資安事件新聞週報 2021/4/12 ~ 2021/4/16

 資安事件新聞週報 2021/4/12  ~  2021/4/16

1.重大弱點漏洞/後門/Exploit/Zero Day
Cisco Will Not Patch Critical RCE Flaw Affecting End-of-Life Business Routers
https://thehackernews.com/2021/04/cisco-will-not-patch-critical-rce-flaw.html

Cisco 發布多種產品的安全更新
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-YuTVWqy

美國國家安全局發表 4 個最新 Microsoft Exchange Server 嚴重漏洞，應立即修補
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9167

快升級 Windows 10！微軟宣布 1909 等 3 個版本將於2021年5月終止支援
https://reurl.cc/V3ZgyA

Severe Bugs Reported in EtherNet/IP Stack for Industrial Systems
https://thehackernews.com/2021/04/severe-bugs-reported-in-ethernetip.html

New JavaScript Exploit Can Now Carry Out DDR4 Rowhammer Attacks
https://thehackernews.com/2021/04/new-javascript-exploit-can-now-carry.html

Chromium第二項漏洞又有概念驗證攻擊程式公布
https://www.ithome.com.tw/news/143851

Update Your Chrome Browser to Patch 2 New In-the-Wild 0-Day Exploits
https://thehackernews.com/2021/04/2-new-chrome-0-days-under-attack-update.html

Chrome 90問世：以HTTPS作為預設，嵌入隱私沙箱控制
https://www.ithome.com.tw/news/143874

RCE Exploit Released for Unpatched Chrome, Opera, and Brave Browsers
https://thehackernews.com/2021/04/rce-exploit-released-for-unpatched.html

資安事件新聞週報 2021/4/5 ~ 2021/4/9

 

資安事件新聞週報 2021/4/5  ~  2021/4/9

1.重大弱點漏洞/後門/Exploit/Zero Day
美國政府警告Fortinet軟體漏洞恐遭國家駭客開採
https://www.ithome.com.tw/news/143629

Critical Auth Bypass Bug Found in VMware Data Center Security Product
https://thehackernews.com/2021/04/critical-auth-bypass-bug-found-in.html

還不快更新FortiOS？極惡勒索軟體Cring開始攻擊歐洲公司
https://reurl.cc/9Zqpv8

FBI及CISA發現有國家支持的駭客組織，正在針對尚未修補Fortinet軟體已知漏洞的使用單位發動滲透攻擊
https://reurl.cc/V3g13Y

思科修補SD-WAN vManage的遠端程式攻擊漏洞
https://www.ithome.com.tw/news/143708

Oracle PeopleSoft Enterprise PeopleTools存在未明漏洞
https://vul.wangan.com/a/CNVD-2018-08455

VMware 發布多種產品的安全更新
https://www.vmware.com/security/advisories/VMSA-2021-0004.html

VMware Security Advisory VMSA-2021-0005
https://www.vmware.com/security/advisories/VMSA-2021-0005.html

Cisco Security Advisories April 7 2021
https://reurl.cc/Kx5QpM

資安事件新聞週報 2021/3/29 ~ 2021/4/2

 

 

資安事件新聞週報 2021/3/29  ~  2021/4/2

1.重大弱點漏洞/後門/Exploit/Zero Day
VMware Security Advisory VMSA-2021-0004
https://www.vmware.com/security/advisories/VMSA-2021-0004.html

VMware IT環境管理系統出現8.6分的重大漏洞，該公司發布公告
https://www.ithome.com.tw/news/143566

在所有受支持的Ubuntu版本中修補了一個Sudo漏洞
https://reurl.cc/R6Qa0Z

GitLab發現高達9.6分的嚴重漏洞，並發布公告
https://www.ithome.com.tw/news/143613

ClamAV 0.102.3隨附針對兩個安全漏洞的解決方案
https://ubunlog.com/zh-TW/clamav-0-102-3-llega-con-solucion-a-dos-fallos-de-seguridad/

Apple Issues Urgent Patch Update for Another Zero‑Day Under Attack
https://thehackernews.com/2021/03/apple-issues-urgent-patch-update-for.html

MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-27928

Chrome Browser Updates - March 30 2021
https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html

2021年 4 月份資安、社群活動分享

 

2021年 4 月份資安、社群活動分享

HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會 淡水 4/1
https://www.meetup.com/hackingthursday/events/ncgzdsyccgbcb/

HackingThursday 固定聚會 台北場 Taipei 4/1
https://www.meetup.com/hackingthursday/events/pbgzdsyccgbcb/

