・「当社には取られて困る情報はない」?経営層による3つの勘違
・北朝鮮のミサイル発射を失敗させた米国7つの手口 (04/27)
クローズ系のネットワークでもサイバー攻撃は難しくない
・北朝鮮情勢:意図せざる不注意な戦争を避けるために (04/14)
Apr 27, 2017
Apr 26, 2017
大学関係者をだます攻撃の調査で見つかった、複数の外交文書
(ITpro 04/26)
『「162.202」から始まる ... アドレスブロックとの通信を検知し、
↑
辻さんの実践的コメント
詐欺マーケットプレイス多発、続編
犯罪のグローバル化に、警察も、当のAmazonさえも追いついていな
今は異常な安値から判断できそうだが、価格変更など手をかえて、
・続・深刻化するAmazonマーケットプレース詐欺、
【解決しました】ArduinoをはじめようキットがAmazo
「再発防止策ができていない .. 出品停止という問題は一時的に解決」だそうで、まずは良かった。
Arduino は、そっちの人にも魅力的??
・関連
Apache Struts2、ぴあ方面の続報
・ぴあ運営サイト不正アクセス、Struts2の脆弱性は「S2
「
03/07〜15 不正アクセスの痕跡が確認された
03/09 「Apache Struts2」の脆弱性の識別子、「S2-045」が公開
03/15 ホットファクトリーとききょう屋ソフトが、対策として独自にSt
03/25 両サイトにおける全てのクレジットカード決済機能を停止、
調査会社 Payment Card Forensics(PCF)に詳細な調査を依頼
04/10 PCFからの中間報告で、不正アクセスを受けていたことが判明
04/11 ログインパスワードを初期化、
04/15 PCFが、最終報告
会員のクレジットカード番号など、
B.LEAGUEファンクラブ受付サイトのデータベース上や
チケ
チケ
... 個人情報が不適切に保持されていたことが分かった(*1)
04/25 不正アクセスによって個人情報が流出した可能性があることを公表
「4月25日は準備が整った最速のタイミングだった」
??/?? ホットファクトリーは .. 構築したB.LEAGUEチケットサイトでは、
... 閲覧等の可能性は否定できない(*2)
」
*1, *2 の外注先、データ記録先 については、次の記事の方が分かりやすい。
・「ぴあ」社が個人情報流出を発表 「チケットぴあ」に影響は?会社に聞いた (04/25)
『データベース上(ききょう屋ソフトのファンクラブ受付サイト)
『通信ログ』がどうも引っかかる。本来、デバッグ完了段階で機能停止・廃棄すべき、デバッグ用記録ファイルの事では無いのかなぁ。まさか access_log(URL)等に残すような設計では無かっただろうし
Apr 25, 2017
詐欺マーケットプレイスが多発?
・詐欺マーケットプレイスが多発? Amazonで激安商品を買ったら何も届かなったという報告があがる (04/25)
個人情報を盗んでいるのではとの指摘も。
http://nlab.itmedia.co.jp/nl/articles/1704/25/news124.html
「現金や個人情報をだまし取ることが目的だろう ...
これら怪しい出品は海外から新規で登録しているものが多いため、出品者情報を見ればある程度は判別がつきます。
しかし、なかには古いアカウントを乗っ取って利用していると推測されているケースも発生しており、高い評価の付いている出品者(※)だからといって確実に安全とは限らないと警告する声も。
...
やはり、明らかに安過ぎる出品には、手を出さないほうがよいでしょう。
」 (注、文字色は私が赤くした)
・【手口と対策】いつの間にか自分が詐欺犯に?Amazonマーケットプレイスで詐欺被害が急増中 (04/18)
http://www.appps.jp/260993/
「詐欺の手口
...
1. PS4やニンテンドースイッチなど人気商品を定価よりも安い価格で出品
2. 他ユーザーが購入すると代金の支払いが完了、商品を発送する
3. 「海外発送だから到着まで時間がかかる」と言う
4. 商品はユーザーの元に届かず、お金だけを取って終了
...
