資安事件新聞週報 2019/8/26 ~ 2019/8/30
1.重大弱點漏洞/後門/Exploit/Zero Day
2019年HITCON ZeroDay漏洞通報現況,注意弱密碼問題通報數量增,還有人才媒合新功能上線
https://www.ithome.com.tw/news/132620
企業弱密碼今年狂被駭!HITCON資安漏洞申報平台連台電、群暉都拜託「抓漏」
http://bit.ly/2PfQM5x
Kubernetes嚴重漏洞致服務器DoS攻擊
https://www.4hou.com/vulnerable/19863.html
IBM WebSphere Application Server 多個漏洞
https://www-01.ibm.com/support/docview.wss?uid=ibm10964780
台灣資安公司揭露多家企業級 VPN 服務漏洞後,駭客便用來攔截流量
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=919
Palo Alto PAN-OS 多個漏洞
https://securityadvisories.paloaltonetworks.com/Home/Detail/159
https://securityadvisories.paloaltonetworks.com/Home/Detail/160
https://securityadvisories.paloaltonetworks.com/Home/Detail/161
Palo Alto Networks PAN-OS 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1582
Cisco 多個產品發布新的安全更新
https://www.us-cert.gov/ncas/current-activity/2019/08/22/cisco-releases-security-updates
思科 NX-OS 多個漏洞
https://tools.cisco.com/security/center/publicationListing.x
9月份資安社群及教育訓練活動分享
9月份資安社群及教育訓練活動分享
HITCON HackDoor 駭入辦公室 7/2 ~ 9/28
https://www.accupass.com/event/1906050355291064968019
MLDM Monday|用開放資料玩出政府創新應用 : 當雨神來臨時 9/2
https://www.meetup.com/Taiwan-R/events/262992081/
Taipei Rails Meetup 9/3
https://www.meetup.com/rails-taiwan/events/dlgzljyzmbfb/
高雄 Rails Meetup 9/4
https://www.meetup.com/rails-taiwan/events/qxfvjkyzmbgb/
Android Code Club(Taipei) 9/4
https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/bsctnqyzmbgb/
SyntaxError 9/4
https://www.meetup.com/pythonhug/events/tnzzgpyzmbgb/
工業控制系統資安研討會 9/5
http://bit.ly/2NsMvt5
HackingThursday 固定聚會 9/5
https://www.meetup.com/hackingthursday/events/vkhnnqyzmbhb/
TWJUG 201909 聚會 9/5
https://www.meetup.com/taiwanjug/events/264123847/
資安事件新聞週報 2019/8/19 ~ 2019/8/23
資安事件新聞週報 2019/8/19 ~ 2019/8/23
1.重大弱點漏洞/後門/Exploit/Zero Day
卡巴斯基殺毒軟件被曝出用戶上網痕跡洩露漏洞
https://zhuanlan.zhihu.com/p/78480931
被HTTP/2漏洞拖累,所有Kubernetes版本受影響
https://www.kubernetes.org.cn/5746.html
UK cybersecurity agency warns devs to drop Python 2 due to looming EOL & security risks
https://www.zdnet.com/article/uk-cybersecurity-agency-warns-devs-to-drop-python-2-due-to-looming-eol-security-risks/#ftag=RSSbaffb68
npm撤下含有可竊取登入憑證的bb-builder套件
https://www.ithome.com.tw/news/132572
npm Pulls Malicious Package that Stole Login Passwords
https://www.bleepingcomputer.com/news/security/npm-pulls-malicious-package-that-stole-login-passwords/
The NPM package that walked away with all your passwords
https://blog.reversinglabs.com/blog/the-npm-package-that-walked-away-with-all-your-passwords
IBM WebSphere Application Server 多個漏洞
https://www-01.ibm.com/support/docview.wss?uid=ibm10964780
1.重大弱點漏洞/後門/Exploit/Zero Day
卡巴斯基殺毒軟件被曝出用戶上網痕跡洩露漏洞
https://zhuanlan.zhihu.com/p/78480931
被HTTP/2漏洞拖累,所有Kubernetes版本受影響
https://www.kubernetes.org.cn/5746.html
UK cybersecurity agency warns devs to drop Python 2 due to looming EOL & security risks
https://www.zdnet.com/article/uk-cybersecurity-agency-warns-devs-to-drop-python-2-due-to-looming-eol-security-risks/#ftag=RSSbaffb68
npm撤下含有可竊取登入憑證的bb-builder套件
https://www.ithome.com.tw/news/132572
npm Pulls Malicious Package that Stole Login Passwords
https://www.bleepingcomputer.com/news/security/npm-pulls-malicious-package-that-stole-login-passwords/
