2021年 3 月份資安、社群活動分享

 

2021年 3 月份資安、社群活動分享

資安鑑識課程-系列Ⅰ 初級課程:駭客攻擊手法與鑑識分析 即日起至110年3月1日(星期一)止。
http://www.hfjh.tp.edu.tw/node/4830

TensorFlow Everywhere | Neural Structured Learning 3/2
https://www.meetup.com/TensorFlow-User-Group-Taipei/events/276064455

A Chat with Ether Cards 3/2
https://www.meetup.com/Taipei-Ethereum-Meetup/events/276560512

Swift Meetup 60 3/2
https://www.meetup.com/Swift-Taipei-User-Group/events/276584454

NExT Forum 電動車資安論壇 3/3
https://www.accupass.com/event/2102050532001949800776

【 Dcard X SITCON 線上分享 】等等!還沒畢業怎麼成為工程師 3/3
https://www.facebook.com/events/335405267793900/

資安事件新聞週報 2021/2/22 ~ 2021/2/26

 

資安事件新聞週報 2021/2/22  ~  2021/2/26

1.重大弱點漏洞/後門/Exploit/Zero Day
部份Fortinet產品加密金鑰漏洞可讓駭客竊聽用戶活動
http://www.cmen.cc/mrzx/202102/7805.html

Google Chrome與Microsoft Edge瀏覽器存在安全漏洞(CVE-2021-21148),允許攻擊者遠端執行任意程式碼
https://tp2rc.tanet.edu.tw/node/416

Critical RCE Flaws Affect VMware ESXi and vSphere Client — Patch Now
https://thehackernews.com/2021/02/critical-rce-flaw-affects-vmware.html

VMware 發布安全更新以解決多項產品弱點問題
https://www.twcert.org.tw/tw/cp-104-4447-d041b-1.html

VMware 修復 vCenter 嚴重漏洞,可導致駭客遠端執行任意程式碼
https://www.twcert.org.tw/tw/cp-104-4447-d041b-1.html

QNAP 發布 Surveillance Station 及 Helpdesk 資安漏洞修補更新
https://www.twcert.org.tw/tw/cp-104-4449-d522e-1.html

Hackers Exploit Accellion Zero-Days in Recent Data Theft and Extortion Attacks
https://thehackernews.com/2021/02/hackers-exploit-accellion-zero-days-in.html

Cisco Releases Security Patches for Critical Flaws Affecting its Products
https://thehackernews.com/2021/02/cisco-releases-security-patches-for.html

Cisco 近日發布更新以解決Cisco AnyConnect Secure Mobility Client的安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/02/18/cisco-releases-security-updates-anyconnect-secure-mobility-client

Cisco 之 VPN 路由器存在安全漏洞,請儘速確認並進行更新
https://net.nthu.edu.tw/netsys/mailing:announcement:20210217_02

思科小型企業交換機發現信息泄露漏洞,需要儘快升級
https://www.mihunye.com/science/40386.html

思科互聯網產品和網路解決方案發現特權升級漏洞
https://news.sina.com.tw/article/20210222/37686892.html

IBM WebSphere Application Server 目錄遍歷漏洞(CVE-2021-20354)
https://nosec.org/home/detail/4683.html

資安事件新聞週報 2021/2/15 ~ 2021/2/19

 

 

資安事件新聞週報 2021/2/15  ~  2021/2/19

1.重大弱點漏洞/後門/Exploit/Zero Day
Google釋出開源軟體漏洞資料庫
https://www.ithome.com.tw/news/142728

VMware Security Advisory - February 11th, 2021
https://www.vmware.com/security/advisories/VMSA-2021-0001.html

SAP Security Patch Day - February 2021
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=568460543

GitLab發布重要安全更新修補XSS與AWS帳號接管漏洞
http://www.cmen.cc/rgzn/202102/7214.html

D-Link DNS-320 FW v2.06B01
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2020-25506

D-Link DSR-250(3.14)DSR-1000N(2.11B201)
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2020-18568

FortiLogger 4.4.2.2
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-3378

solarwinds
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2020-35481

trendmicro Apex One
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-25249

Cisco Security Advisories - February 2021
https://reurl.cc/bzGKyv

資安事件新聞週報 2021/2/8 ~ 2021/2/12

 

 

資安事件新聞週報 2021/2/8  ~  2021/2/12

1.重大弱點漏洞/後門/Exploit/Zero Day
IBM PowerHA 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4832

IBM QRadar SIEM遠程代碼執行漏洞(CVE-2020-4888) 預警
https://www.secrss.com/articles/29101

IBM QRadar遠程代碼執行漏洞通告,SOC類產品存在暴露到互聯網被攻擊的風險
https://s.tencent.com/research/bsafe/1245.html

NCR Command Center Agent 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3122

兆勤科技發布硬式編碼認證漏洞資安公告(CVE-2020-29583)
http://www.tc.edu.tw/news/show/id/160271

Cisco 近日發布更新以解決多個產品的安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/02/04/cisco-releases-security-updates

快修補,思科小企業用VPN路由器產品爆6項重大漏洞
https://www.ithome.com.tw/news/142701

Critical Flaws Reported in Cisco VPN Routers for Businesses—Patch ASAP
https://thehackernews.com/2021/02/critical-flaws-reported-in-cisco-vpn.html

微軟2月Patch Tuesday修補56個安全漏洞,內含一個已被開採的零時差漏洞
https://www.ithome.com.tw/news/142716

微軟呼籲用戶修補3個Windows TCP/IP實作漏洞,影響所有版本
https://www.ithome.com.tw/news/142717

Windows 10 21H1更新時間曝光,KTM 漏洞亦一併解決
https://reurl.cc/qmN3Nn

資安事件新聞週報 2021/2/1 ~ 2021/2/5

 

資安事件新聞週報 2021/2/1  ~  2021/2/5

1.重大弱點漏洞/後門/Exploit/Zero Day
微軟 Windows 10 今年首個更新版本要來了?外媒曝正式版釋出時間點曝光
https://3c.ltn.com.tw/news/43139

Google:去年1/4零時差漏洞來自修補不確實
https://www.ithome.com.tw/news/142649

Sudo漏洞也影響macOS、AIX、Solaris
https://www.ithome.com.tw/news/142619

sudoedit 堆溢出本地提權漏洞(CVE-2021-3156)
https://www.mdeditor.tw/pl/gO0b

Realtek RTL8195AM 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25856

Critical Bugs Found in Popular Realtek Wi-Fi Module for Embedded Devices
https://thehackernews.com/2021/02/critical-bugs-found-in-popular-realtek.html

SonicWall緊急修補已發生攻擊的SMA 100系列設備漏洞
https://www.ithome.com.tw/news/142630

資安事件新聞週報 2021/10/18 ~ 2021/10/22

  資安事件新聞週報 2021/10/18  ~  2021/10/22 1.重大弱點漏洞/後門/Exploit/Zero Day Bug in Popular WinRAR Software Could Let Attackers Hack Your Computer http...