Your posts match “ 資安新聞及事件週報 ” tag:

資安新聞及事件週報 2017/5/22 ~ 2017/5/26

1.重大弱點漏洞
Cisco WebEx Meetings Server 存在資訊洩露弱點
http://www.gsn-cert.nat.gov.tw/05-02-01-detail.php?cat=vul&chtip=HiNet-2017-0055

VMware回應Pwn2Own事件報告的漏洞問題CVE-2017-4902,CVE-2017-4903,CVE-2017-4904,CVE-2017-4905(2150228)
https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2150228

VMware Workstation Pro/Player 多個漏洞 CVE-2017-4915 CVE-2017-4916
http://securitytracker.com/id/1038525
http://securitytracker.com/id/1038526

Microsoft Windows作業系統及Google Chrome瀏覽器存在處理SCF檔的弱點
http://www.csu.edu.tw/app/news.php?Sn=3701

Samba驚爆7年漏洞,一行程式碼就可遠端攻擊
http://www.ithome.com.tw/news/114457

Samba爆嚴重安全漏洞,臺灣2家NAS廠商緊急推修補
http://www.ithome.com.tw/news/114487

特定版本Samba軟體存在允許攻擊者遠端執行任意程式碼之漏洞(CVE-2017-7494),可取得管理者權限
https://www.nccst.nat.gov.tw/VulnerabilityDetail?lang=zh&seq=1062

駭到真要命! 研究:心律調節器藏有超過8000個已知漏洞
http://www.ithome.com.tw/news/114494

Windows+Chrome曝出憑證外泄漏洞
https://www.how321.com/70916.html

Read on →

資安新聞及事件週報 2017/5/29 ~ 2017/6/2

1.重大弱點漏洞

Samba 新安全漏洞曝光!變種「WannaCry」隨時轉攻 NAS
http://ppt.cc/kYUHM

Struts2再爆高危漏洞,思科釋出易受攻擊產品名單
https://ifun01.com/8TPSMF9.html

WordPress可能泄露密碼重設連結,允駭客取得網站控制權
https://kknews.cc/tech/makbgnp.html

Aruba訪問策略平台發布新的已修復漏洞
https://www.hackeye.net/industry/4145.aspx

Sudo爆本地端最高權限漏洞,各家Linux相繼修補更新
http://www.ithome.com.tw/news/114635

Juniper Networks Junos Space跨站腳本漏洞(CVE-2017-2307)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2307
https://kb.juniper.net/JSA10770

CVE-2017-1000367:Sudo本地提權漏洞
http://ppt.cc/95KOO

Trend Micro InterScan Web Security 多個漏洞
https://success.trendmicro.com/solution/1117412
http://securitytracker.com/id/1038584

FreeRADIUS 遠端使用者繞過認證漏洞 CVE-2017-9148
http://freeradius.org/press/index.html#3.0.14
http://securitytracker.com/id/1038576

微軟 Malware Protection Engine 多個漏洞
http://securitytracker.com/id/1038571

Read on →

資安新聞及事件週報 2017/6/12 ~ 2017/6/16

1.重大弱點漏洞
7 成半漏洞未發表就在黑市公開
http://ppt.cc/OSPgH

IBM終於對9個月前發現的嚴重漏洞發布緩解方案!但白帽子心裡委屈
http://www.freebuf.com/news/136739.html

維基解密再爆CIA路由器/AP入侵工具,D-Link、華碩、思科、蘋果皆失守
http://www.ithome.com.tw/news/114951

思科 NX-OS 阻斷服務漏洞
https://auscert.org.au/render.html?it=48670

SCADA漏洞的平均修復時間竟長達150天
https://m.baidu.com/feed/data/landingpage?s_type=news&dsp=wise&nid=3322609109203173898&n_type=&p_from=4

微軟每月保安更新(2017年 6 月)
https://www.hkcert.org/my_url/zh/alert/17061401

NIST漏洞公佈時間延遲過長,或存重大安全風險
https://www.hackeye.net/threatintelligence/4582.aspx

F-Secure 分析報告:中國互聯網攝像機Foscam 被曝18 處漏洞
http://hackernews.cc/archives/11071

Read on →

資安新聞及事件週報 2017/6/5 ~ 2017/6/9

1.重大弱點漏洞

Cisco Firepower Threat Defense CVE-2017-6632
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6632

這個漏洞值7650美元,原因是你可以在任意Twitter賬戶上發小片兒
http://www.ifuun.com/a2017612624213/

Sudo爆本地端最高權限漏洞,各家Linux相繼修補更新
https://www.ptt.cc/bbs/Gossiping/M.1496455528.A.296.html

