資安事件新聞週報 2020/5/25 ~ 2020/5/29
資安事件新聞週報 2020/5/25 ~ 2020/5/29
1.重大弱點漏洞/後門/Exploit/Zero Day
針對8萬個應用程式的調查發現,有7成程式含有開源漏洞
https://www.ithome.com.tw/news/137846
美國安局警告,俄羅斯駭客正在開採Exim漏洞
https://www.ithome.com.tw/news/137947
STATE OF SOFTWARE SECURITY Open Source Edition
https://www.veracode.com/sites/default/files/pdf/resources/reports/state-of-software-security-open-source-edition-veracode-report.pdf
多種DNS解析程序被發現漏洞允許攻擊者發動拒絕服務攻擊
https://www.cnbeta.com/articles/tech/982263.htm
一個新的 DNS 安全漏洞被曝出,可引發大規模的 DDoS“轟炸
https://www.chainnews.com/zh-hant/articles/855208189865.htm
NXNSAttack:DNS協議安全漏洞通告
https://www.anquanke.com/post/id/207004
研究人員發現DNS查詢遞迴漏洞,影響多數DNS伺服器,企業應儘速採取修補作業
https://www.ithome.com.tw/news/137777
Microsoft Warns of Vulnerability Affecting Windows DNS Server
https://www.darkreading.com/threat-intelligence/microsoft-warns-of-vulnerability-affecting-windows-dns-server/d/d-id/1337872
New DNS Vulnerability Lets Attackers Launch Large-Scale DDoS Attacks
https://thehackernews.com/2020/05/dns-server-ddos-attack.html
Fortinet FortiClient 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9291
駭客企圖開採已修補的Sophos防火牆漏洞來散布勒索軟體
https://www.ithome.com.tw/news/137809
Hackers are exploiting a Sophos firewall zero-day
https://www.zdnet.com/article/hackers-are-exploiting-a-sophos-firewall-zero-day/
電郵爆資安漏洞?被陌生人看光…無須認證就能檢閱信件內容
https://bit.ly/2ZwpKKG
2020年 6 月份資安、社群活動分享
2020年 6 月份資安、社群活動分享
數位轉型攻略:後疫時代企業生存法則 數位轉型領先企業戰力大公開 6/1
https://event.ithome.com.tw/live/20200601/signup.html?v=1590718274?v=
數位轉型攻略:後疫時代企業生存法則 AI 企業今年 IT 戰略大公開 6/2
https://event.ithome.com.tw/live/20200601/signup.html?v=1590718274?v=
Java Spring安全程式開發實務班 6/2 ~ 6/3
https://www.iiiedu.org.tw/courses/msa466t2001/
2020網路及資訊安全研討會 6/3
https://cnis2020.csie.uch.edu.tw/
PyData Taipei 2020-06 Meetup 6/3
https://www.meetup.com/PyData-Taipei-Meetup-Group/events/270690493/
Slack 開外掛 - 用 Bottender framework 串接 Slack API 6/3
https://www.meetup.com/slack-platform-community-taipei/events/270702834/
誰來晚餐-資安人的聚會 6/4
https://event.twcsa.org/site/course/110
邊緣計算系統之大數據與深度學習應用 6/5
https://edu.nchc.org.tw/course/one_course_introduction.asp?lms_auto_course_id=3884&from_course_list_url=course_index
資安事件新聞週報 2020/5/18 ~ 2020/5/22
資安事件新聞週報 2020/5/18 ~ 2020/5/22
1.重大弱點漏洞/後門/Exploit/Zero Day
Fortinet 產品阻斷服務漏洞
https://fortiguard.com/psirt/FG-IR-16-039
QNAP軟體有RCE漏洞,波及數十萬臺NAS硬體
https://www.ithome.com.tw/news/137748
藍牙沒用記得關!藍牙爆資安漏洞 駭客偽裝信任設備悄悄入侵
https://bit.ly/3gn2KnE
藍牙協定含有配對漏洞將讓駭客假冒裝置身分
https://ithome.com.tw/news/137740
Adobe緊急修補遠端程式攻擊漏洞
https://www.ithome.com.tw/news/137751
iOS 13.5 正式推出 修電郵軟件漏洞但暴露通知香港有得用
https://bit.ly/2yo2C62
研究人員發現DNS查詢遞迴漏洞,影響多數DNS伺服器,企業應儘速採取修補作業
https://www.ithome.com.tw/news/137777
FBI warns about attacks on Magento online stores via old plugin vulnerability
