2021年 11 月份資安、社群活動分享

 

2021年 11 月份資安、社群活動分享

Golang Taipei Gathering #61 Webinar 11/2
https://www.meetup.com/golang-taipei-meetup/events/281541986

從Python到TensorFlow線上讀書會-三部曲(7) -進階深度學習的最佳實作方式 11/2
https://www.meetup.com/TensorFlow-User-Group-Taipei/events/280045015

Clojure Taiwan BYOP #3, 2021 11/2
https://www.meetup.com/Clojure-tw/events/281646231

「2021台灣資安通報應變年會」11/3
https://www.informationsecurity.com.tw/article/article_detail_2021.aspx?aid=9517

SyntaxError 11/3
https://www.meetup.com/pythonhug/events/281711643

InfoSec Taiwan 2021國際資安大會 11月3~4日
https://slat.org/node/169

【職場參訪體驗】虎頭山創新園區 11/4
https://ys.wda.gov.tw/D/18-1026/

Taipei CS Weekly Meeting 11/4
https://www.meetup.com/couchsurfers-in-taiwan/events/281419439

資安事件新聞週報 2021/10/25 ~ 2021/10/29

 

資安事件新聞週報 2021/10/25  ~  2021/10/29

1.重大弱點漏洞/後門/Exploit/Zero Day
Oracle Solaris重大零時差漏洞遭駭客開採，曾潛伏企業內長達2年
https://industry4.ithome.com.tw/news/140915

Oracle 近日發布更新以解決多個產品的安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/10/19/oracle-releases-october-2021-critical-patch-update

Apache發布針對Apache Tomcat的安全公告
http://mail-archives.us.apache.org/mod_mbox/www-announce/202110.mbox/%3C9b8b83e3-7fec-a26d-7780-e5d4a85f7df6%40apache.org%3E

Cisco 近日發布更新以解決Cisco IOS XE SD-WAN 的安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/10/21/cisco-releases-security-updates-ios-xe-sd-wan-software

Cisco Releases Security Updates for Multiple Products
https://us-cert.cisa.gov/ncas/current-activity/2021/10/28/cisco-releases-security-updates-multiple-products

微軟Windows 遠端執行程式碼漏洞，恐造成駭客接管整台電腦
https://www.cc.ntu.edu.tw/chinese/cert/cert20211026.asp

資安事件新聞週報 2021/10/18 ~ 2021/10/22

 

資安事件新聞週報 2021/10/18  ~  2021/10/22

1.重大弱點漏洞/後門/Exploit/Zero Day
Bug in Popular WinRAR Software Could Let Attackers Hack Your Computer
https://thehackernews.com/2021/10/bug-in-free-winrar-software-could-let.html

Oracle Critical Patch Update Advisory - October 2021
https://reurl.cc/aNevgY

Microsoft Warns of New Security Flaw Affecting Surface Pro 3 Devices
https://thehackernews.com/2021/10/microsoft-warns-of-new-security-flaw.html

微軟要求系統管理員更新 PowerShell，以修補 WDAC 資安防護跳過漏洞
https://reurl.cc/WX0dr9

微軟推出 2021 年 10 月 Patch Tuesday 資安修補包，修復多個嚴重及 0-day
https://reurl.cc/Mk3dDn

OWASP自2017年來首度更新弱點排名Top 10
https://blog.twnic.tw/2021/10/18/20252/

資安事件新聞週報 2021/10/11 ~ 2021/10/15

 

資安事件新聞週報 2021/10/11  ~  2021/10/15

1.重大弱點漏洞/後門/Exploit/Zero Day
Cisco 近日發布更新以解決多個產品的安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/10/07/cisco-releases-security-updates-multiple-products

Micro Focus ArcSight Enterprise Security Manager (ESM)  CVE-2021-38124
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-38124

Trend Micro ServerProtect
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-36745

Apache HTTP伺服器存在安全漏洞(CVE-2021-42013)，允許攻擊者遠端執行任意程式碼
https://www.isda.org.tw/2021/10/09/0a4bf59c2d6b1fc5d36850718f1675f4/

資安事件新聞週報 2021/10/04 ~ 2021/10/08

 

資安事件新聞週報 2021/10/04  ~  2021/10/08

1.重大弱點漏洞/後門/Exploit/Zero Day
Apache修補已被開採的資料外洩漏洞
https://www.ithome.com.tw/news/147117

Apache Warns of Zero-Day Exploit in the Wild — Patch Your Web Servers Now
https://thehackernews.com/2021/10/apache-warns-of-zero-day-exploit-in.html

微軟強化伺服器韌體與網路安全
https://www.ithome.com.tw/tech/147018

關於微軟 Azure 安全漏洞 Azurescape，你必須知道的事情
https://www.netadmin.com.tw/netadmin/zh-tw/snapshot/C4A67EE8E049422F9B35A5460A7E2988

QNAP QTS 5.0 正式版登場：升級系統核心、強化資安，支援 WireGuard VPN，並內建免費 exFAT 授權
https://reurl.cc/ox723q

Google Chrome與Microsoft Edge瀏覽器存在安全漏洞(CVE-2021-37974~37976)，允許攻擊者遠端執行任意程式碼，請儘速確認並進行更新
https://portal.boe.ttct.edu.tw/bulletin/view.php?sn=B110002811

資安事件新聞週報 2021/9/27 ~ 2021/10/01

 

資安事件新聞週報 2021/9/27  ~  2021/10/01

1.重大弱點漏洞/後門/Exploit/Zero Day
Cisco 近日發布更新以解決多個產品的安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/09/23/cisco-releases-security-updates-multiple-products

New Azure AD Bug Lets Hackers Brute-Force Passwords Without Getting Caught
https://thehackernews.com/2021/09/new-azure-ad-bug-lets-hackers-brute.html

WhatsUpGold 21.0.3 - Stored Cross-Site Scripting (XSS)
https://www.exploit-db.com/exploits/50366

Microsoft Windows cmd.exe - Stack Buffer Overflow
https://www.exploit-db.com/exploits/50331

NETGEAR Releases Security Updates for RCE Vulnerability
https://us-cert.cisa.gov/ncas/current-activity/2021/09/21/netgear-releases-security-updates-rce-vulnerability

VMware vCenter Server Vulnerability CVE-2021-22005 Under Active Exploit
https://us-cert.cisa.gov/ncas/current-activity/2021/09/24/vmware-vcenter-server-vulnerability-cve-2021-22005-under-active

Atlassian Confluence RCE Flaw Abused in Multiple Cyberattack Campaigns
https://thehackernews.com/2021/09/atlassian-confluence-rce-flaw-abused-in.html

RCE Vulnerability in Hikvision Cameras (CVE-2021-36260)
https://us-cert.cisa.gov/ncas/current-activity/2021/09/28/rce-vulnerability-hikvision-cameras-cve-2021-36260