跳到主要內容

發表文章

目前顯示的是 2019的文章

1月份資安社群及教育訓練活動分享

1月份資安社群及教育訓練活動分享

Android Code Club(Taipei) 1/1
https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bkzcmrybccbcb/

From Reactive to Functional FunTh#80 1/2
https://www.meetup.com/Functional-Thursday/events/266805309/

Hacking Thursday 1/2
http://www.hackingthursday.org/invite

大數據爬蟲技術實作,使用Python實作網路爬蟲,快速有效獲取大量資料,打造自動化金融數據平台 1/4
https://www.techbang.com/posts/58613-course-python-crawler-technology-implementation

[Birthday Series] R-Ladies Taipei 五歲拉 1/6
https://www.meetup.com/rladies-taipei/events/266131216/

SDN x Cloud Native Meetup #24 1/6
https://www.meetup.com/CloudNative-Taiwan/events/267390135/

WizardAmigos CodeCamp [Taipei,JavaScript,­English] 1/6
https://www.meetup.com/WizardAmigos/events/bbdclrybccbjb/

新型郵件威脅與挑戰因應策略 1/7
https://engage2demand.cisco.com/LP=19240?dtid=oemels001119&ccid=cc000828&ecid=22859

發現 CNN 新大陸 (人工智慧小聚 - Hsinchu#20200108 ) 1/8
https://www.meetup.com/AIA-Hsinchu/events/266704469/

LISP talk: LISP in surrounding parentheses is supremely powerful #3  1/8
https…

資安事件新聞週報 2019/12/23 ~ 2019/12/27

資安事件新聞週報  2019/12/23  ~  2019/12/27

1.重大弱點漏洞/後門/Exploit/Zero Day
IBM WebSphere Application Server 遠端執行任意程式碼漏洞
https://www.ibm.com/support/pages/node/1115085

Dropbox含有可取得系統權限的安全漏洞
https://www.ithome.com.tw/news/134979

360安全大腦發現並協助修復VMware遠程高危漏洞
https://finance.jrj.com.cn/2019/12/25151428585242.shtml

你找到1個大漏洞拿4500萬!蘋果撒錢擴大漏洞懸賞計畫
https://www.setn.com/News.aspx?NewsID=659037

重賞 $11,680,000 ! Apple 開放舉報保安漏洞懸賞機制
http://bit.ly/2MntKWL

OnePlus推賞金獎勵計劃 找出系統漏洞最高獎逾5萬元
https://reurl.cc/EKN48a

Citrix修補遠端程式攻擊漏洞
https://www.ithome.com.tw/news/135005

Citrix Systems Citrix ADC and NetScaler Gateway和Citrix Application Delivery Controller 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19781

Citrix產品中的漏洞使80000家公司面臨風險
https://www.linuxidc.com/Linux/2019-12/161805.htm

資安事件新聞週報 2019/12/16 ~ 2019/12/20

資安事件新聞週報  2019/12/16  ~  2019/12/20

1.重大弱點漏洞/後門/Exploit/Zero Day
Micro Focus ArcSight Logger 跨站請求偽造漏洞 CVE-2019-11657
https://nvd.nist.gov/vuln/detail/CVE-2019-11657

Trend Micro HouseCall for Home Networks 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19689

TP-Link 路由器遠端執行任意程式碼漏洞
https://www.securitywizardry.com/the-radar-page/alert-details#alerts

TP-Link修補不用密碼就能登入路由器的安全漏洞
https://www.ithome.com.tw/news/134878

TP-Link Archer Router Vulnerability Voids Admin Password, Can Allow Remote Takeover
https://securityintelligence.com/posts/tp-link-archer-router-vulnerability-voids-admin-password-can-allow-remote-takeover/

新的攻擊 CPU 手法 Plundervolt 出現,超頻降頻也能觸發漏洞
https://technews.tw/2019/12/17/cpu-plundervolt/

資安事件新聞週報 2019/12/9 ~ 2019/12/13

資安事件新聞週報  2019/12/9  ~  2019/12/13

1.重大弱點漏洞/後門/Exploit/Zero Day
Cisco DNA Spaces:Connector SQL注入漏洞
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-dna-sqlinjection