Dilution—How to Tame a Founder’s Biggest Fear Using Pro Forma Cap Tables 4/1
https://www.meetup.com/Taiwan-Startup-Idea-to-IPO/events/276937674/

FREE! Pitch Practice: How to Pitch to Investors and Get the Deal 4/1
https://www.meetup.com/Taiwan-Startup-Idea-to-IPO/events/nnjhzryccgbcb/

FREE! How to Avoid an Intellectual Property Disaster 4/2
https://www.meetup.com/Taiwan-Startup-Idea-to-IPO/events/277142915/

Coffee & Code 4/4
https://www.meetup.com/Innovate-Taiwan/events/277064650

吱吱盃黑客松 2021/04/02 18:30 ~ 2021/04/04 18:30
https://nsysuisc.kktix.cc/events/hackathon2020

高雄 Rails Meetup 4/7
https://www.meetup.com/rails-taiwan/events/qxfvjkyccgbkb/

敏捷團隊的「祿」「權」「科」「忌」 4/7
https://www.meetup.com/scrumoholics/events/277126875/

資安事件新聞週報 2021/3/22 ~ 2021/3/26

 

資安事件新聞週報 2021/3/22  ~  2021/3/26

1.重大弱點漏洞/後門/Exploit/Zero Day
WARNING: A New Android Zero-Day Vulnerability Is Under Active Attack
https://thehackernews.com/2021/03/warning-new-android-zero-day.html

修補「Exchange」重大漏洞！Windows 10 將強制安全更新
https://3c.ltn.com.tw/news/43687

微軟發布修補程式以來，「每天」仍有數不清的 Exchange Server 漏洞攻擊
https://technews.tw/2021/03/24/microsoft-exchange-server-attacks/

思科修補Jabber Windows用戶端軟體App重大漏洞
https://www.ithome.com.tw/news/143502

Cisco 發布 RV132W 和 RV134W 軟體安全更新
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-132w134w-overflow-Pptt4H2p

Cisco Security Advisories March 24 2021
https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&firstPublishedStartDate=2021%2F03%2F24&firstPublishedEndDate=2021%2F03%2F24&limit=50

PsExec Privilege Escalation in Windows Fixed
https://www.bleepingcomputer.com/news/security/microsoft-fixes-windows-psexec-privilege-elevation-vulnerability/
https://techcommunity.microsoft.com/t5/sysinternals-blog/tcpview-v4-0-psexec-v2-33-winobj-v3-02-and-sysmon-v13-02/ba-p/2230549

Critical F5 BIG-IP Bug Under Active Attacks After PoC Exploit Posted Online
https://thehackernews.com/2021/03/latest-f5-big-ip-bug-under-active.html

資安事件新聞週報 2021/3/15 ~ 2021/3/19

 

資安事件新聞週報 2021/3/15  ~  2021/3/19

1.重大弱點漏洞/後門/Exploit/Zero Day
grafana 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28146

微軟Exchange漏洞受矚 戴夫寇爾駁不實指控
https://money.udn.com/money/story/10860/5329940

Exchange Server零時差漏洞攻擊　Palo Alto Networks提出4招防範
https://finance.ettoday.net/news/1942640

FUEL CMS跨站請求偽造漏洞
https://vul.wangan.com/a/CNVD-2021-18031

發現11處安全漏洞！谷歌：駭客可攻擊多種操作系統
https://reurl.cc/Kx2LER

Apple Xcode < 7.2 多個漏洞(Mac OS X)
https://zh-cn.tenable.com/plugins/nessus/87737

phpMyAdmin 3.3.x / 3.4.x < 3.3.10.2 / 3.4.3.1 多種漏洞(PMASA-2011-5 - PMASA-2011-8)
https://zh-cn.tenable.com/plugins/nessus/57346

Apache Solr任意文件讀取與SSRF漏洞預警
https://www.secrss.com/articles/29973

Google Chrome與Microsoft Edge瀏覽器存在安全漏洞，速更新
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9119

GitLab開源代碼管理倉庫發現遠程代碼執行漏洞
https://news.sina.com.tw/article/20210319/37944572.html

黑客利用7個零日漏洞來感染網站並滲透iOS設備
https://www.cnbeta.com/articles/tech/1103813.htm

資安事件新聞週報 2021/3/8 ~ 2021/3/12

 

