資安事件新聞週報 1/21 ~ 1/25
1.重大弱點漏洞
OpenBMC caught with 'pantsdown' over new security flaw
https://www.zdnet.com/article/bmc-caught-with-pantsdown-over-new-batch-of-security-flaws/#ftag=RSSbaffb68
Cisco RV320 Dual Gigabit WAN VPN Router 1.4.2.15 - Command Injection
https://www.exploit-db.com/exploits/46243
思科產品多個漏洞
https://tools.cisco.com/security/center/publicationListing.x
Juniper ATP跨站腳本漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0027
Zyxel NBG-418N v2 Modem 1.00(AAXM.6)C0 - Cross-Site Request Forgery
https://www.exploit-db.com/exploits/46240
Splunk Enterprise 7.2.3 - Authenticated Custom App RCE
https://www.exploit-db.com/exploits/46238
Nagios XI 5.5.6 - Remote Code Execution / Privilege Escalation
https://www.exploit-db.com/exploits/46221
資安事件新聞週報 1/14 ~ 1/18
資安事件新聞週報 1/14 ~ 1/18
1.重大弱點漏洞
ForeScount :智慧建築含有諸多零時差漏洞
https://ithome.com.tw/news/128278
思科修補可能產生永久服務阻斷的AsyncOS漏洞
https://www.ithome.com.tw/news/128226
Check Point ZoneAlarm 8.8.1.110 - Local Privilege Escalation
https://www.exploit-db.com/exploits/46189
F-Secure研究員發現35年曆史的SCP客户端漏洞
https://hk.saowen.com/a/6848003ea4baf1d5b8edf2783c7e5f10055fe7aa8734828c7586f736fd4bf513
Oracle Critical Patch Update for January 2019
https://bit.ly/2ssuyPB
甲骨文產品多個漏洞
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Oracle Reports Developer 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2413
Oracle Database Server 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2547
網路印表機設備未正確設置存在漏洞
http://net.nthu.edu.tw/netsys/mailing:announcement:20190109_01
5個熱門網站代管平台皆含有安全漏洞
https://ithome.com.tw/news/128262
5 Popular Web Hosting Services Found Vulnerable to Multiple Flaws
https://bit.ly/2DfcL4A
Linux系統systemd-journald服務本地提權漏洞分析預警
https://www.anquanke.com/post/id/169761
1.重大弱點漏洞
ForeScount :智慧建築含有諸多零時差漏洞
https://ithome.com.tw/news/128278
思科修補可能產生永久服務阻斷的AsyncOS漏洞
https://www.ithome.com.tw/news/128226
Check Point ZoneAlarm 8.8.1.110 - Local Privilege Escalation
https://www.exploit-db.com/exploits/46189
F-Secure研究員發現35年曆史的SCP客户端漏洞
https://hk.saowen.com/a/6848003ea4baf1d5b8edf2783c7e5f10055fe7aa8734828c7586f736fd4bf513
Oracle Critical Patch Update for January 2019
https://bit.ly/2ssuyPB
甲骨文產品多個漏洞
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Oracle Reports Developer 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2413
Oracle Database Server 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2547
網路印表機設備未正確設置存在漏洞
http://net.nthu.edu.tw/netsys/mailing:announcement:20190109_01
5個熱門網站代管平台皆含有安全漏洞
https://ithome.com.tw/news/128262
5 Popular Web Hosting Services Found Vulnerable to Multiple Flaws
https://bit.ly/2DfcL4A
Linux系統systemd-journald服務本地提權漏洞分析預警
https://www.anquanke.com/post/id/169761
資安事件新聞週報 1/7 ~ 1/11
資安事件新聞週報 1/7 ~ 1/11
1.重大弱點漏洞
網路印表機設備未正確設置存在漏洞
https://cert.tanet.edu.tw/prog/shownews.php?sel=1&id=3003
D-Link 路由器部分產品發現可進行遠端執行程式碼漏洞
https://www.twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5077
Juniper 產品多個漏洞
https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES
Juniper Networks Junos OS 存在多個安全性弱點
