ポッドキャスト収録用のメモですよ。
podcast - #セキュリティのアレ - ゆるーいセキュリティのポッドキャストですよ。
事件、事故
NTT東日本と NTT西日本の通信サービスで大規模な障害
(4/3) 【復旧】東日本エリアで通信サービスがご利用できない、またはご利用しづらい状況(4月3日午前11時15分時点) | お知らせ・報道発表 | 企業情報 | NTT東日本
(4/3) 【情報追記_復旧】通信サービスがご利用できない、またはご利用しづらい状況について(4月3 日午後 4 時 30 分時点)
(4/3) NTT東西の「フレッツ光」大規模障害、原因は特定のサーバから届いた“特殊なパケット”だった(1/2 ページ) - ITmedia NEWS
Microsoft、Forta、Health-ISAC がクラック版の Cobalt Strike を利用するインフラをテイクダウン
(4/6) Stopping cybercriminals from abusing security tools - Microsoft On the Issues
Microsoft’s Digital Crimes Unit (DCU), cybersecurity software company Fortra™ and Health Information Sharing and Analysis Center (Health-ISAC) are taking technical and legal action to disrupt cracked, legacy copies of Cobalt Strike and abused Microsoft software, which have been used by cybercriminals to distribute malware, including ransomware. This is a change in the way DCU has worked in the past – the scope is greater, and the operation is more complex. Instead of disrupting the command and control of a malware family, this time, we are working with Fortra to remove illegal, legacy copies of Cobalt Strike so they can no longer be used by cybercriminals.
全日本空輸の国内線旅客システムで障害
(4/7) 4月3日に発生した国内線システム不具合の原因及び再発防止策について
国内線旅客システムのデータベースにおける、ソフトウェア不具合であることが判明しました。具体的には、予約管理業務のために、特定のデータを抽出する日常の処理において、ソフトウェアのバグを起因とするエラーが発生し、データベースサーバー2台が一時的に高負荷状態となりました。その結果、データ処理が滞り、サーバー2台が同時停止しました。
(4/4) ANAシステム障害の発端はDB両系ダウン、原因特定へ「書き込み処理を絞り込み中」 | 日経クロステック(xTECH)
米司法省が投資詐欺などの被害による暗号資産 $112M 以上を差し押え
米司法省など欧米の法執行機関の協力により、Genesis Market を摘発
(4/5) Criminal Marketplace Disrupted in International Cyber Operation | OPA | Department of Justice
Genesis Market users were located all over the world. Federal law enforcement has worked to identify prolific users of Genesis Market who purchased and used stolen access credentials to commit fraud and other cybercrimes. This effort resulted in hundreds of leads being sent to FBI field offices throughout the United States, as well as to foreign law enforcement partners. Further, as part of this operation, dubbed Operation Cookie Monster, law enforcement seized 11 domain names used to support Genesis Market’s infrastructure pursuant to a warrant authorized by the U.S. District Court for the Eastern District of Wisconsin.
(4/5) Takedown of notorious hacker marketplace selling your identity to criminals | Europol
An unprecedented law enforcement operation involving 17 countries has resulted in the takedown of Genesis Market, one of the most dangerous marketplaces selling stolen account credentials to hackers worldwide. As a result of an action day on 4 April, this illegal service was shut down and its infrastructure seized. Simultaneous actions were also carried out across the globe against the users of this platform, resulting in 119 arrests, 208 property searches and 97 knock and talk measures.
A quick summary first before the details: This week, the FBI in cooperation with international law enforcement partners took down a notorious marketplace trading in stolen identity data in an effort they've named "Operation Cookie Monster". They've provided millions of impacted email addresses and passwords to Have I Been Pwned (HIBP) so that victims of the incident can discover if they have been exposed.
