資安事件新聞週報 2019/9/23 ~ 2019/9/27

資安事件新聞週報  2019/9/23  ~  2019/9/27

1.重大弱點漏洞/後門/Exploit/Zero Day
泰國司法部長就電子跟蹤器手環EM漏洞 司法部索賠逾8300萬銖
http://www.udnbkk.com/article-286128-1.html

清華大學發現ARM、Intel處理器漏洞；華為發布Mate 30系列手機
https://kknews.cc/tech/qlklg5r.html

makandra consul gem for Ruby 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16377

Agwl駭客組織再攻Phpstudy，新增Apache Solr漏洞利用
https://s.tencent.com/research/report/813.html

全球最大同性交友網站化身漏洞管理者，還有25個潛在漏洞排名
https://www.jishuwen.com/d/pmdz/zh-tw

Kubernetes Kubectl曝安全漏洞，Rancher產品不受影響
https://segmentfault.com/a/1190000020464083

10月份資安社群及教育訓練活動分享

10月份資安社群及教育訓練活動分享

 2019 NASA黑客松賽前技術分享[Microsoft]_Azure 雲端運算與認知識別服務 10/1
 https://www.facebook.com/events/421753888461417/

 技職校院物聯網創新應用賽 10/1 受理報名
 https://iot2gather.ntust.edu.tw/

 Gnss海面反射訊號之技術及應用 10/1
 https://www.facebook.com/events/384731849123773/

 GovernmentWare Conference & Exhibition  10/1
 https://infosec-conferences.com/events-in-2019/govware/

 Cyber City Conference 10/1
 https://infosec-conferences.com/events-in-2019/cyber-city-conference/

 GDG DevFest Taipei 2019 10/1
 https://www.meetup.com/GDGTaipei/events/263142255/

 IEEE International Symposium on Reliable Distributed Systems (SRDS)  10/1 ~ 10/4
 https://infosec-conferences.com/events-in-2019/srds/

資安事件新聞週報 2019/9/16 ~ 2019/9/20

資安事件新聞週報  2019/9/16  ~  2019/9/20

1.重大弱點漏洞/後門/Exploit/Zero Day
Atlassian Jira 跨站脚本漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14996

Windows Defender malware scans are failing after a few seconds
https://www.zdnet.com/article/windows-defender-malware-scans-are-failing-after-a-few-seconds/

Haxx curl 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5481

IBM WebSphere Application Server 多個漏洞
https://www.ibm.com/support/pages/security-bulletin-information-disclosure-vulnerability-websphere-application-server-cve-2019-4477
https://www.ibm.com/support/pages/security-bulletin-file-traversal-vulnerability-websphere-application-server-admin-console-cve-2019-4268
https://www.ibm.com/support/pages/security-bulletin-cross-site-scripting-vulnerability-websphere-application-server-admin-console-cve-2019-4270

CVE-2019-1579:-- #Critical Pre-Authentication #Vulnerability
https://github.com/securifera/CVE-2019-1579

Vivotek VIVOTEK IP Camera 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14458

Warning: Researcher Drops phpMyAdmin Zero-Day Affecting All Versions
https://thehackernews.com/2019/09/phpmyadmin-csrf-exploit.html

安全專家在多家廠商的SOHO路由器和NAS設備中發現了125個新漏洞
https://nosec.org/home/detail/2966.html

125 New Flaws Found in Routers and NAS Devices from Popular Brands
https://thehackernews.com/2019/09/hacking-soho-routers.html

資安事件新聞週報 2019/9/9 ~ 2019/9/13

資安事件新聞週報  2019/9/9  ~  2019/9/13


1.重大弱點漏洞/後門/Exploit/Zero Day
藏在純文字檔的Jenkins外掛漏洞
https://blog.trendmicro.com.tw/?p=61935

上百萬台網路收音機暗藏可遭駭客挾持的安全漏洞
https://ithome.com.tw/news/132984

Palo Alto Global  漏洞(CVE-2019-1579)
https://nosec.org/home/detail/2951.html

Pulse Secure VPN嚴重漏洞（CVE-2019-11510）警報
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101

Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN - Remote Code Execution
https://www.exploit-db.com/exploits/47354

Telnet backdoor vulnerabilities impact over a million IoT radio devices
https://www.zdnet.com/article/critical-vulnerabilities-impact-over-a-million-iot-radio-devices/#ftag=RSSbaffb68

Imperial & Dabman Internet Radio - Undocumented Telnetd & Code Execution
https://www.vulnerability-db.com/?q=articles/2019/09/09/imperial-dabman-internet-radio-undocumented-telnetd-code-execution

Java finally goes all in on open source with the Jakarta EE 8 release
https://www.zdnet.com/article/java-finally-goes-all-in-on-open-source-with-the-release-of-jakarta-ee-8/#ftag=RSSbaffb68

OfficeScan 11.0 SP1終止技術服務通知
https://esupport.trendmicro.com/zh-tw/business/topic_techsupport/topic_eosproduct.aspx

Vulnerability Spotlight: Denial-of-service vulnerabilities in some NETGEAR routers
https://blog.talosintelligence.com/2019/09/vuln-spotlight-Netgear-N300-routers-DoS-sept-2019.html

IBM WebSphere Application Server 資料洩露漏洞
https://www.ibm.com/support/pages/security-bulletin-path-traversal-vulnerability-websphere-application-server-admin-console-cve-2019-4442

CVE-2019-5475/Nexus Repository Manager遠程命令執行
https://qiita.com/shimizukawasaki/items/12f0b69945498e6d5aa9

Nexus Repository Manager 2.x遠程命令執行（CVE-2019-5475）
https://www.secpulse.com/archives/112290.html

資安事件新聞週報 2019/9/2 ~ 2019/9/6

資安事件新聞週報  2019/9/2  ~  2019/9/6

1.重大弱點漏洞/後門/Exploit/Zero Day
PSV、PS3雙雙獲得韌體更新，但似乎忘了把漏洞補上
https://www.techbang.com/posts/72481-psv-ps3-double-get-stolic-update-but-seem-to-forget-to-fill-in-the-vulnerability

發現美國海軍網站的敏感信息洩露和SQL注入漏洞
https://nosec.org/home/detail/2909.html

企業修補進度慢！近期臺灣資安業者揭露的SSL VPN漏洞，傳出已遭駭客鎖定
https://www.ithome.com.tw/news/132764

SonarQube檢測出的bug、漏洞以及異味的修復整理
https://cloud.tencent.com/developer/article/1497624

Zimbra-RCE
https://github.com/rek7/Zimbra-RCE

Trend Micro OfficeScan (OSCE) DLL Side-Loading安全性弱點通告
https://nvd.nist.gov/vuln/detail/CVE-2019-9492

Hiding in Plain Text: Jenkins Plugin Vulnerabilities
https://blog.trendmicro.com/trendlabs-security-intelligence/hiding-in-plain-text-jenkins-plugin-vulnerabilities/

Lightning Network用戶敦促因漏洞而緊急更新軟件
https://0xzx.com/201908302043248275.html

SA103 : October 2015 NTP Security Vulnerabilities
https://support.symantec.com/us/en/article.SYMSA1335.html

SA98 : OpenSSL Security Advisory 11-June-2015
https://support.symantec.com/us/en/article.SYMSA1325.html

SA104 : OpenSSH Vulnerabilities
https://support.symantec.com/us/en/article.SYMSA1337.html

XSS and Information Disclosure Vulnerabilities in ASG and ProxySG
https://support.symantec.com/us/en/article.SYMSA1472.html