未使用のアクセスアナライザーで最小権限アクセスを実現
AWS IAM Access Analyzer can now detect action-level unused permissions. It’s a great enhancement in the native toolbox to achieve least privilege — but if you need comprehensive entitlements management at scale you will probably need additional tooling and work. Find out why and what you can do to c...
CVE-2024-21762: Fortinet FortiOS の SSL-VPN 機能における境界外書き込みに関する緊急な脆弱性
Fortinet warns of “potentially” exploited flaw in the SSL VPN functionality of FortiOS, as government agencies warn of pre-positioning by Chinese state-sponsored threat actors in U.S. critical infrastructure through exploitation of known vulnerabilities...
水の安全保障を強化:業界リーダーが議会証言
The House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection recently brought together industry leaders and stakeholders to discuss the urgent need for protective measures, baseline cybersecurity standards and collaboration initiatives to fortify the nation’s critical wate...
サイバーセキュリティニュース: サイバーセキュリティー当局、重要インフラ組織に対する中国政府支援のボルトタイフーンについて警告
The Volt Typhoon hacking gang is stealthily breaching critical infrastructure IT environments so it can strike on behalf of the Chinese government, cyber agencies say. Plus, ransomware gangs netted $1 billion-plus in 2023. In addition, new group tasked with addressing the quantum computing threat dr...
国防総省、強力なサイバーセキュリティ対策プログラムで上下水道システムのサイバー リスクを大幅に軽減
Malicious actors are ramping up attacks against water and wastewater systems (WWS), which are not only attractive targets but also complex to protect. 例えば、米国のDepartment of Defense (DoD) in particular operates a large number of WWS facilities. Read on to learn how a strong cybersecurity program can...
AnyDesk のセキュリティインシデントに関するよくある質問
Frequently asked questions relating to a security incident at AnyDesk that was publicly disclosed on February 2....
サイバーセキュリティニュース: CISA、攻撃者がルーターをハッキングして重要インフラを標的にサイバー攻撃を仕掛けることを阻止するためにより安全なルーター設計を要求する
CISA is calling on router makers to improve security, because attackers like Volt Typhoon compromise routers to breach critical infrastructure systems. Meanwhile, data breaches hit an all-time high in the U.S. Plus, Italy says ChatGPT violates EU privacy laws. And a cyber expert calls on universitie...
Microsoft アイデンティティセキュリティの不備が国家集団による攻撃の原因か
Microsoft が最近被害者となった不正アクセス攻撃は、検知と対応のみの防備では不十分であることを改めて表しています。Because the source of an attack almost always boils down to a single overlooked user and permission, it’s critical for organizations to have strong preventive security....
CVE-2023-46805、CVE-2024-21887、CVE-2024-21888、CVE-2024-21893: Ivanti Connect Secure と Policy Secure Gateway の脆弱性に関するよくある質問
Frequently asked questions for five CVEs affecting Ivanti Connect Secure and Policy Secure Gateways, with three of the vulnerabilities having been exploited in the wild as zero-days....
クラウド採用プロセスにおける意思決定者の主要な課題についての意見
Too many identities, systems and cooks in the kitchen cloud an already complex mandate....
Tenable Exposure AI を活用してプロアクティブなサイバーセキュリティを実現
攻撃がより高度になるにつれ、セキュリティチームは、組織へのさまざまな侵入ポイントだけでなく、数多くの戦術、技術、手順の分析に、より多くの時間を費やす必要があります。Find out how Tenable ExposureAI helps you overcome these challenges and enhances your efficiency and productiv...
サイバーセキュリティニュース: AI 使用に関する国際ガイダンス、CERT ディレクターが最高情報セキュリティ責任者に AI サイバーセキュリティのスキルアップを求める
Cyber agencies from multiple countries published a joint guide on using artificial intelligence safely. Meanwhile, CERT’s director says AI is the top skill for CISOs to have in 2024. Plus, the UK’s NCSC forecasts how AI will supercharge cyberattacks. And a global survey shows cyber pros weighing pro...