今週の気になるセキュリティニュース - Issue #47

#47・
Weekly newsletter of Masafumi Negishi
73

issues

Subscribe to our newsletter

By subscribing, you agree with Revue’s Terms of Service and Privacy Policy and understand that Weekly newsletter of Masafumi Negishi will receive your email address.

Weekly newsletter of Masafumi Negishi
Weekly newsletter of Masafumi Negishi
事件、事故
Grim Finance が不正アクセスを受け、3,000万ドル以上の暗号資産を盗まれる
Grim Finance
1/1
Grim Finance vaults were exploited today by unknown 3rd party.

Exploiter address:
https://t.co/qA3iBTSepb

The team is working on an article on what happened and what's to follow, can only ask for your patience.
Grim Finance
Hello Grim Community,

It is with heavy hearts that we inform you that our platform was exploited today by an external attacker roughly 6 hours ago. The attackers address has been identified with over 30 million dollars worth of theft here https://t.co/qA3iBTSepb
ソニー生命保険社員によって不正に送金され、その後換金された Bitcoin を米司法省が押収したと発表
The United States took action in federal court today to protect and ultimately return more than $154 million in funds that were allegedly stolen from a subsidiary of Tokyo-based Sony Group Corporation and then seized by law enforcement during the FBI’s investigation of the theft.
The United States filed a civil forfeiture complaint in the Southern District of California to protect Sony’s interest in the property, which an employee allegedly embezzled in May 2021 and converted to more than 3,879 Bitcoins valued today at more than $180 million. Those funds were seized by law enforcement on December 1, 2021, based on the FBI’s investigation.
四万十町スマホアプリの保守委託業者のサーバが LockBit ランサムウェアに感染し、アプリのシステムに影響
攻撃、脅威
Meta (旧 Facebook) が、Facebook、Messenger、Instagram、WhatsApp へのフィッシング攻撃を阻止するため、39,000 以上の偽の Web サイトに対して訴訟を提起
This phishing scheme involved the creation of more than 39,000 websites impersonating the login pages of Facebook, Messenger, Instagram and WhatsApp. On these websites, people were prompted to enter their usernames and passwords, which Defendants collected.  
脆弱性
Azure App Service に脆弱性。一部のユーザのソースコードにアクセス可能な状態だった。
The Wiz Research Team detected an insecure default behavior in the Azure App Service that exposed the source code of customer applications written in PHP, Python, Ruby, or Node, that were deployed using “Local Git”. The vulnerability, which we dubbed as “NotLegit”, has existed since September 2017 and has probably been exploited in the wild.
Wiz reported this security flaw to Microsoft on October 7th, 2021, and by now it has been mitigated. Small groups of customers are still potentially exposed and should take certain user actions to protect their applications, as detailed in several email alerts Microsoft issued between the 7th - 15th of December, 2021.
MSRC was informed by Wiz.io, a cloud security vendor, under Coordinated Vulnerability Disclosure (CVD) of an issue where customers can unintentionally configure the .git folder to be created in the content root, which would put them at risk for information disclosure. This, when combined with an application configured to serve static content, makes it possible for others to download files not intended to be public. We have notified the limited subset of customers that we believe are at risk due to this and we will continue to work with our customers on securing their applications.
CISA, FBI, NSA, ACSC, CCCS, CERT NZ, NZ NCSC, UCSC-UK が共同で Log4j の脆弱性に関する注意喚起
The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), National Security Agency (NSA), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), the Computer Emergency Response Team New Zealand (CERT NZ), the New Zealand National Cyber Security Centre (NZ NCSC), and the United Kingdom’s National Cyber Security Centre (NCSC-UK) are releasing this joint Cybersecurity Advisory (CSA) to provide mitigation guidance on addressing vulnerabilities in Apache’s Log4j software library: CVE-2021-44228 (known as “Log4Shell”), CVE-2021-45046, and CVE-2021-45105. Sophisticated cyber threat actors are actively scanning networks to potentially exploit Log4Shell, CVE-2021-45046, and CVE-2021-45105 in vulnerable systems. According to public reporting, Log4Shell and CVE-2021-45046 are being actively exploited.
Microsoft Teams のプレビュー機能に 4件の脆弱性
We stumbled upon 4 vulnerabilities in Microsoft Team’s link preview feature
The vulnerabilities allow accessing internal Microsoft services, spoofing the link preview, and, for Android users, leaking their IP address and DoS'ing their Teams app/channels
We reported the issues to Microsoft in March 2021, who has only remediated one so far
その他
デジタル庁が新型コロナワクチン接種証明書アプ‪リをリリース
NPO日本ネットワークセキュリティ協会 (JNSA) が「2021セキュリティ十大ニュース」を発表
Did you enjoy this issue? Yes No
Weekly newsletter of Masafumi Negishi
Weekly newsletter of Masafumi Negishi

Security Researcher, IIJ-SECT, SANS Instructor in Japan, OWASP Japan Advisory Board, WASForum Hardening Project, 子供たちが安心して使える安全なネット社会を実現したいですね。

In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Created with Revue by Twitter.