ポッドキャスト収録用のメモですよ。
podcast - #セキュリティのアレ - ゆるーいセキュリティのポッドキャストですよ。
事件、事故
1月1日に令和6年能登半島地震が発生
(参考) 令和6年能登半島地震の偽情報関連の報道についてまとめてみた - piyolog
スペインの通信会社 Orange España の RIPE NCC アカウントが不正アクセスされ、BGP の不正な設定により通信障害が発生
(1/3) Hacker hijacks Orange Spain RIPE account to cause BGP havoc
Orange Spain suffered an internet outage today after a hacker breached the company's RIPE account to misconfigure BGP routing and an RPKI configuration.
(1/3) Infostealer infection of an Orange employee results in BGP disruptions | InfoStealers
The Orange employee had their computer infected by a Raccoon type Infostealer on September 4th 2023, and among the corporate credentials identified on the machine, the employee had specific credentials to “https://access.ripe.net” using the email address which was revealed by the threat actor (adminripe-ipnt@orange.es).
It is also worth noting that the password that was used on Orange’s RIPE administrator account was “ripeadmin” which is ridiculously weak.
(1/3) RIPE NCC Access: Security Breach Investigation — RIPE Network Coordination Centre
We are currently investigating the compromise of a RIPE NCC Access account, which resulted in some services of the account holder being temporarily impacted.
(1/4) Digging into the Orange España Hack | Kentik Blog
Orange España, Spain’s second largest mobile operator, suffered a major outage on January 3, 2024. The outage was unprecedented due to the use of RPKI, a mechanism designed to protect internet routing security, as a tool for denial of service. In this post, we dig into the outage and the unique manipulation of RPKI.
NOTA: La cuenta de Orange en el centro de coordinación de redes IP (RIPE) ha sufrido un acceso indebido que ha afectando a la navegación de algunos de nuestros clientes. El servicio está prácticamente restablecido
— Orange España (@orange_es) January 3, 2024
Mandiant の X アカウントが乗っ取り被害
(1/3) Mandiant’s account on X hacked to push cryptocurrency scam
The Twitter account of American cybersecurity firm and Google subsidiary Mandiant was hijacked earlier today to impersonate the Phantom crypto wallet and share a cryptocurrency scam.
(1/4) Mandiant, the security firm Google bought for $5.4 billion, gets its X account hacked | Ars Technica
Google-owned security firm Mandiant spent several hours trying to regain control of its account on X (formerly known as Twitter) on Wednesday after an unknown scammer hijacked it and used it to spread a link that attempted to steal cryptocurrency from people who clicked on it.
As you likely noticed, yesterday, Mandiant lost control of this X account which had 2FA enabled. Currently, there are no indications of malicious activity beyond the impacted X account, which is back under our control. We'll share our investigation findings once concluded.
— Mandiant (@Mandiant) January 4, 2024
全国の複数の自治体に爆破予告のファックスが届く
(1/4) <独自>「公共施設を爆破する」 全国の複数自治体に爆破予告 能登半島地震で震度5強の糸魚川市も - 産経ニュース
米司法省が 2019年に摘発した xDedic Marketplace に関与したとされる容疑者 19人を訴追
浜松市中央区役所でシステムのバッチ処理不具合により、証明書発行が一時停止
(1/4) 浜松市でシステムダウン、住民票など一時発行できず データベース検索で負荷か、現在は復旧|静岡新聞アットエス
(1/4) システム障害で一時証明書が発行できず ヒューマンエラーか…1日スタートの行政区再編とは無関係 浜松市中央区役所 - LOOK 静岡朝日テレビ
(1/5) 浜松市中央区役所で一時戸籍証明書など発行できず、原因はバッチ処理の不具合 | 日経クロステック(xTECH)
攻撃、脅威
奇安信の Xlab が Mirai 亜種 Mirai.TBOT の活動状況について報告
(1/3) Mirai.TBOT Uncovered: Over 100 Groups and 30,000+ Infected Hosts in a big IoT Botnet
(コメント) 2023年11月に Akamai が報告した InfectedSlurs と同じボットネット
脆弱性
CISA が Known Exploited Vulnerabilities (KEV) カタログに 2 個の脆弱性を追加
(1/2) CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA
- CVE-2023-7024 Google Chromium WebRTC Heap Buffer Overflow Vulnerability
- CVE-2023-7101 Spreadsheet::ParseExcel Remote Code Execution Vulnerability