The NPM package that walked away with all your passwords
https://blog.reversinglabs.com/blog/the-npm-package-that-walked-away-with-all-your-passwords
IBM WebSphere Application Server 多個漏洞
https://www-01.ibm.com/support/docview.wss?uid=ibm10964780
資安事件新聞週報 2019/8/12 ~ 2019/8/16
資安事件新聞週報 2019/8/12 ~ 2019/8/16
1.重大弱點漏洞/後門/Exploit/Zero Day
Steam驚爆安全漏洞 逾1億玩家恐受影響
https://newtalk.tw/news/view/2019-08-11/284396
托最新藍牙漏洞的“福”,我險些把小電影和賬戶密碼親手給黑客
https://tech.ifeng.com/c/7p8gRStrlcA
JVNVU#90240762 Bluetooth BR/EDR での暗号鍵エントロピーのネゴシエーションにおける問題
https://jvn.jp/vu/JVNVU90240762/
賽門鐵克防毒軟體和Windows SHA-2不相容,微軟暫停更新
https://www.ithome.com.tw/news/132435
Kasper-Spy: Kaspersky Anti-Virus puts users at risk
https://www.heise.de/ct/artikel/Kasper-Spy-Kaspersky-Anti-Virus-puts-users-at-risk-4496138.html
Kaspersky Antivirus Flaw Exposed Users to Cross-Site Tracking Online
https://thehackernews.com/2019/08/kaspersky-antivirus-online-tracking.html
Trend Micro fixes privilege escalation security flaw in Password Manager
https://www.zdnet.com/article/trend-micro-fixes-hijack-security-flaw-in-password-manager/#ftag=RSSbaffb68
Trend Micro Password Manager - Privilege Escalation to SYSTEM
https://safebreach.com/Post/Trend-Micro-Password-Manager-Privilege-Escalation-to-SYSTEM
HTTP/2含有多個服務阻斷漏洞,亞馬遜、臉書、蘋果、微軟全遭殃
https://www.ithome.com.tw/news/132414
8 New HTTP/2 Implementation Flaws Expose Websites to DoS Attacks
https://thehackernews.com/2019/08/http2-dos-vulnerability.html
New HTTP/2 Flaws Expose Unpatched Web Servers to DoS Attacks
https://www.bleepingcomputer.com/news/security/new-http-2-flaws-expose-unpatched-web-servers-to-dos-attacks/
1.重大弱點漏洞/後門/Exploit/Zero Day
Steam驚爆安全漏洞 逾1億玩家恐受影響
https://newtalk.tw/news/view/2019-08-11/284396
托最新藍牙漏洞的“福”,我險些把小電影和賬戶密碼親手給黑客
https://tech.ifeng.com/c/7p8gRStrlcA
JVNVU#90240762 Bluetooth BR/EDR での暗号鍵エントロピーのネゴシエーションにおける問題
https://jvn.jp/vu/JVNVU90240762/
賽門鐵克防毒軟體和Windows SHA-2不相容,微軟暫停更新
https://www.ithome.com.tw/news/132435
Kasper-Spy: Kaspersky Anti-Virus puts users at risk
https://www.heise.de/ct/artikel/Kasper-Spy-Kaspersky-Anti-Virus-puts-users-at-risk-4496138.html
Kaspersky Antivirus Flaw Exposed Users to Cross-Site Tracking Online
https://thehackernews.com/2019/08/kaspersky-antivirus-online-tracking.html
Trend Micro fixes privilege escalation security flaw in Password Manager
https://www.zdnet.com/article/trend-micro-fixes-hijack-security-flaw-in-password-manager/#ftag=RSSbaffb68
Trend Micro Password Manager - Privilege Escalation to SYSTEM
https://safebreach.com/Post/Trend-Micro-Password-Manager-Privilege-Escalation-to-SYSTEM
HTTP/2含有多個服務阻斷漏洞,亞馬遜、臉書、蘋果、微軟全遭殃
https://www.ithome.com.tw/news/132414
8 New HTTP/2 Implementation Flaws Expose Websites to DoS Attacks
https://thehackernews.com/2019/08/http2-dos-vulnerability.html
New HTTP/2 Flaws Expose Unpatched Web Servers to DoS Attacks
https://www.bleepingcomputer.com/news/security/new-http-2-flaws-expose-unpatched-web-servers-to-dos-attacks/
資安事件新聞週報 2019/8/5 ~ 2019/8/9
資安事件新聞週報 2019/8/5 ~ 2019/8/9
1.重大弱點漏洞/後門/Exploit/Zero Day
PuTTY繼0.71版本修正8個高風險漏洞後,再次更新0.72版本
http://bit.ly/2YDMIM5
修補 Fortigate SSL VPN Web門戶中的不正當授權漏洞
https://ithelp.ithome.com.tw/articles/10212691
研究者警告:眾多Jira伺服器的錯誤配置,讓員工及專案資訊全曝光
