跳到主要內容

發表文章

目前顯示的是 2019的文章

資安事件新聞週報 2019/5/20 ~ 2019/5/24

資安事件新聞週報  2019/5/20  ~  2019/5/24

1.重大弱點漏洞/後門/Exploit/Zero Day
Fortinet FortiClient 遠端執行任意程式碼漏洞  CVE-2019-5589
https://fortiguard.com/psirt/FG-IR-19-060

Fortinet FortiOS 緩衝區錯誤漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13381

Fortinet FortiOS VM 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5587

多款Huawei S系列交換機安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5285

揭秘“0 day漏洞”:一款強大卻脆弱的武器
https://www.4hou.com/vulnerable/18116.html

Some Elasticsearch security features are now free for everyone
https://www.zdnet.com/article/some-elasticsearch-security-features-are-now-free-for-everyone/#ftag=RSSbaffb68

McAfee 產品多個漏洞
https://kc.mcafee.com/corporate/index?page=content&id=SB10282
https://kc.mcafee.com/corporate/index?page=content&id=SB10280

女黑客SandboxEscaper又曝光4個Windows 10零日漏洞
https://www.sohu.com/a/316244133_223764?sec=wd

專家促微軟用戶修補遠端漏洞 警告黑客或發動蠕蟲攻擊
http://bit.ly/2HzCve0

最新 Windows 10 0-Day 漏洞在推特上出現,可執行任意檔案
https://www.twcert.org.tw/subpages/securityInfo/securitypol…

資安事件新聞週報 2019/5/13 ~ 2019/5/17

資安事件新聞週報  2019/5/13  ~  2019/5/17

1.重大弱點漏洞/後門/Exploit/Zero Day
Fortinet FortiSandbox跨站腳本漏洞   CVE-2018-1356
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1356

GPS追蹤器的安全漏洞將允許駭客得知用戶位置或竊聽
https://www.ithome.com.tw/news/130585

Titan藍牙硬體金鑰有安全漏洞,Google將免費換新
https://ithome.com.tw/news/130673

WordPress網站的安全漏洞有98%來自外掛程式
https://www.ithome.com.tw/news/130713

VMWare 產品權限提升漏洞
https://www.us-cert.gov/ncas/current-activity/2019/05/14/VMware-Releases-Security-Updates

Toshiba 和 Brother 印表機Web Services列印存在安全漏洞
https://net.nthu.edu.tw/netsys/mailing:announcement:20190515_02

Coros announces VERTIX GPS adventure watch: 45-day battery life and extreme operating profile
https://www.zdnet.com/article/coros-announces-vertix-gps-adventure-watch-45-day-battery-life-and-extreme-operating-profile/#ftag=RSSbaffb68

HAProxy 安全漏洞 CVE-2019-11323
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11323

資安事件新聞週報 2019/5/6 ~ 2019/5/10

資安事件新聞週報  2019/5/6  ~  2019/5/10

1.重大弱點漏洞/後門/Exploit/Zero Day
八種無線演示系統中的關鍵漏洞
https://www.chainnews.com/articles/111363306365.htm

Dell 預載軟體成為 PC 被駭的後門
https://chinese.engadget.com/2019/05/04/supportassist-dell-vulnerability-windows/

安全研究人員發現戴爾支持助手客戶端存在安全漏洞會引發遠程攻擊
https://www.landiannews.com/archives/58210.html

Office 2016更新臭蟲引發當機,遭微軟緊急撤除
https://www.ithome.com.tw/news/130505?fbclid=IwAR1Q5Dpo1wj_lF95EFYrGqzbb0u9bJu3yG7-UoeARiAB1VAXNAcxQ1Y_zxU

華碩與技嘉的驅動程式遭爆含有權限擴張漏洞
https://0nion.com/article/27466

Jenkins外掛存在安全漏洞,衍生密碼外洩或跨站攻擊風險
https://www.ithome.com.tw/news/130412

Jenkins外掛程序存在安全漏洞,有資料外洩和跨網站攻擊等風險
http://www.twoeggz.com/news/14467228.html

黑客三年來一直向APT組織提供微軟零日漏洞
http://521.li/post/628.html

資安事件新聞週報 2019/4/29 ~ 2019/5/3

資安事件新聞週報  2019/4/29  ~  2019/5/3

1.重大弱點漏洞
Symantec 產品多個漏洞
https://www.auscert.org.au/bulletins/79594

Fortinet FortiManager 洩露敏感資料漏洞
https://www.auscert.org.au/bulletins/79762

思科修補Nexus 9000網路交換器重大漏洞
https://www.ithome.com.tw/news/130397

New Exploits for Unsecure SAP Systems
https://www.us-cert.gov/ncas/alerts/AA19-122A

