資安事件新聞週報 1/21 ~ 1/25

資安事件新聞週報  1/21  ~  1/25

1.重大弱點漏洞

OpenBMC caught with 'pantsdown' over new security flaw
https://www.zdnet.com/article/bmc-caught-with-pantsdown-over-new-batch-of-security-flaws/#ftag=RSSbaffb68

Cisco RV320 Dual Gigabit WAN VPN Router 1.4.2.15 - Command Injection
https://www.exploit-db.com/exploits/46243

思科產品多個漏洞
https://tools.cisco.com/security/center/publicationListing.x

Juniper ATP跨站腳本漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0027

Zyxel NBG-418N v2 Modem 1.00(AAXM.6)C0 - Cross-Site Request Forgery
https://www.exploit-db.com/exploits/46240

Splunk Enterprise 7.2.3 - Authenticated Custom App RCE
https://www.exploit-db.com/exploits/46238

Nagios XI 5.5.6 - Remote Code Execution / Privilege Escalation
https://www.exploit-db.com/exploits/46221

資安事件新聞週報 1/14 ~ 1/18

資安事件新聞週報  1/14 ~  1/18

1.重大弱點漏洞

ForeScount :智慧建築含有諸多零時差漏洞
https://ithome.com.tw/news/128278

思科修補可能產生永久服務阻斷的AsyncOS漏洞
https://www.ithome.com.tw/news/128226

Check Point ZoneAlarm 8.8.1.110 - Local Privilege Escalation
https://www.exploit-db.com/exploits/46189

F-Secure研究員發現35年曆史的SCP客户端漏洞
https://hk.saowen.com/a/6848003ea4baf1d5b8edf2783c7e5f10055fe7aa8734828c7586f736fd4bf513

Oracle Critical Patch Update for January 2019
https://bit.ly/2ssuyPB

甲骨文產品多個漏洞
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Oracle Reports Developer 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2413

Oracle Database Server 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2547

網路印表機設備未正確設置存在漏洞
http://net.nthu.edu.tw/netsys/mailing:announcement:20190109_01

5個熱門網站代管平台皆含有安全漏洞
https://ithome.com.tw/news/128262

5 Popular Web Hosting Services Found Vulnerable to Multiple Flaws
https://bit.ly/2DfcL4A

Linux系統systemd-journald服務本地提權漏洞分析預警
https://www.anquanke.com/post/id/169761

資安事件新聞週報 1/7 ~ 1/11

資安事件新聞週報  1/7 ~  1/11

1.重大弱點漏洞

網路印表機設備未正確設置存在漏洞
https://cert.tanet.edu.tw/prog/shownews.php?sel=1&id=3003

D-Link 路由器部分產品發現可進行遠端執行程式碼漏洞
https://www.twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5077

Juniper 產品多個漏洞
https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES

Juniper Networks Junos OS 存在多個安全性弱點
https://www.us-cert.gov/ncas/current-activity/2019/01/09/Juniper-Networks-Releases-Multiple-Security-Updates

ESB-2019.0055 - [Linux] IBM Security Guardium: Multiple vulnerabilities
https://www.auscert.org.au/bulletins/73734

ESB-2019.0054 - [Win][Linux] IBM Rational Service Tester: Multiple vulnerabilities
https://www.auscert.org.au/bulletins/73730

ESB-2019.0047 - [Win][Linux][Solaris][AIX] IBM Case Manager: Multiple vulnerabilities
https://www.auscert.org.au/bulletins/73702

ESB-2019.0046 - [Win][Linux] IBM Rational Publishing Engine: Multiple vulnerabilities
https://www.auscert.org.au/bulletins/73698

ESB-2019.0053 - [Win][Linux] UCMDB Configuration Management Service: Access privileged data - Existing account
https://www.auscert.org.au/bulletins/73726

Scapy-sploit: Python Network Tool is Vulnerable to Denial of Service (DoS) Attack CVE pending
https://www.imperva.com/blog/scapy-sploit-python-network-tool-is-vulnerable-to-denial-of-service-dos-attack-cve-pending/

多款Hitachi Command Suite產品HTML注入漏洞
https://www.securityfocus.com/bid/60667

Cisco Email Security Appliances (ESA) 存在安全性弱點
https://www.us-cert.gov/ncas/current-activity/2019/01/09/Cisco-Releases-Security-Updates

思科產品多個漏洞
https://tools.cisco.com/security/center/publicationListing.x

Cisco Firepower System Software安全繞過漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15443

資安事件新聞週報 2018/12/31 ~ 2019/1/4

資安事件新聞週報  2018/12/31  ~  2019/1/4

1.重大弱點漏洞

鎖定Edge漏洞的攻擊程式曝光
https://www.ithome.com.tw/news/127943

Trend Micro OfficeScan XG檔案權限安全性弱點通告
http://files.trendmicro.com/products/officescan/XG/SP1/osce_xg_sp1_win_en_criticalpatch_b5261.html

新HTTP協定反成資安漏洞,後脅迫命令控制工具Merlin能以HTTP/2規避偵測
https://www.ithome.com.tw/news/127972

歐盟公布獎金懸賞計畫,盼安全研究人員找出開源軟體漏洞
https://technews.tw/2019/01/02/eu-to-fund-bug-bounty-programs-for-14-open-source-projects-starting-january-2019/

歐盟公佈獎金懸賞計劃 冀安全研究人員找出開源軟件漏洞
https://unwire.pro/2019/01/02/eu-to-fund-bug-bounty-programs-for-14-open-source-projects/news/

EU launches bug bounty programs for 15 software
https://bit.ly/2s9KWEq

針對微軟Edge瀏覽器漏洞的攻擊程序曝光
https://new.qq.com/omn/20181229/20181229A03WK6.html

安全人員公佈Microsoft Edge 的最新遠程漏洞
http://hackernews.cc/archives/24677

Microsoft ChakraCore遠程代碼執行漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8391

SandboxEscaper再公布Windows 10零時差漏洞,Twitter帳號遭停用
https://www.ithome.com.tw/news/127964

Microsoft Internet Explorer遠程代碼執行漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8447

近日,黑客發布第3個windows 0day漏洞
http://www.safebase.cn/article-254732-1.html

新思科技發現D-Link無線路由器存在漏洞,可繞過加密
http://www.ccidnet.com/2018/1229/10447943.shtml

IBM Security Guardium信息洩露漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1272

2024年 3月份資安、社群活動分享

  2024年 3月份資安、社群活動分享 線上資安人力需求對談-網路通信產業 2024/3/2 https://isipevent.kktix.cc/events/ff6f2146 2024H1資安實戰演練大會AI爆發時代的企業資安聯合軍演  2024/3/6 https://b...