Hi, it’s Shusei Tomonaga again from the Analysis Center. JPCERT/CC has confirmed several attack cases around May 2015, which attempt to steal information of computers leveraging specific network devices featuring VPN server functions. The target of the reconnaissance varies from installed software to keylogs, and it is presumed that the attacker has aimed to steal such information from computers which attempt to login to VPN servers through altered login pages....
-
-
Hi, it’s Shusei Tomonaga again from the Analysis Center. My previous post discussed the mitigation effects against damages caused by malware infection by enabling Internet Explorer’s (hereafter “IE”’s) Protected Mode. In this article, I’d like to introduce an even stronger security function called “Enhanced Protected Mode”, which is a feature of IE 10 and 11 - its overview and preventive effects against damages caused by malware infection. OVERVIEW OF ENHANCED...
-
Hi, it’s Shusei Tomonaga again from the Analysis Center. PoisonIvy, a Remote Access Tool/Trojan (RAT) often used in targeted attacks, had been widely seen until around 2013. Since then, the number of cases using PoisonIvy in such attacks decreased, and there was no special variant with expanded features seen in the wild. However, recently, we have observed cases where PoisonIvy with expanded features in its communication function were used for...
-
Hello, Taki here, and its currently rainy season in Japan. Just recently, I attended the 27th FIRST Annual Conference, held on June 14-19 , 2015 in Berlin – a city that I visited for the first time. (Photo by Hiroshi Kobayashi) I would like to go over some activities that JPCERT/CC was involved in during the conference. This year I attended together with 3 colleagues, Yurie Ito, Koichiro (Sparky) Komiyama...
-
Hello, this is Shusei Tomonaga again from the Analysis Center. JPCERT/CC has been observing cases where vulnerability in Internet Explorer (“IE” hereafter) is leveraged in targeted attacks, etc., resulting in system takeover or configuration change by a third party. In fact, IE has several functions to prevent such exploits. In this article, I will introduce one of the functions called “Protected Mode” – its overview and effects. OVERVIEW OF PROTECTED...
-
Hola! This is Shoko from Incident Response Team. Last month I attended the APWG eCrime 2015, held from May 26-29 in Barcelona – the cosmopolitan capital of Spain’s Catalonia region, defined by quirky art and architecture, imaginative cuisine and siesta. Today, I’d like to share an overview of the APWG eCrime 2015 and my presentation there on “Phishing Trends in Japan.” About APWG and APWG eCrime 2015 You may well...
-
NOTE: This article, originally published on May 28, 2015, was updated as of June 8, 2015 (See below). Just 2 days ago, we published an advisory (in Japanese) on an open proxy issue of a widely used, open source, web browser game utility app called KanColleViewer. The game, Kantai Collection, has explosive popularity. Its official Twitter account has over 1 million followers, and according to its Tweet, the game has...
-
G’day all – It’s Yuka again here from Global Coordination Division. I would like to quickly update about my recent trip to Canberra, Australia, where I attended the inaugural conference of Australian Cyber Security Centre (ACSC). The event attracted more than 800 people mainly from the Australian Government and IT related businesses but also some delegates from neighbouring countries. ACSC consists of the following cyber security related entities in Australia:...
-
Hello, I am Moto Kawasaki and I would like to write about my trip to Yangon, Myanmar from March 8th through 13th, 2015. Koichiro "Sparky" Komiyama and I went there to conduct Apache Log Analysis training and “CSIRT in a Box” training for mmCERT/CC, Myanmar Computer Emergency Response Team / Coordination Center. It is the 5th time starting in 2011 that JPCERT/CC visits mmCERT/CC for technical training. We had a...
-
Hello all, this is Yohei Tanaka from Analysis Center. In this article, I will introduce how recent malware tries to trick users with fake thumbnail previews – I hope this information prevents you from encountering troubles. The majority of malware distributed via email nowadays are executable files (.exe) or compressed executable files, rather than document files that attempt to leverage software vulnerabilities. We at JPCERT/CC have seen cases where users...
.png)
