ポッドキャスト収録用のメモですよ。
podcast - #セキュリティのアレ - ゆるーいセキュリティのポッドキャストですよ。
事件、事故
Poly Network が不正アクセスを受け、大量のトークンを不正に発行される。この影響でサービスを一時停止。
(7/2) Poly Network Attacker Issues 'Worthless' Billions in SHIB, BNB, BUSD in Latest Crypto Hack
An estimated $4 billion worth of malicious token issuances on PolyNetwork will not bear much money for attackers due to low liquidity and security precautions.
(7/3) Poly Network Incident Analysis - Blog - Web3 Security Leaderboard
On 1 July 2023, Poly Network was exploited by an attacker that was able to issue themselves $42 billion worth of assets across multiple chains. Despite the enormous amount of assets issued, a lack of liquidity and token freezes prevented the attacker from collecting more than ~$10 million across five externally owned addresses. The attack on Poly Network is the first cross-chain bridge attack in 2023, and the second targeting Poly Network. Bridge attacks in 2022 accounted for 35% of the $3.7 billion total lost that year. While on paper this incident appears to represent the largest crypto exploit of all time, the realized profit is in fact much lower.
Dear users, we would like to inform you that Poly Network is temporarily suspending its services due to a recent attack. We are actively engaging with relevant parties and diligently assessing the extent of the affected assets. 【1/3】
— Poly Network (@PolyNetwork2) July 2, 2023
Dear users,
— Poly Network (@PolyNetwork2) July 2, 2023
As we continue to address this situation, we regret to inform you that our services will remain temporarily suspended.
【1/7】
名古屋港統一ターミナルシステムでランサムウェア感染による障害
(7/5) 名古屋港統一ターミナルシステムのシステム障害について
(7/7) (お知らせ)名古屋港統一ターミナルシステムのシステム障害について
(参考) ランサムウエアによる名古屋港のシステム障害についてまとめてみた - piyolog
INTERPOL などの共同作戦により、OPERA1ER グループのメンバーを逮捕
(7/5) Suspected key figure of notorious cybercrime group arrested in joint operation
ABIDJAN, Côte d’Ivoire – Over the last four years, a highly-organized criminal organization has targeted financial institutions and mobile banking services with malware, phishing campaigns and large-scale Business Email Compromise (BEC) scams.
Known as OPERA1ER, with aliases such as NX$M$, DESKTOP Group and Common Raven, the group is believed to have stolen an estimated USD 11 million - potentially as much as 30 million - in more than 30 attacks across 15 countries in Africa, Asia and Latin America.
A detailed overview of OPERA1ER’s methods was published by Group-IB and Orange S.A. in November 2022. Following extensive cooperation, INTERPOL, AFRIPOL, Group-IB and Côte d’Ivoire’s Direction de l'Information et des Traces Technologiques (DITT) are announcing the arrest of a suspected senior member of the group, dealing a significant blow to their criminal activities.
Group-IB, a global cybersecurity leader headquartered in Singapore, has assisted in the INTERPOL-led Operation Nervone, aimed at successfully disrupting the operations of a cybercriminal syndicate dubbed OPERA1ER by Group-IB (also known as NXSMS, DESKTOP-Group, and Common Raven as named by SWIFT ISAC) in French-speaking Africa. This initiative took place under the guises of the African Joint Operation against Cybercrime (AFJOC) and the INTERPOL Support Programme for the African Union (ISPA), in conjunction with AFRIPOL, the Direction de L’information et des Traces Technologiques (DITT), Group-IB and the Orange CERT Coordination Center (Orange-CERT-CC). Group-IB’s Threat Intelligence and High-Tech Crime Investigations units, which have tracked OPERA1ER since 2019, provided timely intelligence that uncovered the identity and potential location of a key member of the cybercriminal group, who was subsequently detained in Abidjan, Côte d’Ivoire.
攻撃、脅威
CISA、FBI、MS-ISAC などが共同で Truebot マルウェアに関するアドバイザリを公開
(7/6) Increased Truebot Activity Infects U.S. and Canada Based Networks | CISA
The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Canadian Centre for Cyber Security (CCCS) are releasing this joint Cybersecurity Advisory (CSA) in response to cyber threat actors leveraging newly identified Truebot malware variants against organizations in the United States and Canada. As recently as May 31, 2023, the authoring organizations have observed an increase in cyber threat actors using new malware variants of Truebot (also known as Silence.Downloader). Truebot is a botnet that has been used by malicious cyber groups like CL0P Ransomware Gang to collect and exfiltrate information from its target victims.
ESET が Emotet マルウェアの活動状況を報告
(7/6) What’s up with Emotet? | WeLiveSecurity
脆弱性
Android が 2023年 7月のセキュリティ情報を公開。3件の脆弱性についてはすでに悪用されている可能性あり。
(7/5) Android Security Bulletin—July 2023 | Android Open Source Project
Note: There are indications that the following may be under limited, targeted exploitation.
- CVE-2023-26083
- CVE-2021-29256
- CVE-2023-2136
CISA が Known Exploited Vulnerabilities (KEV) カタログに 1 個の脆弱性を追加
(7/7) CISA Adds One Known Vulnerability to Catalog | CISA
- CVE-2021-29256 Arm Mali GPU Kernel Driver Use-After-Free Vulnerability
MOVEit Transfer に複数の脆弱性
(7/6) MOVEit Transfer 2020.1 (12.1) Service Pack (July 2023) - Progress Community
