6月份資安、社群活動分享
6月份資安、社群活動分享
學生資安新手村 相關活動整理 淡江大學場 工作坊 6/1(六) 10:00 - 16:00
https://forms.gle/aBgGfLUYcvJh7hzk9
學生資安新手村 相關活動整理 高雄科技大學場 06/02(日) 08:30~18:00
https://nkust-itc.kktix.cc/events/security-beginner-workshop
資安新手村-網站照妖鏡 SITCON x NKUST_CSIE & ITC 6/2
https://nkust-itc.kktix.cc/events/security-beginner-workshop
PyTorch Tainan x CCNS 聚會 #23 6/2
https://pytorch-tainan.kktix.cc/events/2019-06-02-m23?fbclid=IwAR1s_n_piEyMN0e8NMHk-jjP97-1mjqI-favSKBAdxAglQ3j1aN17_fMmbk
【課程】Raspberry Pi 相機 x OpenCV 進階應用:攝影拍照、人臉偵測、影像處理與實作 6/2
https://www.techbang.com/posts/69830-course-raspberry-pi-camera-x-opencv-photo-photography-face-detection-image-processing-and-application
International Conference CONSTRUCTIVE THEORY OF FUNCTIONS - 2019 SOZOPOL, June 2 - 8, 2019
http://www.math.bas.bg/mathmod/CTF-2019/
TW BECKS No.2 6/3
https://becks.kktix.cc/events/20190603
軟體安全性測試實務 6/3 ~ 6/4
https://www.accupass.com/event/1904230701335964656400
資安事件新聞週報 2019/5/27 ~ 2019/5/31
資安事件新聞週報 2019/5/27 ~ 2019/5/31
1.重大弱點漏洞/後門/Exploit/Zero Day
Apple電腦存在重大漏洞 惡意程式可被輕鬆安裝
http://bit.ly/2W4fHfr
FreeBSD rtld execl權限提升漏洞
http://www.cnvd.org.cn/patchInfo/show/162201
Fortinet 產品多個漏洞
https://www.auscert.org.au/bulletins/ESB-2019.1899/
Fortinet FortiOS 授權問題漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13382
Docker 漏洞允許攻擊者獲得主機root 訪問權限
https://www.solidot.org/story?sid=60807
Researcher Describes Docker Vulnerability
https://www.bankinfosecurity.com/researcher-describes-docker-vulnerability-a-12535
隱私瀏覽器DuckDuckGo爆出漏洞,可導致URL欺騙攻擊
https://read01.com/AzNdky5.html
兆芯發布關於Zombie Load漏洞的聲明
https://xueqiu.com/9983210953/127543310
谷歌安全研究人員發現Notepad的代碼執行漏洞
https://nosec.org/home/detail/2687.html
Synology-SA-19:25 Virtual Machine Manager存在安全漏洞,請儘速確認並進行更新
http://www.cpcm.pu.edu.tw/app/news.php?Sn=139
研究人員發現可繞過Gatekeeper安全機制的macOS漏洞
https://ithome.com.tw/news/130908
大疆無人機有漏洞 專家:你可劫持它
http://bit.ly/2QCN42R
1.重大弱點漏洞/後門/Exploit/Zero Day
Apple電腦存在重大漏洞 惡意程式可被輕鬆安裝
http://bit.ly/2W4fHfr
FreeBSD rtld execl權限提升漏洞
http://www.cnvd.org.cn/patchInfo/show/162201
Fortinet 產品多個漏洞
https://www.auscert.org.au/bulletins/ESB-2019.1899/
Fortinet FortiOS 授權問題漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13382
Docker 漏洞允許攻擊者獲得主機root 訪問權限
https://www.solidot.org/story?sid=60807
Researcher Describes Docker Vulnerability
https://www.bankinfosecurity.com/researcher-describes-docker-vulnerability-a-12535
隱私瀏覽器DuckDuckGo爆出漏洞,可導致URL欺騙攻擊
https://read01.com/AzNdky5.html
兆芯發布關於Zombie Load漏洞的聲明
https://xueqiu.com/9983210953/127543310
谷歌安全研究人員發現Notepad的代碼執行漏洞
https://nosec.org/home/detail/2687.html
Synology-SA-19:25 Virtual Machine Manager存在安全漏洞,請儘速確認並進行更新
http://www.cpcm.pu.edu.tw/app/news.php?Sn=139
研究人員發現可繞過Gatekeeper安全機制的macOS漏洞
https://ithome.com.tw/news/130908
大疆無人機有漏洞 專家:你可劫持它
http://bit.ly/2QCN42R
資安事件新聞週報 2019/5/20 ~ 2019/5/24
資安事件新聞週報 2019/5/20 ~ 2019/5/24
1.重大弱點漏洞/後門/Exploit/Zero Day
Fortinet FortiClient 遠端執行任意程式碼漏洞 CVE-2019-5589
https://fortiguard.com/psirt/FG-IR-19-060
Fortinet FortiOS 緩衝區錯誤漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13381
