ポッドキャスト収録用のメモですよ。
podcast - #セキュリティのアレ - ゆるーいセキュリティのポッドキャストですよ。
事件、事故
欧州委員会の Web サイトをホストするクラウドインフラに不正アクセス
(3/27) Commission responds to cyber-attack on its Europa web platform
On 24 March, the European Commission discovered a cyber-attack, which affected its cloud infrastructure hosting the Commission's web presence on the Europa.eu platform. Immediate steps were taken to contain the attack. The Commission's swift response ensured the incident was contained and risk mitigation measures were implemented to protect services and data, without disrupting the availability of the Europa websites.
(4/2) CERT-EU - European Commission cloud breach: a supply-chain compromise
- On March 24, the European Commission’s Cybersecurity Operations Centre received alerts about potential misuse of Amazon APIs, potential account compromise, and an abnormal increase in network traffic. On March 25, CERT-EU was informed.
- We assess with high confidence that initial access was obtained through the Trivy supply-chain compromise, which was publicly attributed to a threat actor known as TeamPCP.
- A significant volume of data (about 91.7 GB compressed) was exfiltrated from the compromised AWS account, including personal data such as names, email addresses, and email content.
- On March 28, the data extortion group ShinyHunters made the stolen data publicly available on their dark web leak site.
- The compromised account is part of the technical infrastructure that drives multiple websites of the European Commission. Data pertaining to at least 29 other Union entities may be affected.
- We assess that the rise in supply-chain compromises poses a significant threat. We strongly encourage all organisations to implement the recommendations in this post.
Anthropic が Claude Code のソースコードを誤ってリーク
(3/31) Claude Code source code accidentally leaked in NPM package
(4/1) Anthropic Claude Code Leak | ThreatLabz
Claude code source code has been leaked via a map file in their npm registry!
— Chaofan Shou (@Fried_rice) March 31, 2026
Code: https://t.co/jBiMoOzt8G pic.twitter.com/rYo5hbvEj8
DeFi プラットフォームの Drift Protocol で $280M 相当の暗号資産が不正に流出
(4/2) Drift loses $280 million as North Korean hackers seize Security Council powers
(4/2) Drift Protocol exploited for $286 million in suspected DPRK-linked attack
(4/2) North Korean Hackers Attack Drift Protocol In USD 285 Million Heist | TRM Blog
Drift Protocol is experiencing an active attack. Deposits and withdrawals have been suspended. We are coordinating with multiple security firms, bridges, and exchanges to contain the incident. This is not an April Fools joke. We’ll provide additional updates from this account as… https://t.co/03SRPq4fHj
— Drift (@DriftProtocol) April 1, 2026
Earlier today, a malicious actor gained unauthorized access to Drift Protocol through a novel attack involving durable nonces, resulting in a rapid takeover of Drift’s Security Council administrative powers.
— Drift (@DriftProtocol) April 2, 2026
This was a highly sophisticated operation that appears to have involved…
— Drift (@DriftProtocol) April 5, 2026
攻撃、脅威
NPM パッケージの Axios に対するサプライチェーン攻撃が発生
(3/31) Hackers compromise Axios npm package to drop cross-platform malware
(3/31) axios ソフトウェアサプライチェーン攻撃の概要と対応指針 - GMO Flatt Security Blog
(4/1) Mitigating the Axios npm supply chain compromise | Microsoft Security Blog
(4/1) STARDUST CHOLLIMA Likely Compromises Axios npm Package
(4/3) Post Mortem: axios npm supply chain compromise · Issue #10636 · axios/axios
so the attack vector mimics what google has documented here: https://cloud.google.com/blog/topics/threat-intelligence/unc1069-targets-cryptocurrency-ai-social-engineering
they tailored this process specifically to me by doing the following:
- they reached out masquerading as the founder of a company they had cloned the companys founders likeness as well as the company itself.
