資安事件新聞週報 2021/7/19 ~ 2021/7/23

 


資安事件新聞週報 2021/7/19  ~  2021/7/23

1.重大弱點漏洞/後門/Exploit/Zero Day
Juniper 近日發布更新以解決多個產品的安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/07/15/juniper-networks-releases-security-updates-multiple-products

Fortinet 近日發布更新以解決 FortiManager 和 FortiAnalyzer 的安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/07/19/fortinet-releases-security-updates-fortimanager-and-fortianalyzer

Cisco 發布Adaptive Security Appliance和Firepower Threat Defense 軟體安全更新
https://us-cert.cisa.gov/ncas/current-activity/2021/07/16/cisco-releases-security-updates

Cisco fixes high-risk DoS flaw in ASA, FTD Software
https://securityaffairs.co/wordpress/120231/security/cisco-dos-flaw-asa-ftd.html

Oracle Warns of Critical Remotely Exploitable Weblogic Server Flaws
https://thehackernews.com/2021/07/oracle-warns-of-critical-remotely.html

存在16年的驅動程式漏洞可讓駭客執行惡意程式,影響HP、全錄等380款印表機
https://www.ithome.com.tw/news/145776

16-Year-Old Security Bug Affects Millions of HP, Samsung, Xerox Printers
https://thehackernews.com/2021/07/16-year-old-security-bug-affects.html

Update Your Chrome Browser to Patch New Zero‑Day Bug Exploited in the Wild
https://thehackernews.com/2021/07/update-your-chrome-browser-to-patch-new.html

資安事件新聞週報 2021/7/12 ~ 2021/7/16

 

資安事件新聞週報 2021/7/12  ~  2021/7/16

1.重大弱點漏洞/後門/Exploit/Zero Day
Cisco 近日發布更新以解決多個產品的安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/07/08/cisco-releases-security-updates-multiple-products
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bpa-priv-esc-dgubwbH4

Chrome and Internet Explorer 0days used to target users in Armenia
https://blog.google/threat-analysis-group/how-we-protect-users-0-day-attacks/

Google:俄羅斯駭客利用Safari零時差漏洞鎖定LinkedIn用戶
https://www.ithome.com.tw/news/145662

Likely Russian government-backed actor using CVE-​2021-1879 to collect authentication cookies from Safari
https://blog.google/threat-analysis-group/how-we-protect-users-0-day-attacks/

Serv-U Remote Memory Escape Vulnerability being exploited in the wild CVE-2021-35211
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35211#FAQ

A New Critical SolarWinds Zero-Day Vulnerability Under Active Attack
https://thehackernews.com/2021/07/a-new-critical-solarwinds-zero-day.html

Chinese Hackers Exploited Latest SolarWinds 0-Day in Targeted Attacks
https://thehackernews.com/2021/07/chinese-hackers-exploit-latest.html

Zyxel USG/Zywall 系列固件版本 4.35 至 4.64 和 USG Flex、ATP 和 VPN 系列固件版本 4.35 至 5.01
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-35029

資安事件新聞週報 2021/7/5 ~ 2021/7/9

 

 

 

資安事件新聞週報 2021/7/5  ~  2021/7/9

1.重大弱點漏洞/後門/Exploit/Zero Day
QNAP 修復 HBS 3 備份應用程式的嚴重漏洞
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9328

WD證實駭客濫用My Book Live系列NAS漏洞
https://pttdigit.com/pc_shopping/M.1625402719.A.DEC.html

WD NAS 爆 0-day 漏洞,部分舊產品無法補洞只能買新的
https://www.kocpc.com.tw/archives/391850

微軟警告儘速升級PowerShell 7,以避免遠端程式碼攻擊
https://www.ithome.com.tw/news/145471

Microsoft 已發布安全更新,以解決 PrintNightmare 弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/07/06/microsoft-releases-out-band-security-updates-printnightmare
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527

資安事件新聞週報 2021/6/28 ~ 2021/7/2


 

資安事件新聞週報 2021/6/28  ~  2021/7/2

1.重大弱點漏洞/後門/Exploit/Zero Day
Hackers target Cisco ASA devices after a PoC exploit code was published online
https://securityaffairs.co/wordpress/119442/hacking/cisco-asa-under-attack.html

Cisco ASA Flaw Under Active Attack After PoC Exploit Posted Online
https://thehackernews.com/2021/06/cisco-asa-flaw-under-active-attack.html

Citrix發布針對Hypervisor的安全更新
https://us-cert.cisa.gov/ncas/current-activity/2021/06/25/citrix-releases-security-updates-hypervisor

Unpatched Virtual Machine Takeover Bug Affects Google Compute Engine
https://thehackernews.com/2021/06/unpatched-virtual-machine-takeover-bug.html

WD 網絡硬碟有嚴重安全漏洞 官方建議立即中斷網絡連線
https://unwire.hk/2021/06/26/wd-my-book-nas-devices-are-being-remotely-wiped/parts/

Netgear路由器漏洞可引發資訊洩露、系統劫持
https://www.ithome.com.tw/news/145414

Watch Out! Zyxel Firewalls and VPNs Under Active Cyberattack
https://thehackernews.com/2021/06/watch-out-zyxel-firewalls-and-vpns.html

VMware Releases Security Updates
https://us-cert.cisa.gov/ncas/current-activity/2021/06/23/vmware-releases-security-updates

2021年 7 月份資安、社群活動分享


 

2021年 7 月份資安、社群活動分享

HackingThursday 固定聚會 台北場 Taipei  7/1
https://www.meetup.com/hackingthursday/events/279146029

Brooklyn Javascripters Meetup  7/6
https://www.meetup.com/brooklyn-javascripters/events/277409602

Taipei Creative Coders Meetup #10 7/7
https://www.meetup.com/tpecreativecoders/events/278994915

Intro to Coding (HTML, CSS, JavaScript & React) 7/8
https://www.meetup.com/paperspace/events/278167616

TensorFlow Everywhere | From 0 to 1  7/10
https://www.meetup.com/TensorFlow-User-Group-Taipei/events/277170902

元智資工夏令營-由programming邁入AI大數據與資安世界 7/15 ~ 7/17
https://cse-yzu.kktix.cc/events/yzcsapcs5

國立臺灣科技大學執行教育部「先進資通安全實務人才培育計畫」,將於110年7月26日至8月1日舉辦「110年新型態資安暑期課程(AIS3 2021)
http://cc.ncku.edu.tw/p/406-1002-220949,r804.php?Lang=zh-tw
 

資安事件新聞週報 2021/6/21 ~ 2021/6/25

 

 

 

