資安事件新聞週報 2020/8/24 ~ 2020/8/28

資安事件新聞週報 2020/8/24  ~  2020/8/28

1.重大弱點漏洞/後門/Exploit/Zero Day
Cisco 修補完成多個影響交換器、光纖儲存設備的嚴重資安漏洞
https://www.twcert.org.tw/tw/cp-104-3908-5b5bd-1.html

Google 修復可造成遠端執行任意程式碼的嚴重 Chrome 漏洞
https://www.twcert.org.tw/tw/cp-104-3905-b33da-1.html

Google Researcher Reported 3 Flaws in Apache Web Server Software
https://thehackernews.com/2020/08/apache-webserver-security.html

IBM Content Navigator 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4687

微軟緊急推出資安修補更新，修復兩個可提升執行權限的嚴重資安漏洞
https://www.twcert.org.tw/tw/cp-104-3891-5dc4f-1.html

New Jenkins Vulnerability Let Hackers Steal Sensitive Information By Obtain HTTP Response Headers
https://gbhackers.com/jenkins-vulnerability/

Alert!! Critical Bugs in Cisco Products Let Hackers Execute Arbitrary Code to Gain Admin Access
https://gbhackers.com/crtical-cisco-vulnerabilities/

資安事件新聞週報 2020/8/17 ~ 2020/8/21

資安事件新聞週報 2020/8/17  ~  2020/8/21

1.重大弱點漏洞/後門/Exploit/Zero Day
快更新Chrome瀏覽器！以免遭駭客遠距竊取個資
https://newtalk.tw/news/view/2020-08-11/449330

Google Chrome Stable Channel Update for Desktop
https://chromereleases.googleblog.com/2020/08/stable-channel-update-for-desktop_18.html

資安廠商發現以 Chromium 為基礎的瀏覽器，均存有可輕易跳過內容安全原則的嚴重 0-day 漏洞
https://www.twcert.org.tw/tw/cp-104-3857-87101-1.html

Apache HTTP Server 披露多個安全漏洞，騰訊主機安全支持檢測
https://www.chainnews.com/zh-hant/articles/515043208760.htm

PoC Exploit Targeting Apache Struts Surfaces on GitHub
https://threatpost.com/poc-exploit-github-apache-struts/158393/

TeamViewer存在安全漏洞，用戶密碼可被破解
https://www.freebuf.com/vuls/246200.html

數十億用戶可能受影響 - Chrome 瀏覽器發現了一個存在最少 1 年的漏洞
https://hk.xfastest.com/65062/chrome-cve-2020-6519/

Citrix Endpoint Management 多個高危漏洞通告
https://www.anquanke.com/post/id/214023

資安事件新聞週報 2020/8/10 ~ 2020/8/14

資安事件新聞週報 2020/8/10  ~  2020/8/14

1.重大弱點漏洞/後門/Exploit/Zero Day
高通、聯發科Wi-Fi晶片發現漏洞，訊號傳輸、數據封包恐被攔截
https://www.bnext.com.tw/article/58801/krook-serious-vulnerability-affected-encryption-billion-wifi-devices-qualcomm-mediatek

TeamViewer 曝漏洞 瀏覽特定網頁即可被無密碼入侵
https://www.chainnews.com/zh-hant/articles/996871847939.htm

安全研究人員：衛星網路含有可被竊聽的安全漏洞
https://www.ithome.com.tw/news/139281

路由器，交換機和 AnyConnect VPN 中的高度嚴重漏洞
https://www.chainnews.com/zh-hant/articles/384089921935.htm

Windows 10再爆Print Spooler組件漏洞曾修復一次但被繞過
https://www.sohu.com/a/412020059_99956743

Intel, ARM, IBM, AMD Processors Vulnerable to New Side-Channel Attacks
https://thehackernews.com/2020/08/foreshadow-processor-vulnerability.html

FreeBSD 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7459

Kibana拒絕服務和跨站腳本漏洞預警
https://www.secrss.com/articles/24531

OpenSSL中的漏洞影響IBM Flex系統網絡交換機（CVE-2015-0286）
https://support.lenovo.com/hk/zh/solutions/ht116251/

資安事件新聞週報 2020/8/3 ~ 2020/8/7

資安事件新聞週報 2020/8/3  ~  2020/8/7

1.重大弱點漏洞/後門/Exploit/Zero Day
D-Link DIR-816L命令注入漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15893

GRUB 多個漏洞
https://www.hkcert.org/my_url/zh/alert/20073004

Critical GRUB2 Bootloader Bug Affects Billions of Linux and Windows Systems
https://thehackernews.com/2020/07/grub2-bootloader-vulnerability.html

全球數十億筆電與伺服器危矣！BootHole漏洞無差別攻擊Linux及Windows作業系統
https://reurl.cc/O1dOeD

Vulnerability Spotlight: Microsoft issues security update for Azure Sphere
https://blog.talosintelligence.com/2020/07/vuln-spotlight-azure-sphere-july-2020.html

Netgear 產品遠端執行任意程式碼漏洞
https://kb.netgear.com/000062158/Security-Advisory-for-Pre-Authentication-Command-Injection-on-R8300-PSV-2020-0211
https://kb.netgear.com/000062127/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-R6700v3-PSV-2020-0202

資安防護有漏洞？IG傳偷開用戶攝像頭 官方回應：系統程式錯誤
https://life.tw/?app=view&no=1117657

從 MicroStrategy 入手發現 Facebook 的 XSS 漏洞
https://www.chainnews.com/zh-hant/articles/279335819156.htm