資安新聞及事件週報 2018/10/15 ~ 2018/10/19

資安新聞及事件週報  2018/10/15  ~  2018/10/19
1.重大弱點漏洞
ClamAV 安全漏洞
https://www.anquanke.com/vul/id/1354791
Imperva SecureSphere 13 - Remote Command Execution
https://www.exploit-db.com/exploits/45542/
Solaris - RSH Stack Clash Privilege Escalation (Metasploit)
https://www.exploit-db.com/exploits/45625/
Red Hat 內核多個漏洞
https://www.auscert.org.au/bulletins/69914
研究人員公布D-Link路由器漏洞，牽涉8款產品，D-Link只修補2款
https://www.ithome.com.tw/news/126513?fbclid=IwAR0jmJiVL7p9P3KxSrDuetf0b86ORYrif70BYOz-ZOOjMmTtMD98P1i0k7o
libssh's server-side state machine before versions 0.7.6 and 0.8.4  vulnerability CVE-2018-10933
https://nvd.nist.gov/vuln/detail/CVE-2018-10933
The libssh “login with no password” bug – what you need to know [VIDEO]
https://nakedsecurity.sophos.com/2018/10/18/the-libssh-login-with-no-password-bug-what-you-need-to-know-video/
Security flaw in libssh leaves thousands of servers at risk of hijacking
https://www.zdnet.com/article/security-flaw-in-libssh-leaves-thousands-of-servers-at-risk-of-hijacking/
LibSSH Flaw Allows Hackers to Take Over Servers Without Password
https://bit.ly/2yJqJZd

資安新聞及事件週報 2018/10/08 ~ 2018/10/12

資安新聞及事件週報  2018/10/08  ~  2018/10/12
1.重大弱點漏洞
IBM DB2 本地提權漏洞
http://www-01.ibm.com/support/docview.wss?uid=swg21990061
速更新MikroTik路由器RouterOS，攔阻By the Way入侵技術&多項DoS風險
https://twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5031
慎防SNMP指令，能撈取Samsung SCX-6545X管理者帳密
https://twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5029
Baidu Browser安裝程序DLL搜索路徑漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0692
Unitrends Backup授權問題漏洞
https://www.anquanke.com/vul/id/1124153
【漏洞預警】西部數碼MyCloud個人NAS最新高危漏洞預警
http://www.freebuf.com/column/186296.html
Red Hat 內核多個漏洞
https://www.auscert.org.au/bulletins/69562

資安新聞及事件週報 2018/10/01 ~ 2018/10/05

資安新聞及事件週報  2018/10/01  ~  2018/10/05
1.重大弱點漏洞
Duo：蘋果遠端裝置管理服務DEP含有驗證缺陷
https://www.ithome.com.tw/news/126154
新的安全漏洞正影響CentOS 和Red Hat Linux 發行版
https://www.0276.org/22817.html
Vulnerability Spotlight: Adobe Acrobat Reader DC Collab reviewServer Remote Code Execution Vulnerability
https://blog.talosintelligence.com/2018/10/vuln-spot-adobe-reader-rce.html
高危Apache Struts漏洞CVE-2018-11776的相關信息
https://bit.ly/2O2FuRp
Google Hacker Discloses New Linux Kernel Vulnerability and PoC Exploit
https://bit.ly/2RbY0Ey
Google Chrome Omnibox跨站脚本漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15427
Google Chrome Chromecast未授權訪問漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15430
微软Windows 10更新十月版正式版最低系统需求公布
https://www.ithome.com/html/win10/386764.htm
Ubuntu 內核多個漏洞
https://www.auscert.org.au/bulletins/69134
你的 Wi-Fi 路由器有多安全？最新調查顯示 83％ 市售產品均有問題，其中 28％ 屬於高風險漏洞
https://bit.ly/2OuCfBE
研究：8成Wi-Fi路由器漏洞百出，平均逾180個
https://www.ithome.com.tw/news/126241

