マイクロソフト 2024 年 10 月月例セキュリティ更新プログラム、117 件の CVE に対応 (CVE-2024-43572、CVE-2024-43573)
Microsoft addresses 117 CVEs with three rated as critical and four zero-day vulnerabilities, two of which were exploited in the wild.
CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, CVE-2024-47177: Common UNIX Printing System (CUPS) の脆弱性に関するよくある質問
Frequently asked questions about multiple vulnerabilities in the Common UNIX Printing System (CUPS) that were disclosed as zero-days on September 26.
マイクロソフト、2024 年 9 月の月例セキュリティ更新プログラムで 79 件の CVE に対応 (CVE-2024-43491)
Microsoft addresses 79 CVEs with seven critical vulnerabilities and four zero-day vulnerabilities, including three that were exploited in the wild.
CVE-2021-20123、CVE-2021-20124: Tenable Research が発見した DrayTek の脆弱性が CISA の既知の悪用された脆弱性カタログ (KEV) に追加されたことについて
With patches out for three years, attackers have set their sights on a pair of vulnerabilities affecting DrayTek VigorConnect.
AA24-241A : 米国組織を標的とするイランのサイバー攻撃者に関するサイバーセキュリティ共同勧告
A joint Cybersecurity Advisory highlights Iran-based cyber actor ransomware activity targeting U.S. organizations. The advisory includes CVEs exploited, alongside techniques, tactics and procedures used by the threat actors.
CVE-2024-7593: Ivanti Virtual Traffic Manager における認証バイパスの脆弱性
Ivanti released a patch for a critical severity authentication bypass vulnerability and a warning that exploit code is publicly available
マイクロソフトの2024年8月月例更新プログラム、88 件の脆弱性に対処
Microsoft addresses 88 CVEs with seven critical vulnerabilities and 10 zero-day vulnerabilities, six of which were exploited in the wild.
CVE-2024-20419: Cisco Smart Software Manager オンプレミスにおけるパスワード変更の脆弱性
Critical vulnerability in Cisco Smart Software Manager On-Prem exposes systems to unauthorized password changes, exploit code now available.BackgroundOn July 17, 2024, Cisco published an advisory for a critical vulnerability in Cisco’s Smart Software Manager On-Prem (SSM On-Prem)…
オラクル、2024 年 7 月のクリティカルパッチアップデートで 175 件の脆弱性を修正
Oracle addresses 175 CVEs in its third quarterly update of 2024 with 386 patches, including 26 critical updates.
Microsoft’s July 2024 Patch Tuesday Addresses 138 CVEs (CVE-2024-38080, CVE-2024-38112)
Microsoft addresses 138 CVEs in its July 2024 Patch Tuesday release, with five critical vulnerabilities and three zero-day vulnerabilities, two of which were exploited in the wild.
CVE-2024-5806: Progress MOVEit Transfer における認証バイパスの脆弱性
Progress Software has patched a high severity authentication bypass in the MOVEit managed file transfer (MFT) solution. As MOVEit has been a popular target for ransomware gangs and other threat actors, we strongly recommend prioritizing patching of this vulnerability.
CVE-2024-28995: SolarWinds Serv-U のパス/ディレクトリトラバーサルの脆弱性の悪用が確認される
Following the publication of proof-of-concept exploit details for a high-severity flaw in SolarWinds Serv-U, researchers have observed both automated and manual in-the-wild exploitation attempts; patching is strongly advised.
営業チームに問い合わせる