資安事件新聞週報 2019/10/14 ~ 2019/10/18

資安事件新聞週報  2019/10/14  ~  2019/10/18
1.重大弱點漏洞/後門/Exploit/Zero Day
Juniper 10月產品安全性更新公告
https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES
GitHub 首席安全工程師：Linux 暗藏嚴重漏洞，存在至少4 年
https://www.infoq.cn/article/WSWoSgGNk9iz0Had5XmU?utm_source=rss&utm_medium=article
FDA對影響醫療裝置和醫院網路的URGENT/11漏洞發出警報
https://blog.trendmicro.com.tw/?p=62255
BMC Software Patrol Agent 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17043
ReportLab 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17626
BIND 多個漏洞
https://www.us-cert.gov/ncas/current-activity/2019/10/17/isc-releases-security-advisories-bind
LimeSurvey 跨站脚本漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17660
HiNet GPON 3097 埠允許遠端執行任意指令
https://tvn.twcert.org.tw/taiwanvn/TVN-201908005
NETGEAR JNR1010 訪問控制錯誤漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-11014
TOPMeeting 全球行動視訊會議系統含有機敏資料暴露漏洞
https://tvn.twcert.org.tw/taiwanvn/TVN-201907002
Sonatype Nexus Repository Manager 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15893
Firefox部署程式碼注射攻擊保護
https://www.ithome.com.tw/news/133620
Firefox Blocks Inline and Eval JavaScript on Internal Pages to Prevent Injection Attacks
https://thehackernews.com/2019/10/firefox-javascript-injection.html
DEVCORE 剖析 Mail2000 漏洞已於去年修補正式聲明
https://www.openfind.com.tw/taiwan/news_detail.php?news_id=10198

資安事件新聞週報 2019/10/7 ~ 2019/10/11

資安事件新聞週報  2019/10/7  ~  2019/10/11
1.重大弱點漏洞/後門/Exploit/Zero Day
英國政府警告：Pulse Secure、Palo Alto和Fortinet的VPN存在APT攻擊漏洞
https://www.ithome.com.tw/news/133480
Unpatched VPN Servers Targeted by Nation-State Attackers
https://www.bankinfosecurity.com/unpatched-vpn-servers-targeted-by-nation-state-attackers-a-13202
Vulnerabilities exploited in VPN products used worldwide
https://www.ncsc.gov.uk/news/alert-vpn-vulnerabilities
Palo Alto PAN-OS 遠端執行程式碼漏洞
https://www.hkcert.org/my_url/zh/alert/19072402
Fortinet FortOS 多個漏洞
https://www.hkcert.org/my_url/zh/alert/19100802
Juniper Networks 產品安全性漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0074
IBM WebSphere Application 多個漏洞
https://www.auscert.org.au/bulletins/ESB-2019.3731/
https://www.auscert.org.au/bulletins/ESB-2019.3728/
熱門UI設計工具Figma的擴充套件系統存在漏洞，官方抽換底層基礎架構
https://www.ithome.com.tw/news/133492
Notepad++ (x64) before 7.7 CVE-2019-16294 – Remote Code Execution
https://0day.life/exploits/0day-940.html

資安事件新聞週報 2019/9/30 ~ 2019/10/4

資安事件新聞週報  2019/9/30  ~  2019/10/4

1.重大弱點漏洞/後門/Exploit/Zero Day
思科產品多個漏洞
https://tools.cisco.com/security/center/publicationListing.x
Red Hat JBoss 多個漏洞
https://www.auscert.org.au/bulletins/ESB-2019.3689/
https://www.auscert.org.au/bulletins/ESB-2019.3672/
IBM WebSphere Application Server 多個漏洞
https://www.ibm.com/support/pages/node/960171
蘋果產品多個漏洞
https://support.apple.com/en-us/HT201222
Checkm8漏洞有多恐怖永久性破解蘋果A5-A11設備
https://new.qq.com/omn/20190928/20190928A09R9900.html
谷歌Google軟件現嚴重漏洞導致部分蘋果Mac電腦無法正常啟動
http://www.sohu.com/a/343990168_499322
vBulletin緊急修補本周被揭露的零時差漏洞
https://ithome.com.tw/news/133295
物聯網裝置攻擊頻傳，戴夫寇爾揭露中華電信數據機設置不當的漏洞
https://www.ithome.com.tw/news/133322
關於CVE-2019-1367 IE瀏覽器遠程代碼執行高危漏洞安全加固的緊急通報
https://www.heibai.org/post/1526.html

資安事件新聞週報 2019/9/23 ~ 2019/9/27

資安事件新聞週報  2019/9/23  ~  2019/9/27

1.重大弱點漏洞/後門/Exploit/Zero Day
泰國司法部長就電子跟蹤器手環EM漏洞 司法部索賠逾8300萬銖
http://www.udnbkk.com/article-286128-1.html
清華大學發現ARM、Intel處理器漏洞；華為發布Mate 30系列手機
https://kknews.cc/tech/qlklg5r.html
makandra consul gem for Ruby 安全漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16377
Agwl駭客組織再攻Phpstudy，新增Apache Solr漏洞利用
https://s.tencent.com/research/report/813.html
全球最大同性交友網站化身漏洞管理者，還有25個潛在漏洞排名
https://www.jishuwen.com/d/pmdz/zh-tw
Kubernetes Kubectl曝安全漏洞，Rancher產品不受影響
https://segmentfault.com/a/1190000020464083

