Hi. This is Misaki Kimura from Watch and Warning Group. Ever since the extremely critical vulnerability in recent versions of OpenSSL (known as "Heartbleed") was made public, it has been wreaking havoc across the internet. According to Netcraft, a research firm which monitors websites and certificates worldwide, more than half a million websites were affected. Such said, with no exceptions, websites in Japan were also affected, and we have been...

Read more

Hi. This is Yoshinori Matsumoto from Watch and Warning Group. After JPCERT/CC’s publication of a technical research report on HTML5 last October, our group has been working intensively to raise awareness on security issues of web applications utilizing HTML5. We have been given opportunities to speak at various security conferences on this topic, and one of them was my colleague’s presentation at "CODE BLUE" introduced on this blog earlier. This...

Read more

Hi. This is You Nakatsuru (“Tsuru”) – a “just married” Information Security Analyst from Analysis Center. Today, I would like to introduce JPCERT/CC’s presentations at “CODE BLUE”, a new international information security conference originating in Japan which was held on February 17 and 18. The conference attracted many computer security experts – more than 400 attendees from about 10 different countries. The conference covered a wide range of topics discussing...

Read more

Hello, I am Hidekazu Yamada at ICS Response Group of JPCERT/CC. In this entry today, I would like to look back on “ICS Security Conference 2014” which was held early last month, along with some presentation highlights. My presentation summary on the result of the ICS Asset owners’ survey will also be covered. Event Overview The conference took place on Wednesday, 5 February 2014 at Kokuyo Hall in Shinagawa, Tokyo....

Read more

Hi. This is Misaki Kimura at Watch and Warning Group. We have been tracking and compiling information on website compromises, impacting thousands of legitimate websites in Japan. The number of compromised websites increased significantly in the first half of JFY 2013: more than 5,200 sites have been compromised from April 1 to October 31, 2013. The following chart illustrates the number of compromised websites detected each month in Japan, counted...

Read more

Hi, it's Masaki Kubo. I’ve just returned from my trip to Incheon, Korea, where we had an ISO/IEC JTC 1/SC 27 meeting on standardization of IT security techniques. JPCERT/CC has been engaged in this standardization effort through the Japanese national body over the past years, and I participated particularly in the revision work of ISO/IEC 27035:2011 on information security incident management. ISO/IEC 27035:2011 was published in 2011 and right after...

Read more

------------------------------------------------------------------------ [Update 2013.8.1] MITRE has prepared a page describing the change in CVE format. The page is at the following: CVE-ID Syntax Change https://cve.mitre.org/cve/identifiers/syntaxchange.html Stated on the site, this change is scheduled to take effect on January 1, 2014. This page describes some of the background behind the change and towards the bottom of the page there is a list of some frequently asked questions. ------------------------------------------------------------------------ Hello, this is Taki...

Read more

Hi, I'm Misaki Kimura, a member of the Watch and Warning Group, and this is my first time to post here. My duty here at JPCERT/CC is to monitor various security related information and to share them internally/externally to support taking earliest countermeasures. Today’s topic is about the recent phishing trends in Japan, which includes the phishing incidents observed and efforts for mitigation. Phishing became so prevalent that we frequently...

Read more

G’day! This is Shiori Kubo from JPCERT/CC, serving as a member of the APCERT Secretariat. Today I would like to cover APCERT’s 10th anniversary, commemorated at the APCERT AGM & Conference 2013, held on 23rd - 27th March 2013 in Brisbane, Australia, very warmly and successfully hosted by CERT Australia. About APCERT For readers who are not familiar with APCERT, please let me briefly introduce – APCERT stands for Asia...

Read more

Hello, it's Taki here and it has been a long time since I last wrote here. Today's topic is about the following: Call for Public Feedback on Upcoming CVE ID Syntax Change https://cve.mitre.org/news/index.html#jan242013a Before I get into the details of what is said here, I would like to quickly introduce CVE. CVE stands for Common Vulnerabilities and Exposures and it is managed by The MITRE Corporation in the US. CVE...

Read more