資安事件新聞週報 2021/3/8  ~  2021/3/12

1.重大弱點漏洞/後門/Exploit/Zero Day
來自台灣的 DEVCORE 領先全球揭露 並通報微軟的 Exchange Server 安全漏洞
https://reurl.cc/bzWO7E

FireEye揭露Accellion事故調查結果，攻擊者極為熟悉目標軟體的運作機制，並串連漏洞進行RCE攻擊
https://www.ithome.com.tw/news/143178

CISA也發出警告！F5公布多個RCE漏洞，並呼籲用戶盡快升級
https://www.ithome.com.tw/news/143171

F5 BIG-IP和BIG-IQ設備的RCE弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/03/10/f5-security-advisory-rce-vulnerabilities-big-ip-big-iq

Critical Pre-Auth RCE Flaw Found in F5 Big-IP Platform — Patch ASAP
https://thehackernews.com/2021/03/critical-pre-auth-rce-flaw-found-in-f5.html

QNAP NAS 已知漏洞遭駭侵者用以惡意挖礦
https://twcert.pixnet.net/blog/post/330990583

中華資安國際發現CVE弱點，國內某入口網資訊系統具有多項漏洞
https://www.chtsecurity.com/news/973edda3-35e8-4369-89de-912f9017a5ff

蘋果各平台安全更新 防惡意程式碼
https://reurl.cc/bzWODr

Apache Tomcat
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-25329

Cisco 近日發布更新以解決多個Cisco產品受Snort影響所造成安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/03/04/cisco-releases-security-updates

VMware 發布安全更新以解決 VMware View Planner弱點問題
https://us-cert.cisa.gov/ncas/current-activity/2021/03/04/vmware-releases-security-update

ProxyLogon PoC Exploit Released; Likely to Fuel More Disruptive Cyber Attacks
https://thehackernews.com/2021/03/proxylogon-exchange-poc-exploit.html

資安事件新聞週報 2021/3/1 ~ 2021/3/5

 

 

資安事件新聞週報 2021/3/1  ~  2021/3/5

1.重大弱點漏洞/後門/Exploit/Zero Day
Google Workspace 3月15日起不支援IE11
https://www.ithome.com.tw/news/142963

Google釋出Chrome更新修補已遭開採的漏洞
https://www.ithome.com.tw/news/143023

Oracle WebLogic Server 多個漏洞（2020 年1 月CPU）
https://zh-cn.tenable.com/plugins/nessus/132961

Grub2再現嚴重漏洞，釋出117個修補程式
https://www.ithome.com.tw/news/143054

CISA Issues Emergency Directive on In-the-Wild Microsoft Exchange Flaws
https://thehackernews.com/2021/03/cisa-issues-emergency-directive-on-in.html

Exchange Server零時差漏洞災情，可能比微軟想像中嚴重
https://www.ithome.com.tw/news/143056

微軟IIS 6.0舊漏洞再被用來挖礦
http://www.cmen.cc/news/202103/12896.html

Windows 10 字型曝安全漏洞遭 Google 揭露！微軟釋出安全修補
https://3c.ltn.com.tw/news/43394

Google揭露Windows 10字型元件RCE漏洞
https://www.ithome.com.tw/news/142986

Microsoft 發布安全更新以解決Exchange Server 多個安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/03/02/microsoft-releases-out-band-security-updates-exchange-server

FortiLogger 4.4.2.2 - Unauthenticated Arbitrary File Upload (Metasploit)
https://www.exploit-db.com/exploits/49600

2021年 3 月份資安、社群活動分享

 

2021年 3 月份資安、社群活動分享

資安鑑識課程-系列Ⅰ 初級課程：駭客攻擊手法與鑑識分析 即日起至110年3月1日（星期一）止。
http://www.hfjh.tp.edu.tw/node/4830

TensorFlow Everywhere | Neural Structured Learning 3/2
https://www.meetup.com/TensorFlow-User-Group-Taipei/events/276064455

A Chat with Ether Cards 3/2
https://www.meetup.com/Taipei-Ethereum-Meetup/events/276560512

Swift Meetup 60 3/2
https://www.meetup.com/Swift-Taipei-User-Group/events/276584454

NExT Forum 電動車資安論壇 3/3
https://www.accupass.com/event/2102050532001949800776

【 Dcard X SITCON 線上分享 】等等！還沒畢業怎麼成為工程師 3/3
https://www.facebook.com/events/335405267793900/

資安事件新聞週報 2021/2/22 ~ 2021/2/26

 