資安事件新聞週報 2021/6/21  ~  2021/6/25

1.重大弱點漏洞/後門/Exploit/Zero Day
VMware Releases Security Updates
https://us-cert.cisa.gov/ncas/current-activity/2021/06/23/vmware-releases-security-updates

VMware vCenter Server RCE 6.5 / 6.7 / 7.0 - Remote Code Execution (RCE) (Unauthenticated)
https://www.exploit-db.com/exploits/50056

Solaris SunSSH 11.0 x86 - libpam Remote Root (3)
https://www.exploit-db.com/exploits/50039

Cisco Releases Security Updates for Multiple Products
https://us-cert.cisa.gov/ncas/current-activity/2021/06/17/cisco-releases-security-updates-multiple-products

群暉 Synology 宣布 DSM 7.0 將於 6/29 推出正式版以及 C2 公有雲四項新服務
https://news.xfastest.com/interview/96968/%E7%BE%A4%E6%9A%89-synology-%E5%AE%A3%E5%B8%83-dsm-7-0-%E5%B0%87%E6%96%BC-6-29-%E6%8E%A8%E5%87%BA%E6%AD%A3%E5%BC%8F%E7%89%88%E4%BB%A5%E5%8F%8A-c2-%E5%85%AC%E6%9C%89%E9%9B%B2%E5%9B%9B%E9%A0%85%E6%96%B0/

Dell裝置的管理軟體SupportAssist再爆4漏洞,將允許駭客自遠端執行程式
https://www.ithome.com.tw/news/145255

WD呼籲「My Book Live」用戶快把網路線拔掉,否則硬碟內容可能會被駭客清空
https://www.techbang.com/posts/87940-wd-calls-for-my-book-live

合勤警告SSL VPN、防火牆裝置遭駭客鎖定
https://www.ithome.com.tw/news/145256

一週釋出兩次更新!Google 緊急修補 4 項 Chrome 高風險漏洞
https://3c.ltn.com.tw/news/44868

資安事件新聞週報 2021/6/14 ~ 2021/6/18

 

 

 

資安事件新聞週報 2021/6/14  ~  2021/6/18

1.重大弱點漏洞/後門/Exploit/Zero Day
Zoll心臟電擊器管理軟體重大漏洞可上傳Excel檔執行惡意指令
https://www.ithome.com.tw/news/145056

CISA Releases Advisory on ZOLL Defibrillator Dashboard
https://us-cert.cisa.gov/ncas/current-activity/2021/06/14/cisa-releases-advisory-zoll-defibrillator-dashboard

Google App爆資安漏洞!用戶隱私數據面臨風險
https://newtalk.tw/news/view/2021-06-18/590929

Cisco Releases Security Updates for Multiple Products
https://us-cert.cisa.gov/ncas/current-activity/2021/06/17/cisco-releases-security-updates-multiple-products

7-Year-Old Polkit Flaw Lets Unprivileged Linux Users Gain Root Access
https://thehackernews.com/2021/06/7-year-old-polkit-flaw-lets.html

Critical ThroughTek Flaw Opens Millions of Connected Cameras to Eavesdropping
https://thehackernews.com/2021/06/critical-throughtek-flaw-opens-millions.html

資安事件新聞週報 2021/6/7 ~ 2021/6/11

 

 

 資安事件新聞週報 2021/6/7  ~  2021/6/11

1.重大弱點漏洞/後門/Exploit/Zero Day
GitHub Updates Policy to Remove Exploit Code When Used in Active Attacks
https://thehackernews.com/2021/06/github-updates-policy-to-remove-exploit.html

F5 Networks BIG-IP : BIG-IP APM ACL bypass vulnerability (K75540265)
https://www.tenable.com/plugins/nessus/150460

New UAF Vulnerability Affecting Microsoft Office to be Patched Today
https://thehackernews.com/2021/06/new-uaf-vulnerability-affecting.html

10 Critical Flaws Found in CODESYS Industrial Automation Software
https://thehackernews.com/2021/06/10-critical-flaws-found-in-codesys.html

Check Point在Microsoft Office中發現四個安全漏洞
https://finance.sina.com.cn/tech/2021-06-09/doc-ikqcfnca0056198.shtml

微軟 6 月的星期二補丁:修補了 50 個漏洞,六個零日漏洞被廣泛利用
https://docsxyz.com/zh-hant/wiki/news/microsoft-june-2021-patch-tuesday-20210609

Update Your Windows Computers to Patch 6 New In-the-Wild Zero-Day Bugs
https://thehackernews.com/2021/06/update-your-windows-computers-to-patch.html

資安事件新聞週報 2021/5/31 ~ 2021/6/4

 


資安事件新聞週報 2021/5/31  ~  2021/6/4

1.重大弱點漏洞/後門/Exploit/Zero Day
Fortinet fixed a Post-Auth RCE in FortiWeb (CVE-2021-22123)
https://www.fortiguard.com/psirt/FG-IR-20-120

Researchers Warn of Critical Bugs Affecting Realtek Wi-Fi Module
https://thehackernews.com/2021/06/researchers-warn-of-critical-bugs.html

Open Source Vulnerabilities Converging DevOps & SecOps
https://cybersecdn.com/index.php/2021/05/31/open-source-vulnerabilities-converging-devops-secops/

FBI警告APT組織廣泛開採各類已知漏洞,廠商給修補但使用者無作為,等於坐等被入侵
https://www.ithome.com.tw/news/144692

SonicWall產品存在安全性弱點
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0014

Newly Discovered Bugs in VSCode Extensions Could Lead to Supply Chain Attacks
https://thehackernews.com/2021/05/newly-discovered-bugs-in-vscode.html

CSS-WHAT PACKAGE 直到5.0.0 於NODE.JS ATTRIBUTE 未知漏洞
https://vuldb.com/zh/?id.176096

RHEL 7 : kernel-alt (RHSA-2021:1379)
https://www.tenable.com/plugins/nessus/149235

2021年 6 月份資安、社群活動分享

 


2021年 6 月份資安、社群活動分享

Golang Taipei Gathering #57 Webinar 6/1
https://www.meetup.com/golang-taipei-meetup/events/278400349/

從Python到TensorFlow線上讀書會-二部曲(14) -集群 6/1
https://www.meetup.com/TensorFlow-User-Group-Taipei/events/274981394/

Taipei Creative Coders Meetup #9 6/2
https://www.meetup.com/tpecreativecoders/events/278466192/

TensorFlow Everywhere | From 0 to 1 6/10
https://www.meetup.com/TensorFlow-User-Group-Taipei/events/277170902/

