IoT Security Checklist
The Internet of Things (IoT) is a concept that refers to a distributed system consisting of a network of monitoring applications that collect information about the state of physical objects, and control applications that alter the state of objects based on the collected information and other elements. Recently, it is gaining a lot of attention and expected to spread rapidly in the years to come.
Business E-mail Compromise Survey Report
This report provides information about specific actions that will be effective against BEC, considering how this threat has developed and transitioned based on the survey results along with information publicly available..
Cyber Security First Step for Introducing IIoT to the Factory
IoT technology is used for various purposes in the industries. While it allows efficient production devices connected to the network has new threats such as cyber attack.
JPCERT/CC released "Cyber Security First Step for Introducing IIoT to the Factory" to help implementing security measures for such threats..
Detecting Lateral Movement through Tracking Event Logs
JPCERT/CC extracted tools used by many attackers by investigating recently confirmed cases of targeted attacks. Then, a research was conducted to investigate what kind of logs were left on the server and clients by using such tools, and what settings need to be configured to obtain logs that contain sufficient evidential information.
This report is a summary of the results of this research.
Fact-finding Report on the Establishment and Operation of CSIRTs in Japan 2015
Cyber attacks in recent years have become increasingly diverse in terms of their aims, targets, and TTPs (Tactics, Techniques, and Procedures) used. Occasionally, the impact can be large enough to shake the foundation of a business. One approach that is drawing attention is to establish a Computer Security Incident Response Team (CSIRT) that will serve as the linchpin of an organization to effectively handle security incidents.
Initiative on Security Issues of the IPv6 Protocol
Support for IPv6 is spreading at an accelerated rate in network devices and Internet connection service menus. Today, an environment in which IPv6 can be used is becoming increasingly commonplace. From the perspective of network administration including security, IPv6 comes with features that need to be handled with an approach that differs from IPv4.
Report on Security Issues of Web Application Using HTML5
HTML5 is a specification of a markup language which is under development by WHATWG and W3C as the next generation of HTML standard. HTML5 and its peripheral technologies enable us to develop more flexible and convenient website than using the conventional HTML4. It allows us to store data within the visitor's browser (Web Storage), enables full-duplex communication between the visitor's browser and web servers(WebSocket) and obtain location information of the visitor(Geolocation). However, verifications and awareness-raising on how attackers may exploit these new features have yet to be properly performed.
Research Report on IT Security Inoculation
Targeted email attacks, where malware attached emails and the like are sent to specific companies, organizations or individuals, are recently emerging.
The research has revealed that targeted email attacks do indeed exist and that education and trainings based on inoculation methods prove effective to a certain level.