資安新聞及事件週報 2017/4/24 ~ 2017/4/28

資安新聞及事件週報  2017/4/24 ~ 2017/4/28

1.重大弱點漏洞
  【威脅通告】思科集成管理控制器(IMC)遠程代碼執行漏洞
  http://blog.nsfocus.net/cisco-imc-remote-code-execution-vulnerability/
 
  Apple iOS/tvOS/macOS/watchOS 漏洞 CVE-2017-2435
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2435


  Trend Micro OfficeScan 多個漏洞
  https://success.trendmicro.com/solution/1117204-security-bulletin-trend-micro-officescan-11-xg-multiple-vulnerabilities
 
  Linksys 路由器多個漏洞
  http://blog.ioactive.com/2017/04/linksys-smart-wi-fi-vulnerabilities.html


  Cisco Wireless LAN Controller 漏洞 CVE-2016-6375
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6375
 
  NSA 利用微軟漏洞監視客戶，SWIFT 敦促全球銀行用戶增強安全意識；Snapchat 170 萬用戶數據慘遭洩露
  http://chuansong.me/n/1781793552464
 
  Apache Tomcat 近日發布多款產品存在安全弱點
  https://www.us-cert.gov/ncas/current-activity/2017/04/12/Apache-Software-Foundation-Releases-Security-Updates
 

資安新聞及事件週報 2017/4/17 ~ 2017/4/21

資安新聞及事件週報  2017/4/17 ~ 2017/4/21

1.重大弱點漏洞
  ISC BIND 存在多個安全性弱點
  https://www.us-cert.gov/ncas/current-activity/2017/04/12/ISC-Releases-Security-Updates-BIND
  https://kb.isc.org/article/AA-01465/
 
  Cisco 多項產品存在安全弱點
  https://www.us-cert.gov/ncas/current-activity/2017/04/06/Cisco-Releases-Security-Updates
 
  思科 IOS 及 IOS XE 阻斷服務漏洞
  https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-energywise
 
  Juniper Junos 多個漏洞
  https://www.auscert.org.au/render.html?it=46470
 
  【緊急】LINKSYS 無線路由出漏洞　籲用戶停訪客網絡改密碼
  http://ppt.cc/4Rj4a
 
  Linksys旗下25款路由器被爆存在安全漏洞
  https://kknews.cc/tech/qyajylg.html
 

資安新聞及事件週報 2017/4/10 ~ 2017/4/14

資安新聞及事件週報  2017/4/10 ~ 2017/4/14

1.重大弱點漏洞
  Microsoft Office Word 版本之物件連結與嵌入(OLE) 存在零時差漏洞
  http://www.nccst.nat.gov.tw/VulnerabilityDetail?lang=zh&seq=1056
  http://www.ithome.com.tw/news/113340
  https://www.cybersecurity-help.cz/vdb/SB2017040901
  https://www.fireeye.com/blog/threat-research/2017/04/acknowledgement_ofa.html
  https://securingtomorrow.mcafee.com/mcafee-labs/critical-office-zero-day-attacks-detected-wild
  https://support.office.com/en-us/article/What-is-Protected-View-d6f09ac7-e6b9-4495-8e43-2bbcdbcb6653
  http://thehackernews.com/2017/04/microsoft-word-zero-day.html


  McAfee：駭客以零時攻擊程式入侵微軟系統漏洞，影響所有Office用戶
  http://www.ithome.com.tw/news/113340
  
  儘快安裝修補程式！微軟 Word 漏洞影響上百萬人
  http://technews.tw/2017/04/12/word-zero-day-vulnerability-affect-millions-it-should-be-update-and-packed-immediately/


  微軟發佈安全更新，其中包含Office零時差漏洞
  https://technet.microsoft.com/en-us/security/bulletins.aspx
  https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199-hta-handler.html


  Openbsd 漏洞 CVE-2017-5850
  http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5850


  NTP 漏洞 CVE-2017-6463
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6463


  WebKitGTK+ Late TLS 漏洞
  https://webkitgtk.org/security/WSA-2015-0002.html


  AlienVault OSSIM和USM身份驗證繞過漏洞
  https://www.alienvault.com/forums/discussion/7765/alienvault-v5-3-1-hotfix

資安新聞及事件週報 2017/4/3 ~ 2017/4/7

資安新聞及事件週報  2017/4/3 ~ 2017/4/7

1.重大弱點漏洞
  VMware修補了被駭客競賽pwn2own攻陷的4個漏洞
  http://www.ithome.com.tw/news/113171


  Adobe Acrobat Force-Installed Vulnerable Chrome Extension
  https://www.seebug.org/vuldb/ssvid-92859


  技嘉兩款迷你準系統UEFI韌體遭爆有漏洞，有被植入勒贖軟體風險
  http://www.ithome.com.tw/news/113231


  Splunk 修復安全漏洞：誘導用戶訪問惡意網站，洩露個人信息
  http://hackernews.cc/archives/8370
 
  Splunk Enterprise 多個漏洞 CVE-2017-5607
  http://securitytracker.com/
  http://www.splunk.com/view/SP-CAAAPZ3


  That sound you hear is Splunk leaking data
  http://go.theregister.com/feed/www.theregister.co.uk/2017/04/03/that_sound_you_hear_is_splunk_leaking_data/


  安全審計人員發現16項NTP安全漏洞
  http://www.ifuun.com/a2017411559497/