資安事件新聞週報 2021/10/18 ~ 2021/10/22

 

資安事件新聞週報 2021/10/18  ~  2021/10/22

1.重大弱點漏洞/後門/Exploit/Zero Day
Bug in Popular WinRAR Software Could Let Attackers Hack Your Computer
https://thehackernews.com/2021/10/bug-in-free-winrar-software-could-let.html

Oracle Critical Patch Update Advisory - October 2021
https://reurl.cc/aNevgY

Microsoft Warns of New Security Flaw Affecting Surface Pro 3 Devices
https://thehackernews.com/2021/10/microsoft-warns-of-new-security-flaw.html

微軟要求系統管理員更新 PowerShell，以修補 WDAC 資安防護跳過漏洞
https://reurl.cc/WX0dr9

微軟推出 2021 年 10 月 Patch Tuesday 資安修補包，修復多個嚴重及 0-day
https://reurl.cc/Mk3dDn

OWASP自2017年來首度更新弱點排名Top 10
https://blog.twnic.tw/2021/10/18/20252/

資安事件新聞週報 2021/10/11 ~ 2021/10/15

 

資安事件新聞週報 2021/10/11  ~  2021/10/15

1.重大弱點漏洞/後門/Exploit/Zero Day
Cisco 近日發布更新以解決多個產品的安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/10/07/cisco-releases-security-updates-multiple-products

Micro Focus ArcSight Enterprise Security Manager (ESM)  CVE-2021-38124
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-38124

Trend Micro ServerProtect
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-36745

Apache HTTP伺服器存在安全漏洞(CVE-2021-42013)，允許攻擊者遠端執行任意程式碼
https://www.isda.org.tw/2021/10/09/0a4bf59c2d6b1fc5d36850718f1675f4/

資安事件新聞週報 2021/10/04 ~ 2021/10/08

 

資安事件新聞週報 2021/10/04  ~  2021/10/08

1.重大弱點漏洞/後門/Exploit/Zero Day
Apache修補已被開採的資料外洩漏洞
https://www.ithome.com.tw/news/147117

Apache Warns of Zero-Day Exploit in the Wild — Patch Your Web Servers Now
https://thehackernews.com/2021/10/apache-warns-of-zero-day-exploit-in.html

微軟強化伺服器韌體與網路安全
https://www.ithome.com.tw/tech/147018

關於微軟 Azure 安全漏洞 Azurescape，你必須知道的事情
https://www.netadmin.com.tw/netadmin/zh-tw/snapshot/C4A67EE8E049422F9B35A5460A7E2988

QNAP QTS 5.0 正式版登場：升級系統核心、強化資安，支援 WireGuard VPN，並內建免費 exFAT 授權
https://reurl.cc/ox723q

Google Chrome與Microsoft Edge瀏覽器存在安全漏洞(CVE-2021-37974~37976)，允許攻擊者遠端執行任意程式碼，請儘速確認並進行更新
https://portal.boe.ttct.edu.tw/bulletin/view.php?sn=B110002811

資安事件新聞週報 2021/9/27 ~ 2021/10/01

 

資安事件新聞週報 2021/9/27  ~  2021/10/01

1.重大弱點漏洞/後門/Exploit/Zero Day
Cisco 近日發布更新以解決多個產品的安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/09/23/cisco-releases-security-updates-multiple-products

New Azure AD Bug Lets Hackers Brute-Force Passwords Without Getting Caught
https://thehackernews.com/2021/09/new-azure-ad-bug-lets-hackers-brute.html

WhatsUpGold 21.0.3 - Stored Cross-Site Scripting (XSS)
https://www.exploit-db.com/exploits/50366

Microsoft Windows cmd.exe - Stack Buffer Overflow
https://www.exploit-db.com/exploits/50331

NETGEAR Releases Security Updates for RCE Vulnerability
https://us-cert.cisa.gov/ncas/current-activity/2021/09/21/netgear-releases-security-updates-rce-vulnerability

VMware vCenter Server Vulnerability CVE-2021-22005 Under Active Exploit
https://us-cert.cisa.gov/ncas/current-activity/2021/09/24/vmware-vcenter-server-vulnerability-cve-2021-22005-under-active

Atlassian Confluence RCE Flaw Abused in Multiple Cyberattack Campaigns
https://thehackernews.com/2021/09/atlassian-confluence-rce-flaw-abused-in.html

RCE Vulnerability in Hikvision Cameras (CVE-2021-36260)
https://us-cert.cisa.gov/ncas/current-activity/2021/09/28/rce-vulnerability-hikvision-cameras-cve-2021-36260

2021年 10 月份資安、社群活動分享

 

2021年 10 月份資安、社群活動分享

內控2.0：統計預測、數據分析、資訊安全與舞弊偵防 10/1
https://www.caa.org.tw/coursedetail-3605.html

Cyber Defense Summit 2021 Oct. 4-7, 2021
https://summit.fireeye.com/

Taipei Creative Coders Meetup #13 10/6
https://www.meetup.com/tpecreativecoders/events/280959754

資訊系統與通信傳輸查核 10/6
https://www.caa.org.tw/coursedetail-3524.html

資料庫稽核與個資保護 10/7
https://www.caa.org.tw/coursedetail-3607.html

中華電信學院 自主式移動機器人ROS開發實戰班 10/07、10/08
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=318

資安事件新聞週報 2021/9/20 ~ 2021/9/24

 

資安事件新聞週報 2021/9/20  ~  2021/9/24

1.重大弱點漏洞/後門/Exploit/Zero Day
New Nagios Software Bugs Could Let Hackers Take Over IT Infrastructures
https://thehackernews.com/2021/09/new-nagios-software-bugs-could-let.html

VMware 發布多個產品的安全更新
https://us-cert.cisa.gov/ncas/current-activity/2021/09/21/vmware-releases-security-updates

Cisco Releases Patches 3 New Critical Flaws Affecting IOS XE Software
https://thehackernews.com/2021/09/cisco-releases-patches-3-new-critical.html

Netgear 修復多款路由器嚴重漏洞
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9470

Netgear 修復多款路由器嚴重漏洞，可導致駭侵者遠端執行任意程式碼
https://www.twcert.org.tw/tw/cp-104-5108-edb59-1.html

Aruba Operating System
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-37724

ArubaOS 存在安全弱點
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-37723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-37718

蘋果修補舊款裝置的零時差攻擊漏洞
https://www.ithome.com.tw/news/146869

macOS含有一個可用來執行任意程式的安全漏洞
https://www.ithome.com.tw/news/146816

Urgent Apple iOS and macOS Updates Released to Fix Actively Exploited Zero-Days
https://thehackernews.com/2021/09/urgent-apple-ios-and-macos-updates.html

Microsoft Exchange Bug Exposes ~100,000 Windows Domain Credentials
https://thehackernews.com/2021/09/microsoft-exchange-bug-exposes-100000.html

用戶快更新！Windows出現嚴重漏洞 點開Office文件恐遭駭
https://reurl.cc/bnkG8E

資安事件新聞週報 2021/9/13 ~ 2021/9/17

 

資安事件新聞週報 2021/9/13  ~  2021/9/17

1.重大弱點漏洞/後門/Exploit/Zero Day
FBI警告：國家級駭客正在開採Zoho的自助式密碼管理平臺漏洞
https://www.ithome.com.tw/news/146787

Update Google Chrome to Patch 2 New Zero-Day Flaws Under Attack
https://thehackernews.com/2021/09/update-google-chrome-to-patch-2-new.html

Critical Bug Reported in NPM Package With Millions of Downloads Weekly
https://thehackernews.com/2021/09/critical-bug-reported-in-npm-package.html

全景 TSSServiSignAdapter Windows版 - Improper Input Validation
https://www.twcert.org.tw/tw/cp-132-5093-76f04-1.html

Third Critical Bug Affects Netgear Smart Switches — Details and PoC Released
https://thehackernews.com/2021/09/third-critical-bug-affects-netgear.html

Critical Flaws Discovered in Azure App That Microsoft Secretly Installs on Linux VMs
https://thehackernews.com/2021/09/critical-flaws-discovered-in-azure-app.html

Cisco 近日發布更新以解決產品 IOS XR Software 的多個安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/09/09/cisco-releases-security-updates-multiple-products

Adobe 已發布安全更新，以解決多個 Adobe 產品中的弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/09/14/adobe-releases-security-updates-multiple-products

資安事件新聞週報 2021/9/6 ~ 2021/9/10

 

資安事件新聞週報 2021/9/6  ~  2021/9/10

1.重大弱點漏洞/後門/Exploit/Zero Day
Cisco 發布Enterprise NFV Infrastructure Software（NFVIS）軟體安全更新
https://us-cert.cisa.gov/ncas/current-activity/2021/09/02/cisco-releases-security-updates-cisco-enterprise-nfvis

多家廠商 SoC 產品中的藍牙堆疊含嚴重 BrakTooth 漏洞
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9442