Apache Tomcat 預設 Servlet 錯誤處理漏洞
http://securitytracker.com/id/1038641

VMware Horizon View Client for Mac Command Injection Vulnerability
http://securitytracker.com/id/1038642

VMware vSphere Data Protection 多個漏洞
http://www.vmware.com/security/advisories/VMSA-2017-0010.html

FreeRADIUS 遠端使用者繞過認證漏洞
http://freeradius.org/press/index.html#3.0.14
http://securitytracker.com/id/1038576

Read on →

資安新聞及事件週報 2016/10/17 ~ 2016/10/21

1.重大弱點漏洞:
phpMyAdmin 跨站腳本漏洞 CVE-2016-6607
https://www.phpmyadmin.net/security/PMASA-2016-30/

Juniper Junos Space 安全漏洞 CVE-2016-4927
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10760&cat=SIRT_1&actp=LIST

甲骨文大舉修補253個安全漏洞,含15個重大漏洞
http://www.ithome.com.tw/news/109162

VMware Horizon View 存在安全性弱點
http://www.vmware.com/security/advisories/VMSA-2016-0015.html

Read on →

資安新聞及事件週報 2016/12/19 ~ 2016/12/23

1.重大弱點漏洞
Ubuntu崩潰報告工具存在遠程代碼執行漏洞
http://bobao.360.cn/learning/detail/3305.html

Fedora 和Ubuntu 曝出0day 漏洞
https://kknews.cc/tech/l8e5erz.html

Apache HTTPD 多個漏洞 CVE-2016-0736 CVE-2016-2161 CVE-2016-8743
http://securitytracker.com/id/1037508

OpenSSH曝最新遠程命令執行漏洞CVE-2016-10009
http://www.kangddos.com/6806.html

思科產品多個漏洞 CVE-2016-6474 CVE-2016-6467
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuv89417
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCva84552

Read on →

資安新聞及事件週報 2017/1/9 ~ 2017/1/13

1.重大弱點漏洞
Joomla! aWeb Cart Watching System for Virtuemart擴展SQL漏洞 CVE-2016-10114
https://vel.joomla.org/resolved/1897-aweb-cart-watching-system-2-6-0

多個F5 BIG-IP產品拒絕服務漏洞 CVE-2016-7476
http://www.securityfocus.com/bid/94353

VMware vRealize Operations Vsphere Data Protection CVE-2016-7457 CVE-2016-7462 CVE-2016-7456
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7457
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7462
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7456

Zend-Mail存在允許攻擊者遠端執行任意程式碼之漏洞(CVE-2016-10034)
http://www.nccst.nat.gov.tw/VulnerabilityDetail?lang=zh&seq=1050

SwiftMailer存在允許攻擊者遠端執行任意程式碼之漏洞(CVE-2016-10074)
http://www.nccst.nat.gov.tw/VulnerabilityDetail?lang=zh&seq=1049

Read on →

資安新聞及事件週報 2016/09/26 ~ 2016/09/30

1.重大弱點漏洞:
Internet Systems Consortium(ISC)發布BIND的安全更新,部分漏洞可能導致阻斷服務攻擊
http://www.cert.org.tw/twcert/advdetail/3344

D-Link DWR-932 B遭爆有約20個安全漏洞,研究人員:別用了
http://www.ithome.com.tw/news/108741

swagger高危漏洞影響Java、PHP、NodeJS和 Ruby等語言
https://www.taiwanfansclub.com/article-405880-1.html?mod=view&aid=405880&page=1&

macOS Server、macOS Sierra、Safari與iCloud for Windows.存在多個弱點
https://support.apple.com/en-us/HT207171

Read on →

資安新聞及事件週報 2016/10/24 ~ 2016/10/28

1.重大弱點漏洞:
臟牛漏洞Dirty COW CVE-2016-5195 2.6.22 < 3.9 (x86/x64)
http://www.bkjia.com/Linuxjc/1167392.html

Adobe搶修已遭攻擊的Flash漏洞
http://www.ithome.com.tw/news/109272

Apache Tomcat 多個漏洞
https://www.auscert.org.au/render.html?it=40038

Android Rowhammer 攻擊漏洞(Drammer)
https://www.seebug.org/vuldb/ssvid-92489

Palo Alto PAN-OS JavaScript 執行和輸入驗證漏洞
http://securityadvisories.paloaltonetworks.com/Home/Detail/64
http://securityadvisories.paloaltonetworks.com/Home/Detail/62

Read on →

資安新聞及事件週報 2017/3/27 ~ 2017/3/31

1.重大弱點漏洞
Cisco AsyncOS 漏洞
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-wsa

NTP拒絕服務漏洞(CVE-2016-9042)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9042

Trend_Micro Endpoint_Sensor漏洞 CVE-2017-6798
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6798

