Microsoft 的 2023 年 12 月补丁星期二解决了 33 个 CVE (CVE-2023-36019)
Microsoft addresses 33 CVEs in its December 2023 Patch Tuesday release, with no zero-day vulnerabilities disclosed this month.
CVE-2023-4966 (CitrixBleed):将活动或持久会话置于无效状态,防止进一步受到侵害
Patching CitrixBleed isn’t enough; organizations need to invalidate active or persistent session tokens as the these tokens can be used to compromise networks and bypass authentication measures including multifactor authentication
CitrixBleed 常见问题 (CVE-2023-4966)
Frequently asked questions relating to a critical vulnerability in Citrix NetScaler that has been under active exploitation for over a month, including by ransomware groups.
Microsoft 的 2023 年11 月补丁星期二解决了 57 个 CVE (CVE-2023-36025)
Microsoft addresses 57 CVEs, including three zero-day vulnerabilities that were exploited in the wild.
CVE-2023-22518:Critical Atlassian Confluence Data Center and Server Improper Authorization Vulnerability
Atlassian warns of public vulnerability details for a critical flaw in Confluence Data Center and Server, as its CISO urges organizations to apply patches immediately.
CVE-2023-46747:F5 BIG-IP 中的关键身份验证绕过漏洞
A critical authentication bypass vulnerability in F5’s BIG-IP could allow remote, unauthenticated attackers to execute system commands. Organizations are encouraged to apply patches as soon as possible.
Oracle October 2023 Critical Patch Update Addresses 176 CVEs
Oracle addresses 176 CVEs in its fourth quarterly update of 2023 with 387 patches, including 46 critical updates.
CVE-2023-4966:Citrix NetScaler ADC and NetScaler Gateway Information Disclosure Exploited in the Wild
A critical information disclosure vulnerability in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway has been exploited in the wild as a zero-day vulnerability. 强烈建议企业立即进行修补。
CVE-2023-20198:在现实中遭利用的 Cisco IOS XE 零日漏洞
A maximum severity CVSS 10 zero-day vulnerability in Cisco IOS XE has been exploited in the wild. Organizations should apply the mitigation steps from Cisco as soon as possible until patches are released.
Microsoft 的 2023 年 10 月补丁星期二解决了 103 个 CVE(CVE-2023-36563、CVE-2023-41763)
Microsoft addresses 103 CVEs including two vulnerabilities that were exploited in the wild.
CVE-2023-38545、CVE-2023-38546:curl 中新漏洞的常见问题
Frequently asked questions relating to two vulnerabilities patched in curl version 8.4.0
MrBeast 诈骗:经过验证的帐户,DeepFakes 用于在 Impersonations 中在 YouTube 和 TikTok 上推广虚假赠品
MrBeast, the most popular YouTube creator as of October 2023, has been impersonated in a variety of scams on YouTube and TikTok, including a recent deepfake promoting a free iPhone giveaway
联系我们的销售团队