跳到主要內容

發表文章

目前顯示的是 五月, 2020的文章

資安事件新聞週報 2020/5/18 ~ 2020/5/22

資安事件新聞週報 2020/5/18  ~  2020/5/22

1.重大弱點漏洞/後門/Exploit/Zero Day
Fortinet 產品阻斷服務漏洞
https://fortiguard.com/psirt/FG-IR-16-039

QNAP軟體有RCE漏洞,波及數十萬臺NAS硬體
https://www.ithome.com.tw/news/137748

藍牙沒用記得關!藍牙爆資安漏洞 駭客偽裝信任設備悄悄入侵
https://bit.ly/3gn2KnE

藍牙協定含有配對漏洞將讓駭客假冒裝置身分
https://ithome.com.tw/news/137740

Adobe緊急修補遠端程式攻擊漏洞
https://www.ithome.com.tw/news/137751

iOS 13.5 正式推出 修電郵軟件漏洞但暴露通知香港有得用
https://bit.ly/2yo2C62

研究人員發現DNS查詢遞迴漏洞,影響多數DNS伺服器,企業應儘速採取修補作業
https://www.ithome.com.tw/news/137777

FBI warns about attacks on Magento online stores via old plugin vulnerability
https://www.zdnet.com/article/fbi-warns-about-attacks-on-magento-online-stores-via-old-plugin-vulnerability/#ftag=RSSbaffb68

Vulnerability Spotlight: Multiple vulnerabilities in Nitro Pro PDF reader
https://blog.talosintelligence.com/2020/05/vuln-spotlight-Nitro-pro-pdf-may-2020.html

資安事件新聞週報 2020/5/11 ~ 2020/5/15

資安事件新聞週報 2020/5/11  ~  2020/5/15

1.重大弱點漏洞/後門/Exploit/Zero Day
美國政府公布最常被駭客開採的前十大安全漏洞
https://www.ithome.com.tw/news/137594

Google Chrome 多個漏洞
https://chromereleases.googleblog.com/2020/05/stable-channel-update-for-desktop.html

Warning: Citrix ShareFile Flaw Could Let Attackers Steal Corporate Secrets
https://thehackernews.com/2020/05/citrix-sharefile-vulnerability.html

Apache Tomcat 重大漏洞 請多款資訊平台管理者盡快更新
http://www.cc.ntu.edu.tw/chinese/cert/cert20200513.asp

Change This Browser Setting to Stop Xiaomi from Spying On Your Incognito Activities
https://thehackernews.com/2020/05/xiaomi-browser-history.html

Oracle iPlanet Web Server 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9315

資安事件新聞週報 2020/5/4 ~ 2020/5/8

資安事件新聞週報 2020/5/4  ~  2020/5/8

1.重大弱點漏洞/後門/Exploit/Zero Day
Redmi Note 8 隱身模式下仍收集資料傳阿里,小米指是一場誤會
https://qooah.com/2020/05/03/redmi-note-8-still-collects-data-in-stealth-mode/

小米手機瀏覽器存在漏洞,“無痕”模式依然洩露隱私
http://finance.jrj.com.cn/tech/2020/05/02110129461314.shtml

小米招了,坦言偷傳資料到北京,公開道歉並緊急更新手機系統
https://www.ithome.com.tw/news/90016

小米手機偷個資?資安專家錄下過程,小米官方回應將更新改善
https://technews.tw/2020/05/04/xiaomi-redmi-note-pricavy-issue/

小米爆資安疑慮!將用戶資料傳回中國
https://bit.ly/2z7AAeV

無痕模式也難逃!小米手機遭爆追蹤用戶一舉一動
https://3c.ltn.com.tw/news/40275

報導:小米手機就算在無痕狀態,也會追蹤用戶習慣及瀏覽資料
https://www.ithome.com.tw/news/137364

【用家留意】小米爆私隱收集漏洞 急推瀏覽器更新
https://bit.ly/35ACgK6

Change This Browser Setting to Stop Xiaomi from Spying On Your Incognito Activities
https://thehackernews.com/2020/05/xiaomi-browser-history.html

駭客利用外掛漏洞,對近百萬個WordPress網站發動大規模攻擊
https://www.ithome.com.tw/news/137432

正常聊個天手機就被黑了?蘋果一口氣曝出13個遠程攻擊漏洞
https://kknews.cc/tech/m9gooq9.html

SaltStack最新漏洞已被Kinsing挖礦殭屍網路利用
https://m.threatbook.cn/detail/2647

漏洞一披露就被利用,LineageOS、Ghost 服務器遭黑客入侵
https://www…

資安事件新聞週報 2020/4/27 ~ 2020/5/1

資安事件新聞週報 2020/4/27  ~  2020/5/1

1.重大弱點漏洞/後門/Exploit/Zero Day
Hackers are exploiting a Sophos firewall zero-day
https://www.zdnet.com/article/hackers-are-exploiting-a-sophos-firewall-zero-day/#ftag=RSSbaffb68

Hackers exploit zero-day in Sophos XG Firewall, fix released
https://www.bleepingcomputer.com/news/security/hackers-exploit-zero-day-in-sophos-xg-firewall-fix-released/

Sophos緊急修補旗下防火牆已遭開採的零時差漏洞
https://www.ithome.com.tw/news/137239

Pulse Connect Secure の脆弱性への対策や侵害有無などの確認を
https://www.jpcert.or.jp/newsflash/2020041701.html

Fixing SQL injection vulnerability and malicious code execution in XG Firewall/SFOS
https://community.sophos.com/kb/en-us/135412

Fortinet 產品繞過保安限制漏洞
https://fortiguard.com/psirt/FG-IR-20-045

McAfee 產品繞過保安限制漏洞
https://kc.mcafee.com/corporate/index?page=content&id=SB10316
https://kc.mcafee.com/corporate/index?page=content&id=KB92752

IBM DB2 多個漏洞
https://www.ibm.com/support/pages/node/6198380

Juniper Junos OS 遠端執行程式碼漏洞
https://kb.juniper.net/InfoCenter/index?page=content&…