數十億用戶遭殃！　BrakTooth漏洞「透過藍牙」攻擊Android產品
https://finance.ettoday.net/news/2074956

Netgear 修復三個嚴重資安漏洞，影響 20 種智慧型網路交換器
https://blog.twnic.tw/2021/09/11/20052/

研究人員：Windows最新MSHTML漏洞比想像中危險
https://www.ithome.com.tw/news/146650

微軟 IE 渲染引擎爆發零時差漏洞！駭客正用來發動目標式攻擊
https://technews.tw/2021/09/10/microsoft-attackers-exploiting-windows-zero-day-flaw/

CISA Warns of Actively Exploited Zoho ManageEngine ADSelfService Vulnerability
https://thehackernews.com/2021/09/cisa-warns-of-actively-exploited-zoho.html

Moving Forward After CentOS 8 EOL
https://thehackernews.com/2021/09/moving-forward-after-centos-8-eol.html

Critical Auth Bypass Bug Affect NETGEAR Smart Switches — Patch and PoC Released
https://thehackernews.com/2021/09/critical-auth-bypass-bug-affect-netgear.html

Latest Atlassian Confluence Flaw Exploited to Breach Jenkins Project Server
https://thehackernews.com/2021/09/latest-atlassian-confluence-flaw.html

3 Ways to Secure SAP SuccessFactors and Stay Compliant
https://thehackernews.com/2021/09/3-ways-to-secure-sap-successfactors-and.html

資安事件新聞週報 2021/8/30 ~ 2021/9/3

 

資安事件新聞週報 2021/8/30  ~  2021/9/3

1.重大弱點漏洞/後門/Exploit/Zero Day
QNAP Working on Patches for OpenSSL Flaws Affecting its NAS Devices
https://thehackernews.com/2021/09/qnap-working-on-patches-for-openssl.html

SUSE併購後的第一個版本，Rancher 2.6大幅強化叢集配置功能
https://www.ithome.com.tw/news/146534

MySQL User-Defined (Linux) x32 / x86_64 - 'sys_exec' Local Privilege Escalation
https://www.exploit-db.com/exploits/50236

Synology DSM 7.0 全面更新 系統、使用者、資料安全性大升級
https://www.cool3c.com/article/164641

SQL Server 2012 & Windows Server 2012 End of Support
https://cloudblogs.microsoft.com/sqlserver/2021/07/14/know-your-options-for-sql-server-2012-and-windows-server-2012-end-of-support/

微軟Exchange爆安全漏洞　黑客未經身分認證可存取郵件
https://reurl.cc/5r76VR

微軟Azure出現重大漏洞，用戶應盡速更新金鑰
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9426

小心 Email 遭監聽！微軟 Exchange 出現新「ProxyToken」重大漏洞
https://technews.tw/2021/09/01/microsoft-exchange-proxytoken-bug-email-snooping/

2021年 9 月份資安、社群活動分享

 

2021年 9 月份資安、社群活動分享

歐盟資安法案及資安認證架構線上研討會 9/1
https://www.taics.org.tw/RecentACTForm.aspx?ACTCat_id=1&ACT_id=13166

Taipei Creative Coders Meetup #12 9/1
https://www.meetup.com/tpecreativecoders/events/280208750

SyntaxError 9/1
https://www.meetup.com/pythonhug/events/280356863

資訊安全系列課程 9/2 9/23
https://www.tabf.org.tw/CourseDetail.aspx?PID=449539
https://www.tabf.org.tw/CourseDetail.aspx?PID=449536

Web Application 威脅、弱點、防護及縱深防禦實戰班 9/3 9/10 9/17
https://www.tabf.org.tw/CourseDetail.aspx?PID=442804

SP-ISAC 資安沙龍 9/3
https://reurl.cc/6aWQyZ

學生計算機年會 SITCON 2021  9/4
https://sitcon.org/2021/

資安事件新聞週報 2021/8/23 ~ 2021/8/27

 

資安事件新聞週報 2021/8/23  ~  2021/8/27

1.重大弱點漏洞/後門/Exploit/Zero Day

Cisco 近日發布更新以解決多個產品的安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/08/19/cisco-releases-security-updates-multiple-products

Cisco Small Business RV110W、RV130、RV130W 和 RV215W 路由器的通用隨插即用 (UPnP) 服務中存在一個漏洞
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-34730

Critical Flaw Discovered in Cisco APIC for Switches — Patch Released
https://thehackernews.com/2021/08/critical-flaw-discovered-in-cisco-apic.html

F5 Releases Critical Security Patch for BIG-IP and BIG-IQ Devices
https://thehackernews.com/2021/08/f5-releases-critical-security-patches.html

VMware Issues Patches to Fix New Flaws Affecting Multiple Products
https://thehackernews.com/2021/08/vmware-issues-patches-to-fix-new-flaws.html

Fortinet FortiWeb產品存在安全漏洞(CVE-2021-22123)
https://net.nthu.edu.tw/2009/mailing:announcement:20210823_01

NetGear D1500 V1.0.0.21_1.0.1PE - 'Wireless Repeater' Stored Cross-Site Scripting (XSS)
https://www.exploit-db.com/exploits/50201

SonicWall NetExtender 10.2.0.300 - Unquoted Service Path
https://www.exploit-db.com/exploits/50212

CISA警告：駭客正在積極開採ProxyShell漏洞
https://www.ithome.com.tw/news/146353

資安事件新聞週報 2021/8/16 ~ 2021/8/20

 

資安事件新聞週報 2021/8/16  ~  2021/8/20

1.重大弱點漏洞/後門/Exploit/Zero Day
Unpatched Remote Hacking Flaw Disclosed in Fortinet's FortiWeb WAF
https://thehackernews.com/2021/08/unpatched-remote-hacking-zero-day-flaw.html

Hackers can bypass Cisco security products in data theft attacks
https://www.bleepingcomputer.com/news/security/hackers-can-bypass-cisco-security-products-in-data-theft-attacks/

Critical Flaw Found in Older Cisco Small Business Routers Won't Be Fixed
https://thehackernews.com/2021/08/critical-flaw-found-in-older-cisco.html

Cisco Releases Security Updates for Multiple Products
https://us-cert.cisa.gov/ncas/current-activity/2021/08/19/cisco-releases-security-updates-multiple-products

F5 BIG-IP 多個漏洞
https://www.hkcert.org/tc/security-bulletin/f5-big-ip-multiple-vulnerabilities_20210818

趨勢科技APEX ONE產品存在安全漏洞(CVE-2021-32464、32465、36741及36742)
https://www.isda.org.tw/2021/08/14/35ea8908289d2eca875e47fde4b951d9/

New AdLoad Variant Bypasses Apple's Security Defenses to Target macOS Systems
https://thehackernews.com/2021/08/new-adload-variant-bypasses-apples.html

Realtek晶片10多項安全漏洞可導致系統被接管，影響至少65家IoT廠商
https://www.ithome.com.tw/news/146236

NetGear D1500 V1.0.0.21_1.0.1PE - 'Wireless Repeater' Stored Cross-Site Scripting (XSS)
https://www.exploit-db.com/exploits/50201

CentOS Web Panel 0.9.8.1081 - Stored Cross-Site Scripting (XSS)
https://www.exploit-db.com/exploits/50200

iOS 14.7.1 爆災情，更新後「沒有服務」
https://technews.tw/2021/08/18/ios-14-7-1-no-service/

駭客發現Steam錢包金額竄改漏洞 Valve迅速修復並提供獎金答謝
https://game.udn.com/game/story/122089/5676826

資安事件新聞週報 2021/8/9 ~ 2021/8/13

 

資安事件新聞週報 2021/8/9  ~  2021/8/13

1.重大弱點漏洞/後門/Exploit/Zero Day
Pulse Secure VPNs Get New Urgent Update for Poorly Patched Critical Flaw
https://thehackernews.com/2021/08/pulse-secure-vpns-get-new-urgent-update.html

Ivanti 發布 Pulse Connect Secure 安全更新
https://us-cert.cisa.gov/ncas/current-activity/2021/08/06/ivanti-releases-security-update-pulse-connect-secure
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44858

IBM AIX 7.1、7.2 和 VIOS 3.1 版本存在權限驗證弱點
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-29741

近兩年駭客最常利用之29個漏洞資訊與修補方式
https://net.nthu.edu.tw/2009/mailing:announcement:20210811_02

滲透測試工具Cobalt Strike存在DoS漏洞，可以用來遏阻攻擊行動
https://www.ithome.com.tw/news/146069

VMware 發布修補多個產品的安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/08/05/vmware-releases-security-updates-multiple-products
https://www.vmware.com/security/advisories/VMSA-2021-0016.html

安全廠商釋出PetitPotam漏洞非官方修補程式
https://www.ithome.com.tw/news/146090

資安事件新聞週報 2021/8/2 ~ 2021/8/6

 

