資安事件新聞週報 2019/2/18 ~ 2019/2/22

資安事件新聞週報  2019/2/18  ~  2019/2/22

1.重大弱點漏洞

多個廠商IP Camera未授權遠程命令執行漏洞
https://www.seebug.org/vuldb/ssvid-97810

Dell SonicWall SonicOS 安全漏洞  CVE-2018-9867
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9867

VyOS權限提升漏洞  CVE-2018-18556
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18556

WinRAR 被曝存在遺留19年的漏洞,影響全球多達5億用戶
https://www.freebuf.com/news/196281.html

存在 14 年的 WinRAR 安全漏洞終於修復
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=810

WinRAR versions released in the last 19 years impacted by severe security flaw
https://www.zdnet.com/article/winrar-versions-released-in-the-last-19-years-impacted-by-severe-security-flaw/#ftag=RSSbaffb68

Severe vulnerabilities uncovered in popular password managers
https://www.zdnet.com/article/critical-vulnerabilities-uncovered-in-popular-password-managers/#ftag=RSSbaffb68

安全播報:新型POODLE攻擊漏洞,影響TLS 1.2協議
https://wosign.com/news/news_2019021402.htm

D-Link DIR-823G無需驗證重啟漏洞  CVE-2018-17880
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17880

OfficeScan XG SP1 重大更新通知 CP5294
http://www.trend.com.tw/support/downloads/OSCE/12/TC/patch/osce_xg_sp1_win_zh_tw_criticalpatch_5294_Readme.html

Polycom RealPresence Web Suite信息泄露漏洞 CVE-2018-12592
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12592

JVNVU#97449410 Microsoft Exchange 2013 およびそれ以降における NTLM 中継攻撃が可能な脆弱性
https://jvn.jp/vu/JVNVU97449410/

微軟修補IIS造成CPU使用率飆到100%的漏洞
https://ithome.com.tw/news/128905

微軟 Internet Information Services (IIS) 阻斷服務漏洞
https://www.bleepingcomputer.com/news/security/windows-servers-vulnerable-to-iis-resource-exhaustion-dos-attacks/

資安事件新聞週報 2019/2/11 ~ 2019/2/15

資安事件新聞週報  2019/2/11  ~  2019/2/15

1.重大弱點漏洞

Imperva:2018 Web 應用漏洞數量比2017 增加了21%
https://www.codercto.com/a/51263.html

Cisco Network Assurance Engine(NAE) 存在安全性弱點
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190212-nae-dos

The State of Web Application Vulnerabilities in 2018
https://www.imperva.com/blog/the-state-of-web-application-vulnerabilities-in-2018/

Wordpress外掛漏洞讓駭客得以接管網站
https://www.ithome.com.tw/news/128704?fbclid=IwAR3Hc8Fphi-hjS985qUa3FjCqJH6hovv94R1TL7-YwcfJxRYcbV11SUJqo4

用戶投訴美國交友平台OKCupid:系統漏洞致帳號遭攻擊
https://news.sina.com.tw/article/20190211/29990794.html

微軟一口氣推出 77 項產品更新修補程式
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=800

微軟資安中心指出,0Day 攻擊比例日漸上升
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=798

數據揭示Windows漏洞的實際破壞性正在降低
https://news.sina.com.tw/article/20190211/29989630.html

微軟為何推Windows 10強制更新?黑客漏洞攻擊沒活路
https://www.ithome.com/0/408/663.htm

資安事件新聞週報 2/4 ~ 2/8


資安事件新聞週報  2/4  ~  2/8

1.重大弱點漏洞

Marvell Avastar Wi-Fi 多個漏洞
https://www.hkcert.org/my_url/zh/alert/19020802

Zyxel VMG3312-B10B DSL-491HNU-B1B v2 Modem - Cross-Site Request Forgery
https://www.exploit-db.com/exploits/46326

pfSense 2.4.4-p1 - Cross-Site Scripting
https://www.exploit-db.com/exploits/46316

Nessus 8.2.1 - Cross-Site Scripting
https://www.exploit-db.com/exploits/46315

phpMyAdmin 多個漏洞
https://www.hkcert.org/my_url/zh/alert/19020101

廈門航空客服系統任意文件下載漏洞
https://shuimugan.com/bug/view?bug_no=171322

某省出入境便民服务平台存在SQL注射漏洞
https://shuimugan.com/bug/view?bug_no=168827

研究人員發現macOS漏洞:可獲取用戶密碼
https://www.feng.com/iPhone/news/2019-02-07/The-researchers-found-that-the-macOS-to-get-the-user-password_700704.shtml

KeySteal零日漏洞曝光研究者希望蘋果提供macOS除蟲獎勵
https://m.cnbeta.com/view/816023.htm

MacOS 密碼金鑰「Keychain」現保安漏洞 研究員示範偷密碼過程
https://unwire.hk/2019/02/07/macoskeychain/tech-secure/

2019年2月資安及社群活動分享

2019年2月資安及社群活動分享

 Elixir台灣 台北 Meetup # Wednesday, February 13, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzdbgb/

 Android Code Club(Taipei) Wednesday, February 13, 2019
 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bsctnqyzdbrb/

