Security information

Microsoft Authenticatorアプリにおいて、情報漏えいにつながる可能性のある脆弱性（CVE-2026-41615）が公表されています。
本学の各種サービスで多要素認証を利用している方は、以下の内容をご確認のうえ、
すみやかにMicrosoft Authenticatorアプリを最新版へ更新してください。

【対象アプリ】
Microsoft Authenticator

【対象端末】
Microsoft Authenticatorをインストールしているスマートフォン・タブレット等

【対応内容】
各アプリストアから、Microsoft Authenticatorを最新版へ更新してください。
・iPhone / iPadをご利用の方
　App StoreからMicrosoft Authenticatorを更新してください。
・Android端末をご利用の方
　Google PlayストアからMicrosoft Authenticatorを更新してください。

【確認をお願いしたいバージョン】
以下のバージョン未満をご利用の場合は、更新が必要です。
・iOS版：6.8.47未満
・Android版：6.2605.2973未満

【更新方法】
以下のMicrosoft公式ページを開き、ご利用の端末に応じてQRコードを読み取るか、App StoreまたはGoogle Playストアへのリンクを開いてください。
Microsoft Authenticator のダウンロード
https://support.microsoft.com/ja-jp/authenticator/download-microsoft-authenticator
アプリの自動更新を有効にしている場合でも、更新が完了していないことがあります。
お手数ですが、アプリストア上で最新版になっているかご確認ください。
なお、更新後もMicrosoft Authenticatorに登録済みのアカウント情報は通常そのまま利用できます。

【参考】
Microsoft公式サイト：
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41615

ご不明な点がある場合は、以下の連絡先までお問い合わせください。
学生：oshiete@sic.shibaura-it.ac.jp
教職員：goiken@sic.shibaura-it.ac.jp
--
A vulnerability that may lead to information leakage (CVE-2026-41615) has been disclosed in the Microsoft Authenticator app.
If you use multi-factor authentication for the university’s various services, please review the following information and promptly update the Microsoft Authenticator app to the latest version.

【Affected App】
Microsoft Authenticator

【Affected Devices】
Smartphones, tablets, and other devices on which Microsoft Authenticator is installed

【Required Action】
Please update Microsoft Authenticator to the latest version from the relevant app store.
・For iPhone / iPad users
　Please update Microsoft Authenticator from the App Store.
・For Android device users
　Please update Microsoft Authenticator from the Google Play Store.

【Versions to Check】
If you are using a version earlier than the following, an update is required.
・iOS version: earlier than 6.8.47
・Android version: earlier than 6.2605.2973

【How to Update】
Please open the Microsoft official page below and, depending on your device, scan the QR code or open the link to the App Store or Google Play Store.
Download Microsoft Authenticator
https://support.microsoft.com/ja-jp/authenticator/download-microsoft-authenticator
Even if automatic app updates are enabled, the update may not yet have been completed.
We apologize for the inconvenience, but please check the app store to confirm that you are using the latest version.
Please note that, in general, account information already registered in Microsoft Authenticator can continue to be used after the update.

【Reference】
Microsoft official website:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41615

If you have any questions, please contact the following:
Students: oshiete@sic.shibaura-it.ac.jp
Faculty and Staff: goiken@sic.shibaura-it.ac.jp

学内で利用するアプリケーションや各種サービス（Teams、Zoomなど）をインストールする際は、
検索エンジン(EdgeのBingなど)で検索して表示されたサイト経由でインストールをしないよう、お願いいたします。

検索エンジンの検索結果には、公式サイトに見える紛らわしいページや、
意図しないサイトや悪意のあるサイトが表示される場合があります。

こうしたリスクを避けるため、アプリやサービスのインストールが必要な場合は、
必ず本学 学術情報センターのWebサイトに案内のあるインストールサイトへアクセスするか、
Microsoft Storeにある正規アプリをインストールするようにしてください。

学術情報センターWebサイト
https://web.sic.shibaura-it.ac.jp

Teamsインストール
https://web.sic.shibaura-it.ac.jp/teams_top

Zoomインストール
https://web.sic.shibaura-it.ac.jp/Zoom_install

Officeインストール
https://web.sic.shibaura-it.ac.jp/Microsoft_Office

安全な利用環境を維持するため、皆さまのご理解とご協力をお願いいたします。
ご不明な点などございましたら、以下までご連絡ください。

教職員: goiken@sic.shibaura-it.ac.jp
学生: oshiete@sic.shibaura-it.ac.jp

----

When installing applications and services used on campus, such as Teams and Zoom, 
please do not install them via websites that appear in search engine results, such as Bing in Edge. 

