今週の気になるセキュリティニュース - Issue #120

Revue アレかね

ポッドキャスト収録用のメモですよ。

podcast - #セキュリティのアレ - ゆるーいセキュリティのポッドキャストですよ。


事件、事故

アイルランドのデータ保護委員会が Meta に対して GDPR 違反による 12億ユーロの罰金を科すと発表。Meta は控訴する方針。

(5/22) Data Protection Commission announces conclusion of inquiry into Meta Ireland | 22/05/2023 | Data Protection Commission

(5/22) 1.2 billion euro fine for Facebook as a result of EDPB binding decision | European Data Protection Board

(5/22) Our Response to the Decision on Facebook’s EU-US Data Transfers | Meta


富士通は「Fujitsu MICJET コンビニ交付」システムを停止し一斉点検を実施

(5/23) 「Fujitsu MICJET コンビニ交付」システムの停止を伴う一斉点検について : 富士通


財務省北朝鮮を支援するサイバー活動に関与する 4団体と 1個人を制裁対象に指定

(5/23) Treasury Targets DPRK Malicious Cyber and Illicit IT Worker Activities | U.S. Department of the Treasury

Today, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned four entities and one individual involved in obfuscated revenue generation and malicious cyber activities that support the Democratic People’s Republic of Korea (DPRK) Government. The DPRK conducts malicious cyber activities and deploys information technology (IT) workers who fraudulently obtain employment to generate revenue, including in virtual currency, to support the Kim regime and its priorities, such as its unlawful weapons of mass destruction and ballistic missile programs.

(5/23) Taking Joint Action with the Republic of Korea to Combat the Democratic People’s Republic of Korea’s Illicit Revenue Generation - United States Department of State


マイナンバーカードに関連して、他人の情報の誤登録などのトラブル

(5/23) 公金受取口座の登録支援に関するマニュアルの順守徹底及び登録された預貯金口座の総点検について|デジタル庁

自治体においてマイナポイント事業の手続支援の一環として、公金受取口座の登録についてもご協力いただいていますが、この支援窓口における公金受取口座の登録において、人為的なミスにより、他人のアカウントに自身の預貯金口座を登録してしまう事例(※)が複数発生しました。

(5/26) 総務省|マイナポイントの誤紐付け事案について

マイナポイントについて、申込者本人のマイナンバーカードに別人の決済サービスが紐付き、本人が将来受け取るべきポイントが別人に付与される事案が発生しております。


攻撃、脅威

CISA、FBI、NSA、MS-ISAC が #StopRansomware ガイドを更新

(5/23) CISA and Partners Update the #StopRansomware Guide, Developed through the Joint Ransomware Task Force (JRTF) | CISA

Today, CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) published an updated version of the #StopRansomware Guide, as ransomware actors have accelerated their tactics and techniques since its initial release in 2020. The update incorporates lessons learned from the past two years and includes additional recommended actions, resources, and tools to maximize its relevancy and effectiveness and to further help reduce the prevalence and impacts of ransomware.


CISANSA、FBI と Five Eyes が共同で、中国政府と関連のある攻撃者グループ Volt Typhoon の活動に関する注意喚起

(5/24) People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection | CISA

The United States and international cybersecurity authorities are issuing this joint Cybersecurity Advisory (CSA) to highlight a recently discovered cluster of activity of interest associated with a People’s Republic of China (PRC) state-sponsored cyber actor, also known as Volt Typhoon. Private sector partners have identified that this activity affects networks across U.S. critical infrastructure sectors, and the authoring agencies believe the actor could apply the same techniques against these and other sectors worldwide.

(5/24) Volt Typhoon targets US critical infrastructure with living-off-the-land techniques | Microsoft Security Blog

Microsoft has uncovered stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery aimed at critical infrastructure organizations in the United States. The attack is carried out by Volt Typhoon, a state-sponsored actor based in China that typically focuses on espionage and information gathering. Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises.

(5/24) Chinese Cyberespionage Group BRONZE SILHOUETTE Targets U.S. Government and Defense Organizations | Secureworks

On May 24, 2023, the U.S. National Security Agency (NSA) issued a joint cybersecurity advisory highlighting a cluster of activity it attributes to a People's Republic of China (PRC) state-sponsored threat group. Secureworks® Counter Threat Unit™ (CTU) researchers attribute this activity to BRONZE SILHOUETTE (referred to in the advisory as Volt Typhoon) and have observed the threat group conducting network intrusion operations against U.S government and defense organizations since 2021. The tactics, techniques, and procedures (TTPs) and victimology observed during Secureworks incident response (IR) engagements suggest BRONZE SILHOUTTE targets organizations for intelligence-gathering purposes that are in alignment with the requirements of the PRC. The threat group has demonstrated careful consideration for operational security such as the use of preinstalled binaries to “live off the land,” incorporation of defense evasion techniques, and reliance on compromised infrastructure to prevent detection and attribution of its intrusion activity, and to blend in with legitimate network activity.


公安調査庁が「サイバー空間における脅威の概況2023」を公開

(5/25) サイバー空間における脅威の概況2023


脆弱性

先月修正された Zyxel 製品の脆弱性 CVE-2023-28771 の PoC が公開され、攻撃活動も観測される

(5/19) CVE-2023-28771 | AttackerKB


CISA が Known Exploited Vulnerabilities (KEV) カタログに 3+1 個の脆弱性を追加

(5/22) CISA Adds Three Known Exploited Vulnerabilities to Catalog | CISA

(5/26) CISA Adds One Known Exploited Vulnerability to Catalog | CISA


Barracuda Networks の Email Security Gateway (ESG) アプライアンス脆弱性

(5/23) Barracuda Email Security Gateway Appliance (ESG) Vulnerability

(5/23) Barracuda Networks Status - Barracuda identified a vulnerability (CVE-2023-2868) in our Email Security Gateway appliance (ESG) on May 19, 2023.


その他