 Women Join Tech Yilan Batch2 Session 3  Wednesday, February 13, 2019
 https://www.meetup.com/Women-Who-Code-Taipei/events/258317885/

 Multilayer Perceptron (MLP), Artificial Neural Network (ANN), and Deep Learning  Wednesday, February 13, 2019
 https://www.meetup.com/Deep-Learning-for-Sciences-Engineering-and-Arts/events/257483663/

 HackingThursday 固定聚會 Thursday, February 14, 2019
 https://www.meetup.com/hackingthursday/events/vkhnnqyzdbsb/

 資策會開辦ISO27002資訊安全管理國際認證班 2019/2/16
 https://ithome.com.tw/pr/128353

 Raspberry Pi 3+Google AIY Voice Kit 實作,打造智慧語音助理,學習自然語言理解  2/17
 https://www.techbang.com/posts/58439-raspberry-pi-3-google-aiy-voice-kit

 Golang Taipei Gathering #37  2/18
 https://www.meetup.com/golang-taipei-meetup/events/256740786/

 Android Code Club(Taipei)  Wednesday, February 20, 2019
 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bsctnqyzdbbc/

 Women Join Tech Yilan Batch2 Session 4  Wednesday, February 20, 2019
 https://www.meetup.com/Women-Who-Code-Taipei/events/258317920/

 Weight Initialization, Under-/Over-Fitting, & Evaluation of Deep Learning Models  Wednesday, February 20, 2019
 https://www.meetup.com/Deep-Learning-for-Sciences-Engineering-and-Arts/events/257483906/

 第二屆《Hit AI & Blockchain》人工智慧暨區塊鏈產業高峰會  2019-02-20(三) 09:00 ~ 17:30 (GMT+8)
 https://www.accupass.com/event/1811190218087771003780

【PowerPoint簡報極限使用】2月主題:十倍速PPT製作  2019-02-20(三) 19:00 ~ 22:00 (GMT+8)
 https://www.accupass.com/event/1810161307265689597830

 HackingThursday 固定聚會 Thursday, February 21, 2019
 https://www.meetup.com/hackingthursday/events/vkhnnqyzdbcc/

  Flutter Codelabs 讀書會 (報名請參閱活動說明)  Thursday, February 21, 2019
 https://www.meetup.com/Women-Who-Code-Taipei/events/258377586/

  [資安專業人才培訓] 108年度培訓單位甄選公告 2/22
  https://www.acw.org.tw/News/Detail.aspx?id=55

 iTHome 台灣雲端大會 Cloud Summit  2019  Call for paper  截止日 2 月 22 日
 https://cloudsummit.ithome.com.tw/cfp/

 【課程】NLP自然語言處理分析實戰,學習非結構化文字分析技術,大幅提升人機溝通的精準與效率  2/23
 https://www.techbang.com/posts/59536-course-nlp-natural-language-processing-analysis-actual-combat

 [Visualization Series] 公投資料視覺化與選舉分析   2/24
 https://www.meetup.com/R-Ladies-Taipei/events/256933448/

 Women Join Tech Coding Club新竹場第二梯營隊-「魔法種子老師培訓」session5  Tuesday, February 26, 2019
 https://www.meetup.com/Women-Who-Code-Taipei/events/258317875/

 如何導入區塊鏈  Tuesday, February 26, 2019
 https://www.meetup.com/Taipei-Blockchain/events/258326339/


資安事件新聞週報 1/28 ~ 2/1

資安事件新聞週報  1/28  ~  2/1

1.重大弱點漏洞

偷窺別人隱私! 陸媒揭「智慧攝影機」漏洞
https://bit.ly/2FPiX5O

防毒軟體反成駭客入口,研究人員揭露ZoneAlarm的權限擴張漏洞
https://www.ithome.com.tw/news/128468

APT/APT-GET RCE Vulnerability (CVE-2019-3462) Handling Guide
https://nsfocusglobal.com/apt-RCE-Vulnerability-Handling-Guide

phpMyAdmin 多個漏洞
https://www.auscert.org.au/bulletins/74738

蘋果官方再次致謝,360成就史上最強“漏洞挖掘大滿貫”
http://www.360.cn/n/10560.html

Apple 發佈多個安全性弱點
https://support.apple.com/en-us/HT201222

蘋果 iOS 零日資料洩露漏洞
https://9to5mac.com/2019/01/28/facetime-bug-hear-audio/

Apple Facetime資訊洩露漏洞
https://www.nccst.nat.gov.tw/VulnerabilityNewsDetail?lang=zh&seq=1415

macOS < 10.14.3 / iOS < 12.1.3 - Kernel Heap Overflow in PF_KEY due to Lack of Bounds Checking when Retrieving Statistics
https://www.exploit-db.com/exploits/46300

macOS < 10.14.3 / iOS < 12.1.3 XNU - 'vm_map_copy' Optimization which Requires Atomicity isn't Atomic
https://www.exploit-db.com/exploits/46299

2024年 3月份資安、社群活動分享

  2024年 3月份資安、社群活動分享 線上資安人力需求對談-網路通信產業 2024/3/2 https://isipevent.kktix.cc/events/ff6f2146 2024H1資安實戰演練大會AI爆發時代的企業資安聯合軍演  2024/3/6 https://b...