Your posts match “ 資安新聞及事件週報 ” tag:

資安新聞及事件週報 2017/7/10 ~ 2017/7/14

1.重大弱點漏洞
Struts 2 再曝高危遠程代碼執行漏洞
https://zhuanlan.zhihu.com/p/27762032
https://cwiki.apache.org/confluence/display/WW/S2-048

微軟7月安全性更新 這項漏洞最好先修補
http://www.cna.com.tw/news/ait/201707130386-1.aspx

Samba 繞過保安限制漏洞
https://www.us-cert.gov/ncas/current-activity/2017/07/12/Samba-Releases-Security-Updates
https://www.samba.org/samba/security/CVE-2017-11103.html

微軟Windows作業系統的NTLM驗證通訊協定存在允許攻擊者透過重送攻擊進而取得整個網域控制權之漏洞(CVE-2017-8563)
https://www.nccst.nat.gov.tw/VulnerabilityDetail.aspx?lang=zh&seq=1065

Apache mod_http2 及 mod_auth_digest 多個漏洞
http://securitytracker.com/id/1038907
http://securitytracker.com/id/1038906

Apache Struts 遠端執行程式碼漏洞
http://www.cnvd.org.cn/flaw/show/CNVD-2017-13259
http://securitytracker.com/id/1038838

微軟發布7月補丁修復55個安全問題
http://blog.nsfocus.net/microsoft-released-july-patch-fix-55-security-issues/

Samba釋出重大安全更新 CVE-2017-11103
https://www.samba.org/samba/security/CVE-2017-11103.html
https://www.us-cert.gov/ncas/current-activity/2017/07/12/Samba-Releases-Security-Updates

RoundCube Webmail 多個權限提升漏洞(CVE-2017-8114)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8114

Adobe Flash Player 及Adobe Connect 存在多個安全性弱點
https://www.us-cert.gov/ncas/current-activity/2017/07/11/Adobe-Releases-Security-Updates
https://helpx.adobe.com/security/products/flash-player/apsb17-21.html
https://helpx.adobe.com/security/products/connect/apsb17-22.html

微軟修補19個重大安全漏洞
http://www.ithome.com.tw/news/115546

微軟釋出Windows重大更新 保護資料動作快
https://www.nownews.com/news/20170713/2588338

Juniper Junos 多個漏洞
https://www.auscert.org.au/bulletins/49870
https://www.auscert.org.au/bulletins/49846

Read on →

資安新聞及事件週報 2017/7/17 ~ 2017/7/21

1.重大弱點漏洞
SAP 發布安全漏洞報告:修復影響5000 億次安裝的SAP POS 漏洞
http://hackernews.cc/archives/12307

關於Samba Orpheus' Lyre KDC-REP服務名校驗漏洞通知
http://bbs.qcloud.com/thread-33652-1-1.html

鎖定「SambaCry」漏洞的新威脅現身, Linux 使用者請盡速更新系統
https://blog.trendmicro.com.tw/?p=51159

Samba 軟體存在安全性弱點(CVE-2017-11103)
https://www.us-cert.gov/ncas/current-activity/2017/07/12/Samba-Releases-Security-Updates
https://www.samba.org/samba/

未來四年之內,零時差漏洞出現的頻率很可能提高到每天一次
https://blog.trendmicro.com.tw/?p=50864

FreeRADIUS 安全漏洞
http://freeradius.org/security/fuzzer-2017.html

Trend Micro Control Manager (TMCM) 6.0安全性弱點
http://files.trendmicro.com/products/tmcm/06/patch/Readme_tmcm_60_win_en_sp3_patch3.txt

Siemens SIMATIC WinCC Sm@rtClient for Android中間人攻擊漏洞
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-589378.pdf

思科WebEx爆高危漏洞,允許遠程執行代碼
https://www.hackeye.net/securitytetchnology/netsec/6445.aspx

VMware虛擬機逃逸漏洞攻擊代碼
http://www.weibo.com/1645903643/Fdh9uaijT?type=comment#_rnd1500654171991

IBM HTTP Server 多個漏洞
http://www.ibm.com/support/docview.wss?uid=swg22005280

Read on →

資安新聞及事件週報 2017/2/13 ~ 2017/2/17

1.重大弱點漏洞
TP-Link C2和C20i漏洞
https://pierrekim.github.io/blog/2017-02-09-tplink-c2-and-c20i-vulnerable.html

