資安事件新聞週報 2019/8/26 ~ 2019/8/30
1.重大弱點漏洞/後門/Exploit/Zero Day
2019年HITCON ZeroDay漏洞通報現況,注意弱密碼問題通報數量增,還有人才媒合新功能上線
https://www.ithome.com.tw/news/132620
企業弱密碼今年狂被駭!HITCON資安漏洞申報平台連台電、群暉都拜託「抓漏」
http://bit.ly/2PfQM5x
Kubernetes嚴重漏洞致服務器DoS攻擊
https://www.4hou.com/vulnerable/19863.html
IBM WebSphere Application Server 多個漏洞
https://www-01.ibm.com/support/docview.wss?uid=ibm10964780
台灣資安公司揭露多家企業級 VPN 服務漏洞後,駭客便用來攔截流量
https://www.twcert.org.tw/subpages/securityInfo/securitypolicy_details.aspx?id=919
Palo Alto PAN-OS 多個漏洞
https://securityadvisories.paloaltonetworks.com/Home/Detail/159
https://securityadvisories.paloaltonetworks.com/Home/Detail/160
https://securityadvisories.paloaltonetworks.com/Home/Detail/161
Palo Alto Networks PAN-OS 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1582
Cisco 多個產品發布新的安全更新
https://www.us-cert.gov/ncas/current-activity/2019/08/22/cisco-releases-security-updates
思科 NX-OS 多個漏洞
https://tools.cisco.com/security/center/publicationListing.x
2019年8月30日 星期五
2019年8月23日 星期五
資安事件新聞週報 2019/8/19 ~ 2019/8/23
資安事件新聞週報 2019/8/19 ~ 2019/8/23
1.重大弱點漏洞/後門/Exploit/Zero Day
卡巴斯基殺毒軟件被曝出用戶上網痕跡洩露漏洞
https://zhuanlan.zhihu.com/p/78480931
被HTTP/2漏洞拖累,所有Kubernetes版本受影響
https://www.kubernetes.org.cn/5746.html
UK cybersecurity agency warns devs to drop Python 2 due to looming EOL & security risks
https://www.zdnet.com/article/uk-cybersecurity-agency-warns-devs-to-drop-python-2-due-to-looming-eol-security-risks/#ftag=RSSbaffb68
npm撤下含有可竊取登入憑證的bb-builder套件
https://www.ithome.com.tw/news/132572
npm Pulls Malicious Package that Stole Login Passwords
https://www.bleepingcomputer.com/news/security/npm-pulls-malicious-package-that-stole-login-passwords/
The NPM package that walked away with all your passwords
https://blog.reversinglabs.com/blog/the-npm-package-that-walked-away-with-all-your-passwords
IBM WebSphere Application Server 多個漏洞
https://www-01.ibm.com/support/docview.wss?uid=ibm10964780
1.重大弱點漏洞/後門/Exploit/Zero Day
卡巴斯基殺毒軟件被曝出用戶上網痕跡洩露漏洞
https://zhuanlan.zhihu.com/p/78480931
被HTTP/2漏洞拖累,所有Kubernetes版本受影響
https://www.kubernetes.org.cn/5746.html
UK cybersecurity agency warns devs to drop Python 2 due to looming EOL & security risks
https://www.zdnet.com/article/uk-cybersecurity-agency-warns-devs-to-drop-python-2-due-to-looming-eol-security-risks/#ftag=RSSbaffb68
npm撤下含有可竊取登入憑證的bb-builder套件
https://www.ithome.com.tw/news/132572
npm Pulls Malicious Package that Stole Login Passwords
https://www.bleepingcomputer.com/news/security/npm-pulls-malicious-package-that-stole-login-passwords/
The NPM package that walked away with all your passwords
https://blog.reversinglabs.com/blog/the-npm-package-that-walked-away-with-all-your-passwords
IBM WebSphere Application Server 多個漏洞
https://www-01.ibm.com/support/docview.wss?uid=ibm10964780
2019年8月16日 星期五
資安事件新聞週報 2019/8/12 ~ 2019/8/16
資安事件新聞週報 2019/8/12 ~ 2019/8/16
1.重大弱點漏洞/後門/Exploit/Zero Day
Steam驚爆安全漏洞 逾1億玩家恐受影響
https://newtalk.tw/news/view/2019-08-11/284396