2021製造業資安論壇 6/10
https://docs.google.com/forms/d/e/1FAIpQLSeJEpc_ePmJGx2RO6hlSJQnmsFTzBT-2zkzjcnPHbdYS2UAhQ/viewform

行動應用APP安全檢測與實務(可抵內稽)  6/11
https://www.caa.org.tw/coursedetail-3515.html

Maximize the Output, or Optimize the Outcome 6/24
https://www.meetup.com/the-liberators-network-taiwan-user-group-taipei-taiwan/events/276003947/

資安事件新聞週報 2021/5/24 ~ 2021/5/28

 

 

 

資安事件新聞週報 2021/5/24  ~  2021/5/28

1.重大弱點漏洞/後門/Exploit/Zero Day
New High-Severity Vulnerability Reported in Pulse Connect Secure VPN
https://thehackernews.com/2021/05/new-high-severity-vulnerability.html

Updates to Alert on Pulse Connect Secure
https://us-cert.cisa.gov/ncas/current-activity/2021/05/27/updates-alert-pulse-connect-secure

Synology 14 項套件的生命週期終止公告
https://www.synology.com/zh-tw/products/status/EOL_announcement_for_synology_package_202105

CVE-2021-21985: VMware vCenter Server遠程代碼執行漏洞通告
https://cert.360.cn/warning/detail?id=21bda4287b2b47416e93cc7817bf4a1a

VMware虛擬化解決方案發現遠程代碼執行漏洞
https://finance.sina.com.cn/tech/2021-05-26/doc-ikmyaawc7657251.shtml

Critical RCE Vulnerability Found in VMware vCenter Server — Patch Now!
https://thehackernews.com/2021/05/critical-rce-vulnerability-found-in.html

研究人員揭露PDF規格的兩個安全漏洞,將允許駭客偷偷竄改已認證文件內容
https://www.ithome.com.tw/news/144669

macOS 連爆多個 0-Day 漏洞 !! 黑客可取得 Mac 設備的麥克風、鏡頭、屏幕錄影等權限
https://hk.xfastest.com/116752/apple-macos-0-day-loopholes/

macOS 曝重大零日漏洞!蘋果釋出修復版本,用戶盡快更新以免遭駭
https://3c.ltn.com.tw/news/44487

Mac重大漏洞更新 防駭客偷錄螢幕隱私
https://tw.appledaily.com/gadget/20210526/X3BFYPLDFJHYXOHO7P7N47EGUI/

Apple‌ Issues Patches to Combat Ongoing 0-Day Attacks on macOS, tvOS
https://thehackernews.com/2021/05/apple-issues-patches-to-combat-ongoing.html

Apple Security Update for Safari - Exploitation in the Wild Reported
https://support.apple.com/en-us/HT212340

設計違反ARM架構規範!蘋果M1曝出無法修復漏洞
https://www.eet-china.com/mp/a53737.html

Unfixable Apple M1 chip bug enables cross-process chatter, breaking OS security model
https://www.theregister.com/2021/05/27/apple_m1_chip_bug/

廣告商可能竊取資訊 外媒:蘋果M1具有安全漏洞
https://finance.ettoday.net/amp/amp_news.php7?news_id=1992330

資安事件新聞週報 2021/5/17 ~ 2021/5/21

 

資安事件新聞週報 2021/5/17  ~  2021/5/21

1.重大弱點漏洞/後門/Exploit/Zero Day
Google I / O之前的新漏洞聲稱Android 12可能包括小部件和通知的更改
https://www.inin.news/?p=15627

Android Issues Patches for 4 New Zero-Day Bugs Exploited in the Wild
https://thehackernews.com/2021/05/android-issues-patches-for-4-new-zero.html

Android的5月安全更新已有4個漏洞遭到開採
https://www.ithome.com.tw/news/144536

MikroTik RouterOS 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-20214

Cisco Link Layer Discovery Protocol緩衝區溢出漏洞
https://vul.wangan.com/a/CNVD-2021-35515

Qnap Systems Malware Remover 操作系统命令注入漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36198

RHEL 7 / 8 : Ansible security update (2.9.20) (Moderate) (RHSA-2021:1343)
https://www.tenable.com/plugins/nessus/148945

ORACLE SOLARIS 10 BASH 未知漏洞
https://vuldb.com/zh/?id.92787

ORACLE WEBCENTER CONTENT 10.1.3.5.1/11.1.1.6.0/11.1.1.7.0 SITE STUDIO 未知漏洞
https://vuldb.com/zh/?id.9607

Oracle Secure Global Desktop輸入驗證錯誤漏洞
https://www.oracle.com/security-alerts/cpuapr2021.html

ORACLE HTTP SERVER 11.1.1.7.0/12.1.2.0 PLUGIN 1.1 未知漏洞
https://vuldb.com/zh/?id.67085

資安事件新聞週報 2021/5/10 ~ 2021/5/14

 

 

資安事件新聞週報 2021/5/10  ~  2021/5/14

1.重大弱點漏洞/後門/Exploit/Zero Day
所有Wi-Fi裝置皆存在FragAttacks漏洞,可被駭客用來竊取個人資訊和攻擊裝置
https://www.ithome.com.tw/news/144352

Nearly All Wi-Fi Devices Are Vulnerable to New FragAttacks
https://thehackernews.com/2021/05/nearly-all-wifi-devices-are-vulnerable.html

研究人員再掀蘋果AirTag與Find My安全漏洞
https://www.ithome.com.tw/news/144390

模仿 AirTag 傳輸模式!資安業者:蘋果「Find My」功能恐有安全漏洞
https://www.inside.com.tw/article/23500-find-my-network-arbitrary-data-messages

Juniper 產品存在安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/05/11/juniper-networks-releases-security-updates

CVE-2021-21551- Hundreds of Millions of Dell Computers at Risk Due to Multiple BIOS Driver Privilege Escalation Flaws
https://labs.sentinelone.com/cve-2021-21551-hundreds-of-millions-of-dell-computers-at-risk-due-to-multiple-bios-driver-privilege-escalation-flaws/

Windows版Cisco AnyConnect Secure Mobility Client
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-1496
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-1430
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-1429
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-1428
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-1427

Cisco Security Advisory - May 11 2021
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu

Cisco 近日發布更新以解決多個產品的安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/05/06/cisco-releases-security-updates-multiple-products

資安事件新聞週報 2021/5/3 ~ 2021/5/7

 

資安事件新聞週報 2021/5/3  ~  2021/5/7

1.重大弱點漏洞/後門/Exploit/Zero Day
Pulse Connect Secure 9.0R3 / 9.1R1
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-22893

