Your posts match “ 資安新聞及事件週報 ” tag:

資安新聞及事件週報 2016/11/21 ~ 2016/11/25

1.重大弱點漏洞:
Wireshark DTN解析器拒絕服務漏洞(CVE-2016-9375)
https://www.wireshark.org/security/wnpa-sec-2016-62.html

Cisco AsyncOS遠程安全限制繞過漏洞(CVE-2016-6458)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-esa

Norton 及 Symantec 企業版產品遠端執行程式碼漏洞 CVE-2016-5311
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20161117_00

VMware 產品遠端執行程式碼漏洞 CVE-2016-7461
https://www.us-cert.gov/ncas/current-activity/2016/11/14/VMWare-Releases-Security-Updates

思科產品多個漏洞
https://www.auscert.org.au/render.html?it=41102
https://www.auscert.org.au/render.html?it=41118

Read on →

資安新聞及事件週報 2016/11/28 ~ 2016/12/02

1.重大弱點漏洞:
微軟Azure漏洞讓RedHat映象檔安全拉警報
http://www.ithome.com.tw/news/109861

Mozilla與Tor修補瀏覽器上同一個零時差漏洞
http://www.ithome.com.tw/news/109967

虛擬化漏洞呈增長趨勢VMware發布一批漏洞公告
http://www.twoeggz.com/news/2601316.html

Netis 路由器後門漏洞最新發展
http://blog.trendmicro.com.tw/?p=37089

Paloaltonetworks Pan OS CVE-2016-9150
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9150

Network Time Protocol Daemon 存在阻斷服務等多個安全性弱點
http://nwtime.org/ntp428p9_release/
http://www.kb.cert.org/vuls/id/633847

NTP漏洞可致Windows系統觸發DoS
http://www.weidu8.net/wx/1009148014236920

Read on →

資安新聞及事件週報 2016/12/5 ~ 2016/12/9

1.重大弱點漏洞
坊間攻擊套件鎖定的10大安全漏洞,Flash就佔了6個
http://www.ithome.com.tw/news/110073

IBM FileNet Workplace XT 漏洞 CVE-2016-8921
http://www-01.ibm.com/support/docview.wss?uid=swg21994018

IBM QRadar SIEM 漏洞 CVE-2016-2876
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2876

Network Time Protocol Daemon 存在阻斷服務等多個安全性弱點
http://www.gsn-cert.nat.gov.tw/05-02-01-detail.php?cat=vul&chtip=HiNet-2016-0123

Read on →

資安新聞及事件週報 2016/12/12 ~ 2016/12/16

1.重大弱點漏洞
Eioneus系統公司發現印度UAN網站嚴重的安全漏洞
https://95cnweb.com/233.html

安全研究人員發現攻擊套件最喜Flash Player安全漏洞
http://www.qingpingshan.com/pc/aq/175778.html

MySQL現高危漏洞,可致服務器root權限被竊取
http://www.geeker.hk/?post=647

Adobe修補17個Flash漏洞,包含已被攻擊的零時差漏洞
http://www.ithome.com.tw/news/110321

密碼管理軟件Teampass 存在未授權SQL 注入漏洞
http://study.rnuomi.com/open0day/2016121340614.html

McAfee 修復企業版Linux 殺毒軟件遠程代碼執行漏洞,可獲得Root 權限
http://hackernews.cc/archives/3591

Read on →

資安新聞及事件週報 2016/12/19 ~ 2016/12/23

1.重大弱點漏洞
Ubuntu崩潰報告工具存在遠程代碼執行漏洞
http://bobao.360.cn/learning/detail/3305.html

Fedora 和Ubuntu 曝出0day 漏洞
https://kknews.cc/tech/l8e5erz.html

Apache HTTPD 多個漏洞 CVE-2016-0736 CVE-2016-2161 CVE-2016-8743
http://securitytracker.com/id/1037508

OpenSSH曝最新遠程命令執行漏洞CVE-2016-10009
http://www.kangddos.com/6806.html

思科產品多個漏洞 CVE-2016-6474 CVE-2016-6467
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuv89417
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCva84552

