跳到主要內容

發表文章

目前顯示的是 二月, 2019的文章

資安事件新聞週報 2019/2/18 ~ 2019/2/22

資安事件新聞週報  2019/2/18  ~  2019/2/22

1.重大弱點漏洞

多個廠商IP Camera未授權遠程命令執行漏洞
https://www.seebug.org/vuldb/ssvid-97810

Dell SonicWall SonicOS 安全漏洞  CVE-2018-9867
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9867

VyOS權限提升漏洞  CVE-2018-18556
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18556

WinRAR 被曝存在遺留19年的漏洞,影響全球多達5億用戶
https://www.freebuf.com/news/196281.html

存在 14 年的 WinRAR 安全漏洞終於修復
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=810

WinRAR versions released in the last 19 years impacted by severe security flaw
https://www.zdnet.com/article/winrar-versions-released-in-the-last-19-years-impacted-by-severe-security-flaw/#ftag=RSSbaffb68

Severe vulnerabilities uncovered in popular password managers
https://www.zdnet.com/article/critical-vulnerabilities-uncovered-in-popular-password-managers/#ftag=RSSbaffb68

安全播報:新型POODLE攻擊漏洞,影響TLS 1.2協議
https://wosign.com/news/news_2019021402.htm

D-Link DIR-823G無需驗證重啟漏洞  CVE-2018-17880
http://cve.mitre.org/cgi-bin/cvename.cgi?na…

資安事件新聞週報 2019/2/11 ~ 2019/2/15

資安事件新聞週報  2019/2/11  ~  2019/2/15

1.重大弱點漏洞

Imperva:2018 Web 應用漏洞數量比2017 增加了21%
https://www.codercto.com/a/51263.html

Cisco Network Assurance Engine(NAE) 存在安全性弱點
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190212-nae-dos

The State of Web Application Vulnerabilities in 2018
https://www.imperva.com/blog/the-state-of-web-application-vulnerabilities-in-2018/

Wordpress外掛漏洞讓駭客得以接管網站
https://www.ithome.com.tw/news/128704?fbclid=IwAR3Hc8Fphi-hjS985qUa3FjCqJH6hovv94R1TL7-YwcfJxRYcbV11SUJqo4

用戶投訴美國交友平台OKCupid:系統漏洞致帳號遭攻擊
https://news.sina.com.tw/article/20190211/29990794.html

微軟一口氣推出 77 項產品更新修補程式
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=800

微軟資安中心指出,0Day 攻擊比例日漸上升
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=798

數據揭示Windows漏洞的實際破壞性正在降低
https://news.sina.com.tw/article/20190211/29989630.html

微軟為何推Windows 10強制更新?黑客漏洞攻擊沒活路
https://www.ithome.com/0/408/663.htm

資安事件新聞週報 2/4 ~ 2/8

資安事件新聞週報  2/4  ~  2/8

1.重大弱點漏洞

Marvell Avastar Wi-Fi 多個漏洞
https://www.hkcert.org/my_url/zh/alert/19020802

Zyxel VMG3312-B10B DSL-491HNU-B1B v2 Modem - Cross-Site Request Forgery
https://www.exploit-db.com/exploits/46326

pfSense 2.4.4-p1 - Cross-Site Scripting
https://www.exploit-db.com/exploits/46316

Nessus 8.2.1 - Cross-Site Scripting
https://www.exploit-db.com/exploits/46315

phpMyAdmin 多個漏洞
https://www.hkcert.org/my_url/zh/alert/19020101

廈門航空客服系統任意文件下載漏洞
https://shuimugan.com/bug/view?bug_no=171322

某省出入境便民服务平台存在SQL注射漏洞
https://shuimugan.com/bug/view?bug_no=168827

研究人員發現macOS漏洞:可獲取用戶密碼
https://www.feng.com/iPhone/news/2019-02-07/The-researchers-found-that-the-macOS-to-get-the-user-password_700704.shtml

KeySteal零日漏洞曝光研究者希望蘋果提供macOS除蟲獎勵
https://m.cnbeta.com/view/816023.htm

MacOS 密碼金鑰「Keychain」現保安漏洞 研究員示範偷密碼過程
https://unwire.hk/2019/02/07/macoskeychain/tech-secure/

2019年2月資安及社群活動分享

2019年2月資安及社群活動分享

 Elixir台灣 台北 Meetup # Wednesday, February 13, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzdbgb/

 Android Code Club(Taipei) Wednesday, February 13, 2019
 https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bsctnqyzdbrb/

 Women Join Tech Yilan Batch2 Session 3  Wednesday, February 13, 2019
 https://www.meetup.com/Women-Who-Code-Taipei/events/258317885/

 Multilayer Perceptron (MLP), Artificial Neural Network (ANN), and Deep Learning  Wednesday, February 13, 2019
 https://www.meetup.com/Deep-Learning-for-Sciences-Engineering-and-Arts/events/257483663/

 HackingThursday 固定聚會 Thursday, February 14, 2019
 https://www.meetup.com/hackingthursday/events/vkhnnqyzdbsb/

 資策會開辦ISO27002資訊安全管理國際認證班 2019/2/16
 https://ithome.com.tw/pr/128353

 Raspberry Pi 3+Google AIY Voice Kit 實作,打造智慧語音助理,學習自然語言理解  2/17
 https://www.techbang.com/posts/58439-raspberry-pi-3-google-aiy-voice-kit

 Golang Taipei Gathering #37  2/18
 https://www.meetup.com/golang-taipei-meetup/events/2567407…

資安事件新聞週報 1/28 ~ 2/1

資安事件新聞週報  1/28  ~  2/1

1.重大弱點漏洞

偷窺別人隱私! 陸媒揭「智慧攝影機」漏洞
https://bit.ly/2FPiX5O

防毒軟體反成駭客入口,研究人員揭露ZoneAlarm的權限擴張漏洞
https://www.ithome.com.tw/news/128468

APT/APT-GET RCE Vulnerability (CVE-2019-3462) Handling Guide
https://nsfocusglobal.com/apt-RCE-Vulnerability-Handling-Guide

phpMyAdmin 多個漏洞
https://www.auscert.org.au/bulletins/74738

蘋果官方再次致謝,360成就史上最強“漏洞挖掘大滿貫”
http://www.360.cn/n/10560.html

Apple 發佈多個安全性弱點
https://support.apple.com/en-us/HT201222

蘋果 iOS 零日資料洩露漏洞
https://9to5mac.com/2019/01/28/facetime-bug-hear-audio/

Apple Facetime資訊洩露漏洞
https://www.nccst.nat.gov.tw/VulnerabilityNewsDetail?lang=zh&seq=1415

macOS < 10.14.3 / iOS < 12.1.3 - Kernel Heap Overflow in PF_KEY due to Lack of Bounds Checking when Retrieving Statistics
https://www.exploit-db.com/exploits/46300

macOS < 10.14.3 / iOS < 12.1.3 XNU - 'vm_map_copy' Optimization which Requires Atomicity isn't Atomic
https://www.exploit-db.com/exploits/46299