2019年4月資安及社群活動分享


2019年4月資安及社群活動分享

  Elixir台灣 台北 Meetup # Monday, April 1, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzgbcb/

 Modeling Sequences with Recurrent Neural Networks, RNN  Wednesday, April 3, 2019
 https://www.meetup.com/Deep-Learning-for-Sciences-Engineering-and-Arts/events/257484461/

 HackingThursday 固定聚會  Thursday, April 4, 2019
 https://www.meetup.com/hackingthursday/events/vkhnnqyzgbgb/

 亞洲·矽谷計畫-強化物聯網資安防護成果發表會  2019-04-10(三) 10:00 ~ 12:00 (GMT+8)
 https://www.accupass.com/event/1903250751581953084909

 網路封包分析實務  4/11
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3826&from_course_list_url=homepage

資安事件新聞週報 2019/3/25 ~ 2019/3/29


資安事件新聞週報  2019/3/25  ~  2019/3/29

1.重大弱點漏洞
Drupal 存在安全性弱點
https://www.drupal.org/sa-core-2019-004

思科修補產品重大RCE漏洞
https://www.nccst.nat.gov.tw/NewsRSSDetail?lang=zh&RSSType=news&seq=16219

思科產品多個漏洞
https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir&limit=50#~Vulnerabilities

Windows 10 與 Windows Server 2019 DHCP 存有可遠端執行程式碼的漏洞
https://www.twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5087

Mozilla Firefox瀏覽器存在安全漏洞(CVE-2019-9810與CVE-2019-9813)
https://www.nccst.nat.gov.tw/VulnerabilityDetail?lang=zh&seq=1098

Mozilla Firefox瀏覽器存在安全漏洞,允許攻擊者遠端執行任意程式碼,請儘速確認並進行更新
https://www.twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5089

Apache Solr存在安全漏洞(CVE-2019-0192)
https://www.nccst.nat.gov.tw/VulnerabilityDetail?lang=zh&seq=1096

Apache CouchDB 2.3.1 - Cross-Site Request Forgery / Cross-Site Scripting
https://www.exploit-db.com/exploits/46595

Apache Tomcat 阻斷服務漏洞
https://www.auscert.org.au/bulletins/77766

PuTTY存在多個安全性漏洞
https://www.nccst.nat.gov.tw/VulnerabilityNewsDetail?lang=zh&seq=1430

研究發現羅技M185等熱門無線鼠標易受到MouseJack漏洞攻擊
https://bit.ly/2HJAnSk

資安事件新聞週報 2019/3/18 ~ 2019/3/22

資安事件新聞週報  2019/3/18  ~  2019/3/22

1.重大弱點漏洞

BurpSuite曝出疑似Windows下的提權漏洞
https://nosec.org/home/detail/2346.html

富士通無線鍵盤漏洞將允許遠端駭客接管系統
https://www.ithome.com.tw/news/129438

VMWare Workstation 提升權限漏洞
https://www.us-cert.gov/ncas/current-activity/2019/03/15/VMware-Releases-Security-Updates-Workstation-and-Horizon

CVE-2018-7117: A Somewhat Accidental XSS in HPE iLO
https://bit.ly/2ud0Yi0

PuTTY 多個漏洞
https://thehackernews.com/2019/03/putty-software-hacking.html

Cisco 多個產品存在安全性弱點
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190313-cspcscv
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190313-sip

Oracle MySQL Server組件拒絕服務漏洞
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Oracle MySQL Server組件未授權操作漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3066

McAfee 發現超過 100 起針對 WinRAR 上 19 年漏洞的攻擊
https://chinese.engadget.com/2019/03/16/winrar-bug-malware/

Patched WinRAR Bug Still Under Active Attack—Thanks to No Auto-Updates
https://bit.ly/2HrAHoR

'100 unique exploits and counting' for latest WinRAR security bug
https://www.zdnet.com/article/100-unique-exploits-and-counting-for-latest-winrar-security-bug/#ftag=RSSbaffb68

資安事件新聞週報 2019/3/11 ~ 2019/3/15

資安事件新聞週報  2019/3/11  ~  2019/3/15

1.重大弱點漏洞

F5 BIG-IP 安全漏洞  CVE-2019-6598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6598

Checkpoint Zonealarm  CVE-2018-8790
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2018-8790

NetApp Service Processor 遠端執行程式碼漏洞
https://security.netapp.com/advisory/ntap-20190305-0001/

pfSense 2.4.4-p1 (HAProxy Package 0.59_14) - Persistent Cross-Site Scripting
https://www.exploit-db.com/exploits/46538

PRTG Network Monitor 18.2.38 - Authenticated Remote Code Execution
https://www.exploit-db.com/exploits/46527

Sony Playstation 4 (PS4) < 6.20 - WebKit Code Execution (PoC)
https://www.exploit-db.com/exploits/46522

FreeBSD - Intel SYSRET Privilege Escalation (Metasploit)
https://www.exploit-db.com/exploits/46508

QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit)
https://www.exploit-db.com/exploits/46506

