2021年 9 月份資安、社群活動分享

 

2021年 9 月份資安、社群活動分享

歐盟資安法案及資安認證架構線上研討會 9/1
https://www.taics.org.tw/RecentACTForm.aspx?ACTCat_id=1&ACT_id=13166

Taipei Creative Coders Meetup #12 9/1
https://www.meetup.com/tpecreativecoders/events/280208750

SyntaxError 9/1
https://www.meetup.com/pythonhug/events/280356863

資訊安全系列課程 9/2 9/23
https://www.tabf.org.tw/CourseDetail.aspx?PID=449539
https://www.tabf.org.tw/CourseDetail.aspx?PID=449536

Web Application 威脅、弱點、防護及縱深防禦實戰班 9/3 9/10 9/17
https://www.tabf.org.tw/CourseDetail.aspx?PID=442804

SP-ISAC 資安沙龍 9/3
https://reurl.cc/6aWQyZ

學生計算機年會 SITCON 2021  9/4
https://sitcon.org/2021/

資安事件新聞週報 2021/8/23 ~ 2021/8/27

 

資安事件新聞週報 2021/8/23  ~  2021/8/27

1.重大弱點漏洞/後門/Exploit/Zero Day

Cisco 近日發布更新以解決多個產品的安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/08/19/cisco-releases-security-updates-multiple-products

Cisco Small Business RV110W、RV130、RV130W 和 RV215W 路由器的通用隨插即用 (UPnP) 服務中存在一個漏洞
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-34730

Critical Flaw Discovered in Cisco APIC for Switches — Patch Released
https://thehackernews.com/2021/08/critical-flaw-discovered-in-cisco-apic.html

F5 Releases Critical Security Patch for BIG-IP and BIG-IQ Devices
https://thehackernews.com/2021/08/f5-releases-critical-security-patches.html

VMware Issues Patches to Fix New Flaws Affecting Multiple Products
https://thehackernews.com/2021/08/vmware-issues-patches-to-fix-new-flaws.html

Fortinet FortiWeb產品存在安全漏洞(CVE-2021-22123)
https://net.nthu.edu.tw/2009/mailing:announcement:20210823_01

NetGear D1500 V1.0.0.21_1.0.1PE - 'Wireless Repeater' Stored Cross-Site Scripting (XSS)
https://www.exploit-db.com/exploits/50201

SonicWall NetExtender 10.2.0.300 - Unquoted Service Path
https://www.exploit-db.com/exploits/50212

CISA警告：駭客正在積極開採ProxyShell漏洞
https://www.ithome.com.tw/news/146353

資安事件新聞週報 2021/8/16 ~ 2021/8/20

 

資安事件新聞週報 2021/8/16  ~  2021/8/20

1.重大弱點漏洞/後門/Exploit/Zero Day
Unpatched Remote Hacking Flaw Disclosed in Fortinet's FortiWeb WAF
https://thehackernews.com/2021/08/unpatched-remote-hacking-zero-day-flaw.html

Hackers can bypass Cisco security products in data theft attacks
https://www.bleepingcomputer.com/news/security/hackers-can-bypass-cisco-security-products-in-data-theft-attacks/

Critical Flaw Found in Older Cisco Small Business Routers Won't Be Fixed
https://thehackernews.com/2021/08/critical-flaw-found-in-older-cisco.html

Cisco Releases Security Updates for Multiple Products
https://us-cert.cisa.gov/ncas/current-activity/2021/08/19/cisco-releases-security-updates-multiple-products

F5 BIG-IP 多個漏洞
https://www.hkcert.org/tc/security-bulletin/f5-big-ip-multiple-vulnerabilities_20210818

趨勢科技APEX ONE產品存在安全漏洞(CVE-2021-32464、32465、36741及36742)
https://www.isda.org.tw/2021/08/14/35ea8908289d2eca875e47fde4b951d9/

New AdLoad Variant Bypasses Apple's Security Defenses to Target macOS Systems
https://thehackernews.com/2021/08/new-adload-variant-bypasses-apples.html

Realtek晶片10多項安全漏洞可導致系統被接管，影響至少65家IoT廠商
https://www.ithome.com.tw/news/146236

NetGear D1500 V1.0.0.21_1.0.1PE - 'Wireless Repeater' Stored Cross-Site Scripting (XSS)
https://www.exploit-db.com/exploits/50201

CentOS Web Panel 0.9.8.1081 - Stored Cross-Site Scripting (XSS)
https://www.exploit-db.com/exploits/50200

iOS 14.7.1 爆災情，更新後「沒有服務」
https://technews.tw/2021/08/18/ios-14-7-1-no-service/

駭客發現Steam錢包金額竄改漏洞 Valve迅速修復並提供獎金答謝
https://game.udn.com/game/story/122089/5676826

資安事件新聞週報 2021/8/9 ~ 2021/8/13

 

資安事件新聞週報 2021/8/9  ~  2021/8/13

1.重大弱點漏洞/後門/Exploit/Zero Day
Pulse Secure VPNs Get New Urgent Update for Poorly Patched Critical Flaw
https://thehackernews.com/2021/08/pulse-secure-vpns-get-new-urgent-update.html

Ivanti 發布 Pulse Connect Secure 安全更新
https://us-cert.cisa.gov/ncas/current-activity/2021/08/06/ivanti-releases-security-update-pulse-connect-secure
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44858

IBM AIX 7.1、7.2 和 VIOS 3.1 版本存在權限驗證弱點
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-29741

近兩年駭客最常利用之29個漏洞資訊與修補方式
https://net.nthu.edu.tw/2009/mailing:announcement:20210811_02

滲透測試工具Cobalt Strike存在DoS漏洞，可以用來遏阻攻擊行動
https://www.ithome.com.tw/news/146069

VMware 發布修補多個產品的安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/08/05/vmware-releases-security-updates-multiple-products
https://www.vmware.com/security/advisories/VMSA-2021-0016.html

安全廠商釋出PetitPotam漏洞非官方修補程式
https://www.ithome.com.tw/news/146090

資安事件新聞週報 2021/8/2 ~ 2021/8/6

 

資安事件新聞週報 2021/8/2  ~  2021/8/6

1.重大弱點漏洞/後門/Exploit/Zero Day
Technical Advisory: Pulse Connect Secure – RCE via Uncontrolled Archive Extraction – CVE-2021-22937 (Patch Bypass)
https://research.nccgroup.com/2021/08/05/technical-advisory-pulse-connect-secure-rce-via-uncontrolled-archive-extraction-cve-2021-22937-patch-bypass/

CHT Security Red Team Discovered Several Vulnerabilities in Well-Known Domestic CTS Web Transaction System
https://www.chtsecurity.com/news/40e165e2-e539-49bc-bcf1-e3b27c29e344

CHT Security Red Team Discovered Several Vulnerabilities in Well-Known Domestic CTS Web Transaction System
https://www.chtsecurity.com/news/40e165e2-e539-49bc-bcf1-e3b27c29e344

CHT Security Red Team Discovered Several Vulnerabilities in Well-Known Domestic CTS Web Transaction System
https://www.chtsecurity.com/news/40e165e2-e539-49bc-bcf1-e3b27c29e344

推動國內產品漏洞修補，TWCERT/CC已指派近200個CVE漏洞，近期發布品質並獲評雙最高等級
https://www.ithome.com.tw/news/146035

美、英、澳聯手公布2020年最常被利用的CVE漏洞
https://www.ithome.com.tw/news/146015