https://www.us-cert.gov/ncas/current-activity/2019/01/09/Juniper-Networks-Releases-Multiple-Security-Updates
ESB-2019.0055 - [Linux] IBM Security Guardium: Multiple vulnerabilities
https://www.auscert.org.au/bulletins/73734
ESB-2019.0054 - [Win][Linux] IBM Rational Service Tester: Multiple vulnerabilities
https://www.auscert.org.au/bulletins/73730
ESB-2019.0047 - [Win][Linux][Solaris][AIX] IBM Case Manager: Multiple vulnerabilities
https://www.auscert.org.au/bulletins/73702
ESB-2019.0046 - [Win][Linux] IBM Rational Publishing Engine: Multiple vulnerabilities
https://www.auscert.org.au/bulletins/73698
ESB-2019.0053 - [Win][Linux] UCMDB Configuration Management Service: Access privileged data - Existing account
https://www.auscert.org.au/bulletins/73726
Scapy-sploit: Python Network Tool is Vulnerable to Denial of Service (DoS) Attack CVE pending
https://www.imperva.com/blog/scapy-sploit-python-network-tool-is-vulnerable-to-denial-of-service-dos-attack-cve-pending/
多款Hitachi Command Suite產品HTML注入漏洞
https://www.securityfocus.com/bid/60667
Cisco Email Security Appliances (ESA) 存在安全性弱點
https://www.us-cert.gov/ncas/current-activity/2019/01/09/Cisco-Releases-Security-Updates
思科產品多個漏洞
https://tools.cisco.com/security/center/publicationListing.x
Cisco Firepower System Software安全繞過漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15443
1.重大弱點漏洞
網路印表機設備未正確設置存在漏洞
https://cert.tanet.edu.tw/prog/shownews.php?sel=1&id=3003
D-Link 路由器部分產品發現可進行遠端執行程式碼漏洞
https://www.twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5077
Juniper 產品多個漏洞
https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES
Juniper Networks Junos OS 存在多個安全性弱點
https://www.us-cert.gov/ncas/current-activity/2019/01/09/Juniper-Networks-Releases-Multiple-Security-Updates
ESB-2019.0055 - [Linux] IBM Security Guardium: Multiple vulnerabilities
https://www.auscert.org.au/bulletins/73734
ESB-2019.0054 - [Win][Linux] IBM Rational Service Tester: Multiple vulnerabilities
https://www.auscert.org.au/bulletins/73730
ESB-2019.0047 - [Win][Linux][Solaris][AIX] IBM Case Manager: Multiple vulnerabilities
https://www.auscert.org.au/bulletins/73702
ESB-2019.0046 - [Win][Linux] IBM Rational Publishing Engine: Multiple vulnerabilities
https://www.auscert.org.au/bulletins/73698
ESB-2019.0053 - [Win][Linux] UCMDB Configuration Management Service: Access privileged data - Existing account
https://www.auscert.org.au/bulletins/73726
Scapy-sploit: Python Network Tool is Vulnerable to Denial of Service (DoS) Attack CVE pending
https://www.imperva.com/blog/scapy-sploit-python-network-tool-is-vulnerable-to-denial-of-service-dos-attack-cve-pending/
多款Hitachi Command Suite產品HTML注入漏洞
https://www.securityfocus.com/bid/60667
Cisco Email Security Appliances (ESA) 存在安全性弱點
https://www.us-cert.gov/ncas/current-activity/2019/01/09/Cisco-Releases-Security-Updates
思科產品多個漏洞
https://tools.cisco.com/security/center/publicationListing.x
Cisco Firepower System Software安全繞過漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15443
資安事件新聞週報 2018/12/31 ~ 2019/1/4
資安事件新聞週報 2018/12/31 ~ 2019/1/4
1.重大弱點漏洞
鎖定Edge漏洞的攻擊程式曝光
