2021年 4 月份資安、社群活動分享

 

2021年 4 月份資安、社群活動分享

HackingThursday 黑客星期四 - Week meetup Tamsui 固定聚會 淡水 4/1
https://www.meetup.com/hackingthursday/events/ncgzdsyccgbcb/

HackingThursday 固定聚會 台北場 Taipei 4/1
https://www.meetup.com/hackingthursday/events/pbgzdsyccgbcb/

Dilution—How to Tame a Founder’s Biggest Fear Using Pro Forma Cap Tables 4/1
https://www.meetup.com/Taiwan-Startup-Idea-to-IPO/events/276937674/

FREE! Pitch Practice: How to Pitch to Investors and Get the Deal 4/1
https://www.meetup.com/Taiwan-Startup-Idea-to-IPO/events/nnjhzryccgbcb/

FREE! How to Avoid an Intellectual Property Disaster 4/2
https://www.meetup.com/Taiwan-Startup-Idea-to-IPO/events/277142915/

Coffee & Code 4/4
https://www.meetup.com/Innovate-Taiwan/events/277064650

吱吱盃黑客松 2021/04/02 18:30 ~ 2021/04/04 18:30
https://nsysuisc.kktix.cc/events/hackathon2020

高雄 Rails Meetup 4/7
https://www.meetup.com/rails-taiwan/events/qxfvjkyccgbkb/

敏捷團隊的「祿」「權」「科」「忌」 4/7
https://www.meetup.com/scrumoholics/events/277126875/

資安事件新聞週報 2021/3/22 ~ 2021/3/26

 

資安事件新聞週報 2021/3/22  ~  2021/3/26

1.重大弱點漏洞/後門/Exploit/Zero Day
WARNING: A New Android Zero-Day Vulnerability Is Under Active Attack
https://thehackernews.com/2021/03/warning-new-android-zero-day.html

修補「Exchange」重大漏洞！Windows 10 將強制安全更新
https://3c.ltn.com.tw/news/43687

微軟發布修補程式以來，「每天」仍有數不清的 Exchange Server 漏洞攻擊
https://technews.tw/2021/03/24/microsoft-exchange-server-attacks/

思科修補Jabber Windows用戶端軟體App重大漏洞
https://www.ithome.com.tw/news/143502

Cisco 發布 RV132W 和 RV134W 軟體安全更新
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-132w134w-overflow-Pptt4H2p

Cisco Security Advisories March 24 2021
https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&firstPublishedStartDate=2021%2F03%2F24&firstPublishedEndDate=2021%2F03%2F24&limit=50

PsExec Privilege Escalation in Windows Fixed
https://www.bleepingcomputer.com/news/security/microsoft-fixes-windows-psexec-privilege-elevation-vulnerability/
https://techcommunity.microsoft.com/t5/sysinternals-blog/tcpview-v4-0-psexec-v2-33-winobj-v3-02-and-sysmon-v13-02/ba-p/2230549

Critical F5 BIG-IP Bug Under Active Attacks After PoC Exploit Posted Online
https://thehackernews.com/2021/03/latest-f5-big-ip-bug-under-active.html

資安事件新聞週報 2021/3/15 ~ 2021/3/19

 

資安事件新聞週報 2021/3/15  ~  2021/3/19

1.重大弱點漏洞/後門/Exploit/Zero Day
grafana 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28146

微軟Exchange漏洞受矚 戴夫寇爾駁不實指控
https://money.udn.com/money/story/10860/5329940

Exchange Server零時差漏洞攻擊　Palo Alto Networks提出4招防範
https://finance.ettoday.net/news/1942640

FUEL CMS跨站請求偽造漏洞
https://vul.wangan.com/a/CNVD-2021-18031

發現11處安全漏洞！谷歌：駭客可攻擊多種操作系統
https://reurl.cc/Kx2LER

Apple Xcode < 7.2 多個漏洞(Mac OS X)
https://zh-cn.tenable.com/plugins/nessus/87737

phpMyAdmin 3.3.x / 3.4.x < 3.3.10.2 / 3.4.3.1 多種漏洞(PMASA-2011-5 - PMASA-2011-8)
https://zh-cn.tenable.com/plugins/nessus/57346

