資安事件新聞週報 2021/9/13 ~ 2021/9/17

 資安事件新聞週報 2021/9/13  ~  2021/9/17

1.重大弱點漏洞/後門/Exploit/Zero Day
FBI警告：國家級駭客正在開採Zoho的自助式密碼管理平臺漏洞
https://www.ithome.com.tw/news/146787

Update Google Chrome to Patch 2 New Zero-Day Flaws Under Attack
https://thehackernews.com/2021/09/update-google-chrome-to-patch-2-new.html

Critical Bug Reported in NPM Package With Millions of Downloads Weekly
https://thehackernews.com/2021/09/critical-bug-reported-in-npm-package.html

全景 TSSServiSignAdapter Windows版 - Improper Input Validation
https://www.twcert.org.tw/tw/cp-132-5093-76f04-1.html

Third Critical Bug Affects Netgear Smart Switches — Details and PoC Released
https://thehackernews.com/2021/09/third-critical-bug-affects-netgear.html

Critical Flaws Discovered in Azure App That Microsoft Secretly Installs on Linux VMs
https://thehackernews.com/2021/09/critical-flaws-discovered-in-azure-app.html

Cisco 近日發布更新以解決產品 IOS XR Software 的多個安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/09/09/cisco-releases-security-updates-multiple-products

Adobe 已發布安全更新，以解決多個 Adobe 產品中的弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/09/14/adobe-releases-security-updates-multiple-products

Citrix 發布 ShareFile 的安全更新
https://us-cert.cisa.gov/ncas/current-activity/2021/09/14/citrix-releases-security-update-sharefile-storage-zones-controller

資安事件新聞週報 2021/9/6 ~ 2021/9/10

 資安事件新聞週報 2021/9/6  ~  2021/9/10

1.重大弱點漏洞/後門/Exploit/Zero Day
Cisco 發布Enterprise NFV Infrastructure Software（NFVIS）軟體安全更新
https://us-cert.cisa.gov/ncas/current-activity/2021/09/02/cisco-releases-security-updates-cisco-enterprise-nfvis

多家廠商 SoC 產品中的藍牙堆疊含嚴重 BrakTooth 漏洞
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9442

數十億用戶遭殃！　BrakTooth漏洞「透過藍牙」攻擊Android產品
https://finance.ettoday.net/news/2074956

Netgear 修復三個嚴重資安漏洞，影響 20 種智慧型網路交換器
https://blog.twnic.tw/2021/09/11/20052/

研究人員：Windows最新MSHTML漏洞比想像中危險
https://www.ithome.com.tw/news/146650

微軟 IE 渲染引擎爆發零時差漏洞！駭客正用來發動目標式攻擊
https://technews.tw/2021/09/10/microsoft-attackers-exploiting-windows-zero-day-flaw/

CISA Warns of Actively Exploited Zoho ManageEngine ADSelfService Vulnerability
https://thehackernews.com/2021/09/cisa-warns-of-actively-exploited-zoho.html

Moving Forward After CentOS 8 EOL
https://thehackernews.com/2021/09/moving-forward-after-centos-8-eol.html

Critical Auth Bypass Bug Affect NETGEAR Smart Switches — Patch and PoC Released
https://thehackernews.com/2021/09/critical-auth-bypass-bug-affect-netgear.html

資安事件新聞週報 2021/8/30 ~ 2021/9/3

 資安事件新聞週報 2021/8/30  ~  2021/9/3

1.重大弱點漏洞/後門/Exploit/Zero Day
QNAP Working on Patches for OpenSSL Flaws Affecting its NAS Devices
https://thehackernews.com/2021/09/qnap-working-on-patches-for-openssl.html

SUSE併購後的第一個版本，Rancher 2.6大幅強化叢集配置功能
https://www.ithome.com.tw/news/146534

MySQL User-Defined (Linux) x32 / x86_64 - 'sys_exec' Local Privilege Escalation
https://www.exploit-db.com/exploits/50236

Synology DSM 7.0 全面更新 系統、使用者、資料安全性大升級
https://www.cool3c.com/article/164641

SQL Server 2012 & Windows Server 2012 End of Support
https://cloudblogs.microsoft.com/sqlserver/2021/07/14/know-your-options-for-sql-server-2012-and-windows-server-2012-end-of-support/

微軟Exchange爆安全漏洞　黑客未經身分認證可存取郵件
https://reurl.cc/5r76VR

微軟Azure出現重大漏洞，用戶應盡速更新金鑰
https://www.informationsecurity.com.tw/article/article_detail.aspx?aid=9426

資安事件新聞週報 2021/8/23 ~ 2021/8/27

 資安事件新聞週報 2021/8/23  ~  2021/8/27

1.重大弱點漏洞/後門/Exploit/Zero Day

Cisco 近日發布更新以解決多個產品的安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/08/19/cisco-releases-security-updates-multiple-products

