資安事件新聞週報 2019/9/23 ~ 2019/9/27
資安事件新聞週報 2019/9/23 ~ 2019/9/27
1.重大弱點漏洞/後門/Exploit/Zero Day
泰國司法部長就電子跟蹤器手環EM漏洞 司法部索賠逾8300萬銖
http://www.udnbkk.com/article-286128-1.html
清華大學發現ARM、Intel處理器漏洞;華為發布Mate 30系列手機
https://kknews.cc/tech/qlklg5r.html
makandra consul gem for Ruby 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16377
Agwl駭客組織再攻Phpstudy,新增Apache Solr漏洞利用
https://s.tencent.com/research/report/813.html
全球最大同性交友網站化身漏洞管理者,還有25個潛在漏洞排名
https://www.jishuwen.com/d/pmdz/zh-tw
Kubernetes Kubectl曝安全漏洞,Rancher產品不受影響
https://segmentfault.com/a/1190000020464083
10月份資安社群及教育訓練活動分享
10月份資安社群及教育訓練活動分享
2019 NASA黑客松賽前技術分享[Microsoft]_Azure 雲端運算與認知識別服務 10/1
https://www.facebook.com/events/421753888461417/
技職校院物聯網創新應用賽 10/1 受理報名
https://iot2gather.ntust.edu.tw/
Gnss海面反射訊號之技術及應用 10/1
https://www.facebook.com/events/384731849123773/
GovernmentWare Conference & Exhibition 10/1
https://infosec-conferences.com/events-in-2019/govware/
Cyber City Conference 10/1
https://infosec-conferences.com/events-in-2019/cyber-city-conference/
GDG DevFest Taipei 2019 10/1
https://www.meetup.com/GDGTaipei/events/263142255/
IEEE International Symposium on Reliable Distributed Systems (SRDS) 10/1 ~ 10/4
https://infosec-conferences.com/events-in-2019/srds/
資安事件新聞週報 2019/9/16 ~ 2019/9/20
資安事件新聞週報 2019/9/16 ~ 2019/9/20
1.重大弱點漏洞/後門/Exploit/Zero Day
Atlassian Jira 跨站脚本漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14996
Windows Defender malware scans are failing after a few seconds
https://www.zdnet.com/article/windows-defender-malware-scans-are-failing-after-a-few-seconds/
Haxx curl 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5481
IBM WebSphere Application Server 多個漏洞
https://www.ibm.com/support/pages/security-bulletin-information-disclosure-vulnerability-websphere-application-server-cve-2019-4477
https://www.ibm.com/support/pages/security-bulletin-file-traversal-vulnerability-websphere-application-server-admin-console-cve-2019-4268
https://www.ibm.com/support/pages/security-bulletin-cross-site-scripting-vulnerability-websphere-application-server-admin-console-cve-2019-4270
CVE-2019-1579:-- #Critical Pre-Authentication #Vulnerability
https://github.com/securifera/CVE-2019-1579
Vivotek VIVOTEK IP Camera 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14458
Warning: Researcher Drops phpMyAdmin Zero-Day Affecting All Versions
https://thehackernews.com/2019/09/phpmyadmin-csrf-exploit.html
安全專家在多家廠商的SOHO路由器和NAS設備中發現了125個新漏洞
https://nosec.org/home/detail/2966.html
125 New Flaws Found in Routers and NAS Devices from Popular Brands
https://thehackernews.com/2019/09/hacking-soho-routers.html
資安事件新聞週報 2019/9/9 ~ 2019/9/13
資安事件新聞週報 2019/9/9 ~ 2019/9/13
1.重大弱點漏洞/後門/Exploit/Zero Day
藏在純文字檔的Jenkins外掛漏洞
https://blog.trendmicro.com.tw/?p=61935
上百萬台網路收音機暗藏可遭駭客挾持的安全漏洞
https://ithome.com.tw/news/132984
Palo Alto Global 漏洞(CVE-2019-1579)
https://nosec.org/home/detail/2951.html
Pulse Secure VPN嚴重漏洞(CVE-2019-11510)警報
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101
Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN - Remote Code Execution
https://www.exploit-db.com/exploits/47354