Read on →

資安新聞及事件週報 2016/12/26 ~ 2016/12/30

1.重大弱點漏洞
Xen 安全漏洞 CVE-2016-10024
http://xenbits.xen.org/xsa/advisory-202.html

2016年Exploit Kits漏洞TOP 10分析
http://www.freebuf.com/vuls/123328.html

cURL 繞過保安限制漏洞CVE-2016-9594
http://securitytracker.com/id/1037528

Unrestricted File Upload Testing
https://www.aptive.co.uk/blog/unrestricted-file-upload-testing/

VMware ESXi 安全漏洞 CVE-2016-7463
http://www.vmware.com/security/advisories/VMSA-2016-0023.html

Read on →

資安新聞及事件週報 2017/1/2 ~ 2017/1/6

1.重大弱點漏洞
多款IBM Rational產品漏洞
https://www-01.ibm.com/support/docview.wss?uid=swg21996097

PHP7曝出三個高危0-day漏洞,還有一個仍未修復
http://www.freebuf.com/news/124159.html

Kaspersky 防毒產品多個漏洞
https://support.kaspersky.com/vulnerability.aspx?el=12430#281216

Apple IOS 訊息程式 VCF 處理漏洞
http://securitytracker.com/id/1037540

Google修補Pixel前相機可被追蹤的隱私漏洞
http://www.ithome.com.tw/news/110748

Read on →

資安新聞及事件週報 2017/1/9 ~ 2017/1/13

1.重大弱點漏洞
Joomla! aWeb Cart Watching System for Virtuemart擴展SQL漏洞 CVE-2016-10114
https://vel.joomla.org/resolved/1897-aweb-cart-watching-system-2-6-0

多個F5 BIG-IP產品拒絕服務漏洞 CVE-2016-7476
http://www.securityfocus.com/bid/94353

VMware vRealize Operations Vsphere Data Protection CVE-2016-7457 CVE-2016-7462 CVE-2016-7456
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7457
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7462
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7456

Zend-Mail存在允許攻擊者遠端執行任意程式碼之漏洞(CVE-2016-10034)
http://www.nccst.nat.gov.tw/VulnerabilityDetail?lang=zh&seq=1050

SwiftMailer存在允許攻擊者遠端執行任意程式碼之漏洞(CVE-2016-10074)
http://www.nccst.nat.gov.tw/VulnerabilityDetail?lang=zh&seq=1049

Read on →

資安新聞及事件週報 2017/1/16 ~ 2017/1/20

1.重大弱點漏洞
icoutils 安全漏洞 CVE-2017-5332
http://www.securityfocus.com/bid/95380

Adobe Flash Player 漏洞 CVE-2017-2930
https://helpx.adobe.com/security/products/flash-player/apsb17-02.html

python-pysaml2 安全漏洞 CVE-2016-10127
https://github.com/rohe/pysaml2/commit/6e09a25d9b4b7aa7a506853210a9a14100b8bc9b

GnuTLS 緩衝區錯誤漏洞 CVE-2017-5336
https://gnutls.org/security.html#GNUTLS-SA-2017-1

Symantec 產品遠端執行程式碼漏洞 CVE-2016-6592
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170117_00#_MITIGATION

Read on →

資安新聞及事件週報 2017/1/23 ~ 2017/1/27

1.重大弱點漏洞
Tenda ADSL2/2+ Modem D840R - Unauthenticated DNS Change
https://www.exploit-db.com/exploits/41078/

Juniper Junos漏洞
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10770&actp=RSS
http://www.ithome.com.tw/news/111426

已修補的Linux Systemd v288漏洞被低估,駭客可取得最高權限
http://www.ithome.com.tw/news/111529

Aggressive SQL Injection Activity
https://exchange.xforce.ibmcloud.com/collection/Aggressive-SQL-Injection-Activity-342551c67e22ea041f8fbbc630358f19

IE ODay漏洞來掛馬
http://www.weixianmanbu.com/article/1332.html

Read on →

資安新聞及事件週報 2017/1/30 ~ 2017/2/3

1.重大弱點漏洞
Brocade Network Advisor CliMonitorReportServlet 漏洞(CVE-2016-8207)
https://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2016-180.htm

PHP PEAR 1.10.1 - 漏洞(CVE-2017-5630)
https://www.seebug.org/vuldb/ssvid-92633

思科 ASR 1000 系列路由器阻斷服務漏洞 CVE-2017-3820
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-asrsnmp

