View profile

今週の気になるセキュリティニュース - Issue #59

Weekly newsletter of Masafumi Negishi
Weekly newsletter of Masafumi Negishi
QNAP 製 NAS を狙う Deadbolt ランサムウェアの活動が再び活発に
But fast forward to March 2022, and Censys was surprised to see a sudden uptick of new infections targeting the same QNAP QTS devices. This recent attack started slowly, with two new infections (a total of 373 infections) on March 16th, and over the course of three days, Censys observed 869 newly infected services. By March 19th, the number of Deadbolt-infected services had risen to 1,146!
攻撃者グループ LAPSUS$ が Microsoft、Okta などのデータをリーク。Microsoft は LAPSUS$ の分析記事を公開。またロンドンで LAPSUS$ のメンバーが逮捕されたとの報道。
This week, the actor made public claims that they had gained access to Microsoft and exfiltrated portions of source code. No customer code or data was involved in the observed activities. Our investigation has found a single account had been compromised, granting limited access. Our cybersecurity response teams quickly engaged to remediate the compromised account and prevent further activity. Microsoft does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk. The tactics DEV-0537 used in this intrusion reflect the tactics and techniques discussed in this blog. Our team was already investigating the compromised account based on threat intelligence when the actor publicly disclosed their intrusion. This public disclosure escalated our action allowing our team to intervene and interrupt the actor mid-operation, limiting broader impact.
After a thorough analysis of these claims, we have concluded that a small percentage of customers – approximately 2.5% – have potentially been impacted and whose data may have been viewed or acted upon. We have identified those customers and already reached out directly by email. We are sharing this interim update, consistent with our values of customer success, integrity, and transparency.
In trying to scope the blast radius for this incident, our team assumed the worst-case scenario and examined all of the access performed by all Sitel employees to the SuperUser application for the five-day period in question. Over the past 24 hours we have analyzed more than 125,000 log entries to ascertain what actions were performed by Sitel during the relevant period. We have determined that the maximum potential impact is 366 (approximately 2.5% of) customers whose Okta tenant was accessed by Sitel.  
米FBI の Internet Crime Complaint Center (IC3) が Internet Crime Report 2021 を公開
米FBI と FinCEN が AvosLocker ランサムウェアの活動について注意喚起
Google の Threat Analysis Group (TAG) が北朝鮮による攻撃活動について注意喚起。Chrome のゼロデイ脆弱性 (CVE-2022-0609) を利用。
On February 10, Threat Analysis Group discovered two distinct North Korean government-backed attacker groups exploiting a remote code execution vulnerability in Chrome, CVE-2022-0609. These groups’ activity has been publicly tracked as Operation Dream Job and Operation AppleJeus.
ウクライナを狙う中国の攻撃者グループの活動について SentinelOne が報告
HP の複数のプリンタ製品にリモートコード実行可能な脆弱性
Certain HP Print products and Digital Sending products may be vulnerable to potential remote code execution and buffer overflow with use of Link-Local Multicast Name Resolution or LLMNR.
米 CISA が Known Exploited Vulnerabilities (KEV) カタログに 66個の脆弱性を追加
Google が Chrome のゼロデイ脆弱性を修正
Did you enjoy this issue? Yes No
Weekly newsletter of Masafumi Negishi
Weekly newsletter of Masafumi Negishi

Security Researcher, IIJ-SECT, SANS Instructor in Japan, OWASP Japan Advisory Board, WASForum Hardening Project, 子供たちが安心して使える安全なネット社会を実現したいですね。

In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Created with Revue by Twitter.