資安事件新聞週報 2021/2/22  ~  2021/2/26

1.重大弱點漏洞/後門/Exploit/Zero Day
部份Fortinet產品加密金鑰漏洞可讓駭客竊聽用戶活動
http://www.cmen.cc/mrzx/202102/7805.html

Google Chrome與Microsoft Edge瀏覽器存在安全漏洞(CVE-2021-21148)，允許攻擊者遠端執行任意程式碼
https://tp2rc.tanet.edu.tw/node/416

Critical RCE Flaws Affect VMware ESXi and vSphere Client — Patch Now
https://thehackernews.com/2021/02/critical-rce-flaw-affects-vmware.html

VMware 發布安全更新以解決多項產品弱點問題
https://www.twcert.org.tw/tw/cp-104-4447-d041b-1.html

VMware 修復 vCenter 嚴重漏洞，可導致駭客遠端執行任意程式碼
https://www.twcert.org.tw/tw/cp-104-4447-d041b-1.html

QNAP 發布 Surveillance Station 及 Helpdesk 資安漏洞修補更新
https://www.twcert.org.tw/tw/cp-104-4449-d522e-1.html

Hackers Exploit Accellion Zero-Days in Recent Data Theft and Extortion Attacks
https://thehackernews.com/2021/02/hackers-exploit-accellion-zero-days-in.html

Cisco Releases Security Patches for Critical Flaws Affecting its Products
https://thehackernews.com/2021/02/cisco-releases-security-patches-for.html

Cisco 近日發布更新以解決Cisco AnyConnect Secure Mobility Client的安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/02/18/cisco-releases-security-updates-anyconnect-secure-mobility-client

Cisco 之 VPN 路由器存在安全漏洞，請儘速確認並進行更新
https://net.nthu.edu.tw/netsys/mailing:announcement:20210217_02

思科小型企業交換機發現信息泄露漏洞,需要儘快升級
https://www.mihunye.com/science/40386.html

思科互聯網產品和網路解決方案發現特權升級漏洞
https://news.sina.com.tw/article/20210222/37686892.html

IBM WebSphere Application Server 目錄遍歷漏洞(CVE-2021-20354)
https://nosec.org/home/detail/4683.html

資安事件新聞週報 2021/2/15 ~ 2021/2/19

 

 

資安事件新聞週報 2021/2/15  ~  2021/2/19

1.重大弱點漏洞/後門/Exploit/Zero Day
Google釋出開源軟體漏洞資料庫
https://www.ithome.com.tw/news/142728

VMware Security Advisory - February 11th, 2021
https://www.vmware.com/security/advisories/VMSA-2021-0001.html

SAP Security Patch Day - February 2021
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=568460543

GitLab發布重要安全更新修補XSS與AWS帳號接管漏洞
http://www.cmen.cc/rgzn/202102/7214.html

D-Link DNS-320 FW v2.06B01
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2020-25506

D-Link DSR-250（3.14）DSR-1000N（2.11B201）
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2020-18568

FortiLogger 4.4.2.2
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-3378

solarwinds
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2020-35481

trendmicro Apex One
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-25249

Cisco Security Advisories - February 2021
https://reurl.cc/bzGKyv

資安事件新聞週報 2021/2/8 ~ 2021/2/12

 

 

資安事件新聞週報 2021/2/8  ~  2021/2/12

1.重大弱點漏洞/後門/Exploit/Zero Day
IBM PowerHA 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4832

IBM QRadar SIEM遠程代碼執行漏洞(CVE-2020-4888) 預警
https://www.secrss.com/articles/29101

IBM QRadar遠程代碼執行漏洞通告，SOC類產品存在暴露到互聯網被攻擊的風險
https://s.tencent.com/research/bsafe/1245.html

NCR Command Center Agent 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3122

兆勤科技發布硬式編碼認證漏洞資安公告(CVE-2020-29583)
http://www.tc.edu.tw/news/show/id/160271

Cisco 近日發布更新以解決多個產品的安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/02/04/cisco-releases-security-updates

快修補，思科小企業用VPN路由器產品爆6項重大漏洞
https://www.ithome.com.tw/news/142701

Critical Flaws Reported in Cisco VPN Routers for Businesses—Patch ASAP
https://thehackernews.com/2021/02/critical-flaws-reported-in-cisco-vpn.html

微軟2月Patch Tuesday修補56個安全漏洞，內含一個已被開採的零時差漏洞
https://www.ithome.com.tw/news/142716

微軟呼籲用戶修補3個Windows TCP/IP實作漏洞，影響所有版本
https://www.ithome.com.tw/news/142717

Windows 10 21H1更新時間曝光，KTM 漏洞亦一併解決
https://reurl.cc/qmN3Nn

資安事件新聞週報 2021/2/1 ~ 2021/2/5

 

