AA23-250A:多个极权国家威胁制造者利用 CVE-2022-47966 和 CVE-2022-42475
A joint Cybersecurity Advisory examines the exploitation of two critical vulnerabilities by nation-state threat actors....
AA23-215A:2022 年最常被利用的漏洞
A joint Cybersecurity Advisory collaborated on by multiple international agencies highlights the top routinely exploited vulnerabilities of 2022....
CVE-2023-35078:Ivanti Endpoint Manager Mobile (EPMM) / MobileIron Core 未经身份验证的 API 访问漏洞
Critical vulnerability in a popular mobile device management solution from Ivanti has been exploited in the wild in limited attacks...
MOVEit Transfer 漏洞和 CL0P 勒索软件团伙常见问题
Frequently asked questions relating to vulnerabilities in MOVEit Transfer, including one that was exploited by the prolific CL0P ransomware gang....
CVE-2023-20887:VMware Aria 网络运营命令注入
VMware issues advisory to address three flaws in its VMware Aria Operations for Networks solution, including a critical command injection flaw assigned a CVSSv3 score of 9.8....
Microsoft 的 2023 年 6 月补丁星期二解决了 70 个 CVE (CVE-2023-29357)
Microsoft addresses 70 CVEs in its June 2023 Patch Tuesday update including six rated as critical....
Volt Typhoon:国际网络安全机构详细介绍了与中国支持的威胁制造者有关的活动
Several international cybersecurity authorities from the United States, United Kingdom, Australia, Canada and New Zealand issue a joint advisory detailing tactics, techniques and procedures used in recent attacks by a Chinese state-sponsored threat actor....
Microsoft 的 2023 年 5 月星期二补丁解决了 38 个 CVE (CVE-2023-29336)
Microsoft addresses 38 CVEs including three zero-day vulnerabilities, two of which were exploited in the wild....
CVE-2023-20864:VMware Aria Operations for Logs 反序列化漏洞
VMware issues advisory to address two flaws in its VMware Aria Operations for Logs solution, including a critical deserialization flaw assigned a CVSSv3 score of 9.8....
Microsoft 2023 年 4 月补丁星期二解决了 97 个 CVE (CVE-2023-28252)
Microsoft addresses 97 CVEs, including one that was exploited in the wild as a zero day....
Microsoft’s February 2023 Patch Tuesday Addresses 75 CVEs (CVE-2023-23376)
Microsoft addresses 75 CVEs including three zero-day vulnerabilities that were exploited in the wild....
ProxyNotShell, OWASSRF, TabShell: Patch Your Microsoft Exchange Servers Now
Several flaws in Microsoft Exchange Server disclosed over the last two years continue to be valuable exploits for attackers as part of ransomware and targeted attacks against organizations that have yet to patch their systems. Patching the flaws outlined below is strongly recommended....