Cisco 指控 Zoom Connector for Cisco 會造成嚴重資安漏洞
https://www.twcert.org.tw/tw/cp-104-3118-53912-1.html

IBM QRadar SIEM跨站脚本漏洞
https://www.ibm.com/support/pages/node/1103499

VMware ESXi 和 Horizon DaaS 發布安全更新
https://www.vmware.com/security/advisories/VMSA-2019-0022.html

DroneSense 現安全漏洞 警用無人機監視路線被公開
http://bit.ly/2RMjPxp

資安事件新聞週報 2019/12/2 ~ 2019/12/6

資安事件新聞週報  2019/12/2  ~  2019/12/6

1.重大弱點漏洞/後門/Exploit/Zero Day
MISP 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19379

Linux漏洞將允許駭客挾持VPN連線
https://ithome.com.tw/news/134652

安全預警- 某些華為設備中存在DoS安全漏洞
https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20191204-03-dos-cn

IBM WebSphere eXtreme Scale Admin Console點擊劫持漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4109

IBM DataPower Gateway 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4621

HP Workstation BIOS安全特征问题漏洞
https://support.hp.com/us-en/document/c06318199

可重複的模擬攻擊技術在漏洞管理領域的應用
https://www.chainnews.com/zh-hant/articles/215260357729.htm

索尼再現網站安全漏洞宣布關閉隱患網頁
https://nosec.org/home/detail/3252.html

GoAhead Web 服務器又現關鍵漏洞
https://www.chainnews.com/zh-hant/articles/100479860666.htm

Critical Flaw in GoAhead Web Server Could Affect Wide Range of IoT Devices
https://thehackernews.com/2019/12/goahead-web-server-hacking.html

資安事件新聞週報 2019/11/25 ~ 2019/11/29

資安事件新聞週報  2019/11/25  ~  2019/11/29

1.重大弱點漏洞/後門/Exploit/Zero Day
Google 已發布安全更新以解決多個產品中的弱點
https://chromereleases.googleblog.com/2019/11/stable-channel-update-for-desktop_18.html

CWE公布2019年最危險的25個軟體錯誤
https://www.ithome.com.tw/news/134475

Fortinet 多個產品存在加密金鑰弱點,可能造成中間人成功竊聽或披露機敏資訊
https://fortiguard.com/psirt/FG-IR-18-100

TOP25 漏洞類型 8 年後首次迎來更新
https://www.chainnews.com/zh-hant/articles/142025348603.htm

phpMyAdmin 遠端執行任意程式碼漏洞
https://www.phpmyadmin.net/security/PMASA-2019-5/

Red Hat JBoss Enterprise Application Platform 多個漏洞
https://www.auscert.org.au/bulletins/ESB-2019.4484/

部份Fortinet產品加密金鑰漏洞,可讓駭客竊聽用戶活動
https://ithome.com.tw/news/134415

一加公佈個人信息安全漏洞並向受影響客戶致歉
https://www.cnbeta.com/articles/tech/913985.htm

TP-Link TL-WR841N 遠端執行程式碼漏洞
https://www.zerodayinitiative.com/advisories/ZDI-19-992/

ClamAV CVE-2013-7088
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7088

ClamAV CVE-2013-7087
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7087

資安事件新聞週報 2019/11/18 ~ 2019/11/22

資安事件新聞週報  2019/11/18  ~  2019/11/22

1.重大弱點漏洞/後門/Exploit/Zero Day
中彈!高通晶片有漏洞 手機個資不保
https://www.chinatimes.com/realtimenews/20191118003422-260410?chdtv

透過智慧門鈴就可攻擊整個房子聯網設備!Amazon 已修補Ring Video Doorbell Pro 漏洞
https://blog.trendmicro.com.tw/?p=62657

Grin核心開發者解析Mimblewimble「漏洞」:非根本性缺陷,Grin很安全
https://news.knowing.asia/news/0cc8c2e7-222c-40e0-a7c8-5c010ede7023

