ポッドキャスト収録用のメモですよ。
podcast - #セキュリティのアレ - ゆるーいセキュリティのポッドキャストですよ。
- 事件、事故
- 攻撃、脅威
- PRODAFT が RIG Exploit Kit の活動について報告
- Bitdefender が MortalKombat ランサムウェアの復号ツールを公開
- Microsoft が様々な Active Directory 侵害事例について報告
- デジタルアーツが 2022年下半期のフィッシングサイトドメイン集計結果を公開
- CrowdStrike が 2023 Global Threat Report を公開
- ESET が UEFI セキュアブートをバイパスする UEFI bootkit の分析記事を公開
- ESET が攻撃者グループ Mustang Panda の新たなバックドアの分析記事を公開
- CISA が Royal Ransomware に関する注意喚起
- 脆弱性
- その他
事件、事故
Chrome 拡張機能の Get cookies.txt が外部に情報を送信しているとして注意喚起
(1/12) If you've been using the "Get cookies.txt" Chrome extension, it's tracking you now.
(2/28) Googleの「おすすめ」バッジ付きChrome拡張がマルウェアに、ユーザー情報が外へダダ漏れ - 窓の杜
⚠️⚠️【注意喚起】⚠️⚠️
— Torishima (@izutorishima) February 28, 2023
今 Chrome に Get cookies.txt という拡張機能を入れている方、”””今すぐ”””アンインストールしてください!!
ページ遷移すると Cookie からアクセスした URL から何からすべて外部サーバーに送られる凶悪スパイウェアになってます 怖過ぎる…😇😱 🔽https://t.co/BjqyruuU3u pic.twitter.com/rVZJpGKwhc
LastPass から情報漏洩事件に関する続報
(3/1) Security Incident Update and Recommended Actions - The LastPass Blog
Incident 2 Summary: The threat actor targeted a senior DevOps engineer by exploiting vulnerable third-party software. The threat actor leveraged the vulnerability to deliver malware, bypass existing controls, and ultimately gain unauthorized access to cloud backups. The data accessed from those backups included system configuration data, API secrets, third-party integration secrets, and encrypted and unencrypted LastPass customer data.
(3/2) LastPass says employee’s home computer was hacked and corporate vault taken | Ars Technica
Microsoft の Exchange Online サービスで障害
(3/1) Microsoft Exchange Online outage blocks access to mailboxes worldwide
We're investigating an issue wherein users may be unable to access their Exchange Online mailboxes via any connection method. Additional details can be found within the Service Health Dashboard under EX522020.
— Microsoft 365 Status (@MSFT365Status) March 1, 2023
攻撃、脅威
PRODAFT が RIG Exploit Kit の活動について報告
(2/27) [RIG] RIG Exploit Kit: In-Depth Analysis - PRODAFT
Bitdefender が MortalKombat ランサムウェアの復号ツールを公開
(2/28) Bitdefender Releases Decryptor for MortalKombat Ransomware
Microsoft が様々な Active Directory 侵害事例について報告
(2/28) Total Identity Compromise: DART lessons on securing Active Directory - Microsoft Community Hub
デジタルアーツが 2022年下半期のフィッシングサイトドメイン集計結果を公開
(2/28) 2022年下半期フィッシングサイト ドメイン集計 | Digital Arts Security Reports|デジタルアーツ株式会社
CrowdStrike が 2023 Global Threat Report を公開
(2/28) A Sneak Peek of CrowdStrike's 2023 Global Threat Report
ESET が UEFI セキュアブートをバイパスする UEFI bootkit の分析記事を公開
(3/1) BlackLotus UEFI bootkit: Myth confirmed | WeLiveSecurity
The number of UEFI vulnerabilities discovered in recent years and the failures in patching them or revoking vulnerable binaries within a reasonable time window hasn’t gone unnoticed by threat actors. As a result, the first publicly known UEFI bootkit bypassing the essential platform security feature – UEFI Secure Boot – is now a reality. In this blogpost we present the first public analysis of this UEFI bootkit, which is capable of running on even fully-up-to-date Windows 11 systems with UEFI Secure Boot enabled. Functionality of the bootkit and its individual features leads us to believe that we are dealing with a bootkit known as BlackLotus, the UEFI bootkit being sold on hacking forums for $5,000 since at least October 2022.
ESET が攻撃者グループ Mustang Panda の新たなバックドアの分析記事を公開
(3/2) MQsTTang: Mustang Panda’s latest backdoor treads new ground with Qt and MQTT | WeLiveSecurity
CISA が Royal Ransomware に関する注意喚起
(3/2) #StopRansomware: Royal Ransomware | CISA
脆弱性
CISA が Known Exploited Vulnerabilities (KEV) カタログに 1 個の脆弱性を追加
(2/27) CISA Adds One Known Exploited Vulnerability to Catalog | CISA
その他
GitHub のすべての公開リポジトリで secret scanning 機能が利用可能に
(2/28) Secret scanning alerts are now available (and free) for all public repositories | The GitHub Blog
As of today, GitHub secret scanning’s alert experience is generally available and free for all public repositories. You can enable secret scanning alerts across all the repositories you own to notify you of leaked secrets across your full repository history including code, issues, description, and comments.
CISA が MITRE ATT&CK のマッピング支援ツールを公開
(3/1) Helping Cyber Defenders “Decide” to Use MITRE ATT&CK | CISA
Deciding which technique to map got you down? Today @CISAgov released an open-source tool to guide you through mapping to ATT&CK. We were happy to provide help and advice in coordination with @MITREcorp's #HSSEDI.
— ATT&CK (@MITREattack) March 1, 2023
📰 https://t.co/NiD6ZJtrQG
🔧https://t.co/QFRq4oq71M
米バイデン政権がサイバーセキュリティに関する新たな国家戦略を発表
(3/2) FACT SHEET: Biden-Harris Administration Announces National Cybersecurity Strategy | The White House