クラウド セキュリティ、脆弱性管理、EASM、Web アプリセキュリティなどに関する 2022 年の主要データ
As 2022 ends, we highlight important data points that shine a light on the trends, challenges and best practices that matter to cybersecurity leaders eager to boost their exposure management and reduce their organizations’ cyber risk.
CVE-2022-47939: Linux カーネルにおける「緊急」の RCE 脆弱性
A critical remote code execution vulnerability in the Linux kernel has been publicly disclosed by Trend Micro's Zero Day Initiative in its ZDI-22-1690 advisory. The vulnerability has been given a CVSSv3 of 10.0. There are no reports of active exploitation.
Tenable による 2023 年の 6 つの予測
2022 年の年末を迎え Tenable の専門家に来年の見通しについて尋ねました。 情勢を分析した結果、恐喝攻撃、OT セキュリティ、SaaS の脅威、メタバースのリスクなどの動向が予想されています。
長期にわたり月例セキュリティ更新プログラムがサイバーセキュリティに与えた影響
Dive into the history of Patch Tuesday and learn how it continues to influence the ways security teams manage patches.
CVE-2022-37958: Microsoft SPNEGO NEGOEX における「緊急」の脆弱性に関するよくある質問
Microsoft recently reclassified a vulnerability in SPNEGO NEGOEX, originally patched in September, after a security researcher discovered that it can lead to remote code execution. Organizations are urged to apply these patches as soon as possible.
クラウドネイティブなアプリケーション保護プラットフォーム (CNAPP): An Evolving Approach to Cloud Security
A look at how IAM works and how CIEM enhances IAM security in the cloud.
Your Guide to IAM – and IAM Security in the Cloud
A look at how IAM works and how CIEM enhances IAM security in the cloud.
メタバースの監視、AI と ML のセキュリティ対策、Daixin の医療機関に対する脅威、統合サイバー プラットフォームへの移行
To help you zap those Monday blahs, here’s a caffeinated shot of cyber news you can use: Police chiefs must get hip to the metaverse. CISOs are shifting to integrated cybersecurity platforms. There's new guidance for securing ML and AI systems. Hospitals face a ransomware threat from the Daixin…
フィッシング詐欺、給与動向、メタバースのリスク、Log4J に関する調査
Get the latest on worrisome phishing stats; businesses’ embrace of the metaverse, come what may; a (small) improvement in CISO job stability; the compensation cost of security leaders; and more!
マイクロソフト 2022 年 12 月月例セキュリティ更新プログラム、47 件の CVE を修正 (CVE-2022-44698)
Microsoft addresses 48 CVEs including two zero-day vulnerabilities, one that has been exploited in the wild (CVE-2022-44698) and one that was publicly disclosed prior to a patch being available (CVE-2022-44710).
CVE-2022-27518: Citrix ADC および Gateway における脆弱性により認証を必要とせずにリモートからのコード実行が可能
Citrix has patched a critical remote code execution vulnerability in its Gateway and ADC products. This vulnerability has reportedly been exploited as a zero day; organizations should patch urgently.
IT サービス プロバイダーと MSP のサイバーセキュリティ対策を評価する
Improperly evaluating the cybersecurity capabilities of prospective IT service providers and managed service providers (MSPs) can put your organization's data and systems at risk. A new guide from CompTIA can help you ask the right questions.