Your posts match “ 資安新聞及事件週報 ” tag:

資安新聞及事件週報 2016/7/4 ~ 2016/7/8

1.重大弱點漏洞:

TP-Link路由器曝安全漏洞,然公司並不想為之買單
http://www.wxrw123.com/hlw/20160705/1531310.html

Cisco Firepower System Software 漏洞 CVE-2016-1394
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160629-fp/

Lenovo Solution Center 漏洞 CVE-2016-5249
https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-012/?fid=8073
https://support.lenovo.com/us/en/product_security/len_7814

Apache Struts 漏洞 CVE-2016-4431
https://struts.apache.org/docs/s2-040.html
https://struts.apache.org/docs/version-notes-2329.html

Read on →

資安新聞及事件週報 2016/7/11 ~ 2016/7/15

1.重大弱點漏洞:

CVE-2016-4971: wget < 1.18 trusts server-provided filename on HTTP to FTP redirects
http://seclists.org/oss-sec/2016/q3/34

ISC BIND拒絕服務漏洞 CVE-2016-6170
https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015075.html

Acer雲儲存服務爆中間人攻擊漏洞現已修復
http://mt.sohu.com/20160707/n458262412.shtml

D-Links Wi-Fi CAM 漏洞將會影響超過120款不同的產品
http://bobao.360.cn/news/detail/3268.html

PowerDNS 漏洞 CVE-2016-6172
http://www.openwall.com/lists/oss-security/2016/07/06/4

SSRF導致命令執行可反彈Shell漏洞解決辦法
http://www.111cn.net/sys/linux/113895.htm

Read on →

資安新聞及事件週報 2016/7/18 ~ 2016/7/22

1.重大弱點漏洞:

Adobe Reader/Acrobat釋放後重利用漏洞 CVE-2016-4255
https://helpx.adobe.com/security/products/acrobat/apsb16-26.html

shellshock 滲透測試 – CVE-2014-6271
http://shazi.info/isda-%E9%9B%B2%E7%AB%AF%E8%B3%87%E5%AE%89%E5%88%86%E4%BA%AB%EF%BC%9Ashellshock-%E6%BB%B2%E9%80%8F%E6%B8%AC%E8%A9%A6-cve-2014-6271/

Apple爆新漏洞:FaceTime通話或能被竊聽
http://sina.com.hk/news/article/20160721/5/42/2/Apple%E7%88%86%E6%96%B0%E6%BC%8F%E6%B4%9E-FaceTime%E9%80%9A%E8%A9%B1%E6%88%96%E8%83%BD%E8%A2%AB%E7%AB%8A%E8%81%BD-6074841.html

蘋果大規模修補旗下OS X與iOS等多個平台安全漏洞
http://www.ithome.com.tw/news/107240

Read on →

資安新聞及事件週報 2016/7/25 ~ 2016/7/29

1.重大弱點漏洞:

使用無線鍵盤要小心! 8個品牌鍵盤遭點名含有遠端側錄漏洞
http://www.ithome.com.tw/news/107375

Oracle Agile PLM存在未明漏洞
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

蘋果系統被曝存安全漏洞
http://news.sina.com.tw/article/20160726/18024785.html

世界各地GSM和LTE移動網絡存在嚴重安全漏洞 CVE-2016-5080
http://www.chnvc.com/xingyeqiye/2016-07-23/2050.html

Read on →

資安新聞及事件週報 2016/8/1 ~ 2016/8/5

1.重大弱點漏洞:
駭客在身邊!非藍牙無線鍵盤恐洩漏個資
https://cnews.com.tw/%E9%A7%AD%E5%AE%A2%E5%9C%A8%E8%BA%AB%E9%82%8A%EF%BC%81%E9%9D%9E%E8%97%8D%E7%89%99%E7%84%A1%E7%B7%9A%E9%8D%B5%E7%9B%A4%E6%81%90%E6%B4%A9%E6%BC%8F%E5%80%8B%E8%B3%87/