資安事件新聞週報 2021/8/2  ~  2021/8/6

1.重大弱點漏洞/後門/Exploit/Zero Day
Technical Advisory: Pulse Connect Secure – RCE via Uncontrolled Archive Extraction – CVE-2021-22937 (Patch Bypass)
https://research.nccgroup.com/2021/08/05/technical-advisory-pulse-connect-secure-rce-via-uncontrolled-archive-extraction-cve-2021-22937-patch-bypass/

CHT Security Red Team Discovered Several Vulnerabilities in Well-Known Domestic CTS Web Transaction System
https://www.chtsecurity.com/news/40e165e2-e539-49bc-bcf1-e3b27c29e344

CHT Security Red Team Discovered Several Vulnerabilities in Well-Known Domestic CTS Web Transaction System
https://www.chtsecurity.com/news/40e165e2-e539-49bc-bcf1-e3b27c29e344

CHT Security Red Team Discovered Several Vulnerabilities in Well-Known Domestic CTS Web Transaction System
https://www.chtsecurity.com/news/40e165e2-e539-49bc-bcf1-e3b27c29e344

推動國內產品漏洞修補，TWCERT/CC已指派近200個CVE漏洞，近期發布品質並獲評雙最高等級
https://www.ithome.com.tw/news/146035

美、英、澳聯手公布2020年最常被利用的CVE漏洞
https://www.ithome.com.tw/news/146015

2021年 8 月份資安、社群活動分享

 

2021年 8 月份資安、社群活動分享

2021農業開放資料論壇 8/1
https://www.accupass.com/event/2107140612063453095840

Water Cooler Conversation #28 by #TechLearnEng 8/3
https://www.meetup.com/tech-learn-en/events/279587758

BUiLT Paid into Tech 8/4
https://www.meetup.com/blacks-united-in-leading-technology-greater-china/events/279619371

Red Team Village CTF - DEF CON 29 (2021) 8/5
https://www.eventbrite.com/e/red-team-village-ctf-def-con-29-2021-tickets-161953191355

PHP也有Day #60 8/5
https://reurl.cc/MAmKZk

搶攻 LINE OA 跨境招生潮 / 課程代號 LA3 8/10
https://www.accupass.com/event/2103310827012203476660

中華電信學院 創客智慧應用研習班 第三梯 8/10 ~ 8/11
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=349

資安事件新聞週報 2021/7/26 ~ 2021/7/30

 

 

資安事件新聞週報 2021/7/26  ~  2021/7/30

1.重大弱點漏洞/後門/Exploit/Zero Day
Cisco 發布Intersight Virtual Appliance 軟體安全更新
https://us-cert.cisa.gov/ncas/current-activity/2021/07/22/cisco-releases-security-updates

國內網路産品製造大廠修復路由器密碼硬編寫暨多個RCE嚴重漏洞
https://www.twcert.org.tw/tw/cp-104-4945-a841f-1.html

Oracle 近日發布更新以解決多個產品的安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/07/20/oracle-releases-july-2021-critical-patch-update

FortiClient for Mac 6.4.3 及以下版本 CVE-2021-26089
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-26089

FortiMail 6.4.0 到 6.4.4 和 6.2.0 到 6.2.7
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-24020
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-24007

Citrix Application Delivery Controller、Citrix Gateway 和 Citrix SD-WAN WANOP Edition 的安全更新
https://us-cert.cisa.gov/ncas/current-activity/2021/07/20/citrix-releases-security-updates

D-LINK DIR-3040 1.13B03
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-21820

Kaseya VSA
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-30118

微軟七月 Patch Tuesday 資安修補包，修復 117 個漏洞，包括 9 個 0-day 漏洞
https://blog.twnic.tw/2021/07/30/19459/

Windows 11 推出第一個 Beta 版，持續改善穩定性並修除 Bug
https://www.kocpc.com.tw/archives/395979

Windows 10驚傳一般使用者也能讀取SAM組態檔的弱點
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36934

資安事件新聞週報 2021/7/19 ~ 2021/7/23

 

資安事件新聞週報 2021/7/19  ~  2021/7/23

1.重大弱點漏洞/後門/Exploit/Zero Day
Juniper 近日發布更新以解決多個產品的安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/07/15/juniper-networks-releases-security-updates-multiple-products

Fortinet 近日發布更新以解決 FortiManager 和 FortiAnalyzer 的安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/07/19/fortinet-releases-security-updates-fortimanager-and-fortianalyzer

Cisco 發布Adaptive Security Appliance和Firepower Threat Defense 軟體安全更新
https://us-cert.cisa.gov/ncas/current-activity/2021/07/16/cisco-releases-security-updates

Cisco fixes high-risk DoS flaw in ASA, FTD Software
https://securityaffairs.co/wordpress/120231/security/cisco-dos-flaw-asa-ftd.html

Oracle Warns of Critical Remotely Exploitable Weblogic Server Flaws
https://thehackernews.com/2021/07/oracle-warns-of-critical-remotely.html

存在16年的驅動程式漏洞可讓駭客執行惡意程式，影響HP、全錄等380款印表機
https://www.ithome.com.tw/news/145776

16-Year-Old Security Bug Affects Millions of HP, Samsung, Xerox Printers
https://thehackernews.com/2021/07/16-year-old-security-bug-affects.html

Update Your Chrome Browser to Patch New Zero‑Day Bug Exploited in the Wild
https://thehackernews.com/2021/07/update-your-chrome-browser-to-patch-new.html

資安事件新聞週報 2021/7/12 ~ 2021/7/16

 

資安事件新聞週報 2021/7/12  ~  2021/7/16

1.重大弱點漏洞/後門/Exploit/Zero Day
Cisco 近日發布更新以解決多個產品的安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/07/08/cisco-releases-security-updates-multiple-products
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bpa-priv-esc-dgubwbH4

Chrome and Internet Explorer 0days used to target users in Armenia
https://blog.google/threat-analysis-group/how-we-protect-users-0-day-attacks/

Google：俄羅斯駭客利用Safari零時差漏洞鎖定LinkedIn用戶
https://www.ithome.com.tw/news/145662

Likely Russian government-backed actor using CVE-​2021-1879 to collect authentication cookies from Safari
https://blog.google/threat-analysis-group/how-we-protect-users-0-day-attacks/

Serv-U Remote Memory Escape Vulnerability being exploited in the wild CVE-2021-35211
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35211#FAQ

A New Critical SolarWinds Zero-Day Vulnerability Under Active Attack
https://thehackernews.com/2021/07/a-new-critical-solarwinds-zero-day.html

Chinese Hackers Exploited Latest SolarWinds 0-Day in Targeted Attacks
https://thehackernews.com/2021/07/chinese-hackers-exploit-latest.html

Zyxel USG/Zywall 系列固件版本 4.35 至 4.64 和 USG Flex、ATP 和 VPN 系列固件版本 4.35 至 5.01
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-35029

資安事件新聞週報 2021/7/5 ~ 2021/7/9

 

 

 

資安事件新聞週報 2021/7/5  ~  2021/7/9

1.重大弱點漏洞/後門/Exploit/Zero Day
QNAP 修復 HBS 3 備份應用程式的嚴重漏洞
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9328

WD證實駭客濫用My Book Live系列NAS漏洞
https://pttdigit.com/pc_shopping/M.1625402719.A.DEC.html

WD NAS 爆 0-day 漏洞，部分舊產品無法補洞只能買新的
https://www.kocpc.com.tw/archives/391850

微軟警告儘速升級PowerShell 7，以避免遠端程式碼攻擊
https://www.ithome.com.tw/news/145471

Microsoft 已發布安全更新，以解決 PrintNightmare 弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/07/06/microsoft-releases-out-band-security-updates-printnightmare
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527

資安事件新聞週報 2021/6/28 ~ 2021/7/2

 

資安事件新聞週報 2021/6/28  ~  2021/7/2

1.重大弱點漏洞/後門/Exploit/Zero Day
Hackers target Cisco ASA devices after a PoC exploit code was published online
https://securityaffairs.co/wordpress/119442/hacking/cisco-asa-under-attack.html

Cisco ASA Flaw Under Active Attack After PoC Exploit Posted Online
https://thehackernews.com/2021/06/cisco-asa-flaw-under-active-attack.html

Citrix發布針對Hypervisor的安全更新
https://us-cert.cisa.gov/ncas/current-activity/2021/06/25/citrix-releases-security-updates-hypervisor

Unpatched Virtual Machine Takeover Bug Affects Google Compute Engine
https://thehackernews.com/2021/06/unpatched-virtual-machine-takeover-bug.html

WD 網絡硬碟有嚴重安全漏洞　官方建議立即中斷網絡連線
https://unwire.hk/2021/06/26/wd-my-book-nas-devices-are-being-remotely-wiped/parts/

Netgear路由器漏洞可引發資訊洩露、系統劫持
https://www.ithome.com.tw/news/145414

Watch Out! Zyxel Firewalls and VPNs Under Active Cyberattack
https://thehackernews.com/2021/06/watch-out-zyxel-firewalls-and-vpns.html

