資安事件新聞週報 2021/10/18 ~ 2021/10/22

 

資安事件新聞週報 2021/10/18  ~  2021/10/22

1.重大弱點漏洞/後門/Exploit/Zero Day
Bug in Popular WinRAR Software Could Let Attackers Hack Your Computer
https://thehackernews.com/2021/10/bug-in-free-winrar-software-could-let.html

Oracle Critical Patch Update Advisory - October 2021
https://reurl.cc/aNevgY

Microsoft Warns of New Security Flaw Affecting Surface Pro 3 Devices
https://thehackernews.com/2021/10/microsoft-warns-of-new-security-flaw.html

微軟要求系統管理員更新 PowerShell,以修補 WDAC 資安防護跳過漏洞
https://reurl.cc/WX0dr9

微軟推出 2021 年 10 月 Patch Tuesday 資安修補包,修復多個嚴重及 0-day
https://reurl.cc/Mk3dDn

OWASP自2017年來首度更新弱點排名Top 10
https://blog.twnic.tw/2021/10/18/20252/

資安事件新聞週報 2021/10/11 ~ 2021/10/15

 


資安事件新聞週報 2021/10/11  ~  2021/10/15

1.重大弱點漏洞/後門/Exploit/Zero Day
Cisco 近日發布更新以解決多個產品的安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/10/07/cisco-releases-security-updates-multiple-products

Micro Focus ArcSight Enterprise Security Manager (ESM)  CVE-2021-38124
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-38124

Trend Micro ServerProtect
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-36745

Apache HTTP伺服器存在安全漏洞(CVE-2021-42013),允許攻擊者遠端執行任意程式碼
https://www.isda.org.tw/2021/10/09/0a4bf59c2d6b1fc5d36850718f1675f4/

資安事件新聞週報 2021/10/04 ~ 2021/10/08

 


資安事件新聞週報 2021/10/04  ~  2021/10/08

1.重大弱點漏洞/後門/Exploit/Zero Day
Apache修補已被開採的資料外洩漏洞
https://www.ithome.com.tw/news/147117

Apache Warns of Zero-Day Exploit in the Wild — Patch Your Web Servers Now
https://thehackernews.com/2021/10/apache-warns-of-zero-day-exploit-in.html

微軟強化伺服器韌體與網路安全
https://www.ithome.com.tw/tech/147018

關於微軟 Azure 安全漏洞 Azurescape,你必須知道的事情
https://www.netadmin.com.tw/netadmin/zh-tw/snapshot/C4A67EE8E049422F9B35A5460A7E2988

QNAP QTS 5.0 正式版登場:升級系統核心、強化資安,支援 WireGuard VPN,並內建免費 exFAT 授權
https://reurl.cc/ox723q

Google Chrome與Microsoft Edge瀏覽器存在安全漏洞(CVE-2021-37974~37976),允許攻擊者遠端執行任意程式碼,請儘速確認並進行更新
https://portal.boe.ttct.edu.tw/bulletin/view.php?sn=B110002811

資安事件新聞週報 2021/9/27 ~ 2021/10/01

 

資安事件新聞週報 2021/9/27  ~  2021/10/01

1.重大弱點漏洞/後門/Exploit/Zero Day
Cisco 近日發布更新以解決多個產品的安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/09/23/cisco-releases-security-updates-multiple-products

New Azure AD Bug Lets Hackers Brute-Force Passwords Without Getting Caught
https://thehackernews.com/2021/09/new-azure-ad-bug-lets-hackers-brute.html

WhatsUpGold 21.0.3 - Stored Cross-Site Scripting (XSS)
https://www.exploit-db.com/exploits/50366

Microsoft Windows cmd.exe - Stack Buffer Overflow
https://www.exploit-db.com/exploits/50331

NETGEAR Releases Security Updates for RCE Vulnerability
https://us-cert.cisa.gov/ncas/current-activity/2021/09/21/netgear-releases-security-updates-rce-vulnerability

VMware vCenter Server Vulnerability CVE-2021-22005 Under Active Exploit
https://us-cert.cisa.gov/ncas/current-activity/2021/09/24/vmware-vcenter-server-vulnerability-cve-2021-22005-under-active

Atlassian Confluence RCE Flaw Abused in Multiple Cyberattack Campaigns
https://thehackernews.com/2021/09/atlassian-confluence-rce-flaw-abused-in.html

RCE Vulnerability in Hikvision Cameras (CVE-2021-36260)
https://us-cert.cisa.gov/ncas/current-activity/2021/09/28/rce-vulnerability-hikvision-cameras-cve-2021-36260

資安事件新聞週報 2021/10/18 ~ 2021/10/22

  資安事件新聞週報 2021/10/18  ~  2021/10/22 1.重大弱點漏洞/後門/Exploit/Zero Day Bug in Popular WinRAR Software Could Let Attackers Hack Your Computer http...