https://www.zdnet.com/article/fbi-warns-about-attacks-on-magento-online-stores-via-old-plugin-vulnerability/#ftag=RSSbaffb68
Vulnerability Spotlight: Multiple vulnerabilities in Nitro Pro PDF reader
https://blog.talosintelligence.com/2020/05/vuln-spotlight-Nitro-pro-pdf-may-2020.html
1.重大弱點漏洞/後門/Exploit/Zero Day
Fortinet 產品阻斷服務漏洞
https://fortiguard.com/psirt/FG-IR-16-039
QNAP軟體有RCE漏洞,波及數十萬臺NAS硬體
https://www.ithome.com.tw/news/137748
藍牙沒用記得關!藍牙爆資安漏洞 駭客偽裝信任設備悄悄入侵
https://bit.ly/3gn2KnE
藍牙協定含有配對漏洞將讓駭客假冒裝置身分
https://ithome.com.tw/news/137740
Adobe緊急修補遠端程式攻擊漏洞
https://www.ithome.com.tw/news/137751
iOS 13.5 正式推出 修電郵軟件漏洞但暴露通知香港有得用
https://bit.ly/2yo2C62
研究人員發現DNS查詢遞迴漏洞,影響多數DNS伺服器,企業應儘速採取修補作業
https://www.ithome.com.tw/news/137777
FBI warns about attacks on Magento online stores via old plugin vulnerability
https://www.zdnet.com/article/fbi-warns-about-attacks-on-magento-online-stores-via-old-plugin-vulnerability/#ftag=RSSbaffb68
Vulnerability Spotlight: Multiple vulnerabilities in Nitro Pro PDF reader
https://blog.talosintelligence.com/2020/05/vuln-spotlight-Nitro-pro-pdf-may-2020.html
資安事件新聞週報 2020/5/11 ~ 2020/5/15
資安事件新聞週報 2020/5/11 ~ 2020/5/15
1.重大弱點漏洞/後門/Exploit/Zero Day
美國政府公布最常被駭客開採的前十大安全漏洞
https://www.ithome.com.tw/news/137594
Google Chrome 多個漏洞
https://chromereleases.googleblog.com/2020/05/stable-channel-update-for-desktop.html
Warning: Citrix ShareFile Flaw Could Let Attackers Steal Corporate Secrets
https://thehackernews.com/2020/05/citrix-sharefile-vulnerability.html
Apache Tomcat 重大漏洞 請多款資訊平台管理者盡快更新
http://www.cc.ntu.edu.tw/chinese/cert/cert20200513.asp
Change This Browser Setting to Stop Xiaomi from Spying On Your Incognito Activities
https://thehackernews.com/2020/05/xiaomi-browser-history.html
Oracle iPlanet Web Server 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9315
1.重大弱點漏洞/後門/Exploit/Zero Day
美國政府公布最常被駭客開採的前十大安全漏洞
https://www.ithome.com.tw/news/137594
Google Chrome 多個漏洞
https://chromereleases.googleblog.com/2020/05/stable-channel-update-for-desktop.html
Warning: Citrix ShareFile Flaw Could Let Attackers Steal Corporate Secrets
https://thehackernews.com/2020/05/citrix-sharefile-vulnerability.html
Apache Tomcat 重大漏洞 請多款資訊平台管理者盡快更新
http://www.cc.ntu.edu.tw/chinese/cert/cert20200513.asp
Change This Browser Setting to Stop Xiaomi from Spying On Your Incognito Activities
https://thehackernews.com/2020/05/xiaomi-browser-history.html
Oracle iPlanet Web Server 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9315
資安事件新聞週報 2020/5/4 ~ 2020/5/8
資安事件新聞週報 2020/5/4 ~ 2020/5/8
1.重大弱點漏洞/後門/Exploit/Zero Day
Redmi Note 8 隱身模式下仍收集資料傳阿里,小米指是一場誤會
https://qooah.com/2020/05/03/redmi-note-8-still-collects-data-in-stealth-mode/
小米手機瀏覽器存在漏洞,“無痕”模式依然洩露隱私
