中国政府により支援を受けたサイバー攻撃者によって頻繁に悪用されている上位の CVE (AA22-279A)
CISA, the NSA and FBI issue a joint advisory detailing the top 20 vulnerabilities exploited by state-sponsored threat actors linked to the People’s Republic of China....
CVE-2022-40684: FortiOS および FortiProxy における「緊急」の認証バイパスの脆弱性
Fortinet has patched a critical authentication bypass in its FortiOS and FortiProxy products that could lead to administrator access....
CVE-2022-41040、CVE-2022-41082: ProxyShell の亜種の悪用が確認される
Microsoft has confirmed reports of two zero-day vulnerabilities in Microsoft Exchange Server that have been exploited in the wild. Patches are not yet available....
AA22-257A: サイバーセキュリティ機関、イランのイスラム革命防衛隊関連の攻撃に関する勧告を共同で発行
Several global cybersecurity agencies publish a joint advisory detailing efforts by Iranian-government sponsored threat actors exploiting vulnerabilities to enable ransomware attacks....
CVE-2022-40139: Trend Micro Apex One における脆弱性の悪用が確認される
Trend Micro has patched six vulnerabilities in its Apex One on-prem and software-as-a-service products, one of which has been exploited in the wild....
マイクロソフト、2022 年 9 月の月例セキュリティ更新プログラムで 62 件の CVE に対応 (CVE-2022-37969)
Microsoft addresses 62 CVEs in its September 2022 Patch Tuesday release, including five critical flaws....
ランサムウェア対策: 事業は自然災害同様の備えをしておく必要がある
As ransomware has cemented itself as one of the biggest cybersecurity threats to companies around the globe, it has become increasingly important that organizations treat ransomware attacks like they would a natural disaster and establish a robust preparedness plan....
マイクロソフトの 2022 年 8 月月例更新プログラム、118 件の脆弱性に対処 (CVE-2022-34713)
Microsoft addresses 118 CVEs in its August 2022 Patch Tuesday release, including 17 critical flaws....
CVE-2022-31656: VMware、複数の製品における複数の脆弱性にパッチを適用 (VMSA-2022-0021)
VMware has patched another set of serious vulnerabilities across multiple products including VMware Workspace ONE Access. Organizations should patch urgently given past activity targeting vulnerabilities in VMware products....
ランサムウェアのエコシステム: 名声と富を求める
The key players within the ransomware ecosystem, including affiliates and initial access brokers, work together cohesively like a band of musicians, playing their respective parts as they strive for fame and fortune....
オラクル、2022 年 7月 「Critical Patch Update」で 188 件の CVE を修正
Oracle addresses 188 CVEs in its third quarterly update of 2022 with 349 patches, including 66 critical updates....
Microsoft の 2022 年 7 月月例セキュリティ更新プログラム、84 件の CVE を修正 (CVE-2022-22047)
Microsoft addresses 84 CVEs in its July 2022 Patch Tuesday release, including four critical flaws and one zero day that has been exploited in the wild....