IBM DB2 提升權限漏洞
https://www.auscert.org.au/bulletins/77042

資安事件新聞週報 2019/3/4 ~ 2019/3/8


資安事件新聞週報  2019/3/4  ~  2019/3/8

1.重大弱點漏洞

NetApp SnapCenter Server 跨站脚本漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15515

QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit)
https://www.exploit-db.com/exploits/46506

Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit)
https://www.exploit-db.com/exploits/46509

FreeBSD - Intel SYSRET Privilege Escalation (Metasploit)
https://www.exploit-db.com/exploits/46508

部份單位「學生出入校園管理系統」存在資料庫注入攻擊漏洞
https://cert.tanet.edu.tw/images/20190306.jpg

Android TV 隱私出大包 暫停 Google Photos 連動,曝露數百帳號與資料圖片
https://www.kocpc.com.tw/archives/246931

Fortinet 產品FortiOS(5.6.0)等多個漏洞
https://www.auscert.org.au/bulletins/76446
https://www.auscert.org.au/bulletins/76450

Wireshark Radiotap解析器拒絕服務漏洞
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4ac83382dc49f9f7b62bffb3cfc508cdaa1e7be5

IBM WebSphere Application Server 跨站脚本漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4030

Xen 多個漏洞
https://www.auscert.org.au/bulletins/76554
https://www.auscert.org.au/bulletins/76550

X-Force Red在五大訪客管理系統發現19個安全漏洞
https://www.ithome.com.tw/news/129108

自動化的資安隱憂,訪客系統成竊取資料的熱點
http://technews.tw/2019/03/05/the-security-concerns-of-automation-visitor-system-might-be-the-hot-spot-of-data-thief/

Google 又在 Apple 推出修補前公開了一個 Mac 上嚴重的安全漏洞
https://chinese.engadget.com/2019/03/05/google-discloses-high-severity-mac-security-flaw/

2019年3月資安及社群活動分享


 Elixir台灣 台北 Meetup # Monday, March 4, 2019
 https://www.meetup.com/elixirtw-taipei/events/njjhvpyzfbgb/

 Greenhost 如何建立獨立且開放的雲端主機平台?主題二:網路資源及路由管理: IP, AS Number, DNS  3/4
 https://ocftw.kktix.cc/events/greenhost2

 如何推動關鍵基礎設施之醫療及工控系統的資安防護  3/6
 http://www.cisanet.org.tw/Services/express_more?id=2814

 網站弱點評估實務  3/7
 https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3825&from_course_list_url=homepage

 HackingThursday 固定聚會  March 7, 2019
 https://www.meetup.com/hackingthursday/events/vkhnnqyzfbkb/

 Arduino四軸飛行器開發實作,無人機硬體、無線遙控器、飛控軟體整合、飛行教學,一天學會  3/9
 https://bit.ly/2LdYJ5H

 AI於資訊安全之應用  3/9
 https://hackercollege.nctu.edu.tw/?p=1042

 【補助專班】AI人工智慧應用系列- AIoT智能物聯網開發人才就業養成班[免費諮詢]  3/12
 https://ittraining.kktix.cc/events/aiot-training-2019

資安事件新聞週報 2019/2/25 ~ 2019/3/1

資安事件新聞週報  2019/2/25  ~  2019/3/1

1.重大弱點漏洞

Avast:數位家庭最容易有漏洞的裝置是印表機、網路裝置及監視器
https://ithome.com.tw/news/128997

F5 BIG-IP Access Policy Manager 跨站腳本漏洞  CVE-2019-6595
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6595

MikroTik RouterOS < 6.43.12 (stable) / < 6.42.12 (long-term) - Firewall and NAT
https://www.exploit-db.com/exploits/46444

報告:前十大熱門Docker映像檔都有至少30個以上的漏洞
https://www.ithome.com.tw/news/129018

有攻擊者正利用Chrome的0day漏洞偷取他人信息
https://nosec.org/home/detail/2294.html

Chrome瀏覽器被曝存在漏洞攻擊者可通過PDF收集用戶信息
http://www.sohu.com/a/298175326_114774?sec=wd

Google Chrome zero-day used in the wild to collect user data via PDF files
https://www.zdnet.com/article/google-chrome-zero-day-used-in-the-wild-to-collect-user-data-via-pdf-files/#ftag=RSSbaffb68

Latest WinRAR Flaw Being Exploited in the Wild to Hack Windows Computers
https://bit.ly/2H4ZAWr

研究人員揭露大批Thunderclap安全漏洞,允許惡意周邊裝置竊取記憶體機密資訊
https://www.ithome.com.tw/news/129021

新發現的thunderclap 漏洞允許黑客使用Thunderbolt/USB-C 外設攻擊PC
http://hackernews.cc/archives/24946

Thunderbolt的漏洞給黑客大開方便之門
https://www.easyaq.com/news/1927126943.shtml

Supermicro伺服器元件漏洞可使IBM雲端伺服器被植入後門
https://www.ithome.com.tw/news/129001

2024年 3月份資安、社群活動分享

  2024年 3月份資安、社群活動分享 線上資安人力需求對談-網路通信產業 2024/3/2 https://isipevent.kktix.cc/events/ff6f2146 2024H1資安實戰演練大會AI爆發時代的企業資安聯合軍演  2024/3/6 https://b...