マイクロソフトの 2024 年 3 月月例セキュリティ更新プログラム 59 件の CVE を修正 (CVE-2024-21407)
Microsoft addresses 59 CVEs in its March 2024 Patch Tuesday release with no zero-day or publicly disclosed vulnerabilities.
CVE-2024-27198、CVE-2024-27199: JetBrains TeamCity の 2 つの認証バイパスにおける脆弱性
Two vulnerabilities with publicly available exploit code in JetBrains TeamCity on-premises software could result in attackers bypassing authentication and achieving code execution.
ScreenConnect における脆弱性に関するよくある質問
Frequently asked questions about two vulnerabilities affecting ConnectWise ScreenConnect
豚殺し詐欺: Tinder、TikTok、WhatsApp、Telegram などを悪用した長期詐欺が数億ドルを盗取
本稿は、豚殺し詐欺を解説した 2 部構成のブログの第 1 部です。世界で何万人もの人に被害を与え、数億ドルの損失が生じた犯罪について解説し、This blog highlights the who and the how of Pig butchering scams, and details the Pig butchering…
豚殺し詐欺: ビットコイン、イーサリアム、ライトコイン、金スポット (XAUUSD) 投資が恋愛詐欺に悪用されて数億ドルの被害に
本稿は、2022 年末から 2024 年初旬まで実施した豚殺し詐欺の直接調査の内容を 2 部構成で解説するブログの第 2 部です。In this post, we delve into the types of investment scams perpetrated by pig butchers to steal hundreds of millions of dollars from victims, including in the form…
マイクロソフトの 2024 年 2 月月例セキュリティ更新プログラム 73 件の CVE に対処 (CVE-2024-21351、CVE-2024-21412)
Microsoft addresses 73 CVEs, including three zero-day vulnerabilities that were exploited in the wild.
CVE-2024-21762: Fortinet FortiOS の SSL-VPN 機能における境界外書き込みに関する緊急な脆弱性
Fortinet warns of “potentially” exploited flaw in the SSL VPN functionality of FortiOS, as government agencies warn of pre-positioning by Chinese state-sponsored threat actors in U.S. critical infrastructure through exploitation of known vulnerabilities
AnyDesk のセキュリティインシデントに関するよくある質問
Frequently asked questions relating to a security incident at AnyDesk that was publicly disclosed on February 2.
CVE-2023-46805、CVE-2024-21887、CVE-2024-21888、CVE-2024-21893: Ivanti Connect Secure と Policy Secure Gateway の脆弱性に関するよくある質問
Frequently asked questions for five CVEs affecting Ivanti Connect Secure and Policy Secure Gateways, with three of the vulnerabilities having been exploited in the wild as zero-days.
CVE-2024-0204: Fortra GoAnywhere MFT における認証バイパスの脆弱性
Proof-of-concept exploit details are available for a newly disclosed critical vulnerability in Fortra GoAnywhere Managed File Transfer (MFT), a product historically targeted by ransomware
CVE-2023-22527: Atlassian Confluence Data Center と Server におけるテンプレートインジェクションの脆弱性の悪用が確認される
In the wild exploitation has begun for a recently disclosed, critical severity flaw in Atlassian Confluence Data Center and Server
オラクル、2024 年 1 月クリティカルパッチアップデートで 191 件の脆弱性を修正
Oracle addresses 191 CVEs in its first quarterly update of 2024 with 389 patches, including 37 critical updates.