Mikrotik Router hap lite firmware 漏洞 CVE-2017-6444
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6444

Read on →

資安新聞及事件週報 2016/11/21 ~ 2016/11/25

1.重大弱點漏洞:
Wireshark DTN解析器拒絕服務漏洞(CVE-2016-9375)
https://www.wireshark.org/security/wnpa-sec-2016-62.html

Cisco AsyncOS遠程安全限制繞過漏洞(CVE-2016-6458)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-esa

Norton 及 Symantec 企業版產品遠端執行程式碼漏洞 CVE-2016-5311
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20161117_00

VMware 產品遠端執行程式碼漏洞 CVE-2016-7461
https://www.us-cert.gov/ncas/current-activity/2016/11/14/VMWare-Releases-Security-Updates

思科產品多個漏洞
https://www.auscert.org.au/render.html?it=41102
https://www.auscert.org.au/render.html?it=41118

Read on →

資安新聞及事件週報 2017/3/20 ~ 2017/3/24

1.重大弱點漏洞
3秒攻破Adobe公司閱讀器 挖出蘋果系統「骨灰級」漏洞
http://news.sina.com.tw/article/20170318/21148926.html

ASUS RT-AC53漏洞 CVE-2017-6548 CVE-2017-6549
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6548
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6549

D-Link DI-524 漏洞 CVE-2017-5633
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5633

IBM QRadar Security Information and Event Manager漏洞 CVE-2016-9726 CVE-2016-9727 CVE-2016-9740
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9727
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9740

Netgear Dgn2200 series firmware 漏洞 CVE-2017-6334
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6334

Read on →

資安新聞及事件週報 2017/4/17 ~ 2017/4/21

1.資安新聞.重大弱點漏洞
ISC BIND 存在多個安全性弱點
https://www.us-cert.gov/ncas/current-activity/2017/04/12/ISC-Releases-Security-Updates-BIND
https://kb.isc.org/article/AA-01465/

Cisco 多項產品存在安全弱點
https://www.us-cert.gov/ncas/current-activity/2017/04/06/Cisco-Releases-Security-Updates

思科 IOS 及 IOS XE 阻斷服務漏洞
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-energywise

Juniper Junos 多個漏洞
https://www.auscert.org.au/render.html?it=46470

【緊急】LINKSYS 無線路由出漏洞 籲用戶停訪客網絡改密碼
http://ppt.cc/4Rj4a

Linksys旗下25款路由器被爆存在安全漏洞
https://kknews.cc/tech/qyajylg.html

Read on →

資安新聞及事件週報 2017/1/30 ~ 2017/2/3

1.重大弱點漏洞
Brocade Network Advisor CliMonitorReportServlet 漏洞(CVE-2016-8207)
https://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2016-180.htm

PHP PEAR 1.10.1 - 漏洞(CVE-2017-5630)
https://www.seebug.org/vuldb/ssvid-92633

思科 ASR 1000 系列路由器阻斷服務漏洞 CVE-2017-3820
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-asrsnmp

瑞士佳樂能源監控設備存在高危漏洞
http://www.secpoint.com.cn/nd.jsp?id=31&_np=2_330

微軟視窗 Server Message Block SMBv3 阻斷服務漏洞
http://www.kb.cert.org/vuls/id/867968
https://isc.sans.edu/forums/diary/Windows+SMBv3+Denial+of+Service+Proof+of+Concept+0+Day+Exploit/22029/

Read on →

資安新聞及事件週報 2017/3/6 ~ 2017/3/10

1.重大弱點漏洞
Tenable Nessus 漏洞
http://securitytracker.com/id/1037887

IBM iNotes 漏洞
http://www-01.ibm.com/support/docview.wss?uid=swg21997010

Apache Struts2 遠端執行程式碼漏洞
http://www.cert.org.cn/publish/main/9/2017/20170307143036394110259/20170307143036394110259_.html

Symantec Endpoint Protection 多個漏洞
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170306_00

EXPLOITEE.RS 揭露WD MY CLOUD 系列NAS 存在安全漏洞
https://news.xfastest.com/wd/32237/exploitee-rs-wd-my-cloud-nas/

Read on →

資安新聞及事件週報 2016/10/31 ~ 2016/11/4

1.重大弱點漏洞:
CVE-2015-0665 Cisco AnyConnect Secure Mobility Client Multiple Security Vulnerabilities
http://www.0daybank.org/?p=2816

ISC BIND 阻斷服務漏洞
http://securitytracker.com/id/1037156

Palo Alto PAN-OS 多個漏洞
http://securitytracker.com/id/1037152
http://securitytracker.com/id/1037153

