Today, we released a report detailing the relentless and destructive Russian cyberattacks we’ve observed in a hybrid war against Ukraine, and what we’ve done to help protect Ukrainian people and organizations. We believe it’s important to share this information so that policymakers and the public around the world know what’s occurring, and so others in the security community can continue to identify and defend against this activity. All of this work is ultimately focused on protecting civilians from attacks that can directly impact their lives and their access to critical services.

Sophos が The State of Ransomware 2022 レポートを公開

(4/27) The State of Ransomware 2022 – Sophos News

Cloudflare が 15M rps の HTTPS DDoS 攻擊を観測したとの報告

(4/27) Cloudflare blocks 15M rps HTTPS DDoS attack

脆弱性

Shadowserver から、Middlebox TCP reflection 攻擊の踏み台として利用可能な機器のスキャン状況に関する報告

(4/25) Over 18.8 million IPs vulnerable to Middlebox TCP reflection DDoS attacks | The Shadowserver Foundation

The scan methods described above have allowed us to uncover over 18,800,000 IPv4 addresses responding to our Middlebox probes. The country with the highest number of such responses is from China (over 6.3M), followed by Iran (around 5.2M) and Indonesia (over 2.7M).

(コメント) 国別の機器台数を見ると、日本は 9位で 60万台以上ある

Shadowserver

@Shadowserver

Over 18.8M IPv4 addresses found vulnerable to Middlebox TCP reflection allowing for DDoS amplification attacks. Average amp factor 19.4 for SYN/GET scan method, 7.6 for SYN+ACK:PSH scan method. Most in China, Iran & Indonesia.

Details at: https://t.co/bIQ6nTla4P https://t.co/ZmIZBdZ7bk

5:46 AM - 26 Apr 2022

Five Eyes の 5ヶ国が共同で、2021年に最も悪用された脆弱性のリストを公開

(4/27) 2021 Top Routinely Exploited Vulnerabilities | CISA

This joint Cybersecurity Advisory (CSA) was coauthored by cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom: the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), New Zealand National Cyber Security Centre (NZ NCSC), and United Kingdom’s National Cyber Security Centre (NCSC-UK). This advisory provides details on the top 15 Common Vulnerabilities and Exposures (CVEs) routinely exploited by malicious cyber actors in 2021, as well as other CVEs frequently exploited.

(コメント) Log4Shell, ProxyShell, ProxyLogon などの脆弱性が並ぶ中、やや古い Fortinet や Pulse Secure の脆弱性も相変わらず悪用が多い

その他

ATT&CK v11 がリリース

(4/25) ATT&CK Goes to v11: Structured Detections, Beta Sub-Techniques for Mobile, and ICS Joins the Band | by Adam Pennington | MITRE ATT&CK® | Apr, 2022 | Medium

(4/25) Updates - Updates - April 2022 | MITRE ATT&CK®

NICT が NICTER プロジェクトのダークネット観測網における2022年第1四半期（1～3月）の観測結果を公開

(4/28) NICTER観測統計 - 2022年1月～3月 - NICTER Blog

security.txt に関する仕様が RFC に

(4/28) RFC 9116: A File Format to Aid in Security Vulnerability Disclosure

@EdOverflow

After 5 years of work, security.txt is officially an RFC. I am pleased to announce RFC 9116: https://t.co/uIqSRo28ak.

I would like to use this opportunity to thank those who made this possible. Thank you. ❤️ https://t.co/Z8SNxd81ZO

5:37 AM - 28 Apr 2022

Did you enjoy this issue? Yes No

Weekly newsletter of Masafumi Negishi

Security Researcher, IIJ-SECT, SANS Instructor in Japan, OWASP Japan Advisory Board, WASForum Hardening Project, 子供たちが安心して使える安全なネット社会を実現したいですね。

In order to unsubscribe, click here.

If you were forwarded this newsletter and you like it, you can subscribe here.

Created with Revue by Twitter.