Hello, Taki here. It has been a long time since I have written here. Today, I will be writing about some activities within our Vulnerability Coordination Group. Over the past few years, we have received some coordination requests directly from overseas researchers and other sources, in addition to the reports through the " Information Security Early Warning Partnership". I would like to introduce some recent cases that we have published...

Read more

JPCERT/CC has been continuously observing cases where websites in Japan created with Content Management Systems (hereafter “CMS”) are defaced in a similar way, and the same kind of cases are also observed overseas [1], [2]. In these cases, part of the PHP files composing the CMS are altered, and this results in defacement of the website contents [3]. Based on the analysis of several cases, this entry today describes the...

Read more

Hello again, this is You ‘Tsuru’ Nakatsuru from Analysis Center. It has been just about two years since I delivered a talk “Fight Against Citadel in Japan” at CODE BLUE 2013 (an international security conference in Tokyo) about the situation on banking trojans observed in Japan at that time and detailed analysis results on Citadel (See my blog entry here). For the presentation material and audio archive, please see Reference...

Read more

Hi, this is You 'Tsuru' Nakatsuru again from Analysis Center. This past summer, I joined the “Security Camp 2015” in Japan as a trainer for a malware analysis training course, which was held for students aged 22 and under living in Japan, with the aim of discovering top, young talents. This blog entry is to introduce the malware analysis training materials which I used at Security Camp 2015 as below....

Read more

Hello, this is You ‘Tsuru’ Nakatsuru at Analysis Center. As introduced in the previous blog post, my colleagues presented on the attacks arising in Japan at CODE BLUE 2015, entitled “Revealing the Attack Operations Targeting Japan”. In this entry, I will introduce the details of an IDAPython script “emdivi_string_decryptor.py”, which JPCERT/CC developed to analyse Emdivi, a remote control malware. The script was also introduced in our presentation at CODE BLUE...

Read more

You may well have heard of the May cyber attack in Japan against the Japan Pension Service – a high-profile case seen in the first half of this year, where 1.25 million cases of personal data was exposed. According to the Japan Pension Service, the data leaked included names and ID numbers, and for some cases, dates of birth and home addresses. The official reports(1) say that the massive leak...

Read more

Hello, Taki here, and its currently rainy season in Japan. Just recently, I attended the 27th FIRST Annual Conference, held on June 14-19 , 2015 in Berlin – a city that I visited for the first time. (Photo by Hiroshi Kobayashi) I would like to go over some activities that JPCERT/CC was involved in during the conference. This year I attended together with 3 colleagues, Yurie Ito, Koichiro (Sparky) Komiyama...

Read more

NOTE: This article, originally published on May 28, 2015, was updated as of June 8, 2015 (See below). Just 2 days ago, we published an advisory (in Japanese) on an open proxy issue of a widely used, open source, web browser game utility app called KanColleViewer. The game, Kantai Collection, has explosive popularity. Its official Twitter account has over 1 million followers, and according to its Tweet, the game has...

Read more

Hello all, this is Yohei Tanaka from Analysis Center. In this article, I will introduce how recent malware tries to trick users with fake thumbnail previews – I hope this information prevents you from encountering troubles. The majority of malware distributed via email nowadays are executable files (.exe) or compressed executable files, rather than document files that attempt to leverage software vulnerabilities. We at JPCERT/CC have seen cases where users...

Read more

JPCERT/CC has successfully hosted the seventh Control System Security Conference on February 12, 2015 at Kokuyo Hall in Tokyo. The event brought together more than 250 attendees, including a cross-section of engineers/managers of ICS vendors and asset owners. The conference has been held annually since 2009 in order to raise awareness on ICS security issues and share the insights and ideas on ICS security. The program for this year has...

Read more