Another Unexpected Privilege Escalation Vulnerability in Windows RPC Protocol
https://labs.sentinelone.com/relaying-potatoes-dce-rpc-ntlm-relay-eop/
https://github.com/antonioCoco/RemotePotato0

PULSE SECURE設備存在安全漏洞(CVE-2021-22893~22894與CVE-2021-22899~22900),允許攻擊者遠端執行任意程式碼,請儘速確認並進行更新
https://www.isda.org.tw/2021/05/05/9b3d7c9821f97596a142e527c0b6a914/

多個駭客組織鎖定美國國防產業與全球政府機關之Pulse Connect Secure VPN裝置漏洞
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9213

Hackers Exploit SonicWall Zero-Day Bug in FiveHands Ransomware Attacks
https://thehackernews.com/2021/04/hackers-exploit-sonicwall-zero-day-bug.html

VMware vRealize Business for Cloud 遠程代碼執行漏洞(CVE-2021-21984)
https://s.tencent.com/research/bsafe/1306.html

Critical Patch Out for Critical Pulse Secure VPN 0-Day Under Attack
https://thehackernews.com/2021/05/critical-patch-out-for-month-old-pulse.html

BIOS PrivEsc Bugs Affect Hundreds of Millions of Dell PCs Worldwide
https://thehackernews.com/2021/05/bios-privesc-bug-affects-hundreds-of.html

資安事件新聞週報 2021/4/26 ~ 2021/4/30

 

資安事件新聞週報 2021/4/26  ~  2021/4/30

1.重大弱點漏洞/後門/Exploit/Zero Day
中華資安國際發現CVE弱點,國內某電子簽核平台具有多項漏洞
https://nvd.nist.gov/vuln/detail/CVE-2021-28173

駭客利用Pulse Secure VPN裝置4項安全漏洞,對各國政府組織發動攻擊
https://us-cert.cisa.gov/ncas/alerts/aa21-110a

Google Chrome 90 新版修復多個資安漏洞
https://www.twcert.org.tw/tw/cp-104-4686-384be-1.html

Chrome Browser Update - April 26 2021
https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html

ISC BIND - Multiple Vulnerabilities Addressed
https://kb.isc.org/docs/cve-2021-25214
https://kb.isc.org/docs/cve-2021-25215
https://kb.isc.org/docs/cve-2021-25216

Nagios XI Vulnerability Used for Cryptomining
https://unit42.paloaltonetworks.com/nagios-xi-vulnerability-cryptomining/

F5 BIG-IP Found Vulnerable to Kerberos KDC Spoofing Vulnerability
https://thehackernews.com/2021/04/f5-big-ip-found-vulnerable-to-kerberos.html

Apple Security Updates April 26 2021 - Exploitation in the Wild Reported
https://www.jamf.com/blog/shlayer-malware-abusing-gatekeeper-bypass-on-macos/

蘋果釋出macOS Big Sur 11.3,修補已被開採的零時差漏洞
https://www.ithome.com.tw/news/144063

Hackers Exploit 0-Day Gatekeeper Flaw to Attack macOS Computers
https://thehackernews.com/2021/04/hackers-exploit-0-day-gatekeeper-flaw.html

2021年 5 月份資安、社群活動分享

 

 

 2021年 5 月份資安、社群活動分享

Coffee & Code 5/2
https://www.meetup.com/Innovate-Taiwan/events/277643752/

教育部先進資通安全實務人才培育計畫  110年度資安初學者挑戰活動 (MyFirstCTF)  4/26 ~ 5/3 報名
https://drive.google.com/file/d/1SkflOJ1nitQ2m8swotqZ2HNFDP2DWU_r/view

從Python到TensorFlow線上讀書會-二部曲(10) -邏輯回歸 5/4
https://www.meetup.com/TensorFlow-User-Group-Taipei/events/274981279/

ITHOME 台灣資安大會2021 5/4 ~ 5/6
https://cyber.ithome.com.tw/

Taipei Creative Coders Meetup #8 5/5
https://www.meetup.com/tpecreativecoders/events/277806092/

UX Study Group- 設計的心理學 5/5
https://www.meetup.com/GDGTaipei/events/277723592/

2021國際商會數位經濟委員會春季議題分享會 5/7
http://registration.cieca.org.tw/visit/?d=116

In here it's WordPress Friday - 桃園晚餐小聚 #19 5/7
https://www.meetup.com/Taoyuan-WordPress-Meetup/events/277824803/

塔羅牌與 UX 的火花 5/8
https://www.meetup.com/GDGTaipei/events/277707447/

從Python到TensorFlow線上讀書會-二部曲(11) -決策樹 5/11
https://www.meetup.com/TensorFlow-User-Group-Taipei/events/274981288/

【Flutter Night】5/12
https://www.meetup.com/Flutter-Taipei/events/277647481/

SDN x Cloud Native Meetup #38 5/13
https://www.meetup.com/CloudNative-Taiwan/events/277643179/

OWASP Taiwan Meetup (May) 5/18
https://www.meetup.com/Taipei-OWASP-Meetup-Group/events/277773931/

資安事件新聞週報 2021/4/19 ~ 2021/4/23

 

資安事件新聞週報 2021/4/19  ~  2021/4/23

1.重大弱點漏洞/後門/Exploit/Zero Day
Juniper 多個產品存在安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/04/15/juniper-networks-releases-security-updates

Juniper 近日發布更新以解決 Junos OS 多項版本中的安全性弱點
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11147&cat=SIRT_1&actp=LIST

Cisco Security Advisories April 21 2021
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-info-disclos-gGvm9Mfu
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-cql-inject-c7z9QqyB
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-xml-ext-entity-q6Z7uVUg
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-cmdinj-nRHKgfHX
https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&firstPublishedStartDate=2021%2F04%2F21&firstPublishedEndDate=2021%2F04%2F21

趨勢科技軟體舊漏洞遭駭客攻擊
https://www.ithome.com.tw/news/144011

趨勢科技Apex One
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-25250
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-25253
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-28645

資安事件新聞週報 2021/4/12 ~ 2021/4/16


 資安事件新聞週報 2021/4/12  ~  2021/4/16

1.重大弱點漏洞/後門/Exploit/Zero Day
Cisco Will Not Patch Critical RCE Flaw Affecting End-of-Life Business Routers
https://thehackernews.com/2021/04/cisco-will-not-patch-critical-rce-flaw.html

Cisco 發布多種產品的安全更新
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-YuTVWqy

美國國家安全局發表 4 個最新 Microsoft Exchange Server 嚴重漏洞,應立即修補
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9167