http://finance.jrj.com.cn/tech/2020/05/02110129461314.shtml
小米招了,坦言偷傳資料到北京,公開道歉並緊急更新手機系統
https://www.ithome.com.tw/news/90016
小米手機偷個資?資安專家錄下過程,小米官方回應將更新改善
https://technews.tw/2020/05/04/xiaomi-redmi-note-pricavy-issue/
小米爆資安疑慮!將用戶資料傳回中國
https://bit.ly/2z7AAeV
無痕模式也難逃!小米手機遭爆追蹤用戶一舉一動
https://3c.ltn.com.tw/news/40275
報導:小米手機就算在無痕狀態,也會追蹤用戶習慣及瀏覽資料
https://www.ithome.com.tw/news/137364
【用家留意】小米爆私隱收集漏洞 急推瀏覽器更新
https://bit.ly/35ACgK6
Change This Browser Setting to Stop Xiaomi from Spying On Your Incognito Activities
https://thehackernews.com/2020/05/xiaomi-browser-history.html
駭客利用外掛漏洞,對近百萬個WordPress網站發動大規模攻擊
https://www.ithome.com.tw/news/137432
正常聊個天手機就被黑了?蘋果一口氣曝出13個遠程攻擊漏洞
https://kknews.cc/tech/m9gooq9.html
SaltStack最新漏洞已被Kinsing挖礦殭屍網路利用
https://m.threatbook.cn/detail/2647
漏洞一披露就被利用,LineageOS、Ghost 服務器遭黑客入侵
https://www.freebuf.com/news/235833.html
資安事件新聞週報 2020/4/27 ~ 2020/5/1
資安事件新聞週報 2020/4/27 ~ 2020/5/1
1.重大弱點漏洞/後門/Exploit/Zero Day
Hackers are exploiting a Sophos firewall zero-day
https://www.zdnet.com/article/hackers-are-exploiting-a-sophos-firewall-zero-day/#ftag=RSSbaffb68
Hackers exploit zero-day in Sophos XG Firewall, fix released
https://www.bleepingcomputer.com/news/security/hackers-exploit-zero-day-in-sophos-xg-firewall-fix-released/
Sophos緊急修補旗下防火牆已遭開採的零時差漏洞
https://www.ithome.com.tw/news/137239
Pulse Connect Secure の脆弱性への対策や侵害有無などの確認を
https://www.jpcert.or.jp/newsflash/2020041701.html
Fixing SQL injection vulnerability and malicious code execution in XG Firewall/SFOS
https://community.sophos.com/kb/en-us/135412
Fortinet 產品繞過保安限制漏洞
https://fortiguard.com/psirt/FG-IR-20-045
McAfee 產品繞過保安限制漏洞
https://kc.mcafee.com/corporate/index?page=content&id=SB10316
https://kc.mcafee.com/corporate/index?page=content&id=KB92752
IBM DB2 多個漏洞
https://www.ibm.com/support/pages/node/6198380
Juniper Junos OS 遠端執行程式碼漏洞
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11021
Samba 多個漏洞
https://www.samba.org/samba/security/CVE-2020-10704.html
https://www.samba.org/samba/security/CVE-2020-10700.html
ZyXEL Zyxel XGS2210-52HP跨站脚本漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13495
訂閱:
文章 (Atom)
2024年 12 月份資安、社群活動分享
2024年 12 月份資安、社群活動分享 Self-Taught Coding Tuesdays - Study, Code, Design, Build, Network 2024/12/3 https://www.meetup.com/taiwan-code-camp/e...
-
2024年 3月份資安、社群活動分享 線上資安人力需求對談-網路通信產業 2024/3/2 https://isipevent.kktix.cc/events/ff6f2146 2024H1資安實戰演練大會AI爆發時代的企業資安聯合軍演 2024/3/6 https://b...
-
2024年 2月份資安、社群活動分享 Taipei All About API Meetup Group - Meet and Greet, 01 Feb 2024, 07:00 PM 2024/2/1 https://www.meetup.com/taipei-all-a...
-
2024年 5 月份資安、社群活動分享 資安五四三 2024/5/2 https://csa.kktix.cc/events/202405-543 HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會 淡水 2024/5/2 http...