Splunk 跨站脚本漏洞
http://www.splunk.com/view/SP-CAAAPQM

Google本周將修補上百個Android漏洞,過半和高通元件有關
http://www.ithome.com.tw/news/107477

Apache 2.4.23 (含)前的版本存在弱點(CVE-2016-5387),允許攻擊者遠端執行中間人攻擊
http://www.nccst.nat.gov.tw/VulnerabilityDetail?lang=zh&seq=1041

IBM AIX 遠程拒絕服務漏洞 CVE-2016-0281
http://aix.software.ibm.com/aix/efixes/security/mustendd_advisory.asc

Read on →

資安新聞及事件週報 2016/8/8 ~ 2016/8/12

1.重大弱點漏洞:
Linux爆核心漏洞,讓駭客能攔截未加密流量
http://www.ithome.com.tw/news/107739

VMware 多個漏洞 CVE-2016-5330 CVE-2016-5331
http://www.vmware.com/security/advisories/VMSA-2016-0010.html

D-Link 路由器遠端程式碼執行漏洞 CVE-2016-5681
http://www.kb.cert.org/vuls/id/332115
http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10063

Galaxy S7等逾9億支手機爆安全漏洞
http://tw.on.cc/tw/bkn/cnt/finance/20160808/bkntw-20160808150825253-0808_04311_001.html

Read on →

資安新聞及事件週報 2016/8/15 ~ 2016/8/19

1.重大弱點漏洞:
蘋果iMessage存在漏洞 駭客仍有機會攻入
https://contentparty.org/r/c3a1d487db6be8633a40c2d0c7c8a441

思科與Fortinet坦承防火牆漏洞遭「方程式」外流攻擊工具鎖定
http://www.ithome.com.tw/news/107826

Fortinet FortiGate/FortiOS 遠端程式碼執行漏洞
http://fortiguard.com/advisory/FG-IR-16-023
http://securitytracker.com/id/1036643

Apache Tomcat伺服器8.5.4(含)前的版本存在漏洞(CVE-2016-5388),允許攻擊者遠端執行中間人攻擊
http://www.nccst.nat.gov.tw/VulnerabilityDetail?lang=zh&seq=1042

Read on →

資安新聞及事件週報 2016/8/22 ~ 2016/8/26

1.重大弱點漏洞:
思科修復了NSA黑客洩漏的0day漏洞
http://fanli7.net/a/ITxinwen/hulianwang/20160820/572552.html

思科開始修補遭「方程式」鎖定的漏洞
http://www.ithome.com.tw/news/107916

蘋果釋出iOS 9.3.5,緊急修補3個竊取資料的零時差漏洞
http://www.ithome.com.tw/news/107939

phpMyAdmin 漏洞 CVE-2016-6627
https://www.phpmyadmin.net/security/PMASA-2016-50/

Read on →

資安新聞及事件週報 2016/8/29 ~ 2016/9/2

1.重大弱點漏洞:
蘋果修補已遭鎖定的Safari及OS X漏洞
http://www.ithome.com.tw/news/108168

Windows 10周年更新釋出新版本,解決登入凍結問題
http://www.ithome.com.tw/news/108155

RED HAT UPDATE FOR KERNEL (RHSA-2016:1640)
http://www.0daybank.org/?p=406

Facebook密碼重置漏洞,黑客利用該漏洞重置任意FB賬號
http://bobao.360.cn/news/detail/3506.html

Cisco與Fortinet防火牆產品存在多個安全漏洞
http://www.cpcm.pu.edu.tw/app/news.php?Sn=63

Read on →

資安新聞及事件週報 2016/9/5 ~ 2016/9/10

1.重大弱點漏洞:
Adobe ColdFusion < 11 Update 10 - XML​​外部實體注入
https://www.seebug.org/vuldb/ssvid-92397

微軟抓漏獎勵擴大至.NET Core與ASP.NET Core
http://www.ithome.com.tw/news/108214

谷歌發布新安全更新修復Quadrooter全部漏洞
http://tech.firefox.163.com/16/0907/06/0MDGP2I1XBL6JHW7.html

