今週の気になるセキュリティニュース - Issue #233

Revue アレかね

ポッドキャスト収録用のメモですよ。

podcast - #セキュリティのアレ - ゆるーいセキュリティのポッドキャストですよ。


事件、事故

フランスとウクライナの法執行機関および Europol の協力により、XSS フォーラムの管理者を逮捕

(7/23) Key figure behind major Russian-speaking cybercrime forum targeted in Ukraine - Suspected forum administrator with nearly 20 years in cybercrime made over EUR 7 million facilitating illegal activities | Europol

A long-running investigation led by the French Police and Paris Prosecutor, in close cooperation with their Ukrainian counterpart and Europol, has led to the arrest of the suspected administrator of xss.is, one of the world’s most influential Russian-speaking cybercrime platforms.

(7/23) Ukraine arrests suspected admin of XSS Russian hacking forum

(7/24) XSS Forum Seized: KELA Reveals User Reactions and Speculations | KELA Cyber


BlackSuit ランサムウェアのサイトが法執行機関によって差し押さえ

(7/24) BlackSuit ransomware extortion sites seized in Operation Checkmate


攻撃、脅威

CISA などが共同で Interlock ランサムウェアに関する注意喚起

(7/22) Joint Advisory Issued on Protecting Against Interlock Ransomware | CISA


Coveware が 2025年第 2 四半期のランサムウェアレポートを公開

(7/23) Targeted social engineering is en vogue as ransom payment sizes increase


脆弱性

Microsoft SharePoint Server に脆弱性。すでに悪用が確認されている

(7/19) Customer guidance for SharePoint vulnerability CVE-2025-53770 | MSRC Blog | Microsoft Security Response Center

Microsoft is aware of active attacks targeting on-premises SharePoint Server customers by exploiting vulnerabilities partially addressed by the July Security Update.

Microsoft has released security updates that fully protect customers using all supported versions of SharePoint affected by CVE-2025-53770 and CVE-2025-53771. Customers should apply these updates immediately to ensure they’re protected.

These vulnerabilities apply to on-premises SharePoint Servers only. SharePoint Online in Microsoft 365 is not impacted.

(7/19) SharePoint Under Siege: ToolShell Mass Exploitation (CVE-2025-53770)

On the evening of July 18, 2025, Eye Security identified active, large-scale exploitation of a new SharePoint remote code execution (RCE) vulnerability chain, dubbed ToolShell, demonstrated just days ago on X, this exploit is being used in the wild to compromise on-premise SharePoint servers across the world. The new chain we elaborate in this blog, was later named CVE-2025-53770 by Microsoft.

(7/20) Microsoft Releases Guidance on Exploitation of SharePoint Vulnerability (CVE-2025-53770) | CISA

(7/20) Microsoft SharePoint zero-day exploited in RCE attacks, no patch available

(7/22) Disrupting active exploitation of on-premises SharePoint vulnerabilities | Microsoft Security Blog

As early as July 7, 2025, Microsoft analysis suggests threat actors were attempting to exploit CVE-2025-49706 and CVE-2025-49704 to gain initial access to target organizations. These actors include Chinese state actors Linen Typhoon and Violet Typhoon and another China-based actor Storm-2603. The TTPs employed in these exploit attacks align with previously observed activities of these threat actors.

(7/24) SharePoint ToolShell – One Request PreAuth RCE chain CVE-2025-53770

(7/24) ToolShell - A Critical SharePoint Vulnerability Chain under Active Exploitation


CISA が Known Exploited Vulnerabilities (KEV) カタログに 1+2+4 個の脆弱性を追加

(7/20) CISA Adds One Known Exploited Vulnerability, CVE-2025-53770 “ToolShell,” to Catalog | CISA

(7/22) CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA

(7/22) CISA Adds Four Known Exploited Vulnerabilities to Catalog | CISA


その他