Sandworm APT 使用 Active Directory 组策略部署新的 SwiftSlicer Wiper
Sandworm, the Russian-backed APT responsible for NotPetya in 2017, has recently attacked an Ukrainian organization using a new wiper, SwiftSlicer.
Oracle 2023 年 1 月重要补丁更新解决了 183 个 CVE
Oracle addresses 183 CVEs in its first quarterly update of quarterly with 327 patches, including 71 critical updates.
Microsoft’s January 2023 Patch Tuesday Addresses 98 CVEs (CVE-2023-21674)
Microsoft addresses 98 CVEs including a zero-day vulnerability that was exploited in the wild.
CVE-2022-47523:ManageEngine Password Manager Pro、PAM360 和 Access Manager Plus SQL 注入漏洞
Zoho patches a newly disclosed high-severity SQL injection flaw in several ManageEngine products; attackers have historically targeted several ManageEngine products over the last three years.
CVE-2022-47939: Critical RCE Vulnerability in Linux Kernel
A critical remote code execution vulnerability in the Linux kernel has been publicly disclosed by Trend Micro's Zero Day Initiative in its ZDI-22-1690 advisory. The vulnerability has been given a CVSSv3 of 10.0. There are no reports of active exploitation.
CVE-2022-37958:严重的 Microsoft SPNEGO NEGOEX 漏洞问答
Microsoft recently reclassified a vulnerability in SPNEGO NEGOEX, originally patched in September, after a security researcher discovered that it can lead to remote code execution. Organizations are urged to apply these patches as soon as possible.
Microsoft 的 2022 年补丁星期二解决了 48 个 CVE (CVE-2022-44698)
Microsoft addresses 48 CVEs including two zero-day vulnerabilities, one that has been exploited in the wild (CVE-2022-44698) and one that was publicly disclosed prior to a patch being available (CVE-2022-44710).
CVE-2022-27518:Citrix ADC 和网关中未经身份验证的 RCE
Citrix has patched a critical remote code execution vulnerability in its Gateway and ADC products. This vulnerability has reportedly been exploited as a zero day; organizations should patch urgently.
CVE-2022-42475:Fortinet 修补了 FortiOS SSL VPN 中的零日漏洞
Fortinet has patched a zero day buffer overflow in FortiOS that could lead to remote code execution. There has been a report of active exploitation and organizations should patch urgently.
CVE-2022-27510: Critical Citrix ADC and Gateway Authentication Bypass Vulnerability
Citrix publishes an advisory to address multiple flaws in its ADC and Gateway products, including a critical vulnerability.
Microsoft’s November 2022 Patch Tuesday Addresses 62 CVEs (CVE-2022-41073)
Microsoft addresses 62 CVEs including four zero-day vulnerabilities that were exploited in the wild.
CVE-2022-3786 和 CVE-2022-3602:OpenSSL 修补了两个高危型漏洞
OpenSSL has patched two vulnerabilities, pivoting from its earlier announcement, in version 3.0.7.
联系我们的销售团队