in

Fujitsu to discontinue ProjectWEB tool after Japanese govt data breaches

In a statement released on Thursday, Japanese tech giant Fujitsu attributed a Japanese government data breach earlier this year to its ProjectWEB tool. 

In May, multiple government agencies — including the Ministry of Land, Infrastructure, Transport, and Tourism; the Cabinet Secretariat; and Narita Airport — were hacked through the software-as-a-service platform. 

ZDNet Recommends

Best security key 2021

While robust passwords go a long way to securing your valuable online accounts, hardware-based two-factor authentication takes that security to the next level.

Read More

A Fujitsu spokesperson at the time confirmed to ZDNet’s Campbell Kwan that there was “unauthorized access to ProjectWEB, a collaboration and project management software, used for Japanese-based projects.” They suspended use of the tool and informed all impacted customers. 

After an investigation, Fujitsu said on Thursday that it appointed a CISO in October and put in place “measures to prevent reoccurrence… under a new information security management and operation framework.”

Fujitsu added that the cause of the incident is still being verified by a committee of internal experts as well as Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC), which will sign off on releasing any more information about the incident. 

Fujitsu plans to “introduce a new project information sharing tool that addresses the issues raised by this incident with robust information security measures, including those in line with zero-trust practices, and will be migrating project management tasks to the new tool.”

Japanese news outlets said more than 75,000 emails from the Ministry of Land, Infrastructure, Transport, and Tourism were leaked in the attack in May. Information on business partners, employees, and the inner workings of government cybersecurity services, as well as Narita Airport, were also stolen during the attack.  

Today’s news was first reported by Bleeping Computer. 


Source: Information Technologies - zdnet.com

Malware distribution in public repositories highlighted by malicious npm packages stealing Discord tokens

CISA releases advisory on five Apache HTTP server vulnerabilities affecting Cisco products