JPCERT/CCブログ 英語版

In a previous article of JPCERT/CC Eyes, we reported on SPAWNCHIMERA malware, which infects the target after exploiting the vulnerability in Ivanti Connect Secure. However, this is not the only malware observed in recent attacks. This time, we focus on...

JPCERT/CC organised ICS Security Conference on 5 February 2025. This event aims to share the current threat to ICS both in Japan and overseas and the efforts of stakeholders in the field, as well as to help participants improve their...

Following the previous blog post on the Main Track on Day 2, this article highlights the Workshops and Lightning Talks of JSAC2025.

Continuing from the previous blog article, this entry introduces the presentations on the 2nd day of JSAC2025. Observation of phishing criminal groups related to illegal money transfers and Mizuho Bank’s countermeasures -Fighting against phishing site malware ‘KeepSpy’- Speaker: Tsukasa Takeuchi,...

*Please note that this article is a tran...

This TSUBAME Report Overflow series discuss monitoring trends of overseas TSUBAME sensors and other activities which the Internet Threat Monitoring Quarterly Reports does not include. This article covers the monitoring results for the period of October to December 2024. Observation...

On January 21 and 22, 2025, JPCERT/CC held its annual technical conference JSAC, aiming at enhancing the skills and knowledge of security analysts. The conference brought experts in the field of cyber security together to share technical insights related to...

In January 2025, Ivanti published an adv...

There have recently been reports of unau...

Continuing from the previous article, Part 2 covers another case of a watering hole attack. This time, we will look at the case of a media-related website exploited in 2023. Flow of the attack Figure 1 shows the flow of...

Nowadays, many people probably recognize exploit of vulnerabilities in publicly exposed assets such as VPN and firewalls as the attack vector. In fact, many security incidents reported to JPCERT/CC also involve such devices. This is because vulnerabilities in VPN devices...

This TSUBAME Report Overflow series discuss monitoring trends of overseas TSUBAME sensors and other activities which the Internet Threat Monitoring Quarterly Reports does not include. This article covers the monitoring results for the period of July to September 2024. Packets...

JPCERT/CC has confirmed an attack agains...

Many people may think of EventLogs when one mentions Windows OS logs. When investigating incidents such as malware infections, it is common to analyze the Windows OS EventLogs to find traces that may help uncover the incident. However, since the...

We continue to introduce the talks at JSAC2024. This third issue covers workshops and lightning talks. Workshop Introduction to Investigation of Unauthorised Access to Cloud Speakers: Hayate Hazuru and Takahiro Yamamoto (ITOCHU Cyber & Intelligence Inc.), Norihide Saito (Flatt Security...

The difficult part of the initial response to a human-operated ransomware attack is identifying the attack vector. You may already know from recent security incident trends that the vulnerabilities of VPN devices are likely to be exploited, but it often...

This TSUBAME Report Overflow series discuss monitoring trends of overseas TSUBAME sensors and other activities which the Internet Threat Monitoring Quarterly Reports does not include. This article covers the monitoring results for the period of April to June 2024. The...

JPCERT/CC held the annual ICS Security Conference 2024 on 7 February 2024. The conference aims to share the current status of threats to ICS both in Japan and overseas and the efforts of stakeholders in the field, as well as...

When dynamically analyzing Android malware, it is currently difficult to follow its code using debuggers unlike Windows malware. Although there is a technique [1] to hook a method dynamically by Frida [2], obtaining the in-progress state of the method is...

JPCERT/CC has been observing attack acti...