MOVEit Transfer 漏洞和 CL0P 勒索软件团伙常见问题
Frequently asked questions relating to vulnerabilities in MOVEit Transfer, including one that was exploited by the prolific CL0P ransomware gang.
CVE-2023-20887:VMware Aria 网络运营命令注入
VMware issues advisory to address three flaws in its VMware Aria Operations for Networks solution, including a critical command injection flaw assigned a CVSSv3 score of 9.8.
Microsoft 的 2023 年 6 月补丁星期二解决了 70 个 CVE (CVE-2023-29357)
Microsoft addresses 70 CVEs in its June 2023 Patch Tuesday update including six rated as critical.
CVE-2023-27997:Heap-Based Buffer Overflow in Fortinet FortiOS and FortiProxy SSL-VPN (XORtigate)
Fortinet says a critical flaw in its SSL-VPN product may have been exploited in the wild in a limited number of cases. Organizations are strongly encouraged to apply these patches immediately.
CVE-2023-34362:在现实环境中遭利用的 MOVEIt Transfer 关键零日漏洞
Discovery of a new zero-day vulnerability in MOVEit Transfer becomes the second zero-day disclosed in a managed file transfer solution in 2023, with reports suggesting that threat actors have stolen data from a number of organizations.
Volt Typhoon:国际网络安全机构详细介绍了与中国支持的威胁制造者有关的活动
Several international cybersecurity authorities from the United States, United Kingdom, Australia, Canada and New Zealand issue a joint advisory detailing tactics, techniques and procedures used in recent attacks by a Chinese state-sponsored threat actor.
美国和澳大利亚机构发布关于 BianLian Ransomware Group 的联合网络安全公告
The FBI, ACSC and CISA have released a joint cybersecurity advisory discussing the BianLian ransomware group.
Microsoft 的 2023 年 5 月星期二补丁解决了 38 个 CVE (CVE-2023-29336)
Microsoft addresses 38 CVEs including three zero-day vulnerabilities, two of which were exploited in the wild.
CVE-2023-20864:VMware Aria Operations for Logs 反序列化漏洞
VMware issues advisory to address two flaws in its VMware Aria Operations for Logs solution, including a critical deserialization flaw assigned a CVSSv3 score of 9.8.
Oracle 2023 年 4 月补丁更新解决了 231 个 CVE
Oracle addresses 231 CVEs in its second quarterly update of 2023 with 433 patches, including 74 critical updates.
Microsoft 2023 年 4 月补丁星期二解决了 97 个 CVE (CVE-2023-28252)
Microsoft addresses 97 CVEs, including one that was exploited in the wild as a zero day.
据报道,Windows 和 macOS 版 3CX 桌面应用程序在供应链攻击中受损
A softphone desktop application from 3CX, makers of a popular VoIP PBX solution used by over 600,000 organizations, has reportedly been trojanized as part of a supply chain attack