Security News

Japanese prime minister Fumio Kishida has ordered an emergency review of the nation's ID Cards, amid revelations of glitches and data leaks that threaten the government's digital services push. Japanese media reports that people with similar names are receiving cards intended for other people, while some recipients found the card links to records describing someone else.

Linux routers in Japan are the target of a new Golang remote access trojan called GobRAT. "Initially, the attacker targets a router whose WEBUI is open to the public, executes scripts possibly by using vulnerabilities, and finally infects the GobRAT," the JPCERT Coordination Center said in a report published today. The compromise of an internet-exposed router is followed by the deployment of a loader script that acts as a conduit for delivering GobRAT, which, when launched, masquerades as the Apache daemon process to evade detection.

Japan's minister for digital transformation and digital reform, Tono Karo, has apologized after a government app breached citizens' privacy. Fujitsu Japan developed and operates the service, which preps PDF files in response to user requests and then despatches them to printers in convenience stores.

According to Mandiant, who has tracked APT43 since 2018, the threat actor aligns with the mission of the Reconnaissance General Bureau, the main foreign intelligence service from North Korea. In particular, malware and tools have been shared between APT43 and the infamous Lazarus threat actor.

A Monday post from FTX Japan states the outfit plans to allow withdrawals from an unspecified moment in February, through the Liquid web site. In 2022 Japan again passed crypto-related laws as it sought to deal with stablecoins and the rise of NFTs. The result of all that lawmaking is that crypto exchanges in Japan are required to register with the Financial Services Agency, demonstrate they can comply with anti-money-laundering laws and similar regulations, set aside capital reserves, and separate customer and exchange assets.

Japan is also revising its cyber security strategy according to Nikkei. Japan's Aerospace Exploration Agency announced last week it has started conceptualizing a satellite refueling service with private Japanese orbital debris removal company, Astroscale.

The United Kingdom, Japan and Italy will pool resources to build a sixth-generation warplane scheduled to be ready for deployment by 2035, with capabilities understood to include AI to rival never-before-seen tech on fighter jets built by China and Russia, although this wasn't stated explicitly. The "Sharing the costs" bit will be important to the UK, which hasn't built a fighter jet alone for quite some time.

Japan's Ministry of Defence announced on Friday that it has formally joined NATO's Cooperative Cyber Defense Centre of Excellence. The CCDCOE is recognized as an international military organization and cyber defence hub focusing on research, training and exercises, like its yearly red team versus blue team cyber war game, Locked Shields.

Beginning in Autumn 2024, existing photo-less national health insurance cards will no longer be accepted, officially replaced by My Number Cards. There's only one problem: Japan residents seem reluctant to adopt them, with an online petition to keep current health cards quickly gathering 100,000 signatures.

Yahoo Japan has revealed that it plans to go passwordless, and that 30 million of its 50 million monthly active users have already stopped using passwords in favor of a combination of FIDO and TXT messages. A case study penned by staff from Yahoo Japan and Google's developer team, explains that the company started work on passwordless initiatives in 2015 but now plans to go all-in because half of its users employ the same password on six or more sites.