「価格が安すぎる」という分かりやすい見分け方 ... 他にも
新規出品者(評価がない)
発送時期が2週間以上になっている
...いつの間にか自分が詐欺犯になっている?
さて、問題はもう1つ。Amazon.comで実際に報告されているハッキング被害で、その内容は
1. Amazonアカウントを乗っ取る
2. アカウントの銀行口座情報を変更する
3. そのアカウントで適当な商品を適当な価格でマーケットプレイス上に出品する
4. その際、発送は「2週間」などと書いておく
5. 他ユーザーが商品を購入すると、代金が銀行口座に振り込まれる
6. 購入したユーザーは発送まで時間がかかると思っているので、すぐに商品が来なくても疑問に思わない
7. 商品は届かず、お金だけ盗られる
」
・【緊急警報】Amazonで世界規模の大中華詐欺が勃発中!! 被害者にならないために (04/25)
https://www.landerblue.co.jp/blog/?p=32511
「Amazon マーケットプレイスの件。アカウントを乗っ取られた上に、「怪しい業者」にされてしまう事例が増えているようです。利用者としては、安すぎる商品には注意と。 事態が鎮静化するまでは Amazon.co.jp 販売品のみにした方が安全か。 」
Ref. http://www.st.ryukoku.ac.jp/~kjm/security/memo/2017/04.html#20170425_marketplace
4/10週のCVE ... High Vulnerabilities
ふぅ~、4/17週も出ているのだが、追い付いていない。
Primary
Vendor -- Product |
Description
|
Published
|
CVSS Score
|
Source & Patch Info
|
amazon -- fire_os
|
Stack-based buffer overflow in the havok_write function in drivers/staging/havok/havok.c in Amazon Fire OS before 2016-01-15 allows attackers to cause a denial of service (panic) or possibly have unspecified other impact via a long string to /dev/hv.
|
2017-04-09
| ||
atlassian -- jira
|
The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object.
|
2017-04-10
| ||
axis -- axis_communications_firmware
|
AXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a "resource injection vulnerability."
|
2017-04-09
| ||
botan_project -- botan
|
botan before 1.11.22 improperly validates certificate paths, which allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a certificate with a loop in the certificate chain.
|
2017-04-10
| ||
botan_project -- botan
|
botan 1.11.x before 1.11.22 improperly handles wildcard matching against hostnames, which might allow remote attackers to have unspecified impact via a valid X.509 certificate, as demonstrated by accepting *.example.com as a match forbar.foo.example.com.
|
2017-04-10
| ||
botan_project -- botan
|
The Curve25519 code in botan before 1.11.31, on systems without a native 128-bit integer type, might allow attackers to have unspecified impact via vectors related to undefined behavior, as demonstrated on 32-bit ARM systems compiled by Clang.
|
2017-04-10
| ||
cisco -- aironet_access_point
|
A vulnerability in login authentication management in Cisco Aironet 1800, 2800, and 3800 Series Access Point platforms could allow an authenticated, local attacker to gain unrestricted root access to the underlying Linux operating system. The root Linux shell is provided for advanced troubleshooting and should not be available to individual users, even those with root privileges. The attacker must have the root password to exploit this vulnerability. More Information: CSCvb13893. Known Affected Releases: 8.2(121.0) 8.3(102.0). Known Fixed Releases: 8.4(1.53) 8.4(1.52) 8.3(111.0) 8.3(104.23) 8.2(130.0) 8.2(124.1).
