Part 2

ポッドキャスト収録用のメモですよ。

podcast – #セキュリティのアレ – ゆるーいセキュリティのポッドキャストですよ。

X (旧 Twitter)

(30/8) Federal Supreme Tribunal

(31/8) Musk’s X suspended in Brazil after disinformation scandal

(9/3) OONI Explorer – Brazil blocked Twitter/X

⚠️ Confirmed: Show metrics #Brazil‘s major ISPs are now enforcing the Supreme Court’s order banning X (formerly Twitter); the order follows X’s refusal to censor accounts associated with the previous government and the political right, and his refusal to appoint a representative photo.twitter.com/Y4LJVlzZM3

— NetBlocks (@netblocks) August 31, 2024

More information

(9/4) General terms and conditions | ゴルフダイジェスト・オンライン

ID:認しました。」（第三者が他サービスかID cardされます。

ACSC

(9/2) The Silent Heist: Cybercriminals Use Information-Stealing Malware to Compromise Corporate Networks | Cyber.gov.au

Information stealer malware steals user credentials and system data that cybercriminals misuse, primarily for financial gain. Information stealers have been observed in cybercrime attacks on multiple organizations and industries worldwide, including Australia. This publication provides readers with cybersecurity guidance on information stealer malware, including threat activity and mitigation advice for organizations and their employees.

米司法省がロシア政府による影響工作に関連するドメインを摘発し、関係者を訴追

(9/4) Bureau of Public Affairs | Department of Justice Disrupts Covert Russian Government-Sponsored Foreign Malign Influence Operation Targeting Targets in the United States and Elsewhere | United States Department of Justice

The Department of Justice today announced the continued seizure of 32 internet domains used in Russian government-directed foreign malign influence campaigns colloquially referred to as “Doppelganger,” in violation of U.S. money laundering and criminal trademark laws. As alleged in an unsealed affidavit, Russian companies Social Design Agency (SDA), Structura National Technology (Structura), and ANO Dialog, which operate under the direction and control of the Russian presidential administration, and specifically First Deputy Chief of Staff of the Presidential Executive Office Sergei Vladilenovich Kiriyenko, have used these domains to, among other things, covertly disseminate Russian government propaganda aimed at diminishing international support for Ukraine, amplifying pro-Russian policies and interests, and influencing voters in U.S. and foreign elections, including the 2024 U.S. presidential election.

(9/4) Bureau of Public Affairs | Two RT employees charged with secretly financing and directing US company that published thousands of videos promoting Russian interests | United States Department of Justice

(9/4) Treasury takes action as part of U.S. government response to Russia’s foreign malign influence operations | US Department of the Treasury

FBI, CISA, FBI …

(9/5) FBI, CISA, NSA, and U.S. and International Partners Issue Advisory on Russian Military Cyber Actors Targeting U.S. and Global Critical Infrastructure | CISA

Today, the Federal Bureau of Investigation (FBI) – in collaboration with CISA, the National Security Agency (NSA), and other U.S. and international partners – released a joint Cybersecurity Advisory Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure. This advisory provides overlapping cybersecurity industry cyber threat intelligence, tactics, techniques, and procedures (TTPs), and Indicators of Compromise (IOCs) associated with Russian General Staff Main Intelligence Directorate (GRU) 161st Specialist Training Center (Unit 29155) cyber actors both during and after their deployment of the WhisperGate malware against Ukraine.

(9/5) Russian Military Cyber Actors Target U.S., Global Critical Infrastructure | CISA

(9/5) Bureau of Public Affairs | Five Russian GRU officers, one civilian charged with conspiracy to hack Ukrainian government | United States Department of Justice

YubiKey 5 version from Infineon Technologies

(9/3) EUCLEAK – NinjaLab

Our work exposes a side-channel vulnerability in the cryptographic library of Infineon Technologies, one of the largest manufacturers of secure elements. This vulnerability – which remained undetected for 14 years and about 80 highest Common Criteria certification evaluations – is due to a non-constant-time modular inversion.

(9/3) Security Advisory YSA-2024-03 | Yubico

A vulnerability has been discovered in the Infineon cryptographic library, which is used in YubiKey 5 Series and Security Key Series with firmware older than 5.7.0 and YubiHSM 2 with firmware older than 2.4.0. The severity of the issue in Yubico devices is moderate.

An attacker could potentially exploit this issue as part of a sophisticated, targeted attack to recover the affected private keys. The attacker would need physical possession of the YubiKey, Security Key, or YubiHSM, knowledge of the accounts they wish to target, and specialized equipment to perform the necessary attack. Depending on the use case, the attacker may also need additional knowledge, including the username, PIN, account password, or authentication key. For more details, see Affected Use Cases and Mitigations.

CISA が Known Exploited Vulnerabilities (KEV) カタログに 3 個の脆弱性を追加

(9/3) CISA Adds Three Known Exploited Vulnerabilities to Catalog | CISA

Veeam software

(9/4) KB4649: Veeam Security Bulletin (September 2024)

(9/5) Veeam warns of critical RCE error in Backup & Replication software

Patch your Veeam Backup & Replication servers better! Full system takeover via CVE-2024-40711, discovered by our own @frycos – this time we won’t give technical details as this could be directly abused by ransomware gangs https://t.co/pGLq1RQi3n photo.twitter.com/uUkRA2wgji

— CODE WHITE GmbH (@codewhitesec) September 5, 2024

複数のキングソフト製品にパストラバーサルの脆弱性

(9/6) Windows Software – KINGSOFT サポート

(9/6) JVN#32529796: more information

(8/28) Analysis of two random code execution vulnerabilities affecting WPS Office

ESET researchers discovered a code execution vulnerability in WPS Office for Windows (CVE⁠-⁠2024⁠-⁠7262), as it was exploited by APT-C-60, a cyberespionage group with ties to South Korea. After analyzing the root cause, we then discovered an alternative way to exploit the flawed code (CVE-2924-7263). Following a coordinated disclosure process, both vulnerabilities have now been patched. We provide technical details in this blog post.