九成SAP用戶權限沒關好!13年前問題設定恐讓駭客任意存取App
https://www.ithome.com.tw/news/122772

Memcached 阻斷攻擊漏洞
https://github.com/memcached/memcached/wiki/ReleaseNotes1514

CentOS Web Panel 0.9.8.793 (Free) / v0.9.8.753 (Pro) / 0.9.8.807 (Pro) - Domain Field (Add DNS Zone) Cross-Site Scripting
https://www.exploit-db.com/exploits/46784

思科產品多個漏洞
https://www.us-cert.gov/ncas/current-activity/2019/05/01/Cisco-Releases-Security-Updates

D-Link camera vulnerability allows attackers to tap into the video stream
https://www.welivesecurity.com/2019/05/02/d-link-camera-vulnerability-video-stream/

Netgear DGN2200 / DGND3700 - Admin Password Disclosure
https://www.exploit-db.com/exploits/46764

Dell laptops and computers vulner…

5月份資安、社群活動分享

5月份資安、社群活動分享

 108年度資安初學者挑戰活動 (MyFirstCTF) 5/1 ~ 5/10 報名
 https://ais3.org/mfctf/

 HackingThursday 固定聚會  5/2
 https://www.meetup.com/hackingthursday/events/vkhnnqyzhbdb/

 Python 商務網站 * 極速學習 (2019春季 - 台北)  5/2
 https://cjltsod.kktix.cc/events/django-2019-spring-taipei

 國票金控「純網銀鯰魚與資安技術漣漪」日本樂天技術結合台灣AI 人工智慧發表會  5/2
 https://www.accupass.com/event/1904111400151860776797

 資安法 X 技術實務論壇  5/2
 https://csa.kktix.cc/events/csa190502

 國立交通大學 亥客書院 - 基礎網站安全建構實務  5/4
 https://hackercollege.nctu.edu.tw/?p=1045

 ISDA 白帽菁英萌芽計劃II 0505 
 https://reg.shield.org.tw/info.php?no=54

 Pwn入門  5/5
 https://hackersir.kktix.cc/events/fcu190505

 Elixir台灣 台北 Meetup # Monday, May 6, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzhbjb/

 公部門之AI資安防護新思維研討會 5/7
 http://www.cisanet.org.tw/News/activity_more?id=MTQzOA==

 向資安服務看齊 我們一起讓資安從「有做」到「有效」  5/8 ~ 5/10
 https://www.informationsecurity.com.tw/Seminar/2019_all/

 資安危機 - 進擊的勒索加密軟體 2019-05-09(四) 14:45 ~ 17:00
 https://www.accupass.com/event/19041703435474776…

資安事件新聞週報 2019/4/22 ~ 2019/4/26

資安事件新聞週報  2019/4/22  ~  2019/4/26

1.重大弱點漏洞
CVE-2019-3799:spring-cloud-config-server目錄遍歷漏洞警告
https://www.linuxidc.com/Linux/2019-04/158191.htm

jQuery 的“原型污染”安全漏洞
https://www.oschina.net/news/106124/jquery-impacted-by-prototype-pollution-flaw

Symantec 產品多個漏洞
https://www.auscert.org.au/bulletins/79594

Google Android System信息洩露漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2021

Google Chrome 74 released with Dark Mode support for Windows users
https://www.zdnet.com/article/google-chrome-74-released-with-dark-mode-support-for-windows-users/#ftag=RSSbaffb68

CyberDairy Solutions SQLi
https://www.anquanke.com/vul/id/1576754

D-Link DI-524跨站脚本漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11017

甲骨文 WebLogic 遠端執行程式碼漏洞
https://www.zdnet.com/article/new-oracle-weblogic-zero-day-discovered-in-the-wild/

Oracle MySQL Server拒絕服務漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2634

Oracle WebLogic Deserialization RCE Vulnerability (0day) Alert
http://bit.ly/2vikKch

