CVE-2022-28219: Zoho ManageEngine ADAuditPlus における未認証リモートコード実行の脆弱性に対する概念実証が公開される
New information and technical details, including a proof-of-concept have been published for a remote code execution flaw in Zoho ManageEngine ADAudit Plus that was patched last month. ...
Forescout の「OT: ICEFALL」、オペレーショナルテクノロジーの設計上の脆弱性状態を調査
The latest research from Forescout’s Vedere Labs explores the state of risk management in operational technology through the lens of 56 insecure-by-design vulnerabilities....
ランサムウェアのエコシステム: 画面ロックから企業に数百万ドルの損害を与えるランサムウェア犯罪集団まで
Ransomware is a constantly evolving cyberthreat, and it is through its evolution that ransomware has managed to not only survive, but thrive....
CVE-2022-27511、CVE-2022-27512: Citrix、Application Delivery Management における 2 件の脆弱性を修正
Citrix patches a “nasty bug” in its Application Delivery Management solution that is difficult to exploit....
Microsoft の 2022 年 6 月月例セキュリティ更新プログラム、55 件の CVE を修正 (CVE-2022-30190)
Microsoft addresses 55 CVEs in its June 2022 Patch Tuesday release, including three critical flaws....
CVE-2022-26134: Atlassian Confluence Server と Data Center のゼロデイ脆弱性の悪用が確認される
A critical vulnerability in Atlassian Confluence Server and Data Center has been exploited in the wild by multiple threat actors. Organizations should review and implement mitigation guidance until a patch becomes available....
CVE-2022-30190: マイクロソフト サポート診断ツール (MSDT) のゼロデイ・ゼロクリック脆弱性の悪用が確認される
Microsoft confirms remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool that has been exploited in the wild since at least April....
Twitter の暗号通貨詐欺:Bored Ape Yacht Club、Azuki、その他のプロジェクトが NFT や暗号通貨を盗むために偽装される
Scammers are using verified and unverified accounts to impersonate notable NFT projects like Bored Ape Yacht Club and others, tagging Twitter users to drive them to phishing websites....
CVE-2022-22972: VMware、Workspace ONE Access における追加の脆弱性にパッチを適用 (VMSA-2022-0014)
Organizations and government agencies are strongly advised to patch two newly disclosed vulnerabilities in VMware products, following warnings from VMware and the Cybersecurity and Infrastructure Security Agency....
マイクロソフトの 2022 年 5 月月例セキュリティ更新プログラム、55 件の CVE を修正 (CVE-2022-26925)
Microsoft addresses 73 CVEs in its May 2022 Patch Tuesday release, including two zero-day vulnerabilities, one of which was exploited in the wild....
CVE-2022-1388: F5BIG-IP における認証回避の脆弱性
CVE-2022-1388: Authentication Bypass in F5 BIG-IP F5 patched an authentication bypass in its BIG-IP product family that could lead to arbitrary command execution. This vulnerability is actively being exploited. Update May 10: The Identifying Affected Systems section now reflect...
Log4Shell に対するホットパッチにより Amazon Web Services に脆弱性が生じる
Log4Shell のホットパッチにより、Amazon Web Services に複数の脆弱性が生じました。Amazon Web Services は、12 月の Log4Shell の脆弱性に対してリリースされたホットパッチにより導入された脆弱性を修正しました。Background On April 19, researchers with Palo Alto’s Unit...