2021年 8 月份資安、社群活動分享

 

2021年 8 月份資安、社群活動分享

2021農業開放資料論壇 8/1
https://www.accupass.com/event/2107140612063453095840

Water Cooler Conversation #28 by #TechLearnEng 8/3
https://www.meetup.com/tech-learn-en/events/279587758

BUiLT Paid into Tech 8/4
https://www.meetup.com/blacks-united-in-leading-technology-greater-china/events/279619371

Red Team Village CTF - DEF CON 29 (2021) 8/5
https://www.eventbrite.com/e/red-team-village-ctf-def-con-29-2021-tickets-161953191355

PHP也有Day #60 8/5
https://reurl.cc/MAmKZk

搶攻 LINE OA 跨境招生潮 / 課程代號 LA3 8/10
https://www.accupass.com/event/2103310827012203476660

中華電信學院 創客智慧應用研習班 第三梯 8/10 ~ 8/11
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=349

資安事件新聞週報 2021/7/26 ~ 2021/7/30

 

 

資安事件新聞週報 2021/7/26  ~  2021/7/30

1.重大弱點漏洞/後門/Exploit/Zero Day
Cisco 發布Intersight Virtual Appliance 軟體安全更新
https://us-cert.cisa.gov/ncas/current-activity/2021/07/22/cisco-releases-security-updates

國內網路産品製造大廠修復路由器密碼硬編寫暨多個RCE嚴重漏洞
https://www.twcert.org.tw/tw/cp-104-4945-a841f-1.html

Oracle 近日發布更新以解決多個產品的安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/07/20/oracle-releases-july-2021-critical-patch-update

FortiClient for Mac 6.4.3 及以下版本 CVE-2021-26089
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-26089

FortiMail 6.4.0 到 6.4.4 和 6.2.0 到 6.2.7
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-24020
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-24007

Citrix Application Delivery Controller、Citrix Gateway 和 Citrix SD-WAN WANOP Edition 的安全更新
https://us-cert.cisa.gov/ncas/current-activity/2021/07/20/citrix-releases-security-updates

D-LINK DIR-3040 1.13B03
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-21820

Kaseya VSA
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-30118

微軟七月 Patch Tuesday 資安修補包，修復 117 個漏洞，包括 9 個 0-day 漏洞
https://blog.twnic.tw/2021/07/30/19459/

Windows 11 推出第一個 Beta 版，持續改善穩定性並修除 Bug
https://www.kocpc.com.tw/archives/395979

Windows 10驚傳一般使用者也能讀取SAM組態檔的弱點
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36934

資安事件新聞週報 2021/7/19 ~ 2021/7/23

 

資安事件新聞週報 2021/7/19  ~  2021/7/23

1.重大弱點漏洞/後門/Exploit/Zero Day
Juniper 近日發布更新以解決多個產品的安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/07/15/juniper-networks-releases-security-updates-multiple-products

Fortinet 近日發布更新以解決 FortiManager 和 FortiAnalyzer 的安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/07/19/fortinet-releases-security-updates-fortimanager-and-fortianalyzer

Cisco 發布Adaptive Security Appliance和Firepower Threat Defense 軟體安全更新
https://us-cert.cisa.gov/ncas/current-activity/2021/07/16/cisco-releases-security-updates

Cisco fixes high-risk DoS flaw in ASA, FTD Software
https://securityaffairs.co/wordpress/120231/security/cisco-dos-flaw-asa-ftd.html

Oracle Warns of Critical Remotely Exploitable Weblogic Server Flaws
https://thehackernews.com/2021/07/oracle-warns-of-critical-remotely.html

存在16年的驅動程式漏洞可讓駭客執行惡意程式，影響HP、全錄等380款印表機
https://www.ithome.com.tw/news/145776

16-Year-Old Security Bug Affects Millions of HP, Samsung, Xerox Printers
https://thehackernews.com/2021/07/16-year-old-security-bug-affects.html

Update Your Chrome Browser to Patch New Zero‑Day Bug Exploited in the Wild
https://thehackernews.com/2021/07/update-your-chrome-browser-to-patch-new.html

資安事件新聞週報 2021/7/12 ~ 2021/7/16

 

資安事件新聞週報 2021/7/12  ~  2021/7/16

1.重大弱點漏洞/後門/Exploit/Zero Day
Cisco 近日發布更新以解決多個產品的安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/07/08/cisco-releases-security-updates-multiple-products
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bpa-priv-esc-dgubwbH4

Chrome and Internet Explorer 0days used to target users in Armenia
https://blog.google/threat-analysis-group/how-we-protect-users-0-day-attacks/

