May 12, 2016

メモ、US-CERTのアラート

Alert (TA15-337A)
 Dorkbot
 Original release date: December 03, 2015

 https://www.us-cert.gov/ncas/alerts/TA15-337A

Alert (TA16-091A)
 Ransomware and Recent Variants
 Original release date: March 31, 2016 | Last revised: May 06, 2016

 https://www.us-cert.gov/ncas/alerts/TA16-091A

Alert (TA16-105A)
 Apple Ends Support for QuickTime for Windows; New Vulnerabilities Announced
 Original release date: April 14, 2016

 https://www.us-cert.gov/ncas/alerts/TA16-105A

 > The only mitigation available is to uninstall QuickTime for Windows.
 ←はて、抜いたはずだが、チェックするか

・で、アンインストールするには
 Uninstall QuickTime 7 for Windows
 https://support.apple.com/en-us/HT205771

Alert (TA16-132A)
 Exploitation of SAP Business Applications
 Original release date: May 11, 2016

 https://www.us-cert.gov/ncas/alerts/TA16-132A

---> 2016/05/17追記
 JVNTA#91951276
 SAP 製品に対する攻撃 (2016/05/12)
 http://jvn.jp/ta/JVNTA91951276/index.html

 > SAP 社の SAP Security Note 1445998 の適用と Invoker Servlet の無効化を推奨

---> 2016/05/19追記
[ERPSCAN-16-008] SAP NetWeaver 7.4 (ProxyServer servlet)  XSS vulnerability (2016/02/10)
 https://erpscan.com/advisories/erpscan-16-008-sap-netweaver-7-4-proxyserver-servlet-xss-vulnerability/

 https://erpscan.com/
は見やすい感じ。時々見ておくと良さそう

投稿者 時刻:
ラベル:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)