Redhat RESTEasy漏洞(CVE-2016-6346)
https://bugzilla.redhat.com/show_bug.cgi?id=1372120

Read on →

資安新聞及事件週報 2016/09/12 ~ 2016/09/16

1.重大弱點漏洞:
MySQL驚爆零時差漏洞,殃及MariaDB與Percona DB
http://www.ithome.com.tw/news/108454

微軟一口氣修補47個漏洞,包含藏匿至少8年的Detours漏洞
http://times.hinet.net/news/19285301

VMware Workstation Pro 及 Player 多個漏洞
http://securitytracker.com/id/1036805
http://www.vmware.com/security/advisories/VMSA-2016-0014.html

MySQL 權限提升漏洞
http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html
http://securitytracker.com/id/1036769

Read on →

資安新聞及事件週報 2016/09/19 ~ 2016/09/23

1.重大弱點漏洞:
升級需謹慎,iOS 10又曝出重大漏洞
http://tech.fanpiece.com/leiphone/%E5%8D%87%E7%B4%9A%E9%9C%80%E8%AC%B9%E6%85%8E-iOS-10%E5%8F%88%E6%9B%9D%E5%87%BA%E9%87%8D%E5%A4%A7%E6%BC%8F%E6%B4%9E-c1245202.html

Cisco Firepower Management Center漏洞(CVE-2016-6394)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsmc

Mozilla 計劃下週二釋出更新修復中間人攻擊漏洞
http://www.solidot.org/story?sid=49711

IE又爆漏洞美國軍方網站遭遇雪人攻擊
http://online.ysbk0i.com/gwpj/21954.html

黑客可通過寶馬門戶網站漏洞篡改BMW車輛的設置
http://mini.eastday.com/a/160918163923884.html

Read on →

資安新聞及事件週報 2016/09/26 ~ 2016/09/30

1.重大弱點漏洞:
Internet Systems Consortium(ISC)發布BIND的安全更新,部分漏洞可能導致阻斷服務攻擊
http://www.cert.org.tw/twcert/advdetail/3344

D-Link DWR-932 B遭爆有約20個安全漏洞,研究人員:別用了
http://www.ithome.com.tw/news/108741

swagger高危漏洞影響Java、PHP、NodeJS和 Ruby等語言
https://www.taiwanfansclub.com/article-405880-1.html?mod=view&aid=405880&page=1&

macOS Server、macOS Sierra、Safari與iCloud for Windows.存在多個弱點
https://support.apple.com/en-us/HT207171

Read on →

資安新聞及事件週報 2016/10/03 ~ 2016/10/07

1.重大弱點漏洞:
Apache Tomcat 緩衝區滿溢漏洞 CVE-2016-6808
http://tomcat.apache.org/security-jk.html#Fixed_in_Apache_Tomcat_JK_Connector_1.2.42

Palo Alto PAN-OS 敏感資訊洩露漏洞
http://securitytracker.com/id/1036968

MariaDB 漏洞 CVE-2016-6662
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6662

Cisco發佈多項產品安全更新,部分漏洞可能導致認證繞過
https://www.us-cert.gov/ncas/current-activity/2016/10/05/Cisco-Releases-Security-Updates

Read on →

資安新聞及事件週報 2016/10/10 ~ 2016/10/14

1.重大弱點漏洞:
Palo Alto PAN-OS 敏感資訊洩露漏洞
http://securityadvisories.paloaltonetworks.com/

Apache Tomcat 緩衝區滿溢漏洞
http://tomcat.apache.org/security-jk.html#Fixed_in_Apache_Tomcat_JK_Connector_1.2.42

F5 BIG-IP 漏洞 CVE-2016-5700
https://support.f5.com/kb/en-us/solutions/public/k/35/sol35520031.html