VMware Releases Security Updates
https://us-cert.cisa.gov/ncas/current-activity/2021/06/23/vmware-releases-security-updates

2021年 7 月份資安、社群活動分享

 

2021年 7 月份資安、社群活動分享

HackingThursday 固定聚會 台北場 Taipei  7/1
https://www.meetup.com/hackingthursday/events/279146029

Brooklyn Javascripters Meetup  7/6
https://www.meetup.com/brooklyn-javascripters/events/277409602

Taipei Creative Coders Meetup #10 7/7
https://www.meetup.com/tpecreativecoders/events/278994915

Intro to Coding (HTML, CSS, JavaScript & React) 7/8
https://www.meetup.com/paperspace/events/278167616

TensorFlow Everywhere | From 0 to 1  7/10
https://www.meetup.com/TensorFlow-User-Group-Taipei/events/277170902

元智資工夏令營-由programming邁入AI大數據與資安世界 7/15 ~ 7/17
https://cse-yzu.kktix.cc/events/yzcsapcs5

國立臺灣科技大學執行教育部「先進資通安全實務人才培育計畫」，將於110年7月26日至8月1日舉辦「110年新型態資安暑期課程(AIS3 2021)
http://cc.ncku.edu.tw/p/406-1002-220949,r804.php?Lang=zh-tw
 

資安事件新聞週報 2021/6/21 ~ 2021/6/25

 

 

 

資安事件新聞週報 2021/6/21  ~  2021/6/25

1.重大弱點漏洞/後門/Exploit/Zero Day
VMware Releases Security Updates
https://us-cert.cisa.gov/ncas/current-activity/2021/06/23/vmware-releases-security-updates

VMware vCenter Server RCE 6.5 / 6.7 / 7.0 - Remote Code Execution (RCE) (Unauthenticated)
https://www.exploit-db.com/exploits/50056

Solaris SunSSH 11.0 x86 - libpam Remote Root (3)
https://www.exploit-db.com/exploits/50039

Cisco Releases Security Updates for Multiple Products
https://us-cert.cisa.gov/ncas/current-activity/2021/06/17/cisco-releases-security-updates-multiple-products

群暉 Synology 宣布 DSM 7.0 將於 6/29 推出正式版以及 C2 公有雲四項新服務
https://news.xfastest.com/interview/96968/%E7%BE%A4%E6%9A%89-synology-%E5%AE%A3%E5%B8%83-dsm-7-0-%E5%B0%87%E6%96%BC-6-29-%E6%8E%A8%E5%87%BA%E6%AD%A3%E5%BC%8F%E7%89%88%E4%BB%A5%E5%8F%8A-c2-%E5%85%AC%E6%9C%89%E9%9B%B2%E5%9B%9B%E9%A0%85%E6%96%B0/

Dell裝置的管理軟體SupportAssist再爆4漏洞，將允許駭客自遠端執行程式
https://www.ithome.com.tw/news/145255

WD呼籲「My Book Live」用戶快把網路線拔掉，否則硬碟內容可能會被駭客清空
https://www.techbang.com/posts/87940-wd-calls-for-my-book-live

合勤警告SSL VPN、防火牆裝置遭駭客鎖定
https://www.ithome.com.tw/news/145256

一週釋出兩次更新！Google 緊急修補 4 項 Chrome 高風險漏洞
https://3c.ltn.com.tw/news/44868

資安事件新聞週報 2021/6/14 ~ 2021/6/18

 

 

 

資安事件新聞週報 2021/6/14  ~  2021/6/18

1.重大弱點漏洞/後門/Exploit/Zero Day
Zoll心臟電擊器管理軟體重大漏洞可上傳Excel檔執行惡意指令
https://www.ithome.com.tw/news/145056

CISA Releases Advisory on ZOLL Defibrillator Dashboard
https://us-cert.cisa.gov/ncas/current-activity/2021/06/14/cisa-releases-advisory-zoll-defibrillator-dashboard

Google App爆資安漏洞！用戶隱私數據面臨風險
https://newtalk.tw/news/view/2021-06-18/590929

Cisco Releases Security Updates for Multiple Products
https://us-cert.cisa.gov/ncas/current-activity/2021/06/17/cisco-releases-security-updates-multiple-products

7-Year-Old Polkit Flaw Lets Unprivileged Linux Users Gain Root Access
https://thehackernews.com/2021/06/7-year-old-polkit-flaw-lets.html

Critical ThroughTek Flaw Opens Millions of Connected Cameras to Eavesdropping
https://thehackernews.com/2021/06/critical-throughtek-flaw-opens-millions.html

資安事件新聞週報 2021/6/7 ~ 2021/6/11

 

 

 資安事件新聞週報 2021/6/7  ~  2021/6/11

1.重大弱點漏洞/後門/Exploit/Zero Day
GitHub Updates Policy to Remove Exploit Code When Used in Active Attacks
https://thehackernews.com/2021/06/github-updates-policy-to-remove-exploit.html

F5 Networks BIG-IP : BIG-IP APM ACL bypass vulnerability (K75540265)
https://www.tenable.com/plugins/nessus/150460

New UAF Vulnerability Affecting Microsoft Office to be Patched Today
https://thehackernews.com/2021/06/new-uaf-vulnerability-affecting.html

10 Critical Flaws Found in CODESYS Industrial Automation Software
https://thehackernews.com/2021/06/10-critical-flaws-found-in-codesys.html

Check Point在Microsoft Office中發現四個安全漏洞
https://finance.sina.com.cn/tech/2021-06-09/doc-ikqcfnca0056198.shtml

微軟 6 月的星期二補丁：修補了 50 個漏洞，六個零日漏洞被廣泛利用
https://docsxyz.com/zh-hant/wiki/news/microsoft-june-2021-patch-tuesday-20210609

Update Your Windows Computers to Patch 6 New In-the-Wild Zero-Day Bugs
https://thehackernews.com/2021/06/update-your-windows-computers-to-patch.html

資安事件新聞週報 2021/5/31 ~ 2021/6/4

 

資安事件新聞週報 2021/5/31  ~  2021/6/4

1.重大弱點漏洞/後門/Exploit/Zero Day
Fortinet fixed a Post-Auth RCE in FortiWeb (CVE-2021-22123)
https://www.fortiguard.com/psirt/FG-IR-20-120

Researchers Warn of Critical Bugs Affecting Realtek Wi-Fi Module
https://thehackernews.com/2021/06/researchers-warn-of-critical-bugs.html

Open Source Vulnerabilities Converging DevOps & SecOps
https://cybersecdn.com/index.php/2021/05/31/open-source-vulnerabilities-converging-devops-secops/

FBI警告APT組織廣泛開採各類已知漏洞，廠商給修補但使用者無作為，等於坐等被入侵
https://www.ithome.com.tw/news/144692

SonicWall產品存在安全性弱點
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0014

Newly Discovered Bugs in VSCode Extensions Could Lead to Supply Chain Attacks
https://thehackernews.com/2021/05/newly-discovered-bugs-in-vscode.html

CSS-WHAT PACKAGE 直到5.0.0 於NODE.JS ATTRIBUTE 未知漏洞
https://vuldb.com/zh/?id.176096

RHEL 7 : kernel-alt (RHSA-2021:1379)
https://www.tenable.com/plugins/nessus/149235

2021年 6 月份資安、社群活動分享

 

2021年 6 月份資安、社群活動分享

Golang Taipei Gathering #57 Webinar 6/1
https://www.meetup.com/golang-taipei-meetup/events/278400349/

從Python到TensorFlow線上讀書會-二部曲(14) -集群 6/1
https://www.meetup.com/TensorFlow-User-Group-Taipei/events/274981394/

Taipei Creative Coders Meetup #9 6/2
https://www.meetup.com/tpecreativecoders/events/278466192/

TensorFlow Everywhere | From 0 to 1 6/10
https://www.meetup.com/TensorFlow-User-Group-Taipei/events/277170902/

2021製造業資安論壇 6/10
https://docs.google.com/forms/d/e/1FAIpQLSeJEpc_ePmJGx2RO6hlSJQnmsFTzBT-2zkzjcnPHbdYS2UAhQ/viewform

行動應用APP安全檢測與實務(可抵內稽)  6/11
https://www.caa.org.tw/coursedetail-3515.html

Maximize the Output, or Optimize the Outcome 6/24
https://www.meetup.com/the-liberators-network-taiwan-user-group-taipei-taiwan/events/276003947/

資安事件新聞週報 2021/5/24 ~ 2021/5/28

 

 

 

資安事件新聞週報 2021/5/24  ~  2021/5/28

1.重大弱點漏洞/後門/Exploit/Zero Day
New High-Severity Vulnerability Reported in Pulse Connect Secure VPN
https://thehackernews.com/2021/05/new-high-severity-vulnerability.html

