ポッドキャスト収録用のメモですよ。
podcast - #セキュリティのアレ - ゆるーいセキュリティのポッドキャストですよ。
事件、事故
個人情報保護委員会がエムケイシステムに対して行政指導
(3/25) 株式会社エムケイシステムに対する個人情報の保護に関する法律に基づく行政上の対応について(令和6年3月25日) |個人情報保護委員会
(3/26) 当社に対する個人情報保護委員会からの指導等について|株式会社エムケイシステム
米財務省が暗号資産などを利用した制裁逃れに関与したロシアの団体・個人を制裁対象に
Today, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned thirteen entities and two individuals for operating in the financial services and technology sectors of the Russian Federation economy including persons developing or offering services in virtual assets that enable the evasion of U.S. sanctions. Five entities were designated for being owned or controlled by OFAC-designated persons.
米司法省が暗号資産取引所 KuCoin とその創業者 2人を起訴
Damian Williams, the United States Attorney for the Southern District of New York, and Darren McCormack, the Acting Special Agent in Charge of the New York Field Office of Homeland Security Investigations (“HSI”), announced today the unsealing of an Indictment against global cryptocurrency exchange KuCoin and two of its founders, CHUN GAN, a/k/a “Michael,” and KE TANG, a/k/a “Eric,” for conspiring to operate an unlicensed money transmitting business and conspiring to violate the Bank Secrecy Act by willfully failing to maintain an adequate anti-money laundering (“AML”) program designed to prevent KuCoin from being used for money laundering and terrorist financing, failing to maintain reasonable procedures for verifying the identity of customers, and failing to file any suspicious activity reports. KuCoin was also charged with operating an unlicensed money transmitting business and a substantive violation of the Bank Secrecy Act. GAN and TANG remain at large.
攻撃、脅威
米司法省が中国の攻撃者グループ APT31 の活動に関与した中国人 7人を起訴
An indictment was unsealed today charging seven nationals of the People’s Republic of China (PRC) with conspiracy to commit computer intrusions and conspiracy to commit wire fraud for their involvement in a PRC-based hacking group that spent approximately 14 years targeting U.S. and foreign critics, businesses, and political officials in furtherance of the PRC’s economic espionage and foreign intelligence objectives.
The United Kingdom, supported by allies globally, have today identified that Chinese state-affiliated organisations and individuals were responsible for 2 malicious cyber campaigns targeting democratic institutions and parliamentarians. Partners across the Indo-Pacific and Europe also express solidarity with the UK’s efforts to call out malicious cyber activities targeting democratic institutions and electoral processes.
外務省、警察庁、財務省、経済産業省が「北朝鮮IT労働者に関する企業等に対する注意喚起」を公表
(3/26) 北朝鮮IT労働者に関する企業等に対する注意喚起について|警察庁Webサイト
Black Lotus Labs が TheMoon マルウェアの活動について報告
(3/26) The Darkside of TheMoon - Lumen
The Black Lotus Labs team at Lumen Technologies has identified a multi-year campaign targeting end-of-life (EoL) small home/small office (SOHO) routers and IoT devices, associated with an updated version of “TheMoon” malware. TheMoon, which emerged in 2014, has been operating quietly while growing to over 40,000 bots from 88 countries in January and February of 2024. As our team has discovered, the majority of these bots are used as the foundation of a notorious, cybercriminal-focused proxy service, known as Faceless. While Lumen has previously documented this malware family, our latest tracking has shown TheMoon appears to enable Faceless’ growth at of a rate of nearly 7,000 new users per week.
Cisco が Cisco 製品など VPN 機器への Password Spray 攻撃に関する注意喚起
(3/26) Password Spray Attacks Impacting Remote Access VPN Services - Cisco
Cisco was made aware of multiple reports related to password spraying attacks aimed at RAVPN services. It has been noted by Talos that these attacks are not limited to Cisco products but also third-party VPN concentrators.
Depending on your environment, the attacks can cause accounts to be locked, resulting in Denial of Service (DoS)-like conditions.
This activity appears to be related to reconnaissance efforts.
XZ Utils の 5.6.0 / 5.6.1 にバックドアが混入
(3/29) oss-security - backdoor in upstream xz/liblzma leading to ssh server compromise
(3/29) Urgent security alert for Fedora 41 and Fedora Rawhide users
(3/29) Everything I know about the XZ backdoor
(3/29) Reported Supply Chain Compromise Affecting XZ Utils Data Compression Library, CVE-2024-3094 | CISA
脆弱性
CISA が Known Exploited Vulnerabilities (KEV) カタログに 3+1 個の脆弱性を追加
(3/25) CISA Adds Three Known Exploited Vulnerabilities to Catalog | CISA
- CVE-2023-48788 Fortinet FortiClient EMS SQL Injection Vulnerability
- CVE-2021-44529 Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability
- CVE-2019-7256 Nice Linear eMerge E3-Series OS Command Injection Vulnerability
(3/26) CISA Adds One Known Exploited Vulnerability to Catalog | CISA
- CVE-2023-24955 Microsoft SharePoint Server Code Injection Vulnerability
Google が 2023年に悪用が確認されたゼロデイ脆弱性に関するレポートを公開
(3/27) A review of zero-day in-the-wild exploits in 2023
In 2023, Google observed 97 zero-day vulnerabilities exploited in-the-wild. That’s over 50 percent more than in 2022, but still shy of 2021’s record of 106. Today, Google published its fifth annual review of zero-days exploited in-the-wild, marking the first time Google’s Threat Analysis Group (TAG) and Mandiant teamed up on the report.
その他
はてなへのログインがパスキーと多要素認証に対応
(3/25) はてなへのログインがパスキーと多要素認証に対応し、よりセキュアになりました - はてなの告知
NICT が新しい NOTICE の開始を発表
(3/29) IoT機器のセキュリティ向上を推進する新しい「NOTICE」を開始|2024年|NICT-情報通信研究機構
サイバー攻撃手段の高度化による新たな脅威の登場などの環境変化によりIoT機器を悪用したサイバー攻撃の発生が継続していることを踏まえ、IoT機器のセキュリティ向上を推進するプロジェクトとして、新しい「NOTICE(National Operation Towards IoT Clean Environment)」を開始します。