Search engine results may sometimes include misleading pages that appear to be official websites, 
as well as unintended or malicious websites. 

To avoid these risks, when you need to install an app or service, 
please be sure to access the installation site lised on the Academic Information Center website of 
Shibaura Institute of Technology, or install the official app available from the Microsoft Store. 

Academic Information Center Website
https://web.sic.shibaura-it.ac.jp/?lang=en 

Teams Installation
https://web.sic.shibaura-it.ac.jp/teams_install?lang=en 

Zoom Installation
https://web.sic.shibaura-it.ac.jp/zoom_install?lang=en

Office Installation
https://web.sic.shibaura-it.ac.jp/Microsoft_Office?lang=en 

We appreciate your understanding and cooperation in maintaining a safe computing environment.
If you have any questions, please contact us at:
Faculty and Staff: goiken@sic.shibaura-it.ac.jp
Students: oshiete@sic.shibaura-it.ac.jp

本日下記のようなフィッシングメールが本学あてに送信されて来ています。

件名:
 ドキュメント「支払確認領収書.pdf」がOneDrive経由で共有されました

メール本文のリンクはクリックしないようにしてください。
うっかりフィッシングサイトにパスワードを入力してしまった場合は、すぐにパスワードを変更し、最寄りの情報イノベーション課までご連絡ください。

検索サイトから本学に関連するキーワードを検索すると、本学を騙る偽サイトが検索結果に表示されることを確認いたしました。

本件に限らず、最近検索結果に偽サイトが表示されることが散見されます。

偽サイトの中にはアクセスをするとWebブラウザに感染するものや、マルウエアがダウンロードされるものも存在しますので、常に検索結果に不審なものが含まれていないか確認することを心掛けてください。

 また、偽サイトを発見した場合は、SIT-CSIRTまでご報告いただけます様お願いいたします。

SIT-CSIRT
  csirt@shibaura-it.ac.jp

We have confirmed that a fake website impersonating our university appears in the search results when you search for keywords related to our university through search engines.

Not only in this case, but also in other recent cases, fake sites have been appearing in search results.

Some of the fake sites may infect web browsers or download malware when accessed, so please be sure to always check your search results for suspicious items.

If you find a fake site, please report it to SIT-CSIRT.

SIT-CSIRT
csirt@shibaura-it.ac.jp

Example of search results

Examples of Fake Sites

Dear students, faculty and staff

This is a notice from the Information Systems Division.

　There has been an increase in the number of phishing e-mails sent to you by people trying to defraud you of your account information for commercial Internet services or for the University.
Some of these emails may slip through our email security system and be delivered to you.
Users have reported receiving suspicious e-mails.
If you receive a suspicious e-mail, be careful not to access the URL in the body of the message.
Do not open any attached files.

The sender (From:) is often spoofed and may be the sender's own email address or the administrator's email address (e.g., admin@~).

An example of a subject line: sic.shibaura-it
sic.shibaura-it.ac.jp New Webmail service is now available
mail delivery failure: storage is almost full
ow.shibaura-it.ac.jp mail service update Case ID: ?????
You have [13] pending incoming emails
SYSTEM NOTIFICATION ~ Your 8 unreceived emails are stuck on the sic.shibaura-it.ac.jp Server.
Your ow.shibaura-it.ac.jp Account will be disabled soonest.
Your Outlook storage is full
Verify User
Mail Notice: De-activation
Account Termination
Email Termintaion Request
Undeliverable: Incoming messages failure
Check Password
Email Verification ~ VERIFY YOUR EMAIL ACCOUNT TODAY
～Unknown Login Notification
Password Expiration Notice!
～ Email Notification
Required Action: Email Deactivation Notification for
Required Action: Important Notification for Tuesday, June 27, 2023
Required Action: Important Notification for Monday, June 26, 2023
Required Action: Important Notification for Sunday, June 25, 2023
You have received a new voicemail memo.
Error receiving mail
Notification: Mailbox size has reached quota limit
Sic mailbox size has reached quota limit
Mailbox storage space is low
~ Received Mail Error
Mailbox storage is full, account is suspended

If you receive a suspicious email, please contact SIT-CSIRT.
SIT-CSIRT (Shibaura Institute of Technology Computer Security Incident Response Team)
Email: csirt@shibaura-it.ac.jp

Translated with www.DeepL.com/Translator (free version)

Emotet is malware that is often infected by opening Word files attached to emails.

