今週の気になるセキュリティニュース - Issue #139


podcast - #セキュリティのアレ - ゆるーいセキュリティのポッドキャストですよ。



(10/4) ETC利用照会サービスサイトへの不正アクセス・ログインについてのお詫びとお知らせ|ニュース|ETC利用照会サービス


(10/6) 【セキュリティ ニュース】「ETC利用照会サービス」にPW攻撃、約125万件のアクセス(1ページ目 / 全2ページ):Security NEXT


European Investigative Collaborations (EIC) が Predator スパイウェアに関する調査プロジェクト "Predator Files" を公開

(10/5) Predator Files | EIC

Predator Files reveals that European companies have been funding and selling cyber-surveillance tools to dictators for more than a decade with the passive complicity of many European governments. The preliminary peak of surveillance excesses was most recently reached by the Intellexa Alliance - an association of several European companies through which Predator software was supplied to authoritarian states. Activists, journalists and academics have been targeted, as have European and U.S. officials.

(10/5) Global: ‘Predator Files’ investigation reveals catastrophic failure to regulate surveillance trade - Amnesty International Security Lab

The ‘Predator Files’ focuses on the “Intellexa alliance” — a complex, morphing group of interconnected companies — and Predator, its highly invasive spyware. This spyware, and its rebranded variants, can access unchecked amounts of data on devices. It cannot, at present, be independently audited or limited in its functionality to only those functions that are necessary and proportionate to a specific use and target. Predator can infiltrate a device when the user simply clicks on a malicious link, but it can also be delivered through tactical attacks, which can silently infect nearby devices.

(10/6) Predator Files: Technical deep-dive into Intellexa Alliance's surveillance products - Amnesty International Security Lab

(10/9) Global: ‘Predator Files’ spyware scandal reveals brazen targeting of civil society, politicians and officials - Amnesty International Security Lab


JetBrains の TeamCity の脆弱性 (CVE-2023-42793) を悪用する複数の攻撃者グループの活動を観測

(10/2) Ransomware gangs now exploiting critical TeamCity RCE flaw

(9/27) Source Code at Risk: Critical Code Vulnerability in CI/CD Platform TeamCity | Sonar

(9/27) CVE-2023-42793 | AttackerKB

(9/28) CVE-2023-42793 Vulnerability in TeamCity: Post-Mortem | The TeamCity Blog

Microsoft が "Microsoft Digital Defense Report 2023" を公開

(10/5) Espionage fuels global cyberattacks - Microsoft On the Issues

(10/5) Microsoft Digital Defense Report 2023 (MDDR) | Microsoft Security Insider

ラックが gokcpdoor マルウェアを使用する日本を狙う攻撃キャンペーンについて報告

(10/6) マルウェア「gokcpdoor」を用いた日本組織を狙う攻撃キャンペーン | LAC WATCH



CISA が Known Exploited Vulnerabilities (KEV) カタログに 1+1+2+3 個の脆弱性を追加

(10/2) CISA Adds One Known Exploited Vulnerability to Catalog | CISA

(10/3) CISA Adds One Known Exploited Vulnerability to Catalog | CISA

(10/4) CISA Adds Two Known Exploited Vulnerabilities to Catalog, Removes Five KEVs | CISA

(10/5) CISA Adds Three Known Exploited Vulnerabilities to Catalog | CISA

  • CVE-2023-40044 Progress WS_FTP Server Deserialization of Untrusted Data Vulnerability
  • CVE-2023-42824 Apple iOS and iPadOS Kernel Privilege Escalation Vulnerability
  • CVE-2023-22515 Atlassian Confluence Data Center and Server Privilege Escalation Vulnerability

Arm の Mali GPU ドライバに脆弱性。限定的な標的型攻撃で悪用が確認されている

(10/2) Mali GPU Driver Vulnerabilities

(10/2) Arm warns of Mali GPU flaws likely exploited in targeted attacks

GoogleAndroid の複数の脆弱性を修正。すでに悪用が確認されている脆弱性を含む

(10/2) Android Security Bulletin—October 2023 | Android Open Source Project

Note: There are indications that the following may be under limited, targeted exploitation.

  • CVE-2023-4863
  • CVE-2023-4211

glibc にローカルで権限昇格可能な脆弱性

(10/3) CVE-2023-4911: Looney Tunables - Local Privilege Escalation in the glibc’s ld.so | Qualys Security Blog

(10/5) Exploits released for Linux flaw giving root on major distros

AppleiOS 17.0.3 / iPadOS 17.0.3 をリリース。すでに悪用が確認されている脆弱性の修正を含む

(10/4) Apple security releases - Apple Support

(10/4) About the security content of iOS 17.0.3 and iPadOS 17.0.3 - Apple Support

Atlassian が Confluence Data Center と Confluence Server のゼロデイ脆弱性を修正。一部の顧客で悪用が確認されている

(10/4) CVE-2023-22515 - Broken Access Control Vulnerability in Confluence Data Center and Server | Atlassian Support | Atlassian Documentation

Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.

(10/4) CVE: Zero-Day Privilege Escalation in Confluence Server & Data Center | Rapid7 Blog

(10/4) Atlassian patches critical Confluence zero-day exploited in attacks


NICTサイバーセキュリティネクサスが CYNEXアライアンスを発足

(10/2) 日本のサイバーセキュリティの結節点“CYNEXアライアンス”を発足|2023年|NICT-情報通信研究機構

国立研究開発法人情報通信研究機構NICTエヌアイシーティー、理事長: 徳田 英幸)サイバーセキュリティネクサスは、日本のサイバーセキュリティ分野における産学官の結節点となることを目指して2021年4月に設立され、各種活動の準備を進めてきました。この度、国内の産学官の組織が参画する“CYNEXアライアンス”を発足し、CYNEXの活動を本格始動しました。これにより、国内にサイバーセキュリティの産学官連携拠点を形成し、日本のサイバー攻撃対処能力とセキュリティ自給率の向上を目指します。

(コメント) 私も専門委員の一人として活動に参画してます!

NSACISA が共同で、もっともやりがちなセキュリティの設定ミスのトップ 10 を公開

(10/5) NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations | CISA

Through NSA and CISA Red and Blue team assessments, as well as through the activities of NSA and CISA Hunt and Incident Response teams, the agencies identified the following 10 most common network misconfigurations:

  1. Default configurations of software and applications
  2. Improper separation of user/administrator privilege
  3. Insufficient internal network monitoring
  4. Lack of network segmentation
  5. Poor patch management
  6. Bypass of system access controls
  7. Weak or misconfigured multifactor authentication (MFA) methods
  8. Insufficient access control lists (ACLs) on network shares and services
  9. Poor credential hygiene
  10. Unrestricted code execution