CVE-2023-29357、CVE-2023-24955: Microsoft SharePoint Server における脆弱性を悪用するエクスプロイトチェーンがリリースされる
A proof-of-concept exploit chain has been released for two vulnerabilities in Microsoft SharePoint Server that can be exploited to achieve unauthenticated remote code execution....
マイクロソフト、2023 年 9 月の月例セキュリティ更新プログラムで 61 件の CVE に対応 (CVE-2023-36761)
Microsoft addresses 61 CVEs including two vulnerabilities that were exploited in the wild...
CVE-2023-20269: Cisco 適応型セキュリティアプライアンスおよび Firepower Threat Defense におけるゼロデイ脆弱性がランサムウェアグループによって悪用される
Ransomware groups including LockBit and Akira are reportedly exploiting a zero-day vulnerability in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) appliances with VPN functionality enabled....
AA23-250A: 複数の国家による脅威アクターが CVE-2022-47966 および CVE-2022-42475 を悪用
A joint Cybersecurity Advisory examines the exploitation of two critical vulnerabilities by nation-state threat actors....
CVE-2023-2868: Barracuda と FBI は E メールゲートウェイ (ESG) デバイスを直ちに交換することを推奨
Since October 2022, attackers have been exploiting a zero-day vulnerability in Barracuda Email Security Gateway devices, and both the vendor and the FBI urge customers to replace these devices immediately....
CVE-2023-38035: Ivanti Sentry API における認証バイパスの脆弱性の悪用が確認される
For the third time in a month, Ivanti discloses a zero-day vulnerability in one of its products that has been exploited in the wild...
マイクロソフトの2023年8月月例更新プログラム、73件の脆弱性に対処(CVE-2023-38180)
Microsoft addresses 73 CVEs, including one vulnerability exploited in the wild....
AA23-215A: 2022 年に最も日常的に悪用された脆弱性
A joint Cybersecurity Advisory collaborated on by multiple international agencies highlights the top routinely exploited vulnerabilities of 2022....
CVE-2023-35078: Ivanti Endpoint Manager Mobile (EPMM) / MobileIron Core における API へ認証なしにアクセスできる脆弱性
Critical vulnerability in a popular mobile device management solution from Ivanti has been exploited in the wild in limited attacks...
オラクル、2023 年 7 月のクリティカルパッチアップデートで 183 件の脆弱性を修正
Oracle addresses 183 CVEs in its third quarterly update of 2023 with 508 patches, including 76 critical updates....
CVE-2023-3519: Netscaler ADC (Citrix ADC) および Netscaler Gateway (Citrix Gateway) における「緊急」の RCE
Citrix has released a patch fixing a remote code execution vulnerability in several versions of Netscaler ADC and Netscaler Gateway that has been exploited. Organizations are urged to patch immediately....
CVE-2023-3595、CVE-2023-3596: ロックウェル・オートメーションの ControlLogix の脆弱性が公開される
Rockwell Automation issues advisory for multiple vulnerabilities, including a critical flaw that could lead to disruption or destruction of critical infrastructure processes....