CVE-2023-20269: Cisco 適応型セキュリティアプライアンスおよび Firepower Threat Defense におけるゼロデイ脆弱性がランサムウェアグループによって悪用される
Ransomware groups including LockBit and Akira are reportedly exploiting a zero-day vulnerability in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) appliances with VPN functionality enabled.
AA23-250A: 複数の国家による脅威アクターが CVE-2022-47966 および CVE-2022-42475 を悪用
A joint Cybersecurity Advisory examines the exploitation of two critical vulnerabilities by nation-state threat actors.
CVE-2023-2868: Barracuda と FBI は E メールゲートウェイ (ESG) デバイスを直ちに交換することを推奨
Since October 2022, attackers have been exploiting a zero-day vulnerability in Barracuda Email Security Gateway devices, and both the vendor and the FBI urge customers to replace these devices immediately.
CVE-2023-38035: Ivanti Sentry API における認証バイパスの脆弱性の悪用が確認される
For the third time in a month, Ivanti discloses a zero-day vulnerability in one of its products that has been exploited in the wild
マイクロソフトの2023年8月月例更新プログラム、73件の脆弱性に対処(CVE-2023-38180)
Microsoft addresses 73 CVEs, including one vulnerability exploited in the wild.
AA23-215A: 2022 年に最も日常的に悪用された脆弱性
A joint Cybersecurity Advisory collaborated on by multiple international agencies highlights the top routinely exploited vulnerabilities of 2022.
CVE-2023-35078: Ivanti Endpoint Manager Mobile (EPMM) / MobileIron Core における API へ認証なしにアクセスできる脆弱性
Critical vulnerability in a popular mobile device management solution from Ivanti has been exploited in the wild in limited attacks
オラクル、2023 年 7 月のクリティカルパッチアップデートで 183 件の脆弱性を修正
Oracle addresses 183 CVEs in its third quarterly update of 2023 with 508 patches, including 76 critical updates.
CVE-2023-3519: Netscaler ADC (Citrix ADC) および Netscaler Gateway (Citrix Gateway) における「緊急」の RCE
Citrix has released a patch fixing a remote code execution vulnerability in several versions of Netscaler ADC and Netscaler Gateway that has been exploited. Organizations are urged to patch immediately.
CVE-2023-3595、CVE-2023-3596: ロックウェル・オートメーションの ControlLogix の脆弱性が公開される
ロックウェル・オートメーションが、重要インフラのプロセスの中断や破壊につながる重大な欠陥を含む、複数の脆弱性についてのアドバイザリを発行しました。
OT 環境で CVE-2023-3595 および CVE-2023-3596 の影響を受ける ロックウェル・オートメーション Allen-Bradley 通信モジュールを見つける
Identifying vulnerable systems in your industrial environment can be complex. Use the wrong tool and it will overlook affected devices. Find out how Tenable OT Security is designed to give you in-depth asset visibility to address these new vulnerabilities without disrupting productivity.
マイクロソフト、2023 年 7 月の月例セキュリティ更新プログラムで 130 件の CVE を修正 (CVE-2023-36884)
Microsoft addresses 130 CVEs including five that were exploited in the wild as zero-day vulnerabilities and guidance on the malicious use of Microsoft signed drivers.
営業チームに問い合わせる