瑞士佳樂能源監控設備存在高危漏洞
http://www.secpoint.com.cn/nd.jsp?id=31&_np=2_330

微軟視窗 Server Message Block SMBv3 阻斷服務漏洞
http://www.kb.cert.org/vuls/id/867968
https://isc.sans.edu/forums/diary/Windows+SMBv3+Denial+of+Service+Proof+of+Concept+0+Day+Exploit/22029/

Read on →

資安新聞及事件週報 2017/2/13 ~ 2017/2/17

1.重大弱點漏洞
TP-Link C2和C20i漏洞
https://pierrekim.github.io/blog/2017-02-09-tplink-c2-and-c20i-vulnerable.html

Oracle 多個產品存在安全性弱點
http://www.gsn-cert.nat.gov.tw/05-02-01-detail.php?cat=vul&chtip=HiNet-2017-0008

微軟視窗 GDI32.DLL 漏洞 CVE-2017-0038
http://securitytracker.com/id/1037845

Server Message Block (SMB)存在弱點威脅
http://www.gsn-cert.nat.gov.tw/05-02-01-detail.php?cat=event&chtip=HiNet-2017-0007

Read on →

資安新聞及事件週報 2017/2/20 ~ 2017/2/24

1.重大弱點漏洞
OpenSSL 存在安全性弱點
https://www.us-cert.gov/ncas/current-activity/2017/02/16/OpenSSL-Releases-Security-Update
https://www.openssl.org/news/secadv/20170216.txt
https://blog.ucloud.cn/archives/1849

Trend Micro InterScan Web Security Virtual Appliance 多個漏洞
http://success.trendmicro.com/solution/1116672

TP-Link 兩款路由器有漏洞 黑客可於遠程執行程式碼導致 DoS
https://unwire.pro/2017/02/17/tp-link-routers-vulnerable/security/

資安業者:Android for Work含有兩個中間程式攻擊漏洞
http://times.hinet.net/news/20030360

Read on →

資安新聞及事件週報 2017/2/27 ~ 2017/3/3

1.重大弱點漏洞
多款TP-Link路由器存在多個漏洞
https://pierrekim.github.io/blog/2017-02-09-tplink-c2-and-c20i-vulnerable.html

Java、Python安全漏洞可能讓攻擊者繞過防火牆
http://www.ithome.com.tw/news/112310

Linux kernel tcp_splice_read 漏洞(CVE-2017-6214)
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ccf7abb93af09ad0868ae9033d1ca8108bdaec82

Drupal Facebook Pull 漏洞
https://www.drupal.org/node/2850873

IBM WebSphere Application Server 多個漏洞
https://www.ibm.com/support/docview.wss?uid=swg21998379

Read on →

資安新聞及事件週報 2017/3/6 ~ 2017/3/10

1.重大弱點漏洞
Tenable Nessus 漏洞
http://securitytracker.com/id/1037887

IBM iNotes 漏洞
http://www-01.ibm.com/support/docview.wss?uid=swg21997010

Apache Struts2 遠端執行程式碼漏洞
http://www.cert.org.cn/publish/main/9/2017/20170307143036394110259/20170307143036394110259_.html

Symantec Endpoint Protection 多個漏洞
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170306_00

EXPLOITEE.RS 揭露WD MY CLOUD 系列NAS 存在安全漏洞
https://news.xfastest.com/wd/32237/exploitee-rs-wd-my-cloud-nas/

Read on →

資安新聞及事件週報 2017/3/13 ~ 2017/3/17

1.重大弱點漏洞
A10 AX1030 漏洞
https://www.a10networks.com/blog/cve-2016-0270-gcm-nonce-vulnerability

Linux修補了存在已有7年的可擴張使用者權限漏洞
http://www.ithome.com.tw/news/112816

D-Link 路由器多個漏洞 CVE-2017-3191 CVE-2017-3192 CVE-2017-3193
http://www.kb.cert.org/vuls/id/305448
http://www.kb.cert.org/vuls/id/553503

IBM WebSphere Application 伺服器權限提升漏洞 CVE-2017-1151
http://securitytracker.com/id/1037984
http://www-01.ibm.com/support/docview.wss?uid=swg21999293