Updates to Alert on Pulse Connect Secure
https://us-cert.cisa.gov/ncas/current-activity/2021/05/27/updates-alert-pulse-connect-secure

Synology 14 項套件的生命週期終止公告
https://www.synology.com/zh-tw/products/status/EOL_announcement_for_synology_package_202105

CVE-2021-21985: VMware vCenter Server遠程代碼執行漏洞通告
https://cert.360.cn/warning/detail?id=21bda4287b2b47416e93cc7817bf4a1a

VMware虛擬化解決方案發現遠程代碼執行漏洞
https://finance.sina.com.cn/tech/2021-05-26/doc-ikmyaawc7657251.shtml

Critical RCE Vulnerability Found in VMware vCenter Server — Patch Now!
https://thehackernews.com/2021/05/critical-rce-vulnerability-found-in.html

研究人員揭露PDF規格的兩個安全漏洞，將允許駭客偷偷竄改已認證文件內容
https://www.ithome.com.tw/news/144669

macOS 連爆多個 0-Day 漏洞 !! 黑客可取得 Mac 設備的麥克風、鏡頭、屏幕錄影等權限
https://hk.xfastest.com/116752/apple-macos-0-day-loopholes/

macOS 曝重大零日漏洞！蘋果釋出修復版本，用戶盡快更新以免遭駭
https://3c.ltn.com.tw/news/44487

Ｍac重大漏洞更新　防駭客偷錄螢幕隱私
https://tw.appledaily.com/gadget/20210526/X3BFYPLDFJHYXOHO7P7N47EGUI/

Apple‌ Issues Patches to Combat Ongoing 0-Day Attacks on macOS, tvOS
https://thehackernews.com/2021/05/apple-issues-patches-to-combat-ongoing.html

Apple Security Update for Safari - Exploitation in the Wild Reported
https://support.apple.com/en-us/HT212340

設計違反ARM架構規範！蘋果M1曝出無法修復漏洞
https://www.eet-china.com/mp/a53737.html

Unfixable Apple M1 chip bug enables cross-process chatter, breaking OS security model
https://www.theregister.com/2021/05/27/apple_m1_chip_bug/

廣告商可能竊取資訊　外媒：蘋果M1具有安全漏洞
https://finance.ettoday.net/amp/amp_news.php7?news_id=1992330

資安事件新聞週報 2021/5/17 ~ 2021/5/21

 

資安事件新聞週報 2021/5/17  ~  2021/5/21

1.重大弱點漏洞/後門/Exploit/Zero Day
Google I / O之前的新漏洞聲稱Android 12可能包括小部件和通知的更改
https://www.inin.news/?p=15627

Android Issues Patches for 4 New Zero-Day Bugs Exploited in the Wild
https://thehackernews.com/2021/05/android-issues-patches-for-4-new-zero.html

Android的5月安全更新已有4個漏洞遭到開採
https://www.ithome.com.tw/news/144536

MikroTik RouterOS 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-20214

Cisco Link Layer Discovery Protocol緩衝區溢出漏洞
https://vul.wangan.com/a/CNVD-2021-35515

Qnap Systems Malware Remover 操作系统命令注入漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36198

RHEL 7 / 8 : Ansible security update (2.9.20) (Moderate) (RHSA-2021:1343)
https://www.tenable.com/plugins/nessus/148945

ORACLE SOLARIS 10 BASH 未知漏洞
https://vuldb.com/zh/?id.92787

ORACLE WEBCENTER CONTENT 10.1.3.5.1/11.1.1.6.0/11.1.1.7.0 SITE STUDIO 未知漏洞
https://vuldb.com/zh/?id.9607

Oracle Secure Global Desktop輸入驗證錯誤漏洞
https://www.oracle.com/security-alerts/cpuapr2021.html

ORACLE HTTP SERVER 11.1.1.7.0/12.1.2.0 PLUGIN 1.1 未知漏洞
https://vuldb.com/zh/?id.67085

資安事件新聞週報 2021/5/10 ~ 2021/5/14

 

 

資安事件新聞週報 2021/5/10  ~  2021/5/14

1.重大弱點漏洞/後門/Exploit/Zero Day
所有Wi-Fi裝置皆存在FragAttacks漏洞，可被駭客用來竊取個人資訊和攻擊裝置
https://www.ithome.com.tw/news/144352

Nearly All Wi-Fi Devices Are Vulnerable to New FragAttacks
https://thehackernews.com/2021/05/nearly-all-wifi-devices-are-vulnerable.html

研究人員再掀蘋果AirTag與Find My安全漏洞
https://www.ithome.com.tw/news/144390

模仿 AirTag 傳輸模式！資安業者：蘋果「Find My」功能恐有安全漏洞
https://www.inside.com.tw/article/23500-find-my-network-arbitrary-data-messages

Juniper 產品存在安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/05/11/juniper-networks-releases-security-updates

CVE-2021-21551- Hundreds of Millions of Dell Computers at Risk Due to Multiple BIOS Driver Privilege Escalation Flaws
https://labs.sentinelone.com/cve-2021-21551-hundreds-of-millions-of-dell-computers-at-risk-due-to-multiple-bios-driver-privilege-escalation-flaws/

Windows版Cisco AnyConnect Secure Mobility Client
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-1496
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-1430
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-1429
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-1428
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-1427

Cisco Security Advisory - May 11 2021
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu

Cisco 近日發布更新以解決多個產品的安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/05/06/cisco-releases-security-updates-multiple-products

資安事件新聞週報 2021/5/3 ~ 2021/5/7

 

資安事件新聞週報 2021/5/3  ~  2021/5/7

1.重大弱點漏洞/後門/Exploit/Zero Day
Pulse Connect Secure 9.0R3 / 9.1R1
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-22893

Another Unexpected Privilege Escalation Vulnerability in Windows RPC Protocol
https://labs.sentinelone.com/relaying-potatoes-dce-rpc-ntlm-relay-eop/
https://github.com/antonioCoco/RemotePotato0

PULSE SECURE設備存在安全漏洞(CVE-2021-22893~22894與CVE-2021-22899~22900)，允許攻擊者遠端執行任意程式碼，請儘速確認並進行更新
https://www.isda.org.tw/2021/05/05/9b3d7c9821f97596a142e527c0b6a914/

多個駭客組織鎖定美國國防產業與全球政府機關之Pulse Connect Secure VPN裝置漏洞
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9213

Hackers Exploit SonicWall Zero-Day Bug in FiveHands Ransomware Attacks
https://thehackernews.com/2021/04/hackers-exploit-sonicwall-zero-day-bug.html

VMware vRealize Business for Cloud 遠程代碼執行漏洞（CVE-2021-21984）
https://s.tencent.com/research/bsafe/1306.html

Critical Patch Out for Critical Pulse Secure VPN 0-Day Under Attack
https://thehackernews.com/2021/05/critical-patch-out-for-month-old-pulse.html

BIOS PrivEsc Bugs Affect Hundreds of Millions of Dell PCs Worldwide
https://thehackernews.com/2021/05/bios-privesc-bug-affects-hundreds-of.html

資安事件新聞週報 2021/4/26 ~ 2021/4/30

 

資安事件新聞週報 2021/4/26  ~  2021/4/30

1.重大弱點漏洞/後門/Exploit/Zero Day
中華資安國際發現CVE弱點，國內某電子簽核平台具有多項漏洞
https://nvd.nist.gov/vuln/detail/CVE-2021-28173

駭客利用Pulse Secure VPN裝置4項安全漏洞，對各國政府組織發動攻擊
https://us-cert.cisa.gov/ncas/alerts/aa21-110a

Google Chrome 90 新版修復多個資安漏洞
https://www.twcert.org.tw/tw/cp-104-4686-384be-1.html

Chrome Browser Update - April 26 2021
https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html

ISC BIND - Multiple Vulnerabilities Addressed
https://kb.isc.org/docs/cve-2021-25214
https://kb.isc.org/docs/cve-2021-25215
https://kb.isc.org/docs/cve-2021-25216

Nagios XI Vulnerability Used for Cryptomining
https://unit42.paloaltonetworks.com/nagios-xi-vulnerability-cryptomining/

F5 BIG-IP Found Vulnerable to Kerberos KDC Spoofing Vulnerability
https://thehackernews.com/2021/04/f5-big-ip-found-vulnerable-to-kerberos.html

Apple Security Updates April 26 2021 - Exploitation in the Wild Reported
https://www.jamf.com/blog/shlayer-malware-abusing-gatekeeper-bypass-on-macos/

蘋果釋出macOS Big Sur 11.3，修補已被開採的零時差漏洞
https://www.ithome.com.tw/news/144063

Hackers Exploit 0-Day Gatekeeper Flaw to Attack macOS Computers
https://thehackernews.com/2021/04/hackers-exploit-0-day-gatekeeper-flaw.html

2021年 5 月份資安、社群活動分享

 

 