Grin 隱私模型漏洞!駭客每週花費60美元的AWS服務,就能追蹤 96% 金流地址
https://www.blocktempo.com/former-google-engineer-uncovers-96-of-privacy-altcoin-addresses/

Fortinet FortOS 多個漏洞
https://www.hkcert.org/my_url/zh/alert/19111802

Fortinet FortiClient 多個漏洞
https://www.hkcert.org/my_url/zh/alert/19111901

Google動態郵件功能出現XSS漏洞,可讓駭客透過Gmail發動攻擊
https://www.ithome.com.tw/news/134279

IBM WebSphere Application 遠端執行任意程式碼漏洞
https://www.hkcert.org/my_url/zh/alert/19111801

HKCERT 呼籲關注Windows 7、Windows伺服器2008 及 2008 R2 終止支援服務
https://www.hkcert.org/my_url/zh/blog/19112201

引發 BSoD 的BlueKeep漏洞攻擊,造成系統崩潰的原因
https://blog.trendmicro.com.tw/?p=62621

High-Severity Windows UAC Flaw…

資安事件新聞週報 2019/11/11 ~ 2019/11/15

資安事件新聞週報  2019/11/11  ~  2019/11/15

1.重大弱點漏洞/後門/Exploit/Zero Day
開機載入程式Das U-Boot暗藏程式攻擊漏洞
https://ithome.com.tw/news/134091

McAfee antivirus software impacted by code execution vulnerability
https://www.zdnet.com/article/mcafee-antivirus-software-impacted-by-code-execution-vulnerability/#ftag=RSSbaffb68

JVNVU#91935870 Trend Micro Anti-Threat Toolkit (ATTK) における任意のコード実行が可能な脆弱性
https://jvn.jp/vu/JVNVU91935870/

蘋果 macOS 系統內建郵件功能藏重大漏洞!快用一招防堵個資遭外洩
https://3c.ltn.com.tw/news/38577

Apple Mail on macOS leaves parts of encrypted emails in plaintext
https://www.zdnet.com/article/apple-mail-on-macos-leaves-parts-of-encrypted-emails-in-plaintext/#ftag=RSSbaffb68

思科Talos發現LEADTOOLS工具包中存在多個漏洞,可能導致遠程代碼執行
https://www.t00ls.net/articles-53771.html

思科產品遠端執行任意程式碼漏洞
https://tools.cisco.com/security/center/publicationListing.x

Pulse Secure VPN Arbitrary Command Execution
https://packetstormsecurity.com/files/155277/pulse_secure_cmd_exec.rb.txt

資安事件新聞週報 2019/11/4 ~ 2019/11/8

資安事件新聞週報  2019/11/4  ~  2019/11/8

1.重大弱點漏洞/後門/Exploit/Zero Day
BlueKeep漏洞發生第一波大規模攻擊,引發藍色死亡螢幕
https://www.ithome.com.tw/news/133987

First Cyber Attack 'Mass Exploiting' BlueKeep RDP Flaw Spotted in the Wild
https://thehackernews.com/2019/11/bluekeep-rdp-vulnerability.html

Snyk釋出最新JavaScript框架安全性報告,不少熱門框架模組存在XSS漏洞
https://www.ithome.com.tw/news/134029

JavaScriptCore - Type Confusion During Bailout when Reconstructing Arguments Objects
https://www.exploit-db.com/exploits/47590

ZTE 9000E 權限許可和訪問控制問題漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3425

多款D-Link產品遠程代碼執行漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16920

F5 BIG-IP AFM SQL注入漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6658

資安事件新聞週報 2019/10/28 ~ 2019/11/1

資安事件新聞週報  2019/10/28  ~  2019/11/1

1.重大弱點漏洞/後門/Exploit/Zero Day

Symantec antivirus crashes something again. This time Chrome 78 browsers
https://www.zdnet.com/article/symantec-antivirus-crashes-something-again-this-time-chrome-78-browsers/#ftag=RSSbaffb68

VMWare vCenter 伺服器設備資料洩露漏洞
https://www.vmware.com/security/advisories/VMSA-2019-0018.html

MikroTik RouterOS 6.45.6 - DNS Cache Poisoning
https://www.exploit-db.com/exploits/47566