It was seized and stopped by EUROPOL (European Organization of the Criminal Police) on 1/27/2021, but there are signs of resumption of activity since around 11/14/2021.

The attached files are not only Word and Excel files, but also zip files with passwords.

Emotet malware, which was popular in Japan from the end of August 2019 to January 2020, seems to have temporarily resumed its activities in Japan since July 2020. Please be aware that activities may become more active in the future.

When infected with Emotet, not only is the e-mail information of Outlook (authentication information to the e-mail server, e-mail address of the inbox, subject etc.) stolen, but also other malware (Qbot, TrickBot, Ryuk ransomware, Ursnif banking malware etc.) ) May cause additional infections.

The stolen email information may be used to scatter emails to spread infection.

• Regarding the resumption of email distribution activities that lead to infection with the malware Emotet (JPCERT/CC)

Please note that there are various subject lines for emails, and some may take the form of replies to stolen emails.

If you receive such an email, please do not open it and contact the Center for Science Information.

If you open it and activate the content, immediately disconnect from the network.

Please check if the antivirus software on your device is working properly.

【Attention】
For the emails scattered,there are those that take the form of replying by quoting stolen mail in the body (reply type), and those that embed the stolen name/email address etc. in the subject and signature of the body.
Please be careful.

It has been confirmed that there is no attached file and a link is written in the email body.
Please be careful not to access the link destination as the Word file etc. of the Emotet downloader will be downloaded when you click the link.

！！！Do not run macros in Word files with macros (do not press enable content)！！！

【Information about Emotet】

• Alert regarding malware Emotet infection (JPCERT/CC)
• About emails targeted for infection by a virus called "Emotet"(IPA)

Sender

(People who have exchanged in the past)

Example of subject

Request to send invoice (number etc.)
This is the invoice. (Numbers, etc.)
Re: (Subject of previously received email)

Example of attachment file name

(Alphabet and numbers) Please send invoice. doc
(Alphabet or number) This is the invoice. .doc
(Alphabets and numbers) Notification of payment amount and issuance of invoice.doc

Dear Faculty and Staff

This is a notice from the Information Network Service Section.

During the year-end and New Year holidays, security incidents are more likely to occur due to the lack of system management.
As the volume of e-mails checked will increase, please be especially careful of suspicious e-mails after the holidays, 

In recent years, A number of cyber-attacks confirmed by fake e-mails sent to Japanese academics, think tank researchers, and the press, pretending to be requests for lectures or interviews, etc., and leading to be compromised by executing malware, then attempt to steal the contents of emails and computer files exchanged by these individuals.

For details, please refer to the information provided by the National Police Agency's Cybercrime Countermeasures Project.
 ( https://www.npa.go.jp/cyber/ )

Our university introduced an e-mail targeted attack countermeasure system for full-time faculty and administrative staff.
Suspicious e-mails are automatically quarantined and a notification e-mail is sent at 15:00 daily, 
so please make sure to check the contents.
 https://web.sic.shibaura-it.ac.jp/email_security

If you receive a suspicious email, please contact SIT-CSIRT.
SIT-CSIRT (Shibaura Institute of Technology Computer Security Incident Response Team)
Email: csirt@shibaura-it.ac.jp

Dear Students, Faculty and Staff

Warning from the Information Network Service Division

We have received many reports of suspicious Emotet malware email from several people today.
We announced this on November 25 last year, but we would like to ask you to check again.
Please also check the security information on the Center for Science Information website.

1. Warning against phishing e-mails

　Recently, there have been many cases of phishing e-mails aimed at fraudulently obtaining account information for webmail services.
We have also received reports of suspicious emails from users of our university.
If you receive a suspicious email, please be careful not to access the URL in the text.
If you receive a suspicious e-mail, please do not access the URL in the text, and do not open any attachments.

Please check the security information on the Center For Science Information website.

