今週の気になるセキュリティニュース - Issue #64

#64・
Weekly newsletter of Masafumi Negishi
94

issues

Subscribe to our newsletter

By subscribing, you agree with Revue’s Terms of Service and Privacy Policy and understand that Weekly newsletter of Masafumi Negishi will receive your email address.

Weekly newsletter of Masafumi Negishi
Weekly newsletter of Masafumi Negishi
ポッドキャスト収録用のメモですよ。(今週の収録はお休みです)

事件、事故
東映アニメーションが 3月に発生した不正アクセスに関する調査結果を公表
当社従業員が業務上必要なソフトウェアを外部ウェブサイトよりダウンロードしたところ、ランサムウェアの侵入の起点となるソフトウェアが同時にダウンロードされるよう外部ウェブサイトが改竄されておりました。
 その後、3月6日に社内ネットワークへの第三者による不正アクセスを確認いたしました。
攻擊、脅威
Kaspersky から、2022年第1四半期の DDoS 攻擊に関するレポート
Microsoft から、ロシアによるウクライナへのサイバー攻擊に関するレポート
Today, we released a report detailing the relentless and destructive Russian cyberattacks we’ve observed in a hybrid war against Ukraine, and what we’ve done to help protect Ukrainian people and organizations. We believe it’s important to share this information so that policymakers and the public around the world know what’s occurring, and so others in the security community can continue to identify and defend against this activity. All of this work is ultimately focused on protecting civilians from attacks that can directly impact their lives and their access to critical services.
Sophos が The State of Ransomware 2022 レポートを公開
Cloudflare が 15M rps の HTTPS DDoS 攻擊を観測したとの報告
脆弱性
Shadowserver から、Middlebox TCP reflection 攻擊の踏み台として利用可能な機器のスキャン状況に関する報告
The scan methods described above have allowed us to uncover over 18,800,000 IPv4 addresses responding to our Middlebox probes. The country with the highest number of such responses is from China (over 6.3M), followed by Iran (around 5.2M) and Indonesia (over 2.7M).
(コメント) 国別の機器台数を見ると、日本は 9位で 60万台以上ある
Shadowserver
Over 18.8M IPv4 addresses found vulnerable to Middlebox TCP reflection allowing for DDoS amplification attacks. Average amp factor 19.4 for SYN/GET scan method, 7.6 for SYN+ACK:PSH scan method. Most in China, Iran & Indonesia.

Details at: https://t.co/bIQ6nTla4P https://t.co/ZmIZBdZ7bk
Five Eyes の 5ヶ国が共同で、2021年に最も悪用された脆弱性のリストを公開
This joint Cybersecurity Advisory (CSA) was coauthored by cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom: the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), New Zealand National Cyber Security Centre (NZ NCSC), and United Kingdom’s National Cyber Security Centre (NCSC-UK). This advisory provides details on the top 15 Common Vulnerabilities and Exposures (CVEs) routinely exploited by malicious cyber actors in 2021, as well as other CVEs frequently exploited.
(コメント) Log4Shell, ProxyShell, ProxyLogon などの脆弱性が並ぶ中、やや古い Fortinet や Pulse Secure の脆弱性も相変わらず悪用が多い
その他
NICT が NICTER プロジェクトのダークネット観測網における2022年第1四半期(1~3月)の観測結果を公開
security.txt に関する仕様が RFC に
Ed
After 5 years of work, security.txt is officially an RFC. I am pleased to announce RFC 9116: https://t.co/uIqSRo28ak.

I would like to use this opportunity to thank those who made this possible. Thank you. ❤️ https://t.co/Z8SNxd81ZO
Did you enjoy this issue? Yes No
Weekly newsletter of Masafumi Negishi
Weekly newsletter of Masafumi Negishi

Security Researcher, IIJ-SECT, SANS Instructor in Japan, OWASP Japan Advisory Board, WASForum Hardening Project, 子供たちが安心して使える安全なネット社会を実現したいですね。

In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Created with Revue by Twitter.