CVE-2023-34362:在现实环境中遭利用的 MOVEIt Transfer 关键零日漏洞
Discovery of a new zero-day vulnerability in MOVEit Transfer becomes the second zero-day disclosed in a managed file transfer solution in 2023, with reports suggesting that threat actors have stolen data from a number of organizations.
Volt Typhoon:国际网络安全机构详细介绍了与中国支持的威胁制造者有关的活动
Several international cybersecurity authorities from the United States, United Kingdom, Australia, Canada and New Zealand issue a joint advisory detailing tactics, techniques and procedures used in recent attacks by a Chinese state-sponsored threat actor.
美国和澳大利亚机构发布关于 BianLian Ransomware Group 的联合网络安全公告
The FBI, ACSC and CISA have released a joint cybersecurity advisory discussing the BianLian ransomware group.
Microsoft 的 2023 年 5 月星期二补丁解决了 38 个 CVE (CVE-2023-29336)
Microsoft addresses 38 CVEs including three zero-day vulnerabilities, two of which were exploited in the wild.
CVE-2023-20864:VMware Aria Operations for Logs 反序列化漏洞
VMware issues advisory to address two flaws in its VMware Aria Operations for Logs solution, including a critical deserialization flaw assigned a CVSSv3 score of 9.8.
Oracle 2023 年 4 月补丁更新解决了 231 个 CVE
Oracle addresses 231 CVEs in its second quarterly update of 2023 with 433 patches, including 74 critical updates.
Microsoft 2023 年 4 月补丁星期二解决了 97 个 CVE (CVE-2023-28252)
Microsoft addresses 97 CVEs, including one that was exploited in the wild as a zero day.
据报道,Windows 和 macOS 版 3CX 桌面应用程序在供应链攻击中受损
A softphone desktop application from 3CX, makers of a popular VoIP PBX solution used by over 600,000 organizations, has reportedly been trojanized as part of a supply chain attack
OpenAI’s ChatGPT and GPT-4 Used as Lure in Phishing Email, Twitter Scams to Promote Fake OpenAI Tokens
Hoping to cash in on the massive interest around OpenAI’s GPT-4 – ChatGPT’s new multimodal model – scammers have launched phishing campaigns via email and Twitter designed to steal cryptocurrency. Check out how they’re carrying out the scams and how you can avoid becoming a victim.
Microsoft 的 2023 年 3 月补丁星期二解决了 76 个 CVE (CVE-2023-23397)
Microsoft addresses 76 CVEs including two zero-days exploited in the wild, one of which was publicly disclosed.
FBI 和 CISA 发布有关 Royal 勒索软件集团的网络安全公告
The FBI and CISA have released a joint Cybersecurity Advisory discussing the Royal ransomware group.
韩国和美国机构发布关于朝鲜勒索软件的联合公告
Several South Korean and American agencies have released a joint cybersecurity advisory on North Korean state-sponsored ransomware operators.