero-Day to Hack Hong Kong Users with new Implant
https://thehackernews.com/2021/11/hackers-exploit-macos-zero-day-to-hack.html

FBI Issues Flash Alert on Actively Exploited FatPipe VPN Zero-Day Bug
https://thehackernews.com/2021/11/fbi-issues-flash-alert-on-actively.html

Critical Root RCE Bug Affects Multiple Netgear SOHO Router Models
https://thehackernews.com/2021/11/critical-root-rce-bug-affects-multiple.html

資安事件新聞週報 2021/11/8 ~ 2021/11/12

 

資安事件新聞週報 2021/11/8  ~  2021/11/12

1.重大弱點漏洞/後門/Exploit/Zero Day
史上第一個能感染一切的漏洞現身,新型態「Trojan Source」供應鏈攻擊來襲
https://technews.tw/2021/11/09/trojan-source-bug-threatens-security-all-code/

Palo Alto Warns of Zero-Day Bug in Firewalls Using GlobalProtect Portal VPN
https://thehackernews.com/2021/11/palo-alto-warns-of-zero-day-bug-in.html

Windows 10老用戶注意!2004版微軟官方支援將於12月這天終止
https://3c.ltn.com.tw/news/46629

Microsoft Issues Patches for Actively Exploited Excel, Exchange Server 0-Day Bugs
https://thehackernews.com/2021/11/microsoft-issues-patches-for-actively.html

微軟Windows作業系統與應用程式存在多個安全漏洞
https://net.nthu.edu.tw/2009/mailing:announcement:20211111_01

Cisco 近日發布更新以解決多個產品的安全性弱點
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-dos-JOm9ETfO

資安事件新聞週報 2021/11/1 ~ 2021/11/5

 

資安事件新聞週報 2021/11/1  ~  2021/11/5

1.重大弱點漏洞/後門/Exploit/Zero Day
CISA要求美聯邦政府機關限時修補290項高風險軟硬體漏洞
https://www.ithome.com.tw/news/147648

U.S. Federal Agencies Ordered to Patch Hundreds of Actively Exploited Flaws
https://thehackernews.com/2021/11/us-federal-agencies-ordered-to-patch.html

Cisco 近日發布更新以解決多個產品的安全性弱點
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-dir-traversal-95UyW5tk

Sonicwall SonicOS 6.5.4 - 'Common Name' Cross-Site Scripting (XSS)
https://www.exploit-db.com/exploits/50485

phpMyAdmin 4.8.1 - Remote Code Execution (RCE)
https://www.exploit-db.com/exploits/50457

Hardcoded SSH Key in Cisco Policy Suite Lets Remote Hackers Gain Root Access
https://thehackernews.com/2021/11/hardcoded-ssh-key-in-cisco-policy-suite.html

Critical RCE Vulnerability Reported in Linux Kernel's TIPC Module
https://thehackernews.com/2021/11/critical-rce-vulnerability-reported-in.html

2021年 11 月份資安、社群活動分享

 

2021年 11 月份資安、社群活動分享

Golang Taipei Gathering #61 Webinar 11/2
https://www.meetup.com/golang-taipei-meetup/events/281541986

從Python到TensorFlow線上讀書會-三部曲(7) -進階深度學習的最佳實作方式 11/2
https://www.meetup.com/TensorFlow-User-Group-Taipei/events/280045015

Clojure Taiwan BYOP #3, 2021 11/2
https://www.meetup.com/Clojure-tw/events/281646231

「2021台灣資安通報應變年會」11/3
https://www.informationsecurity.com.tw/article/article_detail_2021.aspx?aid=9517

SyntaxError 11/3
https://www.meetup.com/pythonhug/events/281711643

InfoSec Taiwan 2021國際資安大會 11月3~4日
https://slat.org/node/169

【職場參訪體驗】虎頭山創新園區 11/4
https://ys.wda.gov.tw/D/18-1026/

Taipei CS Weekly Meeting 11/4
https://www.meetup.com/couchsurfers-in-taiwan/events/281419439

2021年 12 月份資安、社群活動分享

  Coffee & Code 12/5 https://www.meetup.com/Innovate-Taiwan/events/282227800/ 【面對駭客 不能事後聰明】資安事件分析研討會-北部場 12/7 https://www.accupass.com/e...