快升級 Windows 10!微軟宣布 1909 等 3 個版本將於2021年5月終止支援
https://reurl.cc/V3ZgyA

Severe Bugs Reported in EtherNet/IP Stack for Industrial Systems
https://thehackernews.com/2021/04/severe-bugs-reported-in-ethernetip.html

New JavaScript Exploit Can Now Carry Out DDR4 Rowhammer Attacks
https://thehackernews.com/2021/04/new-javascript-exploit-can-now-carry.html

Chromium第二項漏洞又有概念驗證攻擊程式公布
https://www.ithome.com.tw/news/143851

Update Your Chrome Browser to Patch 2 New In-the-Wild 0-Day Exploits
https://thehackernews.com/2021/04/2-new-chrome-0-days-under-attack-update.html

Chrome 90問世:以HTTPS作為預設,嵌入隱私沙箱控制
https://www.ithome.com.tw/news/143874

RCE Exploit Released for Unpatched Chrome, Opera, and Brave Browsers
https://thehackernews.com/2021/04/rce-exploit-released-for-unpatched.html

資安事件新聞週報 2021/4/5 ~ 2021/4/9

 

資安事件新聞週報 2021/4/5  ~  2021/4/9

1.重大弱點漏洞/後門/Exploit/Zero Day
美國政府警告Fortinet軟體漏洞恐遭國家駭客開採
https://www.ithome.com.tw/news/143629

Critical Auth Bypass Bug Found in VMware Data Center Security Product
https://thehackernews.com/2021/04/critical-auth-bypass-bug-found-in.html

還不快更新FortiOS?極惡勒索軟體Cring開始攻擊歐洲公司
https://reurl.cc/9Zqpv8

FBI及CISA發現有國家支持的駭客組織,正在針對尚未修補Fortinet軟體已知漏洞的使用單位發動滲透攻擊
https://reurl.cc/V3g13Y

思科修補SD-WAN vManage的遠端程式攻擊漏洞
https://www.ithome.com.tw/news/143708

Oracle PeopleSoft Enterprise PeopleTools存在未明漏洞
https://vul.wangan.com/a/CNVD-2018-08455

VMware 發布多種產品的安全更新
https://www.vmware.com/security/advisories/VMSA-2021-0004.html

VMware Security Advisory VMSA-2021-0005
https://www.vmware.com/security/advisories/VMSA-2021-0005.html

Cisco Security Advisories April 7 2021
https://reurl.cc/Kx5QpM

資安事件新聞週報 2021/3/29 ~ 2021/4/2

 

 

資安事件新聞週報 2021/3/29  ~  2021/4/2

1.重大弱點漏洞/後門/Exploit/Zero Day
VMware Security Advisory VMSA-2021-0004
https://www.vmware.com/security/advisories/VMSA-2021-0004.html

VMware IT環境管理系統出現8.6分的重大漏洞,該公司發布公告
https://www.ithome.com.tw/news/143566

在所有受支持的Ubuntu版本中修補了一個Sudo漏洞
https://reurl.cc/R6Qa0Z

GitLab發現高達9.6分的嚴重漏洞,並發布公告
https://www.ithome.com.tw/news/143613

ClamAV 0.102.3隨附針對兩個安全漏洞的解決方案
https://ubunlog.com/zh-TW/clamav-0-102-3-llega-con-solucion-a-dos-fallos-de-seguridad/

Apple Issues Urgent Patch Update for Another Zero‑Day Under Attack
https://thehackernews.com/2021/03/apple-issues-urgent-patch-update-for.html

MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-27928

Chrome Browser Updates - March 30 2021
https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html

2021年 4 月份資安、社群活動分享

 

2021年 4 月份資安、社群活動分享

HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會 淡水 4/1
https://www.meetup.com/hackingthursday/events/ncgzdsyccgbcb/

HackingThursday 固定聚會 台北場 Taipei 4/1
https://www.meetup.com/hackingthursday/events/pbgzdsyccgbcb/

Dilution—How to Tame a Founder’s Biggest Fear Using Pro Forma Cap Tables 4/1
https://www.meetup.com/Taiwan-Startup-Idea-to-IPO/events/276937674/

FREE! Pitch Practice: How to Pitch to Investors and Get the Deal 4/1
https://www.meetup.com/Taiwan-Startup-Idea-to-IPO/events/nnjhzryccgbcb/

FREE! How to Avoid an Intellectual Property Disaster 4/2
https://www.meetup.com/Taiwan-Startup-Idea-to-IPO/events/277142915/

Coffee & Code 4/4
https://www.meetup.com/Innovate-Taiwan/events/277064650

吱吱盃黑客松 2021/04/02 18:30 ~ 2021/04/04 18:30
https://nsysuisc.kktix.cc/events/hackathon2020

高雄 Rails Meetup 4/7
https://www.meetup.com/rails-taiwan/events/qxfvjkyccgbkb/

敏捷團隊的「祿」「權」「科」「忌」 4/7
https://www.meetup.com/scrumoholics/events/277126875/

資安事件新聞週報 2021/3/22 ~ 2021/3/26

 

資安事件新聞週報 2021/3/22  ~  2021/3/26

1.重大弱點漏洞/後門/Exploit/Zero Day
WARNING: A New Android Zero-Day Vulnerability Is Under Active Attack
https://thehackernews.com/2021/03/warning-new-android-zero-day.html

修補「Exchange」重大漏洞!Windows 10 將強制安全更新
https://3c.ltn.com.tw/news/43687

微軟發布修補程式以來,「每天」仍有數不清的 Exchange Server 漏洞攻擊
https://technews.tw/2021/03/24/microsoft-exchange-server-attacks/

思科修補Jabber Windows用戶端軟體App重大漏洞
https://www.ithome.com.tw/news/143502

Cisco 發布 RV132W 和 RV134W 軟體安全更新
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-132w134w-overflow-Pptt4H2p

Cisco Security Advisories March 24 2021
https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&firstPublishedStartDate=2021%2F03%2F24&firstPublishedEndDate=2021%2F03%2F24&limit=50

PsExec Privilege Escalation in Windows Fixed
https://www.bleepingcomputer.com/news/security/microsoft-fixes-windows-psexec-privilege-elevation-vulnerability/
https://techcommunity.microsoft.com/t5/sysinternals-blog/tcpview-v4-0-psexec-v2-33-winobj-v3-02-and-sysmon-v13-02/ba-p/2230549

Critical F5 BIG-IP Bug Under Active Attacks After PoC Exploit Posted Online
https://thehackernews.com/2021/03/latest-f5-big-ip-bug-under-active.html

資安事件新聞週報 2021/3/15 ~ 2021/3/19

 