資安事件新聞週報 2021/2/1  ~  2021/2/5

1.重大弱點漏洞/後門/Exploit/Zero Day
微軟 Windows 10 今年首個更新版本要來了？外媒曝正式版釋出時間點曝光
https://3c.ltn.com.tw/news/43139

Google：去年1/4零時差漏洞來自修補不確實
https://www.ithome.com.tw/news/142649

Sudo漏洞也影響macOS、AIX、Solaris
https://www.ithome.com.tw/news/142619

sudoedit 堆溢出本地提權漏洞（CVE-2021-3156）
https://www.mdeditor.tw/pl/gO0b

Realtek RTL8195AM 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25856

Critical Bugs Found in Popular Realtek Wi-Fi Module for Embedded Devices
https://thehackernews.com/2021/02/critical-bugs-found-in-popular-realtek.html

SonicWall緊急修補已發生攻擊的SMA 100系列設備漏洞
https://www.ithome.com.tw/news/142630

2021年 2 月份資安、社群活動分享

 2021年 2 月份資安、社群活動分享

MLDM Monday @ 三創育成 | Hybrid Classical-Quantum Machine Learning 2/1
https://www.meetup.com/Taiwan-R/events/274786447

元智資工冬令營-由programming邁入AI大數據與資安世界 2021/2/1 ~ 2021/2/3
https://cse-yzu.kktix.cc/events/yzcsapcs4

Taipei Rails Meetup 2/2
https://www.meetup.com/rails-taiwan/events/276003258

以 VMware Tanzu Service Mesh 強化多叢集 Kubernetes 的微服務 2/3
https://event.ithome.com.tw/live/vm2020tanzu/index.html

Taipei Creative Coders Meetup #5 2/3
https://www.meetup.com/tpecreativecoders/events/275943261

Android Code Club(Taipei) 2/3
https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/276024894

資安事件新聞週報 2021/1/25 ~ 2021/1/29

 

 

資安事件新聞週報 2021/1/25  ~  2021/1/29

1.重大弱點漏洞/後門/Exploit/Zero Day
Linux Sudo 指令遭發現遠端執行任意程式碼嚴重漏洞
https://www.twcert.org.tw/tw/cp-104-4352-31f09-1.html

修复sudo 堆溢出漏洞（CVE-2021-3156）预警
https://blog.csdn.net/weixin_37926485/article/details/113354836

隱藏了十年的Sudo 漏洞曝出：無需密碼就能獲取root 權限
https://www.163.com/dy/article/G1HDMK8S0511FQO9.html

QNAP NAS 爆出嚴重安全漏洞 判斷為嚴重漏洞 黑客能偷取敏感數據
https://reurl.cc/WEkVkD

Cisco 近日發布更新以解決多個產品的安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/01/21/cisco-releases-advisories-multiple-products

駭客用SonicWall產品零時差漏洞駭入該公司網路
https://www.ithome.com.tw/news/142429

SonicWall SMA 100 Series 產品多個漏洞
https://www1.crisp.govcert.gov.hk/portal/govcert/tc/alerts_detail.xhtml?id=545

Ubuntu Linux內核發現敏感信息洩露漏洞,需要盡快升級
https://finance.sina.com.cn/tech/2021-01-29/doc-ikftpnny2700709.shtml

微軟修補 Microsoft Defender 防毒防駭軟體內的 zero day 漏洞
https://blog.twnic.tw/2021/01/29/16934/

資安事件新聞週報 2021/1/18 ~ 2021/1/22

 

 

資安事件新聞週報 2021/1/18  ~  2021/1/22

1.重大弱點漏洞/後門/Exploit/Zero Day
思科修補SD-WAN裝置、管理軟體等重大漏洞
https://www.ithome.com.tw/news/142403

Cisco 近日發布更新以解決多個產品的安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/01/14/cisco-releases-security-updates-multiple-products

Juniper 多個產品存在安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/01/14/juniper-networks-releases-security-updates-multiple-products

DNS軟體Dnsmasq含快取下毒（Cache Poisoning）漏洞，將影響數百萬台設備
https://reurl.cc/WE3yMx

資安業者披露：開源DNS軟體Dnsmasq含有7個安全漏洞
https://www.ithome.com.tw/news/142351

【漏洞預警】Dnsmasq 多個高危漏洞（CVE-2020-25681、CVE-2020-25682）
https://xz.aliyun.com/t/9107

Dnsmasq: 多個高危漏洞風險通告
https://cert.360.cn/warning/detail?id=dcef4be9a3611d218cb4a80d0f448b5b

