キタきつね
LightNews LightNews
banner
kitafox.bsky.social
キタきつね
@kitafox.bsky.social
88 followers 6 following 13K posts
都内某企業セキュリティコンサル(専門PCI DSS)。セキュリティと生成AI記事をウォッチ中。Working as a security consultant(PCI DSS etc) at Tokyo. I'm focusing on security, and Generative AI news.

https://x.com/foxbook
https://foxsecurity.hatenablog.com/
Posts Replies Media Videos
kitafox.bsky.social
Cloudflare、AISURUボットネットによる記録的な29.7TbpsのDDoS攻撃を軽減

Cloudflare mitigates record 29.7 Tbps DDoS attack by the AISURU botnet #SecurityAffairs (Dec 4)

securityaffairs.com/185299/secur...
Cloudflare mitigates record 29.7 Tbps DDoS attack by the AISURU botnet
Cloudflare blocked a record 29.7 Tbps DDoS attack from the AISURU botnet. The 69-second attack set a new high.
securityaffairs.com
December 6, 2025 at 8:00 AM
kitafox.bsky.social
ASUSは、エベレストギャングによるデータ漏洩でベンダーの侵害を認め、アークソフトとクアルコムも主張

ASUS confirms vendor breach as Everest gang leaks data, claims ArcSoft and Qualcomm #SecurityAffairs (Dec 4)

securityaffairs.com/185310/data-...
ASUS confirms vendor breach as Everest gang leaks data, claims ArcSoft and Qualcomm
ASUS confirms a third-party breach after Everest leaks sample data. Hackers also claim ArcSoft and Qualcomm.
securityaffairs.com
December 6, 2025 at 7:00 AM
kitafox.bsky.social
マーキスのデータ侵害は78万人以上に影響を与えた

Marquis data breach impacted more than 780,000 individuals #SecurityAffairs (Dec 4)

securityaffairs.com/185320/data-...
Marquis data breach impacted more than 780,000 individuals
Hackers breached fintech firm Marquis, stealing personal and financial data, the security breach impacted over 780,000 people.
securityaffairs.com
December 6, 2025 at 6:00 AM
kitafox.bsky.social
スキル不足が人員不足を上回り、サイバー空間における重大な課題に

Skills Shortages Trump Headcount as Critical Cyber Challenge #InfosecurityMagazine (Dec 4)

www.infosecurity-magazine.com/news/skills-...
Skills Shortages Trump Headcount as Critical Cyber Challenge
ISC2 report reveals 59% of global organizations have critical or significant skills shortages
www.infosecurity-magazine.com
December 6, 2025 at 5:00 AM
kitafox.bsky.social
新しいGhostFrameフィッシングフレームワークが100万件以上の攻撃を検知

New GhostFrame Phishing Framework Hits Over One Million Attacks #InfosecurityMagazine (Dec 4)

www.infosecurity-magazine.com/news/ghostfr...
New GhostFrame Phishing Framework Hits Over One Million Attacks
The GhostFrame phishing framework, using stealthy iframes, was linked to over 1 million attacks
www.infosecurity-magazine.com
December 6, 2025 at 4:00 AM
kitafox.bsky.social
サイバー機関、AI時代のデジタルトラストを推進する新たな出所レポートを発表

Cyber Agencies Push for Digital Trust Amid AI Era with New Provenance Report #InfosecurityMagazine (Dec 5)

www.infosecurity-magazine.com/news/cyber-a...
Cyber Agencies Push for Digital Trust Amid AI Era with New Provenance
UK’s NCSC and Canada’s CCCS release a joint report on content provenance, urging organizations to strengthen digital trust and combat AI-driven misinformation
www.infosecurity-magazine.com
December 6, 2025 at 3:00 AM
kitafox.bsky.social
CISAと国際パートナーがインフラにおける安全なAIのためのガイダンスを発行

CISA and International Partners Issue Guidance for Secure AI in Infrastructure #InfosecurityMagazine (Dec 5)

www.infosecurity-magazine.com/news/us-guid...
US and Australia Issue Guidance for Secure AI in Infrastructure
Cybersecurity agencies have issued guidance for securely integrating AI into OT systems
www.infosecurity-magazine.com
December 6, 2025 at 2:00 AM
kitafox.bsky.social
ハッキング歴のある請負業者が96の政府データベースを消去したとして告発される