資安事件新聞週報 2019/9/16 ~ 2019/9/20

資安事件新聞週報  2019/9/16  ~  2019/9/20
1.重大弱點漏洞/後門/Exploit/Zero Day
Atlassian Jira 跨站脚本漏洞
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14996
Windows Defender malware scans are failing after a few seconds
https://www.zdnet.com/article/windows-defender-malware-scans-are-failing-after-a-few-seconds/
Haxx curl 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5481
IBM WebSphere Application Server 多個漏洞
https://www.ibm.com/support/pages/security-bulletin-information-disclosure-vulnerability-websphere-application-server-cve-2019-4477
https://www.ibm.com/support/pages/security-bulletin-file-traversal-vulnerability-websphere-application-server-admin-console-cve-2019-4268
https://www.ibm.com/support/pages/security-bulletin-cross-site-scripting-vulnerability-websphere-application-server-admin-console-cve-2019-4270
CVE-2019-1579:-- #Critical Pre-Authentication #Vulnerability
https://github.com/securifera/CVE-2019-1579
Vivotek VIVOTEK IP Camera 安全漏洞
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14458
Warning: Researcher Drops phpMyAdmin Zero-Day Affecting All Versions
https://thehackernews.com/2019/09/phpmyadmin-csrf-exploit.html
安全專家在多家廠商的SOHO路由器和NAS設備中發現了125個新漏洞
https://nosec.org/home/detail/2966.html
125 New Flaws Found in Routers and NAS Devices from Popular Brands
https://thehackernews.com/2019/09/hacking-soho-routers.html

資安事件新聞週報 2019/9/9 ~ 2019/9/13

資安事件新聞週報  2019/9/9  ~  2019/9/13
1.重大弱點漏洞/後門/Exploit/Zero Day
藏在純文字檔的Jenkins外掛漏洞
https://blog.trendmicro.com.tw/?p=61935
上百萬台網路收音機暗藏可遭駭客挾持的安全漏洞
https://ithome.com.tw/news/132984
Palo Alto Global  漏洞(CVE-2019-1579)
https://nosec.org/home/detail/2951.html
Pulse Secure VPN嚴重漏洞（CVE-2019-11510）警報
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101
Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN - Remote Code Execution
https://www.exploit-db.com/exploits/47354
Telnet backdoor vulnerabilities impact over a million IoT radio devices
https://www.zdnet.com/article/critical-vulnerabilities-impact-over-a-million-iot-radio-devices/#ftag=RSSbaffb68
Imperial & Dabman Internet Radio - Undocumented Telnetd & Code Execution
https://www.vulnerability-db.com/?q=articles/2019/09/09/imperial-dabman-internet-radio-undocumented-telnetd-code-execution
Java finally goes all in on open source with the Jakarta EE 8 release
https://www.zdnet.com/article/java-finally-goes-all-in-on-open-source-with-the-release-of-jakarta-ee-8/#ftag=RSSbaffb68
OfficeScan 11.0 SP1終止技術服務通知
https://esupport.trendmicro.com/zh-tw/business/topic_techsupport/topic_eosproduct.aspx
Vulnerability Spotlight: Denial-of-service vulnerabilities in some NETGEAR routers
https://blog.talosintelligence.com/2019/09/vuln-spotlight-Netgear-N300-routers-DoS-sept-2019.html

資安事件新聞週報 2019/9/2 ~ 2019/9/6

資安事件新聞週報  2019/9/2  ~  2019/9/6
1.重大弱點漏洞/後門/Exploit/Zero Day
PSV、PS3雙雙獲得韌體更新，但似乎忘了把漏洞補上
https://www.techbang.com/posts/72481-psv-ps3-double-get-stolic-update-but-seem-to-forget-to-fill-in-the-vulnerability
發現美國海軍網站的敏感信息洩露和SQL注入漏洞
https://nosec.org/home/detail/2909.html
企業修補進度慢！近期臺灣資安業者揭露的SSL VPN漏洞，傳出已遭駭客鎖定
https://www.ithome.com.tw/news/132764
SonarQube檢測出的bug、漏洞以及異味的修復整理
https://cloud.tencent.com/developer/article/1497624
Zimbra-RCE
https://github.com/rek7/Zimbra-RCE
Trend Micro OfficeScan (OSCE) DLL Side-Loading安全性弱點通告
https://nvd.nist.gov/vuln/detail/CVE-2019-9492
Hiding in Plain Text: Jenkins Plugin Vulnerabilities
https://blog.trendmicro.com/trendlabs-security-intelligence/hiding-in-plain-text-jenkins-plugin-vulnerabilities/
Lightning Network用戶敦促因漏洞而緊急更新軟件
https://0xzx.com/201908302043248275.html
SA103 : October 2015 NTP Security Vulnerabilities
https://support.symantec.com/us/en/article.SYMSA1335.html
SA98 : OpenSSL Security Advisory 11-June-2015
https://support.symantec.com/us/en/article.SYMSA1325.html
SA104 : OpenSSH Vulnerabilities
https://support.symantec.com/us/en/article.SYMSA1337.html