Oracle WebLogic Commons DiskFileItem Deserialization of Untrusted Data 漏洞
https://www.seebug.org/vuldb/ssvid-92515

Read on →

資安新聞及事件週報 2017/4/10 ~ 2017/4/14

1.重大弱點漏洞
Microsoft Office Word 版本之物件連結與嵌入(OLE) 存在零時差漏洞
http://www.nccst.nat.gov.tw/VulnerabilityDetail?lang=zh&seq=1056
http://www.ithome.com.tw/news/113340
https://www.cybersecurity-help.cz/vdb/SB2017040901
https://www.fireeye.com/blog/threat-research/2017/04/acknowledgement_ofa.html
https://securingtomorrow.mcafee.com/mcafee-labs/critical-office-zero-day-attacks-detected-wild
https://support.office.com/en-us/article/What-is-Protected-View-d6f09ac7-e6b9-4495-8e43-2bbcdbcb6653
http://thehackernews.com/2017/04/microsoft-word-zero-day.html

McAfee:駭客以零時攻擊程式入侵微軟系統漏洞,影響所有Office用戶
http://www.ithome.com.tw/news/113340

儘快安裝修補程式!微軟 Word 漏洞影響上百萬人
http://technews.tw/2017/04/12/word-zero-day-vulnerability-affect-millions-it-should-be-update-and-packed-immediately/

微軟發佈安全更新,其中包含Office零時差漏洞
https://technet.microsoft.com/en-us/security/bulletins.aspx
https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199-hta-handler.html

Openbsd 漏洞 CVE-2017-5850
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5850

NTP 漏洞 CVE-2017-6463
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6463

WebKitGTK+ Late TLS 漏洞
https://webkitgtk.org/security/WSA-2015-0002.html

AlienVault OSSIM和USM身份驗證繞過漏洞
https://www.alienvault.com/forums/discussion/7765/alienvault-v5-3-1-hotfix

Read on →

資安新聞及事件週報 2017/4/3 ~ 2017/4/7

1.重大弱點漏洞
VMware修補了被駭客競賽pwn2own攻陷的4個漏洞
http://www.ithome.com.tw/news/113171

Adobe Acrobat Force-Installed Vulnerable Chrome Extension
https://www.seebug.org/vuldb/ssvid-92859

技嘉兩款迷你準系統UEFI韌體遭爆有漏洞,有被植入勒贖軟體風險
http://www.ithome.com.tw/news/113231

Splunk 修復安全漏洞:誘導用戶訪問惡意網站,洩露個人信息
http://hackernews.cc/archives/8370

Splunk Enterprise 多個漏洞 CVE-2017-5607
http://securitytracker.com/
http://www.splunk.com/view/SP-CAAAPZ3

That sound you hear is Splunk leaking data
http://go.theregister.com/feed/www.theregister.co.uk/2017/04/03/that_sound_you_hear_is_splunk_leaking_data/

安全審計人員發現16項NTP安全漏洞
http://www.ifuun.com/a2017411559497/

Read on →

資安新聞及事件週報 2016/09/19 ~ 2016/09/23

1.重大弱點漏洞:
升級需謹慎,iOS 10又曝出重大漏洞
http://tech.fanpiece.com/leiphone/%E5%8D%87%E7%B4%9A%E9%9C%80%E8%AC%B9%E6%85%8E-iOS-10%E5%8F%88%E6%9B%9D%E5%87%BA%E9%87%8D%E5%A4%A7%E6%BC%8F%E6%B4%9E-c1245202.html

Cisco Firepower Management Center漏洞(CVE-2016-6394)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160907-fsmc

Mozilla 計劃下週二釋出更新修復中間人攻擊漏洞
http://www.solidot.org/story?sid=49711

IE又爆漏洞美國軍方網站遭遇雪人攻擊
http://online.ysbk0i.com/gwpj/21954.html

黑客可通過寶馬門戶網站漏洞篡改BMW車輛的設置
http://mini.eastday.com/a/160918163923884.html

Read on →

資安新聞及事件週報 2017/2/13 ~ 2017/2/17

1.重大弱點漏洞
TP-Link C2和C20i漏洞
https://pierrekim.github.io/blog/2017-02-09-tplink-c2-and-c20i-vulnerable.html

Oracle 多個產品存在安全性弱點
http://www.gsn-cert.nat.gov.tw/05-02-01-detail.php?cat=vul&chtip=HiNet-2017-0008

微軟視窗 GDI32.DLL 漏洞 CVE-2017-0038
http://securitytracker.com/id/1037845

Server Message Block (SMB)存在弱點威脅
http://www.gsn-cert.nat.gov.tw/05-02-01-detail.php?cat=event&chtip=HiNet-2017-0007

Read on →