資安事件新聞週報 2021/3/15  ~  2021/3/19

1.重大弱點漏洞/後門/Exploit/Zero Day
grafana 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28146

微軟Exchange漏洞受矚 戴夫寇爾駁不實指控
https://money.udn.com/money/story/10860/5329940

Exchange Server零時差漏洞攻擊 Palo Alto Networks提出4招防範
https://finance.ettoday.net/news/1942640

FUEL CMS跨站請求偽造漏洞
https://vul.wangan.com/a/CNVD-2021-18031

發現11處安全漏洞!谷歌:駭客可攻擊多種操作系統
https://reurl.cc/Kx2LER

Apple Xcode < 7.2 多個漏洞(Mac OS X)
https://zh-cn.tenable.com/plugins/nessus/87737

phpMyAdmin 3.3.x / 3.4.x < 3.3.10.2 / 3.4.3.1 多種漏洞(PMASA-2011-5 - PMASA-2011-8)
https://zh-cn.tenable.com/plugins/nessus/57346

Apache Solr任意文件讀取與SSRF漏洞預警
https://www.secrss.com/articles/29973

Google Chrome與Microsoft Edge瀏覽器存在安全漏洞,速更新
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9119

GitLab開源代碼管理倉庫發現遠程代碼執行漏洞
https://news.sina.com.tw/article/20210319/37944572.html

黑客利用7個零日漏洞來感染網站並滲透iOS設備
https://www.cnbeta.com/articles/tech/1103813.htm

資安事件新聞週報 2021/3/8 ~ 2021/3/12

 

資安事件新聞週報 2021/3/8  ~  2021/3/12

1.重大弱點漏洞/後門/Exploit/Zero Day
來自台灣的 DEVCORE 領先全球揭露 並通報微軟的 Exchange Server 安全漏洞
https://reurl.cc/bzWO7E

FireEye揭露Accellion事故調查結果,攻擊者極為熟悉目標軟體的運作機制,並串連漏洞進行RCE攻擊
https://www.ithome.com.tw/news/143178

CISA也發出警告!F5公布多個RCE漏洞,並呼籲用戶盡快升級
https://www.ithome.com.tw/news/143171

F5 BIG-IP和BIG-IQ設備的RCE弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/03/10/f5-security-advisory-rce-vulnerabilities-big-ip-big-iq

Critical Pre-Auth RCE Flaw Found in F5 Big-IP Platform — Patch ASAP
https://thehackernews.com/2021/03/critical-pre-auth-rce-flaw-found-in-f5.html

QNAP NAS 已知漏洞遭駭侵者用以惡意挖礦
https://twcert.pixnet.net/blog/post/330990583

中華資安國際發現CVE弱點,國內某入口網資訊系統具有多項漏洞
https://www.chtsecurity.com/news/973edda3-35e8-4369-89de-912f9017a5ff

蘋果各平台安全更新 防惡意程式碼
https://reurl.cc/bzWODr

Apache Tomcat
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-25329

Cisco 近日發布更新以解決多個Cisco產品受Snort影響所造成安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/03/04/cisco-releases-security-updates

VMware 發布安全更新以解決 VMware View Planner弱點問題
https://us-cert.cisa.gov/ncas/current-activity/2021/03/04/vmware-releases-security-update

ProxyLogon PoC Exploit Released; Likely to Fuel More Disruptive Cyber Attacks
https://thehackernews.com/2021/03/proxylogon-exchange-poc-exploit.html

資安事件新聞週報 2021/3/1 ~ 2021/3/5

 

 

資安事件新聞週報 2021/3/1  ~  2021/3/5

1.重大弱點漏洞/後門/Exploit/Zero Day
Google Workspace 3月15日起不支援IE11
https://www.ithome.com.tw/news/142963

Google釋出Chrome更新修補已遭開採的漏洞
https://www.ithome.com.tw/news/143023

Oracle WebLogic Server 多個漏洞(2020 年1 月CPU)
https://zh-cn.tenable.com/plugins/nessus/132961

Grub2再現嚴重漏洞,釋出117個修補程式
https://www.ithome.com.tw/news/143054

CISA Issues Emergency Directive on In-the-Wild Microsoft Exchange Flaws
https://thehackernews.com/2021/03/cisa-issues-emergency-directive-on-in.html

Exchange Server零時差漏洞災情,可能比微軟想像中嚴重
https://www.ithome.com.tw/news/143056

微軟IIS 6.0舊漏洞再被用來挖礦
http://www.cmen.cc/news/202103/12896.html

Windows 10 字型曝安全漏洞遭 Google 揭露!微軟釋出安全修補
https://3c.ltn.com.tw/news/43394

Google揭露Windows 10字型元件RCE漏洞
https://www.ithome.com.tw/news/142986

Microsoft 發布安全更新以解決Exchange Server 多個安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/03/02/microsoft-releases-out-band-security-updates-exchange-server

FortiLogger 4.4.2.2 - Unauthenticated Arbitrary File Upload (Metasploit)
https://www.exploit-db.com/exploits/49600

2021年 3 月份資安、社群活動分享

 

2021年 3 月份資安、社群活動分享

資安鑑識課程-系列Ⅰ 初級課程:駭客攻擊手法與鑑識分析 即日起至110年3月1日(星期一)止。
http://www.hfjh.tp.edu.tw/node/4830

TensorFlow Everywhere | Neural Structured Learning 3/2
https://www.meetup.com/TensorFlow-User-Group-Taipei/events/276064455

A Chat with Ether Cards 3/2
https://www.meetup.com/Taipei-Ethereum-Meetup/events/276560512

Swift Meetup 60 3/2
https://www.meetup.com/Swift-Taipei-User-Group/events/276584454

NExT Forum 電動車資安論壇 3/3
https://www.accupass.com/event/2102050532001949800776

【 Dcard X SITCON 線上分享 】等等!還沒畢業怎麼成為工程師 3/3
https://www.facebook.com/events/335405267793900/

資安事件新聞週報 2021/2/22 ~ 2021/2/26

 

資安事件新聞週報 2021/2/22  ~  2021/2/26

1.重大弱點漏洞/後門/Exploit/Zero Day
部份Fortinet產品加密金鑰漏洞可讓駭客竊聽用戶活動
http://www.cmen.cc/mrzx/202102/7805.html

Google Chrome與Microsoft Edge瀏覽器存在安全漏洞(CVE-2021-21148),允許攻擊者遠端執行任意程式碼
https://tp2rc.tanet.edu.tw/node/416

Critical RCE Flaws Affect VMware ESXi and vSphere Client — Patch Now
https://thehackernews.com/2021/02/critical-rce-flaw-affects-vmware.html

