資安事件新聞週報 2022/2/21 ~ 2022/2/25

 資安事件新聞週報 2022/2/21  ~  2022/2/25

1.重大弱點漏洞/後門/Exploit/Zero Day
Cisco 近日發布更新以解決多個產品的安全性弱點
https://tools.cisco.com/security/center/publicationListing.x

New Flaws Discovered in Cisco's Network Operating System for Switches
https://thehackernews.com/2022/02/new-flaws-discovered-in-ciscos-network.html

CISA Alerts on Actively Exploited Flaws in Zabbix Network Monitoring Platform
https://thehackernews.com/2022/02/cisa-alerts-on-actively-exploited-flaws.html

伺服器監控工具Zabbix驚傳嚴重漏洞，恐導致繞過身分驗證在伺服器上執行任意程式碼
https://blog.sonarsource.com/zabbix-case-study-of-unsafe-session-storage

資安事件新聞週報 2022/2/14 ~ 2022/2/18

 資安事件新聞週報 2022/2/14  ~  2022/2/18

1.重大弱點漏洞/後門/Exploit/Zero Day
Log4j2 In The Wild | Iranian-Aligned Threat Actor TunnelVision Actively Exploiting VMware Horizon
https://reurl.cc/mGpaEW

又是鎖定Log4Shell漏洞，對VMware遠距工作平臺的攻擊行動，這次動手的是伊朗駭客TunnelVision
https://reurl.cc/mGpaEW

針對可被攻擊者用於規避掃描的弱點，微軟疑似悄悄修補了Windows防毒軟體
https://reurl.cc/g0r9LR

微軟修補了讓駭客繞過Defender掃瞄的漏洞
https://www.ithome.com.tw/news/149373

Microsoft 推出 2022 年 2 月 Patch Tuesday 資安修補包
https://blog.twnic.tw/2022/02/15/21865/

微軟Windows作業系統存在多個安全漏洞
https://ic.cgu.edu.tw/p/16-1016-86908.php?Lang=zh-tw

非關聯式資料庫Apache Cassandra出現RCE漏洞
https://reurl.cc/zMQ0x0

資安事件新聞週報 2022/2/7 ~ 2022/2/11

 資安事件新聞週報 2022/2/7  ~  2022/2/11

1.重大弱點漏洞/後門/Exploit/Zero Day
Samba 漏洞 CVE-2021-44142 分析與修補
https://blog.trendmicro.com.tw/?p=71235

企業應立即修補Samba 開放原始碼軟體漏洞
https://www.informationsecurity.com.tw/article/article_detail_2021.aspx?aid=9698

Samba 產品存在多個安全性弱點
https://www.samba.org/samba/security/CVE-2022-0336.html

Samba Out-of-Bounds Heap R/W 遠端執行代碼弱點（RCE）
https://www.zerodayinitiative.com/blog/2022/2/1/cve-2021-44142-details-on-a-samba-code-execution-bug-demonstrated-at-pwn2own-austin

資安事件新聞週報 2022/1/31 ~ 2022/2/4

 資安事件新聞週報 2022/1/31  ~  2022/2/4

1.重大弱點漏洞/後門/Exploit/Zero Day
Samba Out-of-Bounds Heap R/W 遠端執行代碼弱點（RCE） CVE-2021-44142
https://www.samba.org/samba/security/CVE-2021-44142.html

Samba 修補高風險漏洞，不讓攻擊者藉此以root權限遠端執行程式碼
https://www.ithome.com.tw/news/149175

CVE-2021-44142: DETAILS ON A SAMBA CODE EXECUTION BUG DEMONSTRATED AT PWN2OWN AUSTIN
https://reurl.cc/ZrVKdl

The Samba Vulnerability: What is CVE-2021-44142 and How to Fix It
https://reurl.cc/dXyNb8

UEFI韌體程式碼爆23項漏洞，影響微軟、Dell、HPE等業者
https://www.ithome.com.tw/news/149203

Apache Log4j存在安全漏洞(CVE-2021-44228)，允許攻擊者遠端執行任意程式碼
https://ic.cgu.edu.tw/p/16-1016-90950.php?Lang=zh-tw

Log4j漏洞引爆開源軟體安全議題，OpenSSF基金會扛起重擔，推動修補大量軟體漏洞的計畫
https://www.ithome.com.tw/news/149179

Log4j exploit hits again: vulnerable Unifi Network application (Ubiquiti)
https://blog.morphisec.com/log4j-exploit-targets-vulnerable-unifi-network-applications

CISA Warns of Critical Vulnerabilities Discovered in Airspan Networks Mimosa
https://thehackernews.com/2022/02/cisa-warns-of-critical-vulnerabilities.html