資安事件新聞週報 2019/11/25 ~ 2019/11/29
資安事件新聞週報 2019/11/25 ~ 2019/11/29
1.重大弱點漏洞/後門/Exploit/Zero Day
Google 已發布安全更新以解決多個產品中的弱點
https://chromereleases.googleblog.com/2019/11/stable-channel-update-for-desktop_18.html
CWE公布2019年最危險的25個軟體錯誤
https://www.ithome.com.tw/news/134475
Fortinet 多個產品存在加密金鑰弱點,可能造成中間人成功竊聽或披露機敏資訊
https://fortiguard.com/psirt/FG-IR-18-100
TOP25 漏洞類型 8 年後首次迎來更新
https://www.chainnews.com/zh-hant/articles/142025348603.htm
phpMyAdmin 遠端執行任意程式碼漏洞
https://www.phpmyadmin.net/security/PMASA-2019-5/
Red Hat JBoss Enterprise Application Platform 多個漏洞
https://www.auscert.org.au/bulletins/ESB-2019.4484/
部份Fortinet產品加密金鑰漏洞,可讓駭客竊聽用戶活動
https://ithome.com.tw/news/134415
一加公佈個人信息安全漏洞並向受影響客戶致歉
https://www.cnbeta.com/articles/tech/913985.htm
TP-Link TL-WR841N 遠端執行程式碼漏洞
https://www.zerodayinitiative.com/advisories/ZDI-19-992/
ClamAV CVE-2013-7088
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7088
ClamAV CVE-2013-7087
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7087
資安事件新聞週報 2019/11/18 ~ 2019/11/22
資安事件新聞週報 2019/11/18 ~ 2019/11/22
1.重大弱點漏洞/後門/Exploit/Zero Day
中彈!高通晶片有漏洞 手機個資不保
https://www.chinatimes.com/realtimenews/20191118003422-260410?chdtv
透過智慧門鈴就可攻擊整個房子聯網設備!Amazon 已修補Ring Video Doorbell Pro 漏洞
https://blog.trendmicro.com.tw/?p=62657
Grin核心開發者解析Mimblewimble「漏洞」:非根本性缺陷,Grin很安全
https://news.knowing.asia/news/0cc8c2e7-222c-40e0-a7c8-5c010ede7023
Grin 隱私模型漏洞!駭客每週花費60美元的AWS服務,就能追蹤 96% 金流地址
https://www.blocktempo.com/former-google-engineer-uncovers-96-of-privacy-altcoin-addresses/
Fortinet FortOS 多個漏洞
https://www.hkcert.org/my_url/zh/alert/19111802
Fortinet FortiClient 多個漏洞
https://www.hkcert.org/my_url/zh/alert/19111901
Google動態郵件功能出現XSS漏洞,可讓駭客透過Gmail發動攻擊
https://www.ithome.com.tw/news/134279
IBM WebSphere Application 遠端執行任意程式碼漏洞
https://www.hkcert.org/my_url/zh/alert/19111801
HKCERT 呼籲關注Windows 7、Windows伺服器2008 及 2008 R2 終止支援服務
https://www.hkcert.org/my_url/zh/blog/19112201
引發 BSoD 的BlueKeep漏洞攻擊,造成系統崩潰的原因
https://blog.trendmicro.com.tw/?p=62621
High-Severity Windows UAC Flaw Enables Privilege Escalation
https://threatpost.com/windows-uac-flaw-privilege-escalation/150463/
資安事件新聞週報 2019/11/11 ~ 2019/11/15
資安事件新聞週報 2019/11/11 ~ 2019/11/15
1.重大弱點漏洞/後門/Exploit/Zero Day
開機載入程式Das U-Boot暗藏程式攻擊漏洞
https://ithome.com.tw/news/134091
McAfee antivirus software impacted by code execution vulnerability
https://www.zdnet.com/article/mcafee-antivirus-software-impacted-by-code-execution-vulnerability/#ftag=RSSbaffb68
JVNVU#91935870 Trend Micro Anti-Threat Toolkit (ATTK) における任意のコード実行が可能な脆弱性
https://jvn.jp/vu/JVNVU91935870/
蘋果 macOS 系統內建郵件功能藏重大漏洞!快用一招防堵個資遭外洩
https://3c.ltn.com.tw/news/38577
Apple Mail on macOS leaves parts of encrypted emails in plaintext
https://www.zdnet.com/article/apple-mail-on-macos-leaves-parts-of-encrypted-emails-in-plaintext/#ftag=RSSbaffb68