 2021年 5 月份資安、社群活動分享

Coffee & Code 5/2
https://www.meetup.com/Innovate-Taiwan/events/277643752/

教育部先進資通安全實務人才培育計畫  110年度資安初學者挑戰活動 (MyFirstCTF)  4/26 ~ 5/3 報名
https://drive.google.com/file/d/1SkflOJ1nitQ2m8swotqZ2HNFDP2DWU_r/view

從Python到TensorFlow線上讀書會-二部曲(10) -邏輯回歸 5/4
https://www.meetup.com/TensorFlow-User-Group-Taipei/events/274981279/

ITHOME 台灣資安大會2021 5/4 ~ 5/6
https://cyber.ithome.com.tw/

Taipei Creative Coders Meetup #8 5/5
https://www.meetup.com/tpecreativecoders/events/277806092/

UX Study Group- 設計的心理學 5/5
https://www.meetup.com/GDGTaipei/events/277723592/

2021國際商會數位經濟委員會春季議題分享會 5/7
http://registration.cieca.org.tw/visit/?d=116

In here it's WordPress Friday - 桃園晚餐小聚 #19 5/7
https://www.meetup.com/Taoyuan-WordPress-Meetup/events/277824803/

塔羅牌與 UX 的火花 5/8
https://www.meetup.com/GDGTaipei/events/277707447/

從Python到TensorFlow線上讀書會-二部曲(11) -決策樹 5/11
https://www.meetup.com/TensorFlow-User-Group-Taipei/events/274981288/

【Flutter Night】5/12
https://www.meetup.com/Flutter-Taipei/events/277647481/

SDN x Cloud Native Meetup #38 5/13
https://www.meetup.com/CloudNative-Taiwan/events/277643179/

OWASP Taiwan Meetup (May) 5/18
https://www.meetup.com/Taipei-OWASP-Meetup-Group/events/277773931/

資安事件新聞週報 2021/4/19 ~ 2021/4/23

 

資安事件新聞週報 2021/4/19  ~  2021/4/23

1.重大弱點漏洞/後門/Exploit/Zero Day
Juniper 多個產品存在安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/04/15/juniper-networks-releases-security-updates

Juniper 近日發布更新以解決 Junos OS 多項版本中的安全性弱點
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11147&cat=SIRT_1&actp=LIST

Cisco Security Advisories April 21 2021
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-info-disclos-gGvm9Mfu
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-cql-inject-c7z9QqyB
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-xml-ext-entity-q6Z7uVUg
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-cmdinj-nRHKgfHX
https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&firstPublishedStartDate=2021%2F04%2F21&firstPublishedEndDate=2021%2F04%2F21

趨勢科技軟體舊漏洞遭駭客攻擊
https://www.ithome.com.tw/news/144011

趨勢科技Apex One
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-25250
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-25253
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-28645

資安事件新聞週報 2021/4/12 ~ 2021/4/16

 資安事件新聞週報 2021/4/12  ~  2021/4/16

1.重大弱點漏洞/後門/Exploit/Zero Day
Cisco Will Not Patch Critical RCE Flaw Affecting End-of-Life Business Routers
https://thehackernews.com/2021/04/cisco-will-not-patch-critical-rce-flaw.html

Cisco 發布多種產品的安全更新
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-YuTVWqy

美國國家安全局發表 4 個最新 Microsoft Exchange Server 嚴重漏洞，應立即修補
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9167

快升級 Windows 10！微軟宣布 1909 等 3 個版本將於2021年5月終止支援
https://reurl.cc/V3ZgyA

Severe Bugs Reported in EtherNet/IP Stack for Industrial Systems
https://thehackernews.com/2021/04/severe-bugs-reported-in-ethernetip.html

New JavaScript Exploit Can Now Carry Out DDR4 Rowhammer Attacks
https://thehackernews.com/2021/04/new-javascript-exploit-can-now-carry.html

Chromium第二項漏洞又有概念驗證攻擊程式公布
https://www.ithome.com.tw/news/143851

Update Your Chrome Browser to Patch 2 New In-the-Wild 0-Day Exploits
https://thehackernews.com/2021/04/2-new-chrome-0-days-under-attack-update.html

Chrome 90問世：以HTTPS作為預設，嵌入隱私沙箱控制
https://www.ithome.com.tw/news/143874

RCE Exploit Released for Unpatched Chrome, Opera, and Brave Browsers
https://thehackernews.com/2021/04/rce-exploit-released-for-unpatched.html

資安事件新聞週報 2021/4/5 ~ 2021/4/9

 

資安事件新聞週報 2021/4/5  ~  2021/4/9

1.重大弱點漏洞/後門/Exploit/Zero Day
美國政府警告Fortinet軟體漏洞恐遭國家駭客開採
https://www.ithome.com.tw/news/143629

Critical Auth Bypass Bug Found in VMware Data Center Security Product
https://thehackernews.com/2021/04/critical-auth-bypass-bug-found-in.html

還不快更新FortiOS？極惡勒索軟體Cring開始攻擊歐洲公司
https://reurl.cc/9Zqpv8

FBI及CISA發現有國家支持的駭客組織，正在針對尚未修補Fortinet軟體已知漏洞的使用單位發動滲透攻擊
https://reurl.cc/V3g13Y

思科修補SD-WAN vManage的遠端程式攻擊漏洞
https://www.ithome.com.tw/news/143708

Oracle PeopleSoft Enterprise PeopleTools存在未明漏洞
https://vul.wangan.com/a/CNVD-2018-08455

VMware 發布多種產品的安全更新
https://www.vmware.com/security/advisories/VMSA-2021-0004.html

VMware Security Advisory VMSA-2021-0005
https://www.vmware.com/security/advisories/VMSA-2021-0005.html

Cisco Security Advisories April 7 2021
https://reurl.cc/Kx5QpM

資安事件新聞週報 2021/3/29 ~ 2021/4/2

 

 

資安事件新聞週報 2021/3/29  ~  2021/4/2

1.重大弱點漏洞/後門/Exploit/Zero Day
VMware Security Advisory VMSA-2021-0004
https://www.vmware.com/security/advisories/VMSA-2021-0004.html

VMware IT環境管理系統出現8.6分的重大漏洞，該公司發布公告
https://www.ithome.com.tw/news/143566

在所有受支持的Ubuntu版本中修補了一個Sudo漏洞
https://reurl.cc/R6Qa0Z

GitLab發現高達9.6分的嚴重漏洞，並發布公告
https://www.ithome.com.tw/news/143613

ClamAV 0.102.3隨附針對兩個安全漏洞的解決方案
https://ubunlog.com/zh-TW/clamav-0-102-3-llega-con-solucion-a-dos-fallos-de-seguridad/

Apple Issues Urgent Patch Update for Another Zero‑Day Under Attack
https://thehackernews.com/2021/03/apple-issues-urgent-patch-update-for.html

MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-27928

Chrome Browser Updates - March 30 2021
https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html

2021年 4 月份資安、社群活動分享

 

2021年 4 月份資安、社群活動分享

HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會 淡水 4/1
https://www.meetup.com/hackingthursday/events/ncgzdsyccgbcb/

HackingThursday 固定聚會 台北場 Taipei 4/1
https://www.meetup.com/hackingthursday/events/pbgzdsyccgbcb/

Dilution—How to Tame a Founder’s Biggest Fear Using Pro Forma Cap Tables 4/1
https://www.meetup.com/Taiwan-Startup-Idea-to-IPO/events/276937674/

FREE! Pitch Practice: How to Pitch to Investors and Get the Deal 4/1
https://www.meetup.com/Taiwan-Startup-Idea-to-IPO/events/nnjhzryccgbcb/

FREE! How to Avoid an Intellectual Property Disaster 4/2
https://www.meetup.com/Taiwan-Startup-Idea-to-IPO/events/277142915/

Coffee & Code 4/4
https://www.meetup.com/Innovate-Taiwan/events/277064650

吱吱盃黑客松 2021/04/02 18:30 ~ 2021/04/04 18:30
https://nsysuisc.kktix.cc/events/hackathon2020

高雄 Rails Meetup 4/7
https://www.meetup.com/rails-taiwan/events/qxfvjkyccgbkb/

敏捷團隊的「祿」「權」「科」「忌」 4/7
https://www.meetup.com/scrumoholics/events/277126875/

資安事件新聞週報 2021/3/22 ~ 2021/3/26

 

資安事件新聞週報 2021/3/22  ~  2021/3/26

1.重大弱點漏洞/後門/Exploit/Zero Day
WARNING: A New Android Zero-Day Vulnerability Is Under Active Attack
https://thehackernews.com/2021/03/warning-new-android-zero-day.html

修補「Exchange」重大漏洞！Windows 10 將強制安全更新
https://3c.ltn.com.tw/news/43687

微軟發布修補程式以來，「每天」仍有數不清的 Exchange Server 漏洞攻擊
https://technews.tw/2021/03/24/microsoft-exchange-server-attacks/

