5月份資安、社群活動分享
5月份資安、社群活動分享
108年度資安初學者挑戰活動 (MyFirstCTF) 5/1 ~ 5/10 報名
https://ais3.org/mfctf/
HackingThursday 固定聚會 5/2
https://www.meetup.com/hackingthursday/events/vkhnnqyzhbdb/
Python 商務網站 * 極速學習 (2019春季 - 台北) 5/2
https://cjltsod.kktix.cc/events/django-2019-spring-taipei
國票金控「純網銀鯰魚與資安技術漣漪」日本樂天技術結合台灣AI 人工智慧發表會 5/2
https://www.accupass.com/event/1904111400151860776797
資安法 X 技術實務論壇 5/2
https://csa.kktix.cc/events/csa190502
國立交通大學 亥客書院 - 基礎網站安全建構實務 5/4
https://hackercollege.nctu.edu.tw/?p=1045
ISDA 白帽菁英萌芽計劃II 0505
https://reg.shield.org.tw/info.php?no=54
Pwn入門 5/5
https://hackersir.kktix.cc/events/fcu190505
Elixir台灣 台北 Meetup # Monday, May 6, 2019
https://www.meetup.com/elixirtw-taipei/events/njjhvpyzhbjb/
公部門之AI資安防護新思維研討會 5/7
http://www.cisanet.org.tw/News/activity_more?id=MTQzOA==
向資安服務看齊 我們一起讓資安從「有做」到「有效」 5/8 ~ 5/10
https://www.informationsecurity.com.tw/Seminar/2019_all/
資安危機 - 進擊的勒索加密軟體 2019-05-09(四) 14:45 ~ 17:00
https://www.accupass.com/event/1904170343547477698390
HackingThursday 固定聚會 5/9
https://www.meetup.com/hackingthursday/events/vkhnnqyzhbmb/
資安事件新聞週報 2019/4/22 ~ 2019/4/26
資安事件新聞週報 2019/4/22 ~ 2019/4/26
1.重大弱點漏洞
CVE-2019-3799:spring-cloud-config-server目錄遍歷漏洞警告
https://www.linuxidc.com/Linux/2019-04/158191.htm
jQuery 的“原型污染”安全漏洞
https://www.oschina.net/news/106124/jquery-impacted-by-prototype-pollution-flaw
Symantec 產品多個漏洞
https://www.auscert.org.au/bulletins/79594
Google Android System信息洩露漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2021
Google Chrome 74 released with Dark Mode support for Windows users
https://www.zdnet.com/article/google-chrome-74-released-with-dark-mode-support-for-windows-users/#ftag=RSSbaffb68
CyberDairy Solutions SQLi
https://www.anquanke.com/vul/id/1576754
D-Link DI-524跨站脚本漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11017
甲骨文 WebLogic 遠端執行程式碼漏洞
https://www.zdnet.com/article/new-oracle-weblogic-zero-day-discovered-in-the-wild/
Oracle MySQL Server拒絕服務漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2634
Oracle WebLogic Deserialization RCE Vulnerability (0day) Alert
http://bit.ly/2vikKch
關於Oracle WebLogic反序列化遠程命令執行漏洞的預警通報
https://news.163.com/19/0425/18/EDKL1D32000189FH.html
New Oracle WebLogic zero-day discovered in the wild
https://www.zdnet.com/article/new-oracle-weblogic-zero-day-discovered-in-the-wild/#ftag=RSSbaffb68
[KnownSec 404 Team] Oracle WebLogic Deserialization RCE Vulnerability (0day) Alert
https://medium.com/@knownseczoomeye/knownsec-404-team-oracle-weblogic-deserialization-rce-vulnerability-0day-alert-90dd9a79ae93
Oracle WebLogic多個安全漏洞預警
http://www.twoeggz.com/news/14304046.html
Oracle Business Intelligence 11.1.1.9.0 / 12.2.1.3.0 / 12.2.1.4.0 - Directory Traversal
https://www.exploit-db.com/exploits/46728
Oracle Business Intelligence / XML Publisher 11.1.1.9.0 / 12.2.1.3.0 / 12.2.1.4.0 - XML External Entity Injection
https://www.exploit-db.com/exploits/46729
Oracle Java Runtime Environment - Heap Corruption During TTF font Rendering in sc_FindExtrema4
https://www.exploit-db.com/exploits/46722
1.重大弱點漏洞
CVE-2019-3799:spring-cloud-config-server目錄遍歷漏洞警告
https://www.linuxidc.com/Linux/2019-04/158191.htm
jQuery 的“原型污染”安全漏洞
https://www.oschina.net/news/106124/jquery-impacted-by-prototype-pollution-flaw
Symantec 產品多個漏洞
https://www.auscert.org.au/bulletins/79594
