今週の気になるセキュリティニュース - Issue #163

ポッドキャスト収録用のメモですよ。

podcast - #セキュリティのアレ - ゆるーいセキュリティのポッドキャストですよ。



事件、事故

ドイツの法執行機関が "Nemesis Market" を摘発

(3/21) BKA - Meldungen - Illegaler Darknet-Marktplatz „Nemesis Market“ abgeschaltet

(3/22) Darknet marketplace Nemesis Market seized by German police

The German police have seized infrastructure for the darknet Nemesis Market cybercrime marketplace in Germany and Lithuania, disrupting the site's operation.

The Federal Criminal Police Office in Germany (BKA) and the Frankfurt cybercrime combating unit (ZIT) conducted the action on Wednesday, March 20, 2024, with law enforcement taking down the website and confiscating approximately $100,000 in cash.


米司法省はスマートフォン市場における独占禁止法違反の疑いでアップルを提訴

(3/21) Office of Public Affairs | Justice Department Sues Apple for Monopolizing Smartphone Markets | United States Department of Justice


ウクライナの複数の小規模 ISP で 3/13 以降に障害。ロシアの攻撃者グループが犯行声明。

(3/21) Russian military intelligence may have deployed wiper against multiple Ukrainian ISPs | CyberScoop

(3/21) AcidPour | New Embedded Wiper Variant of AcidRain Appears in Ukraine - SentinelOne

On March 16th, 2024, we identified a suspicious Linux binary uploaded from Ukraine. Initial analysis showed surface similarities with the infamous AcidRain wiper used to disable KA-SAT modems across Europe at the start of the Russian invasion of Ukraine (commonly identified by the ‘Viasat hack’ misnomer). Since our initial finding, no similar samples or variants have been detected or publicly reported until now. This new sample is a confirmed variant we refer to as ‘AcidPour’, a wiper with similar and expanded capabilities.

(3/22) Sandworm-linked group likely knocked down Ukrainian internet providers


攻撃、脅威

CISA などが共同で、DDoS 攻撃への対応ガイドラインを更新

(3/21) Understanding and Responding to Distributed Denial-Of-Service Attacks | CISA


Mandiant が F5 BIG-IP と ConnectWise ScreenConnect の脆弱性を悪用する攻撃者グループの活動を報告

(3/22) Bringing Access Back — Initial Access Brokers Exploit F5 BIG-IP (CVE-2023-46747) and ScreenConnect | Mandiant

During the course of an intrusion investigation in late October 2023, Mandiant observed novel N-day exploitation of CVE-2023-46747 affecting F5 BIG-IP Traffic Management User Interface. Additionally, in February 2024, we observed exploitation of Connectwise ScreenConnect CVE-2024-1709 by the same actor. This mix of custom tooling and the SUPERSHELL framework leveraged in these incidents is assessed with moderate confidence to be unique to a People's Republic of China (PRC) threat actor, UNC5174.


Mandiant がロシアの攻撃者グループ APT29 による攻撃活動について報告

(3/22) APT29 Uses WINELOADER to Target German Political Parties | Mandiant

In late February, APT29 used a new backdoor variant publicly tracked as WINELOADER to target German political parties with a CDU-themed lure.


脆弱性

AppleiOS 16.7.7 / iPadOS 16.7.7, iOS 17.4.1 / iPadOS 17.4.1, visionOS 1.1.1 をリリース

(3/21) Apple security releases - Apple Support


Horizon3.ai が FortiClientEMS の脆弱性 CVE-2023-48788 の PoC を公開

(3/21) CVE-2023-48788: Fortinet FortiClient EMS SQL Injection Deep Dive – Horizon3.ai


その他

日本クレジット協会が「クレジットカード・セキュリティガイドライン【5.0 版】」を公表

(3/15) クレジットカード・セキュリティガイドライン【5.0 版】


経済産業省が IoT製品に対するセキュリティ適合性評価制度構築に向けた検討会の最終とりまとめを公表

(3/15) IoT製品に対するセキュリティ適合性評価制度構築に向けた検討会の最終とりまとめを公表し、制度構築方針案に対する意見公募を開始しました (METI/経済産業省)


商用スパイウェアの拡散、悪用を防止する国際的な取り組みに、日本など 6ヶ国が参加

(3/18) Joint Statement on Efforts to Counter the Proliferation and Misuse of Commercial Spyware | The White House

At the third Summit for Democracy on March 18, 2024, Finland, Germany, Ireland, Japan, Poland, and Republic of Korea joined this first-of-its-kind international commitment to work collectively to counter the proliferation and misuse of commercial spyware. This joint statement, which was originally announced at the second Summit for Democracy on March 30, 2023, has been updated to reflect these additional countries.


GitHub脆弱性のあるコードを自動的に発見して修正する機能をリリース

(3/20) Found means fixed: Introducing code scanning autofix, powered by GitHub Copilot and CodeQL - The GitHub Blog

Starting today, code scanning autofix will be available in public beta for all GitHub Advanced Security customers. Powered by GitHub Copilot and CodeQL, code scanning autofix covers more than 90% of alert types in JavaScript, Typescript, Java, and Python, and delivers code suggestions shown to remediate more than two-thirds of found vulnerabilities with little or no editing.