資安事件新聞週報 2021/4/26 ~ 2021/4/30
1.重大弱點漏洞/後門/Exploit/Zero Day
中華資安國際發現CVE弱點,國內某電子簽核平台具有多項漏洞
https://nvd.nist.gov/vuln/detail/CVE-2021-28173
駭客利用Pulse Secure VPN裝置4項安全漏洞,對各國政府組織發動攻擊
https://us-cert.cisa.gov/ncas/alerts/aa21-110a
Google Chrome 90 新版修復多個資安漏洞
https://www.twcert.org.tw/tw/cp-104-4686-384be-1.html
Chrome Browser Update - April 26 2021
https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html
ISC BIND - Multiple Vulnerabilities Addressed
https://kb.isc.org/docs/cve-2021-25214
https://kb.isc.org/docs/cve-2021-25215
https://kb.isc.org/docs/cve-2021-25216
Nagios XI Vulnerability Used for Cryptomining
https://unit42.paloaltonetworks.com/nagios-xi-vulnerability-cryptomining/
F5 BIG-IP Found Vulnerable to Kerberos KDC Spoofing Vulnerability
https://thehackernews.com/2021/04/f5-big-ip-found-vulnerable-to-kerberos.html
Apple Security Updates April 26 2021 - Exploitation in the Wild Reported
https://www.jamf.com/blog/shlayer-malware-abusing-gatekeeper-bypass-on-macos/
蘋果釋出macOS Big Sur 11.3,修補已被開採的零時差漏洞
https://www.ithome.com.tw/news/144063
Hackers Exploit 0-Day Gatekeeper Flaw to Attack macOS Computers
https://thehackernews.com/2021/04/hackers-exploit-0-day-gatekeeper-flaw.html