資安新聞及事件週報 2018/09/24 ~ 2018/09/28

資安新聞及事件週報  2018/09/24  ~  2018/09/28
1.重大弱點漏洞
IBM DB2 多個漏洞
https://www-01.ibm.com/support/docview.wss?uid=ibm10731657
Office噩夢公式遠程代碼執行漏洞
https://blog.csdn.net/qq_39850969/article/details/82806675
Trend Micro Deep Discovery Inspector Reflected Cross-site Scripting 反射式跨網站指令
https://github.com/nixwizard/CVE-2018-15365
FragmentSmack DoS 漏洞影響80多款思科產品
https://www.easyaq.com/news/1589039024.shtml
思科：逾80款路由器、交換器產品受Linux DoS漏洞影響
https://www.ithome.com.tw/news/126120
macOS Mojave正式版問世，馬上傳出有隱私漏洞
https://www.ithome.com.tw/news/126062
Red Hat 內核多個漏洞
https://www.auscert.org.au/bulletins/68846
Red Hat JBoss 多個漏洞
https://securitytracker.com/id/1041707
Apache HTTPD 阻斷服務漏洞
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-11763

資安新聞及事件週報 2018/09/17 ~ 2018/09/21

資安新聞及事件週報  2018/09/17  ~  2018/09/21
1.重大弱點漏洞
NUUO產品被曝0Day漏洞，黑客可遠程入侵數​​十萬攝像頭
https://www.easyaq.com/news/550008787.shtml
一個通殺絕大多數交易平台的XSS 0day 漏洞
https://www.anquanke.com/post/id/160193
安全公司：某第三方知名JS庫存在XSS 0day漏洞，可盜取交易所賬號
https://www.8btc.com/article/276428
Win平台Tor瀏覽器匿名機制繞過漏洞可洩露用戶IP
https://www.anquanke.com/post/id/159899
IBM DB2 多個漏洞
https://www-01.ibm.com/support/docview.wss?uid=ibm10731657
30 年前的漏洞，竟可引起2018 年的電腦操作崩潰
https://blog.csdn.net/csdnnews/article/details/82731527
新漏洞允許黑客訪問睡眠模式電腦：所有品牌都受影響
https://iview.sina.com.tw/post/17145570
ISC BIND 篡改漏洞
https://www.us-cert.gov/ncas/current-activity/2018/09/19/ISC-Releases-Security-Advisory-BIND
Imperva SecureSphere WAF 11.5 Bypass - CXSecurity.com
https://cxsecurity.com/issue/WLB-2018090136
F5 BIG-IP APM portal access 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15310

資安新聞及事件週報 2018/09/10 ~ 2018/09/14

資安新聞及事件週報  2018/09/10  ~  2018/09/14
1.重大弱點漏洞
cURL 多個漏洞
https://www.auscert.org.au/bulletins/67782
Red Hat JBoss Enterprise Application Platform 任意執行程式碼漏洞
https://www.auscert.org.au/bulletins/68014
友訊無線路由器DIR-846韌體破綻招致RCE
https://twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5018
FreeBSD 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1084
Intel Active Management Technology 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3616
防火牆ModSecurity核心規則集Paranoia Level 1疏於防禦SQL injection
https://twcert.org.tw/subpages/securityInfo/loophole_details.aspx?id=5020
漏洞曝光一年了，仍有20億藍牙裝置沒修恐遭BlueBorne攻擊
https://www.ithome.com.tw/news/125891
Chrome 69修補40個漏洞，發出近百萬元獎金
https://www.ithome.com.tw/news/125704
Chrome OS 10820.0.0 dev-channel - app->VM via garcon TCP Command Socket
https://www.exploit-db.com/exploits/45407/

資安新聞及事件週報 2018/09/03 ~ 2018/09/07

資安新聞及事件週報  2018/09/03  ~  2018/09/07
1.重大弱點漏洞
調查｜漏洞修復平均時長為38天！
https://www.aqniu.com/industry/38038.html
開源項目OPENSSH被發現存在安全漏洞可枚舉用戶名
https://www.landiannews.com/archives/49989.html
MikroTik Routers Targeted in Data Eavesdropping Scheme
https://www.bankinfosecurity.com/mikrotik-routers-targeted-in-data-eavesdropping-scheme-a-11469
7,500+ MikroTik Routers Are Forwarding Owners’ Traffic to the Attackers, How is Yours
https://bit.ly/2oEEhjR
DNS 自動配置功能 及 WPAD 自動發現協議 多個漏洞
https://www.hkcert.org/my_url/zh/alert/18090603
QNAP改善照片時光屋cross-site scripting弱點
https://twcert.org.tw/subpages/securityInfo/loophole.aspx