思科修補Jabber Windows用戶端軟體App重大漏洞
https://www.ithome.com.tw/news/143502

Cisco 發布 RV132W 和 RV134W 軟體安全更新
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-132w134w-overflow-Pptt4H2p

Cisco Security Advisories March 24 2021
https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&firstPublishedStartDate=2021%2F03%2F24&firstPublishedEndDate=2021%2F03%2F24&limit=50

PsExec Privilege Escalation in Windows Fixed
https://www.bleepingcomputer.com/news/security/microsoft-fixes-windows-psexec-privilege-elevation-vulnerability/
https://techcommunity.microsoft.com/t5/sysinternals-blog/tcpview-v4-0-psexec-v2-33-winobj-v3-02-and-sysmon-v13-02/ba-p/2230549

Critical F5 BIG-IP Bug Under Active Attacks After PoC Exploit Posted Online
https://thehackernews.com/2021/03/latest-f5-big-ip-bug-under-active.html

資安事件新聞週報 2021/3/15 ~ 2021/3/19

 

資安事件新聞週報 2021/3/15  ~  2021/3/19

1.重大弱點漏洞/後門/Exploit/Zero Day
grafana 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28146

微軟Exchange漏洞受矚 戴夫寇爾駁不實指控
https://money.udn.com/money/story/10860/5329940

Exchange Server零時差漏洞攻擊　Palo Alto Networks提出4招防範
https://finance.ettoday.net/news/1942640

FUEL CMS跨站請求偽造漏洞
https://vul.wangan.com/a/CNVD-2021-18031

發現11處安全漏洞！谷歌：駭客可攻擊多種操作系統
https://reurl.cc/Kx2LER

Apple Xcode < 7.2 多個漏洞(Mac OS X)
https://zh-cn.tenable.com/plugins/nessus/87737

phpMyAdmin 3.3.x / 3.4.x < 3.3.10.2 / 3.4.3.1 多種漏洞(PMASA-2011-5 - PMASA-2011-8)
https://zh-cn.tenable.com/plugins/nessus/57346

Apache Solr任意文件讀取與SSRF漏洞預警
https://www.secrss.com/articles/29973

Google Chrome與Microsoft Edge瀏覽器存在安全漏洞，速更新
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9119

GitLab開源代碼管理倉庫發現遠程代碼執行漏洞
https://news.sina.com.tw/article/20210319/37944572.html

黑客利用7個零日漏洞來感染網站並滲透iOS設備
https://www.cnbeta.com/articles/tech/1103813.htm

資安事件新聞週報 2021/3/8 ~ 2021/3/12

 

資安事件新聞週報 2021/3/8  ~  2021/3/12

1.重大弱點漏洞/後門/Exploit/Zero Day
來自台灣的 DEVCORE 領先全球揭露 並通報微軟的 Exchange Server 安全漏洞
https://reurl.cc/bzWO7E

FireEye揭露Accellion事故調查結果，攻擊者極為熟悉目標軟體的運作機制，並串連漏洞進行RCE攻擊
https://www.ithome.com.tw/news/143178

CISA也發出警告！F5公布多個RCE漏洞，並呼籲用戶盡快升級
https://www.ithome.com.tw/news/143171

F5 BIG-IP和BIG-IQ設備的RCE弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/03/10/f5-security-advisory-rce-vulnerabilities-big-ip-big-iq

Critical Pre-Auth RCE Flaw Found in F5 Big-IP Platform — Patch ASAP
https://thehackernews.com/2021/03/critical-pre-auth-rce-flaw-found-in-f5.html

QNAP NAS 已知漏洞遭駭侵者用以惡意挖礦
https://twcert.pixnet.net/blog/post/330990583

中華資安國際發現CVE弱點，國內某入口網資訊系統具有多項漏洞
https://www.chtsecurity.com/news/973edda3-35e8-4369-89de-912f9017a5ff

蘋果各平台安全更新 防惡意程式碼
https://reurl.cc/bzWODr

Apache Tomcat
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-25329

Cisco 近日發布更新以解決多個Cisco產品受Snort影響所造成安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/03/04/cisco-releases-security-updates

VMware 發布安全更新以解決 VMware View Planner弱點問題
https://us-cert.cisa.gov/ncas/current-activity/2021/03/04/vmware-releases-security-update

ProxyLogon PoC Exploit Released; Likely to Fuel More Disruptive Cyber Attacks
https://thehackernews.com/2021/03/proxylogon-exchange-poc-exploit.html

資安事件新聞週報 2021/3/1 ~ 2021/3/5

 

 

資安事件新聞週報 2021/3/1  ~  2021/3/5

1.重大弱點漏洞/後門/Exploit/Zero Day
Google Workspace 3月15日起不支援IE11
https://www.ithome.com.tw/news/142963

Google釋出Chrome更新修補已遭開採的漏洞
https://www.ithome.com.tw/news/143023

Oracle WebLogic Server 多個漏洞（2020 年1 月CPU）
https://zh-cn.tenable.com/plugins/nessus/132961

Grub2再現嚴重漏洞，釋出117個修補程式
https://www.ithome.com.tw/news/143054

CISA Issues Emergency Directive on In-the-Wild Microsoft Exchange Flaws
https://thehackernews.com/2021/03/cisa-issues-emergency-directive-on-in.html

Exchange Server零時差漏洞災情，可能比微軟想像中嚴重
https://www.ithome.com.tw/news/143056

微軟IIS 6.0舊漏洞再被用來挖礦
http://www.cmen.cc/news/202103/12896.html

Windows 10 字型曝安全漏洞遭 Google 揭露！微軟釋出安全修補
https://3c.ltn.com.tw/news/43394

Google揭露Windows 10字型元件RCE漏洞
https://www.ithome.com.tw/news/142986

Microsoft 發布安全更新以解決Exchange Server 多個安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/03/02/microsoft-releases-out-band-security-updates-exchange-server

FortiLogger 4.4.2.2 - Unauthenticated Arbitrary File Upload (Metasploit)
https://www.exploit-db.com/exploits/49600

2021年 3 月份資安、社群活動分享

 

2021年 3 月份資安、社群活動分享

資安鑑識課程-系列Ⅰ 初級課程：駭客攻擊手法與鑑識分析 即日起至110年3月1日（星期一）止。
http://www.hfjh.tp.edu.tw/node/4830

TensorFlow Everywhere | Neural Structured Learning 3/2
https://www.meetup.com/TensorFlow-User-Group-Taipei/events/276064455

A Chat with Ether Cards 3/2
https://www.meetup.com/Taipei-Ethereum-Meetup/events/276560512

Swift Meetup 60 3/2
https://www.meetup.com/Swift-Taipei-User-Group/events/276584454

NExT Forum 電動車資安論壇 3/3
https://www.accupass.com/event/2102050532001949800776

【 Dcard X SITCON 線上分享 】等等！還沒畢業怎麼成為工程師 3/3
https://www.facebook.com/events/335405267793900/

資安事件新聞週報 2021/2/22 ~ 2021/2/26

 

資安事件新聞週報 2021/2/22  ~  2021/2/26

1.重大弱點漏洞/後門/Exploit/Zero Day
部份Fortinet產品加密金鑰漏洞可讓駭客竊聽用戶活動
http://www.cmen.cc/mrzx/202102/7805.html

Google Chrome與Microsoft Edge瀏覽器存在安全漏洞(CVE-2021-21148)，允許攻擊者遠端執行任意程式碼
https://tp2rc.tanet.edu.tw/node/416

Critical RCE Flaws Affect VMware ESXi and vSphere Client — Patch Now
https://thehackernews.com/2021/02/critical-rce-flaw-affects-vmware.html

VMware 發布安全更新以解決多項產品弱點問題
https://www.twcert.org.tw/tw/cp-104-4447-d041b-1.html

VMware 修復 vCenter 嚴重漏洞，可導致駭客遠端執行任意程式碼
https://www.twcert.org.tw/tw/cp-104-4447-d041b-1.html

QNAP 發布 Surveillance Station 及 Helpdesk 資安漏洞修補更新
https://www.twcert.org.tw/tw/cp-104-4449-d522e-1.html

Hackers Exploit Accellion Zero-Days in Recent Data Theft and Extortion Attacks
https://thehackernews.com/2021/02/hackers-exploit-accellion-zero-days-in.html

Cisco Releases Security Patches for Critical Flaws Affecting its Products
https://thehackernews.com/2021/02/cisco-releases-security-patches-for.html

Cisco 近日發布更新以解決Cisco AnyConnect Secure Mobility Client的安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/02/18/cisco-releases-security-updates-anyconnect-secure-mobility-client

Cisco 之 VPN 路由器存在安全漏洞，請儘速確認並進行更新
https://net.nthu.edu.tw/netsys/mailing:announcement:20210217_02

思科小型企業交換機發現信息泄露漏洞,需要儘快升級
https://www.mihunye.com/science/40386.html

思科互聯網產品和網路解決方案發現特權升級漏洞
https://news.sina.com.tw/article/20210222/37686892.html

IBM WebSphere Application Server 目錄遍歷漏洞(CVE-2021-20354)
https://nosec.org/home/detail/4683.html