Google Android System信息洩露漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2021
Google Chrome 74 released with Dark Mode support for Windows users
https://www.zdnet.com/article/google-chrome-74-released-with-dark-mode-support-for-windows-users/#ftag=RSSbaffb68
CyberDairy Solutions SQLi
https://www.anquanke.com/vul/id/1576754
D-Link DI-524跨站脚本漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11017
甲骨文 WebLogic 遠端執行程式碼漏洞
https://www.zdnet.com/article/new-oracle-weblogic-zero-day-discovered-in-the-wild/
Oracle MySQL Server拒絕服務漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2634
Oracle WebLogic Deserialization RCE Vulnerability (0day) Alert
http://bit.ly/2vikKch
關於Oracle WebLogic反序列化遠程命令執行漏洞的預警通報
https://news.163.com/19/0425/18/EDKL1D32000189FH.html
New Oracle WebLogic zero-day discovered in the wild
https://www.zdnet.com/article/new-oracle-weblogic-zero-day-discovered-in-the-wild/#ftag=RSSbaffb68
[KnownSec 404 Team] Oracle WebLogic Deserialization RCE Vulnerability (0day) Alert
https://medium.com/@knownseczoomeye/knownsec-404-team-oracle-weblogic-deserialization-rce-vulnerability-0day-alert-90dd9a79ae93
Oracle WebLogic多個安全漏洞預警
http://www.twoeggz.com/news/14304046.html
Oracle Business Intelligence 11.1.1.9.0 / 12.2.1.3.0 / 12.2.1.4.0 - Directory Traversal
https://www.exploit-db.com/exploits/46728
Oracle Business Intelligence / XML Publisher 11.1.1.9.0 / 12.2.1.3.0 / 12.2.1.4.0 - XML External Entity Injection
https://www.exploit-db.com/exploits/46729
Oracle Java Runtime Environment - Heap Corruption During TTF font Rendering in sc_FindExtrema4
https://www.exploit-db.com/exploits/46722
資安事件新聞週報 2019/4/15 ~ 2019/4/19
資安事件新聞週報 2019/4/15 ~ 2019/4/19
1.重大弱點漏洞
阿里巴巴被發現了一個可以繞過WAF的漏洞
https://nosec.org/home/detail/2483.html
中國蟻劍被曝XSS 漏洞,可導致遠程命令執行
http://www.sohu.com/a/307475721_354899?sec=wd
Electronic Arts修補含有遠端程式攻擊漏洞的客戶端程式
https://www.ithome.com.tw/news/130052
Zyxel ZyWall 310 / ZyWall 110 / USG1900 / ATP500 / USG40 - Login Page Cross-Site Scripting
https://www.exploit-db.com/exploits/46706
Zimbra Collaboration - Autodiscover Servlet XXE and ProxyServlet SSRF (Metasploit)
https://www.exploit-db.com/exploits/46693
CyberArk EPM 10.2.1.603 - Security Restrictions Bypass
https://www.exploit-db.com/exploits/46688
卡巴斯基實驗室:win32k.sys又曝出了新的零日漏洞
https://nosec.org/home/detail/2490.html
New zero-day vulnerability CVE-2019-0859 in win32k.sys
https://securelist.com/new-win32k-zero-day-cve-2019-0859/90435/
Shimo VPN 輸入驗證錯誤漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4009
Vulnerability Spotlight: Multiple vulnerabilities in Shimo VPN's helper tool
https://blog.talosintelligence.com/2019/04/vulnerability-spotlight-multiple.html
甲骨文每季修補又來了,這次補297個漏洞
https://www.ithome.com.tw/news/130078
甲骨文產品多個漏洞
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Weblogic反序列化遠程代碼執行漏洞
http://www.cnvd.org.cn/webinfo/show/4989
漏洞預警:WebLogic Blind XXE漏洞預警
http://nic.jiangnan.edu.cn/info/1046/2515.htm
1.重大弱點漏洞
阿里巴巴被發現了一個可以繞過WAF的漏洞
https://nosec.org/home/detail/2483.html
中國蟻劍被曝XSS 漏洞,可導致遠程命令執行
http://www.sohu.com/a/307475721_354899?sec=wd
Electronic Arts修補含有遠端程式攻擊漏洞的客戶端程式
https://www.ithome.com.tw/news/130052
Zyxel ZyWall 310 / ZyWall 110 / USG1900 / ATP500 / USG40 - Login Page Cross-Site Scripting
https://www.exploit-db.com/exploits/46706
Zimbra Collaboration - Autodiscover Servlet XXE and ProxyServlet SSRF (Metasploit)