Fortinet FortiOS VM 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5587
多款Huawei S系列交換機安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5285
揭秘“0 day漏洞”:一款強大卻脆弱的武器
https://www.4hou.com/vulnerable/18116.html
Some Elasticsearch security features are now free for everyone
https://www.zdnet.com/article/some-elasticsearch-security-features-are-now-free-for-everyone/#ftag=RSSbaffb68
McAfee 產品多個漏洞
https://kc.mcafee.com/corporate/index?page=content&id=SB10282
https://kc.mcafee.com/corporate/index?page=content&id=SB10280
女黑客SandboxEscaper又曝光4個Windows 10零日漏洞
https://www.sohu.com/a/316244133_223764?sec=wd
專家促微軟用戶修補遠端漏洞 警告黑客或發動蠕蟲攻擊
http://bit.ly/2HzCve0
最新 Windows 10 0-Day 漏洞在推特上出現,可執行任意檔案
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=856
微軟 Internet Explorer 零日繞過保安限制漏洞
https://www.bleepingcomputer.com/news/microsoft/poc-exploits-released-for-two-more-windows-vulnerabilities/
Windows漏洞獵人SandboxEscaper公布第五個零時差漏洞
https://www.ithome.com.tw/news/130814
Update: Hacker Disclosed 4 New Microsoft Zero-Day Exploits in Last 24 Hours
http://bit.ly/2wgRJhP
PoC Exploit For Unpatched Windows 10 Zero-Day Flaw Published Online
http://bit.ly/30BIVky
資安事件新聞週報 2019/5/13 ~ 2019/5/17
資安事件新聞週報 2019/5/13 ~ 2019/5/17
1.重大弱點漏洞/後門/Exploit/Zero Day
Fortinet FortiSandbox跨站腳本漏洞 CVE-2018-1356
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1356
GPS追蹤器的安全漏洞將允許駭客得知用戶位置或竊聽
https://www.ithome.com.tw/news/130585
Titan藍牙硬體金鑰有安全漏洞,Google將免費換新
https://ithome.com.tw/news/130673
WordPress網站的安全漏洞有98%來自外掛程式
https://www.ithome.com.tw/news/130713
VMWare 產品權限提升漏洞
https://www.us-cert.gov/ncas/current-activity/2019/05/14/VMware-Releases-Security-Updates
Toshiba 和 Brother 印表機Web Services列印存在安全漏洞
https://net.nthu.edu.tw/netsys/mailing:announcement:20190515_02
Coros announces VERTIX GPS adventure watch: 45-day battery life and extreme operating profile
https://www.zdnet.com/article/coros-announces-vertix-gps-adventure-watch-45-day-battery-life-and-extreme-operating-profile/#ftag=RSSbaffb68
HAProxy 安全漏洞 CVE-2019-11323
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11323
1.重大弱點漏洞/後門/Exploit/Zero Day
Fortinet FortiSandbox跨站腳本漏洞 CVE-2018-1356
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1356
GPS追蹤器的安全漏洞將允許駭客得知用戶位置或竊聽
https://www.ithome.com.tw/news/130585
Titan藍牙硬體金鑰有安全漏洞,Google將免費換新
https://ithome.com.tw/news/130673
WordPress網站的安全漏洞有98%來自外掛程式
https://www.ithome.com.tw/news/130713
VMWare 產品權限提升漏洞
https://www.us-cert.gov/ncas/current-activity/2019/05/14/VMware-Releases-Security-Updates
Toshiba 和 Brother 印表機Web Services列印存在安全漏洞
https://net.nthu.edu.tw/netsys/mailing:announcement:20190515_02
Coros announces VERTIX GPS adventure watch: 45-day battery life and extreme operating profile
https://www.zdnet.com/article/coros-announces-vertix-gps-adventure-watch-45-day-battery-life-and-extreme-operating-profile/#ftag=RSSbaffb68
HAProxy 安全漏洞 CVE-2019-11323
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11323
資安事件新聞週報 2019/5/6 ~ 2019/5/10
資安事件新聞週報 2019/5/6 ~ 2019/5/10
1.重大弱點漏洞/後門/Exploit/Zero Day
八種無線演示系統中的關鍵漏洞
