資安事件新聞週報 2021/11/22 ~ 2021/11/26

 

資安事件新聞週報 2021/11/22  ~  2021/11/26

1.重大弱點漏洞/後門/Exploit/Zero Day
Eavesdropping Bugs in MediaTek Chips Affect 37% of All Smartphones and IoT Globally
https://thehackernews.com/2021/11/eavesdropping-bugs-in-mediatek-chips.html

聯發科晶片遭曝資安漏洞，逾三成Android手機恐受影響！ 官方釋出修補
https://3c.ltn.com.tw/news/46805

聯發科手機SoC存資安疑慮？ 聯發科：已排除問題
https://www.digitimes.com.tw/tech/dt/n/shwnws.asp?id=0000624283_ZJ415EJQ9SAV232RI8H6O&cf=A21

聯發科平台傳出竊聽安全漏洞，不過在未傳出實際攻擊前已被修復
https://www.cool3c.com/article/168994

資安公司揭聯發科晶片漏洞！37%安卓手機、IoT設備用戶面臨竊聽風險
https://www.bnext.com.tw/article/66376/mediatek-cybersecurity-soc

600 萬台英國 Sky 寬頻用戶端路由器的資安漏洞，修復期間長達 17 個月
https://www.twcert.org.tw/tw/cp-104-5331-12ade-1.html

資安事件新聞週報 2021/11/15 ~ 2021/11/19

 

資安事件新聞週報 2021/11/15  ~  2021/11/19

1.重大弱點漏洞/後門/Exploit/Zero Day
美、英、澳共同發聲：伊朗駭客正在開採微軟Exchange及Fortinet漏洞
https://www.ithome.com.tw/news/147916

GitHub修補可讓駭客更新任何套件的Npm漏洞
https://www.ithome.com.tw/news/147896

New Blacksmith Exploit Bypasses Current Rowhammer Attack Defenses
https://thehackernews.com/2021/11/new-blacksmith-exploit-bypasses-current.html

Hackers Exploit macOS Zero-Day to Hack Hong Kong Users with new Implant
https://thehackernews.com/2021/11/hackers-exploit-macos-zero-day-to-hack.html

FBI Issues Flash Alert on Actively Exploited FatPipe VPN Zero-Day Bug
https://thehackernews.com/2021/11/fbi-issues-flash-alert-on-actively.html

Critical Root RCE Bug Affects Multiple Netgear SOHO Router Models
https://thehackernews.com/2021/11/critical-root-rce-bug-affects-multiple.html

資安事件新聞週報 2021/11/8 ~ 2021/11/12

 

資安事件新聞週報 2021/11/8  ~  2021/11/12

1.重大弱點漏洞/後門/Exploit/Zero Day
史上第一個能感染一切的漏洞現身，新型態「Trojan Source」供應鏈攻擊來襲
https://technews.tw/2021/11/09/trojan-source-bug-threatens-security-all-code/

Palo Alto Warns of Zero-Day Bug in Firewalls Using GlobalProtect Portal VPN
https://thehackernews.com/2021/11/palo-alto-warns-of-zero-day-bug-in.html

Windows 10老用戶注意！2004版微軟官方支援將於12月這天終止
https://3c.ltn.com.tw/news/46629

Microsoft Issues Patches for Actively Exploited Excel, Exchange Server 0-Day Bugs
https://thehackernews.com/2021/11/microsoft-issues-patches-for-actively.html

微軟Windows作業系統與應用程式存在多個安全漏洞
https://net.nthu.edu.tw/2009/mailing:announcement:20211111_01

Cisco 近日發布更新以解決多個產品的安全性弱點
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-dos-JOm9ETfO

資安事件新聞週報 2021/11/1 ~ 2021/11/5

 

資安事件新聞週報 2021/11/1  ~  2021/11/5

1.重大弱點漏洞/後門/Exploit/Zero Day
CISA要求美聯邦政府機關限時修補290項高風險軟硬體漏洞
https://www.ithome.com.tw/news/147648

U.S. Federal Agencies Ordered to Patch Hundreds of Actively Exploited Flaws
https://thehackernews.com/2021/11/us-federal-agencies-ordered-to-patch.html

Cisco 近日發布更新以解決多個產品的安全性弱點
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-dir-traversal-95UyW5tk

Sonicwall SonicOS 6.5.4 - 'Common Name' Cross-Site Scripting (XSS)
https://www.exploit-db.com/exploits/50485

phpMyAdmin 4.8.1 - Remote Code Execution (RCE)
https://www.exploit-db.com/exploits/50457

Hardcoded SSH Key in Cisco Policy Suite Lets Remote Hackers Gain Root Access
https://thehackernews.com/2021/11/hardcoded-ssh-key-in-cisco-policy-suite.html

Critical RCE Vulnerability Reported in Linux Kernel's TIPC Module
https://thehackernews.com/2021/11/critical-rce-vulnerability-reported-in.html