List of “増渕 維摩(Yuma Masubuchi)”

  • Attack Exploiting XSS Vulnerability in E-commerce Websites Incident
    Attack Exploiting XSS Vulnerability in E-commerce Websites
    On 28 April 2021, Trend Micro reported the details of attacks exploiting cross-site scripting (hereafter “XSS”) vulnerability on e-commerce websites [1]. JPCERT/CC has also confirmed similar cases, which originate in XSS vulnerability in websites developed with EC-CUBE products (an open source CMS for e-commerce websites). This attack does not target vulnerabilities which is specific to EC-CUBE products but affects any e-commerce websites which have XSS vulnerability on its administrator page....

    Read more

  • Attacks Embedding XMRig  on Compromised Servers Incident
    Attacks Embedding XMRig on Compromised Servers
    Publicly-accessible servers have been often targeted for attacks. In recent years, there are cases where these servers are compromised and embedded with a cryptocurrency mining tool. JPCERT/CC confirmed cases with XMRig [1] in February 2021. This article introduces the details of the cases and the tools used.Initial access/Lateral movementIn one of the recent cases, the attacker made several attempts to access the server with SSH protocol, and eventually logged in...

    Read more

  • Japan Security Analyst Conference 2021 -3rd Track- Event
    Japan Security Analyst Conference 2021 -3rd Track-
    JPCERT/CC held Japan Security Analyst Conference 2021 (JSAC2021) on 28 January 2021. It was the first JSAC held online in consideration of the participants’ health and safety in the current COVID-19 pandemic.The conference is aimed at providing opportunities for them to get together and exchange their technical knowledge on incident response and analysis. This is JPCERT/CC’s 4th time holding this annual conference, and 11 presenters were selected from 22 candidates.To...

    Read more