關於Oracle WebLogic反序列化遠程命令執行…

資安事件新聞週報 2019/4/15 ~ 2019/4/19

資安事件新聞週報  2019/4/15  ~  2019/4/19

1.重大弱點漏洞
阿里巴巴被發現了一個可以繞過WAF的漏洞
https://nosec.org/home/detail/2483.html

中國蟻劍被曝XSS 漏洞,可導致遠程命令執行
http://www.sohu.com/a/307475721_354899?sec=wd

Electronic Arts修補含有遠端程式攻擊漏洞的客戶端程式
https://www.ithome.com.tw/news/130052

Zyxel ZyWall 310 / ZyWall 110 / USG1900 / ATP500 / USG40 - Login Page Cross-Site Scripting
https://www.exploit-db.com/exploits/46706

Zimbra Collaboration - Autodiscover Servlet XXE and ProxyServlet SSRF (Metasploit)
https://www.exploit-db.com/exploits/46693

CyberArk EPM 10.2.1.603 - Security Restrictions Bypass
https://www.exploit-db.com/exploits/46688

卡巴斯基實驗室:win32k.sys又曝出了新的零日漏洞
https://nosec.org/home/detail/2490.html

New zero-day vulnerability CVE-2019-0859 in win32k.sys
https://securelist.com/new-win32k-zero-day-cve-2019-0859/90435/

Shimo VPN 輸入驗證錯誤漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4009

Vulnerability Spotlight: Multiple vulnerabilities in Shimo VPN's helper tool
https://blog.talosintelligence.com/2019/04/vulner…

資安事件新聞週報 2019/4/8 ~ 2019/4/12

資安事件新聞週報  2019/4/8  ~  2019/4/12

1.重大弱點漏洞
多個虛擬私人網絡應用程式未經加密儲存暫存 cookies 漏洞
https://kb.cert.org/vuls/id/192371/

CloudBees Jenkins信息洩露漏洞
https://jenkins.io/security/advisory/2019-03-25/#SECURITY-1089

Juniper 產品多個漏洞
https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES

Dell Networking OS10密鑰管理錯誤漏洞
https://www.dell.com/support/article/SLN316558/

CyberArk EPM 10.2.1.603 - Security Restrictions Bypass
https://www.exploit-db.com/exploits/46688

CentOS Web Panel 0.9.8.793 (Free) / 0.9.8.753 (Pro) - Cross-Site Scripting
https://www.exploit-db.com/exploits/46669

KindEditor上傳漏洞導致近百個黨政網站植入
http://www.52rkl.cn/xinwenzatan/040X245502019.html

TP-LINK路由器緩衝區溢出0 day 漏洞
https://www.4hou.com/vulnerable/17280.html

TP-LINK TL-WR940N / TL-WR941ND - Buffer Overflow
https://www.exploit-db.com/exploits/46678

D-Link DI-524 V2.06RU - Multiple Cross-Site Scripting
https://www.exploit-db.com/exploits/46687

QNAP Netatalk < 3.1.12 - Authentication Bypass
https://www.exploit-db.com/ex…

資安事件新聞週報 2019/4/1 ~ 2019/4/5

資安事件新聞週報  2019/4/1  ~  2019/4/5

1.重大弱點漏洞
WinRAR Zero-day Abused in Multiple Campaigns
https://www.fireeye.com/blog/threat-research/2019/03/winrar-zero-day-abused-in-multiple-campaigns.html

新披露Jenkins RCE 漏洞成ImposterMiner 挖礦木馬新" 跳板"
https://www.chainnews.com/articles/931620544952.htm

因配置失誤超過1.3萬 iSCSI 存儲集群暴露在網路上
https://www.zdnet.com/article/over-13k-iscsi-storage-clusters-left-exposed-online-without-a-password/

甲骨文「通知」用戶付費取得Java 8安全修補程式,否則小心被駭
https://www.ithome.com.tw/news/129726

研究人員:HTTPS不如你想的安全,5.5%含有TLS漏洞
https://www.ithome.com.tw/news/129684

PuTTY 多個漏洞
https://thehackernews.com/2019/03/putty-software-hacking.html

Windows 10 收到奇怪的通知訊息?不是中毒,只是微軟不小心誤發的 Bug
https://www.kocpc.com.tw/archives/252222