https://www.chainnews.com/articles/111363306365.htm
Dell 預載軟體成為 PC 被駭的後門
https://chinese.engadget.com/2019/05/04/supportassist-dell-vulnerability-windows/
安全研究人員發現戴爾支持助手客戶端存在安全漏洞會引發遠程攻擊
https://www.landiannews.com/archives/58210.html
Office 2016更新臭蟲引發當機,遭微軟緊急撤除
https://www.ithome.com.tw/news/130505?fbclid=IwAR1Q5Dpo1wj_lF95EFYrGqzbb0u9bJu3yG7-UoeARiAB1VAXNAcxQ1Y_zxU
華碩與技嘉的驅動程式遭爆含有權限擴張漏洞
https://0nion.com/article/27466
Jenkins外掛存在安全漏洞,衍生密碼外洩或跨站攻擊風險
https://www.ithome.com.tw/news/130412
Jenkins外掛程序存在安全漏洞,有資料外洩和跨網站攻擊等風險
http://www.twoeggz.com/news/14467228.html
黑客三年來一直向APT組織提供微軟零日漏洞
http://521.li/post/628.html
1.重大弱點漏洞/後門/Exploit/Zero Day
八種無線演示系統中的關鍵漏洞
https://www.chainnews.com/articles/111363306365.htm
Dell 預載軟體成為 PC 被駭的後門
https://chinese.engadget.com/2019/05/04/supportassist-dell-vulnerability-windows/
安全研究人員發現戴爾支持助手客戶端存在安全漏洞會引發遠程攻擊
https://www.landiannews.com/archives/58210.html
Office 2016更新臭蟲引發當機,遭微軟緊急撤除
https://www.ithome.com.tw/news/130505?fbclid=IwAR1Q5Dpo1wj_lF95EFYrGqzbb0u9bJu3yG7-UoeARiAB1VAXNAcxQ1Y_zxU
華碩與技嘉的驅動程式遭爆含有權限擴張漏洞
https://0nion.com/article/27466
Jenkins外掛存在安全漏洞,衍生密碼外洩或跨站攻擊風險
https://www.ithome.com.tw/news/130412
Jenkins外掛程序存在安全漏洞,有資料外洩和跨網站攻擊等風險
http://www.twoeggz.com/news/14467228.html
黑客三年來一直向APT組織提供微軟零日漏洞
http://521.li/post/628.html
資安事件新聞週報 2019/4/29 ~ 2019/5/3
資安事件新聞週報 2019/4/29 ~ 2019/5/3
1.重大弱點漏洞
Symantec 產品多個漏洞
https://www.auscert.org.au/bulletins/79594
Fortinet FortiManager 洩露敏感資料漏洞
https://www.auscert.org.au/bulletins/79762
思科修補Nexus 9000網路交換器重大漏洞
https://www.ithome.com.tw/news/130397
New Exploits for Unsecure SAP Systems
https://www.us-cert.gov/ncas/alerts/AA19-122A
九成SAP用戶權限沒關好!13年前問題設定恐讓駭客任意存取App
https://www.ithome.com.tw/news/122772
Memcached 阻斷攻擊漏洞
https://github.com/memcached/memcached/wiki/ReleaseNotes1514
CentOS Web Panel 0.9.8.793 (Free) / v0.9.8.753 (Pro) / 0.9.8.807 (Pro) - Domain Field (Add DNS Zone) Cross-Site Scripting
https://www.exploit-db.com/exploits/46784
思科產品多個漏洞
https://www.us-cert.gov/ncas/current-activity/2019/05/01/Cisco-Releases-Security-Updates
D-Link camera vulnerability allows attackers to tap into the video stream
https://www.welivesecurity.com/2019/05/02/d-link-camera-vulnerability-video-stream/
Netgear DGN2200 / DGND3700 - Admin Password Disclosure
https://www.exploit-db.com/exploits/46764
Dell laptops and computers vulnerable to remote hijacks
https://www.zdnet.com/article/dell-laptops-and-computers-vulnerable-to-remote-hijacks/#ftag=RSSbaffb68
Pre-Installed Software Flaw Exposes Most Dell Computers to Remote Hacking
http://bit.ly/2J1Wt3p
Dell電腦內建支援軟體含有遠端攻擊漏洞
https://www.ithome.com.tw/news/130381
DSA-2019-051: Dell SupportAssist Client Multiple Vulnerabilities
https://www.dell.com/support/article/tw/zh/twbsd1/sln316857/dsa-2019-051-dell-supportassist-client-multiple-vulnerabilities?lang=en
Dell Remote Code Execution Demo
https://www.youtube.com/watch?time_continue=28&v=0cTfnZ04jgQ
Oracle WebLogic Server傳零時差漏洞,已遭開採植入勒索軟體、挖礦程式
https://www.ithome.com.tw/news/130363
Oracle WebLogic Server 存在反序列化弱點,可能導致遠端執行任意程式碼