「root Linuxシェルはトラブルシューティングの為に提供されるとは
自組織内ではID管理の徹底を。運用外注の場合はroot作業の
BIDによるとアップデートが有るので、摘要すれば良い、
|
2017-04-07
| ||
cisco -- firepower_extensible_
|
A vulnerability in the local-mgmt CLI command of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61394 CSCvb86816. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1658) 2.0(1.115).
|
2017-04-07
| ||
cisco -- firepower_extensible_
|
A vulnerability in the debug plug-in functionality of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to execute arbitrary commands, aka Privilege Escalation. More Information: CSCvb86725 CSCvb86797. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.105) 92.1(1.1733) 2.1(1.69).
|
2017-04-07
| ||
cisco -- firepower_extensible_
|
A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61351 CSCvb61637. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1645) 2.0(1.82) 1.1(4.136.
|
2017-04-07
| ||
cisco -- firepower_management_center
|
A vulnerability in the detection engine reassembly of Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process consumes a high level of CPU resources. Affected Products: This vulnerability affects Cisco Firepower System Software running software releases 6.0.0, 6.1.0, 6.2.0, or 6.2.1 when the device is configured with an SSL policy that has at least one rule specifying traffic decryption. More Information: CSCvc58563. Known Affected Releases: 6.0.0 6.1.0 6.2.0 6.2.1.
|
2017-04-07
| ||
cisco -- mobility_services_engine
|
A vulnerability in the CLI command parser of the Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers could allow an authenticated, local attacker to obtain access to the underlying operating system shell with root-level privileges. More Information: CSCvb70351. Known Affected Releases: 8.3(102.0).
|
2017-04-07
| ||
cloudviewnms -- cloudview_nms
|
CloudView NMS before 2.10a has a format string issue exploitable over SNMP.
Ref.
CloudView NMS: Network Management, Monitoring and SCADA Solution
|
2017-04-09
| ||
dataprobe -- ibootbar_firmware
|
Dataprobe iBootBar (with 2007-09-20 and possibly later released firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCRABBIT cookie.
|
2017-04-07
| ||
dataprobe -- ibootbar_firmware
|
Dataprobe iBootBar (with 2007-09-20 and possibly later beta firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCCOOKIE cookie.
|
2017-04-07
| ||
dell -- integrated_remote_access_
|
Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has a format string issue in racadm getsystinfo.
アップデートが有るので、摘要すれば良い。
次善策としては前述のID管理や作業監視だろうなぁ
|
2017-04-09
| ||
dell -- integrated_remote_access_
|
Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long SSH username or input.
|
2017-04-09
| ||
dell -- integrated_remote_access_
|
Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has XXE.
|
2017-04-09
| ||
gnu -- binutils
|
elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a "member access within null pointer" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an "int main() {return 0;}" program.
|
2017-04-09
| ||
google -- android
|
A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33641588.
|
2017-04-07
| ||
google -- android
|
他にもMediaserverプロセスの権限で、コード実行。
CVSS Scoreはいずれも9.3
影響あるAndroidバージョン4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1.(個々のCVEでは、一部のversionに留まる
|
2017-04-07
| ||
google -- android
|
他にCameraBase (CVE-2017-0544), Audioserver (CVE-2017-0545), SurfaceFlinger (CVE-2017-0546),等で、任意のコード実行、委細割愛
|
2017-04-07
| ||
google -- android
|
remote DoS in libskia (CVE-2017-0548), libavc (CVE-2017-0549, CVE-2017-0550, CVE-2017-0551, CVE-2017-0552) in Mediaserver
|
2017-04-07
| ||
gynoii -- gcw-1010
|
Gynoii has a password of guest for the backdoor guest account and a password of 12345 for the backdoor admin account.
|
2017-04-09
| ||
ibaby -- m3s_baby_monitor_firmware
|
iBaby M3S has a password of admin for the backdoor admin account.
|
2017-04-09
| ||
lens_laboratories -- peek-a-view_firmware
|
Lens Peek-a-View has a password of 2601hx for the backdoor admin account, a password of user for the backdoor user account, and a password of guest for the backdoor guest account.
|
2017-04-09
| ||
linux -- linux_kernel
|
An elevation of privilege vulnerability in the Qualcomm audio driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33353700. References: QC-CR#1104067.
|
2017-04-07
| ||
linux -- linux_kernel
|
An elevation of privilege vulnerability in the Qualcomm Seemp driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33353601. References: QC-CR#1102288.
|
2017-04-07
| ||
linux -- linux_kernel
|
A remote code execution vulnerability in the Broadcom Wi-Fi firmware could enable a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC. This issue is rated as Critical due to the possibility of remote code execution in the context of the Wi-Fi SoC. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34199105. References: B-RB#110814.