https://www.ithome.com.tw/news/127943
Trend Micro OfficeScan XG檔案權限安全性弱點通告
http://files.trendmicro.com/products/officescan/XG/SP1/osce_xg_sp1_win_en_criticalpatch_b5261.html
新HTTP協定反成資安漏洞,後脅迫命令控制工具Merlin能以HTTP/2規避偵測
https://www.ithome.com.tw/news/127972
歐盟公布獎金懸賞計畫,盼安全研究人員找出開源軟體漏洞
https://technews.tw/2019/01/02/eu-to-fund-bug-bounty-programs-for-14-open-source-projects-starting-january-2019/
歐盟公佈獎金懸賞計劃 冀安全研究人員找出開源軟件漏洞
https://unwire.pro/2019/01/02/eu-to-fund-bug-bounty-programs-for-14-open-source-projects/news/
EU launches bug bounty programs for 15 software
https://bit.ly/2s9KWEq
針對微軟Edge瀏覽器漏洞的攻擊程序曝光
https://new.qq.com/omn/20181229/20181229A03WK6.html
安全人員公佈Microsoft Edge 的最新遠程漏洞
http://hackernews.cc/archives/24677
Microsoft ChakraCore遠程代碼執行漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8391
SandboxEscaper再公布Windows 10零時差漏洞,Twitter帳號遭停用
https://www.ithome.com.tw/news/127964
Microsoft Internet Explorer遠程代碼執行漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8447
近日,黑客發布第3個windows 0day漏洞
http://www.safebase.cn/article-254732-1.html
新思科技發現D-Link無線路由器存在漏洞,可繞過加密
http://www.ccidnet.com/2018/1229/10447943.shtml
IBM Security Guardium信息洩露漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1272
1.重大弱點漏洞
鎖定Edge漏洞的攻擊程式曝光
https://www.ithome.com.tw/news/127943
Trend Micro OfficeScan XG檔案權限安全性弱點通告
http://files.trendmicro.com/products/officescan/XG/SP1/osce_xg_sp1_win_en_criticalpatch_b5261.html
新HTTP協定反成資安漏洞,後脅迫命令控制工具Merlin能以HTTP/2規避偵測
https://www.ithome.com.tw/news/127972
歐盟公布獎金懸賞計畫,盼安全研究人員找出開源軟體漏洞
https://technews.tw/2019/01/02/eu-to-fund-bug-bounty-programs-for-14-open-source-projects-starting-january-2019/
歐盟公佈獎金懸賞計劃 冀安全研究人員找出開源軟件漏洞
https://unwire.pro/2019/01/02/eu-to-fund-bug-bounty-programs-for-14-open-source-projects/news/
EU launches bug bounty programs for 15 software
https://bit.ly/2s9KWEq
針對微軟Edge瀏覽器漏洞的攻擊程序曝光
https://new.qq.com/omn/20181229/20181229A03WK6.html
安全人員公佈Microsoft Edge 的最新遠程漏洞
http://hackernews.cc/archives/24677
Microsoft ChakraCore遠程代碼執行漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8391
SandboxEscaper再公布Windows 10零時差漏洞,Twitter帳號遭停用
https://www.ithome.com.tw/news/127964
Microsoft Internet Explorer遠程代碼執行漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8447
近日,黑客發布第3個windows 0day漏洞
http://www.safebase.cn/article-254732-1.html
新思科技發現D-Link無線路由器存在漏洞,可繞過加密
http://www.ccidnet.com/2018/1229/10447943.shtml
IBM Security Guardium信息洩露漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1272
訂閱:
文章 (Atom)
2024年 11 月份資安、社群活動分享
2024年 11 月份資安、社群活動分享 FinTech Taipei 2024 台北金融科技展 2024/11/1 https://www.accupass.com/event/2409220219552125240836 2024台以金融科技交流座談會:AI新紀元 Is...
-
2024年 3月份資安、社群活動分享 線上資安人力需求對談-網路通信產業 2024/3/2 https://isipevent.kktix.cc/events/ff6f2146 2024H1資安實戰演練大會AI爆發時代的企業資安聯合軍演 2024/3/6 https://b...
-
2023年 12月份資安、社群活動分享 零信任身份認證與存取控管 2023/12/1 https://web.tabf.org.tw/page/407020/course11.htm 線上資安專題講座-以攻擊策略演練角度協助企業評估、強化與呈現資安投資成效 2023/12/...
-
2024年 2月份資安、社群活動分享 Taipei All About API Meetup Group - Meet and Greet, 01 Feb 2024, 07:00 PM 2024/2/1 https://www.meetup.com/taipei-all-a...