Oracle 多個產品存在安全性弱點
http://www.gsn-cert.nat.gov.tw/05-02-01-detail.php?cat=vul&chtip=HiNet-2017-0008

微軟視窗 GDI32.DLL 漏洞 CVE-2017-0038
http://securitytracker.com/id/1037845

Server Message Block (SMB)存在弱點威脅
http://www.gsn-cert.nat.gov.tw/05-02-01-detail.php?cat=event&chtip=HiNet-2017-0007

Read on →

資安新聞及事件週報 2017/6/26 ~ 2017/6/30

1.重大弱點漏洞

中國Foscam網路攝影機產品存在多項漏洞
https://www.nccst.nat.gov.tw/NewsRSSDetail?lang=zh&RSSType=news&seq=15969

Cisco Firepower Management Center跨站點腳本漏洞
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-fmc2

systemd遭爆有漏洞,允許駭客執行任意程式
http://www.ithome.com.tw/news/115256

ISC BIND 多個漏洞 CVE-2017-3142 CVE-2017-3143
http://securitytracker.com/id/1038809

Win 10秋季更新將導入AI阻擋惡意攻擊
http://www.chinatimes.com/realtimenews/20170629004225-260412

Microsoft Skype棧緩衝區溢出漏洞(CVE-2017-9948)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9948

IBM QRadar SIEM信息洩露漏洞(CVE-2016-9972)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9972

IBM QRadar SIEM HTML注入漏洞(CVE-2017-1234)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1234

IBM QRadar SIEM安全限制繞過漏洞(CVE-2016-9738)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9738

Cisco身份服務引擎跨站點腳本漏洞
http://www.bsahack.net/forum.php?mod=viewthread&tid=143&extra=

Cisco主要協作供應工具會話劫持漏洞
https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170621-pcp1

微軟修補Microsoft Malware Protection Engine的遠端程式漏洞
http://www.ithome.com.tw/news/115157

Read on →

資安新聞及事件週報 2017/7/3 ~ 2017/7/7

1.重大弱點漏洞
[重要通知] 【安全預警】關於Systemd遠程代碼執行漏洞通知
http://bbs.qcloud.com/thread-32573-1-1.html

CentOS 7發佈內核安全更新:修復五處漏洞
http://www.cnbeta.com/articles/soft/627595.htm

10塊錢買你隱私 簡單四步就能破解家庭攝像頭
http://news.sina.com.tw/article/20170703/22894886.html

英特爾芯片嚴重漏洞 西門子38款工業產品中招
http://it.big5.enorth.com.cn/system/2017/07/06/033300755.shtml

Huawei AR1220 安全漏洞
http://www.huawei.com/en/psirt/security-advisories/hw-417840

IBM WebSphere 應用程式伺服器多個漏洞
https://www.auscert.org.au/bulletins/49530

Cisco Elastic Services Controller 安全漏洞
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc2

ISC BIND安全限制繞過漏洞(CVE-2017-3142)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3142

特定版本Samba軟體存在允許攻擊者遠端執行任意程式碼之漏洞(CVE-2017-7494)
https://www.nccst.nat.gov.tw/VulnerabilityDetail?lang=zh&seq=1062

SWFTools 安全漏洞
https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8420

Read on →

資安新聞及事件週報 2016/11/28 ~ 2016/12/02

1.重大弱點漏洞:
微軟Azure漏洞讓RedHat映象檔安全拉警報
http://www.ithome.com.tw/news/109861

Mozilla與Tor修補瀏覽器上同一個零時差漏洞
http://www.ithome.com.tw/news/109967

虛擬化漏洞呈增長趨勢VMware發布一批漏洞公告
http://www.twoeggz.com/news/2601316.html

Netis 路由器後門漏洞最新發展
http://blog.trendmicro.com.tw/?p=37089

Paloaltonetworks Pan OS CVE-2016-9150
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9150

Network Time Protocol Daemon 存在阻斷服務等多個安全性弱點
http://nwtime.org/ntp428p9_release/
http://www.kb.cert.org/vuls/id/633847

