Last week's cyber case book -Password list attack on Nico Nico

Call attention to the unauthorized login to Nico Nico Account

Dwango announced on December 10 that it has detected multiple unauthorized login to Nico Nico Account.Unauthorized login is due to password list attacks using email addresses and passwords used in services other than Nico Nico.

Web services often use e -mail addresses for IDs, and it is dangerous if the password is common.If ID and password information leak from one place, you can log in to other services.For this reason, each web service company calls to set a different password for each service (when using an email address as an ID, it is inevitable that ID information is commonlyized).

If your Nico Nico Account is unauthorized, the use of your Nico Nico Point, additional Nico Nico Points, changes in registered e -mail addresses and passwords, posting videos and comments, and limited public scopeThere is a possibility that browsing (gender, date of birth, etc.) will be performed.

Dwango told users that using different passwords between Nico Nico Accounts and other web services, whether or not they had no login history, and could not log in with conventional passwords.I'm calling for caution.

Lost personal information to be stored at about 30 % of post offices

Japan Post and Japan Post Bank announced on December 15 that all post offices have completed surveys at four post offices for the loss of the "financial product brokerage assistance book" that occurred on November 18, 2020.did.As a result of the survey, about 30 % of post offices have confirmed similar internal lost cases.

The contents of the investment trust trading and government bond transactions handled at the post office are required to be preserved at the post office for 10 years as a "financial product brokerage auxiliary book."The laboratory employee visited the 19,816 stations of all postal stations to see if this is properly preserved, and confirmed the storage status of the brokerage auxiliary book from FY2019 to FY2019.

The survey revealed that 6,389 stations were lost in the brokerage assistance book.The number of customers is about 72,000 people.At the same time, when I checked documents other than the brokerage assistance book, it was found that the company lost about 142,000 people at 176 stations.

However, these documents are not necessary to take them out of the post office, and are likely to have been discarded due to mistakes such as errors in the storage period or incorrect boxes to save, and customer inquiries and unauthorized demands.The possibility of information leakage to the outside is low due to the fact that it has not occurred.

As a measure to prevent recurrence, Japan Post will implement the brokerage auxiliary book in June 2021, and will promote paperless by digitization for other documents.The employees will continue to provide guidance on the protection of personal information, and will continue to inspect the post office by laboratory employees.

Unauthorized access to the Tokyo Sports Cultural Museum website

Tokyo on December 8 revealed that the Tokyo Sports Cultural Museum website had received unauthorized access from the outside.We are still confirming the outflow of personal information.

Unauthorized access was detected on November 22, 2021, and the homepage was cut off on November 23.As a result of the survey, unauthorized access was performed multiple times from November 5 to November 23, 2021.

With this unauthorized access, we visited the website from November 5, 2021 to 22:57 on November 23, and entered the reservation / inquiry form (organization / company name, name, telephone number, e -mail address.) It may be affected.However, there is no damage report at present.

Microsoft released a security update in December

Microsoft has released a security update program on December 14 (US time).There is no renewal in security advertisements, and there is no family that has been added to this month's "Removing Malicious Software Delete Tools".

Regarding Windows Encrypting File System (EFS) remote vulnerability, it will be gradually corrected.In the update in December 2021, a new registry "AllowallCliauth", which controls packet -level privacy when connecting to an EFS server, has been added.In the monthly update program scheduled to be released on February 22, 2022, the EFS server will not forcibly defend packet -level privacy on the EFS server.In the update program after March 8, 2022, the EFS server will always ignore the settings in "AllowallCliauth" and always forcibly force packet -level privacy.

Google, the latest version of Chrome "96.0.4664.110" is released

Google released the latest version of the Chrome browser "96.0.4664.110" on December 13.For Windows and MacOS, the update will be released over several days to weeks.

In this update, five vulnerabilities, including one "emergency", were revised.The vulnerability is the use of memory after the release, the heap buffer overflow, etc.Because the vulnerability is high, Chrome users should update as soon as possible.

Be careful of fishing that tricks Yamada Denki

As of December 15, phishing emails that deceive Yamada Denki are spreading.The subject of the e -mail is "[Yamadawebcom] Information is confirmed by enhancing security."

The email describes the contents that needs to be updated to enhance security safety.If you do not update, you will be anxious if you stop using your account and try to click the URL listed.Links imitate logo marks and official websites, and it is difficult to distinguish them from real Yamadawebcom.

This fake site has a page with login, and as you go ahead, you will find personal information and credit card information input fields, but of course you should not enter information.Please note that this fishing site is operating as of December 15.