資安事件新聞週報 2022/5/23 ~ 2022/5/27

 資安事件新聞週報 2022/5/23  ~  2022/5/27

1.重大弱點漏洞/後門/Exploit/Zero Day
Critical 'Pantsdown' BMC Vulnerability Affects QCT Servers Used in Data Centers
https://thehackernews.com/2022/05/critical-pantsdown-bmc-vulnerability.html

雲達修補存在3年的伺服器BMC韌體漏洞Pantsdown
https://eclypsium.com/2022/05/26/quanta-servers-still-vulnerable-to-pantsdown/

Google：Cytrox開採5個零時差漏洞以植入Predator間諜程式
https://www.ithome.com.tw/news/151066

思科修補的IOS XR路由器作業系統軟體零時差漏洞，已出現攻擊行動
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-redis-ABJyE5xK

Zyxel修補防火牆、無線基地臺、AP控制器漏洞
https://www.zyxel.com/tw/zh/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml

VMware Vulnerabilities Exploited in the Wild (CVE-2022-22954 and Others)
https://unit42.paloaltonetworks.com/cve-2022-22954-vmware-vulnerabilities/

資安事件新聞週報 2022/5/16 ~ 2022/5/20

 資安事件新聞週報 2022/5/16  ~  2022/5/20

1.重大弱點漏洞/後門/Exploit/Zero Day
Oracle Security Alert for CVE-2022-21500
https://www.oracle.com/security-alerts/alert-cve-2022-21500.html

SonicWall修補SSL VPN設備的高風險漏洞
https://www.sonicwall.com/support/knowledge-base/security-notice-sma-1000-series-unauthenticated-access-control-bypass/220510172939820/

Microsoft 推出 2022 年 5 月 Patch Tuesday 資安更新修補包
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9861

微軟發佈5月份安全性公告
https://msrc.microsoft.com/update-guide/deployments

三個月前修補的SharePoint漏洞被研究人員繞過，微軟再度進行修補
https://starlabs.sg/blog/2022/05/new-wine-in-old-bottle-microsoft-sharepoint-post-auth-deserialization-rce-cve-2022-29108/

Windows Local Security Authority(LSA) 存在高風險漏洞(CVE-2022-26925)
https://www.klcg.gov.tw/tw/education/3522-255125.html

Adobe 已發布安全更新，以解決多個 Adobe 產品中的弱點
https://www.cisa.gov/uscert/ncas/current-activity/2022/05/12/adobe-releases-security-updates-multiple-products

High-Severity Bug Reported in Google's OAuth Client Library for Java
https://thehackernews.com/2022/05/high-severity-bug-reported-in-googles.html

VMware Releases Patches for New Vulnerabilities Affecting Multiple Products
https://thehackernews.com/2022/05/vmware-releases-patches-for-new.html

VMware修補旗下產品的身分驗證繞過漏洞，美國要求公部門限期完成修補
https://www.bleepingcomputer.com/news/security/vmware-patches-critical-auth-bypass-flaw-in-multiple-products/

資安事件新聞週報 2022/5/9 ~ 2022/5/13

 資安事件新聞週報 2022/5/9  ~  2022/5/13

1.重大弱點漏洞/後門/Exploit/Zero Day
Cisco 近日發布 NFV 基礎軟體的安全性更新
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-NFVIS-MUL-7DySRX9

駭客透過F5的BIG-IP重大漏洞進行破壞性攻擊，意圖清除該系統上的所有檔案
https://www.bleepingcomputer.com/news/security/critical-f5-big-ip-vulnerability-targeted-by-destructive-attacks/

F5 Networks之BIG-IP產品存在高風險安全漏洞(CVE-2022-1388)
https://www.klcg.gov.tw/tw/education/3522-254843.html

F5 修補重大的BIG-IP遠端執行漏洞，概念性驗證攻擊程式即將現身
https://www.ithome.com.tw/news/150831

F5 BIG-IP 16.0.x - Remote Code Execution (RCE)
https://www.exploit-db.com/exploits/50932

兩家資安業者發現BIG-IP系統重大漏洞極為容易利用，呼籲用戶儘速修補
https://www.bleepingcomputer.com/news/security/exploits-created-for-critical-f5-big-ip-flaw-install-patch-immediately/

HP修補逾200款HP電腦與筆電的韌體漏洞，若不修補，恐被攻擊者取得作業系統核心權限執行程式碼
https://www.bleepingcomputer.com/news/security/hp-fixes-bug-letting-attackers-overwrite-firmware-in-over-200-models/

HP修補波及逾200款裝置的BIOS漏洞
https://www.ithome.com.tw/news/150889

資安事件新聞週報 2022/5/2 ~ 2022/5/6

 資安事件新聞週報 2022/5/2  ~  2022/5/6

1.重大弱點漏洞/後門/Exploit/Zero Day
F5 BIG-IP 多版本存在安全性弱點
https://support.f5.com/csp/article/K23605346

Cisco 近日發布更新以解決多個產品的安全性弱點
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-security-bypass-JhOd29Gg

Linux 系統拉警報！全新 Nimbuspwn 漏洞讓駭客成功獲取系統最高權限
https://technews.tw/2022/05/03/new-nimbuspwn-linux-vulnerability-gives-hackers-root-privileges/

Google修補Chrome逾30個漏洞，當中7個存在重大風險
https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html

Google Releases Android Update to Patch Actively Exploited Vulnerability
https://thehackernews.com/2022/05/google-releases-android-update-to-patch.html