微軟警告Windows 7用戶:安全更新即將結束
https://fnc.ebc.net.tw/FncNews/else/74214

Windows 10 1809進一步全面釋出
https://www.ithome.com.tw/news/129656

Microsoft Office Access Connectivity Engine遠程代碼執行漏洞
https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2019-0748

Microsoft Windows Kernel信息洩露漏洞
https://po…

2019年4月資安及社群活動分享

2019年4月資安及社群活動分享

  Elixir台灣 台北 Meetup # Monday, April 1, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzgbcb/

 Modeling Sequences with Recurrent Neural Networks, RNN  Wednesday, April 3, 2019
 https://www.meetup.com/Deep-Learning-for-Sciences-Engineering-and-Arts/events/257484461/

 HackingThursday 固定聚會  Thursday, April 4, 2019
 https://www.meetup.com/hackingthursday/events/vkhnnqyzgbgb/

 亞洲·矽谷計畫-強化物聯網資安防護成果發表會  2019-04-10(三) 10:00 ~ 12:00 (GMT+8)
 https://www.accupass.com/event/1903250751581953084909

 網路封包分析實務  4/11
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3826&from_course_list_url=homepage

資安事件新聞週報 2019/3/25 ~ 2019/3/29

資安事件新聞週報  2019/3/25  ~  2019/3/29

1.重大弱點漏洞
Drupal 存在安全性弱點
https://www.drupal.org/sa-core-2019-004

思科修補產品重大RCE漏洞
https://www.nccst.nat.gov.tw/NewsRSSDetail?lang=zh&RSSType=news&seq=16219

思科產品多個漏洞
https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir&limit=50#~Vulnerabilities

Windows 10 與 Windows Server 2019 DHCP 存有可遠端執行程式碼的漏洞
https://www.twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5087

Mozilla Firefox瀏覽器存在安全漏洞(CVE-2019-9810與CVE-2019-9813)
https://www.nccst.nat.gov.tw/VulnerabilityDetail?lang=zh&seq=1098

Mozilla Firefox瀏覽器存在安全漏洞,允許攻擊者遠端執行任意程式碼,請儘速確認並進行更新
https://www.twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5089

Apache Solr存在安全漏洞(CVE-2019-0192)
https://www.nccst.nat.gov.tw/VulnerabilityDetail?lang=zh&seq=1096

Apache CouchDB 2.3.1 - Cross-Site Request Forgery / Cross-Site Scripting
https://www.exploit-db.com/exploits/46595

Apache Tomcat 阻斷服務漏洞
https://www.auscert.org.au/bulletins/77766

PuTTY存在多個安全性漏洞
https://www.n…

資安事件新聞週報 2019/3/18 ~ 2019/3/22

資安事件新聞週報  2019/3/18  ~  2019/3/22

1.重大弱點漏洞

BurpSuite曝出疑似Windows下的提權漏洞
https://nosec.org/home/detail/2346.html

富士通無線鍵盤漏洞將允許遠端駭客接管系統
https://www.ithome.com.tw/news/129438

VMWare Workstation 提升權限漏洞
https://www.us-cert.gov/ncas/current-activity/2019/03/15/VMware-Releases-Security-Updates-Workstation-and-Horizon

CVE-2018-7117: A Somewhat Accidental XSS in HPE iLO
https://bit.ly/2ud0Yi0

PuTTY 多個漏洞
https://thehackernews.com/2019/03/putty-software-hacking.html

Cisco 多個產品存在安全性弱點
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190313-cspcscv
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190313-sip

Oracle MySQL Server組件拒絕服務漏洞
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Oracle MySQL Server組件未授權操作漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3066

McAfee 發現超過 100 起針對 WinRAR 上 19 年漏洞的攻擊
https://chinese.engadget.com/2019/03/16/winrar-bug-malware/

Patched WinRAR Bug Still Under Active Attack—Thanks to No Auto-U…

資安事件新聞週報 2019/3/11 ~ 2019/3/15

資安事件新聞週報  2019/3/11  ~  2019/3/15

1.重大弱點漏洞

F5 BIG-IP 安全漏洞  CVE-2019-6598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6598

Checkpoint Zonealarm  CVE-2018-8790
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-8790

