As of June 7, 2022, HIRT(Hitachi Incident Response Team) has become a CVE Numbering Authority (CNA). As a CNA, HIRT will assign CVE ID to vulnerabilities found in Hitachi products. HIRT-PUB22001 introduces an overview of CNA.
(June 07, 2022 published)
HIRT-PUB21001: Apache Log4j allows insecure JNDI lookups that could allow an unauthenticated, remote attacker to execute arbitrary code. HIRT-PUB21001 introduces the issues associated with Apache Log4j.
(January 04, 2022 published)
HIRT-PUB20002:Treck Inc.'s embedded TCP/IP stack is affected by multiple vulnerabilities. HIRT-PUB20002 introduces the issues associated with Treck TCP/IP.
(June 22, 2020 published)
HIRT-PUB18001: [tutorial] Meltdown and Spectre In early January 2018, issues known as Meltdown and Spectre were reported as CPU vulnerabilities. HIRT-PUB18001 introduces the issues associated with Meltdown and Spectre.
(April 09, 2018 published)
The insecure loading of Dynamic Link Libraries is caused by situations in which the application loads DLL or executable files that should not be loaded. HIRT-PUB17011 introduces an overview of the application-directory type issues related to the insecure loading of Dynamic Link Libraries, as well as corresponding countermeasures.
(April 09, 2018 published)
Beginning from June 27, 2017, the ransomware NotPetya (also known as Petrwrap, GoldenEye and Nyetya) has been active in the wild.
(July 10, 2017 published)
WannaCry exploits a vulnerability in Windows SMBv1, which allows remote code execution. The ransomware spreads like a network worm to infect other Windows systems with this vulnerability. HIRT-PUB17009 introduces how network infection spreads to other vulnerable Windows systems.
(April 09, 2018 published)
Beginning from May 13, 2017, the ransomware WannaCry (also known as WannaCrypt, WanaCrypt0r, WCrypte, and WCRY) has been active in the wild. WannaCry exploits a vulnerability in Windows SMBv1 (vulnerability CVE-2017-0145, addressed by security update MS17-010), which allows remote code execution. The ransomware spreads like a network worm to infect other Windows systems with this vulnerability.
(June 12, 2017 published)
AIS (Automated Indicator Sharing) is an information-sharing initiative involving a collaboration between private and public sectors, to share detected cyber attack indicators. Such indicators include the domains and IP addresses of servers controlling cyber attacks, and malware hash values.
(August 17, 2017 published)
Jakarta Multipart parser of Apache Struts 2 mishandles file upload, that may allow an attacker to remotely execute arbitrary code via crafted HTTP requests.
(March 17, 2017 published)
Ransomware is a generic term that refers to malicious programs that lock targeted PCs and/or hold files hostage. While the term "ransomware" might be familiar to some people, it is not widely understood how these programs attack the targeted PCs. HIRT-PUB17004 addresses an incident of ransomware which was brought to attention in late 2016.
(March 17, 2017 published)
HIRT-PUB17003 introduces activities of the Japan Cybercrime Control Center (JC3), an organization of which Hitachi is now part, which are aimed at eradicating the redirector websites.
(March 17, 2017 published)
Cyber attacks involving IoT (Internet of Things) devices installed in Linux environments, such as home/small office routers, webcams, network storage systems, and digital video recorders, have become prominent since 2016. HIRT-PUB16003 reports on this recent trend.
(April 24, 2017 published)
HIRT: Annual Report 2015 presents HIRT's activities and trends insecurity threats and vulnerability. "When a large-impact incident occurs, great change in the counterapproach is also seen. In 2006 when information leaks occurred in file-sharing software, thin client terminals were adopted. In 2011 when defense industry..."
(November 21, 2016 published)
Ransomware variants have grown very rapidly since 2015 and often attempt to extort money from victims. HIRT-PUB16001 is an advisory to address issue for Ransomware and Recent Variants.
(April 13, 2016 published)
HIRT: Annual Report 2014 presents HIRT's activities and trends insecurity threats and vulnerability. "The feature of 2014 in terms ofincidents was that damage by malicious programs that target onlinebanking became more serious. Also targeted attack and websitecompromised have continued to cause damage..."
(October 6, 2015 published)
HTTP.sys of Microsoft Windows contains an integer overflow vulnerability that may allow an attacker to remotely execute arbitrary code via crafted HTTP requests.
(April 20, 2015 published)
Some SSL/TLS implementations accept the use of an export-grade RSA public key in a non-export RSA key exchange ciphersuite. This vulnerability is commonly referred to as "FREAK". HIRT-PUB15003 is a tutorial to address this issue.