他にBroadcom Wi-Fi driverに関する rate high, score 7.6の脆弱性も。
|
2017-04-07
| ||
linux -- linux_kernel
|
An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32089409.
別の permanent device compromise で、CVE-2017-0564 も score 9.3
|
2017-04-07
| ||
linux -- linux_kernel
|
他にも、色々。一部抜粋すると・・・
An elevation of privilege vulnerability
in the Qualcomm Wi-Fi driver (CVE-2017-0575)
in the Qualcomm crypto engine driver (CVE-2017-0576)
in the HTC touchscreen driver (CVE-2017-0577)
in the Qualcomm video driver (CVE-2017-0579)
in the Synaptics Touchscreen driver (CVE-2017-0580)
in the Synaptics Touchscreen driver (CVE-2017-0581)
in the HTC OEM fastboot command (CVE-2017-0582)
in the Qualcomm CP access driver (CVE-2017-0583)
・・・
crypto/ahash.c in the Linux kernel through 4.10.9 allows attackers to cause a DoS (CVE-2017-7618)
|
2017-04-07
| ||
news_system_project -- news_system
|
SQL injection vulnerability in NewsController.php in the News module 5.3.2 and earlier for TYPO3 allows unauthenticated users to execute arbitrary SQL commands via vectors involving overwriteDemand for order and OrderByAllowed.
|
2017-04-07
| ||
ninka_project -- ninka
|
Ninka before 1.3.2 might allow remote attackers to obtain sensitive information, manipulate license compliance scan results, or cause a denial of service (process hang) via a crafted filename.
|
2017-04-10
| ||
osram -- lightify_home
|
OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 allows remote attackers to execute arbitrary commands via TCP port 4000.
アプリでお好みの明るさ、色を選べる模様。 目覚ましの他、「留守中に、
|
2017-04-09
| ||
philips -- in.sight_b120\37
|
Philips In.Sight B120/37 has a password of b120root for the backdoor root account, a password of /ADMIN/ for the backdoor admin account, a password of merlin for the backdoor mg3500 account, a password of M100-4674448 for the backdoor user account, and a password of M100-4674448 for the backdoor admin account.
|
2017-04-09
| ||
proxygen_project -- proxygen
|
The SPDY/2 codec in Facebook Proxygen before 2015-11-09 truncates a certain field to two bytes, which allows hijacking and injection attacks.
|
2017-04-09
| ||
schneider-electric -- conext_combox_865-1058_
|
An issue was discovered in Schneider Electric Conext ComBox, model 865-1058, all firmware versions prior to V3.03 BN 830. A series of rapid requests to the device may cause it to reboot.
|
2017-04-07
| ||
sierrawireless -- aleos_firmware
|
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user.
|
2017-04-09
| ||
sierrawireless -- aleos_firmware
|
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command injection.
|
2017-04-09
| ||
sierrawireless -- aleos_firmware
|
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root.
|
2017-04-09
| ||
sophos -- cyberoam_cr25ing_utm_firmware
|
Sophos Cyberoam UTM CR25iNG 10.6.3 MR-5 allows remote authenticated users to bypass intended access restrictions via direct object reference, as demonstrated by a request for Licenseinformation.jsp. This is fixed in 10.6.5.
|
2017-04-07
| ||
summer_infant -- baby_zoom_wifi_monitor_
|
Summer Baby Zoom Wifi Monitor & Internet Viewing System allows remote attackers to bypass authentication, related to the MySnapCam web service.
|
2017-04-09
| ||
trendnet -- tv-ip743sic
|
TRENDnet WiFi Baby Cam TV-IP743SIC has a password of admin for the backdoor root account.
|
2017-04-09
| ||
vertivco -- liebert_multilink_automated_
|
Liebert MultiLink Automated Shutdown v4.2.4 allows local users to gain privileges by replacing the LiebertM executable file.
|
2017-04-09
|
Subscribe to:
Posts (Atom)