今週の気になるセキュリティニュース - Issue #181

Revue アレかね

ポッドキャスト収録用のメモですよ。

podcast - #セキュリティのアレ - ゆるーいセキュリティのポッドキャストですよ。


事件、事故

英NCA が DDoS 攻撃代行サービスを摘発

(7/22) NCA infiltrates world's most prolific DDoS-for-hire service - National Crime Agency

The National Crime Agency has infiltrated a significant DDoS-for-hire service which has been responsible for tens of thousands of attacks every week across the globe.


攻撃、脅威

KnowBe4 が米国市民に詐称した北朝鮮の IT 労働者を雇用していたことを公表

(7/23) How a North Korean Fake IT Worker Tried to Infiltrate Us

(7/25) North Korean Fake IT Worker FAQ


米司法省が米国の病院等へのランサムウェア攻撃に関与したとして、北朝鮮政府のハッカーを起訴。また関連して FBI、CISA などが共同で、北朝鮮の攻撃者グループ Andariel の攻撃活動に関する注意喚起

(7/25) Office of Public Affairs | North Korean Government Hacker Charged for Involvement in Ransomware Attacks Targeting U.S. Hospitals and Health Care Providers | United States Department of Justice

A grand jury in Kansas City, Kansas, returned an indictment on Wednesday charging North Korean national Rim Jong Hyok for his involvement in a conspiracy to hack and extort U.S. hospitals and other health care providers, launder the ransom proceeds, and then use these proceeds to fund additional computer intrusions into defense, technology, and government entities worldwide. Their ransomware attacks prevented victim health care providers from providing full and timely care to patients.

(7/25) FBI, CISA, and Partners Release Advisory Highlighting North Korean Cyber Espionage Activity | CISA

This advisory was crafted to highlight cyber espionage activity associated with the Democratic People’s Republic of Korea (DPRK)’s Reconnaissance General Bureau (RGB) 3rd Bureau based in Pyongyang and Sinuiju. The group primarily targets defense, aerospace, nuclear, and engineering entities to obtain sensitive and classified technical information and intellectual property to advance the regime’s military and nuclear programs and ambitions.

(7/25) North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs | CISA

(7/25) APT45: North Korea’s Digital Military Machine | Google Cloud Blog

(7/25) Onyx Sleet uses array of malware to gather intelligence for North Korea | Microsoft Security Blog

On July 25, 2024, the United States Department of Justice (DOJ) indicted an individual linked to the North Korean threat actor that Microsoft tracks as Onyx Sleet. Microsoft Threat Intelligence collaborated with the Federal Bureau of Investigation (FBI) in tracking activity associated with Onyx Sleet. We will continue to closely monitor Onyx Sleet’s activity to assess changes following the indictment.


脆弱性

CISA が Known Exploited Vulnerabilities (KEV) カタログに 2 個の脆弱性を追加

(7/23) CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA


ISC BIND に複数の脆弱性

(7/24) JVNVU#99505181: ISC BINDにおける複数の脆弱性(2024年7月)


その他

(7/22) A new path for Privacy Sandbox on the web

In light of this, we are proposing an updated approach that elevates user choice. Instead of deprecating third-party cookies, we would introduce a new experience in Chrome that lets people make an informed choice that applies across their web browsing, and they’d be able to adjust that choice at any time. We're discussing this new path with regulators, and will engage with the industry as we roll this out.

(7/25) 「サードパーティークッキーの廃止の撤回」ってどういうこと? | IIJ Engineers Blog


Let's Encrypt が OCSP サービスの提供を終了すると発表

(7/23) Intent to End OCSP Service - Let's Encrypt

Today we are announcing our intent to end Online Certificate Status Protocol (OCSP) support in favor of Certificate Revocation Lists (CRLs) as soon as possible. OCSP and CRLs are both mechanisms by which CAs can communicate certificate revocation information, but CRLs have significant advantages over OCSP. Let’s Encrypt has been providing an OCSP responder since our launch nearly ten years ago. We added support for CRLs in 2022.