(March 23, 2015 published)
GNU C Library (glibc) contains a heap buffer overflow vulnerability (commonly referred to as "GHOST") that may allow an attacker to remotely execute arbitrary code. HIRT-PUB15001 is an advisory to address issue in Hitachi products.
(January 29, 2015 published)
Hitachi Review presents HIRT's activities and trends in security incidents. "As cyber-attacks continue to evolve, the types of security incident they trigger are becoming more diverse. They are also having an increasingly signifi cant impact ..."
(July, 2014 published)
GNU Bourne-Again Shell (Bash) contains a vulnerability (commonly referred to as"Shellshock") that could allow an attacker to remotely execute shell commands by attaching malicious code in environment variables used by the operating system. HIRT-PUB14011 is an advisory to address issue in Hitachi products.
(October 7, 2014 published)
OpenSSL 1.0.1 contains a vulnerability (commonly referred to as"heartbleed") that could disclose sensitive private information to an attacker. HIRT-PUB14005 is an advisory to address issue in Hitachi products.
(April 17, 2014 published)
HIRT: Annual Report 2013 presents HIRT's activities and trends in security threats and vulnerability. "In 2013, cyber incidents were that website compromised actions became steady occurrences and damage by malicious programs that target online banking became more serious ..."
(May 26, 2014 published)
Apache Commons FileUpload contains a denial-of-service (DoS) vulnerability. HIRT reported this vulnerability to JVN in line with the framework of vulnerability handling - Information Security Early Warning Partnership. HIRT-PUB14003 is an advisory to address vulnerability and to show reported timeline.
(February 19, 2014 published)
HIRT: Annual Report 2012 presents HIRT's activities and trends in security threats and vulnerability. "In 2012, the known threats like targeted attack, website compromised actions and USB malware (e.g.Conficker) have continued to cause damage. Features of 2012 were that denial-of-service attacks and website compromised actions by 'hacktivists' became steady occurrences, and ..."
(November 13, 2013 published)
HIRT: Annual Report 2011 presents HIRT's activities and trends in security threats and vulnerability. "The Year 2011 saw the occurrence of a diversity of security incidents and developed into a transitional period in which cyber attack countermeasures were ..."
(May 26, 2014 published)
HIRT-PUB11004 is an advisory to address vulnerability in Microsoft Windows XP. Microsoft Windows XP contains an issue when processing TCP packets, which may result in a denial-of-service (DoS).
(September 30, 2011 published)
HIRT: Annual Report 2010 presents HIRT's activities and trends in security threats and vulnerability. "In 2010, the attacks that targeted a specific organization (targeted attack) and used an organization's internal network as an attack base (stealth attack) gathered attention such as Operation Aurora and Stuxnet..."
(December 19, 2011 published)
HIRT-PUB10008 describes on Hitachi's role as the developer of information system products (Product IRT) and shows the vulnerability disclosure process of the Hitachi group.
(September 30, 2011 published)
HIRT: Annual Report 2009 presents HIRT's activities and trends in security threats and vulnerability. "In 2009, passive (redirection) type attacks, which use websites as the basis for attacks, have become more general, as shown by the proliferation of Conficker, USB memory type malware and Gumblar, web-based malware..."
(Sep. 29, 2010 published)
HIRT: Annual Report 2008 presents HIRT's activities and trends in security threats and vulnerability. "From 2008 onwards, a virus started to spread via USB memory sticks, which represents a recurrence of the virus infection via floppy disk phenomenon and can be described as history repeating itself..."
(Jun. 22, 2009 published)
HIRT is a team of security experts that disseminates vulnerability and incident information to support HITACHI group companies to protect the customers' computer systems from malicious events such as unauthorized access and security incidents."HIRT: Annual Report 2007" presents HIRT's activities and trends in security threats and vulnerability.
(May 22, 2009 published)
In the HIRT-PUB07004, we attempted to visualize the activities of a worm, focusing on the regularity of a packet (a destination IP address) sent by the worm. In the HIRT-PUB07005, we are targeting visualization, focusing on the completeness (i.e. the scanning scope) and the selection order (the random nature) of a destination IP address.
(Jun. 1, 2007 published)
Although no massive incidents due to new worms have occurred recently, nodes infected by worms which proliferated widely in the past still continue their infective activities.Here, we attempt to visualize the packet of worms, which remains flowing on the Internet.
(Apr. 12, 2007 published)
What CSIRT does may not be very intuitive. We've made an animation video to help you understand HIRT's CSIRT efforts more easily.
(Jun. 22, 2007 published)