Example of subject line:
メールプラン、セキュリティ強化第2弾リリースのお知らせ
【重要】2021年XX月XX日（X）のサービス復旧のお知らせ。
【重要】使用制限によるサービス停止のお知らせ- {メールアドレス}
【重要】サービス停止のお知らせ - {メールアドレス}
【お知らせ】メール配信通知 - {メールアドレス}
[メール接続サービスの終了について_shibaura-it.ac.jp] - {メールアドレス}
[からの通知_Shibaura-it]_{メールアドレス}
【バージョンアップ】メンテナンス作業のお知らせ
【重要】sic.shibaura-it.ac.jp メール送信機能停止のお知らせ

If you receive a suspicious email, please contact SIT-CSIRT.
SIT-CSIRT (Shibaura Institute of Technology Computer Security Incident Response Team)
Email: csirt@shibaura-it.ac.jp

2. Warning about Emotet malware email
The Emotet malware was seized and stopped by EUROPOL (European Criminal Police Organization) on January 27, 2021.
However, it has tended to resume its activities since around November 14, 2021.
It seems that emails targeting Japan are also being sent.

For more information about the Emotet malware, please check the security information on the Center For Science Information website.

If you receive a suspicious email, please contact SIT-CSIRT.
SIT-CSIRT (Shibaura Institute of Technology Computer Security Incident Response Team)

Email: csirt@shibaura-it.ac.jp 3.

3. Warning about attacks on the CMS of web servers
If you are running a web server in your laboratory and using CMS (WordPress, Movable Type, etc.)
Please check for suspicious access.
In Japan, there have been cases of illegal content being embedded, phishing e-mails being sent out in large numbers, and unauthorized server intrusions.
Please take measures such as managing passwords for the web servers you use, updating vulnerable software, and stopping unnecessary services.

If you find any suspicious access, please contact SIT-CSIRT.
SIT-CSIRT (Shibaura Institute of Technology Computer Security Incident Response Team)

Email: csirt@shibaura-it.ac.jp

There have been reports of suspicious e-mails being sent from your own e-mail address.

The sender's email address may have been spoofed to match that of the recipient.

Reference Information(Japanese):

• JC3 - 暗号資産（ビットコイン）を要求する脅迫メールに注意

There are many different subject lines, as shown below. (Japanese)

• デバイスがハッキングされました
  (Your device has been hacked.)
• You have an outstanding payment.
• 申し訳ありませんが
  (I'm sorry, sir.)
• アカウントからのお支払い。未払いがあります
  (Payment from your account. You have an outstanding debt.)
• You have outstanding debt.
• こんにちは〜！
  (Hello~!)
• 幸運を祈ります!
  (Good luck!)
• お支払いを待っています
  (I'm waiting for your payment.)
• メールを確認してください！
  (Please check your email!)
• トランザクションを終了します。
  (Close the transaction.)
• 口座からのお支払い
  (Payment from your account)
• メールをご確認ください！
  (Please check your email!)

These are threatening or fraudulent emails. If you receive such an email, please discard it.

Example 1(Japanese):

それが起こったのです。ゼロクリックの脆弱性と特別なコードを使用して、Webサイトを介してあなたのデバイスをハッキングしました。私の正確なスキルを必要とする複雑なソフトウェア。このエクスプロイトは、特別に作成された一意のコードを使用してチェーンで機能し、このようなタイプの攻撃は検出されません。Webサイトにアクセスしただけで感染してしまいましたが、残念なことに、私にとっては非常に容易いことです。あなたは標的にされたのではなく、そのWebページを介してハッキングされた多くの不運な人々の一人になったのです。これはすべて8月に起こりました。そのため、情報収集には十分な時間がありました。次に何が起こるかはもうご存知だと思います。数ヶ月間、私のソフトウェアは、あなたの習慣、あなたが訪問するウェブサイト、ウェブ検索、あなたが送るテキストなどの情報を静かに収集していました。他にもまだまだありますが、これがどれほど深刻であるかを理解していただくために、いくつかの理由を挙げました。
(以下省略)

 

That's what happened. Using a zero-click vulnerability and special code, I hacked your device through a website. Complex software that requires my exact skills. This exploit works in a chain using a specially created unique code and this type of attack is undetectable. just visiting the website infected me, unfortunately it is very easy for me. You were not targeted, but became one of the many unlucky people who were hacked through that web page. This all happened in August. Therefore, there was plenty of time to gather information. I think you already know what will happen next. For months, my software has been quietly collecting information about your habits, websites you visit, web searches, texts you send, and so on. There are many more, but I have listed a few reasons to help you understand just how serious this is.
(Omitted below)

Example 2(Japanese):

