ポッドキャスト収録用のメモですよ。
podcast - #セキュリティのアレ - ゆるーいセキュリティのポッドキャストですよ。
事件、事故
欧州の複数の主要空港でチェックインと搭乗手続きのシステムに障害が発生。システムを提供する Collins Aerospace がランサムウェア攻撃を受けたことによる影響。イギリスの警察は容疑者を逮捕した。
(9/21) European airports cyberattack
(9/21) イギリスやベルギーなど空港でシステム障害 サイバー攻撃か | NHK | ベルギー
(9/22) 欧州主要空港、運航の混乱続く ブリュッセルは22日に半数欠航へ | ロイター
(9/22) EU cyber agency says airport software held to ransom by criminals
(9/24) UK arrest following aerospace cyber incident - National Crime Agency
A man has been arrested in the UK by the National Crime Agency as part of an investigation into a cyber incident impacting Collins Aerospace.
The incident, which was reported on 19 September, affected flights at Heathrow and other European airports over the weekend.
NCA officers, supported by the South East ROCU, arrested a man in his forties in West Sussex yesterday evening on suspicion of Computer Misuse Act offences. He has been released on conditional bail.
Collins Aerospace, which provides check-in and boarding systems for several airlines across multiple airports globally, is experiencing a technical issue that may cause delays for departing passengers.
— Heathrow Airport (@HeathrowAirport) September 20, 2025
While the provider works to resolve the problem quickly, we advise… pic.twitter.com/f68e9CbIlu
米シークレットサービスがニューヨーク周辺で違法な通信ネットワークを摘発
The U.S. Secret Service dismantled a network of electronic devices located throughout the New York tristate area that were used to conduct multiple telecommunications-related threats directed towards senior U.S. government officials, which represented an imminent threat to the agency’s protective operations.
This protective intelligence investigation led to the discovery of more than 300 co-located SIM servers and 100,000 SIM cards across multiple sites.
40の国と地域が参加するインターポールの Operation HAECHI VI により、オンライン詐欺等のサイバー犯罪を摘発し、439M USドルを回収
(9/24) USD 439 million recovered in global financial crime operation
An INTERPOL-coordinated operation across 40 countries and territories has resulted in the recovery of USD 342 million in government-backed currencies, along with USD 97 million in physical and virtual assets.
Operation HAECHI VI (April - August 2025), targeted seven types of cyber-enabled financial crimes: voice phishing, romance scams, online sextortion, investment fraud, money laundering associated with illegal online gambling, business email compromise and e-commerce fraud.
Investigators worked together to detect and disrupt online fraud as well as money laundering activities, blocking over 68,000 associated bank accounts and freezing close to 400 cryptocurrency wallets.
In addition, around USD 16 million in suspected illicit profits was recovered from cryptocurrency wallets.
Microsoft がイスラエル国防省へのクラウドサービスなどの提供を停止
(9/25) Update on ongoing Microsoft review - Microsoft On the Issues
I want to let you know that Microsoft has ceased and disabled a set of services to a unit within the Israel Ministry of Defense (IMOD). I know many of you care about this topic, and I share more about this decision below.
(9/26) マイクロソフト イスラエル国防省へのクラウドなど提供停止 | NHK | イスラエル・パレスチナ
全日空の Webサイトで国内線の一部の機能が利用できない障害が発生
(9/27) 【復旧のお知らせ】ANAウェブサイトから国内線空席照会・オンラインチェックインなどの一部利用不具合について
2025年9月26日(金)19時52分ごろより、ANAウェブサイトから国内線一部機能がご利用できない事象が発生しておりましたが、本事象は2025年9月27日(土)4:05に復旧し、現在は正常に稼働しております。
(9/27) 全日空などウェブサイト障害27日朝解消 運航に影響なし|NHK 首都圏のニュース
攻撃、脅威
Cloudflare が 22.2 Tbps / 10.6 Bpps の DDoS 攻撃を観測
(9/23) Cloudflare mitigates new record-breaking 22.2 Tbps DDoS attack
Cloudflare just autonomously blocked hyper-volumetric DDoS attacks twice as large as anything seen on the Internet before — peaking at 22.2 Tbps & 10.6 Bpps. Can your mitigation provider’s scrubbing capacity handle that scale? pic.twitter.com/cSYiPZ8WA8
— Cloudflare (@Cloudflare) September 22, 2025
Google が BRICKSTORM マルウェアの活動について報告
脆弱性
GoAnywhere MFT にデシリアライゼーションの脆弱性。すでに悪用が確認されている。
(9/18) Deserialization Vulnerability in GoAnywhere MFT's License Servlet | Fortra
(9/24) CVE-2025-10035 | AttackerKB
The following analysis details our current understanding of the vulnerability, and finds that the issue, as described by the vendor, is not just a single deserialization vulnerability, but rather a chain of three separate issues. This includes an access control bypass that has been known since 2023, the unsafe deserialization vulnerability CVE-2025-10035, and an as-yet unknown issue pertaining to how the attackers can know a specific private key.