https://www.exploit-db.com/exploits/46693
CyberArk EPM 10.2.1.603 - Security Restrictions Bypass
https://www.exploit-db.com/exploits/46688
卡巴斯基實驗室:win32k.sys又曝出了新的零日漏洞
https://nosec.org/home/detail/2490.html
New zero-day vulnerability CVE-2019-0859 in win32k.sys
https://securelist.com/new-win32k-zero-day-cve-2019-0859/90435/
Shimo VPN 輸入驗證錯誤漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4009
Vulnerability Spotlight: Multiple vulnerabilities in Shimo VPN's helper tool
https://blog.talosintelligence.com/2019/04/vulnerability-spotlight-multiple.html
甲骨文每季修補又來了,這次補297個漏洞
https://www.ithome.com.tw/news/130078
甲骨文產品多個漏洞
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Weblogic反序列化遠程代碼執行漏洞
http://www.cnvd.org.cn/webinfo/show/4989
漏洞預警:WebLogic Blind XXE漏洞預警
http://nic.jiangnan.edu.cn/info/1046/2515.htm
資安事件新聞週報 2019/4/8 ~ 2019/4/12
資安事件新聞週報 2019/4/8 ~ 2019/4/12
1.重大弱點漏洞
多個虛擬私人網絡應用程式未經加密儲存暫存 cookies 漏洞
https://kb.cert.org/vuls/id/192371/
CloudBees Jenkins信息洩露漏洞
https://jenkins.io/security/advisory/2019-03-25/#SECURITY-1089
Juniper 產品多個漏洞
https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES
Dell Networking OS10密鑰管理錯誤漏洞
https://www.dell.com/support/article/SLN316558/
CyberArk EPM 10.2.1.603 - Security Restrictions Bypass
https://www.exploit-db.com/exploits/46688
CentOS Web Panel 0.9.8.793 (Free) / 0.9.8.753 (Pro) - Cross-Site Scripting
https://www.exploit-db.com/exploits/46669
KindEditor上傳漏洞導致近百個黨政網站植入
http://www.52rkl.cn/xinwenzatan/040X245502019.html
TP-LINK路由器緩衝區溢出0 day 漏洞
https://www.4hou.com/vulnerable/17280.html
TP-LINK TL-WR940N / TL-WR941ND - Buffer Overflow
https://www.exploit-db.com/exploits/46678
D-Link DI-524 V2.06RU - Multiple Cross-Site Scripting
https://www.exploit-db.com/exploits/46687
QNAP Netatalk < 3.1.12 - Authentication Bypass
https://www.exploit-db.com/exploits/46675
關於Tenda AC系列路由器緩衝區溢出漏洞的情況通報
https://www.secrss.com/articles/9787
1.重大弱點漏洞
多個虛擬私人網絡應用程式未經加密儲存暫存 cookies 漏洞
https://kb.cert.org/vuls/id/192371/
CloudBees Jenkins信息洩露漏洞
https://jenkins.io/security/advisory/2019-03-25/#SECURITY-1089
Juniper 產品多個漏洞
https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES
Dell Networking OS10密鑰管理錯誤漏洞
https://www.dell.com/support/article/SLN316558/
CyberArk EPM 10.2.1.603 - Security Restrictions Bypass
https://www.exploit-db.com/exploits/46688
CentOS Web Panel 0.9.8.793 (Free) / 0.9.8.753 (Pro) - Cross-Site Scripting
https://www.exploit-db.com/exploits/46669
KindEditor上傳漏洞導致近百個黨政網站植入
http://www.52rkl.cn/xinwenzatan/040X245502019.html
TP-LINK路由器緩衝區溢出0 day 漏洞
https://www.4hou.com/vulnerable/17280.html
TP-LINK TL-WR940N / TL-WR941ND - Buffer Overflow
https://www.exploit-db.com/exploits/46678
D-Link DI-524 V2.06RU - Multiple Cross-Site Scripting
https://www.exploit-db.com/exploits/46687
QNAP Netatalk < 3.1.12 - Authentication Bypass
https://www.exploit-db.com/exploits/46675
關於Tenda AC系列路由器緩衝區溢出漏洞的情況通報
https://www.secrss.com/articles/9787
資安事件新聞週報 2019/4/1 ~ 2019/4/5
資安事件新聞週報 2019/4/1 ~ 2019/4/5
1.重大弱點漏洞
WinRAR Zero-day Abused in Multiple Campaigns
https://www.fireeye.com/blog/threat-research/2019/03/winrar-zero-day-abused-in-multiple-campaigns.html
新披露Jenkins RCE 漏洞成ImposterMiner 挖礦木馬新" 跳板"
https://www.chainnews.com/articles/931620544952.htm
因配置失誤超過1.3萬 iSCSI 存儲集群暴露在網路上