https://www.ithome.com.tw/news/132265
研究人員發現可劫持數百萬Android裝置的高通晶片漏洞
https://www.ithome.com.tw/news/132291
DRAGONBLOOD新漏洞劫持WPA3密碼
https://www.4hou.com/vulnerable/19554.html
IBM WebSphere Application Server 多個漏洞
https://www-01.ibm.com/support/docview.wss?uid=ibm10960159
https://www-01.ibm.com/support/docview.wss?uid=ibm10888425
NVIDIA Patches High Severity Flaws in Windows GPU Display Driver
https://www.bleepingcomputer.com/news/security/nvidia-patches-high-severity-flaws-in-windows-gpu-display-driver/
NVIDIA顯卡驅動被曝5個高危漏洞官方建議升級最新版
http://www.elecfans.com/emb/dsp/201908041031073.html
VMWare 產品多個漏洞
https://www.vmware.com/security/advisories/VMSA-2019-0012.html
資安事件新聞週報 2019/7/29 ~ 2019/8/2
資安事件新聞週報 2019/7/29 ~ 2019/8/2
1.重大弱點漏洞/後門/Exploit/Zero Day
Critical Flaws in 'OXID eShop' Software Expose eCommerce Sites to Hacking
https://thehackernews.com/2019/07/oxid-eshop-ecommerce.html
LibreOffice 遠端執行任意程式碼漏洞
https://nvd.nist.gov/vuln/detail/CVE-2019-9848
Cisco Catalyst 3850 Series Device Manager - Cross-Site Request Forgery
https://www.exploit-db.com/exploits/47203
Oracle WebLogic遠程命令執行漏洞預警
http://www.oracle-training.cc/jiaocheng/8267850.html
JVNVU#99222951 Oracle Solaris における任意のコード実行の脆弱性
https://jvn.jp/vu/JVNVU99222951/
Symantec Endpoint Protection 提升權限漏洞
https://support.symantec.com/us/en/article.SYMSA1487.html
Fortinet 產品繞過保安限制漏洞
https://fortiguard.com/psirt/FG-IR-16-090
https://fortiguard.com/psirt/FG-IR-19-111
蘋果修補允許駭客讀取檔案的iMessage漏洞
https://ithome.com.tw/news/132119
【漏洞預警】Django JSONField,HStoreField SQL注入漏洞
https://www.freebuf.com/vuls/210257.html
SanDisk SSD Dashboard 管理程式存有資安漏洞
https://www.twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5098
1.重大弱點漏洞/後門/Exploit/Zero Day
Critical Flaws in 'OXID eShop' Software Expose eCommerce Sites to Hacking
https://thehackernews.com/2019/07/oxid-eshop-ecommerce.html
LibreOffice 遠端執行任意程式碼漏洞
https://nvd.nist.gov/vuln/detail/CVE-2019-9848
Cisco Catalyst 3850 Series Device Manager - Cross-Site Request Forgery
https://www.exploit-db.com/exploits/47203
Oracle WebLogic遠程命令執行漏洞預警
http://www.oracle-training.cc/jiaocheng/8267850.html
JVNVU#99222951 Oracle Solaris における任意のコード実行の脆弱性
https://jvn.jp/vu/JVNVU99222951/
Symantec Endpoint Protection 提升權限漏洞
https://support.symantec.com/us/en/article.SYMSA1487.html
Fortinet 產品繞過保安限制漏洞
https://fortiguard.com/psirt/FG-IR-16-090
https://fortiguard.com/psirt/FG-IR-19-111
蘋果修補允許駭客讀取檔案的iMessage漏洞
https://ithome.com.tw/news/132119
【漏洞預警】Django JSONField,HStoreField SQL注入漏洞
https://www.freebuf.com/vuls/210257.html
SanDisk SSD Dashboard 管理程式存有資安漏洞
https://www.twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5098
訂閱:
文章 (Atom)
2024年 12 月份資安、社群活動分享
2024年 12 月份資安、社群活動分享 Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/12/3 https://www.meetup.com/taiwan-code-camp/e...
-
2024年 3月份資安、社群活動分享 線上資安人力需求對談-網路通信產業 2024/3/2 https://isipevent.kktix.cc/events/ff6f2146 2024H1資安實戰演練大會AI爆發時代的企業資安聯合軍演 2024/3/6 https://b...
-
2024年 2月份資安、社群活動分享 Taipei All About API Meetup Group - Meet and Greet, 01 Feb 2024, 07:00 PM 2024/2/1 https://www.meetup.com/taipei-all-a...
-
2024年 5 月份資安、社群活動分享 資安五四三 2024/5/2 https://csa.kktix.cc/events/202405-543 HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會 淡水 2024/5/2 http...