Internet Health

Home » Knowledge Center » Internet Health

CTX477714 NewCitrix ADC and Citrix Gateway Security Bulletin for CVE-2023-24487, CVE-2023-24488Applicable Products :  Citrix ADCCitrix Gateway

CTX477618 NewCitrix Workspace app for Linux Security Bulletin for CVE-2023-24486Applicable Products :  Citrix Workspace App

CTX477616 NewCitrix Virtual Apps and Desktops Security Bulletin for CVE-2023-24483Applicable Products :  Citrix Virtual Apps and Desktops

CTX477617 UpdatedCitrix Workspace app for Windows Security Bulletin for CVE-2023-24484 & CVE-2023-24485Applicable Products :  Citrix Workspace App

CTX473048 NewCitrix Hypervisor Security Bulletin for CVE-2022-3643, CVE-2022-42328 & CVE-2022-42329Applicable Products :  Citrix Hypervisor

CTX474995 NewCitrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27518Applicable Products :  Citrix ADCCitrix Gateway

CTX463706 NewCitrix Gateway and Citrix ADC Security Bulletin for CVE-2022-27510 CVE-2022-27513 and CVE-2022-27516Applicable Products :  Citrix ADCCitrix Gateway

CTX472851 NewCitrix Hypervisor Security Bulletin for CVE-2022-42316, CVE-2022-42317 & CVE-2022-42318Applicable Products :  Citrix Hypervisor

CTX465146 NewCitrix Hypervisor Security Bulletin for CVE-2022-33748 & CVE-2022-33749Applicable Products :  Citrix Hypervisor

CTX463901 NewCitrix Hypervisor Security Bulletin for CVE-2020-35498Applicable Products :  Citrix Hypervisor

Although the SSL/TLS suite of protocols has been instrumental in making secure communication over computer networks into the (relatively) straightforward affair it is today, the beginnings of these protocols were far from ideal.

Apache NiFi describes itself as “an easy-to-use, powerful, and reliable system to process and distribute data.” [1] In simple terms, NiFi implements a web-based interface to define how data is moved from a source to a destination. Users may define various “processors” to manipulate data along the way. This is often needed when processing business […]

Introduction

I was asked how to analyze Office Documents that are embedded inside PPT files. PPT is the "standard" binary format for PowerPoint, it's an olefile. You can analyze it with oledump.py:

Wireshark version 4.0.6 was released with 9 vulnerabilities and 15 bugs fixed.

I read recently that disregarding cyber risks is a way of inviting trouble and unnecessary attention to any organization. Cyber threats is nothing new, everyone is a target taking many forms whether it is by some form of scanning or targeted phishing. For example, Sophos describes the naughty nine which are all some form of […]

Available today on all major podcast platforms is The BlueHat Podcast, a new series of security research focused conversations, continuing the themes from the BlueHat 2023 conference (session recordings available to watch here). Since 2005, BlueHat has been where the security research community, and Microsoft, come together as peers: to debate, discuss, share, challenge, celebrate […]

本ブログは、Guidance related to Secure Boot Manager changes associated with CVE-2023-24932 の抄訳版です。最新の情報は原文を参照してください。 概要

Summary Summary Today, Microsoft is releasing CVE-2023-24932, and associated configuration guidance, to address a Secure Boot bypass vulnerability used by the BlackLotus bootkit to exploit CVE-2022-21894. Customers will need to closely follow the configuration guidance to fully protect against this vulnerability. This vulnerability allows an attacker to execute self-signed code at the Unified Extensible Firmware […]

2023 年 5 月 9 日 (米国時間)、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ

本ブログは、Microsoft Vulnerability Severity Classification for Online Services Publication の抄訳版です。最新の情報は原文を参照してください。 マイク

The Microsoft Security Response Center (MSRC) is always looking for ways to provide clarity and transparency around how we assess the impact of vulnerabilities reported in our products and services. We have published a new Microsoft Vulnerability Severity Classification for Online Services to provide additional information about our approach to online services and web applications.

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2023 Q1 Security Researcher Leaderboard are: Kai Lu (@K3vinLuSec), Yuki Chen, and wh1tc & Edwardzpeng! Check out the full list of […]

Summary Summary Azure provides developers and security operations staff a wide array of configurable security options to meet organizational needs. Throughout the software development lifecycle, it is important for customers to understand the shared responsibility model, as well as be familiar with various security best practices. This is particularly important in deploying Azure Functions and […]

本ブログは、Best practices regarding Azure Storage Keys, Azure Functions, and Azure Role Based Access の抄訳版です。最新の情報は原文を参照してください。 概要 概

2023 年 4 月 11 日 (米国時間) 、マイクロソフトは、マイクロソフト製品に影響する脆弱性を修正するために、セキ

CISA, NSA, and the FBI along with the ACSC, CCCS, and the NCSC-UK are publishing a Joint Cybersecurity Advisory today that shares technical details regarding malicious activity by a People’s Republic of China (PRC) state-sponsored cyber actor.

CISA, FBI, NSA, MS-ISAC today published the #StopRansomware Guide—an updated version of the 2020 guide containing additional recommended actions, resources, and tools.

The Cybersecurity and Infrastructure Security Agency (CISA) and Office of the National Cyber Director (ONCD) awarded the winners of the fourth annual President’s Cup Cybersecurity Competition in a private ceremony at the White House on Monday, May 15.   

The CISA-USSS K-12 Bystander Reporting Toolkit provides strategies K-12 schools and districts can use to implement and enhance safety reporting programs and encourage bystander reporting among students and other members of the school community.

Local officials, federal agencies, and military engineers went the whole nine yards in partnering with the National Football League (NFL) to enhance security for the 88th annual draft.

In line with the theme for this year’s RSA Conference, Stronger Together, Eric Goldstein and Army Maj. Gen. William J. Hartman delivered a presentation on the importance of partnership in defending America’s critical infrastructure while holding malicious cyber actors accountable

CISA announces plans to develop and establish Logging Made Easy (LME) tool, a service originally developed and maintained by the United Kingdom’s National Cyber Security Centre (NCSC-UK) until March 31, 2023.

CISA announced today that Kiersten Todt will be departing from her role as CISA Chief of Staff to return to the private sector, while continuing to work with Director Easterly and the agency in a senior advisory capacity.

Press Release on joint product that outlines clear steps technology providers can take to increase the safety of products used around the world.