2021年 1 月份資安、社群活動分享

 

Coffee & Code 2021/01/03
https://www.meetup.com/Innovate-Taiwan/events/275279796

黑魔法防禦術 - 給現代人的資安自保指南 2021/01/03
https://tdohackerparty.kktix.cc/events/dada-modern-self-defense

從Python到TensorFlow線上讀書會-首部曲(9)-物件與類別 2021/1/5
https://www.meetup.com/TensorFlow-User-Group-Taipei/events/274523011

WTM & GDG Workshop - D 搭 D 的浪漫與現實 #3 2021/1/9
https://www.meetup.com/GDGTaipei/events/275151173

交通大學亥客書院 AI於資訊安全之應用 2021/1/9 1/16
https://hackercollege.nctu.edu.tw/?p=1228

比特幣小聚: 比特幣重要性 2021/1/13
https://www.meetup.com/Taiwan-Bitcoin-Only-Meetup/events/274363177

Taiwan VR Meetup for January 2021/1/16
https://www.meetup.com/taiwanvirtualreality/events/274782875

BambooFox CTF 2021  2021/1/16
https://ctftime.org/event/1234

Taipei Speed Networking Party for Young Professionals(1/17 Sun)
https://www.meetup.com/Taipei-Speed-Networking-Meetup-Group/events/274489305

TeamT5 Security Camp 資安培訓營 2021/1/19（二）- 2021/2/3（三）
http://bit.ly/2KvD4da

交通大學亥客書院 企業網域控管－Active Directory攻擊與防禦 2021/1/23
https://hackercollege.nctu.edu.tw/?p=1230

2021 南新科技中心寒假營隊 [駭客攻防資安體驗營] 2021年1月21-22日
https://www.nsjh.tn.edu.tw/modules/tadnews/index.php?nsn=7790

資安事件新聞週報 2020/12/21 ~ 2020/12/25

 

資安事件新聞週報 2020/12/21  ~  2020/12/25

1.重大弱點漏洞/後門/Exploit/Zero Day
WSJ：思科、英特爾與Nvidia都安裝了含漏洞的SolarWinds Orion系統
https://www.ithome.com.tw/news/141803

Two Critical Flaws — CVSS Score 10 — Affect Dell Wyse Thin Client Devices
https://thehackernews.com/2020/12/two-critical-flaws-cvss-score-10-affect.html

Google Discloses Poorly-Patched, Now Unpatched, Windows 0-Day Bug
https://thehackernews.com/2020/12/google-discloses-poorly-patched-now.html

JAVA漏洞再度挑戰蘋果安全神話
https://www.huaweicloud.com/articles/d0f446d519f3438a52d3ef4a47acf4d5.html

資安事件新聞週報 2020/12/14 ~ 2020/12/18

 

資安事件新聞週報 2020/12/14  ~  2020/12/18

1.重大弱點漏洞/後門/Exploit/Zero Day
SUSE Linux 緩衝區錯誤漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-9983

WebKit 資源管理錯誤漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-13584

NZXT CAM漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13509

AdRem NetCrunch 跨站脚本漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14478

Mozilla 產品多個漏洞
https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/
https://www.mozilla.org/en-US/security/advisories/mfsa2020-55/
https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/

火狐瀏覽器修復一枚神秘嚴重漏洞，同時影響Chrome
https://www.secrss.com/articles/28016

CVE-2020-7200：HPE 0day漏洞
https://www.mdeditor.tw/pl/gpXA

HPE 披露最新版本 SIM 中存在零日漏洞
https://www.wangan.com/articles/2305

資安事件新聞週報 2020/12/7 ~ 2020/12/11

 

資安事件新聞週報 2020/12/7  ~  2020/12/11

1.重大弱點漏洞/後門/Exploit/Zero Day
QNAP Security Advisories - December 7th, 2020
https://www.bleepingcomputer.com/news/security/qnap-patches-qts-vulnerabilities-allowing-nas-device-takeover/
https://www.qnap.com/en/security-advisory/qsa-20-16
https://www.qnap.com/en/security-advisory/qsa-20-12
https://www.qnap.com/en/security-advisory/qsa-20-13
https://www.qnap.com/en/security-advisory/qsa-20-14
https://www.qnap.com/en/security-advisory/qsa-20-15

VERT Threat Alert: December 2020 Patch Tuesday Analysis
https://www.tripwire.com/state-of-security/vert/vert-threat-alert-december-2020-patch-tuesday-analysis/

Gafgyt Using Pulse Secure Vulnerability
https://prod-blog.avira.com/a-gafgyt-variant-that-exploits-pulse-secure-cve-2020-8218

NSA Warns Russian Hacker Exploiting VMware Bug to Breach Corporate Networks
https://thehackernews.com/2020/12/nsa-warns-russian-hacker-exploiting.html

WARNING — Critical Remote Hacking Flaws Affect D-Link VPN Routers
https://thehackernews.com/2020/12/warning-critical-remote-hacking-flaws.html

Apache 近日發布更新以解決Apache Struts 的安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2020/12/08/apache-releases-security-update-apache-struts-2

Apache發布針對Apache Tomcat的安全公告
http://mail-archives.us.apache.org/mod_mbox/www-announce/202012.mbox/%3C52858194-2efd-6f17-1821-9036c8494df0%40apache.org%3E

資安事件新聞週報 2020/11/30 ~ 2020/12/4

 

資安事件新聞週報 2020/11/30  ~  2020/12/4

1.重大弱點漏洞/後門/Exploit/Zero Day
Oracle WebLogic已知RCE漏洞遭殭屍網路病毒積極鎖定
https://www.ithome.com.tw/news/141442

DarkIRC殭屍網絡利用Oracle WebLogic漏洞
https://www.4hou.com/posts/AAyl

研究：多款路由器內含已被開採的後門漏洞，包括於Walmart獨家銷售的中國品牌Jetstream
https://www.ithome.com.tw/news/141278

近5萬個存在漏洞的Fortinet SSL VPN存取位址在駭客論壇流傳
https://www.insoler.com/forum/topic/16061108294795.htm

快更新韌體！駭客公佈近5萬台有漏洞的Fortinet SSL VPN名單以及攻擊程式
https://reurl.cc/0OMm4l

Fortinet FortiClient 和 FortiOS 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9295