オラクル、2022 年 1 月クリティカルパッチアップデートで 266 件の脆弱性を修正
Oracle addresses 266 CVEs in its first quarterly update of 2022 with 497 patches, including 25 critical updates. Background On January 18, Oracle released its Critical Patch Update (CPU) for January 2022, the first quarterly update of the year. This CPU contains fixes for 266 CVEs in 497 security...
CVE-2021-44757: ZoHo、ManageEngine Desktop Central における認証バイパスの脆弱性を修正
ZoHo patches authentication bypass in ManageEngine Desktop Central that could allow attackers to write arbitrary zip files to the server. Background On January 17, ZoHo issued an advisory and patches for CVE-2021-44757, a critical authentication bypass in its ManageEngine Desktop Central and Manag...
マイクロソフト、2022 年 1 月の月例セキュリティ更新プログラムで 97 件の CVE を修正((CVE-2022-21907)
Microsoft addresses 97 CVEs in its January 2022 Patch Tuesday release, including four zero-day vulnerabilities that were publicly disclosed but not exploited in the wild. 9Critical 88Important 0Moderate 0Low Update January 13: The Solutions section has been updated to reflect th...
CVE-2021-44228、CVE-2021-45046、CVE-2021-4104: Log4Shell 関連の脆弱性についてよくある質問
A list of frequently asked questions related to Log4Shell and associated vulnerabilities....
マイクロソフト 2021 年 12 月月例セキュリティ更新プログラム、67 件の CVE を修正 (CVE-2021-43890)
Microsoft addresses 67 CVEs in its December 2021 Patch Tuesday release, including a zero-day vulnerability that has been exploited in the wild....
Apache Log4j における非常に深刻な脆弱性を悪用する攻撃が見つかる
Organizations around the world will be dealing with the long-tail consequences of this vulnerability, known as Log4Shell, for years to come....
Apache Log4j の脆弱点でサードパーティのソフトウェアが焦点に
Even in the most mature organizations, addressing the issue, also known as Log4Shell, requires a complex mix of software development practices, vulnerability management and web application scanning....
CVE-2021-44228: Apache Log4j における深刻なリモートコード実行の脆弱性の概念実証 (Log4Shell) が公開される
非常に多くのシステムで使用されているログライブラリである Log4j2 における深刻な脆弱性は、Minecraft、Steam、Apple iCloud などの多くのサービスとアプリケーションに影響を及ぼしています。Attackers have begun actively scanning for and attempting to exploit the flaw....
CVE-2021-41773: Apache HTTP Serverにおけるパストラバーサルのゼロデイ脆弱性の悪用が確認される
The Apache HTTP Server Project patched a path traversal vulnerability introduced less than a month ago that has been exploited in the wild.Update October 7: The Solution section has been updated to reflect the secondary fix the Apache HTTP Server Project released.BackgroundOn October 5, the Apache H...
CVE-2021-38647 (OMIGOD): Azure Linux 仮想マシンにおける「緊急」なリモートコード実行の脆弱性
Agents installed by default on Azure Linux virtual machines are vulnerable to a remote code execution flaw that can be exploited with a single request. Background On September 14, researchers at Wiz disclosed a set of four vulnerabilities in Microsoft’s Open Management Infrastructure (OMI), an ope...
CVE-2021-34527: Microsoft、Windows のプリントスプーラーの PrintNightmare 脆弱性対応の緊急パッチ公開
Microsoft issues an out-of-band patch for critical ‘PrintNightmare’ vulnerability following reports of in-the-wild exploitation and publication of multiple proof-of-concept exploit scripts Update July 9, 2021: The Solution section has been updated to clarify the vulnerable configurations as well as...
イーロン・マスク氏と YouTube 広告詐欺: 暗号通貨関連の動画で SpaceX と称する偽コイン販促に勧誘
Scammers are on pace to steal nearly $1 million USD from unsuspecting users through a popular decentralized finance protocol, Uniswap, by abusing YouTube to promote a fake SpaceX coin as part of ads appearing before and during cryptocurrency videos.BackgroundIn early May, scammers compromised Twitte...