Google：俄羅斯駭客利用Safari零時差漏洞鎖定LinkedIn用戶
https://www.ithome.com.tw/news/145662

Likely Russian government-backed actor using CVE-​2021-1879 to collect authentication cookies from Safari
https://blog.google/threat-analysis-group/how-we-protect-users-0-day-attacks/

Serv-U Remote Memory Escape Vulnerability being exploited in the wild CVE-2021-35211
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35211#FAQ

A New Critical SolarWinds Zero-Day Vulnerability Under Active Attack
https://thehackernews.com/2021/07/a-new-critical-solarwinds-zero-day.html

Chinese Hackers Exploited Latest SolarWinds 0-Day in Targeted Attacks
https://thehackernews.com/2021/07/chinese-hackers-exploit-latest.html

Zyxel USG/Zywall 系列固件版本 4.35 至 4.64 和 USG Flex、ATP 和 VPN 系列固件版本 4.35 至 5.01
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-35029

資安事件新聞週報 2021/7/5 ~ 2021/7/9

 

 

 

資安事件新聞週報 2021/7/5  ~  2021/7/9

1.重大弱點漏洞/後門/Exploit/Zero Day
QNAP 修復 HBS 3 備份應用程式的嚴重漏洞
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9328

WD證實駭客濫用My Book Live系列NAS漏洞
https://pttdigit.com/pc_shopping/M.1625402719.A.DEC.html

WD NAS 爆 0-day 漏洞，部分舊產品無法補洞只能買新的
https://www.kocpc.com.tw/archives/391850

微軟警告儘速升級PowerShell 7，以避免遠端程式碼攻擊
https://www.ithome.com.tw/news/145471

Microsoft 已發布安全更新，以解決 PrintNightmare 弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/07/06/microsoft-releases-out-band-security-updates-printnightmare
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527

資安事件新聞週報 2021/6/28 ~ 2021/7/2

 

資安事件新聞週報 2021/6/28  ~  2021/7/2

1.重大弱點漏洞/後門/Exploit/Zero Day
Hackers target Cisco ASA devices after a PoC exploit code was published online
https://securityaffairs.co/wordpress/119442/hacking/cisco-asa-under-attack.html

Cisco ASA Flaw Under Active Attack After PoC Exploit Posted Online
https://thehackernews.com/2021/06/cisco-asa-flaw-under-active-attack.html

Citrix發布針對Hypervisor的安全更新
https://us-cert.cisa.gov/ncas/current-activity/2021/06/25/citrix-releases-security-updates-hypervisor

Unpatched Virtual Machine Takeover Bug Affects Google Compute Engine
https://thehackernews.com/2021/06/unpatched-virtual-machine-takeover-bug.html

WD 網絡硬碟有嚴重安全漏洞　官方建議立即中斷網絡連線
https://unwire.hk/2021/06/26/wd-my-book-nas-devices-are-being-remotely-wiped/parts/

Netgear路由器漏洞可引發資訊洩露、系統劫持
https://www.ithome.com.tw/news/145414

Watch Out! Zyxel Firewalls and VPNs Under Active Cyberattack
https://thehackernews.com/2021/06/watch-out-zyxel-firewalls-and-vpns.html

VMware Releases Security Updates
https://us-cert.cisa.gov/ncas/current-activity/2021/06/23/vmware-releases-security-updates

2021年 7 月份資安、社群活動分享

 

2021年 7 月份資安、社群活動分享

HackingThursday 固定聚會 台北場 Taipei  7/1
https://www.meetup.com/hackingthursday/events/279146029

Brooklyn Javascripters Meetup  7/6
https://www.meetup.com/brooklyn-javascripters/events/277409602

Taipei Creative Coders Meetup #10 7/7
https://www.meetup.com/tpecreativecoders/events/278994915

Intro to Coding (HTML, CSS, JavaScript & React) 7/8
https://www.meetup.com/paperspace/events/278167616

TensorFlow Everywhere | From 0 to 1  7/10
https://www.meetup.com/TensorFlow-User-Group-Taipei/events/277170902

元智資工夏令營-由programming邁入AI大數據與資安世界 7/15 ~ 7/17
https://cse-yzu.kktix.cc/events/yzcsapcs5

國立臺灣科技大學執行教育部「先進資通安全實務人才培育計畫」，將於110年7月26日至8月1日舉辦「110年新型態資安暑期課程(AIS3 2021)
http://cc.ncku.edu.tw/p/406-1002-220949,r804.php?Lang=zh-tw