資安事件新聞週報 2021/2/15 ~ 2021/2/19

 

 

資安事件新聞週報 2021/2/15  ~  2021/2/19

1.重大弱點漏洞/後門/Exploit/Zero Day
Google釋出開源軟體漏洞資料庫
https://www.ithome.com.tw/news/142728

VMware Security Advisory - February 11th, 2021
https://www.vmware.com/security/advisories/VMSA-2021-0001.html

SAP Security Patch Day - February 2021
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=568460543

GitLab發布重要安全更新修補XSS與AWS帳號接管漏洞
http://www.cmen.cc/rgzn/202102/7214.html

D-Link DNS-320 FW v2.06B01
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2020-25506

D-Link DSR-250（3.14）DSR-1000N（2.11B201）
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2020-18568

FortiLogger 4.4.2.2
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-3378

solarwinds
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2020-35481

trendmicro Apex One
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-25249

Cisco Security Advisories - February 2021
https://reurl.cc/bzGKyv

資安事件新聞週報 2021/2/8 ~ 2021/2/12

 

 

資安事件新聞週報 2021/2/8  ~  2021/2/12

1.重大弱點漏洞/後門/Exploit/Zero Day
IBM PowerHA 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4832

IBM QRadar SIEM遠程代碼執行漏洞(CVE-2020-4888) 預警
https://www.secrss.com/articles/29101

IBM QRadar遠程代碼執行漏洞通告，SOC類產品存在暴露到互聯網被攻擊的風險
https://s.tencent.com/research/bsafe/1245.html

NCR Command Center Agent 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3122

兆勤科技發布硬式編碼認證漏洞資安公告(CVE-2020-29583)
http://www.tc.edu.tw/news/show/id/160271

Cisco 近日發布更新以解決多個產品的安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/02/04/cisco-releases-security-updates

快修補，思科小企業用VPN路由器產品爆6項重大漏洞
https://www.ithome.com.tw/news/142701

Critical Flaws Reported in Cisco VPN Routers for Businesses—Patch ASAP
https://thehackernews.com/2021/02/critical-flaws-reported-in-cisco-vpn.html

微軟2月Patch Tuesday修補56個安全漏洞，內含一個已被開採的零時差漏洞
https://www.ithome.com.tw/news/142716

微軟呼籲用戶修補3個Windows TCP/IP實作漏洞，影響所有版本
https://www.ithome.com.tw/news/142717

Windows 10 21H1更新時間曝光，KTM 漏洞亦一併解決
https://reurl.cc/qmN3Nn

資安事件新聞週報 2021/2/1 ~ 2021/2/5

 

資安事件新聞週報 2021/2/1  ~  2021/2/5

1.重大弱點漏洞/後門/Exploit/Zero Day
微軟 Windows 10 今年首個更新版本要來了？外媒曝正式版釋出時間點曝光
https://3c.ltn.com.tw/news/43139

Google：去年1/4零時差漏洞來自修補不確實
https://www.ithome.com.tw/news/142649

Sudo漏洞也影響macOS、AIX、Solaris
https://www.ithome.com.tw/news/142619

sudoedit 堆溢出本地提權漏洞（CVE-2021-3156）
https://www.mdeditor.tw/pl/gO0b

Realtek RTL8195AM 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25856

Critical Bugs Found in Popular Realtek Wi-Fi Module for Embedded Devices
https://thehackernews.com/2021/02/critical-bugs-found-in-popular-realtek.html

SonicWall緊急修補已發生攻擊的SMA 100系列設備漏洞
https://www.ithome.com.tw/news/142630

2021年 2 月份資安、社群活動分享

 2021年 2 月份資安、社群活動分享

MLDM Monday @ 三創育成 | Hybrid Classical-Quantum Machine Learning 2/1
https://www.meetup.com/Taiwan-R/events/274786447

元智資工冬令營-由programming邁入AI大數據與資安世界 2021/2/1 ~ 2021/2/3
https://cse-yzu.kktix.cc/events/yzcsapcs4

Taipei Rails Meetup 2/2
https://www.meetup.com/rails-taiwan/events/276003258

以 VMware Tanzu Service Mesh 強化多叢集 Kubernetes 的微服務 2/3
https://event.ithome.com.tw/live/vm2020tanzu/index.html

Taipei Creative Coders Meetup #5 2/3
https://www.meetup.com/tpecreativecoders/events/275943261

Android Code Club(Taipei) 2/3
https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/276024894

資安事件新聞週報 2021/1/25 ~ 2021/1/29

 

 

資安事件新聞週報 2021/1/25  ~  2021/1/29

1.重大弱點漏洞/後門/Exploit/Zero Day
Linux Sudo 指令遭發現遠端執行任意程式碼嚴重漏洞
https://www.twcert.org.tw/tw/cp-104-4352-31f09-1.html

修复sudo 堆溢出漏洞（CVE-2021-3156）预警
https://blog.csdn.net/weixin_37926485/article/details/113354836

隱藏了十年的Sudo 漏洞曝出：無需密碼就能獲取root 權限
https://www.163.com/dy/article/G1HDMK8S0511FQO9.html

QNAP NAS 爆出嚴重安全漏洞 判斷為嚴重漏洞 黑客能偷取敏感數據
https://reurl.cc/WEkVkD

Cisco 近日發布更新以解決多個產品的安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/01/21/cisco-releases-advisories-multiple-products

駭客用SonicWall產品零時差漏洞駭入該公司網路
https://www.ithome.com.tw/news/142429

SonicWall SMA 100 Series 產品多個漏洞
https://www1.crisp.govcert.gov.hk/portal/govcert/tc/alerts_detail.xhtml?id=545

Ubuntu Linux內核發現敏感信息洩露漏洞,需要盡快升級
https://finance.sina.com.cn/tech/2021-01-29/doc-ikftpnny2700709.shtml

微軟修補 Microsoft Defender 防毒防駭軟體內的 zero day 漏洞
https://blog.twnic.tw/2021/01/29/16934/

資安事件新聞週報 2021/1/18 ~ 2021/1/22

 

 

資安事件新聞週報 2021/1/18  ~  2021/1/22

1.重大弱點漏洞/後門/Exploit/Zero Day
思科修補SD-WAN裝置、管理軟體等重大漏洞
https://www.ithome.com.tw/news/142403

Cisco 近日發布更新以解決多個產品的安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/01/14/cisco-releases-security-updates-multiple-products

Juniper 多個產品存在安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/01/14/juniper-networks-releases-security-updates-multiple-products

DNS軟體Dnsmasq含快取下毒（Cache Poisoning）漏洞，將影響數百萬台設備
https://reurl.cc/WE3yMx

資安業者披露：開源DNS軟體Dnsmasq含有7個安全漏洞
https://www.ithome.com.tw/news/142351

【漏洞預警】Dnsmasq 多個高危漏洞（CVE-2020-25681、CVE-2020-25682）
https://xz.aliyun.com/t/9107

Dnsmasq: 多個高危漏洞風險通告
https://cert.360.cn/warning/detail?id=dcef4be9a3611d218cb4a80d0f448b5b

A Set of Severe Flaws Affect Popular DNSMasq DNS Forwarder
https://thehackernews.com/2021/01/a-set-of-severe-flaws-affect-popular.html

甲骨文產品多個漏洞
https://www.hkcert.org/tc/security-bulletin/oracle-products-multiple-vulnerabilities-20210121

Chrome 88出爐：終止對FTP與Flash Player的支援，分頁搜尋現蹤
https://www.ithome.com.tw/news/142372

資安事件新聞週報 2021/1/11 ~ 2021/1/15

 

 

資安事件新聞週報 2021/1/11  ~  2021/1/15

1.重大弱點漏洞/後門/Exploit/Zero Day
Zyxel近日發布更新以解決多個產品存在遠端程式碼執行弱點
https://reurl.cc/4ymjYV

Fortinet 近日發布更新以解決 FortiWeb 的安全性弱點
https://securityaffairs.co/wordpress/113129/hacking/fortinet-fortiweb-waf-flaws.html

小米路由器Ax6 授權問題漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14097

Juniper Networks Junos OS 授權問題漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0204

思科AnyConnect安全客戶端發現DDL注入裂縫，需要盡快升級
https://finance.sina.com.cn/tech/2021-01-15/doc-ikftpnnx7500878.shtml

Google揭露串連Chrome/Windows零時差漏洞、Android已知漏洞的攻擊行動
https://www.ithome.com.tw/news/142225

谷歌Chrome瀏覽器87版本發現多個重要漏洞，需要盡快升級
https://finance.sina.cn/tech/2021-01-08/detail-iiznezxt1204587.d.html?fromtech=1

谷歌瀏覽器又曝漏洞，黑客可劫持目標計算機
https://www.796t.com/article.php?id=227271