托最新藍牙漏洞的“福”,我險些把小電影和賬戶密碼親手給黑客
https://tech.ifeng.com/c/7p8gRStrlcA
JVNVU#90240762 Bluetooth BR/EDR での暗号鍵エントロピーのネゴシエーションにおける問題
https://jvn.jp/vu/JVNVU90240762/
賽門鐵克防毒軟體和Windows SHA-2不相容,微軟暫停更新
https://www.ithome.com.tw/news/132435
Kasper-Spy: Kaspersky Anti-Virus puts users at risk
https://www.heise.de/ct/artikel/Kasper-Spy-Kaspersky-Anti-Virus-puts-users-at-risk-4496138.html
Kaspersky Antivirus Flaw Exposed Users to Cross-Site Tracking Online
https://thehackernews.com/2019/08/kaspersky-antivirus-online-tracking.html
Trend Micro fixes privilege escalation security flaw in Password Manager
https://www.zdnet.com/article/trend-micro-fixes-hijack-security-flaw-in-password-manager/#ftag=RSSbaffb68
Trend Micro Password Manager - Privilege Escalation to SYSTEM
https://safebreach.com/Post/Trend-Micro-Password-Manager-Privilege-Escalation-to-SYSTEM
HTTP/2含有多個服務阻斷漏洞,亞馬遜、臉書、蘋果、微軟全遭殃
https://www.ithome.com.tw/news/132414
8 New HTTP/2 Implementation Flaws Expose Websites to DoS Attacks
https://thehackernews.com/2019/08/http2-dos-vulnerability.html
New HTTP/2 Flaws Expose Unpatched Web Servers to DoS Attacks
https://www.bleepingcomputer.com/news/security/new-http-2-flaws-expose-unpatched-web-servers-to-dos-attacks/
1.重大弱點漏洞/後門/Exploit/Zero Day
Steam驚爆安全漏洞 逾1億玩家恐受影響
https://newtalk.tw/news/view/2019-08-11/284396
托最新藍牙漏洞的“福”,我險些把小電影和賬戶密碼親手給黑客
https://tech.ifeng.com/c/7p8gRStrlcA
JVNVU#90240762 Bluetooth BR/EDR での暗号鍵エントロピーのネゴシエーションにおける問題
https://jvn.jp/vu/JVNVU90240762/
賽門鐵克防毒軟體和Windows SHA-2不相容,微軟暫停更新
https://www.ithome.com.tw/news/132435
Kasper-Spy: Kaspersky Anti-Virus puts users at risk
https://www.heise.de/ct/artikel/Kasper-Spy-Kaspersky-Anti-Virus-puts-users-at-risk-4496138.html
Kaspersky Antivirus Flaw Exposed Users to Cross-Site Tracking Online
https://thehackernews.com/2019/08/kaspersky-antivirus-online-tracking.html
Trend Micro fixes privilege escalation security flaw in Password Manager
https://www.zdnet.com/article/trend-micro-fixes-hijack-security-flaw-in-password-manager/#ftag=RSSbaffb68
Trend Micro Password Manager - Privilege Escalation to SYSTEM
https://safebreach.com/Post/Trend-Micro-Password-Manager-Privilege-Escalation-to-SYSTEM
HTTP/2含有多個服務阻斷漏洞,亞馬遜、臉書、蘋果、微軟全遭殃
https://www.ithome.com.tw/news/132414
8 New HTTP/2 Implementation Flaws Expose Websites to DoS Attacks
https://thehackernews.com/2019/08/http2-dos-vulnerability.html
New HTTP/2 Flaws Expose Unpatched Web Servers to DoS Attacks
https://www.bleepingcomputer.com/news/security/new-http-2-flaws-expose-unpatched-web-servers-to-dos-attacks/
2019年8月9日 星期五
資安事件新聞週報 2019/8/5 ~ 2019/8/9
資安事件新聞週報 2019/8/5 ~ 2019/8/9
1.重大弱點漏洞/後門/Exploit/Zero Day
PuTTY繼0.71版本修正8個高風險漏洞後,再次更新0.72版本
http://bit.ly/2YDMIM5
修補 Fortigate SSL VPN Web門戶中的不正當授權漏洞
https://ithelp.ithome.com.tw/articles/10212691
研究者警告:眾多Jira伺服器的錯誤配置,讓員工及專案資訊全曝光
https://www.ithome.com.tw/news/132265
研究人員發現可劫持數百萬Android裝置的高通晶片漏洞
https://www.ithome.com.tw/news/132291
