資安事件新聞週報 2022/1/24 ~ 2022/1/28

 資安事件新聞週報 2022/1/24  ~  2022/1/28

1.重大弱點漏洞/後門/Exploit/Zero Day
Patching the CentOS 8 Encryption Bug is Urgent – What Are Your Plans
https://thehackernews.com/2022/01/patching-centos-8-encryption-bug-is.html

Apple Releases iOS and macOS Updates to Patch Actively Exploited 0-Day Vulnerability
https://thehackernews.com/2022/01/apple-releases-ios-and-ipados-updates.html

12-Year-Old Polkit Flaw Lets Unprivileged Linux Users Gain Root Access
https://thehackernews.com/2022/01/12-year-old-polkit-flaw-lets.html

Linux PolicyKit 嚴重安全漏洞：Pwnkit被揭露
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9696

Linux 12年漏洞可讓駭客以根權限執行程式碼，影響所有發行版
https://www.ithome.com.tw/news/149096

Oracle WebLogic Server 14.1.1.0.0 - Local File Inclusion
https://www.exploit-db.com/exploits/50688

資安事件新聞週報 2022/1/17 ~ 2022/1/21

 資安事件新聞週報 2022/1/17  ~  2022/1/21

1.重大弱點漏洞/後門/Exploit/Zero Day
微軟推出 2022 年一月份 Patch Tuesday 軟體更新修補包
https://www.informationsecurity.com.tw/article/article_detail.aspx?tv=11&aid=9675

Microsoft 已發布安全更新，以解決多版本 Windows HTTP 遠端程式碼執行弱點
https://github.com/antx-code/CVE-2022-21907

Microsoft Exchange Server 遠端指令的弱點
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-21846

Microsoft 已發布安全更新，以解決多版本 Windows HTTP 遠端程式碼執行弱點
https://www.klcg.gov.tw/tw/education/3522-250411.html

Windows IKE Extension 存在拒絕服務的弱點
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-21848

資安事件新聞週報 2022/1/10 ~ 2022/1/14

 資安事件新聞週報 2022/1/10  ~  2022/1/14

1.重大弱點漏洞/後門/Exploit/Zero Day
HP發布多款HP雷射印表機、多功能事務機及掃描器存在安全弱點
https://support.hp.com/us-en/document/ish_5000124-5000148-16

Citrix Workspace app存在安全性弱點
https://support.citrix.com/article/CTX338435

BeyondTrust Secure Remote Access Base Software 6.0.1 可讓攻擊者使用 XSS/CSRF 攻擊使管理員創建一個新的管理員帳戶
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-31589

sun_moon_jingyao Shockwall系統的服務器請求接收器功能存在不正確的身份驗證漏洞
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-45917

transloadit uppy易受伺服器端請求偽造（SSRF）的攻擊
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2022-0086

資安事件新聞週報 2022/1/3 ~ 2022/1/7

 資安事件新聞週報 2022/1/3  ~  2022/1/7

1.重大弱點漏洞/後門/Exploit/Zero Day
Log4j 事件會延燒數個月,甚至數年?這漏洞為何如此危險
https://blog.trendmicro.com.tw/?p=70925

美國政府要求企業必須保障客戶資料不受 Log4j 漏洞攻擊影響
https://www.twcert.org.tw/tw/cp-104-5447-b5264-1.html

中國駭客組織疑利用 Log4j 漏洞攻擊
https://technews.tw/2022/01/04/china-based-group-used-log4j-flaw-in-attack/

New Apache Log4j Update Released to Patch Newly Discovered Vulnerability
https://thehackernews.com/2021/12/new-apache-log4j-update-released-to.html

Log4Shell-like Critical RCE Flaw Discovered in H2 Database Console
https://thehackernews.com/2022/01/log4shell-like-critical-rce-flaw.html

Microsoft Warns of Continued Attacks Exploiting Apache Log4j Vulnerabilities
https://thehackernews.com/2022/01/microsoft-warns-of-continued-attacks.html

Microsoft Issues Fix for Exchange Y2K22 Bug That Crippled Email Delivery Service
https://thehackernews.com/2022/01/microsoft-issues-fix-for-exchange-y2k22.html

已有駭客著手開採微軟本月未修補完全的Windows Installer漏洞
https://reurl.cc/bkzA3l

Security bulletin: Security Bulletin: There are multiple vulnerabilities
in the Apache Log4j used in IBM® QRadar Risk Manager that may allow for remote code execution (RCE)
https://reurl.cc/dXVlND