NetApp Service Processor 遠端執行程式碼漏洞
https://security.netapp.com/advisory/ntap-20190305-0001/

pfSense 2.4.4-p1 (HAProxy Package 0.59_14) - Persistent Cross-Site Scripting
https://www.exploit-db.com/exploits/46538

PRTG Network Monitor 18.2.38 - Authenticated Remote Code Execution
https://www.exploit-db.com/exploits/46527

Sony Playstation 4 (PS4) < 6.20 - WebKit Code Execution (PoC)
https://www.exploit-db.com/exploits/46522

FreeBSD - Intel SYSRET Privilege Escalation (Metasploit)
https://www.exploit-db.com/exploits/46508

QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit)
https://www.exploit-db.com/exploits/46506

IBM DB2 提升權限漏洞
https://www.auscert.org.au/bulletins/77042

資安事件新聞週報 2019/3/4 ~ 2019/3/8

資安事件新聞週報  2019/3/4  ~  2019/3/8

1.重大弱點漏洞

NetApp SnapCenter Server 跨站脚本漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15515

QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit)
https://www.exploit-db.com/exploits/46506

Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit)
https://www.exploit-db.com/exploits/46509

FreeBSD - Intel SYSRET Privilege Escalation (Metasploit)
https://www.exploit-db.com/exploits/46508

部份單位「學生出入校園管理系統」存在資料庫注入攻擊漏洞
https://cert.tanet.edu.tw/images/20190306.jpg

Android TV 隱私出大包 暫停 Google Photos 連動,曝露數百帳號與資料圖片
https://www.kocpc.com.tw/archives/246931

Fortinet 產品FortiOS(5.6.0)等多個漏洞
https://www.auscert.org.au/bulletins/76446
https://www.auscert.org.au/bulletins/76450

Wireshark Radiotap解析器拒絕服務漏洞
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4ac83382dc49f9f7b62bffb3cfc508cdaa1e7be5

IBM WebSphere Application Server 跨站脚本漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4030

Xen 多個漏洞
https://www.au…

2019年3月資安及社群活動分享

Elixir台灣 台北 Meetup # Monday, March 4, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzfbgb/

 Greenhost 如何建立獨立且開放的雲端主機平台?主題二:網路資源及路由管理: IP, AS Number, DNS  3/4
 https://ocftw.kktix.cc/events/greenhost2

 如何推動關鍵基礎設施之醫療及工控系統的資安防護  3/6
 http://www.cisanet.org.tw/Services/express_more?id=2814

 網站弱點評估實務  3/7
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3825&from_course_list_url=homepage

 HackingThursday 固定聚會  March 7, 2019
 https://www.meetup.com/hackingthursday/events/vkhnnqyzfbkb/

 Arduino四軸飛行器開發實作,無人機硬體、無線遙控器、飛控軟體整合、飛行教學,一天學會  3/9
 https://bit.ly/2LdYJ5H

 AI於資訊安全之應用  3/9
 https://hackercollege.nctu.edu.tw/?p=1042

 【補助專班】AI人工智慧應用系列- AIoT智能物聯網開發人才就業養成班[免費諮詢]  3/12
 https://ittraining.kktix.cc/events/aiot-training-2019

資安事件新聞週報 2019/2/25 ~ 2019/3/1

資安事件新聞週報  2019/2/25  ~  2019/3/1

1.重大弱點漏洞

Avast:數位家庭最容易有漏洞的裝置是印表機、網路裝置及監視器
https://ithome.com.tw/news/128997

F5 BIG-IP Access Policy Manager 跨站腳本漏洞  CVE-2019-6595
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6595

MikroTik RouterOS < 6.43.12 (stable) / < 6.42.12 (long-term) - Firewall and NAT
https://www.exploit-db.com/exploits/46444

報告:前十大熱門Docker映像檔都有至少30個以上的漏洞
https://www.ithome.com.tw/news/129018

有攻擊者正利用Chrome的0day漏洞偷取他人信息
https://nosec.org/home/detail/2294.html

Chrome瀏覽器被曝存在漏洞攻擊者可通過PDF收集用戶信息
http://www.sohu.com/a/298175326_114774?sec=wd

Google Chrome zero-day used in the wild to collect user data via PDF files
https://www.zdnet.com/article/google-chrome-zero-day-used-in-the-wild-to-collect-user-data-via-pdf-files/#ftag=RSSbaffb68