Contractors with hacking records accused of wiping 96 govt databases #BleepingComputer (Dec 4)

www.bleepingcomputer.com/news/securit...
Contractors with hacking records accused of wiping 96 govt databases
U.S. prosecutors have charged two Virginia brothers arrested on Wednesday with allegedly conspiring to steal sensitive information and destroy government databases after being fired from their jobs…
www.bleepingcomputer.com
December 6, 2025 at 1:00 AM
kitafox.bsky.social
NCSCの「プロアクティブ通知」は、公開されたデバイスの欠陥について組織に警告します

NCSC's ‘Proactive Notifications’ warns orgs of flaws in exposed devices #BleepingComputer (Dec 4)

www.bleepingcomputer.com/news/securit...
NCSC's ‘Proactive Notifications’ warns orgs of flaws in exposed devices
The UK's National Cyber Security Center (NCSC) announced the testing phase of a new service called Proactive Notifications, designed to inform organizations in the country of vulnerabilities present…
www.bleepingcomputer.com
December 6, 2025 at 12:01 AM
kitafox.bsky.social
便利か大惨事か?誰も語らないAIブラウザの危険性

Convenience or Catastrophe? The Dangers of AI Browsers No One is Talking About #SecurityBoulevard (Dec 4)

securityboulevard.com/2025/12/conv...
Convenience or Catastrophe? The Dangers of AI Browsers No One is Talking About
AI browsers introduce reasoning-based risks. Learn how cross-origin AI agents dismantle web security and what defenses are needed.
securityboulevard.com
December 5, 2025 at 11:00 PM
kitafox.bsky.social
CISO、CIO、取締役会:サイバーセキュリティの信頼ギャップを埋める

CISOs, CIOs and Boards: Bridging the Cybersecurity Confidence Gap #SecurityBoulevard (Dec 4)

securityboulevard.com/2025/12/ciso...
CISOs, CIOs and Boards: Bridging the Cybersecurity Confidence Gap
New data shows 90% of NEDs lack confidence in cybersecurity value. CISOs and CIOs must translate cyber risk into business impact.
securityboulevard.com
December 5, 2025 at 10:00 PM
kitafox.bsky.social
セキュリティの不眠:CISO を夜も眠れなくさせる本当の原因

Sleepless in Security: What’s Actually Keeping CISOs Up at Night #SecurityBoulevard (Dec 4)

securityboulevard.com/2025/12/slee...
Sleepless in Security: What’s Actually Keeping CISOs Up at Night
Security headlines distract, but the threats keeping CISOs awake are fundamental gaps and software supply chain risks. Learn why basics and visibility matter most.
securityboulevard.com
December 5, 2025 at 9:02 PM
kitafox.bsky.social
英国当局は顔認識技術の利用拡大を目指している

British officials seek to expand facial recognition technology use #TheRecord (Dec 5)

therecord.media/british-offi...
British officials seek to expand facial recognition technology use
Police have used facial recognition in Britain since 2017 and controversy has mounted as more aggressive deployments have been undertaken, including live facial recognition which involves processing…
therecord.media
December 5, 2025 at 12:01 PM
kitafox.bsky.social
ディープフェイク詐欺の増加に議会が対抗

Congress moves to confront the rise of deepfake fraud #BiometricUpdate (Dec 4)

www.biometricupdate.com/202512/congr...
Congress moves to confront the rise of deepfake fraud | Biometric Update
Under the two lawmakers’ legislation, criminals who use AI to commit mail, wire, or bank fraud would face significantly steeper fines and prison sentences.
www.biometricupdate.com
December 5, 2025 at 11:30 AM
kitafox.bsky.social
企業はエージェントAIガバナンスフレームワークやダッシュボードオプションに真っ先に参入

Firms dive head first into agentic AI governance frameworks, dashboard options #BiometricUpdatte (Dec 4)

www.biometricupdate.com/202512/firms...
Firms dive head first into agentic AI governance frameworks, dashboard options | Biometric Update
ServiceNow has announced its intent to acquire identity security company Veza to extend the identity security capabilities of its security and risk portfolio.
www.biometricupdate.com
December 5, 2025 at 11:01 AM
kitafox.bsky.social
量子時計は刻々と進み、企業は依然として準備モードから抜け出せない

The quantum clock is ticking and businesses are still stuck in prep mode #HelpNetSecurity (Dec 4)

www.helpnetsecurity.com/2025/12/04/t...
The quantum clock is ticking and businesses are still stuck in prep mode - Help Net Security
Most businesses feel confident about quantum threats but lack plans, prepared systems. The post quantum readiness gap is wider than expected.
www.helpnetsecurity.com
December 5, 2025 at 10:30 AM
kitafox.bsky.social
AI vs. あなた: 許可の決定が得意なのはどちらでしょうか?

