ポッドキャスト収録用のメモですよ。
podcast - #セキュリティのアレ - ゆるーいセキュリティのポッドキャストですよ。
事件、事故
財務省関東財務局が DMM Bitcoin に対して業務改善命令
(9/26) 株式会社DMM Bitcoinに対する行政処分について:財務省関東財務局
(9/26) 【重要】当社に対する関東財務局の行政処分について - DMMビットコイン(2024/09/26)
米司法省が違法な資金洗浄に関与したとして 2人のロシア人を起訴し、複数の暗号資産取引所のサイトを摘発
Today, the Justice Department announced actions coordinated with the Department of State, Department of the Treasury, and other federal and international law enforcement partners to combat Russian money laundering operations. The actions involved the unsealing of an indictment charging a Russian national with his involvement in operating multiple money laundering services that catered to cybercriminals, as well as the seizure of websites associated with three illicit cryptocurrency exchanges.
アイルランドのデータ保護委員会が Meta に対して GDPR 違反による 9100万ユーロの罰金を科すと発表
米司法省が大統領選挙への情報工作に関与したとして 3人のイラン人を起訴
攻撃、脅威
Mandiant が北朝鮮の IT 技術者がなりすましなどにより不正に収益を得ている活動について報告
(9/24) Staying a Step Ahead: Mitigating the DPRK IT Worker Threat | Google Cloud Blog
This report aims to increase awareness of the DPRK's efforts to obtain employment as IT workers and shed light on their operational tactics for obtaining employment and maintaining access to corporate systems. Understanding these methods can help organizations better detect these sorts of suspicious behaviors earlier in the hiring process. In this blog post we’ve included a sampling of the types of behaviors identified during our incident response engagements, and strategies for the detection and disruption of DPRK IT worker activity.
北朝鮮のIT労働者が政府の外貨獲得や企業へのアクセス権獲得のために世界各国で身分を偽ってIT系業務に就労している件について、今年に入って特に注意喚起や関連情報を目にする気がします。事案としては随分以前よりあったのだと思いますが、どんどん身近な脅威になっている雰囲気
— nekono_nanomotoni (@nekono_naha) September 24, 2024
リンク:… pic.twitter.com/nonBQNSBDs
ASD ACSC や CISA などが共同で、Active Directory への侵害に対応するためのガイダンスを公開
Microsoft が攻撃者グループ Storm-0501 によるランサムウェアの攻撃活動について報告
(9/26) Storm-0501: Ransomware attacks expanding to hybrid cloud environments | Microsoft Security Blog
Microsoft has observed the threat actor tracked as Storm-0501 launching a multi-staged attack where they compromised hybrid cloud environments and performed lateral movement from on-premises to cloud environment, leading to data exfiltration, credential theft, tampering, persistent backdoor access, and ransomware deployment. The said attack targeted multiple sectors in the United States, including government, manufacturing, transportation, and law enforcement. Storm-0501 is a financially motivated cybercriminal group that uses commodity and open-source tools to conduct ransomware operations.
脆弱性
CISA が Known Exploited Vulnerabilities (KEV) カタログに 1 個の脆弱性を追加
(9/24) CISA Adds One Known Exploited Vulnerability to Catalog | CISA
- CVE-2024-7593 Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability
CUPS に複数の脆弱性
(9/26) Attacking UNIX Systems via CUPS, Part I
その他
Microsoft が Windows Server Update Services (WSUS) の新たな開発を今後行わないことを発表。当面サービスは継続されるが、クラウドベースの更新管理ツールへの移行を推奨
(9/20) Windows Server Update Services (WSUS) deprecation - Windows IT Pro Blog
As part of our vision for simplified Windows management from the cloud, Microsoft has announced deprecation of Windows Server Update Services (WSUS). Specifically, this means that we are no longer investing in new capabilities, nor are we accepting new feature requests for WSUS. However, we are preserving current functionality and will continue to publish updates through the WSUS channel. We will also support any content already published through the WSUS channel.
X が 2024年上半期の透明性レポートを公開
(9/26) Transparency
We are thrilled to introduce X’s Global Transparency Report, covering the period from January to June 2024. This report highlights the extensive efforts by our Safety team to cultivate a healthy and secure environment, reaffirming that X remains a safe platform for all users.…
— Safety (@Safety) September 25, 2024