https://www.zdnet.com/article/over-13k-iscsi-storage-clusters-left-exposed-online-without-a-password/
甲骨文「通知」用戶付費取得Java 8安全修補程式,否則小心被駭
https://www.ithome.com.tw/news/129726
研究人員:HTTPS不如你想的安全,5.5%含有TLS漏洞
https://www.ithome.com.tw/news/129684
PuTTY 多個漏洞
https://thehackernews.com/2019/03/putty-software-hacking.html
Windows 10 收到奇怪的通知訊息?不是中毒,只是微軟不小心誤發的 Bug
https://www.kocpc.com.tw/archives/252222
微軟警告Windows 7用戶:安全更新即將結束
https://fnc.ebc.net.tw/FncNews/else/74214
Windows 10 1809進一步全面釋出
https://www.ithome.com.tw/news/129656
Microsoft Office Access Connectivity Engine遠程代碼執行漏洞
https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2019-0748
Microsoft Windows Kernel信息洩露漏洞
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0755
Improving the Windows 10 update experience with control, quality and transparency
https://bit.ly/2VsbI88
Microsoft Edge and Internet Explorer Zero-Days Allow Access to Confidential Session Data
https://bit.ly/2G2qKw0
Windows 10 Home edition users are big winners as Microsoft overhauls its update process
https://zd.net/2VnVLQt
Microsoft is making big Windows 10 update changes starting with the May 2019 release
https://zd.net/2uKVoUp
去年10個最常被駭客開採的漏洞中,有8個是微軟漏洞
https://www.ithome.com.tw/news/129487
1.重大弱點漏洞
WinRAR Zero-day Abused in Multiple Campaigns
https://www.fireeye.com/blog/threat-research/2019/03/winrar-zero-day-abused-in-multiple-campaigns.html
新披露Jenkins RCE 漏洞成ImposterMiner 挖礦木馬新" 跳板"
https://www.chainnews.com/articles/931620544952.htm
因配置失誤超過1.3萬 iSCSI 存儲集群暴露在網路上
https://www.zdnet.com/article/over-13k-iscsi-storage-clusters-left-exposed-online-without-a-password/
甲骨文「通知」用戶付費取得Java 8安全修補程式,否則小心被駭
https://www.ithome.com.tw/news/129726
研究人員:HTTPS不如你想的安全,5.5%含有TLS漏洞
https://www.ithome.com.tw/news/129684
PuTTY 多個漏洞
https://thehackernews.com/2019/03/putty-software-hacking.html
Windows 10 收到奇怪的通知訊息?不是中毒,只是微軟不小心誤發的 Bug
https://www.kocpc.com.tw/archives/252222
微軟警告Windows 7用戶:安全更新即將結束
https://fnc.ebc.net.tw/FncNews/else/74214
Windows 10 1809進一步全面釋出
https://www.ithome.com.tw/news/129656
Microsoft Office Access Connectivity Engine遠程代碼執行漏洞
https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2019-0748
Microsoft Windows Kernel信息洩露漏洞
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0755
Improving the Windows 10 update experience with control, quality and transparency
https://bit.ly/2VsbI88
Microsoft Edge and Internet Explorer Zero-Days Allow Access to Confidential Session Data
https://bit.ly/2G2qKw0
Windows 10 Home edition users are big winners as Microsoft overhauls its update process
https://zd.net/2VnVLQt
Microsoft is making big Windows 10 update changes starting with the May 2019 release
https://zd.net/2uKVoUp
去年10個最常被駭客開採的漏洞中,有8個是微軟漏洞
https://www.ithome.com.tw/news/129487
訂閱:
文章 (Atom)
2024年 10 月份資安、社群活動分享
2024年 10 月份資安、社群活動分享 Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/10/1 https://www.meetup.com/taiwan-code-camp/...
-
2023年 12月份資安、社群活動分享 零信任身份認證與存取控管 2023/12/1 https://web.tabf.org.tw/page/407020/course11.htm 線上資安專題講座-以攻擊策略演練角度協助企業評估、強化與呈現資安投資成效 2023/12/...
-
2024年 3月份資安、社群活動分享 線上資安人力需求對談-網路通信產業 2024/3/2 https://isipevent.kktix.cc/events/ff6f2146 2024H1資安實戰演練大會AI爆發時代的企業資安聯合軍演 2024/3/6 https://b...
-
2024年 2月份資安、社群活動分享 Taipei All About API Meetup Group - Meet and Greet, 01 Feb 2024, 07:00 PM 2024/2/1 https://www.meetup.com/taipei-all-a...