資安事件新聞週報 2019/11/25 ~ 2019/11/29

資安事件新聞週報  2019/11/25  ~  2019/11/29

1.重大弱點漏洞/後門/Exploit/Zero Day
Google 已發布安全更新以解決多個產品中的弱點
https://chromereleases.googleblog.com/2019/11/stable-channel-update-for-desktop_18.html

CWE公布2019年最危險的25個軟體錯誤
https://www.ithome.com.tw/news/134475

Fortinet 多個產品存在加密金鑰弱點，可能造成中間人成功竊聽或披露機敏資訊
https://fortiguard.com/psirt/FG-IR-18-100

TOP25 漏洞類型 8 年後首次迎來更新
https://www.chainnews.com/zh-hant/articles/142025348603.htm

phpMyAdmin 遠端執行任意程式碼漏洞
https://www.phpmyadmin.net/security/PMASA-2019-5/

Red Hat JBoss Enterprise Application Platform 多個漏洞
https://www.auscert.org.au/bulletins/ESB-2019.4484/

部份Fortinet產品加密金鑰漏洞，可讓駭客竊聽用戶活動
https://ithome.com.tw/news/134415

一加公佈個人信息安全漏洞並向受影響客戶致歉
https://www.cnbeta.com/articles/tech/913985.htm

TP-Link TL-WR841N 遠端執行程式碼漏洞
https://www.zerodayinitiative.com/advisories/ZDI-19-992/

ClamAV CVE-2013-7088
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7088

ClamAV CVE-2013-7087
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7087

資安事件新聞週報 2019/11/18 ~ 2019/11/22

資安事件新聞週報  2019/11/18  ~  2019/11/22

1.重大弱點漏洞/後門/Exploit/Zero Day
中彈！高通晶片有漏洞 手機個資不保
https://www.chinatimes.com/realtimenews/20191118003422-260410?chdtv

透過智慧門鈴就可攻擊整個房子聯網設備!Amazon 已修補Ring Video Doorbell Pro 漏洞
https://blog.trendmicro.com.tw/?p=62657

Grin核心開發者解析Mimblewimble「漏洞」：非根本性缺陷，Grin很安全
https://news.knowing.asia/news/0cc8c2e7-222c-40e0-a7c8-5c010ede7023

Grin 隱私模型漏洞！駭客每週花費60美元的AWS服務，就能追蹤 96% 金流地址
https://www.blocktempo.com/former-google-engineer-uncovers-96-of-privacy-altcoin-addresses/

Fortinet FortOS 多個漏洞
https://www.hkcert.org/my_url/zh/alert/19111802

Fortinet FortiClient 多個漏洞
https://www.hkcert.org/my_url/zh/alert/19111901

Google動態郵件功能出現XSS漏洞，可讓駭客透過Gmail發動攻擊
https://www.ithome.com.tw/news/134279

IBM WebSphere Application 遠端執行任意程式碼漏洞
https://www.hkcert.org/my_url/zh/alert/19111801

HKCERT 呼籲關注Windows 7、Windows伺服器2008 及 2008 R2 終止支援服務
https://www.hkcert.org/my_url/zh/blog/19112201

引發 BSoD 的BlueKeep漏洞攻擊,造成系統崩潰的原因
https://blog.trendmicro.com.tw/?p=62621

High-Severity Windows UAC Flaw Enables Privilege Escalation
https://threatpost.com/windows-uac-flaw-privilege-escalation/150463/

資安事件新聞週報 2019/11/11 ~ 2019/11/15

資安事件新聞週報  2019/11/11  ~  2019/11/15

1.重大弱點漏洞/後門/Exploit/Zero Day
開機載入程式Das U-Boot暗藏程式攻擊漏洞
https://ithome.com.tw/news/134091

McAfee antivirus software impacted by code execution vulnerability
https://www.zdnet.com/article/mcafee-antivirus-software-impacted-by-code-execution-vulnerability/#ftag=RSSbaffb68

JVNVU#91935870 Trend Micro Anti-Threat Toolkit (ATTK) における任意のコード実行が可能な脆弱性
https://jvn.jp/vu/JVNVU91935870/

蘋果 macOS 系統內建郵件功能藏重大漏洞！快用一招防堵個資遭外洩
https://3c.ltn.com.tw/news/38577

Apple Mail on macOS leaves parts of encrypted emails in plaintext
https://www.zdnet.com/article/apple-mail-on-macos-leaves-parts-of-encrypted-emails-in-plaintext/#ftag=RSSbaffb68

思科Talos發現LEADTOOLS工具包中存在多個漏洞，可能導致遠程代碼執行
https://www.t00ls.net/articles-53771.html

思科產品遠端執行任意程式碼漏洞
https://tools.cisco.com/security/center/publicationListing.x

Pulse Secure VPN Arbitrary Command Execution
https://packetstormsecurity.com/files/155277/pulse_secure_cmd_exec.rb.txt

資安事件新聞週報 2019/11/4 ~ 2019/11/8

資安事件新聞週報  2019/11/4  ~  2019/11/8

1.重大弱點漏洞/後門/Exploit/Zero Day
BlueKeep漏洞發生第一波大規模攻擊，引發藍色死亡螢幕
https://www.ithome.com.tw/news/133987

First Cyber Attack 'Mass Exploiting' BlueKeep RDP Flaw Spotted in the Wild
https://thehackernews.com/2019/11/bluekeep-rdp-vulnerability.html

Snyk釋出最新JavaScript框架安全性報告，不少熱門框架模組存在XSS漏洞
https://www.ithome.com.tw/news/134029

JavaScriptCore - Type Confusion During Bailout when Reconstructing Arguments Objects
https://www.exploit-db.com/exploits/47590

ZTE 9000E 權限許可和訪問控制問題漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3425

多款D-Link產品遠程代碼執行漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16920

F5 BIG-IP AFM SQL注入漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6658

資安事件新聞週報 2019/10/28 ~ 2019/11/1

資安事件新聞週報  2019/10/28  ~  2019/11/1

1.重大弱點漏洞/後門/Exploit/Zero Day

Symantec antivirus crashes something again. This time Chrome 78 browsers
https://www.zdnet.com/article/symantec-antivirus-crashes-something-again-this-time-chrome-78-browsers/#ftag=RSSbaffb68

VMWare vCenter 伺服器設備資料洩露漏洞
https://www.vmware.com/security/advisories/VMSA-2019-0018.html

MikroTik RouterOS 6.45.6 - DNS Cache Poisoning
https://www.exploit-db.com/exploits/47566

主流虛擬化平臺 QEMU-KVM 被曝存在漏洞，可完全控制宿主機及其虛擬機
https://www.chainnews.com/zh-hant/articles/730633063482.htm

Google Chrome/Microsoft Edge Chromium version 78.0.x error "Aw, Snap! Something went wrong while displaying this webpage." when using Endpoint Protection
https://support.symantec.com/us/en/article.tech256047.html

Where the beep is Reopen Closed Tab in Chrome 78? (and how to get it back)
https://www.zdnet.com/article/where-the-beep-is-reopen-closed-tab-in-chrome-78-and-how-to-get-it-back/#ftag=RSSbaffb68

Samba Releases Security Updates
https://www.samba.org/samba/security/CVE-2019-10218.html
https://www.samba.org/samba/security/CVE-2019-14833.html
https://www.samba.org/samba/security/CVE-2019-14847.html