Cisco Small Business RV110W、RV130、RV130W 和 RV215W 路由器的通用隨插即用 (UPnP) 服務中存在一個漏洞
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-34730

Critical Flaw Discovered in Cisco APIC for Switches — Patch Released
https://thehackernews.com/2021/08/critical-flaw-discovered-in-cisco-apic.html

F5 Releases Critical Security Patch for BIG-IP and BIG-IQ Devices
https://thehackernews.com/2021/08/f5-releases-critical-security-patches.html

VMware Issues Patches to Fix New Flaws Affecting Multiple Products
https://thehackernews.com/2021/08/vmware-issues-patches-to-fix-new-flaws.html

Fortinet FortiWeb產品存在安全漏洞(CVE-2021-22123)
https://net.nthu.edu.tw/2009/mailing:announcement:20210823_01

NetGear D1500 V1.0.0.21_1.0.1PE - 'Wireless Repeater' Stored Cross-Site Scripting (XSS)
https://www.exploit-db.com/exploits/50201

SonicWall NetExtender 10.2.0.300 - Unquoted Service Path
https://www.exploit-db.com/exploits/50212

資安事件新聞週報 2021/8/16 ~ 2021/8/20

 資安事件新聞週報 2021/8/16  ~  2021/8/20

1.重大弱點漏洞/後門/Exploit/Zero Day
Unpatched Remote Hacking Flaw Disclosed in Fortinet's FortiWeb WAF
https://thehackernews.com/2021/08/unpatched-remote-hacking-zero-day-flaw.html

Hackers can bypass Cisco security products in data theft attacks
https://www.bleepingcomputer.com/news/security/hackers-can-bypass-cisco-security-products-in-data-theft-attacks/

Critical Flaw Found in Older Cisco Small Business Routers Won't Be Fixed
https://thehackernews.com/2021/08/critical-flaw-found-in-older-cisco.html

Cisco Releases Security Updates for Multiple Products
https://us-cert.cisa.gov/ncas/current-activity/2021/08/19/cisco-releases-security-updates-multiple-products

F5 BIG-IP 多個漏洞
https://www.hkcert.org/tc/security-bulletin/f5-big-ip-multiple-vulnerabilities_20210818

資安事件新聞週報 2021/8/9 ~ 2021/8/13

 資安事件新聞週報 2021/8/9  ~  2021/8/13

1.重大弱點漏洞/後門/Exploit/Zero Day
Pulse Secure VPNs Get New Urgent Update for Poorly Patched Critical Flaw
https://thehackernews.com/2021/08/pulse-secure-vpns-get-new-urgent-update.html

Ivanti 發布 Pulse Connect Secure 安全更新
https://us-cert.cisa.gov/ncas/current-activity/2021/08/06/ivanti-releases-security-update-pulse-connect-secure
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44858

IBM AIX 7.1、7.2 和 VIOS 3.1 版本存在權限驗證弱點
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2021-29741

近兩年駭客最常利用之29個漏洞資訊與修補方式
https://net.nthu.edu.tw/2009/mailing:announcement:20210811_02

滲透測試工具Cobalt Strike存在DoS漏洞，可以用來遏阻攻擊行動
https://www.ithome.com.tw/news/146069

VMware 發布修補多個產品的安全性弱點
https://us-cert.cisa.gov/ncas/current-activity/2021/08/05/vmware-releases-security-updates-multiple-products
https://www.vmware.com/security/advisories/VMSA-2021-0016.html

安全廠商釋出PetitPotam漏洞非官方修補程式
https://www.ithome.com.tw/news/146090

資安事件新聞週報 2021/8/2 ~ 2021/8/6

 資安事件新聞週報 2021/8/2  ~  2021/8/6

1.重大弱點漏洞/後門/Exploit/Zero Day
Technical Advisory: Pulse Connect Secure – RCE via Uncontrolled Archive Extraction – CVE-2021-22937 (Patch Bypass)
https://research.nccgroup.com/2021/08/05/technical-advisory-pulse-connect-secure-rce-via-uncontrolled-archive-extraction-cve-2021-22937-patch-bypass/

CHT Security Red Team Discovered Several Vulnerabilities in Well-Known Domestic CTS Web Transaction System
https://www.chtsecurity.com/news/40e165e2-e539-49bc-bcf1-e3b27c29e344

CHT Security Red Team Discovered Several Vulnerabilities in Well-Known Domestic CTS Web Transaction System
https://www.chtsecurity.com/news/40e165e2-e539-49bc-bcf1-e3b27c29e344

CHT Security Red Team Discovered Several Vulnerabilities in Well-Known Domestic CTS Web Transaction System
https://www.chtsecurity.com/news/40e165e2-e539-49bc-bcf1-e3b27c29e344

推動國內產品漏洞修補，TWCERT/CC已指派近200個CVE漏洞，近期發布品質並獲評雙最高等級
https://www.ithome.com.tw/news/146035

美、英、澳聯手公布2020年最常被利用的CVE漏洞
https://www.ithome.com.tw/news/146015