Latest WinRAR Flaw Being Exploited in the Wild to Hack Windows Computers
https://bit.ly/2H4ZAWr

研究人員揭露大批Thunderclap安全漏洞,允許惡意周邊裝置竊取記憶體機密資訊
https://www.ithome.com.tw/news/129021

新發現的thunderclap 漏洞允許黑客使用Thunderbolt/USB-C 外設攻擊PC
http://hackernews.cc/archives/24…

資安事件新聞週報 2019/2/18 ~ 2019/2/22

資安事件新聞週報  2019/2/18  ~  2019/2/22

1.重大弱點漏洞

多個廠商IP Camera未授權遠程命令執行漏洞
https://www.seebug.org/vuldb/ssvid-97810

Dell SonicWall SonicOS 安全漏洞  CVE-2018-9867
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9867

VyOS權限提升漏洞  CVE-2018-18556
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18556

WinRAR 被曝存在遺留19年的漏洞,影響全球多達5億用戶
https://www.freebuf.com/news/196281.html

存在 14 年的 WinRAR 安全漏洞終於修復
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=810

WinRAR versions released in the last 19 years impacted by severe security flaw
https://www.zdnet.com/article/winrar-versions-released-in-the-last-19-years-impacted-by-severe-security-flaw/#ftag=RSSbaffb68

Severe vulnerabilities uncovered in popular password managers
https://www.zdnet.com/article/critical-vulnerabilities-uncovered-in-popular-password-managers/#ftag=RSSbaffb68

安全播報:新型POODLE攻擊漏洞,影響TLS 1.2協議
https://wosign.com/news/news_2019021402.htm

D-Link DIR-823G無需驗證重啟漏洞  CVE-2018-17880
http://cve.mitre.org/cgi-bin/cvename.cgi?na…

資安事件新聞週報 2019/2/11 ~ 2019/2/15

資安事件新聞週報  2019/2/11  ~  2019/2/15

1.重大弱點漏洞

Imperva:2018 Web 應用漏洞數量比2017 增加了21%
https://www.codercto.com/a/51263.html

Cisco Network Assurance Engine(NAE) 存在安全性弱點
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190212-nae-dos

The State of Web Application Vulnerabilities in 2018
https://www.imperva.com/blog/the-state-of-web-application-vulnerabilities-in-2018/

Wordpress外掛漏洞讓駭客得以接管網站
https://www.ithome.com.tw/news/128704?fbclid=IwAR3Hc8Fphi-hjS985qUa3FjCqJH6hovv94R1TL7-YwcfJxRYcbV11SUJqo4

用戶投訴美國交友平台OKCupid:系統漏洞致帳號遭攻擊
https://news.sina.com.tw/article/20190211/29990794.html

微軟一口氣推出 77 項產品更新修補程式
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=800

微軟資安中心指出,0Day 攻擊比例日漸上升
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=798

數據揭示Windows漏洞的實際破壞性正在降低
https://news.sina.com.tw/article/20190211/29989630.html

微軟為何推Windows 10強制更新?黑客漏洞攻擊沒活路
https://www.ithome.com/0/408/663.htm

資安事件新聞週報 2/4 ~ 2/8

資安事件新聞週報  2/4  ~  2/8

1.重大弱點漏洞

Marvell Avastar Wi-Fi 多個漏洞
https://www.hkcert.org/my_url/zh/alert/19020802

Zyxel VMG3312-B10B DSL-491HNU-B1B v2 Modem - Cross-Site Request Forgery
https://www.exploit-db.com/exploits/46326

pfSense 2.4.4-p1 - Cross-Site Scripting
https://www.exploit-db.com/exploits/46316

Nessus 8.2.1 - Cross-Site Scripting
https://www.exploit-db.com/exploits/46315

phpMyAdmin 多個漏洞
https://www.hkcert.org/my_url/zh/alert/19020101

廈門航空客服系統任意文件下載漏洞
https://shuimugan.com/bug/view?bug_no=171322

某省出入境便民服务平台存在SQL注射漏洞
https://shuimugan.com/bug/view?bug_no=168827

研究人員發現macOS漏洞:可獲取用戶密碼
https://www.feng.com/iPhone/news/2019-02-07/The-researchers-found-that-the-macOS-to-get-the-user-password_700704.shtml

