オープンソースのログ出力ライブラリー「Log4j」の脆弱性がもたらすセキュリティ危機が、世界的な脅威として認識されるようになってきた。しかし、これはまだ始まりにすぎない。さらに洗練された攻撃につながる動きが観測されており、脆弱性がランサムウェア攻撃やスパイ活動といった高度なハッキングに悪用される「第2波」が訪れる可能性が高まっている。
…
Security flaws found in a popular guest Wi-Fi system used in hundreds of hotels
A security researcher says an internet gateway used by hundreds of hotels to offer and manage their guest Wi-Fi networks has vulnerabilities that could put the personal information of their guests at risk. Etizaz Mohsin told TechCrunch that the Airangel HSMX Gateway contains hardcoded passwords that are “extremely easy to guess.” With those passwords, which […]
イスラエル発のスパイウェアは、国家の支援を受けた「本格的なハッキング」に相当する? グーグルの分析結果が波紋
イスラエル企業が開発した強力なスパイウェアが米国務省職員を含む多数のiPhoneユーザーに使われていた事実が波紋を呼んでいたが、こうしたスパイウェアの実力が想像以上に高いことがグーグルの分析結果から明らかになった。開発元のNSO Groupは、国家の支援を受けたハッカーにしかできないとされてきた高いレヴェルの技術革新と洗練度を達成しているというのだ。
…
Ad exchange OpenX slapped with FTC fine for collecting location data on children
OpenX, an advertising tech company, will pay $2 million to the U.S. Federal Trade Commission to settle allegations that the company violated federal children’s privacy law. In a complaint filed in the U.S. District Court for the Central District of California, the FTC alleges that OpenX violated the Children’s Online Privacy Protection Act (COPPA) by […]
Cequence adds $60M Series C to improve API security
When we last checked in with Cequence Security in February 2019, the company had just closed a $17 million Series B and was concentrating on security to protect business logic. While it still does that, it has shifted focus to API security, and today it announced a $60 million Series C. Menlo Ventures led the latest […]
Apple quietly pulls references to its CSAM detection tech after privacy fears
Apple has quietly removed all references to its child sexual abuse scanning feature from its website, months after announcing that the new technology would be baked into iOS 15 and macOS Monterey. Back in August, Apple announced that it would introduce the feature to allow the company to detect and report known child sexual abuse […]
Noname Security hits $1B valuation after $135M Series C raise
API security is all the rage these days, pushed into the limelight following a spate of high profile security incidents that saw reams of user data exposed or exfiltrated. Peloton spilled users’ private account information; Experian exposed the financial histories of millions of Americans; and Facebook, LinkedIn, and Clubhouse all had user data scraped en […]
Cylus raises $30M Series B to help protect trains and metros worldwide
As rail systems undergo a digital revolution and become far more connected and advanced, railway operators face a rapidly growing threat landscape. To combat this, railway companies demand more robust cyber solutions and lawmakers across the globe call for more effective cybersecurity regulations. Cylus, a Tel Aviv-based rail cybersecurity startup, built a cybersecurity solution, CylusOne, […]
Security/2021/12/15/esaにおけるLog4jの脆弱性への対応について: CVE-2021-44228
元の記事を更新すると、同じURLのまま外部公開ページも追随して更新されます(反映には数分かかることがあります)。 公開を停止すると、再度公開を開始した時に新しいURLが生成されます。 > 脆弱性の概要脆弱性の概要 更新:Apache Log4j の脆弱性対策について(CVE-2021-44228):IPA 独立行政法人 情報処理推進機構 Apa…
CVE – CVE-2021-45046
• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context M…