2021年 10 月份資安、社群活動分享

 

2021年 10 月份資安、社群活動分享

內控2.0：統計預測、數據分析、資訊安全與舞弊偵防 10/1
https://www.caa.org.tw/coursedetail-3605.html

Cyber Defense Summit 2021 Oct. 4-7, 2021
https://summit.fireeye.com/

Taipei Creative Coders Meetup #13 10/6
https://www.meetup.com/tpecreativecoders/events/280959754

資訊系統與通信傳輸查核 10/6
https://www.caa.org.tw/coursedetail-3524.html

資料庫稽核與個資保護 10/7
https://www.caa.org.tw/coursedetail-3607.html

中華電信學院 自主式移動機器人ROS開發實戰班 10/07、10/08
https://www.chtti.cht.com.tw/general/course_info.jsp?activity_id=318

資安事件新聞週報 2021/9/20 ~ 2021/9/24

 

資安事件新聞週報 2021/9/20  ~  2021/9/24

1.重大弱點漏洞/後門/Exploit/Zero Day
New Nagios Software Bugs Could Let Hackers Take Over IT Infrastructures
https://thehackernews.com/2021/09/new-nagios-software-bugs-could-let.html

VMware 發布多個產品的安全更新
https://us-cert.cisa.gov/ncas/current-activity/2021/09/21/vmware-releases-security-updates

Cisco Releases Patches 3 New Critical Flaws Affecting IOS XE Software
https://thehackernews.com/2021/09/cisco-releases-patches-3-new-critical.html

Netgear 修復多款路由器嚴重漏洞
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9470

Netgear 修復多款路由器嚴重漏洞，可導致駭侵者遠端執行任意程式碼
https://www.twcert.org.tw/tw/cp-104-5108-edb59-1.html

Aruba Operating System
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-37724

ArubaOS 存在安全弱點
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-37723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-37718

蘋果修補舊款裝置的零時差攻擊漏洞
https://www.ithome.com.tw/news/146869

macOS含有一個可用來執行任意程式的安全漏洞
https://www.ithome.com.tw/news/146816

Urgent Apple iOS and macOS Updates Released to Fix Actively Exploited Zero-Days
https://thehackernews.com/2021/09/urgent-apple-ios-and-macos-updates.html

Microsoft Exchange Bug Exposes ~100,000 Windows Domain Credentials
https://thehackernews.com/2021/09/microsoft-exchange-bug-exposes-100000.html

用戶快更新！Windows出現嚴重漏洞 點開Office文件恐遭駭
https://reurl.cc/bnkG8E

資安事件新聞週報 2021/9/13 ~ 2021/9/17

 

資安事件新聞週報 2021/9/13  ~  2021/9/17

1.重大弱點漏洞/後門/Exploit/Zero Day
FBI警告：國家級駭客正在開採Zoho的自助式密碼管理平臺漏洞
https://www.ithome.com.tw/news/146787

Update Google Chrome to Patch 2 New Zero-Day Flaws Under Attack
https://thehackernews.com/2021/09/update-google-chrome-to-patch-2-new.html

Critical Bug Reported in NPM Package With Millions of Downloads Weekly
https://thehackernews.com/2021/09/critical-bug-reported-in-npm-package.html

全景 TSSServiSignAdapter Windows版 - Improper Input Validation
https://www.twcert.org.tw/tw/cp-132-5093-76f04-1.html

Third Critical Bug Affects Netgear Smart Switches — Details and PoC Released
https://thehackernews.com/2021/09/third-critical-bug-affects-netgear.html

Critical Flaws Discovered in Azure App That Microsoft Secretly Installs on Linux VMs
https://thehackernews.com/2021/09/critical-flaws-discovered-in-azure-app.html

Cisco 近日發布更新以解決產品 IOS XR Software 的多個安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/09/09/cisco-releases-security-updates-multiple-products

Adobe 已發布安全更新，以解決多個 Adobe 產品中的弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/09/14/adobe-releases-security-updates-multiple-products

資安事件新聞週報 2021/9/6 ~ 2021/9/10

 

資安事件新聞週報 2021/9/6  ~  2021/9/10

1.重大弱點漏洞/後門/Exploit/Zero Day
Cisco 發布Enterprise NFV Infrastructure Software（NFVIS）軟體安全更新
https://us-cert.cisa.gov/ncas/current-activity/2021/09/02/cisco-releases-security-updates-cisco-enterprise-nfvis

多家廠商 SoC 產品中的藍牙堆疊含嚴重 BrakTooth 漏洞
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9442

數十億用戶遭殃！　BrakTooth漏洞「透過藍牙」攻擊Android產品
https://finance.ettoday.net/news/2074956

Netgear 修復三個嚴重資安漏洞，影響 20 種智慧型網路交換器
https://blog.twnic.tw/2021/09/11/20052/

研究人員：Windows最新MSHTML漏洞比想像中危險
https://www.ithome.com.tw/news/146650

微軟 IE 渲染引擎爆發零時差漏洞！駭客正用來發動目標式攻擊
https://technews.tw/2021/09/10/microsoft-attackers-exploiting-windows-zero-day-flaw/

CISA Warns of Actively Exploited Zoho ManageEngine ADSelfService Vulnerability
https://thehackernews.com/2021/09/cisa-warns-of-actively-exploited-zoho.html

Moving Forward After CentOS 8 EOL
https://thehackernews.com/2021/09/moving-forward-after-centos-8-eol.html

Critical Auth Bypass Bug Affect NETGEAR Smart Switches — Patch and PoC Released
https://thehackernews.com/2021/09/critical-auth-bypass-bug-affect-netgear.html

Latest Atlassian Confluence Flaw Exploited to Breach Jenkins Project Server
https://thehackernews.com/2021/09/latest-atlassian-confluence-flaw.html

3 Ways to Secure SAP SuccessFactors and Stay Compliant
https://thehackernews.com/2021/09/3-ways-to-secure-sap-successfactors-and.html

資安事件新聞週報 2021/8/30 ~ 2021/9/3

 

資安事件新聞週報 2021/8/30  ~  2021/9/3

1.重大弱點漏洞/後門/Exploit/Zero Day
QNAP Working on Patches for OpenSSL Flaws Affecting its NAS Devices
https://thehackernews.com/2021/09/qnap-working-on-patches-for-openssl.html

SUSE併購後的第一個版本，Rancher 2.6大幅強化叢集配置功能
https://www.ithome.com.tw/news/146534

MySQL User-Defined (Linux) x32 / x86_64 - 'sys_exec' Local Privilege Escalation
https://www.exploit-db.com/exploits/50236

Synology DSM 7.0 全面更新 系統、使用者、資料安全性大升級
https://www.cool3c.com/article/164641

SQL Server 2012 & Windows Server 2012 End of Support
https://cloudblogs.microsoft.com/sqlserver/2021/07/14/know-your-options-for-sql-server-2012-and-windows-server-2012-end-of-support/

微軟Exchange爆安全漏洞　黑客未經身分認證可存取郵件
https://reurl.cc/5r76VR

微軟Azure出現重大漏洞，用戶應盡速更新金鑰
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9426

小心 Email 遭監聽！微軟 Exchange 出現新「ProxyToken」重大漏洞
https://technews.tw/2021/09/01/microsoft-exchange-proxytoken-bug-email-snooping/