AI vs. you: Who’s better at permission decisions? #HelpNetSecurity (Dec 4)

www.helpnetsecurity.com/2025/12/04/l...
AI vs. you: Who’s better at permission decisions? - Help Net Security
An LLM steps in as users tap through app permissions, handling each access control request in a way that shifts how privacy decisions unfold.
www.helpnetsecurity.com
December 5, 2025 at 10:00 AM
kitafox.bsky.social
スマートグリッドは近代化を試みており、攻撃者はそれを招待状のように扱っている

Smart grids are trying to modernize and attackers are treating it like an invitation #DarkReading (Dec 4)

www.helpnetsecurity.com/2025/12/04/s...
Smart grids are trying to modernize and attackers are treating it like an invitation - Help Net Security
Securing smart grids means confronting expanded attack surfaces from device sprawl and underestimated edge-based threat vectors.
www.helpnetsecurity.com
December 5, 2025 at 9:45 AM
kitafox.bsky.social
エージェントAIがサイバー防御を強化

How Agentic AI Can Boost Cyber Defense #DarkReading (Dec 5)

www.darkreading.com/cybersecurit...
How Agentic AI Can Boost Cyber Defense
Transurban head of cyber defense Muhammad Ali Paracha shares how his team uses agentic AI to triage and score security threats at Black Hat Middle East.
www.darkreading.com
December 5, 2025 at 9:30 AM
kitafox.bsky.social
CISAがOTにおけるAI利用に関するセキュリティガイダンスを公開

CISA Publishes Security Guidance for Using AI in OT #DarkReading (Dec 5)

www.darkreading.com/cybersecurit...
CISA Publishes Security Guidance for Using AI in OT
Global cybersecurity agencies published guidance regarding AI deployments in operational technology, a backbone of critical infrastructure.
www.darkreading.com
December 5, 2025 at 9:30 AM
kitafox.bsky.social
SMSフィッシング詐欺師はポイント、税金、偽の小売業者に狙いを定める

SMS Phishers Pivot to Points, Taxes, Fake Retailers #KrebsonSecurity (Dec 4)

krebsonsecurity.com/2025/12/sms-...
SMS Phishers Pivot to Points, Taxes, Fake Retailers
China-based phishing groups blamed for non-stop scam SMS messages about a supposed wayward package or unpaid toll fee are promoting a new offering, just in time for the holiday shopping season:…
krebsonsecurity.com
December 5, 2025 at 9:15 AM
kitafox.bsky.social
TLS 1.3には歓迎すべき改善点が含まれているが、依然として長期秘密が許容されている

TLS 1.3 includes welcome improvements, but still allows long-lived secrets #Register (Dec 4)

www.theregister.com/2025/12/04/t...
TLS 1.3 includes welcome improvements, still has problems
Systems Approach: Tricky tradeoffs are hard to avoid when designing systems, but the choice not to use LLMs for some tasks is clear
www.theregister.com
December 5, 2025 at 8:45 AM
kitafox.bsky.social
中国のスパイは米国の重要なネットワークに侵入し、何年も隠れていた

PRC spies Brickstromed their way into critical US networks and remained hidden for years #Register (Dec 4)

www.theregister.com/2025/12/04/p...
PRC spies Brickstromed their way into critical US networks
: 'Dozens' of US orgs infected
www.theregister.com
December 5, 2025 at 8:15 AM
kitafox.bsky.social
ゴールドファクトリー、改造された銀行アプリで東南アジアを襲撃、1万1000人以上の感染者発生

GoldFactory Hits Southeast Asia with Modified Banking Apps Driving 11,000+ Infections #HackerNews (Dec 4)

thehackernews.com/2025/12/gold...
GoldFactory Hits Southeast Asia with Modified Banking Apps Driving 11,000+ Infections
GoldFactory spreads modified banking apps in Southeast Asia, causing 11,000+ malware infections through government impersonation scams.
thehackernews.com
December 5, 2025 at 8:00 AM
kitafox.bsky.social
今年ウェブセキュリティを大きく変えた5つの脅威 [2025]

5 Threats That Reshaped Web Security This Year [2025] #HackerNews (Dec 4)

thehackernews.com/2025/12/5-th...
5 Threats That Reshaped Web Security This Year [2025]
AI attacks, code flaws, and large-scale web breaches in 2025 forced new security rules and continuous monitoring for all organizations.
thehackernews.com
December 5, 2025 at 7:00 AM