KeySteal零日漏洞曝光研究者希望蘋果提供macOS除蟲獎勵
https://m.cnbeta.com/view/816023.htm

MacOS 密碼金鑰「Keychain」現保安漏洞 研究員示範偷密碼過程
https://unwire.hk/2019/02/07/macoskeychain/tech-secure/

2019年2月資安及社群活動分享

2019年2月資安及社群活動分享

 Elixir台灣 台北 Meetup # Wednesday, February 13, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzdbgb/

 Android Code Club(Taipei) Wednesday, February 13, 2019
 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bsctnqyzdbrb/

 Women Join Tech Yilan Batch2 Session 3  Wednesday, February 13, 2019
 https://www.meetup.com/Women-Who-Code-Taipei/events/258317885/

 Multilayer Perceptron (MLP), Artificial Neural Network (ANN), and Deep Learning  Wednesday, February 13, 2019
 https://www.meetup.com/Deep-Learning-for-Sciences-Engineering-and-Arts/events/257483663/

 HackingThursday 固定聚會 Thursday, February 14, 2019
 https://www.meetup.com/hackingthursday/events/vkhnnqyzdbsb/

 資策會開辦ISO27002資訊安全管理國際認證班 2019/2/16
 https://ithome.com.tw/pr/128353

 Raspberry Pi 3+Google AIY Voice Kit 實作,打造智慧語音助理,學習自然語言理解  2/17
 https://www.techbang.com/posts/58439-raspberry-pi-3-google-aiy-voice-kit

 Golang Taipei Gathering #37  2/18
 https://www.meetup.com/golang-taipei-meetup/events/2567407…

資安事件新聞週報 1/28 ~ 2/1

資安事件新聞週報  1/28  ~  2/1

1.重大弱點漏洞

偷窺別人隱私! 陸媒揭「智慧攝影機」漏洞
https://bit.ly/2FPiX5O

防毒軟體反成駭客入口,研究人員揭露ZoneAlarm的權限擴張漏洞
https://www.ithome.com.tw/news/128468

APT/APT-GET RCE Vulnerability (CVE-2019-3462) Handling Guide
https://nsfocusglobal.com/apt-RCE-Vulnerability-Handling-Guide

phpMyAdmin 多個漏洞
https://www.auscert.org.au/bulletins/74738

蘋果官方再次致謝,360成就史上最強“漏洞挖掘大滿貫”
http://www.360.cn/n/10560.html

Apple 發佈多個安全性弱點
https://support.apple.com/en-us/HT201222

蘋果 iOS 零日資料洩露漏洞
https://9to5mac.com/2019/01/28/facetime-bug-hear-audio/

Apple Facetime資訊洩露漏洞
https://www.nccst.nat.gov.tw/VulnerabilityNewsDetail?lang=zh&seq=1415

macOS < 10.14.3 / iOS < 12.1.3 - Kernel Heap Overflow in PF_KEY due to Lack of Bounds Checking when Retrieving Statistics
https://www.exploit-db.com/exploits/46300

macOS < 10.14.3 / iOS < 12.1.3 XNU - 'vm_map_copy' Optimization which Requires Atomicity isn't Atomic
https://www.exploit-db.com/exploits/46299

資安事件新聞週報 1/21 ~ 1/25

資安事件新聞週報  1/21  ~  1/25

1.重大弱點漏洞

OpenBMC caught with 'pantsdown' over new security flaw
https://www.zdnet.com/article/bmc-caught-with-pantsdown-over-new-batch-of-security-flaws/#ftag=RSSbaffb68

Cisco RV320 Dual Gigabit WAN VPN Router 1.4.2.15 - Command Injection
https://www.exploit-db.com/exploits/46243

思科產品多個漏洞
https://tools.cisco.com/security/center/publicationListing.x

Juniper ATP跨站腳本漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0027

Zyxel NBG-418N v2 Modem 1.00(AAXM.6)C0 - Cross-Site Request Forgery
https://www.exploit-db.com/exploits/46240

Splunk Enterprise 7.2.3 - Authenticated Custom App RCE
https://www.exploit-db.com/exploits/46238

Nagios XI 5.5.6 - Remote Code Execution / Privilege Escalation
https://www.exploit-db.com/exploits/46221