それが起こったのです。ゼロクリックの脆弱性と特別なコードを使用して、Webサイトを介してあなたのデバイスをハッキングしました。 私の正確なスキルを必要とする複雑なソフトウェア。 このエクスプロイトは、特別に作成された一意のコードを使用してチェーンで機能し、このようなタイプの攻撃は検出されません。 Webサイトにアクセスしただけで感染してしまいましたが、残念なことに、私にとっては非常に容易いことです。 あなたは標的にされたのではなく、そのWebページを介してハッキングされた多くの不運な人々の一人になったのです。 これはすべて8月に起こりました。そのため、情報収集には十分な時間がありました。 次に何が起こるかはもうご存知だと思います。 数ヶ月間、私のソフトウェアは、あなたの習慣、あなたが訪問するウェブサイト、ウェブ検索、あなたが送るテキストなどの情報を静かに収集していました。 他にもまだまだありますが、これがどれほど深刻であるかを理解していただくために、いくつかの理由を挙げました。 明確に言うと、私のソフトウェアはあなたのカメラとマイクも制御しました。
(以下省略)

 

That's what happened. Using a zero-click vulnerability and special code, I hacked your device through a website. Complex software that requires my exact skills. This exploit works in a chain using a specially created unique code and this type of attack is undetectable. I got infected just by visiting a web site, unfortunately, it is very easy for me. You were not targeted, but became one of the many unlucky people who were hacked through that web page. This all happened in August. Therefore, there was plenty of time to gather information. I think you already know what will happen next. For months, my software has been quietly collecting information about your habits, websites you visit, web searches, texts you send, and so on. There are many more, but I have listed a few reasons to help you understand how serious this is. To be clear, my software also took control of your camera and microphone.
(Omitted below)

例3:

"Let's resolve it like this: All you need is $1750 USD transfer to my account (bitcoin equivalent based on exchange rate during your transfer), and after the transaction is successful, I will proceed to delete all that kinky stuff without delay. Afterwards, we can pretend that we have never met before. In addition, I assure you that all the harmful software will be deleted from all your devices. Be sure, I keep my promises." I think that about sums it up.

Dear Students, Faculty and Staff

Warning from the Information Network Service Division

We would like to inform you that we have received three reminders from the Cyber Security Division of the Ministry of Education, Culture, Sports, Science and Technology.

1. Warning against phishing e-mails

　Recently, there have been many cases of phishing e-mails aimed at fraudulently obtaining account information for webmail services.
We have also received reports of suspicious emails from users of our university.
If you receive a suspicious email, please be careful not to access the URL in the text.
If you receive a suspicious e-mail, please do not access the URL in the text, and do not open any attachments.

Please check the security information on the Center For Science Information website.

Example of subject line:
メールプラン、セキュリティ強化第2弾リリースのお知らせ
【重要】2021年XX月XX日（X）のサービス復旧のお知らせ。
【重要】使用制限によるサービス停止のお知らせ- {メールアドレス}
【重要】サービス停止のお知らせ - {メールアドレス}
【お知らせ】メール配信通知 - {メールアドレス}
[メール接続サービスの終了について_shibaura-it.ac.jp] - {メールアドレス}
[からの通知_Shibaura-it]_{メールアドレス}
【バージョンアップ】メンテナンス作業のお知らせ

【重要】sic.shibaura-it.ac.jp メール送信機能停止のお知らせ

If you receive a suspicious email, please contact SIT-CSIRT.
SIT-CSIRT (Shibaura Institute of Technology Computer Security Incident Response Team)
Email: csirt@shibaura-it.ac.jp

2. Warning about Emotet malware email
The Emotet malware was seized and stopped by EUROPOL (European Criminal Police Organization) on January 27, 2021.
However, it has tended to resume its activities since around November 16, 2021.
It seems that emails targeting Japan are also being sent.

For more information about the Emotet malware, please check the security information on the Center For Science Information website.

If you receive a suspicious email, please contact SIT-CSIRT.
SIT-CSIRT (Shibaura Institute of Technology Computer Security Incident Response Team)

Email: csirt@shibaura-it.ac.jp 3.


3. Warning about attacks on the CMS of web servers
If you are running a web server in your laboratory and using CMS (WordPress, Movable Type, etc.)
Please check for suspicious access.
At other universities, there have been cases of illegal content being embedded, phishing e-mails being sent out in large numbers, and unauthorized server intrusions.
Please take measures such as managing passwords for the web servers you use, updating vulnerable software, and stopping unnecessary services.

If you find any suspicious access, please contact SIT-CSIRT.
SIT-CSIRT (Shibaura Institute of Technology Computer Security Incident Response Team)

Email: csirt@shibaura-it.ac.jp