資安事件新聞週報 2021/8/23 ~ 2021/8/27
1.重大弱點漏洞/後門/Exploit/Zero Day
Cisco 近日發布更新以解決多個產品的安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/08/19/cisco-releases-security-updates-multiple-products
Cisco Small Business RV110W、RV130、RV130W 和 RV215W 路由器的通用隨插即用 (UPnP) 服務中存在一個漏洞
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-34730
Critical Flaw Discovered in Cisco APIC for Switches — Patch Released
https://thehackernews.com/2021/08/critical-flaw-discovered-in-cisco-apic.html
F5 Releases Critical Security Patch for BIG-IP and BIG-IQ Devices
https://thehackernews.com/2021/08/f5-releases-critical-security-patches.html
VMware Issues Patches to Fix New Flaws Affecting Multiple Products
https://thehackernews.com/2021/08/vmware-issues-patches-to-fix-new-flaws.html
Fortinet FortiWeb產品存在安全漏洞(CVE-2021-22123)
https://net.nthu.edu.tw/2009/mailing:announcement:20210823_01
NetGear D1500 V1.0.0.21_1.0.1PE - 'Wireless Repeater' Stored Cross-Site Scripting (XSS)
https://www.exploit-db.com/exploits/50201
SonicWall NetExtender 10.2.0.300 - Unquoted Service Path
https://www.exploit-db.com/exploits/50212
2021年8月27日 星期五
資安事件新聞週報 2021/8/23 ~ 2021/8/27
2021年8月20日 星期五
資安事件新聞週報 2021/8/16 ~ 2021/8/20
資安事件新聞週報 2021/8/16 ~ 2021/8/20
1.重大弱點漏洞/後門/Exploit/Zero Day
Unpatched Remote Hacking Flaw Disclosed in Fortinet's FortiWeb WAF
https://thehackernews.com/2021/08/unpatched-remote-hacking-zero-day-flaw.html
Hackers can bypass Cisco security products in data theft attacks
https://www.bleepingcomputer.com/news/security/hackers-can-bypass-cisco-security-products-in-data-theft-attacks/
Critical Flaw Found in Older Cisco Small Business Routers Won't Be Fixed
https://thehackernews.com/2021/08/critical-flaw-found-in-older-cisco.html
Cisco Releases Security Updates for Multiple Products
https://us-cert.cisa.gov/ncas/current-activity/2021/08/19/cisco-releases-security-updates-multiple-products
F5 BIG-IP 多個漏洞
https://www.hkcert.org/tc/security-bulletin/f5-big-ip-multiple-vulnerabilities_20210818
2021年8月13日 星期五
資安事件新聞週報 2021/8/9 ~ 2021/8/13
資安事件新聞週報 2021/8/9 ~ 2021/8/13
1.重大弱點漏洞/後門/Exploit/Zero Day
Pulse Secure VPNs Get New Urgent Update for Poorly Patched Critical Flaw
https://thehackernews.com/2021/08/pulse-secure-vpns-get-new-urgent-update.html
Ivanti 發布 Pulse Connect Secure 安全更新
https://us-cert.cisa.gov/ncas/current-activity/2021/08/06/ivanti-releases-security-update-pulse-connect-secure
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44858
IBM AIX 7.1、7.2 和 VIOS 3.1 版本存在權限驗證弱點
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-29741
近兩年駭客最常利用之29個漏洞資訊與修補方式
https://net.nthu.edu.tw/2009/mailing:announcement:20210811_02
滲透測試工具Cobalt Strike存在DoS漏洞,可以用來遏阻攻擊行動
https://www.ithome.com.tw/news/146069
VMware 發布修補多個產品的安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/08/05/vmware-releases-security-updates-multiple-products
https://www.vmware.com/security/advisories/VMSA-2021-0016.html
安全廠商釋出PetitPotam漏洞非官方修補程式
https://www.ithome.com.tw/news/146090
2021年8月6日 星期五
資安事件新聞週報 2021/8/2 ~ 2021/8/6
資安事件新聞週報 2021/8/2 ~ 2021/8/6
1.重大弱點漏洞/後門/Exploit/Zero Day
Technical Advisory: Pulse Connect Secure – RCE via Uncontrolled Archive Extraction – CVE-2021-22937 (Patch Bypass)
https://research.nccgroup.com/2021/08/05/technical-advisory-pulse-connect-secure-rce-via-uncontrolled-archive-extraction-cve-2021-22937-patch-bypass/
CHT Security Red Team Discovered Several Vulnerabilities in Well-Known Domestic CTS Web Transaction System
https://www.chtsecurity.com/news/40e165e2-e539-49bc-bcf1-e3b27c29e344
CHT Security Red Team Discovered Several Vulnerabilities in Well-Known Domestic CTS Web Transaction System
https://www.chtsecurity.com/news/40e165e2-e539-49bc-bcf1-e3b27c29e344
CHT Security Red Team Discovered Several Vulnerabilities in Well-Known Domestic CTS Web Transaction System
https://www.chtsecurity.com/news/40e165e2-e539-49bc-bcf1-e3b27c29e344
推動國內產品漏洞修補,TWCERT/CC已指派近200個CVE漏洞,近期發布品質並獲評雙最高等級
https://www.ithome.com.tw/news/146035
美、英、澳聯手公布2020年最常被利用的CVE漏洞
https://www.ithome.com.tw/news/146015