主流虛擬化平臺 QEMU-KVM 被曝存在漏洞,可完全控制宿主機及其虛擬機
https://www.chainnews.com/zh-hant/articles/730633063482.htm

Google Chrome/Microsoft Edge Chromium version 78.0.x error "Aw, Snap! Something went wrong while displaying this webpage." when using Endpoint Protection
https://support.symantec.com/us/en/article.tech256047.html

Where the beep is Reopen Closed Tab in Chrome 78? (and how to get it back)
https://www.zdnet.com/article/where-the-beep-is-reopen-closed-tab-in-chrome-78-and-how-to-get-it-back/#ftag=RSSbaffb68

Samba Releases Security Updates
https://www.samba.org/samba/sec…

11月份資安社群及教育訓練活動分享

OWASP AppSec Day Melbourne  11/1
 https://infosec-conferences.com/events-in-2019/owasp-appsec-day-melbourne/

 Hackfest 2019  11/1 ~ 11/3
 https://infosec-conferences.com/events-in-2019/hackfest-2019/

 行政院資安學院 物聯網資安培訓課程 11/3 ~ 11/30
 https://www.accupass.com/event/1810080517061259295030

  Elite East Coast CISO Summit 11/3~11/5
 https://infosec-conferences.com/events-in-2019/elite-east-coast-ciso-summit/

 Red Hat Forum Taipei 2019  11/5
 https://www.facebook.com/events/1390202967799392/

資安事件新聞週報 2019/10/21 ~ 2019/10/25

資安事件新聞週報  2019/10/21  ~  2019/10/25

1.重大弱點漏洞/後門/Exploit/Zero Day
SRLabs發現智能揚聲器新漏洞或變身監聽用戶的間諜設備
https://www.cnbeta.com/articles/tech/901805.htm

Google、Amazon智能喇叭偷錄密碼
http://bit.ly/2P77wue

Symantec antivirus crashes something again. This time Chrome 78 browsers
https://www.zdnet.com/article/symantec-antivirus-crashes-something-again-this-time-chrome-78-browsers/#ftag=RSSbaffb68

Apache Traffic Server 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10079

Docker Hub現支援TOTP雙因素驗證
https://www.ithome.com.tw/news/133748

PHP遠程代碼執行漏洞預警(CVE-2019-11043)
https://www.huaweicloud.com/notice/2018/20191024155807348.html

PHP 遠程代碼執行漏洞(CVE-2019-11043)[附exploit]
http://vulsee.com/archives/vulsee_2019/1023_9128.html

Fortinet FortiOS 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15703

NETGEAR JNR1010訪問控制錯誤漏洞
https://kb.netgear.com/30177/JNR1010-Firmware-Version-1-0-0-32

Oracle Java SE 安全漏洞(CVE-2019-11068)
http://www.dukulong.com/article/CVE-2019-11068.html

Weblogic反序列化遠程代碼執行漏洞預警通告
https://cloud.tencent.co…

資安事件新聞週報 2019/10/14 ~ 2019/10/18

資安事件新聞週報  2019/10/14  ~  2019/10/18

1.重大弱點漏洞/後門/Exploit/Zero Day
Juniper 10月產品安全性更新公告
https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES

GitHub 首席安全工程師:Linux 暗藏嚴重漏洞,存在至少4 年
https://www.infoq.cn/article/WSWoSgGNk9iz0Had5XmU?utm_source=rss&utm_medium=article

FDA對影響醫療裝置和醫院網路的URGENT/11漏洞發出警報
https://blog.trendmicro.com.tw/?p=62255

BMC Software Patrol Agent 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17043

ReportLab 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17626

BIND 多個漏洞
https://www.us-cert.gov/ncas/current-activity/2019/10/17/isc-releases-security-advisories-bind

LimeSurvey 跨站脚本漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17660

HiNet GPON 3097 埠允許遠端執行任意指令
https://tvn.twcert.org.tw/taiwanvn/TVN-201908005

NETGEAR JNR1010 訪問控制錯誤漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-11014

