[脆弱性]
■Stable Channel Update for ChromeOS / ChromeOS Flex
The Stable channel is being updated to OS version: 15474.84.0 Browser version: 115.0.5790.182 for most ChromeOS devices.
https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-chromeos_14.html
[脅威]
■SIMスワップで組織内部に侵入 Lapsus$の手口と攻撃を緩和する10の方法
https://www.itmedia.co.jp/enterprise/articles/2308/15/news051.html
■ゼロデイとアクセス キーがクラウドで出会うとき: SugarCRM のゼロデイ脆弱性への対応
https://unit42.paloaltonetworks.jp/sugarcrm-cloud-incident-black-hat/
■QwixxRAT: New Remote Access Trojan Emerges via Telegram and Discord
https://thehackernews.com/2023/08/qwixxrat-new-remote-access-trojan.html
■Discord.io confirms breach after hacker steals data of 760K users
https://www.bleepingcomputer.com/news/security/discordio-confirms-breach-after-hacker-steals-data-of-760k-users/
■Over 100K hacking forums accounts exposed by info-stealing malware
https://www.bleepingcomputer.com/news/security/over-100k-hacking-forums-accounts-exposed-by-info-stealing-malware/
■Monti ransomware targets VMware ESXi servers with new Linux locker
https://www.bleepingcomputer.com/news/security/monti-ransomware-targets-vmware-esxi-servers-with-new-linux-locker/
■2023年7月度 MBSD-SOCの検知傾向トピックス Zyxel製ルータの脆弱性を狙った攻撃
https://www.mbsd.jp/research/20230815/20237-mbsd-soc/
■MaginotDNS attacks exploit weak checks for DNS cache poisoning
https://www.bleepingcomputer.com/news/security/maginotdns-attacks-exploit-weak-checks-for-dns-cache-poisoning/
■Chimera – Automated DLL Sideloading Tool With EDR Evasion Capabilities
https://www.kitploit.com/2023/08/chimera-automated-dll-sideloading-tool.html
[セキュリティ関連]
■「ずさんなセキュリティ」「無責任」──不正アクセス巡り、米Microsoftへの批判噴出
https://www.itmedia.co.jp/news/articles/2308/15/news065.html
■必要なのは「高いITリテラシー」か「分かりやすいルール」か ガートナーがセキュリティ意識調査の結果を発表
https://atmarkit.itmedia.co.jp/ait/articles/2308/15/news037.html
■中国に「マイナンバー情報500万人分が大量流出」の深刻度。Google日本元社長が厚労省を猛批判のワケ
https://www.mag2.com/p/news/582279
■Active Directoryを標的とした攻撃手段を知り、セキュリティの強化を
https://news.mynavi.jp/techplus/article/20230815-2746094/
■経営陣を狙うフィッシング詐欺が急増中、多要素認証(MFA)を回避
https://news.mynavi.jp/techplus/article/20230814-2746846/
■Top 10 Key Takeaways on Navigating End-User Computing (EUC) Risks
https://securityboulevard.com/2023/08/top-10-key-takeaways-on-navigating-end-user-computing-euc-risks/
■Phishing Operators Make Ready Use of Abandoned Websites for Bait
https://www.darkreading.com/attacks-breaches/-phishing-operators-make-ready-use-of-abandoned-websites-for-bait
■What’s New in the NIST Cybersecurity Framework 2.0
https://www.darkreading.com/operations/whats-new-in-nist-cybersecurity-framework-2-0
■11 Requirements for Mobile Network Security
https://securityboulevard.com/2023/08/11-requirements-for-mobile-network-security/
■RDP honeypot targeted 3.5 million times in brute-force attacks
https://www.bleepingcomputer.com/news/security/rdp-honeypot-targeted-35-million-times-in-brute-force-attacks/
 | 返信全員に返信転送 |