資安事件新聞週報 2019/8/12 ~ 2019/8/16

資安事件新聞週報  2019/8/12  ~  2019/8/16
1.重大弱點漏洞/後門/Exploit/Zero Day
Steam驚爆安全漏洞 逾1億玩家恐受影響
https://newtalk.tw/news/view/2019-08-11/284396
托最新藍牙漏洞的“福”，我險些把小電影和賬戶密碼親手給黑客
https://tech.ifeng.com/c/7p8gRStrlcA
JVNVU#90240762 Bluetooth BR/EDR での暗号鍵エントロピーのネゴシエーションにおける問題
https://jvn.jp/vu/JVNVU90240762/
賽門鐵克防毒軟體和Windows SHA-2不相容，微軟暫停更新
https://www.ithome.com.tw/news/132435
Kasper-Spy: Kaspersky Anti-Virus puts users at risk
https://www.heise.de/ct/artikel/Kasper-Spy-Kaspersky-Anti-Virus-puts-users-at-risk-4496138.html
Kaspersky Antivirus Flaw Exposed Users to Cross-Site Tracking Online
https://thehackernews.com/2019/08/kaspersky-antivirus-online-tracking.html
Trend Micro fixes privilege escalation security flaw in Password Manager
https://www.zdnet.com/article/trend-micro-fixes-hijack-security-flaw-in-password-manager/#ftag=RSSbaffb68
Trend Micro Password Manager - Privilege Escalation to SYSTEM
https://safebreach.com/Post/Trend-Micro-Password-Manager-Privilege-Escalation-to-SYSTEM
HTTP/2含有多個服務阻斷漏洞，亞馬遜、臉書、蘋果、微軟全遭殃
https://www.ithome.com.tw/news/132414
8 New HTTP/2 Implementation Flaws Expose Websites to DoS Attacks
https://thehackernews.com/2019/08/http2-dos-vulnerability.html
New HTTP/2 Flaws Expose Unpatched Web Servers to DoS Attacks
https://www.bleepingcomputer.com/news/security/new-http-2-flaws-expose-unpatched-web-servers-to-dos-attacks/

資安事件新聞週報 2019/8/5 ~ 2019/8/9

資安事件新聞週報  2019/8/5  ~  2019/8/9
1.重大弱點漏洞/後門/Exploit/Zero Day
PuTTY繼0.71版本修正8個高風險漏洞後，再次更新0.72版本
http://bit.ly/2YDMIM5
修補 Fortigate SSL VPN Web門戶中的不正當授權漏洞
https://ithelp.ithome.com.tw/articles/10212691
研究者警告：眾多Jira伺服器的錯誤配置，讓員工及專案資訊全曝光
https://www.ithome.com.tw/news/132265
研究人員發現可劫持數百萬Android裝置的高通晶片漏洞
https://www.ithome.com.tw/news/132291
DRAGONBLOOD新漏洞劫持WPA3密碼
https://www.4hou.com/vulnerable/19554.html
IBM WebSphere Application Server 多個漏洞
https://www-01.ibm.com/support/docview.wss?uid=ibm10960159
https://www-01.ibm.com/support/docview.wss?uid=ibm10888425
NVIDIA Patches High Severity Flaws in Windows GPU Display Driver
https://www.bleepingcomputer.com/news/security/nvidia-patches-high-severity-flaws-in-windows-gpu-display-driver/
NVIDIA顯卡驅動被曝5個高危漏洞官方建議升級最新版
http://www.elecfans.com/emb/dsp/201908041031073.html
VMWare 產品多個漏洞
https://www.vmware.com/security/advisories/VMSA-2019-0012.html

資安事件新聞週報 2019/7/29 ~ 2019/8/2

資安事件新聞週報  2019/7/29  ~  2019/8/2
1.重大弱點漏洞/後門/Exploit/Zero Day
Critical Flaws in 'OXID eShop' Software Expose eCommerce Sites to Hacking
https://thehackernews.com/2019/07/oxid-eshop-ecommerce.html
LibreOffice 遠端執行任意程式碼漏洞
https://nvd.nist.gov/vuln/detail/CVE-2019-9848
Cisco Catalyst 3850 Series Device Manager - Cross-Site Request Forgery
https://www.exploit-db.com/exploits/47203
Oracle WebLogic遠程命令執行漏洞預警
http://www.oracle-training.cc/jiaocheng/8267850.html
JVNVU#99222951 Oracle Solaris における任意のコード実行の脆弱性
https://jvn.jp/vu/JVNVU99222951/
Symantec Endpoint Protection 提升權限漏洞
https://support.symantec.com/us/en/article.SYMSA1487.html
Fortinet 產品繞過保安限制漏洞
https://fortiguard.com/psirt/FG-IR-16-090
https://fortiguard.com/psirt/FG-IR-19-111

資安事件新聞週報 2019/7/22 ~ 2019/7/26

資安事件新聞週報  2019/7/22  ~  2019/7/26
1.重大弱點漏洞/後門/Exploit/Zero Day
為何漏洞修補會成為企業的一項挑戰？談虛擬修補( Virtual Patching)
https://blog.trendmicro.com.tw/?p=61059
新版 Chrome 讓網站無法檢測到用戶是否在使用隱身模式
http://chinese.engadget.com/2019/07/19/chrome-76-to-stop-private-browsing-checks/
RDP Bug Takes New Approach to Host Compromise
https://www.darkreading.com/risk/rdp-bug-takes-new-approach-to-host-compromise/d/d-id/1335297
Fortinet 產品繞過保安限制漏洞
https://fortiguard.com/psirt/FG-IR-19-144
Fortinet 產品繞過保安限制漏洞
https://fortiguard.com/psirt/FG-IR-16-090
https://fortiguard.com/psirt/FG-IR-19-111
IBM QRadar SIEM 跨站請求偽造漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4212