TOPMeeting 全球行動視訊會議系統含有機敏資料暴露漏洞
https://tvn.twcert.org.tw/taiwanvn/TVN-201907002

Sonatype Nexus Repository Manager 安全漏洞
http://cve.mitre.or…

資安事件新聞週報 2019/10/7 ~ 2019/10/11

資安事件新聞週報  2019/10/7  ~  2019/10/11

1.重大弱點漏洞/後門/Exploit/Zero Day
英國政府警告:Pulse Secure、Palo Alto和Fortinet的VPN存在APT攻擊漏洞
https://www.ithome.com.tw/news/133480

Unpatched VPN Servers Targeted by Nation-State Attackers
https://www.bankinfosecurity.com/unpatched-vpn-servers-targeted-by-nation-state-attackers-a-13202

Vulnerabilities exploited in VPN products used worldwide
https://www.ncsc.gov.uk/news/alert-vpn-vulnerabilities

Palo Alto PAN-OS 遠端執行程式碼漏洞
https://www.hkcert.org/my_url/zh/alert/19072402

Fortinet FortOS 多個漏洞
https://www.hkcert.org/my_url/zh/alert/19100802

Juniper Networks 產品安全性漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0074

IBM WebSphere Application 多個漏洞
https://www.auscert.org.au/bulletins/ESB-2019.3731/
https://www.auscert.org.au/bulletins/ESB-2019.3728/

熱門UI設計工具Figma的擴充套件系統存在漏洞,官方抽換底層基礎架構
https://www.ithome.com.tw/news/133492

Notepad++ (x64) before 7.7 CVE-2019-16294 – Remote Code Execution
https://0day.life/exploits/0day-940.html

資安事件新聞週報 2019/9/30 ~ 2019/10/4

資安事件新聞週報  2019/9/30  ~  2019/10/4

1.重大弱點漏洞/後門/Exploit/Zero Day
思科產品多個漏洞
https://tools.cisco.com/security/center/publicationListing.x

Red Hat JBoss 多個漏洞
https://www.auscert.org.au/bulletins/ESB-2019.3689/
https://www.auscert.org.au/bulletins/ESB-2019.3672/

IBM WebSphere Application Server 多個漏洞
https://www.ibm.com/support/pages/node/960171

蘋果產品多個漏洞
https://support.apple.com/en-us/HT201222

Checkm8漏洞有多恐怖永久性破解蘋果A5-A11設備
https://new.qq.com/omn/20190928/20190928A09R9900.html

谷歌Google軟件現嚴重漏洞導致部分蘋果Mac電腦無法正常啟動
http://www.sohu.com/a/343990168_499322

vBulletin緊急修補本周被揭露的零時差漏洞
https://ithome.com.tw/news/133295

物聯網裝置攻擊頻傳,戴夫寇爾揭露中華電信數據機設置不當的漏洞
https://www.ithome.com.tw/news/133322

關於CVE-2019-1367 IE瀏覽器遠程代碼執行高危漏洞安全加固的緊急通報
https://www.heibai.org/post/1526.html


IBM MQ AMQP Listeners 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4227

微軟IE瀏覽器現漏洞 惡意代碼奪取電腦控制權
http://bit.ly/2o5b98k

微軟 IE 瀏覽器被曝漏洞,可透過惡意網站操控 Windows 系統
https://technews.tw/2019/09/30/ie-is-exposed-to-major-security-vulnerabilities/

微軟緊急發佈IE零時差漏洞更新
https://www…

資安事件新聞週報 2019/9/23 ~ 2019/9/27

資安事件新聞週報  2019/9/23  ~  2019/9/27

1.重大弱點漏洞/後門/Exploit/Zero Day
泰國司法部長就電子跟蹤器手環EM漏洞 司法部索賠逾8300萬銖
http://www.udnbkk.com/article-286128-1.html

清華大學發現ARM、Intel處理器漏洞;華為發布Mate 30系列手機
https://kknews.cc/tech/qlklg5r.html

makandra consul gem for Ruby 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16377

Agwl駭客組織再攻Phpstudy,新增Apache Solr漏洞利用
https://s.tencent.com/research/report/813.html