NTP漏洞可致Windows系統觸發DoS
http://www.weidu8.net/wx/1009148014236920

Read on →

資安新聞及事件週報 2016/12/12 ~ 2016/12/16

1.重大弱點漏洞
Eioneus系統公司發現印度UAN網站嚴重的安全漏洞
https://95cnweb.com/233.html

安全研究人員發現攻擊套件最喜Flash Player安全漏洞
http://www.qingpingshan.com/pc/aq/175778.html

MySQL現高危漏洞,可致服務器root權限被竊取
http://www.geeker.hk/?post=647

Adobe修補17個Flash漏洞,包含已被攻擊的零時差漏洞
http://www.ithome.com.tw/news/110321

密碼管理軟件Teampass 存在未授權SQL 注入漏洞
http://study.rnuomi.com/open0day/2016121340614.html

McAfee 修復企業版Linux 殺毒軟件遠程代碼執行漏洞,可獲得Root 權限
http://hackernews.cc/archives/3591

Read on →

資安新聞及事件週報 2017/1/2 ~ 2017/1/6

1.重大弱點漏洞
多款IBM Rational產品漏洞
https://www-01.ibm.com/support/docview.wss?uid=swg21996097

PHP7曝出三個高危0-day漏洞,還有一個仍未修復
http://www.freebuf.com/news/124159.html

Kaspersky 防毒產品多個漏洞
https://support.kaspersky.com/vulnerability.aspx?el=12430#281216

Apple IOS 訊息程式 VCF 處理漏洞
http://securitytracker.com/id/1037540

Google修補Pixel前相機可被追蹤的隱私漏洞
http://www.ithome.com.tw/news/110748

Read on →

資安新聞及事件週報 2017/2/20 ~ 2017/2/24

1.重大弱點漏洞
OpenSSL 存在安全性弱點
https://www.us-cert.gov/ncas/current-activity/2017/02/16/OpenSSL-Releases-Security-Update
https://www.openssl.org/news/secadv/20170216.txt
https://blog.ucloud.cn/archives/1849

Trend Micro InterScan Web Security Virtual Appliance 多個漏洞
http://success.trendmicro.com/solution/1116672

TP-Link 兩款路由器有漏洞 黑客可於遠程執行程式碼導致 DoS
https://unwire.pro/2017/02/17/tp-link-routers-vulnerable/security/

資安業者:Android for Work含有兩個中間程式攻擊漏洞
http://times.hinet.net/news/20030360

Read on →

資安新聞及事件週報 2016/8/22 ~ 2016/8/26

1.重大弱點漏洞:
思科修復了NSA黑客洩漏的0day漏洞
http://fanli7.net/a/ITxinwen/hulianwang/20160820/572552.html

思科開始修補遭「方程式」鎖定的漏洞
http://www.ithome.com.tw/news/107916

蘋果釋出iOS 9.3.5,緊急修補3個竊取資料的零時差漏洞
http://www.ithome.com.tw/news/107939

phpMyAdmin 漏洞 CVE-2016-6627
https://www.phpmyadmin.net/security/PMASA-2016-50/

Read on →

資安新聞及事件週報 2016/8/8 ~ 2016/8/12

1.重大弱點漏洞:
Linux爆核心漏洞,讓駭客能攔截未加密流量
http://www.ithome.com.tw/news/107739

VMware 多個漏洞 CVE-2016-5330 CVE-2016-5331
http://www.vmware.com/security/advisories/VMSA-2016-0010.html

D-Link 路由器遠端程式碼執行漏洞 CVE-2016-5681
http://www.kb.cert.org/vuls/id/332115
http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10063

Galaxy S7等逾9億支手機爆安全漏洞
http://tw.on.cc/tw/bkn/cnt/finance/20160808/bkntw-20160808150825253-0808_04311_001.html

Read on →

資安新聞及事件週報 2016/12/19 ~ 2016/12/23

1.重大弱點漏洞
Ubuntu崩潰報告工具存在遠程代碼執行漏洞
http://bobao.360.cn/learning/detail/3305.html

Fedora 和Ubuntu 曝出0day 漏洞
https://kknews.cc/tech/l8e5erz.html

Apache HTTPD 多個漏洞 CVE-2016-0736 CVE-2016-2161 CVE-2016-8743
http://securitytracker.com/id/1037508

