CVE-2022-26134: Atlassian Confluence Server と Data Center のゼロデイ脆弱性の悪用が確認される
A critical vulnerability in Atlassian Confluence Server and Data Center has been exploited in the wild by multiple threat actors. Organizations should review and implement mitigation guidance until a patch becomes available.
重要インフラのサイバーセキュリティ強化に向けて CISO、規制当局、ベンダー、市民ができること
A year after the ransomware attack against the Colonial Pipeline, what can we do to further harden the IT and OT systems of power plants, fuel pipelines, water treatment plants and similar facilities?
CVE-2022-30190: マイクロソフト サポート診断ツール (MSDT) のゼロデイ・ゼロクリック脆弱性の悪用が確認される
Microsoft confirms remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool that has been exploited in the wild since at least April.
Twitter の暗号通貨詐欺:Bored Ape Yacht Club、Azuki、その他のプロジェクトが NFT や暗号通貨を盗むために偽装される
詐欺師が認証済みおよび未認証のアカウントを使用して、 Bored Ape Yacht Club などの注目を集めている NFT プロジェクトになりすまし、Twitter ユーザーにタグを付けてフィッシング詐欺ウェブサイトに誘導しています。
eコマースの顧客の個人情報のセキュリティを強化
We were recently informed by Kulkan Security of a design flaw in our third-party ecommerce fulfillment system, cleverbridge, that could have potentially allowed customers to accidentally disclose their purchasing information (i.e., last 4 digits of credit card used, credit card expiration date,…
6 Tips for Successfully Securing Your AWS Environment
Top six actions and practices you can take to protect your AWS environment today.
州政府および地方自治体がサイバー攻撃に対する防御を強化するには
Cybersecurity leaders of U.S. cities and states must protect their systems and data from nation-state attackers, including Russian hackers.
SOC を Identity-Aware にして効率化する方法
サイバー攻撃は 1 回成功すれば目的が達成できますが、セキュリティ対策は何回繰り返しても成功する手法を使う必要があります。ですから、SOC 担当者は AD の弱点を糸口にしたランサムウェア攻撃を抑止する必要があるのです。
シフトレフトするための実践的なステップ
Learn how you can adopt a shift left approach that boosts the security of your software releases by helping DevOps teams detect and fix vulnerabilities and misconfigurations early in your software development lifecycle.
コロニアルパイプライン事件から 1 年後の OT セキュリティの現状
During a recent podcast, Tenable's VP of Operational Technology Marty Edwards discussed the cyber threats faced by critical infrastructure providers and the importance of OT security, topics he'll address again next week during a LinkedIn Live with CNN. The recent cyberattacks against…
CVE-2022-22972: VMware、Workspace ONE Access における追加の脆弱性にパッチを適用 (VMSA-2022-0014)
Organizations and government agencies are strongly advised to patch two newly disclosed vulnerabilities in VMware products, following warnings from VMware and the Cybersecurity and Infrastructure Security Agency.
Securing Your Cloud with Zero Trust and Least Privilege
Zero trust could be the solution for your modern security perils. Read on to discover what zero trust and least privilege are – and how to get started.