(4/4) Genesis Market, one of world’s largest platforms for cyber fraud, seized by police
(4/5) Police arrest almost 120 people globally following Genesis Market takedown
(4/5) FBI accessed Genesis Market's backend servers as part of takedown
攻撃、脅威
Mandiant が ALPHV ランサムウェアの活動について報告
(4/3) ALPHV Ransomware Affiliate Targets Vulnerable Backup Installations to Gain Initial Access | Mandiant
Mandiant has observed a new ALPHV (aka BlackCat ransomware) ransomware affiliate, tracked as UNC4466, target publicly exposed Veritas Backup Exec installations, vulnerable to CVE-2021-27876, CVE-2021-27877 and CVE-2021-27878, for initial access to victim environments. A commercial Internet scanning service identified over 8,500 installations of Veritas Backup Exec instances that are currently exposed to the internet, some of which may still be unpatched and vulnerable. Previous ALPHV intrusions investigated by Mandiant primarily originated from stolen credentials suggesting a shift to opportunistic targeting of known vulnerabilities. This blog post covers the UNC4466 attack lifecycle, indicators, and detection opportunities.
Check Point が RORSCHACH ランサムウェアの活動について報告
(4/4) Rorschach – A New Sophisticated and Fast Ransomware - Check Point Research
Google が北朝鮮の攻撃者グループ ARCHIPELAGO の活動について報告
(4/5) How Google is protecting users from North Korean hackers
As part of Threat Analysis Group (TAG)’s mission to counter serious threats to Google and our users, TAG has been tracking government-backed hacking activity tied to North Korea for over a decade. Today, as a follow up to Mandiant’s report on APT43, we are sharing TAG's observations on this actor and what Google is doing to protect users from this group and other government-backed attackers. Because TAG’s visibility into this actor is distinct from Mandiant’s, TAG uses the name ARCHIPELAGO to track a subset of APT43 activity.
Microsoft がイランの攻撃者グループ MERCURY の活動について報告
(4/7) MERCURY and DEV-1084: Destructive attack on hybrid environment - Microsoft Security Blog
Microsoft Threat Intelligence has detected destructive operations enabled by MERCURY, a nation-state actor linked to the Iranian government, that attacked both on-premises and cloud environments. While the threat actors attempted to masquerade the activity as a standard ransomware campaign, the unrecoverable actions show destruction and disruption were the ultimate goals of the operation.
脆弱性
CISA が Known Exploited Vulnerabilities (KEV) カタログに 1+5 個の脆弱性を追加
(4/3) CISA Adds One Known Exploited Vulnerability to Catalog | CISA
- CVE-2022-27926 Zimbra Collaboration (ZCS) Cross-Site Scripting (XSS) Vulnerability
(4/7) CISA Adds Five Known Exploited Vulnerabilities to Catalog | CISA
- CVE-2021-27876 Veritas Backup Exec Agent File Access Vulnerability
- CVE-2021-27877 Veritas Backup Exec Agent Improper Authentication Vulnerability
- CVE-2021-27878 Veritas Backup Exec Agent Command Execution Vulnerability
- CVE-2019-1388 Microsoft Windows Certificate Dialog Privilege Escalation Vulnerability
- CVE-2023-26083 Arm Mali GPU Kernel Driver Information Disclosure Vulnerability
Apple が macOS Ventura 13.3.1, iOS 16.4.1 / iPadOS 16.4.1, Safari 16.4.1 をリリース。すでに悪用が確認されている脆弱性の修正を含む。
(4/7) Apple security updates - Apple Support
その他
Mullvad VPN が Tor Project と協力して Mullvad Browser をリリース
(4/3) We've Teamed Up With Mullvad VPN to Launch the Mullvad Browser | The Tor Project
In short: the Mullvad Browser is Tor Browser without the Tor Network -- a browser that allows anyone to take advantage of all the browser privacy features the Tor Project has created. If people want to connect the browser with a VPN they trust, they can easily do so.
(4/3) MULLVAD VPN AND THE TOR PROJECT TEAM UP TO RELEASE THE MULLVAD BROWSER. - Blog | Mullvad VPN
警察庁サイバー警察局が「サイバー事案の被害の潜在化防止に向けた検討会 報告書 2023」を公表
(4/5) 有識者会議|警察庁Webサイト
NTTドコモが dアカウントで「パスキー認証」の提供を開始
(4/5) dアカウント「パスキー認証」の提供開始について | dアカウント
(4/5) ドコモ、専用アプリなしのパスワードレス認証「パスキー」を開始 これまでと何が変わる?(1/2 ページ) - ITmedia Mobile