https://www.us-cert.gov/ncas/current-activity/2019/04/26/Oracle-Releases-Security-Alert
Recent Oracle WebLogic zero-day used to infect servers with ransomware
https://www.zdnet.com/article/recent-oracle-weblogic-zero-day-used-to-infect-servers-with-ransomware/#ftag=RSSbaffb68
Hackers Found Exploiting Oracle WebLogic RCE Flaw to Spread Ransomware
http://bit.ly/2vzaRHv
1.重大弱點漏洞
Symantec 產品多個漏洞
https://www.auscert.org.au/bulletins/79594
Fortinet FortiManager 洩露敏感資料漏洞
https://www.auscert.org.au/bulletins/79762
思科修補Nexus 9000網路交換器重大漏洞
https://www.ithome.com.tw/news/130397
New Exploits for Unsecure SAP Systems
https://www.us-cert.gov/ncas/alerts/AA19-122A
九成SAP用戶權限沒關好!13年前問題設定恐讓駭客任意存取App
https://www.ithome.com.tw/news/122772
Memcached 阻斷攻擊漏洞
https://github.com/memcached/memcached/wiki/ReleaseNotes1514
CentOS Web Panel 0.9.8.793 (Free) / v0.9.8.753 (Pro) / 0.9.8.807 (Pro) - Domain Field (Add DNS Zone) Cross-Site Scripting
https://www.exploit-db.com/exploits/46784
思科產品多個漏洞
https://www.us-cert.gov/ncas/current-activity/2019/05/01/Cisco-Releases-Security-Updates
D-Link camera vulnerability allows attackers to tap into the video stream
https://www.welivesecurity.com/2019/05/02/d-link-camera-vulnerability-video-stream/
Netgear DGN2200 / DGND3700 - Admin Password Disclosure
https://www.exploit-db.com/exploits/46764
Dell laptops and computers vulnerable to remote hijacks
https://www.zdnet.com/article/dell-laptops-and-computers-vulnerable-to-remote-hijacks/#ftag=RSSbaffb68
Pre-Installed Software Flaw Exposes Most Dell Computers to Remote Hacking
http://bit.ly/2J1Wt3p
Dell電腦內建支援軟體含有遠端攻擊漏洞
https://www.ithome.com.tw/news/130381
DSA-2019-051: Dell SupportAssist Client Multiple Vulnerabilities
https://www.dell.com/support/article/tw/zh/twbsd1/sln316857/dsa-2019-051-dell-supportassist-client-multiple-vulnerabilities?lang=en
Dell Remote Code Execution Demo
https://www.youtube.com/watch?time_continue=28&v=0cTfnZ04jgQ
Oracle WebLogic Server傳零時差漏洞,已遭開採植入勒索軟體、挖礦程式
https://www.ithome.com.tw/news/130363
Oracle WebLogic Server 存在反序列化弱點,可能導致遠端執行任意程式碼
https://www.us-cert.gov/ncas/current-activity/2019/04/26/Oracle-Releases-Security-Alert
Recent Oracle WebLogic zero-day used to infect servers with ransomware
https://www.zdnet.com/article/recent-oracle-weblogic-zero-day-used-to-infect-servers-with-ransomware/#ftag=RSSbaffb68
Hackers Found Exploiting Oracle WebLogic RCE Flaw to Spread Ransomware
http://bit.ly/2vzaRHv
訂閱:
文章 (Atom)
2024年 11 月份資安、社群活動分享
2024年 11 月份資安、社群活動分享 FinTech Taipei 2024 台北金融科技展 2024/11/1 https://www.accupass.com/event/2409220219552125240836 2024台以金融科技交流座談會:AI新紀元 Is...
-
2024年 3月份資安、社群活動分享 線上資安人力需求對談-網路通信產業 2024/3/2 https://isipevent.kktix.cc/events/ff6f2146 2024H1資安實戰演練大會AI爆發時代的企業資安聯合軍演 2024/3/6 https://b...
-
2023年 12月份資安、社群活動分享 零信任身份認證與存取控管 2023/12/1 https://web.tabf.org.tw/page/407020/course11.htm 線上資安專題講座-以攻擊策略演練角度協助企業評估、強化與呈現資安投資成效 2023/12/...
-
2024年 2月份資安、社群活動分享 Taipei All About API Meetup Group - Meet and Greet, 01 Feb 2024, 07:00 PM 2024/2/1 https://www.meetup.com/taipei-all-a...