資安新聞及事件週報 2018/10/22 ~ 2018/10/26

資安新聞及事件週報  2018/10/22  ~  2018/10/26
1.重大弱點漏洞
研究人員公布D-Link路由器漏洞，牽涉8款產品，D-Link只修補2款
https://www.ithome.com.tw/news/126513
D-Link路由器又曝安全漏洞，且暫無修復補丁可用
https://www.hackeye.net/threatintelligence/16849.aspx
D-Link多型號路由器存在任意文件下載漏洞（CVE-2018-10822）
https://zhuanlan.zhihu.com/p/47444003
Serious D-Link router security flaws may never be patched
https://nakedsecurity.sophos.com/2018/10/19/serious-d-link-router-security-flaws-may-never-be-patched/
libssh 產品存在安全性弱點
https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/
Cisco 產品存在安全性弱點
https://tools.cisco.com/security/center/publicationListing.x
Advantech WebAccess 跨站脚本漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15703
jQuery知名外掛File Upload遭爆有存在超過8年的安全漏洞
https://www.ithome.com.tw/news/126529
jQuery File Upload 存在安全性弱點
https://www.anquanke.com/vul/id/1350246

資安新聞及事件週報 2018/10/15 ~ 2018/10/19

資安新聞及事件週報  2018/10/15  ~  2018/10/19
1.重大弱點漏洞
ClamAV 安全漏洞
https://www.anquanke.com/vul/id/1354791
Imperva SecureSphere 13 - Remote Command Execution
https://www.exploit-db.com/exploits/45542/
Solaris - RSH Stack Clash Privilege Escalation (Metasploit)
https://www.exploit-db.com/exploits/45625/
Red Hat 內核多個漏洞
https://www.auscert.org.au/bulletins/69914
研究人員公布D-Link路由器漏洞，牽涉8款產品，D-Link只修補2款
https://www.ithome.com.tw/news/126513?fbclid=IwAR0jmJiVL7p9P3KxSrDuetf0b86ORYrif70BYOz-ZOOjMmTtMD98P1i0k7o
libssh's server-side state machine before versions 0.7.6 and 0.8.4  vulnerability CVE-2018-10933
https://nvd.nist.gov/vuln/detail/CVE-2018-10933
The libssh “login with no password” bug – what you need to know [VIDEO]
https://nakedsecurity.sophos.com/2018/10/18/the-libssh-login-with-no-password-bug-what-you-need-to-know-video/
Security flaw in libssh leaves thousands of servers at risk of hijacking
https://www.zdnet.com/article/security-flaw-in-libssh-leaves-thousands-of-servers-at-risk-of-hijacking/
LibSSH Flaw Allows Hackers to Take Over Servers Without Password
https://bit.ly/2yJqJZd

資安新聞及事件週報 2018/10/08 ~ 2018/10/12

資安新聞及事件週報  2018/10/08  ~  2018/10/12
1.重大弱點漏洞
IBM DB2 本地提權漏洞
http://www-01.ibm.com/support/docview.wss?uid=swg21990061
速更新MikroTik路由器RouterOS，攔阻By the Way入侵技術&多項DoS風險
https://twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5031
慎防SNMP指令，能撈取Samsung SCX-6545X管理者帳密
https://twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5029
Baidu Browser安裝程序DLL搜索路徑漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0692
Unitrends Backup授權問題漏洞
https://www.anquanke.com/vul/id/1124153
【漏洞預警】西部數碼MyCloud個人NAS最新高危漏洞預警
http://www.freebuf.com/column/186296.html
Red Hat 內核多個漏洞
https://www.auscert.org.au/bulletins/69562

資安新聞及事件週報 2018/10/01 ~ 2018/10/05

資安新聞及事件週報  2018/10/01  ~  2018/10/05
1.重大弱點漏洞
Duo：蘋果遠端裝置管理服務DEP含有驗證缺陷
https://www.ithome.com.tw/news/126154
新的安全漏洞正影響CentOS 和Red Hat Linux 發行版
https://www.0276.org/22817.html
Vulnerability Spotlight: Adobe Acrobat Reader DC Collab reviewServer Remote Code Execution Vulnerability
https://blog.talosintelligence.com/2018/10/vuln-spot-adobe-reader-rce.html
高危Apache Struts漏洞CVE-2018-11776的相關信息
https://bit.ly/2O2FuRp
Google Hacker Discloses New Linux Kernel Vulnerability and PoC Exploit
https://bit.ly/2RbY0Ey
Google Chrome Omnibox跨站脚本漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15427
Google Chrome Chromecast未授權訪問漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15430
微软Windows 10更新十月版正式版最低系统需求公布
https://www.ithome.com/html/win10/386764.htm
Ubuntu 內核多個漏洞
https://www.auscert.org.au/bulletins/69134
你的 Wi-Fi 路由器有多安全？最新調查顯示 83％ 市售產品均有問題，其中 28％ 屬於高風險漏洞
https://bit.ly/2OuCfBE
研究：8成Wi-Fi路由器漏洞百出，平均逾180個
https://www.ithome.com.tw/news/126241