資安事件新聞週報 2019/7/15 ~ 2019/7/19

資安事件新聞週報  2019/7/15  ~  2019/7/19
1.重大弱點漏洞/後門/Exploit/Zero Day
NetApp 阻斷服務漏洞
https://security.netapp.com/advisory/ntap-20190715-0001/
Palo Alto PAN-OS 多個漏洞
https://securityadvisories.paloaltonetworks.com/Home/Detail/155
https://securityadvisories.paloaltonetworks.com/Home/Detail/156
https://securityadvisories.paloaltonetworks.com/Home/Detail/157
Sprint發布安全漏洞警告：黑客通過三星網站竊取用戶敏感數據
https://finance.ifeng.com/c/7oNcPBGrCGe
Sprint：三星網站害用戶帳號遭駭、資料曝光
https://www.ithome.com.tw/news/131878
藍牙裝置漏洞可用來追蹤iOS/Mac、Windows 10裝置、Fitbit用戶位置
https://www.ithome.com.tw/news/131907
Oracle Critical Patch Update Advisory - July 2019
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Palo Alto GlobalProtect 資安通報
https://devco.re/blog/2019/07/17/Palo-Alto-GlobalProtect-advisory/
羅技舊款Unifying無線產品爆漏洞 疑遭駭客安裝惡意軟體
https://udn.com/news/story/7087/3934932
羅技無線接收器再現漏洞，攻擊者可輕易通過其控制他人電腦
https://www.expreview.com/69456.html
羅技 Unifying 接收器可能被駭客入侵，同時羅技有漏洞的舊款滑鼠也依在市場銷售
https://www.cool3c.com/article/146051
羅技無線設備出現4個安全漏洞，羅技官方只會修復一半
http://www.udaxia.com/xtzx/18896.html

資安事件新聞週報 2019/7/8 ~ 2019/7/12

資安事件新聞週報  2019/7/8  ~  2019/7/12
1.重大弱點漏洞/後門/Exploit/Zero Day
安全公告：LEN-27828 Intel PROSet/Wireless WiFi Software 漏洞
http://iknow.lenovo.com/detail/dc_183380.html
Juniper Junos OS 多個漏洞
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10938
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10940
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10942
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10946
Lodash 嚴重安全漏洞背後你不得不知道的JavaScript 知識
https://juejin.im/post/5d271332f265da1b934e2d48
Lodash庫爆出嚴重安全漏洞，波及400萬+項目
https://mp.weixin.qq.com/s/tfZq2PZylGfMjOp8h8eeTw
Jenkins Dependency Graph View Plugin 0.13 - Persistent Cross-Site Scripting
https://www.exploit-db.com/exploits/47111
知名飯店Kiosk系統漏洞讓後台資料庫憑證曝險，可致客戶資料被竊
https://ithome.com.tw/news/131809
Jira Server and Data Center Update Patches Critical Vulnerability
https://www.bleepingcomputer.com/news/security/jira-server-and-data-center-update-patches-critical-vulnerability/
JIRA Security Advisory 2019-07-10
https://confluence.atlassian.com/jira/jira-security-advisory-2019-07-10-973486595.html
Bad McAfee Exploit Prevention Update Blocked Windows Logins
https://www.bleepingcomputer.com/news/security/bad-mcafee-exploit-prevention-update-blocked-windows-logins/

資安事件新聞週報 2019/7/1 ~ 2019/7/5

資安事件新聞週報  2019/7/1  ~  2019/7/5
1.重大弱點漏洞/後門/Exploit/Zero Day
PlayStation Network 存在安全性漏洞，駭客可繞過驗證盜刷信用卡
https://www.kocpc.com.tw/archives/267793
Palo Alto PAN-OS 阻斷攻擊漏洞
https://securityadvisories.paloaltonetworks.com/Home/Detail/151
Ubuntu 內核阻斷攻擊漏洞
https://www.auscert.org.au/bulletins/ESB-2019.2378/
Apache Tomcat - CGIServlet enableCmdLineArguments Remote Code Execution (Metasploit)
https://www.exploit-db.com/exploits/47073
Nagios XI 5.5.6 - Magpie_debug.php Root Remote Code Execution (Metasploit)
https://www.exploit-db.com/exploits/47039
Fortinet FCM-MB40 - Cross-Site Request Forgery / Remote Command Execution
https://www.exploit-db.com/exploits/47033
Symantec DLP 15.5 MP1 - Cross-Site Scripting
https://www.exploit-db.com/exploits/47071
McAfee ePolicy Orchestrator 多個漏洞
http://bit.ly/2JhMfLb
IBM InfoSphere Information Server 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4371
IBM WebSphere Application Server 資料洩露漏洞
https://nvd.nist.gov/vuln/detail/CVE-2019-4269
IBM WebSphere Application Server 阻斷攻擊漏洞
https://www-01.ibm.com/support/docview.wss?uid=ibm10875692
IBM Patches Critical, High-Severity Flaws in Spectrum Protect
https://threatpost.com/ibm-patches-critical-high-severity-flaws-in-spectrum-protect/146201/