VMware 產品遠端程式碼執行漏洞 CVE-2017-4901
https://www.us-cert.gov/ncas/current-activity/2017/03/14/VMware-Releases-Security-Updates
http://www.vmware.com/security/advisories/VMSA-2017-0005.html

Veritas Netbackup appliance CVE-2017-6403 CVE-2017-6409
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6403
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6409

Read on →

資安新聞及事件週報 2017/3/20 ~ 2017/3/24

1.重大弱點漏洞
3秒攻破Adobe公司閱讀器 挖出蘋果系統「骨灰級」漏洞
http://news.sina.com.tw/article/20170318/21148926.html

ASUS RT-AC53漏洞 CVE-2017-6548 CVE-2017-6549
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6548
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6549

D-Link DI-524 漏洞 CVE-2017-5633
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5633

IBM QRadar Security Information and Event Manager漏洞 CVE-2016-9726 CVE-2016-9727 CVE-2016-9740
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9727
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9740

Netgear Dgn2200 series firmware 漏洞 CVE-2017-6334
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6334

Read on →

資安新聞及事件週報 2017/3/27 ~ 2017/3/31

1.重大弱點漏洞
Cisco AsyncOS 漏洞
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-wsa

NTP拒絕服務漏洞(CVE-2016-9042)
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9042

Trend_Micro Endpoint_Sensor漏洞 CVE-2017-6798
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6798

Mikrotik Router hap lite firmware 漏洞 CVE-2017-6444
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6444

Read on →

資安新聞及事件週報 2017/4/3 ~ 2017/4/7

1.重大弱點漏洞
VMware修補了被駭客競賽pwn2own攻陷的4個漏洞
http://www.ithome.com.tw/news/113171

Adobe Acrobat Force-Installed Vulnerable Chrome Extension
https://www.seebug.org/vuldb/ssvid-92859

技嘉兩款迷你準系統UEFI韌體遭爆有漏洞,有被植入勒贖軟體風險
http://www.ithome.com.tw/news/113231

Splunk 修復安全漏洞:誘導用戶訪問惡意網站,洩露個人信息
http://hackernews.cc/archives/8370

Splunk Enterprise 多個漏洞 CVE-2017-5607
http://securitytracker.com/
http://www.splunk.com/view/SP-CAAAPZ3

That sound you hear is Splunk leaking data
http://go.theregister.com/feed/www.theregister.co.uk/2017/04/03/that_sound_you_hear_is_splunk_leaking_data/

安全審計人員發現16項NTP安全漏洞
http://www.ifuun.com/a2017411559497/

Read on →

資安新聞及事件週報 2017/4/10 ~ 2017/4/14

1.重大弱點漏洞
Microsoft Office Word 版本之物件連結與嵌入(OLE) 存在零時差漏洞
http://www.nccst.nat.gov.tw/VulnerabilityDetail?lang=zh&seq=1056
http://www.ithome.com.tw/news/113340
https://www.cybersecurity-help.cz/vdb/SB2017040901
https://www.fireeye.com/blog/threat-research/2017/04/acknowledgement_ofa.html
https://securingtomorrow.mcafee.com/mcafee-labs/critical-office-zero-day-attacks-detected-wild
https://support.office.com/en-us/article/What-is-Protected-View-d6f09ac7-e6b9-4495-8e43-2bbcdbcb6653
http://thehackernews.com/2017/04/microsoft-word-zero-day.html

McAfee:駭客以零時攻擊程式入侵微軟系統漏洞,影響所有Office用戶
http://www.ithome.com.tw/news/113340

儘快安裝修補程式!微軟 Word 漏洞影響上百萬人
http://technews.tw/2017/04/12/word-zero-day-vulnerability-affect-millions-it-should-be-update-and-packed-immediately/

微軟發佈安全更新,其中包含Office零時差漏洞
https://technet.microsoft.com/en-us/security/bulletins.aspx
https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199-hta-handler.html

Openbsd 漏洞 CVE-2017-5850
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5850

NTP 漏洞 CVE-2017-6463
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6463

WebKitGTK+ Late TLS 漏洞
https://webkitgtk.org/security/WSA-2015-0002.html

AlienVault OSSIM和USM身份驗證繞過漏洞
https://www.alienvault.com/forums/discussion/7765/alienvault-v5-3-1-hotfix

Read on →