CERT-SE:s veckobrev v.45

Veckobrev

November kan kännas som en mörk månad, men denna fredag lyser vi upp med glada nyheter från Europol, nya samarbetsinsatser kring cybersäkerhet och en liten puff för att det har varit patchtisdag.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Law Enforcement Operation Targets Clop Ransomware (7 nov)
https://www.bankinfosecurity.com/interpol-disrupts-global-malware-crime-network-a-17858

Five affiliates to Sodinokibi/REvil unplugged (8 nov)
https://www.europol.europa.eu/newsroom/news/five-affiliates-to-sodinokibi/revil-unplugged

Flera personer gripna för cyberattacker i Europolinsats (8 nov)
https://polisen.se/aktuellt/nyheter/2021/november/flera-personer-gripna-for-cyberattacker-i-europolinsats/

US seizes $6 million from REvil ransomware, arrest Kaseya hacker (8 nov)
https://www.bleepingcomputer.com/news/security/us-seizes-6-million-from-revil-ransomware-arrest-kaseya-hacker/

State hackers breach defense, energy, healthcare orgs worldwide (8 nov)
https://www.bleepingcomputer.com/news/security/state-hackers-breach-defense-energy-healthcare-orgs-worldwide/

MediaMarkt hit by Hive ransomware, initial $240 million ransom (8 nov)
https://www.bleepingcomputer.com/news/security/mediamarkt-hit-by-hive-ransomware-initial-240-million-ransom/

Robinhood discloses data breach impacting 7 million customers (8 nov)
https://www.bleepingcomputer.com/news/security/robinhood-discloses-data-breach-impacting-7-million-customers/

Nätmäklaren Robinhood hackad – 7 miljoner användare drabbade (9 nov)
https://www.nyteknik.se/digitalisering/natmaklaren-robinhood-hackad-7-miljoner-anvandare-drabbade-7024088

Mexico Arrests Suspect in Pegasus Spyware Case (9 nov)
https://www.securityweek.com/mexico-arrests-suspect-pegasus-spyware-case

TrickBot teams up with Shatak phishers for Conti ransomware attacks (10 nov)
https://www.bleepingcomputer.com/news/security/trickbot-teams-up-with-shatak-phishers-for-conti-ransomware-attacks/

Indonesia, UK discuss future technology and cybersecurity (11 nov)
https://abcnews.go.com/Technology/wireStory/indonesia-uk-discuss-future-technology-cybersecurity-81104715

Researchers Uncover Hacker-for-Hire Group That’s Active Since 2015 (11 nov)
https://thehackernews.com/2021/11/researchers-uncover-hacker-for-hire.html

Interpol Closes in on Global BEC Gang (12 nov)
https://www.infosecurity-magazine.com/news/interpol-closes-in-on-global-bec/

USA och EU går med i initiativ för cyberkrigsregler (12 nov)
https://computersweden.idg.se/2.2683/1.758705/usa-och-eu-gar-med-i-initiativ-for-cyberkrigsregler

Informationssäkerhet och blandat

Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory (6 nov)
https://isc.sans.edu/forums/diary/Decrypting+Cobalt+Strike+Traffic+With+Keys+Extracted+From+Process+Memory/28006/

Paris Call for trust and security in cyberspace
https://pariscall.international/en/

US Army cyber operations team visiting Lithuania (8 nov)
https://www.baltictimes.com/us_army_cyber_operations_team_visiting_lithuania/

FinCEN Releases Updated Advisory on Ransomware and the Use of the Financial System to Facilitate Ransom Payments (8 nov)
https://www.fincen.gov/news/news-releases/fincen-releases-updated-advisory-ransomware-and-use-financial-system-facilitate

FIN-2021-A004 Advisory on Ransomware and the Use of the Financial System to Facilitate Ransom Payments (8 nov)
https://www.fincen.gov/sites/default/files/2021-11/FinCEN%20Ransomware%20Advisory_FINAL_508_.pdf

Supporting an Independent TF-CSIRT (9 nov)
https://labs.ripe.net/author/kjerstin-burdiek/supporting-an-independent-tf-csirt/

Most ransomware attacks rely on exploiting older, unpatched vulnerabilities (10 nov)
https://www.techradar.com/news/most-ransomware-attacks-rely-on-exploiting-older-unpatched-vulnerabilities

The hunt for NOBELIUM, the most sophisticated nation-state attack in history (10 nov)
https://www.microsoft.com/security/blog/2021/11/10/the-hunt-for-nobelium-the-most-sophisticated-nation-state-attack-in-history/

Walking on APT31 infrastructure footprints (10 nov) https://www.sekoia.io/en/walking-on-apt31-infrastructure-footprints/

Firms Will Struggle to Secure Extended Attack Surface in 2022 (10 nov)
https://www.darkreading.com/risk/firms-will-struggle-to-secure-extended-attack-surface-in-2022

A Brief History of the Meris Botnet (11 nov)
https://blog.cloudflare.com/meris-botnet/

Internet Organised Crime Threat Assessment (IOCTA) 2021 (11 nov)
https://www.europol.europa.eu/activities-services/main-reports/internet-organised-crime-threat-assessment-iocta-2021

The role of online ID authentication in increasing social media safety (11 nov)
https://www.information-age.com/role-of-online-id-authentication-increasing-social-media-safety-123497644/

October 2021’s Most Wanted Malware: Trickbot Takes Top Spot for Fifth Time (11 nov)
https://blog.checkpoint.com/2021/11/11/october-2021s-most-wanted-malware-trickbot-takes-top-spot-for-fifth-time/

CERT-SE i veckan

Kritisk sårbarhet i PAN-OS

Kritisk sårbarhet i Citrix-produkter

Kritiska sårbarheter i SAP-produkter

Adobes månatliga säkerhetsuppdateringar för november

Microsofts månatliga säkerhetsuppdateringar för november 2021