ポッドキャスト収録用のメモですよ。
podcast - #セキュリティのアレ - ゆるーいセキュリティのポッドキャストですよ。
事件、事故
江崎グリコで基幹システムの切り替え時にシステム障害が発生し、一部の受発注及び出荷業務に影響
(4/5) 当社基幹システムトラブルに関するお詫び | 【公式】江崎グリコ(Glico)
(4/12) 当社基幹システムトラブルに関するお詫び | 【公式】江崎グリコ(Glico)
2024年4月3日(水)、基幹システムを切り替えた際に発生したシステム障害により、現在、一部の受発注及び出荷業務に影響が出ております。システムの復旧に向けて、乳製品・洋生菓子・果汁・清涼飲料などの「チルド食品」(冷蔵品)につきまして、4月14日(日)より、全国の物流センターにおける業務を一時的に停止させていただきます。
プルデンシャル生命保険の元社員が退職時に顧客情報を不正に持ち出し
(4/9) 当社元社員によるお客さまの個人情報の漏えいに関するお詫びとお知らせ
CISA が Sisense からの情報漏洩に関する注意喚起
(4/11) Compromise of Sisense Customer Data | CISA
CISA is taking an active role in collaborating with private industry partners to respond to this incident, especially as it relates to impacted critical infrastructure sector organizations. We will provide updates as more information becomes available.
(4/11) Why CISA is Warning CISOs About a Breach at Sisense – Krebs on Security
Roku で Credential Stuffing 攻撃による不正ログインが発生。対応として、影響を受けたアカウントのパスワードはリセットされ、全ユーザのアカウントで 2要素認証が有効にされた
(4/12) Protecting your Roku account
(4/12) Roku warns 576,000 accounts hacked in new credential stuffing attacks
攻撃、脅威
Apple がスパイウェアによる攻撃の標的となっているユーザに警告の通知
(4/10) About Apple threat notifications and protecting against mercenary spyware - Apple Support
Apple threat notifications are designed to inform and assist users who may have been individually targeted by mercenary spyware attacks, likely because of who they are or what they do. Such attacks are vastly more complex than regular cybercriminal activity and consumer malware, as mercenary spyware attackers apply exceptional resources to target a very small number of specific individuals and their devices. Mercenary spyware attacks cost millions of dollars and often have a short shelf life, making them much harder to detect and prevent. The vast majority of users will never be targeted by such attacks.
(4/11) Apple drops term 'state-sponsored' attacks from its threat notification policy | Reuters
(4/12) Apple swaps 'state-sponsored' lingo for 'mercenary spyware' • The Register
CISA が緊急指令 ED 24-02 を発出
Today, CISA publicly issued Emergency Directive (ED) 24-02 to address the recent campaign by Russian state-sponsored cyber actor Midnight Blizzard to exfiltrate email correspondence of Federal Civilian Executive Branch (FCEB) agencies through a successful compromise of Microsoft corporate email accounts. This Directive https://www.cisa.gov/news-events/directives/ed-24-02-mitigating-significant-risk-nation-state-compromise-microsoft-corporate-email-system requires agencies to analyze the content of exfiltrated emails, reset compromised credentials, and take additional steps to secure privileged Microsoft Azure accounts.
Trend Micro が攻撃者グループ Earth Hundun の攻撃活動について報告
- Earth Hundun is a cyberespionage-motivated threat actor that has been active for several years in the Asia-Pacific region, targeting the technology and government sectors.
- The group has been known for employing several tools and techniques, including Waterbear, a malware entity that has had over 10 versions since 2009.
- Waterbear is known for its complexity, as it uses a number of evasion mechanisms to minimize the chance of detection and analysis. Succeeding versions have added enhancements that make it even more troublesome to deal with.
- In 2022, Earth Hundun began using the latest version of Waterbear — also known as Deuterbear — which has several changes, including anti-memory scanning and decryption routines, that make us consider it a different malware entity from the original Waterbear.
- Our blog entry provides an in-depth analysis of these two malware types in Earth Hundun’s bag of tools.
脆弱性
D-Link 製の複数の NAS 製品にコマンド実行可能な脆弱性。すでに悪用が確認されている。
(3/26) Command Injection and Backdoor Account in D-Link NAS Devices
The described vulnerability affects multiple D-Link NAS devices, including models DNS-340L, DNS-320L, DNS-327L, and DNS-325, among others. The vulnerability lies within the nas_sharing.cgi uri, which is vulnerable due to two main issues: a backdoor facilitated by hardcoded credentials, and a command injection vulnerability via the system parameter. This exploitation could lead to arbitrary command execution on the affected D-Link NAS devices, granting attackers potential access to sensitive information, system configuration alteration, or denial of service, by specifying a command,affecting over 92,000 devices on the Internet.