VMware 發布安全更新以解決多項產品弱點問題
https://www.twcert.org.tw/tw/cp-104-4447-d041b-1.html

VMware 修復 vCenter 嚴重漏洞,可導致駭客遠端執行任意程式碼
https://www.twcert.org.tw/tw/cp-104-4447-d041b-1.html

QNAP 發布 Surveillance Station 及 Helpdesk 資安漏洞修補更新
https://www.twcert.org.tw/tw/cp-104-4449-d522e-1.html

Hackers Exploit Accellion Zero-Days in Recent Data Theft and Extortion Attacks
https://thehackernews.com/2021/02/hackers-exploit-accellion-zero-days-in.html

Cisco Releases Security Patches for Critical Flaws Affecting its Products
https://thehackernews.com/2021/02/cisco-releases-security-patches-for.html

Cisco 近日發布更新以解決Cisco AnyConnect Secure Mobility Client的安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/02/18/cisco-releases-security-updates-anyconnect-secure-mobility-client

Cisco 之 VPN 路由器存在安全漏洞,請儘速確認並進行更新
https://net.nthu.edu.tw/netsys/mailing:announcement:20210217_02

思科小型企業交換機發現信息泄露漏洞,需要儘快升級
https://www.mihunye.com/science/40386.html

思科互聯網產品和網路解決方案發現特權升級漏洞
https://news.sina.com.tw/article/20210222/37686892.html

IBM WebSphere Application Server 目錄遍歷漏洞(CVE-2021-20354)
https://nosec.org/home/detail/4683.html

資安事件新聞週報 2021/2/15 ~ 2021/2/19

 

 

資安事件新聞週報 2021/2/15  ~  2021/2/19

1.重大弱點漏洞/後門/Exploit/Zero Day
Google釋出開源軟體漏洞資料庫
https://www.ithome.com.tw/news/142728

VMware Security Advisory - February 11th, 2021
https://www.vmware.com/security/advisories/VMSA-2021-0001.html

SAP Security Patch Day - February 2021
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=568460543

GitLab發布重要安全更新修補XSS與AWS帳號接管漏洞
http://www.cmen.cc/rgzn/202102/7214.html

D-Link DNS-320 FW v2.06B01
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2020-25506

D-Link DSR-250(3.14)DSR-1000N(2.11B201)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2020-18568

FortiLogger 4.4.2.2
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-3378

solarwinds
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2020-35481

trendmicro Apex One
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-25249

Cisco Security Advisories - February 2021
https://reurl.cc/bzGKyv

資安事件新聞週報 2021/2/8 ~ 2021/2/12

 

 

資安事件新聞週報 2021/2/8  ~  2021/2/12

1.重大弱點漏洞/後門/Exploit/Zero Day
IBM PowerHA 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4832

IBM QRadar SIEM遠程代碼執行漏洞(CVE-2020-4888) 預警
https://www.secrss.com/articles/29101

IBM QRadar遠程代碼執行漏洞通告,SOC類產品存在暴露到互聯網被攻擊的風險
https://s.tencent.com/research/bsafe/1245.html

NCR Command Center Agent 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3122

兆勤科技發布硬式編碼認證漏洞資安公告(CVE-2020-29583)
http://www.tc.edu.tw/news/show/id/160271

Cisco 近日發布更新以解決多個產品的安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/02/04/cisco-releases-security-updates

快修補,思科小企業用VPN路由器產品爆6項重大漏洞
https://www.ithome.com.tw/news/142701

Critical Flaws Reported in Cisco VPN Routers for Businesses—Patch ASAP
https://thehackernews.com/2021/02/critical-flaws-reported-in-cisco-vpn.html

微軟2月Patch Tuesday修補56個安全漏洞,內含一個已被開採的零時差漏洞
https://www.ithome.com.tw/news/142716

微軟呼籲用戶修補3個Windows TCP/IP實作漏洞,影響所有版本
https://www.ithome.com.tw/news/142717

Windows 10 21H1更新時間曝光,KTM 漏洞亦一併解決
https://reurl.cc/qmN3Nn

資安事件新聞週報 2021/2/1 ~ 2021/2/5

 

資安事件新聞週報 2021/2/1  ~  2021/2/5

1.重大弱點漏洞/後門/Exploit/Zero Day
微軟 Windows 10 今年首個更新版本要來了?外媒曝正式版釋出時間點曝光
https://3c.ltn.com.tw/news/43139

Google:去年1/4零時差漏洞來自修補不確實
https://www.ithome.com.tw/news/142649

Sudo漏洞也影響macOS、AIX、Solaris
https://www.ithome.com.tw/news/142619

sudoedit 堆溢出本地提權漏洞(CVE-2021-3156)
https://www.mdeditor.tw/pl/gO0b

Realtek RTL8195AM 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25856

Critical Bugs Found in Popular Realtek Wi-Fi Module for Embedded Devices
https://thehackernews.com/2021/02/critical-bugs-found-in-popular-realtek.html

SonicWall緊急修補已發生攻擊的SMA 100系列設備漏洞
https://www.ithome.com.tw/news/142630

2021年 2 月份資安、社群活動分享


 2021年 2 月份資安、社群活動分享

MLDM Monday @ 三創育成 | Hybrid Classical-Quantum Machine Learning 2/1
https://www.meetup.com/Taiwan-R/events/274786447

元智資工冬令營-由programming邁入AI大數據與資安世界 2021/2/1 ~ 2021/2/3
https://cse-yzu.kktix.cc/events/yzcsapcs4

Taipei Rails Meetup 2/2
https://www.meetup.com/rails-taiwan/events/276003258

以 VMware Tanzu Service Mesh 強化多叢集 Kubernetes 的微服務 2/3
https://event.ithome.com.tw/live/vm2020tanzu/index.html

Taipei Creative Coders Meetup #5 2/3
https://www.meetup.com/tpecreativecoders/events/275943261

Android Code Club(Taipei) 2/3
https://www.meetup.com/Taiwan-Android-Developer-Study-Group/events/276024894

資安事件新聞週報 2021/1/25 ~ 2021/1/29

 

 

資安事件新聞週報 2021/1/25  ~  2021/1/29

1.重大弱點漏洞/後門/Exploit/Zero Day
Linux Sudo 指令遭發現遠端執行任意程式碼嚴重漏洞
https://www.twcert.org.tw/tw/cp-104-4352-31f09-1.html

修复sudo 堆溢出漏洞(CVE-2021-3156)预警
https://blog.csdn.net/weixin_37926485/article/details/113354836

