ポッドキャスト収録用のメモですよ。
podcast - #セキュリティのアレ - ゆるーいセキュリティのポッドキャストですよ。
事件、事故
Twilio が Authy ユーザの電話番号を不正に収集する攻撃を検知したことを発表
(7/1) Security Alert: Update to the Authy Android (v25.1.0) and iOS App (v26.1.0) | Twilio
Twilio has detected that threat actors were able to identify data associated with Authy accounts, including phone numbers, due to an unauthenticated endpoint. We have taken action to secure this endpoint and no longer allow unauthenticated requests.
複数の国の法執行機関が協力し、Cobalt Strike を悪用する活動を摘発
(7/3) Europol coordinates global action against criminal abuse of Cobalt Strike | Europol
Law enforcement has teamed up with the private sector to fight against the abuse of a legitimate security tool by criminals who were using it to infiltrate victims’ IT systems. Older, unlicensed versions of the Cobalt Strike red teaming tool were targeted during a week of action coordinated from Europol’s headquarters between 24 and 28 June.
Throughout the week, law enforcement flagged known IP addresses associated with criminal activity, along with a range of domain names used by criminal groups, for online service providers to disable unlicensed versions of the tool. A total of 690 IP addresses were flagged to online service providers in 27 countries. By the end of the week, 593 of these addresses had been taken down.
Known as Operation MORPHEUS, this investigation was led by the UK National Crime Agency and involved law enforcement authorities from Australia, Canada, Germany, the Netherlands, Poland and the United States. Europol coordinated the international activity, and liaised with the private partners. This disruptive action marks the culmination of a complex investigation initiated in 2021.
(7/3) サイバー攻撃集団の通信一部遮断 日米欧捜査当局が連携 - 日本経済新聞
JAXA が昨年発生した外部からの不正アクセスによる情報漏洩について公表
(7/5) JAXA | JAXAにおいて発生した不正アクセスによる情報漏洩について
昨年10月、外部機関からの通報に基づき、JAXAの業務用イントラネットの一部のサーバに対する不正アクセス(以下、「本インシデント」といいます)を認知しました。その後速やかに不正通信先との通信遮断等の初期対応を実施しつつ、専門機関及びセキュリティベンダー等とも連携して調査を行い、事案の解明、対策の策定及び実施に取り組んできました。本インシデントの概要は別紙のとおりですが、その中で、JAXAが管理していた情報の一部(外部機関と業務を共同で実施するにあたっての情報及び個人情報)が漏洩していたことを確認いたしました。
攻撃、脅威
OVHcloud が過去最大級の DDoS 攻撃を観測
(7/2) The Rise of Packet Rate Attacks: When Core Routers Turn Evil - OVHcloud Blog
In the past 18 months, and especially in the past 6 months, we noticed a sharp increase of DDoS attacks leveraging packet rates greater than 100 Mpps. We went from mitigating few of them each week, to tens or even hundreds per week. Our infrastructures had to mitigate several 500+ Mpps attacks at the beginning of 2024, including one peaking at 620 Mpps. In April 2024, we even mitigated a record-breaking DDoS attack reaching ~840 Mpps, just above the previous record reported by Akamai.
脆弱性
OpenSSH に脆弱性 CVE-2024-6387
(7/1) openssh.com/txt/release-9.8
(参考) OpenSSHの脆弱性 CVE-2024-6387についてまとめてみた - piyolog
Cisco NX-OS に脆弱性。すでに悪用を確認
(7/1) Cisco NX-OS Software CLI Command Injection Vulnerability
In April 2024, the Cisco Product Security Incident Response Team (PSIRT) became aware of attempted exploitation of this vulnerability in the wild.
(7/1) Cisco NX-OS Command Injection Vulnerability CVE-2024-20399: Insights and Defense Strategies
(7/1) Cisco warns of NX-OS zero-day exploited to deploy custom malware
CISA が Known Exploited Vulnerabilities (KEV) カタログに 1 個の脆弱性を追加
(7/2) CISA Adds One Known Exploited Vulnerability to Catalog | CISA
- CVE-2024-20399 Cisco NX-OS Command Injection Vulnerability