OpenSSH曝最新遠程命令執行漏洞CVE-2016-10009
http://www.kangddos.com/6806.html

思科產品多個漏洞 CVE-2016-6474 CVE-2016-6467
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuv89417
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCva84552

Read on →

資安新聞及事件週報 2017/4/10 ~ 2017/4/14

1.重大弱點漏洞
Microsoft Office Word 版本之物件連結與嵌入(OLE) 存在零時差漏洞
http://www.nccst.nat.gov.tw/VulnerabilityDetail?lang=zh&seq=1056
http://www.ithome.com.tw/news/113340
https://www.cybersecurity-help.cz/vdb/SB2017040901
https://www.fireeye.com/blog/threat-research/2017/04/acknowledgement_ofa.html
https://securingtomorrow.mcafee.com/mcafee-labs/critical-office-zero-day-attacks-detected-wild
https://support.office.com/en-us/article/What-is-Protected-View-d6f09ac7-e6b9-4495-8e43-2bbcdbcb6653
http://thehackernews.com/2017/04/microsoft-word-zero-day.html

McAfee:駭客以零時攻擊程式入侵微軟系統漏洞,影響所有Office用戶
http://www.ithome.com.tw/news/113340

儘快安裝修補程式!微軟 Word 漏洞影響上百萬人
http://technews.tw/2017/04/12/word-zero-day-vulnerability-affect-millions-it-should-be-update-and-packed-immediately/

微軟發佈安全更新,其中包含Office零時差漏洞
https://technet.microsoft.com/en-us/security/bulletins.aspx
https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199-hta-handler.html

Openbsd 漏洞 CVE-2017-5850
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5850

NTP 漏洞 CVE-2017-6463
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6463

WebKitGTK+ Late TLS 漏洞
https://webkitgtk.org/security/WSA-2015-0002.html

AlienVault OSSIM和USM身份驗證繞過漏洞
https://www.alienvault.com/forums/discussion/7765/alienvault-v5-3-1-hotfix

Read on →

資安新聞及事件週報 2017/5/8 ~ 2017/5/12

1.重大弱點漏洞
IODATA WN-G300R3 CVE-2017-2141 CVE-2017-2142
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2141
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-2142

EPS Processing Zero-Days Exploited by Multiple Threat Actors
https://www.fireeye.com/blog/threat-research/2017/05/eps-processing-zero-days.html

Microsoft Malware Protection Engine 存在安全性弱點
https://support.microsoft.com/zh-hk/help/2510781/microsoft-malware-protection-engine-deployment-information
https://www.us-cert.gov/ncas/current-activity/2017/05/08/Microsoft-Releases-Critical-Security-Update
https://technet.microsoft.com/en-us/library/security/4022344.aspx

微軟安全產品爆近來最嚴重的遠端程式碼執行漏洞,殃及Windows 7到10
http://www.ithome.com.tw/news/114074

微軟遠端執行程式碼漏洞 CVE-2017-0290
https://technet.microsoft.com/library/security/4022344

微軟被曝 Windows 最新遠程代碼執行漏洞:極其糟糕!現漏洞詳情已發佈
http://www.hksilicon.com/articles/1331456

糗爆了!Google工程師又發現Windows系統大漏洞
https://www.cool3c.com/article/123954

Read on →

資安新聞及事件週報 2017/3/27 ~ 2017/3/31

1.重大弱點漏洞
Cisco AsyncOS 漏洞
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-wsa

NTP拒絕服務漏洞(CVE-2016-9042)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9042

Trend_Micro Endpoint_Sensor漏洞 CVE-2017-6798
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6798

Mikrotik Router hap lite firmware 漏洞 CVE-2017-6444
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6444

Read on →

資安新聞及事件週報 2017/3/6 ~ 2017/3/10

1.重大弱點漏洞
Tenable Nessus 漏洞
http://securitytracker.com/id/1037887

IBM iNotes 漏洞
http://www-01.ibm.com/support/docview.wss?uid=swg21997010

Apache Struts2 遠端執行程式碼漏洞
http://www.cert.org.cn/publish/main/9/2017/20170307143036394110259/20170307143036394110259_.html

Symantec Endpoint Protection 多個漏洞
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170306_00

EXPLOITEE.RS 揭露WD MY CLOUD 系列NAS 存在安全漏洞
https://news.xfastest.com/wd/32237/exploitee-rs-wd-my-cloud-nas/