(4/4) D-Link Technical Support
(4/8) CVE-2024-3273: D-Link NAS RCE Exploited in the Wild | GreyNoise Blog
(4/8) Critical RCE bug in 92,000 D-Link NAS devices now exploited in attacks
We have also started sharing out D-Link NAS CVE-2024-3273 vulnerable instances. Around ~2400 vulnerable instances found on 2024-04-11: https://t.co/Mmb0uNqnAw
— Shadowserver (@Shadowserver) April 12, 2024
Data shared in vulnerable HTTP report - https://t.co/ukqg2xthvk https://t.co/EJTTvpGuQG pic.twitter.com/6jcm5kULBJ
Microsoft が 2024年 4月の月例パッチを公開。すでに悪用が確認されている脆弱性を含む。
(4/9) 2024 年 4 月のセキュリティ更新プログラム (月例) | MSRC Blog | Microsoft Security Response Center
今月のセキュリティ更新プログラムで修正した脆弱性のうち、以下の脆弱性は更新プログラムが公開されるよりも前に悪用や脆弱性の詳細が一般へ公開されていることを確認しています。お客様においては、更新プログラムの適用を早急に行ってください。脆弱性の詳細は、各 CVE のページを参照してください。
- CVE-2024-26234 プロキシ ドライバ スプーフィングの脆弱性
(4/9) Smoke and (screen) mirrors: A strange signed backdoor – Sophos News
(4/9) Zero Day Initiative — The April 2024 Security Updates Review
CISA が Known Exploited Vulnerabilities (KEV) カタログに 2+1 個の脆弱性を追加
(4/11) CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA
- CVE-2024-3272 D-Link Multiple NAS Devices Use of Hard-Coded Credentials Vulnerability
- CVE-2024-3273 D-Link Multiple NAS Devices Command Injection Vulnerability
(4/12) CISA Adds One Known Exploited Vulnerability to Catalog | CISA
- CVE-2024-3400 Palo Alto Networks PAN-OS Command Injection Vulnerability
Palo Alto Networks の PAN-OS にリモートコード実行可能な脆弱性。すでに悪用が確認されている。
(4/12) CVE-2024-3400 PAN-OS: OS Command Injection Vulnerability in GlobalProtect Gateway
Palo Alto Networks is aware of a limited number of attacks that leverage the exploitation of this vulnerability.
(4/12) Threat Brief: Operation MidnightEclipse, Post-Exploitation Activity Related to CVE-2024-3400
(4/13) Palo Alto Networks社製PAN-OS GlobalProtectのOSコマンドインジェクションの脆弱性(CVE-2024-3400)に関する注意喚起
Palo Aloto社のPAN-OSの比較的新しいバージョンに認証前RCEの脆弱性CVE-2024-3400が公表され、すでに悪用が報告されています。公開台数はWWで82k台、国内1.7k台有り海外にも日系サーバがかなり多いです。利用者は早めの対処と情報注視を推奨です⚠️https://t.co/DvkFGuVoBc pic.twitter.com/l389OXv3g4
— nekono_nanomotoni (@nekono_naha) April 12, 2024
その他
X (旧 Twitter) が全世界の iOS ユーザ向けに passkeys によるログインをサポート
Update: Passkeys is now available as a login option for everyone globally on iOS! Try it out.https://t.co/v1LyN0l8wF
— Safety (@Safety) April 8, 2024
CISA がマルウェア解析システム Malware Next-Gen を公開
(4/10) CISA Announces Malware Next-Gen Analysis | CISA
The Cybersecurity and Infrastructure Security Agency (CISA) announces today a new release of our malware analysis system, called Malware Next-Gen, which allows any organization to submit malware samples and other suspicious artifacts for analysis. Malware Next-Gen allows CISA to more effectively support our partners by automating analysis of newly identified malware and enhancing the cyber defense efforts.
DuckDuckGo が VPN など 3つのサービスがバンドルされた Privacy Pro サービスを開始
(4/11) Privacy Pro: DuckDuckGo's New 3-in-1 Subscription Service