Winhex Editor DLL劫持漏洞
https://cxsecurity.com/issue/WLB-2016020001

VMware Horizon View 漏洞
http://securitytracker.com/id/1036972

Read on →

資安新聞及事件週報 2016/10/17 ~ 2016/10/21

1.重大弱點漏洞:
phpMyAdmin 跨站腳本漏洞 CVE-2016-6607
https://www.phpmyadmin.net/security/PMASA-2016-30/

Juniper Junos Space 安全漏洞 CVE-2016-4927
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10760&cat=SIRT_1&actp=LIST

甲骨文大舉修補253個安全漏洞,含15個重大漏洞
http://www.ithome.com.tw/news/109162

VMware Horizon View 存在安全性弱點
http://www.vmware.com/security/advisories/VMSA-2016-0015.html

Read on →

資安新聞及事件週報 2016/10/24 ~ 2016/10/28

1.重大弱點漏洞:
臟牛漏洞Dirty COW CVE-2016-5195 2.6.22 < 3.9 (x86/x64)
http://www.bkjia.com/Linuxjc/1167392.html

Adobe搶修已遭攻擊的Flash漏洞
http://www.ithome.com.tw/news/109272

Apache Tomcat 多個漏洞
https://www.auscert.org.au/render.html?it=40038

Android Rowhammer 攻擊漏洞(Drammer)
https://www.seebug.org/vuldb/ssvid-92489

Palo Alto PAN-OS JavaScript 執行和輸入驗證漏洞
http://securityadvisories.paloaltonetworks.com/Home/Detail/64
http://securityadvisories.paloaltonetworks.com/Home/Detail/62

Read on →

資安新聞及事件週報 2016/10/31 ~ 2016/11/4

1.重大弱點漏洞:
CVE-2015-0665 Cisco AnyConnect Secure Mobility Client Multiple Security Vulnerabilities
http://www.0daybank.org/?p=2816

ISC BIND 阻斷服務漏洞
http://securitytracker.com/id/1037156

Palo Alto PAN-OS 多個漏洞
http://securitytracker.com/id/1037152
http://securitytracker.com/id/1037153

Oracle WebLogic Commons DiskFileItem Deserialization of Untrusted Data 漏洞
https://www.seebug.org/vuldb/ssvid-92515

Read on →

資安新聞及事件週報 2016/11/7 ~ 2016/11/11

1.重大弱點漏洞:
SAP NetWeaver Application Server Remote User Account Disclosure Vulnerability
http://www.0daybank.org/?p=2965

Red Hat Update for kernel (RHSA-2016:2124) (Dirty Cow)
http://www.0daybank.org/?p=2957

Rowhammer漏洞:PC遭殃後,Android設備也難逃魔掌
http://www.searchsecurity.com.cn/showcontent_94002.htm

ISC發佈BIND安全更新,該漏洞會導致阻斷服務攻擊
https://kb.isc.org/article/AA-01434/0

Cisco Email Security Appliance CVE-2016-1481
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1481

Oracle JDK、Weblogic Server CVE-2016-5556
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5556

Read on →

資安新聞及事件週報 2016/11/14 ~ 2016/11/18

1.重大弱點漏洞:
Debian Security Update for tar (DSA 3702-1)
http://www.0daybank.org/?p=3234

思科 ASA 遠端執行程式碼漏洞
http://securitytracker.com/id/1037306

CA發佈Unified Infrastructure Management安全更新,該漏洞會導致目錄遍歷
https://ics-cert.us-cert.gov/advisories/ICSA-16-315-01

OpenSSL發佈安全更新,部分漏洞可能導致阻斷服務攻擊
https://www.us-cert.gov/ncas/current-activity/2016/11/10/OpenSSL-Releases-Security-Update

CVE-2016-6313Red Hat Update for libgcrypt (RHSA-2016:2674)
http://www.0daybank.org/?p=3220

Novell Open Enterprise Server安全漏洞(CVE-2016-5763)
http://download.novell.com/Download?buildid=dfqmrymc0Rg~

Read on →