(9/24) Is This Bad? This Feels Bad. (Fortra GoAnywhere CVE-2025-10035)
(9/25) It Is Bad (Exploitation of Fortra GoAnywhere MFT CVE-2025-10035) - Part 2
Since Part 1, we have been given credible evidence of in-the-wild exploitation of Fortra GoAnywhere CVE-2025-10035 dating back to September 10, 2025. That is eight days before Fortra’s public advisory, published September 18, 2025. This explains why Fortra later decided to publish limited IOCs, and we're now urging defenders to immediately change how they think about timelines and risk.
An individual sent us evidence of exploitation activity that aligns with the stack traces shown in Fortra's advisory.
Libraesva ESG にコマンドインジェクション脆弱性。すでに悪用が確認されている。
(9/19) Security advisory: command injection vulnerability (CVE-2025-59689) – Libraesva Docs
One confirmed incident of abuse has been identified. The threat actor is believed to be a foreign hostile state entity.
CISA が Known Exploited Vulnerabilities (KEV) カタログに 1+2 個の脆弱性を追加
(9/23) CISA Adds One Known Exploited Vulnerability to Catalog | CISA
- CVE-2025-10585 Google Chromium V8 Type Confusion Vulnerability
(9/25) CISA Directs Federal Agencies to Identify and Mitigate Potential Compromise of Cisco Devices | CISA
- CVE-2025-20362 Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Missing Authorization Vulnerability
- CVE-2025-20333 Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) Buffer Overflow Vulnerability
Cisco IOS と IOS XE にリモートコード実行可能な脆弱性。すでに悪用が確認されている。
(9/24) Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability
The Cisco Product Security Incident Response Team (PSIRT) became aware of successful exploitation of this vulnerability in the wild after local Administrator credentials were compromised. Cisco strongly recommends that customers upgrade to a fixed software release to remediate this vulnerability.
Cisco ASA と FTD にリモートコード実行可能な脆弱性。すでに悪用が確認されている。CISA は緊急指令 ED 25-03 を発出
(9/25) Cisco Event Response: Continued Attacks Against Cisco Firewalls
Attackers were observed to have exploited multiple zero-day vulnerabilities and employed advanced evasion techniques such as disabling logging, intercepting CLI commands, and intentionally crashing devices to prevent diagnostic analysis. The complexity and sophistication of this incident required an extensive, multi-disciplinary response across Cisco’s engineering and security teams.
Cisco assesses with high confidence that this new activity is related to the same threat actor as the ArcaneDoor attack campaign that Cisco reported in early 2024.
The Cisco Product Security Incident Response Team (PSIRT) is aware of attempted exploitation of this vulnerability. Cisco continues to strongly recommend that customers upgrade to a fixed software release to remediate this vulnerability.
The Cisco PSIRT is aware of attempted exploitation of this vulnerability. Cisco continues to strongly recommend that customers upgrade to a fixed software release to remediate this vulnerability.
(9/25) ED 25-03: Identify and Mitigate Potential Compromise of Cisco Devices | CISA
(9/25) NCSC warns of persistent malware campaign targeting Cisco... - NCSC.GOV.UK
(9/26) Cisco ASAおよびFTDにおける複数の脆弱性(CVE-2025-20333、CVE-2025-20362)に関する注意喚起
その他
国家サイバー統括室 (NCO) が「被害報告一元化に関するDDoS事案及びランサムウェア事案報告様式」を決定
(9/25) 「被害報告一元化に関するDDoS事案及びランサムウェア事案報告様式」(案)に関する意見の募集結果について
トランプ大統領が TikTok のアメリカ国内での事業継続に向けた大統領令に署名
(9/25) Saving TikTok While Protecting National Security – The White House
(9/26) トランプ大統領 中国系の動画共有アプリ「TikTok」アメリカ国内の事業継続に向け大統領令に署名 | NHK | トランプ大統領