A Set of Severe Flaws Affect Popular DNSMasq DNS Forwarder
https://thehackernews.com/2021/01/a-set-of-severe-flaws-affect-popular.html

甲骨文產品多個漏洞
https://www.hkcert.org/tc/security-bulletin/oracle-products-multiple-vulnerabilities-20210121

Chrome 88出爐：終止對FTP與Flash Player的支援，分頁搜尋現蹤
https://www.ithome.com.tw/news/142372

資安事件新聞週報 2021/1/11 ~ 2021/1/15

 

 

資安事件新聞週報 2021/1/11  ~  2021/1/15

1.重大弱點漏洞/後門/Exploit/Zero Day
Zyxel近日發布更新以解決多個產品存在遠端程式碼執行弱點
https://reurl.cc/4ymjYV

Fortinet 近日發布更新以解決 FortiWeb 的安全性弱點
https://securityaffairs.co/wordpress/113129/hacking/fortinet-fortiweb-waf-flaws.html

小米路由器Ax6 授權問題漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14097

Juniper Networks Junos OS 授權問題漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0204

思科AnyConnect安全客戶端發現DDL注入裂縫，需要盡快升級
https://finance.sina.com.cn/tech/2021-01-15/doc-ikftpnnx7500878.shtml

Google揭露串連Chrome/Windows零時差漏洞、Android已知漏洞的攻擊行動
https://www.ithome.com.tw/news/142225

谷歌Chrome瀏覽器87版本發現多個重要漏洞，需要盡快升級
https://finance.sina.cn/tech/2021-01-08/detail-iiznezxt1204587.d.html?fromtech=1

谷歌瀏覽器又曝漏洞，黑客可劫持目標計算機
https://www.796t.com/article.php?id=227271

資安事件新聞週報 2021/1/4 ~ 2021/1/8

 

資安事件新聞週報 2021/1/4  ~  2021/1/8

1.重大弱點漏洞/後門/Exploit/Zero Day
FortiWeb 多個高危漏洞
https://nosec.org/home/detail/4637.html

Zend Framework 3.0含有遠程程序執行漏洞
http://read01.com/QAkdGP2.html

IsThereAnyDeal修復Steam登入相關漏洞
https://pttgamer.com/Steam/1VzwM3_l

Windows Background Intelligent Transfer 服務權限提升漏洞
https://msrc.microsoft.com/update-guide/zh-CN/vulnerability/CVE-2020-0787

Windows Office 訪問連接引擎遠程執行代碼漏洞
https://msrc.microsoft.com/update-guide/zh-cn/vulnerability/CVE-2019-0824

谷歌Chrome瀏覽器87版本發現多個重要漏洞，需要儘快升級
https://news.sina.com.tw/article/20210108/37340556.html

jackson-databind 反序列化遠程代碼執行漏洞預警（CVE-2020-36189、CVE-2020-36179）
https://www.huaweicloud.com/notice/2018/20210107172029072.html

資安事件新聞週報 2020/12/28 ~ 2021/1/1

 

資安事件新聞週報 2020/12/28  ~  2021/1/1

1.重大弱點漏洞/後門/Exploit/Zero Day
Citrix ADC網路閘道遭遇DDoS攻擊
https://www.ithome.com.tw/news/141873

Attackers Abusing Citrix NetScaler Devices to Launch Amplified DDoS Attacks
https://thehackernews.com/2020/12/citrix-adc-ddos-attack.html

HPE iLO Amplifier Pack server  CVE-2020-7203
https://nvd.nist.gov/vuln/detail/CVE-2020-7203

D-Link DSL-2888A devices  CVE-2020-24581
https://nvd.nist.gov/vuln/detail/CVE-2020-24581

Tenda AC1200 安全漏洞 CVE-2020-28094
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28094

Netgear NMS300 命令注入漏洞 CVE-2020-35789
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35789

Panasonic Security System 安全漏洞 CVE-2020-29193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29193

Webmin CVE-2020-35606
https://nvd.nist.gov/vuln/detail/CVE-2020-35606

IBM業務自動化解決方案發現信息洩露漏洞，需要盡快升級
https://finance.sina.com.cn/tech/2020-12-30/doc-iiznezxs9755473.shtml