CVE-2024-0204: Fortra GoAnywhere MFT における認証バイパスの脆弱性
Proof-of-concept exploit details are available for a newly disclosed critical vulnerability in Fortra GoAnywhere Managed File Transfer (MFT), a product historically targeted by ransomware
CVE-2023-22527: Atlassian Confluence Data Center と Server におけるテンプレートインジェクションの脆弱性の悪用が確認される
In the wild exploitation has begun for a recently disclosed, critical severity flaw in Atlassian Confluence Data Center and Server
オラクル、2024 年 1 月クリティカルパッチアップデートで 191 件の脆弱性を修正
Oracle addresses 191 CVEs in its first quarterly update of 2024 with 389 patches, including 37 critical updates.
CVE-2023-6548、CVE-2023-6549: Citrix NetScaler ADC および NetScaler Gateway におけるゼロデイ脆弱性の悪用が確認される
Two zero-day vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway have been exploited in the wild. Urgent patching is required to address these flaws.
CVE-2023-46805、CVE-2024-21887: Ivanti Connect Secure と Policy Secure Gateway で悪用されたゼロデイ脆弱性
Two zero-day vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure have been exploited in the wild, with at least one attack attributed to nation-state actors.
マイクロソフト、2024 年 1 月の月例セキュリティ更新プログラムで 48 件の CVE を修正(CVE-2024-20674)
Microsoft addresses 48 CVEs in its January 2024 Patch Tuesday release with no zero-day or publicly disclosed vulnerabilities.
2023 年マイクロソフト月例セキュリティ更新プログラム、一年の振り返り
Microsoft addressed over 900 CVEs as part of Patch Tuesday releases in 2023, including over 20 zero-day vulnerabilities.
マイクロソフト 2023 年 12 月月例セキュリティ更新プログラム、33 件の CVE を修正 (CVE-2023-36019)
Microsoft addresses 33 CVEs in its December 2023 Patch Tuesday release, with no zero-day vulnerabilities disclosed this month.
CVE-2023-4966 (CitrixBleed): アクティブなセッションや永続的なセッションを無効にしてさらなる侵害を防ぐ
Patching CitrixBleed isn’t enough; organizations need to invalidate active or persistent session tokens as the these tokens can be used to compromise networks and bypass authentication measures including multifactor authentication
CitrixBleed に関するよくある質問 (CVE-2023-4966)
Frequently asked questions relating to a critical vulnerability in Citrix NetScaler that has been under active exploitation for over a month, including by ransomware groups.
マイクロソフト 2023 年 11 月月例セキュリティ更新プログラム、57 件の CVE (CVE-2023-36025) を修正
Microsoft addresses 57 CVEs, including three zero-day vulnerabilities that were exploited in the wild.
CVE-2023-22518: Atlassian Confluence Data Center および Server における不適切な認証による緊急な脆弱性
Atlassian warns of public vulnerability details for a critical flaw in Confluence Data Center and Server, as its CISO urges organizations to apply patches immediately.
営業チームに問い合わせる