資安事件新聞週報 2021/8/23 ~ 2021/8/27

 資安事件新聞週報 2021/8/23  ~  2021/8/27

1.重大弱點漏洞/後門/Exploit/Zero Day

Cisco 近日發布更新以解決多個產品的安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/08/19/cisco-releases-security-updates-multiple-products

Cisco Small Business RV110W、RV130、RV130W 和 RV215W 路由器的通用隨插即用 (UPnP) 服務中存在一個漏洞
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-34730

Critical Flaw Discovered in Cisco APIC for Switches — Patch Released
https://thehackernews.com/2021/08/critical-flaw-discovered-in-cisco-apic.html

F5 Releases Critical Security Patch for BIG-IP and BIG-IQ Devices
https://thehackernews.com/2021/08/f5-releases-critical-security-patches.html

VMware Issues Patches to Fix New Flaws Affecting Multiple Products
https://thehackernews.com/2021/08/vmware-issues-patches-to-fix-new-flaws.html

Fortinet FortiWeb產品存在安全漏洞(CVE-2021-22123)
https://net.nthu.edu.tw/2009/mailing:announcement:20210823_01

NetGear D1500 V1.0.0.21_1.0.1PE - 'Wireless Repeater' Stored Cross-Site Scripting (XSS)
https://www.exploit-db.com/exploits/50201

SonicWall NetExtender 10.2.0.300 - Unquoted Service Path
https://www.exploit-db.com/exploits/50212

資安事件新聞週報 2021/8/16 ~ 2021/8/20

 資安事件新聞週報 2021/8/16  ~  2021/8/20

1.重大弱點漏洞/後門/Exploit/Zero Day
Unpatched Remote Hacking Flaw Disclosed in Fortinet's FortiWeb WAF
https://thehackernews.com/2021/08/unpatched-remote-hacking-zero-day-flaw.html

Hackers can bypass Cisco security products in data theft attacks
https://www.bleepingcomputer.com/news/security/hackers-can-bypass-cisco-security-products-in-data-theft-attacks/

Critical Flaw Found in Older Cisco Small Business Routers Won't Be Fixed
https://thehackernews.com/2021/08/critical-flaw-found-in-older-cisco.html

Cisco Releases Security Updates for Multiple Products
https://us-cert.cisa.gov/ncas/current-activity/2021/08/19/cisco-releases-security-updates-multiple-products

F5 BIG-IP 多個漏洞
https://www.hkcert.org/tc/security-bulletin/f5-big-ip-multiple-vulnerabilities_20210818

資安事件新聞週報 2021/8/9 ~ 2021/8/13

 資安事件新聞週報 2021/8/9  ~  2021/8/13

1.重大弱點漏洞/後門/Exploit/Zero Day
Pulse Secure VPNs Get New Urgent Update for Poorly Patched Critical Flaw
https://thehackernews.com/2021/08/pulse-secure-vpns-get-new-urgent-update.html

Ivanti 發布 Pulse Connect Secure 安全更新
https://us-cert.cisa.gov/ncas/current-activity/2021/08/06/ivanti-releases-security-update-pulse-connect-secure
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44858

IBM AIX 7.1、7.2 和 VIOS 3.1 版本存在權限驗證弱點
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-29741

近兩年駭客最常利用之29個漏洞資訊與修補方式
https://net.nthu.edu.tw/2009/mailing:announcement:20210811_02

滲透測試工具Cobalt Strike存在DoS漏洞，可以用來遏阻攻擊行動
https://www.ithome.com.tw/news/146069

VMware 發布修補多個產品的安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/08/05/vmware-releases-security-updates-multiple-products
https://www.vmware.com/security/advisories/VMSA-2021-0016.html

安全廠商釋出PetitPotam漏洞非官方修補程式
https://www.ithome.com.tw/news/146090

資安事件新聞週報 2021/8/2 ~ 2021/8/6

 資安事件新聞週報 2021/8/2  ~  2021/8/6

1.重大弱點漏洞/後門/Exploit/Zero Day
Technical Advisory: Pulse Connect Secure – RCE via Uncontrolled Archive Extraction – CVE-2021-22937 (Patch Bypass)
https://research.nccgroup.com/2021/08/05/technical-advisory-pulse-connect-secure-rce-via-uncontrolled-archive-extraction-cve-2021-22937-patch-bypass/

CHT Security Red Team Discovered Several Vulnerabilities in Well-Known Domestic CTS Web Transaction System
https://www.chtsecurity.com/news/40e165e2-e539-49bc-bcf1-e3b27c29e344

CHT Security Red Team Discovered Several Vulnerabilities in Well-Known Domestic CTS Web Transaction System
https://www.chtsecurity.com/news/40e165e2-e539-49bc-bcf1-e3b27c29e344

CHT Security Red Team Discovered Several Vulnerabilities in Well-Known Domestic CTS Web Transaction System
https://www.chtsecurity.com/news/40e165e2-e539-49bc-bcf1-e3b27c29e344

推動國內產品漏洞修補，TWCERT/CC已指派近200個CVE漏洞，近期發布品質並獲評雙最高等級
https://www.ithome.com.tw/news/146035

美、英、澳聯手公布2020年最常被利用的CVE漏洞
https://www.ithome.com.tw/news/146015