隱藏了十年的Sudo 漏洞曝出:無需密碼就能獲取root 權限
https://www.163.com/dy/article/G1HDMK8S0511FQO9.html

QNAP NAS 爆出嚴重安全漏洞 判斷為嚴重漏洞 黑客能偷取敏感數據
https://reurl.cc/WEkVkD

Cisco 近日發布更新以解決多個產品的安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/01/21/cisco-releases-advisories-multiple-products

駭客用SonicWall產品零時差漏洞駭入該公司網路
https://www.ithome.com.tw/news/142429

SonicWall SMA 100 Series 產品多個漏洞
https://www1.crisp.govcert.gov.hk/portal/govcert/tc/alerts_detail.xhtml?id=545

Ubuntu Linux內核發現敏感信息洩露漏洞,需要盡快升級
https://finance.sina.com.cn/tech/2021-01-29/doc-ikftpnny2700709.shtml

微軟修補 Microsoft Defender 防毒防駭軟體內的 zero day 漏洞
https://blog.twnic.tw/2021/01/29/16934/

資安事件新聞週報 2021/1/18 ~ 2021/1/22

 

 

資安事件新聞週報 2021/1/18  ~  2021/1/22

1.重大弱點漏洞/後門/Exploit/Zero Day
思科修補SD-WAN裝置、管理軟體等重大漏洞
https://www.ithome.com.tw/news/142403

Cisco 近日發布更新以解決多個產品的安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/01/14/cisco-releases-security-updates-multiple-products

Juniper 多個產品存在安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/01/14/juniper-networks-releases-security-updates-multiple-products

DNS軟體Dnsmasq含快取下毒(Cache Poisoning)漏洞,將影響數百萬台設備
https://reurl.cc/WE3yMx

資安業者披露:開源DNS軟體Dnsmasq含有7個安全漏洞
https://www.ithome.com.tw/news/142351

【漏洞預警】Dnsmasq 多個高危漏洞(CVE-2020-25681、CVE-2020-25682)
https://xz.aliyun.com/t/9107

Dnsmasq: 多個高危漏洞風險通告
https://cert.360.cn/warning/detail?id=dcef4be9a3611d218cb4a80d0f448b5b

A Set of Severe Flaws Affect Popular DNSMasq DNS Forwarder
https://thehackernews.com/2021/01/a-set-of-severe-flaws-affect-popular.html

甲骨文產品多個漏洞
https://www.hkcert.org/tc/security-bulletin/oracle-products-multiple-vulnerabilities-20210121

Chrome 88出爐:終止對FTP與Flash Player的支援,分頁搜尋現蹤
https://www.ithome.com.tw/news/142372

資安事件新聞週報 2021/1/11 ~ 2021/1/15

 

 

資安事件新聞週報 2021/1/11  ~  2021/1/15

1.重大弱點漏洞/後門/Exploit/Zero Day
Zyxel近日發布更新以解決多個產品存在遠端程式碼執行弱點
https://reurl.cc/4ymjYV

Fortinet 近日發布更新以解決 FortiWeb 的安全性弱點
https://securityaffairs.co/wordpress/113129/hacking/fortinet-fortiweb-waf-flaws.html

小米路由器Ax6 授權問題漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14097

Juniper Networks Junos OS 授權問題漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0204

思科AnyConnect安全客戶端發現DDL注入裂縫,需要盡快升級
https://finance.sina.com.cn/tech/2021-01-15/doc-ikftpnnx7500878.shtml

Google揭露串連Chrome/Windows零時差漏洞、Android已知漏洞的攻擊行動
https://www.ithome.com.tw/news/142225

谷歌Chrome瀏覽器87版本發現多個重要漏洞,需要盡快升級
https://finance.sina.cn/tech/2021-01-08/detail-iiznezxt1204587.d.html?fromtech=1

谷歌瀏覽器又曝漏洞,黑客可劫持目標計算機
https://www.796t.com/article.php?id=227271

資安事件新聞週報 2021/1/4 ~ 2021/1/8

 

資安事件新聞週報 2021/1/4  ~  2021/1/8

1.重大弱點漏洞/後門/Exploit/Zero Day
FortiWeb 多個高危漏洞
https://nosec.org/home/detail/4637.html

Zend Framework 3.0含有遠程程序執行漏洞
http://read01.com/QAkdGP2.html

IsThereAnyDeal修復Steam登入相關漏洞
https://pttgamer.com/Steam/1VzwM3_l

Windows Background Intelligent Transfer 服務權限提升漏洞
https://msrc.microsoft.com/update-guide/zh-CN/vulnerability/CVE-2020-0787

Windows Office 訪問連接引擎遠程執行代碼漏洞
https://msrc.microsoft.com/update-guide/zh-cn/vulnerability/CVE-2019-0824

谷歌Chrome瀏覽器87版本發現多個重要漏洞,需要儘快升級
https://news.sina.com.tw/article/20210108/37340556.html

jackson-databind 反序列化遠程代碼執行漏洞預警(CVE-2020-36189、CVE-2020-36179)
https://www.huaweicloud.com/notice/2018/20210107172029072.html

資安事件新聞週報 2020/12/28 ~ 2021/1/1

 

資安事件新聞週報 2020/12/28  ~  2021/1/1

1.重大弱點漏洞/後門/Exploit/Zero Day
Citrix ADC網路閘道遭遇DDoS攻擊
https://www.ithome.com.tw/news/141873

Attackers Abusing Citrix NetScaler Devices to Launch Amplified DDoS Attacks
https://thehackernews.com/2020/12/citrix-adc-ddos-attack.html

HPE iLO Amplifier Pack server  CVE-2020-7203
https://nvd.nist.gov/vuln/detail/CVE-2020-7203

D-Link DSL-2888A devices  CVE-2020-24581
https://nvd.nist.gov/vuln/detail/CVE-2020-24581

Tenda AC1200 安全漏洞 CVE-2020-28094
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28094

Netgear NMS300 命令注入漏洞 CVE-2020-35789
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35789

Panasonic Security System 安全漏洞 CVE-2020-29193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29193

Webmin CVE-2020-35606
https://nvd.nist.gov/vuln/detail/CVE-2020-35606

IBM業務自動化解決方案發現信息洩露漏洞,需要盡快升級
https://finance.sina.com.cn/tech/2020-12-30/doc-iiznezxs9755473.shtml

資安事件新聞週報 2021/7/19 ~ 2021/7/23

  資安事件新聞週報 2021/7/19  ~  2021/7/23 1.重大弱點漏洞/後門/Exploit/Zero Day Juniper 近日發布更新以解決多個產品的安全性弱點 https://us-cert.cisa.gov/ncas/current-activity/2...