資安事件新聞週報 2022/4/25 ~ 2022/4/29

 資安事件新聞週報 2022/4/25  ~  2022/4/29

1.重大弱點漏洞/後門/Exploit/Zero Day
Cisco 近日發布更新以解決多個產品的安全性弱點
https://tools.cisco.com/security/center/publicationListing.x

惡意軟體檢測平臺VirusTotal出現RCE漏洞
https://www.cysrc.com/blog/virus-total-blog/

仍有大量用戶使用存在Log4Shell漏洞的Log4j
https://www.rezilion.com/log4shell-4-months-later/

又有駭客鎖定4月初VMware公布身分驗證系統的漏洞，發動惡意軟體攻擊
https://blog.morphisec.com/vmware-identity-manager-attack-backdoor

資安事件新聞週報 2022/4/18 ~ 2022/4/22

 資安事件新聞週報 2022/4/18  ~  2022/4/22

1.重大弱點漏洞/後門/Exploit/Zero Day
Oracle Critical Patch Update for April 2022
https://www.oracle.com/corporate/security-practices/assurance/vulnerability/security-fixing.html

Juniper 近日發布更新以解決多個產品的安全性弱點
https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sort=date%20descending&f:ctype=[Security%20Advisories]
https://supportportal.juniper.net/s/article/2022-04-Security-Bulletin-Contrail-Networking-Multiple-Vulnerabilities-have-been-resolved-in-Contrail-Networking-release-2011-L4?language=en_US

思科修補可繞過身分認證的無線網路控制器韌體漏洞
https://www.ithome.com.tw/news/150464

思科資安解決方案的管理遠端存取機制存在漏洞，恐被攻擊者竊取管理員帳密
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uva-static-key-6RQTRs4c

Cisco Releases Security Patches for TelePresence, RoomOS and Umbrella VA
https://thehackernews.com/2022/04/cisco-releases-security-patches-for.html

資安事件新聞週報 2022/4/11 ~ 2022/4/15

 資安事件新聞週報 2022/4/11  ~  2022/4/15

1.重大弱點漏洞/後門/Exploit/Zero Day
Apple 緊急發布2個零日漏洞補丁
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9796

Critical Auth Bypass Bug Reported in Cisco Wireless LAN Controller Software
https://thehackernews.com/2022/04/critical-auth-bypass-bug-reported-in.html

Microsoft Issues Patches for 2 Windows Zero-Days and 126 Other Vulnerabilities
https://thehackernews.com/2022/04/microsoft-issues-patches-for-2-windows.html

Critical LFI Vulnerability Reported in Hashnode Blogging Platform
https://thehackernews.com/2022/04/critical-lfi-vulnerability-reported-in.html

網頁伺服器Nginx傳出與LDAP有關的零時差漏洞
https://securityonline.info/nginx-zero-day-rce-vulnerability-alert/

NGINX Shares Mitigations for Zero-Day Bug Affecting LDAP Implementation
https://thehackernews.com/2022/04/nginx-shares-mitigations-for-zero-day.html

資安事件新聞週報 2022/4/4 ~ 2022/4/8

 資安事件新聞週報 2022/4/4  ~  2022/4/8

1.重大弱點漏洞/後門/Exploit/Zero Day
Beastmode DDoS Botnet Exploiting New TOTOLINK Bugs to Enslave More Routers
https://thehackernews.com/2022/04/beastmode-ddos-botnet-exploiting-new.html

CISA Warns of Active Exploitation of Critical Spring4Shell Vulnerability
https://thehackernews.com/2022/04/cisa-warns-of-active-exploitation-of.html

Spring Core出現零時差遠端程式攻擊弱點
https://tanzu.vmware.com/security/cve-2022-22950
https://tanzu.vmware.com/security/cve-2022-22963
https://thehackernews.com/2022/03/unpatched-java-spring-framework-0-day.html?fbclid=IwAR2Fg7nYqASDEY1QJXVDn1OqzqqQvVeI_wxCTGlQ6m9mtH2XiDGGy4Vsdew&m=1

Java開發框架再傳Spring4Shell漏洞 是否會引發更大的資安風暴
https://reurl.cc/jkxQ62

資安事件新聞週報 2022/3/28 ~ 2022/4/1

 資安事件新聞週報 2022/3/28  ~  2022/4/1

1.重大弱點漏洞/後門/Exploit/Zero Day
Unpatched Java Spring Framework 0-Day RCE Bug Threatens Enterprise Web Apps Security
https://thehackernews.com/2022/03/unpatched-java-spring-framework-0-day.html

Spring Core出現零時差遠端程式攻擊漏洞
https://www.ithome.com.tw/news/150201

Spring修補SpringShell漏洞
https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement

Spring4shell 來襲！繼 Log4Shell 後又一 Java 生態系嚴重漏洞出現
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9792

QNAP Warns of OpenSSL Infinite Loop Vulnerability Affecting NAS Devices
https://thehackernews.com/2022/03/qnap-warns-of-openssl-infinite-loop.html