思科Talos發現LEADTOOLS工具包中存在多個漏洞,可能導致遠程代碼執行
https://www.t00ls.net/articles-53771.html
思科產品遠端執行任意程式碼漏洞
https://tools.cisco.com/security/center/publicationListing.x
Pulse Secure VPN Arbitrary Command Execution
https://packetstormsecurity.com/files/155277/pulse_secure_cmd_exec.rb.txt
資安事件新聞週報 2019/11/4 ~ 2019/11/8
資安事件新聞週報 2019/11/4 ~ 2019/11/8
1.重大弱點漏洞/後門/Exploit/Zero Day
BlueKeep漏洞發生第一波大規模攻擊,引發藍色死亡螢幕
https://www.ithome.com.tw/news/133987
First Cyber Attack 'Mass Exploiting' BlueKeep RDP Flaw Spotted in the Wild
https://thehackernews.com/2019/11/bluekeep-rdp-vulnerability.html
Snyk釋出最新JavaScript框架安全性報告,不少熱門框架模組存在XSS漏洞
https://www.ithome.com.tw/news/134029
JavaScriptCore - Type Confusion During Bailout when Reconstructing Arguments Objects
https://www.exploit-db.com/exploits/47590
ZTE 9000E 權限許可和訪問控制問題漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3425
多款D-Link產品遠程代碼執行漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16920
F5 BIG-IP AFM SQL注入漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6658
資安事件新聞週報 2019/10/28 ~ 2019/11/1
資安事件新聞週報 2019/10/28 ~ 2019/11/1
1.重大弱點漏洞/後門/Exploit/Zero Day
Symantec antivirus crashes something again. This time Chrome 78 browsers
https://www.zdnet.com/article/symantec-antivirus-crashes-something-again-this-time-chrome-78-browsers/#ftag=RSSbaffb68
VMWare vCenter 伺服器設備資料洩露漏洞
https://www.vmware.com/security/advisories/VMSA-2019-0018.html
MikroTik RouterOS 6.45.6 - DNS Cache Poisoning
https://www.exploit-db.com/exploits/47566
主流虛擬化平臺 QEMU-KVM 被曝存在漏洞,可完全控制宿主機及其虛擬機
https://www.chainnews.com/zh-hant/articles/730633063482.htm
Google Chrome/Microsoft Edge Chromium version 78.0.x error "Aw, Snap! Something went wrong while displaying this webpage." when using Endpoint Protection
https://support.symantec.com/us/en/article.tech256047.html
Where the beep is Reopen Closed Tab in Chrome 78? (and how to get it back)
https://www.zdnet.com/article/where-the-beep-is-reopen-closed-tab-in-chrome-78-and-how-to-get-it-back/#ftag=RSSbaffb68
Samba Releases Security Updates
https://www.samba.org/samba/security/CVE-2019-10218.html
https://www.samba.org/samba/security/CVE-2019-14833.html
https://www.samba.org/samba/security/CVE-2019-14847.html
訂閱:
文章 (Atom)
2024年 11 月份資安、社群活動分享
2024年 11 月份資安、社群活動分享 FinTech Taipei 2024 台北金融科技展 2024/11/1 https://www.accupass.com/event/2409220219552125240836 2024台以金融科技交流座談會:AI新紀元 Is...
-
2024年 3月份資安、社群活動分享 線上資安人力需求對談-網路通信產業 2024/3/2 https://isipevent.kktix.cc/events/ff6f2146 2024H1資安實戰演練大會AI爆發時代的企業資安聯合軍演 2024/3/6 https://b...
-
2023年 12月份資安、社群活動分享 零信任身份認證與存取控管 2023/12/1 https://web.tabf.org.tw/page/407020/course11.htm 線上資安專題講座-以攻擊策略演練角度協助企業評估、強化與呈現資安投資成效 2023/12/...
-
2024年 2月份資安、社群活動分享 Taipei All About API Meetup Group - Meet and Greet, 01 Feb 2024, 07:00 PM 2024/2/1 https://www.meetup.com/taipei-all-a...