全球最大同性交友網站化身漏洞管理者,還有25個潛在漏洞排名
https://www.jishuwen.com/d/pmdz/zh-tw

Kubernetes Kubectl曝安全漏洞,Rancher產品不受影響
https://segmentfault.com/a/1190000020464083

10月份資安社群及教育訓練活動分享

10月份資安社群及教育訓練活動分享

 2019 NASA黑客松賽前技術分享[Microsoft]_Azure 雲端運算與認知識別服務 10/1
 https://www.facebook.com/events/421753888461417/

 技職校院物聯網創新應用賽 10/1 受理報名
 https://iot2gather.ntust.edu.tw/

 Gnss海面反射訊號之技術及應用 10/1
 https://www.facebook.com/events/384731849123773/

 GovernmentWare Conference & Exhibition  10/1
 https://infosec-conferences.com/events-in-2019/govware/

 Cyber City Conference 10/1
 https://infosec-conferences.com/events-in-2019/cyber-city-conference/

 GDG DevFest Taipei 2019 10/1
 https://www.meetup.com/GDGTaipei/events/263142255/

 IEEE International Symposium on Reliable Distributed Systems (SRDS)  10/1 ~ 10/4
 https://infosec-conferences.com/events-in-2019/srds/

資安事件新聞週報 2019/9/16 ~ 2019/9/20

資安事件新聞週報  2019/9/16  ~  2019/9/20

1.重大弱點漏洞/後門/Exploit/Zero Day
Atlassian Jira 跨站脚本漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14996

Windows Defender malware scans are failing after a few seconds
https://www.zdnet.com/article/windows-defender-malware-scans-are-failing-after-a-few-seconds/

Haxx curl 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5481

IBM WebSphere Application Server 多個漏洞
https://www.ibm.com/support/pages/security-bulletin-information-disclosure-vulnerability-websphere-application-server-cve-2019-4477
https://www.ibm.com/support/pages/security-bulletin-file-traversal-vulnerability-websphere-application-server-admin-console-cve-2019-4268
https://www.ibm.com/support/pages/security-bulletin-cross-site-scripting-vulnerability-websphere-application-server-admin-console-cve-2019-4270

CVE-2019-1579:-- #Critical Pre-Authentication #Vulnerability
https://github.com/securifera/CVE-2019-1579

Vivotek VIVOTEK IP Camera 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?nam…

資安事件新聞週報 2019/9/9 ~ 2019/9/13

資安事件新聞週報  2019/9/9  ~  2019/9/13


1.重大弱點漏洞/後門/Exploit/Zero Day
藏在純文字檔的Jenkins外掛漏洞
https://blog.trendmicro.com.tw/?p=61935

上百萬台網路收音機暗藏可遭駭客挾持的安全漏洞
https://ithome.com.tw/news/132984

Palo Alto Global  漏洞(CVE-2019-1579)
https://nosec.org/home/detail/2951.html

Pulse Secure VPN嚴重漏洞(CVE-2019-11510)警報
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101

Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN - Remote Code Execution
https://www.exploit-db.com/exploits/47354

Telnet backdoor vulnerabilities impact over a million IoT radio devices
https://www.zdnet.com/article/critical-vulnerabilities-impact-over-a-million-iot-radio-devices/#ftag=RSSbaffb68

Imperial & Dabman Internet Radio - Undocumented Telnetd & Code Execution
https://www.vulnerability-db.com/?q=articles/2019/09/09/imperial-dabman-internet-radio-undocumented-telnetd-code-execution

Java finally goes all in on open source with the Jakarta EE 8 release
https://www.zdnet.com/article/java-finally-goes-all-in-on-open-source-with-the-release…

資安事件新聞週報 2019/9/2 ~ 2019/9/6

資安事件新聞週報  2019/9/2  ~  2019/9/6

1.重大弱點漏洞/後門/Exploit/Zero Day
PSV、PS3雙雙獲得韌體更新,但似乎忘了把漏洞補上
https://www.techbang.com/posts/72481-psv-ps3-double-get-stolic-update-but-seem-to-forget-to-fill-in-the-vulnerability

