ポッドキャスト収録用のメモですよ。
podcast - #セキュリティのアレ - ゆるーいセキュリティのポッドキャストですよ。
事件、事故
日産証券が不正アクセスの影響により一部のサービスを停止
(2/25) 不正アクセスによるサービスの一部停止に関するお知らせ [25/02/25] | 日産証券
FBI が Bybit への不正アクセスを北朝鮮の攻撃者グループ TraderTraitor の犯行であると発表
(2/26) Internet Crime Complaint Center (IC3) | North Korea Responsible for $1.5 Billion Bybit Hack
The Federal Bureau of Investigation (FBI) is releasing this PSA to advise the Democratic People's Republic of Korea (North Korea) was responsible for the theft of approximately $1.5 billion USD in virtual assets from cryptocurrency exchange, Bybit, on or about February 21, 2025. FBI refers to this specific North Korean malicious cyber activity as "TraderTraitor."
(2/27) 北朝鮮が2000億円超の仮想通貨窃取 FBI発表、最大被害か - 日本経済新聞
Join us on war against Lazarus - https://t.co/6DnaH1WTId
— Ben Zhou (@benbybit) February 25, 2025
Industry first bounty site that shows aggregated full transparency on the sanctioned Lazarus money laundering activities. V1 includes:
- Becoming a bounty hunter by connecting your wallet and help tracing the fund, when…
— Safe.eth (@safe) February 26, 2025
Bybit Hack Forensics Report
— Ben Zhou (@benbybit) February 26, 2025
As promised, here are the preliminary reports of the hack conducted by @sygnia_labs and @Verichains
Screenshotted the conclusion and here is the link to the full report: https://t.co/3hcqkXLN5U pic.twitter.com/tlZK2B3jIW
楽天モバイルへの不正ログインを行った中高生 3人を警視庁が逮捕
(2/27) 生成AI悪用し楽天モバイルに不正アクセス、1000件以上の回線入手し転売か…容疑で中高生3人逮捕 : 読売新聞
(2/27) 生成AI「Chat GPT」悪用し「楽天モバイル」不正アクセス 100余の通信回線の契約結んだか 中高生3人逮捕 | NHK | 事件
(2/27) ID・PW入手しAI悪用 楽天に不正アクセス容疑で少年3人逮捕 [東京都]:朝日新聞
(2/27) 【重要】身に覚えのない回線契約にご注意ください | その他のお知らせ | 楽天モバイル
(参考) 中高生による大量の楽天モバイル回線不正転売事案についてまとめてみた - piyolog
攻撃、脅威
Visual Studio Code で不正なテーマ拡張が発見される
(2/26) VSCode extensions with 9 million installs pulled over security risks
Have I Been Pwned が Stealer ログのリークデータ ALIEN TXTBASE を追加
(2/26) Troy Hunt: Processing 23 Billion Rows of ALIEN TXTBASE Stealer Logs
We've ingested a corpus of 1.5TB worth of stealer logs known as "ALIEN TXTBASE" into Have I Been Pwned. They contain 23 billion rows with 493 million unique website and email address pairs, affecting 284M unique email addresses. We've also added 244M passwords we've never seen before to Pwned Passwords and updated the counts against another 199M that were already in there. Finally, we now have a way for domain owners to query their entire domain for stealer logs and for website operators to identify customers who have had their email addresses snared when entering them into the site. (Note: stealer logs are still freely and easily searchable by individuals, scroll to the bottom for a walkthrough.)
奇安信の Xlab が Vo1d ボットネットの活動について報告
(2/27) Long Live The Vo1d Botnet: New Variant Hits 1.6 Million TV Globally
Microsoft が生成 AI を悪用するサイバー犯罪者グループを特定し法的措置
(2/27) Disrupting a global cybercrime network abusing generative AI - Microsoft On the Issues
GreyNoise が DDoS 攻撃を行う Eleven11bot ボットネットの活動について報告
(2/28) New DDoS Botnet Discovered: Over 30,000 Hacked Devices, Majority of Observed Activity Traced to Iran
脆弱性
CISA が Known Exploited Vulnerabilities (KEV) カタログに 2+2 個の脆弱性を追加
(2/24) CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA
- CVE-2017-3066 Adobe ColdFusion Deserialization Vulnerability
- CVE-2024-20953 Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability
(2/25) CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA
- CVE-2024-49035 Microsoft Partner Center Improper Access Control Vulnerability
- CVE-2023-34192 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability
watchTowr が NAKIVO Backup & Replication の脆弱性 CVE-2024-48248 について報告
We are scanning for & reporting Nakivo Backup & Replication CVE-2024-48248 (arbitrary file read) vulnerable instances in our Vulnerable HTTP report: https://t.co/qxv0Gv6cAK.
— The Shadowserver Foundation (@Shadowserver) February 27, 2025
~208 vulnerable instances seen 2025-02-26
Dashboard map view: https://t.co/z2ekwWPIl7 pic.twitter.com/iOCORPCDwi