- they then invited me to a real slack workspace. this workspace was branded to the companies ci and named in a plausible manner. the slack was thought out very well, they had channels where they were sharing linked-in posts, the linked in posts i presume just went to the real companys account but it was super convincing etc. they even had what i presume were fake profiles of the team of the company but also number of other oss maintainers.
- they scheduled a meeting with me to connect. the meeting was on ms teams. the meeting had what seemed to be a group of people that were involved.
- the meeting said something on my system was out of date. i installed the missing item as i presumed it was something to do with teams, and this was the RAT.
- everything was extremely well co-ordinated looked legit and was done in a professional manner.
(4/3) Attackers Are Hunting High-Impact Node.js Maintainers in a C...
脆弱性
CISA が Known Exploited Vulnerabilities (KEV) カタログに 1+1+1 個の脆弱性を追加
(3/30) CISA Adds One Known Exploited Vulnerability to Catalog | CISA
- CVE-2026-3055 Citrix NetScaler Out-of-Bounds Read Vulnerability
(4/1) CISA Adds One Known Exploited Vulnerability to Catalog | CISA
- CVE-2026-5281 Google Dawn Use-After-Free Vulnerability
(4/2) CISA Adds One Known Exploited Vulnerability to Catalog | CISA
- CVE-2026-3502 TrueConf Client Download of Code Without Integrity Check Vulnerability
Google が Chrome のゼロデイ脆弱性を修正
(3/31) Chrome Releases: Stable Channel Update for Desktop
Google is aware that an exploit for CVE-2026-5281 exists in the wild.
Progress ShareFile にリモートコード実行可能な脆弱性
(4/2) Security Vulnerability Fix For ShareFile Storage Zones Controller 5.x (February 2026)
The Progress ShareFile team recently confirmed critical security vulnerabilities in ShareFile Storage Zones Controller v5 version deployments for customer managed zones. Currently, we have not received any reports that these vulnerabilities have been exploited.
These vulnerabilities allow an unauthenticated remote attacker to access on-prem storage zones controller’s configuration pages, potentially leading to changes in system configuration and remote code execution.
We added Progress ShareFile fingerprinting to our scans & reports with 784 unique IPs seen exposed on 2026-04-02. @watchtowrcyber recently disclosed details behind an RCE CVE-2026-2699 & CVE-2026-2701 exploit chain affecting ShareFile. Make sure to apply the latest patch! pic.twitter.com/aVvl83pzt4
— The Shadowserver Foundation (@Shadowserver) April 3, 2026
Progress社ShareFileで認証前RCEに繋がる脆弱性の詳細PoCが公開されたため公開サーバを調査。グローバルで642台を発見し内18.1%の116台が脆弱性の影響を受ける可能性あり。同社製品は様々なものが過去何度も悪用されており今回も遅かれ早かれITWになると予想。日系へ影響小https://t.co/wUTDlr8teR pic.twitter.com/AzI6i2FkXW
— nekono_nanomotoni (@nekono_naha) April 3, 2026
その他
macOS Tahoe 26.4 に ClickFix 攻撃に対する警告機能が追加
(3/30) Apple adds macOS Terminal warning to block ClickFix attacks
(3/31) Objective-See's Blog
経済産業省が「サプライチェーン強化に向けたセキュリティ対策評価制度に関する制度構築方針」を公表
(3/27) サイバーセキュリティ基本法、サプライチェーン・リスク対策、個人情報保護関連 - 国家サイバー統括室
CRYPTREC が「電子政府における調達のために参照すべき暗号のリスト」を更新し、耐量子計算機暗号(PQC)リストを追加。
(3/30) CRYPTREC | CRYPTREC暗号リスト(電子政府推奨暗号リスト)
(3/31) CRYPTREC暗号リストが改定 — PQCリスト新設でML-KEMが電子政府推奨暗号に #pqc - Qiita
国家サイバー統括室 (NCO) が「サイバーインフラ事業者に求められる役割等に関するガイドライン」を公開
(3/31) サイバーセキュリティ基本法、サプライチェーン・リスク対策、個人情報保護関連 - 国家サイバー統括室
