ポッドキャスト収録用のメモですよ。
podcast - #セキュリティのアレ - ゆるーいセキュリティのポッドキャストですよ。
事件、事故
海底ケーブルの障害により、複数のアフリカ諸国の通信に影響
(3/14) Undersea cable failures cause Internet disruptions for multiple African countries
Internet connectivity in several African countries was disrupted today, March 14, 2024. Beginning at approximately 05:00 UTC, west and central African countries were most impacted, as was South Africa. Based on published reports and social media posts from impacted network providers, the disruption is believed to be due to multiple undersea cable failures in the region. From The Gambia to Côte d'Ivoire, including a major network in South Africa (Vodacom), a total of 11 African countries were impacted, based on our observations.
The effects of downed MainOne #cable on #Internet #connectivity in West #Africa are visible in IODA.
— IODA (@IODA_live) March 14, 2024
Follow connectivity for MainOne with links to Ghana, Nigeria, and Côte d'Ivoire in near realtime:https://t.co/TkaIdmv3jQ
(IODA's BGP signal is currently down and will return) https://t.co/MhPYHr4AX9 pic.twitter.com/2wNlcEQhHs
マクドナルドでシステム障害が発生し、世界中の店舗に影響
(3/15) Update on Global Technology System Outage
At approximately midnight CDT on Friday, McDonald’s experienced a global technology system outage, which was quickly identified and corrected. Many markets are back online, and the rest are in the process of coming back online. We are closely working with those markets that are still experiencing issues. Notably, this issue was not directly caused by a cybersecurity event; rather, it was caused by a third-party provider during a configuration change.
(3/15) McDonald's: Global outage was caused by "configuration change"
(3/15) マクドナルド システム障害で営業取りやめの一部店舗で再開 | NHK | IT・ネット
(3/16) McDonald's outage shuts some restaurants globally | AP News
攻撃、脅威
警察庁が「令和5年におけるサイバー空間をめぐる脅威の情勢等について」を公開
(3/14) 令和5年におけるサイバー空間をめぐる脅威の情勢等について
Sekoia と Orange Cyberdefense が共同で、Residential Proxies (RESIP) サービスに関する調査結果を報告
(3/14) Unveiling the depths of Residential Proxies providers - Sekoia.io Blog
脆弱性
Microsoft が 2024年 3月の月例パッチを公開
(3/12) 2024 年 3 月のセキュリティ更新プログラム (月例) | MSRC Blog | Microsoft Security Response Center
今月のセキュリティ更新プログラムで修正した脆弱性のうち、CVE-2024-21334 Open Management Infrastructure のリモートでコードが実行される脆弱性 は、CVSS 基本値が9.8 と高いスコアで、認証やユーザーの操作なしで悪用が可能な脆弱性です。これらの脆弱性が存在する製品、および悪用が可能となる条件については、各CVEのページの「よく寄せられる質問」 を参照してください。セキュリティ更新プログラムが公開されるよりも前に、脆弱性の情報の一般への公開、脆弱性の悪用はありませんが、脆弱性の特性を鑑み、企業組織では早急なリスク評価とセキュリティ更新プログラムの適用を推奨しています。
(3/12) Zero Day Initiative — The March 2024 Security Update Review
Arcserve UDP に複数の脆弱性
(3/12) P00003050 | Arcserve UDP 9.2 | Console Vulnerabilities: CVE-2024-0801, CVE-2024-0800, CVE-2024-0799
(3/13) Arcserve Unified Data Protection 9.2 Multiple Vulnerabilities - Research Advisory | Tenable®
その他
KeePassXC 2.7.7 がリリース。Passkeys をサポートし、1Password と Bitwarden からのデータのインポートに対応。
(3/10) KeePassXC 2.7.7 released – KeePassXC
Tor Project が新たなブリッジとして WebTunnel をリリース
(3/12) Hiding in plain sight: Introducing WebTunnel | The Tor Project
Today, March 12th, on the World Day Against Cyber Censorship, the Tor Project's Anti-Censorship Team is excited to officially announce the release of WebTunnel, a new type of Tor bridge designed to assist users in heavily censored regions to connect to the Tor network. Available now in the stable version of Tor Browser, WebTunnel joined our collection of censorship circumvention tech developed and maintained by The Tor Project.
