KAZU

New Blog Post: SPAWNCHIMERA Malware: The Chimera Spawning from Ivanti Connect Secure Vulnerability ^TN blogs.jpcert.or.jp/en/2025/02/spa…

New Blog Post: Attack Exploiting Legitimate Service by APT-C-60 ^TN blogs.jpcert.or.jp/en/2024/12/APT…

New blog Post: ETW Forensics - Why use Event Tracing for Windows over EventLog? ^TN blogs.jpcert.or.jp/en/2024/11/etw…

New Blog Post: Event Log Talks a Lot: Identifying Human-operated Ransomware through Windows Event Logs ^YU blogs.jpcert.or.jp/en/2024/09/win…

Pleased to announce #JSAC2025 takes place on 21-22 January 2025! CFP and CFW are now open. "First Timer Slot" and Lightning Talk are available this year too. Looking forward to receiving many proposals. Visit the website to learn more! ^MT jsac.jpcert.or.jp/en/index.html

New Blog Post: MirrorFace Attack against Japanese Organisations ^YU blogs.jpcert.or.jp/en/2024/07/mir…

New Blog Post: Attack Activities by Kimsuky Targeting Japanese Organizations ^MT blogs.jpcert.or.jp/en/2024/07/att…

Our threat brief on #CVE20243400 has been substantially updated. Updated sections include Current Scope of the Attack and the section on Operation MidnightEclipse activity. bit.ly/43YOECb

Playlist of #JSAC2024 presentations in English now available here. Stay tuned for #JSAC2025 ! ^MT youtube.com/playlist?list=…

New Blog Post: New Malicious PyPI Packages used by Lazarus ^MT blogs.jpcert.or.jp/en/2024/02/laz…

Police arrests LockBit ransomware members, release decryptor in global crackdown - @serghei bleepingcomputer.com/news/security/… bleepingcomputer.com/news/security/…

.@Volexity provides an update on its Ivanti Connect Secure VPN report concerning chained exploitation of CVE-2024-21887/CVE-2023-46805. Based on new data, 1700+ devices have been compromised following widespread exploitation. Details: volexity.com/blog/2024/01/1… #dfir #threatintel

Check out our initial findings on zero-day exploitation of Ivanti appliances by a suspected APT. 👇 bit.ly/3vwmkK6 We share details on five malware families related to the exploitation, as well as IOCs, YARA rules, and more for defenders to stay ahead of the threat.

This meme has aged well - if you use products from these vendors, assume RCE vulnerabilities and plan from there

In May we released a joint cybersecurity advisory with international partners on activity affecting US critical networks. Now, @lumentechco has released a blog detailing activity & tactics likely employed by the same PRC state-sponsored threat actor 👉 blog.lumen.com/routers-roasti…

The CVSS Special Interest Group is proud to announce the official release of CVSS v4.0 - first.org/cvss/. This latest version of CVSS seeks to provide all users with the highest fidelity vulnerability assessment. #FIRSTdotOrg #CVSS #BuildingTrust #PSIRT #CSIRT

Citrixbleed: On Oct 10th, Citrix announced a security advisory for CVE-2023-4966, a sensitive information disclosure bug marked as CVSS 9.4 affecting Netscaler Gateway. The security research team at @assetnote was able to reproduce the vulnerability. Blog post here: assetnote.io/resources/rese… or you can find the exploit here: github.com/assetnote/expl…

📃 New Policy Paper @snv_berlin @ale_paulus and I have analyzed how 🇦🇺, 🇩🇪, 🇯🇵, & the 🇺🇸 publicly attributed cyber operations between 2014-2023. 🔗 Full paper: stiftung-nv.de/en/publication… A 🧵 on what we learned and why this is of relevance ⬇️

Sharing new data on Citrix NetScaler devices compromised via a CVE-2023-3519 campaign that involves malicious code injection to steal credentials (see the writeup by @IBM X-Force securityintelligence.com/posts/x-force-… for details). We see 285 NetScaler IPs compromised: dashboard.shadowserver.org/statistics/com…

How to automate daily incident investigations more efficiently. @jpcert_en's @shu_tom details on the blog today: blog.apnic.net/2023/09/13/how…