發現美國海軍網站的敏感信息洩露和SQL注入漏洞
https://nosec.org/home/detail/2909.html

企業修補進度慢!近期臺灣資安業者揭露的SSL VPN漏洞,傳出已遭駭客鎖定
https://www.ithome.com.tw/news/132764

SonarQube檢測出的bug、漏洞以及異味的修復整理
https://cloud.tencent.com/developer/article/1497624

Zimbra-RCE
https://github.com/rek7/Zimbra-RCE

Trend Micro OfficeScan (OSCE) DLL Side-Loading安全性弱點通告
https://nvd.nist.gov/vuln/detail/CVE-2019-9492

Hiding in Plain Text: Jenkins Plugin Vulnerabilities
https://blog.trendmicro.com/trendlabs-security-intelligence/hiding-in-plain-text-jenkins-plugin-vulnerabilities/

Lightning Network用戶敦促因漏洞而緊急更新軟件
https://0xzx.com/201908302043248275.html

SA103 : October 2015 NTP Security Vulnerabilities
https://support.symantec.com/us/en/article.SYMSA1335.html

SA98 : OpenSSL Security Advisory 11-June-2015
https://support.symantec.com/us/en/article.SYMSA1325…

資安事件新聞週報 2019/8/26 ~ 2019/8/30

資安事件新聞週報  2019/8/26  ~  2019/8/30

1.重大弱點漏洞/後門/Exploit/Zero Day
2019年HITCON ZeroDay漏洞通報現況,注意弱密碼問題通報數量增,還有人才媒合新功能上線
https://www.ithome.com.tw/news/132620

企業弱密碼今年狂被駭!HITCON資安漏洞申報平台連台電、群暉都拜託「抓漏」
http://bit.ly/2PfQM5x

Kubernetes嚴重漏洞致服務器DoS攻擊
https://www.4hou.com/vulnerable/19863.html

IBM WebSphere Application Server 多個漏洞
https://www-01.ibm.com/support/docview.wss?uid=ibm10964780

台灣資安公司揭露多家企業級 VPN 服務漏洞後,駭客便用來攔截流量
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=919

Palo Alto PAN-OS 多個漏洞
https://securityadvisories.paloaltonetworks.com/Home/Detail/159
https://securityadvisories.paloaltonetworks.com/Home/Detail/160
https://securityadvisories.paloaltonetworks.com/Home/Detail/161

Palo Alto Networks PAN-OS 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1582

Cisco 多個產品發布新的安全更新
https://www.us-cert.gov/ncas/current-activity/2019/08/22/cisco-releases-security-updates

思科 NX-OS 多個漏洞
https://tools.cisco.com/security/center/publicationListing.x

9月份資安社群及教育訓練活動分享

9月份資安社群及教育訓練活動分享


 HITCON HackDoor 駭入辦公室 7/2 ~ 9/28
 https://www.accupass.com/event/1906050355291064968019

 MLDM Monday|用開放資料玩出政府創新應用 : 當雨神來臨時  9/2
 https://www.meetup.com/Taiwan-R/events/262992081/

 Taipei Rails Meetup  9/3
 https://www.meetup.com/rails-taiwan/events/dlgzljyzmbfb/

 高雄 Rails Meetup 9/4
 https://www.meetup.com/rails-taiwan/events/qxfvjkyzmbgb/

 Android Code Club(Taipei) 9/4
 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bsctnqyzmbgb/

 SyntaxError 9/4
 https://www.meetup.com/pythonhug/events/tnzzgpyzmbgb/

 工業控制系統資安研討會 9/5
 http://bit.ly/2NsMvt5

 HackingThursday 固定聚會 9/5
 https://www.meetup.com/hackingthursday/events/vkhnnqyzmbhb/

 TWJUG 201909 聚會 9/5
 https://www.meetup.com/taiwanjug/events/264123847/



資安事件新聞週報 2019/8/19 ~ 2019/8/23

資安事件新聞週報  2019/8/19  ~  2019/8/23

1.重大弱點漏洞/後門/Exploit/Zero Day
卡巴斯基殺毒軟件被曝出用戶上網痕跡洩露漏洞
https://zhuanlan.zhihu.com/p/78480931

