今週の気になるセキュリティニュース - Issue #108

Revue アレかね

ポッドキャスト収録用のメモですよ。

podcast - #セキュリティのアレ - ゆるーいセキュリティのポッドキャストですよ。


事件、事故

Chrome 拡張機能の Get cookies.txt が外部に情報を送信しているとして注意喚起

(1/12) If you've been using the "Get cookies.txt" Chrome extension, it's tracking you now.

(2/28) Googleの「おすすめ」バッジ付きChrome拡張がマルウェアに、ユーザー情報が外へダダ漏れ - 窓の杜


LastPass から情報漏洩事件に関する続報

(3/1) Security Incident Update and Recommended Actions - The LastPass Blog

Incident 2 Summary: The threat actor targeted a senior DevOps engineer by exploiting vulnerable third-party software. The threat actor leveraged the vulnerability to deliver malware, bypass existing controls, and ultimately gain unauthorized access to cloud backups. The data accessed from those backups included system configuration data, API secrets, third-party integration secrets, and encrypted and unencrypted LastPass customer data.

(3/2) LastPass says employee’s home computer was hacked and corporate vault taken | Ars Technica


Microsoft の Exchange Online サービスで障害

(3/1) Microsoft Exchange Online outage blocks access to mailboxes worldwide


攻撃、脅威

PRODAFT が RIG Exploit Kit の活動について報告

(2/27) [RIG] RIG Exploit Kit: In-Depth Analysis - PRODAFT


Bitdefender が MortalKombat ランサムウェアの復号ツールを公開

(2/28) Bitdefender Releases Decryptor for MortalKombat Ransomware


Microsoft が様々な Active Directory 侵害事例について報告

(2/28) Total Identity Compromise: DART lessons on securing Active Directory - Microsoft Community Hub


デジタルアーツが 2022年下半期のフィッシングサイトドメイン集計結果を公開

(2/28) 2022年下半期フィッシングサイト ドメイン集計 | Digital Arts Security Reports|デジタルアーツ株式会社


CrowdStrike が 2023 Global Threat Report を公開

(2/28) A Sneak Peek of CrowdStrike's 2023 Global Threat Report


ESET が UEFI セキュアブートをバイパスする UEFI bootkit の分析記事を公開

(3/1) BlackLotus UEFI bootkit: Myth confirmed | WeLiveSecurity

The number of UEFI vulnerabilities discovered in recent years and the failures in patching them or revoking vulnerable binaries within a reasonable time window hasn’t gone unnoticed by threat actors. As a result, the first publicly known UEFI bootkit bypassing the essential platform security feature – UEFI Secure Boot – is now a reality. In this blogpost we present the first public analysis of this UEFI bootkit, which is capable of running on even fully-up-to-date Windows 11 systems with UEFI Secure Boot enabled. Functionality of the bootkit and its individual features leads us to believe that we are dealing with a bootkit known as BlackLotus, the UEFI bootkit being sold on hacking forums for $5,000 since at least October 2022.


ESET が攻撃者グループ Mustang Panda の新たなバックドアの分析記事を公開

(3/2) MQsTTang: Mustang Panda’s latest backdoor treads new ground with Qt and MQTT | WeLiveSecurity


CISA が Royal Ransomware に関する注意喚起

(3/2) #StopRansomware: Royal Ransomware | CISA


脆弱性

CISA が Known Exploited Vulnerabilities (KEV) カタログに 1 個の脆弱性を追加

(2/27) CISA Adds One Known Exploited Vulnerability to Catalog | CISA


その他

GitHub のすべての公開リポジトリで secret scanning 機能が利用可能に

(2/28) Secret scanning alerts are now available (and free) for all public repositories | The GitHub Blog

As of today, GitHub secret scanning’s alert experience is generally available and free for all public repositories. You can enable secret scanning alerts across all the repositories you own to notify you of leaked secrets across your full repository history including code, issues, description, and comments.


CISA が MITRE ATT&CK のマッピング支援ツールを公開

(3/1) Helping Cyber Defenders “Decide” to Use MITRE ATT&CK | CISA


米バイデン政権がサイバーセキュリティに関する新たな国家戦略を発表

(3/2) FACT SHEET: Biden-Harris Administration Announces National Cybersecurity Strategy | The White House