オラクル、2024 年 4月 「Critical Patch Update」で 239 件の CVE を修正
Oracle addresses 239 CVEs in its second quarterly update of 2024 with 441 patches, including 38 critical updates....
CVE-2024-3400: Palo Alto Networks の PAN-OS GlobalProtect Gateway のゼロデイ脆弱性の悪用が確認される
A critical severity command injection vulnerability in Palo Alto Networks PAN-OS has been exploited in limited targeted attacks. While a fix is not yet available, patches are expected to be released on April 14 and mitigation steps are available....
マイクロソフトの 2024 年 4 月月例セキュリティ更新プログラム: 147 件の CVE を修正 (CVE-2024-29988)
Microsoft addresses 147 CVEs in its April 2024 Patch Tuesday release with three critical vulnerabilities and no zero-day or publicly disclosed vulnerabilities....
XZ Utils に仕込まれたバックドアの脆弱性 CVE-2024-3094 に関するよくある質問
Frequently asked questions about CVE-2024-3094, a supply-chain attack responsible for a backdoor in XZ Utils, a widely used library found in multiple Linux distributions....
CVE-2023-48788: Fortinet FortiClientEMS における「緊急」の SQL インジェクションの脆弱性
Fortinet warns of a critical SQL Injection vulnerability that could allow an unauthenticated attacker to execute arbitrary code on vulnerable FortiClientEMS software....
マイクロソフトの 2024 年 3 月月例セキュリティ更新プログラム 59 件の CVE を修正 (CVE-2024-21407)
Microsoft addresses 59 CVEs in its March 2024 Patch Tuesday release with no zero-day or publicly disclosed vulnerabilities....
CVE-2024-27198、CVE-2024-27199: JetBrains TeamCity の 2 つの認証バイパスにおける脆弱性
Two vulnerabilities with publicly available exploit code in JetBrains TeamCity on-premises software could result in attackers bypassing authentication and achieving code execution....
ScreenConnect における脆弱性に関するよくある質問
Frequently asked questions about two vulnerabilities affecting ConnectWise ScreenConnect...
豚殺し詐欺: Tinder、TikTok、WhatsApp、Telegram などを悪用した長期詐欺が数億ドルを盗取
本稿は、豚殺し詐欺を解説した 2 部構成のブログの第 1 部です。世界で何万人もの人に被害を与え、数億ドルの損失が生じた犯罪について解説し、This blog highlights the who and the how of Pig butchering scams, and details the Pig butchering playboo...
豚殺し詐欺: ビットコイン、イーサリアム、ライトコイン、金スポット (XAUUSD) 投資が恋愛詐欺に悪用されて数億ドルの被害に
本稿は、2022 年末から 2024 年初旬まで実施した豚殺し詐欺の直接調査の内容を 2 部構成で解説するブログの第 2 部です。In this post, we delve into the types of investment scams perpetrated by pig butchers to steal hundreds of millions of dollars from victims, including in the form ...
マイクロソフトの 2024 年 2 月月例セキュリティ更新プログラム 73 件の CVE に対処 (CVE-2024-21351、CVE-2024-21412)
Microsoft addresses 73 CVEs, including three zero-day vulnerabilities that were exploited in the wild....
CVE-2024-21762: Fortinet FortiOS の SSL-VPN 機能における境界外書き込みに関する緊急な脆弱性
Fortinet warns of “potentially” exploited flaw in the SSL VPN functionality of FortiOS, as government agencies warn of pre-positioning by Chinese state-sponsored threat actors in U.S. critical infrastructure through exploitation of known vulnerabilities...