DRAGONBLOOD新漏洞劫持WPA3密碼
https://www.4hou.com/vulnerable/19554.html
IBM WebSphere Application Server 多個漏洞
https://www-01.ibm.com/support/docview.wss?uid=ibm10960159
https://www-01.ibm.com/support/docview.wss?uid=ibm10888425
NVIDIA Patches High Severity Flaws in Windows GPU Display Driver
https://www.bleepingcomputer.com/news/security/nvidia-patches-high-severity-flaws-in-windows-gpu-display-driver/
NVIDIA顯卡驅動被曝5個高危漏洞官方建議升級最新版
http://www.elecfans.com/emb/dsp/201908041031073.html
VMWare 產品多個漏洞
https://www.vmware.com/security/advisories/VMSA-2019-0012.html
1.重大弱點漏洞/後門/Exploit/Zero Day
PuTTY繼0.71版本修正8個高風險漏洞後,再次更新0.72版本
http://bit.ly/2YDMIM5
修補 Fortigate SSL VPN Web門戶中的不正當授權漏洞
https://ithelp.ithome.com.tw/articles/10212691
研究者警告:眾多Jira伺服器的錯誤配置,讓員工及專案資訊全曝光
https://www.ithome.com.tw/news/132265
研究人員發現可劫持數百萬Android裝置的高通晶片漏洞
https://www.ithome.com.tw/news/132291
DRAGONBLOOD新漏洞劫持WPA3密碼
https://www.4hou.com/vulnerable/19554.html
IBM WebSphere Application Server 多個漏洞
https://www-01.ibm.com/support/docview.wss?uid=ibm10960159
https://www-01.ibm.com/support/docview.wss?uid=ibm10888425
NVIDIA Patches High Severity Flaws in Windows GPU Display Driver
https://www.bleepingcomputer.com/news/security/nvidia-patches-high-severity-flaws-in-windows-gpu-display-driver/
NVIDIA顯卡驅動被曝5個高危漏洞官方建議升級最新版
http://www.elecfans.com/emb/dsp/201908041031073.html
VMWare 產品多個漏洞
https://www.vmware.com/security/advisories/VMSA-2019-0012.html
2019年8月2日 星期五
資安事件新聞週報 2019/7/29 ~ 2019/8/2
資安事件新聞週報 2019/7/29 ~ 2019/8/2
1.重大弱點漏洞/後門/Exploit/Zero Day
Critical Flaws in 'OXID eShop' Software Expose eCommerce Sites to Hacking
https://thehackernews.com/2019/07/oxid-eshop-ecommerce.html
LibreOffice 遠端執行任意程式碼漏洞
https://nvd.nist.gov/vuln/detail/CVE-2019-9848
Cisco Catalyst 3850 Series Device Manager - Cross-Site Request Forgery
https://www.exploit-db.com/exploits/47203
Oracle WebLogic遠程命令執行漏洞預警
http://www.oracle-training.cc/jiaocheng/8267850.html
JVNVU#99222951 Oracle Solaris における任意のコード実行の脆弱性
https://jvn.jp/vu/JVNVU99222951/
Symantec Endpoint Protection 提升權限漏洞
https://support.symantec.com/us/en/article.SYMSA1487.html
Fortinet 產品繞過保安限制漏洞
https://fortiguard.com/psirt/FG-IR-16-090
https://fortiguard.com/psirt/FG-IR-19-111
1.重大弱點漏洞/後門/Exploit/Zero Day
Critical Flaws in 'OXID eShop' Software Expose eCommerce Sites to Hacking
https://thehackernews.com/2019/07/oxid-eshop-ecommerce.html
LibreOffice 遠端執行任意程式碼漏洞
https://nvd.nist.gov/vuln/detail/CVE-2019-9848
Cisco Catalyst 3850 Series Device Manager - Cross-Site Request Forgery
https://www.exploit-db.com/exploits/47203
Oracle WebLogic遠程命令執行漏洞預警
http://www.oracle-training.cc/jiaocheng/8267850.html
JVNVU#99222951 Oracle Solaris における任意のコード実行の脆弱性
https://jvn.jp/vu/JVNVU99222951/
Symantec Endpoint Protection 提升權限漏洞
https://support.symantec.com/us/en/article.SYMSA1487.html
Fortinet 產品繞過保安限制漏洞
https://fortiguard.com/psirt/FG-IR-16-090
https://fortiguard.com/psirt/FG-IR-19-111
訂閱:
文章 (Atom)