Apache Solr任意文件讀取與SSRF漏洞預警
https://www.secrss.com/articles/29973

Google Chrome與Microsoft Edge瀏覽器存在安全漏洞，速更新
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9119

GitLab開源代碼管理倉庫發現遠程代碼執行漏洞
https://news.sina.com.tw/article/20210319/37944572.html

黑客利用7個零日漏洞來感染網站並滲透iOS設備
https://www.cnbeta.com/articles/tech/1103813.htm

資安事件新聞週報 2021/3/8 ~ 2021/3/12

 

資安事件新聞週報 2021/3/8  ~  2021/3/12

1.重大弱點漏洞/後門/Exploit/Zero Day
來自台灣的 DEVCORE 領先全球揭露 並通報微軟的 Exchange Server 安全漏洞
https://reurl.cc/bzWO7E

FireEye揭露Accellion事故調查結果，攻擊者極為熟悉目標軟體的運作機制，並串連漏洞進行RCE攻擊
https://www.ithome.com.tw/news/143178

CISA也發出警告！F5公布多個RCE漏洞，並呼籲用戶盡快升級
https://www.ithome.com.tw/news/143171

F5 BIG-IP和BIG-IQ設備的RCE弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/03/10/f5-security-advisory-rce-vulnerabilities-big-ip-big-iq

Critical Pre-Auth RCE Flaw Found in F5 Big-IP Platform — Patch ASAP
https://thehackernews.com/2021/03/critical-pre-auth-rce-flaw-found-in-f5.html

QNAP NAS 已知漏洞遭駭侵者用以惡意挖礦
https://twcert.pixnet.net/blog/post/330990583

中華資安國際發現CVE弱點，國內某入口網資訊系統具有多項漏洞
https://www.chtsecurity.com/news/973edda3-35e8-4369-89de-912f9017a5ff

蘋果各平台安全更新 防惡意程式碼
https://reurl.cc/bzWODr

Apache Tomcat
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-25329

Cisco 近日發布更新以解決多個Cisco產品受Snort影響所造成安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/03/04/cisco-releases-security-updates

VMware 發布安全更新以解決 VMware View Planner弱點問題
https://us-cert.cisa.gov/ncas/current-activity/2021/03/04/vmware-releases-security-update

ProxyLogon PoC Exploit Released; Likely to Fuel More Disruptive Cyber Attacks
https://thehackernews.com/2021/03/proxylogon-exchange-poc-exploit.html

資安事件新聞週報 2021/3/1 ~ 2021/3/5

 

 

資安事件新聞週報 2021/3/1  ~  2021/3/5

1.重大弱點漏洞/後門/Exploit/Zero Day
Google Workspace 3月15日起不支援IE11
https://www.ithome.com.tw/news/142963

Google釋出Chrome更新修補已遭開採的漏洞
https://www.ithome.com.tw/news/143023

Oracle WebLogic Server 多個漏洞（2020 年1 月CPU）
https://zh-cn.tenable.com/plugins/nessus/132961

Grub2再現嚴重漏洞，釋出117個修補程式
https://www.ithome.com.tw/news/143054

CISA Issues Emergency Directive on In-the-Wild Microsoft Exchange Flaws
https://thehackernews.com/2021/03/cisa-issues-emergency-directive-on-in.html

Exchange Server零時差漏洞災情，可能比微軟想像中嚴重
https://www.ithome.com.tw/news/143056

微軟IIS 6.0舊漏洞再被用來挖礦
http://www.cmen.cc/news/202103/12896.html

Windows 10 字型曝安全漏洞遭 Google 揭露！微軟釋出安全修補
https://3c.ltn.com.tw/news/43394

Google揭露Windows 10字型元件RCE漏洞
https://www.ithome.com.tw/news/142986

Microsoft 發布安全更新以解決Exchange Server 多個安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/03/02/microsoft-releases-out-band-security-updates-exchange-server

FortiLogger 4.4.2.2 - Unauthenticated Arbitrary File Upload (Metasploit)
https://www.exploit-db.com/exploits/49600