資安事件新聞週報 1/14 ~ 1/18

資安事件新聞週報  1/14 ~  1/18

1.重大弱點漏洞

ForeScount :智慧建築含有諸多零時差漏洞
https://ithome.com.tw/news/128278

思科修補可能產生永久服務阻斷的AsyncOS漏洞
https://www.ithome.com.tw/news/128226

Check Point ZoneAlarm 8.8.1.110 - Local Privilege Escalation
https://www.exploit-db.com/exploits/46189

F-Secure研究員發現35年曆史的SCP客户端漏洞
https://hk.saowen.com/a/6848003ea4baf1d5b8edf2783c7e5f10055fe7aa8734828c7586f736fd4bf513

Oracle Critical Patch Update for January 2019
https://bit.ly/2ssuyPB

甲骨文產品多個漏洞
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Oracle Reports Developer 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2413

Oracle Database Server 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2547

網路印表機設備未正確設置存在漏洞
http://net.nthu.edu.tw/netsys/mailing:announcement:20190109_01

5個熱門網站代管平台皆含有安全漏洞
https://ithome.com.tw/news/128262

5 Popular Web Hosting Services Found Vulnerable to Multiple Flaws
https://bit.ly/2DfcL4A

Linux系統systemd-journald服務本地提權漏洞分析預警
https://www.anquanke.com/post/id/169761

資安事件新聞週報 1/7 ~ 1/11

資安事件新聞週報  1/7 ~  1/11

1.重大弱點漏洞

網路印表機設備未正確設置存在漏洞
https://cert.tanet.edu.tw/prog/shownews.php?sel=1&id=3003

D-Link 路由器部分產品發現可進行遠端執行程式碼漏洞
https://www.twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5077

Juniper 產品多個漏洞
https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES

Juniper Networks Junos OS 存在多個安全性弱點
https://www.us-cert.gov/ncas/current-activity/2019/01/09/Juniper-Networks-Releases-Multiple-Security-Updates

ESB-2019.0055 - [Linux] IBM Security Guardium: Multiple vulnerabilities
https://www.auscert.org.au/bulletins/73734

ESB-2019.0054 - [Win][Linux] IBM Rational Service Tester: Multiple vulnerabilities
https://www.auscert.org.au/bulletins/73730

ESB-2019.0047 - [Win][Linux][Solaris][AIX] IBM Case Manager: Multiple vulnerabilities
https://www.auscert.org.au/bulletins/73702

ESB-2019.0046 - [Win][Linux] IBM Rational Publishing Engine: Multiple vulnerabilities
https://www.auscert.org.au/bulletins/73698

ESB-2019.0053 - [Win][Linux] UCMDB Configuration Manag…

資安事件新聞週報 2018/12/31 ~ 2019/1/4

資安事件新聞週報  2018/12/31  ~  2019/1/4

1.重大弱點漏洞

鎖定Edge漏洞的攻擊程式曝光
https://www.ithome.com.tw/news/127943

Trend Micro OfficeScan XG檔案權限安全性弱點通告
http://files.trendmicro.com/products/officescan/XG/SP1/osce_xg_sp1_win_en_criticalpatch_b5261.html

新HTTP協定反成資安漏洞,後脅迫命令控制工具Merlin能以HTTP/2規避偵測
https://www.ithome.com.tw/news/127972

歐盟公布獎金懸賞計畫,盼安全研究人員找出開源軟體漏洞
https://technews.tw/2019/01/02/eu-to-fund-bug-bounty-programs-for-14-open-source-projects-starting-january-2019/

歐盟公佈獎金懸賞計劃 冀安全研究人員找出開源軟件漏洞
https://unwire.pro/2019/01/02/eu-to-fund-bug-bounty-programs-for-14-open-source-projects/news/

EU launches bug bounty programs for 15 software
https://bit.ly/2s9KWEq

針對微軟Edge瀏覽器漏洞的攻擊程序曝光
https://new.qq.com/omn/20181229/20181229A03WK6.html

安全人員公佈Microsoft Edge 的最新遠程漏洞
http://hackernews.cc/archives/24677

Microsoft ChakraCore遠程代碼執行漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8391

SandboxEscaper再公布Windows 10零時差漏洞,Twitter帳號遭停用
https://www.ithome.com.tw/news/127964

Microsoft Internet Explorer遠程代碼執行漏洞
http:…