■Stable Channel Update for ChromeOS (Thursday, July 20, 2023 )Browser version: 115.0.5790.131
https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-chromeos.html
■Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-201a
■Oracle Java SEに複数の脆弱性、IPAが注意喚起
https://news.mynavi.jp/techplus/article/20230721-2731103/
■CISA Adds Two Known Exploited Vulnerabilities to Catalog
https://www.cisa.gov/news-events/alerts/2023/07/20/cisa-adds-two-known-exploited-vulnerabilities-catalog
→KEVに2件追加
■Apache OpenMeetings Web Conferencing Tool Exposed to Critical Vulnerabilities
https://thehackernews.com/2023/07/apache-openmeetings-web-conferencing.html
■Vulnerable HTTP Report (LAST UPDATED: 2023-07-20)
https://www.shadowserver.org/what-we-do/network-reporting/vulnerable-http-report/
■世界規模の食品会社で個人情報が漏えい サプライチェーン攻撃か
https://kn.itmedia.co.jp/kn/articles/2307/21/news060.html
■New P2P Worm Puts Windows and Linux Redis Servers in its Sights
https://securityboulevard.com/2023/07/new-p2p-worm-puts-windows-and-linux-redis-servers-in-its-sights/
https://unit42.paloaltonetworks.jp/peer-to-peer-worm-p2pinfect/
■Moving to Passwordless Authentication
https://securityboulevard.com/2023/07/moving-to-passwordless-authentication/
■GitHub warns of Lazarus hackers targeting devs with malicious projects
https://www.bleepingcomputer.com/news/security/github-warns-of-lazarus-hackers-targeting-devs-with-malicious-projects/
■Google exposes intelligence and defense employee names in VirusTotal leak
https://therecord.media/virustotal-user-email-addresses-leaked-google-military-intelligence
■Sophos Discovers Ransomware Abusing “Sophos” Name
https://news.sophos.com/en-us/2023/07/18/sophos-discovers-ransomware-abusing-sophos-name/
■Estée Lauder beauty giant breached by two ransomware gangs
https://www.bleepingcomputer.com/news/security/est-e-lauder-beauty-giant-breached-by-two-ransomware-gangs/
■パスワードなしでの認証を可能にする「パスキー」技術にはわなが潜んでいる、YubiKeyなどのハードウェア認証デバイスを利用している場合は注意
https://gigazine.net/news/20230721-passkey-resident/
■MS、上位サブスク契約者向けだった詳細ログデータを開放
https://www.security-next.com/148028
■Facebookで見かけたAI広告はワナかもしれない、注意を
https://news.mynavi.jp/techplus/article/20230721-2731501/
■マイクロソフト、Azure ADを「Entra ID」に変更 – SSEの新製品を解説
https://news.mynavi.jp/techplus/article/20230721-2731471/