[脆弱性]
■コラボツール「ZCS」にゼロデイ脆弱性 – アップデートの適用を
https://www.security-next.com/148231
■Ubuntuのモジュールに深刻な脆弱性、40%のUbuntuユーザーに影響か
https://news.biglobe.ne.jp/it/0727/mnn_230727_3277930116.html
https://www.bleepingcomputer.com/news/security/almost-40-percent-of-ubuntu-users-vulnerable-to-new-privilege-elevation-flaws/
■作図ツール「draw.io」に複数の脆弱性 – アップデートで修正
https://www.security-next.com/148236
[インシデント・情報漏洩]
■名古屋港で発生したランサムウェア被害 復旧までの経緯を公開
https://www.itmedia.co.jp/enterprise/articles/2307/28/news065.html
https://www.yomiuri.co.jp/national/20230727-OYT1T50215/
■ヤマハのカナダ部門、ランサムウェア攻撃を受ける
https://news.mynavi.jp/techplus/article/20230728-2736263/
■ストーカーアプリ「Spyhide」、6万台のAndroidデバイスにインストール
https://news.mynavi.jp/techplus/article/20230727-2736262/
[脅威]
■Beyond File Search: A Novel Method for Exploiting the “search-ms” URI Protocol Handler
https://www.trellix.com/en-us/about/newsroom/stories/research/beyond-file-search-a-novel-method.html
■WordPress Ninja Forms plugin flaw lets hackers steal submitted data
https://www.bleepingcomputer.com/news/security/wordpress-ninja-forms-plugin-flaw-lets-hackers-steal-submitted-data/
■More malicious npm packages found in wake of JumpCloud supply chain hack
https://securityboulevard.com/2023/07/more-malicious-npm-packages-found-in-wake-of-jumpcloud-supply-chain-hack/
■Windows・Mac・Linux狙う情報窃取マルウェアが急増している、注意を
https://news.mynavi.jp/techplus/article/20230728-2736410/
■脅威の動向:Snort IPS
https://gblogs.cisco.com/jp/2023/07/threat-trends-snort-ips/
■BreachForums database and private chats for sale in hacker data breach
https://www.bleepingcomputer.com/news/security/breachforums-database-and-private-chats-for-sale-in-hacker-data-breach/
[セキュリティ]
■Preventing Web Application Access Control Abuse
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-208a
■What Will CISA’s Secure Software Development Attestation Form Mean?
https://www.darkreading.com/vulnerabilities-threats/what-will-cisa-secure-software-development-attestation-form-mean
■エネルギー変革の実現:サイバーレジリエンスなスマートグリッドの構築に取り組む
https://www.trendmicro.com/ja_jp/research/23/g/energy-transformation-cyber-resilient-smart-grid.html
■Why CISOs Should Get Involved With Cyber Insurance Negotiation
https://www.darkreading.com/edge-articles/why-cisos-should-get-involved-with-cyber-insurance-negotiation
■サイバーセキュリティのトレンド、注目すべき脆弱性、脅威ハンティング戦術
https://securityboulevard-com.translate.goog/2023/07/cybersecurity-trends-notable-vulnerabilities-and-threat-hunting-tactics/?_x_tr_sl=en&_x_tr_tl=ja&_x_tr_hl=ja&_x_tr_pto=wapp
■Redefining Security: Going Beyond Compliance in Financial Organizations (Plus Memes!)
https://securityboulevard.com/2023/07/redefining-security-going-beyond-compliance-in-financial-organizations-plus-memes/
■A Fraud Risk Management Guide for Savvy Businesses
https://securityboulevard.com/2023/07/a-fraud-risk-management-guide-for-savvy-businesses/
■Gartner、日本のセキュリティ/リスク・マネジメントのリーダーが2023年に押さえておくべき重要な論点を発表
https://www.gartner.co.jp/ja/newsroom/press-releases/pr-20230727
■イニシャルアクセスブローカー
https://eset-info.canon-its.jp/malware_info/term/detail/00201.html
■Googleの生成AI「Bard」、サイバー犯罪者の悪意ある行為を可能に
https://news.mynavi.jp/techplus/article/20230728-2736987/