Read on →

資安新聞及事件週報 2017/6/5 ~ 2017/6/9

1.重大弱點漏洞

Cisco Firepower Threat Defense CVE-2017-6632
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6632

這個漏洞值7650美元,原因是你可以在任意Twitter賬戶上發小片兒
http://www.ifuun.com/a2017612624213/

Sudo爆本地端最高權限漏洞,各家Linux相繼修補更新
https://www.ptt.cc/bbs/Gossiping/M.1496455528.A.296.html

Apache Tomcat 預設 Servlet 錯誤處理漏洞
http://securitytracker.com/id/1038641

VMware Horizon View Client for Mac Command Injection Vulnerability
http://securitytracker.com/id/1038642

VMware vSphere Data Protection 多個漏洞
http://www.vmware.com/security/advisories/VMSA-2017-0010.html

FreeRADIUS 遠端使用者繞過認證漏洞
http://freeradius.org/press/index.html#3.0.14
http://securitytracker.com/id/1038576

Read on →

資安新聞及事件週報 2017/5/22 ~ 2017/5/26

1.重大弱點漏洞
Cisco WebEx Meetings Server 存在資訊洩露弱點
http://www.gsn-cert.nat.gov.tw/05-02-01-detail.php?cat=vul&chtip=HiNet-2017-0055

VMware回應Pwn2Own事件報告的漏洞問題CVE-2017-4902,CVE-2017-4903,CVE-2017-4904,CVE-2017-4905(2150228)
https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2150228

VMware Workstation Pro/Player 多個漏洞 CVE-2017-4915 CVE-2017-4916
http://securitytracker.com/id/1038525
http://securitytracker.com/id/1038526

Microsoft Windows作業系統及Google Chrome瀏覽器存在處理SCF檔的弱點
http://www.csu.edu.tw/app/news.php?Sn=3701

Samba驚爆7年漏洞,一行程式碼就可遠端攻擊
http://www.ithome.com.tw/news/114457

Samba爆嚴重安全漏洞,臺灣2家NAS廠商緊急推修補
http://www.ithome.com.tw/news/114487

特定版本Samba軟體存在允許攻擊者遠端執行任意程式碼之漏洞(CVE-2017-7494),可取得管理者權限
https://www.nccst.nat.gov.tw/VulnerabilityDetail?lang=zh&seq=1062

駭到真要命! 研究:心律調節器藏有超過8000個已知漏洞
http://www.ithome.com.tw/news/114494

Windows+Chrome曝出憑證外泄漏洞
https://www.how321.com/70916.html

Read on →

資安新聞及事件週報 2017/3/20 ~ 2017/3/24

1.重大弱點漏洞
3秒攻破Adobe公司閱讀器 挖出蘋果系統「骨灰級」漏洞
http://news.sina.com.tw/article/20170318/21148926.html

ASUS RT-AC53漏洞 CVE-2017-6548 CVE-2017-6549
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6548
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6549

D-Link DI-524 漏洞 CVE-2017-5633
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5633

IBM QRadar Security Information and Event Manager漏洞 CVE-2016-9726 CVE-2016-9727 CVE-2016-9740
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9727
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9740

Netgear Dgn2200 series firmware 漏洞 CVE-2017-6334
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6334

Read on →

資安新聞及事件週報 2017/1/9 ~ 2017/1/13

1.重大弱點漏洞
Joomla! aWeb Cart Watching System for Virtuemart擴展SQL漏洞 CVE-2016-10114
https://vel.joomla.org/resolved/1897-aweb-cart-watching-system-2-6-0

多個F5 BIG-IP產品拒絕服務漏洞 CVE-2016-7476
http://www.securityfocus.com/bid/94353

VMware vRealize Operations Vsphere Data Protection CVE-2016-7457 CVE-2016-7462 CVE-2016-7456
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7457
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7462
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7456

Zend-Mail存在允許攻擊者遠端執行任意程式碼之漏洞(CVE-2016-10034)
http://www.nccst.nat.gov.tw/VulnerabilityDetail?lang=zh&seq=1050

SwiftMailer存在允許攻擊者遠端執行任意程式碼之漏洞(CVE-2016-10074)
http://www.nccst.nat.gov.tw/VulnerabilityDetail?lang=zh&seq=1049

Read on →