CVE-2023-33299: FortiNAC における「緊急」なリモートコード実行の脆弱性
Fortinet has released a patch fixing a remote code execution vulnerability in several versions of FortiNAC
MOVEit Transfer の脆弱性と Cl0p ランサムウェアギャングに関するよくある質問
活動のさかんな CL0P ランサムウェアハッカー集団によって悪用された脆弱性など、MOVEit Transfer の脆弱性に関する FAQ をご紹介します。
CVE-2023-20887: VMware Aria Operations for Networks におけるコマンド インジェクションの脆弱性
VMware issues advisory to address three flaws in its VMware Aria Operations for Networks solution, including a critical command injection flaw assigned a CVSSv3 score of 9.8.
Microsoft の 2023 年 6 月月例セキュリティ更新プログラム、70 件の CVE を修正 (CVE-2023-29357)
Microsoft addresses 70 CVEs in its June 2023 Patch Tuesday update including six rated as critical.
CVE-2023-27997: Fortinet FortiOS および FortiProxy SSL-VPN (XORtigate) におけるヒープベースのバッファ オーバーフローの脆弱性
Fortinet says a critical flaw in its SSL-VPN product may have been exploited in the wild in a limited number of cases. Organizations are strongly encouraged to apply these patches immediately.
CVE-2023-34362: MOVEIt Transfer における「緊急」なゼロデイ脆弱性の悪用が確認される
Discovery of a new zero-day vulnerability in MOVEit Transfer becomes the second zero-day disclosed in a managed file transfer solution in 2023, with reports suggesting that threat actors have stolen data from a number of organizations.
Volt Typhoon: 国際サイバーセキュリティ当局、中国の国家支援型サイバー攻撃集団に関連する活動の詳細を発表
Several international cybersecurity authorities from the United States, United Kingdom, Australia, Canada and New Zealand issue a joint advisory detailing tactics, techniques and procedures used in recent attacks by a Chinese state-sponsored threat actor.
米豪のセキュリティ機関、ランサムウェア「BianLian」に関する勧告を共同でリリース
The FBI, ACSC and CISA have released a joint cybersecurity advisory discussing the BianLian ransomware group.
マイクロソフトの 2023 年 5 月月例セキュリティ更新プログラム、38 件の CVE を修正 (CVE-2023-29336)
Microsoft addresses 38 CVEs including three zero-day vulnerabilities, two of which were exploited in the wild.
CVE-2023-20864: VMware Aria Operations for Logs のデシリアライゼーションの脆弱性
VMware issues advisory to address two flaws in its VMware Aria Operations for Logs solution, including a critical deserialization flaw assigned a CVSSv3 score of 9.8.
オラクル、2023 年 4月 「Critical Patch Update」で 231 件の CVE を修正
Oracle addresses 231 CVEs in its second quarterly update of 2023 with 433 patches, including 74 critical updates.
マイクロソフトの 2023 年 4 月月例セキュリティ更新プログラム: 97 件の CVE を修正 (CVE-2023-28252)
Microsoft addresses 97 CVEs, including one that was exploited in the wild as a zero day.
営業チームに問い合わせる