被HTTP/2漏洞拖累,所有Kubernetes版本受影響
https://www.kubernetes.org.cn/5746.html

UK cybersecurity agency warns devs to drop Python 2 due to looming EOL & security risks
https://www.zdnet.com/article/uk-cybersecurity-agency-warns-devs-to-drop-python-2-due-to-looming-eol-security-risks/#ftag=RSSbaffb68

npm撤下含有可竊取登入憑證的bb-builder套件
https://www.ithome.com.tw/news/132572

npm Pulls Malicious Package that Stole Login Passwords
https://www.bleepingcomputer.com/news/security/npm-pulls-malicious-package-that-stole-login-passwords/

The NPM package that walked away with all your passwords
https://blog.reversinglabs.com/blog/the-npm-package-that-walked-away-with-all-your-passwords

IBM WebSphere Application Server 多個漏洞
https://www-01.ibm.com/support/docview.wss?uid=ibm10964780

資安事件新聞週報 2019/8/12 ~ 2019/8/16

資安事件新聞週報  2019/8/12  ~  2019/8/16

1.重大弱點漏洞/後門/Exploit/Zero Day
Steam驚爆安全漏洞 逾1億玩家恐受影響
https://newtalk.tw/news/view/2019-08-11/284396

托最新藍牙漏洞的“福”,我險些把小電影和賬戶密碼親手給黑客
https://tech.ifeng.com/c/7p8gRStrlcA

JVNVU#90240762 Bluetooth BR/EDR での暗号鍵エントロピーのネゴシエーションにおける問題
https://jvn.jp/vu/JVNVU90240762/

賽門鐵克防毒軟體和Windows SHA-2不相容,微軟暫停更新
https://www.ithome.com.tw/news/132435

Kasper-Spy: Kaspersky Anti-Virus puts users at risk
https://www.heise.de/ct/artikel/Kasper-Spy-Kaspersky-Anti-Virus-puts-users-at-risk-4496138.html

Kaspersky Antivirus Flaw Exposed Users to Cross-Site Tracking Online
https://thehackernews.com/2019/08/kaspersky-antivirus-online-tracking.html

Trend Micro fixes privilege escalation security flaw in Password Manager
https://www.zdnet.com/article/trend-micro-fixes-hijack-security-flaw-in-password-manager/#ftag=RSSbaffb68

Trend Micro Password Manager - Privilege Escalation to SYSTEM
https://safebreach.com/Post/Trend-Micro-Password-Manager-Privilege-Escalation-to-SYSTEM

HTTP/2含有多個服務阻斷漏…

資安事件新聞週報 2019/8/5 ~ 2019/8/9

資安事件新聞週報  2019/8/5  ~  2019/8/9

1.重大弱點漏洞/後門/Exploit/Zero Day
PuTTY繼0.71版本修正8個高風險漏洞後,再次更新0.72版本
http://bit.ly/2YDMIM5

修補 Fortigate SSL VPN Web門戶中的不正當授權漏洞
https://ithelp.ithome.com.tw/articles/10212691

研究者警告:眾多Jira伺服器的錯誤配置,讓員工及專案資訊全曝光
https://www.ithome.com.tw/news/132265

研究人員發現可劫持數百萬Android裝置的高通晶片漏洞
https://www.ithome.com.tw/news/132291

DRAGONBLOOD新漏洞劫持WPA3密碼
https://www.4hou.com/vulnerable/19554.html

IBM WebSphere Application Server 多個漏洞
https://www-01.ibm.com/support/docview.wss?uid=ibm10960159
https://www-01.ibm.com/support/docview.wss?uid=ibm10888425

NVIDIA Patches High Severity Flaws in Windows GPU Display Driver
https://www.bleepingcomputer.com/news/security/nvidia-patches-high-severity-flaws-in-windows-gpu-display-driver/

NVIDIA顯卡驅動被曝5個高危漏洞官方建議升級最新版
http://www.elecfans.com/emb/dsp/201908041031073.html

VMWare 產品多個漏洞
https://www.vmware.com/security/advisories/VMSA-2019-0012.html