Hi! I’m Takuho Mitsunaga from Watch and Warning Group. I am pleased to announce that JPCERT/CC has just released a report "Investigation Report Regarding Security Issues of Web Applications Using HTML5 (English version)." As mentioned in the previous posts - JPCERT/CC at “CODE BLUE” and Presenting HTML5 security at OWASP AppSec APAC 2014, through publishing a report (Japanese version), we have worked to point out the issues and raise awareness...

Read more

I am Toru Yamauchi, Research Director of JPCERT/CC. JPCERT/CC has been contributing to CSIRT community in Africa since 2010 in order to enhance the global cybersecurity activity. In the rapid ICT development in Africa, it is getting important for African community to accelerate human resource development of cybersecurity and to establish the regional cooperation especially among National CSIRTs. I would like to introduce our recent on-site training program in Djibouti...

Read more

Hi. This is Misaki Kimura from Watch and Warning Group. Ever since the extremely critical vulnerability in recent versions of OpenSSL (known as "Heartbleed") was made public, it has been wreaking havoc across the internet. According to Netcraft, a research firm which monitors websites and certificates worldwide, more than half a million websites were affected. Such said, with no exceptions, websites in Japan were also affected, and we have been...

Read more

Hi. This is Yoshinori Matsumoto from Watch and Warning Group. After JPCERT/CC’s publication of a technical research report on HTML5 last October, our group has been working intensively to raise awareness on security issues of web applications utilizing HTML5. We have been given opportunities to speak at various security conferences on this topic, and one of them was my colleague’s presentation at "CODE BLUE" introduced on this blog earlier. This...

Read more

Hi. This is You Nakatsuru (“Tsuru”) – a “just married” Information Security Analyst from Analysis Center. Today, I would like to introduce JPCERT/CC’s presentations at “CODE BLUE”, a new international information security conference originating in Japan which was held on February 17 and 18. The conference attracted many computer security experts – more than 400 attendees from about 10 different countries. The conference covered a wide range of topics discussing...

Read more

Hello, I am Hidekazu Yamada at ICS Response Group of JPCERT/CC. In this entry today, I would like to look back on “ICS Security Conference 2014” which was held early last month, along with some presentation highlights. My presentation summary on the result of the ICS Asset owners’ survey will also be covered. Event Overview The conference took place on Wednesday, 5 February 2014 at Kokuyo Hall in Shinagawa, Tokyo....

Read more

Hi. This is Misaki Kimura at Watch and Warning Group. We have been tracking and compiling information on website compromises, impacting thousands of legitimate websites in Japan. The number of compromised websites increased significantly in the first half of JFY 2013: more than 5,200 sites have been compromised from April 1 to October 31, 2013. The following chart illustrates the number of compromised websites detected each month in Japan, counted...

Read more

Hi, it's Masaki Kubo. I’ve just returned from my trip to Incheon, Korea, where we had an ISO/IEC JTC 1/SC 27 meeting on standardization of IT security techniques. JPCERT/CC has been engaged in this standardization effort through the Japanese national body over the past years, and I participated particularly in the revision work of ISO/IEC 27035:2011 on information security incident management. ISO/IEC 27035:2011 was published in 2011 and right after...

Read more

------------------------------------------------------------------------ [Update 2013.8.1] MITRE has prepared a page describing the change in CVE format. The page is at the following: CVE-ID Syntax Change https://cve.mitre.org/cve/identifiers/syntaxchange.html Stated on the site, this change is scheduled to take effect on January 1, 2014. This page describes some of the background behind the change and towards the bottom of the page there is a list of some frequently asked questions. ------------------------------------------------------------------------ Hello, this is Taki...

Read more

Hi, I'm Misaki Kimura, a member of the Watch and Warning Group, and this is my first time to post here. My duty here at JPCERT/CC is to monitor various security related information and to share them internally/externally to support taking earliest countermeasures. Today’s topic is about the recent phishing trends in Japan, which includes the phishing incidents observed and efforts for mitigation. Phishing became so prevalent that we frequently...

Read more