Telnet backdoor vulnerabilities impact over a million IoT radio devices
https://www.zdnet.com/article/critical-vulnerabilities-impact-over-a-million-iot-radio-devices/#ftag=RSSbaffb68
Imperial & Dabman Internet Radio - Undocumented Telnetd & Code Execution
https://www.vulnerability-db.com/?q=articles/2019/09/09/imperial-dabman-internet-radio-undocumented-telnetd-code-execution
Java finally goes all in on open source with the Jakarta EE 8 release
https://www.zdnet.com/article/java-finally-goes-all-in-on-open-source-with-the-release-of-jakarta-ee-8/#ftag=RSSbaffb68
OfficeScan 11.0 SP1終止技術服務通知
https://esupport.trendmicro.com/zh-tw/business/topic_techsupport/topic_eosproduct.aspx
Vulnerability Spotlight: Denial-of-service vulnerabilities in some NETGEAR routers
https://blog.talosintelligence.com/2019/09/vuln-spotlight-Netgear-N300-routers-DoS-sept-2019.html
IBM WebSphere Application Server 資料洩露漏洞
https://www.ibm.com/support/pages/security-bulletin-path-traversal-vulnerability-websphere-application-server-admin-console-cve-2019-4442
CVE-2019-5475/Nexus Repository Manager遠程命令執行
https://qiita.com/shimizukawasaki/items/12f0b69945498e6d5aa9
Nexus Repository Manager 2.x遠程命令執行(CVE-2019-5475)
https://www.secpulse.com/archives/112290.html
資安事件新聞週報 2019/9/2 ~ 2019/9/6
資安事件新聞週報 2019/9/2 ~ 2019/9/6
1.重大弱點漏洞/後門/Exploit/Zero Day
PSV、PS3雙雙獲得韌體更新,但似乎忘了把漏洞補上
https://www.techbang.com/posts/72481-psv-ps3-double-get-stolic-update-but-seem-to-forget-to-fill-in-the-vulnerability
發現美國海軍網站的敏感信息洩露和SQL注入漏洞
https://nosec.org/home/detail/2909.html
企業修補進度慢!近期臺灣資安業者揭露的SSL VPN漏洞,傳出已遭駭客鎖定
https://www.ithome.com.tw/news/132764
SonarQube檢測出的bug、漏洞以及異味的修復整理
https://cloud.tencent.com/developer/article/1497624
Zimbra-RCE
https://github.com/rek7/Zimbra-RCE
Trend Micro OfficeScan (OSCE) DLL Side-Loading安全性弱點通告
https://nvd.nist.gov/vuln/detail/CVE-2019-9492
Hiding in Plain Text: Jenkins Plugin Vulnerabilities
https://blog.trendmicro.com/trendlabs-security-intelligence/hiding-in-plain-text-jenkins-plugin-vulnerabilities/
Lightning Network用戶敦促因漏洞而緊急更新軟件
https://0xzx.com/201908302043248275.html
SA103 : October 2015 NTP Security Vulnerabilities
https://support.symantec.com/us/en/article.SYMSA1335.html
SA98 : OpenSSL Security Advisory 11-June-2015
https://support.symantec.com/us/en/article.SYMSA1325.html
SA104 : OpenSSH Vulnerabilities
https://support.symantec.com/us/en/article.SYMSA1337.html
XSS and Information Disclosure Vulnerabilities in ASG and ProxySG
https://support.symantec.com/us/en/article.SYMSA1472.html
訂閱:
文章 (Atom)
2024年 12 月份資安、社群活動分享
2024年 12 月份資安、社群活動分享 Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/12/3 https://www.meetup.com/taiwan-code-camp/e...
-
2024年 3月份資安、社群活動分享 線上資安人力需求對談-網路通信產業 2024/3/2 https://isipevent.kktix.cc/events/ff6f2146 2024H1資安實戰演練大會AI爆發時代的企業資安聯合軍演 2024/3/6 https://b...
-
2024年 2月份資安、社群活動分享 Taipei All About API Meetup Group - Meet and Greet, 01 Feb 2024, 07:00 PM 2024/2/1 https://www.meetup.com/taipei-all-a...
-
2024年 5 月份資安、社群活動分享 資安五四三 2024/5/2 https://csa.kktix.cc/events/202405-543 HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會 淡水 2024/5/2 http...