CERT-SE:s veckobrev v.6

Veckobrev

I veckan har det rapporterats om flera angrepp, bland annat på ett bolag som tillhandahåller tjänster för ett stort antal flygplatser och på mobilnät i Portugal.

Cybersäkerhetsmyndigheter i USA, Australien och Storbritannien har också gått ut med en gemensam varning för att de under 2021 såg en ökning av ransomware mot samhällskritisk infrastruktur.

Dessutom bjuder HSE på spännande läsning om deras erfarenheter från angreppet på den irländska sjukvårdssektorn förra året.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Swissport ransomware attack delays flights, disrupts operations (4 feb)
https://www.bleepingcomputer.com/news/security/swissport-ransomware-attack-delays-flights-disrupts-operations/

Media Giant News Corp Targeted in China-Linked Cyberattack (4 feb)
https://www.securityweek.com/media-giant-news-corp-targeted-china-linked-cyberattack

ACTINIUM targets Ukrainian organizations (4 feb)
https://www.microsoft.com/security/blog/2022/02/04/actinium-targets-ukrainian-organizations/

FBI shares Lockbit ransomware technical details, defense tips (5 feb)
https://www.bleepingcomputer.com/news/security/fbi-shares-lockbit-ransomware-technical-details-defense-tips/ .. Indicators of Compromise Associated with LockBit 2.0 Ransomware (4 feb)
https://www.ic3.gov/Media/News/2022/220204.pdfQbot Likes to Move It, Move It (7 feb)
https://thedfirreport.com/2022/02/07/qbot-likes-to-move-it-move-it/

Microsoft Disables MSIX Protocol Due to Abuse by Malware (7 feb)
https://www.securityweek.com/microsoft-disables-msix-protocol-due-abuse-malware .. Disabling the MSIX ms-appinstaller protocol handler (4 feb)
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/disabling-the-msix-ms-appinstaller-protocol-handler/ba-p/3119479

Puma hit by data breach after Kronos ransomware attack (7 feb)
https://www.bleepingcomputer.com/news/security/puma-hit-by-data-breach-after-kronos-ransomware-attack/

Russia arrests third hacking group, seizes carding forums (7 feb)
https://www.bleepingcomputer.com/news/security/russia-arrests-third-hacking-group-seizes-carding-forums/

Microsoft disables VBA macros in Office by default following years of complaints (8 feb)
https://www.itpro.co.uk/software/microsoft-office/362184/microsoft-disables-vba-macros-in-office-by-default

Cyberattack brings down Vodafone Portugal mobile, voice, and TV services (8 feb)
https://therecord.media/cyberattack-brings-down-vodafone-portugal-mobile-voice-and-tv-services/

Foreign Office target of ‘serious cyber incident’ (9 feb)
https://www.bbc.com/news/technology-60309335

2021 Trends Show Increased Globalized Threat of Ransomware (9 feb)
https://www.cisa.gov/uscert/ncas/alerts/aa22-040a

Ransomware dev releases Egregor, Maze master decryption keys (9 feb)
https://www.bleepingcomputer.com/news/security/ransomware-dev-releases-egregor-maze-master-decryption-keys/

Fake Windows 11 upgrade installers infect you with RedLine malware (9 feb)
https://www.bleepingcomputer.com/news/security/fake-windows-11-upgrade-installers-infect-you-with-redline-malware/

Informationssäkerhet och blandat

Lessons Learned from the HSE Cyber Attack (3 feb)
https://www.hhs.gov/sites/default/files/lessons-learned-hse-attack.pdf

THREAT ANALYSIS REPORT: All Paths Lead to Cobalt Strike - IcedID, Emotet and QBot (10 feb)
https://www.cybereason.com/blog/threat-analysis-report-all-paths-lead-to-cobalt-strike-icedid-emotet-and-qbot

Medusa: a marriage partner as gunslinger (feb)
https://www.threatfabric.com/blogs/partners-in-crime-medusa-cabassous.html

Together for a better internet
https://www.saferinternetday.org/

CERT-SE i veckan

Flera sårbarheter i Citrix Hypervisor

Adobes månatliga säkerhetsuppdateringar för februari

Flera kritiska sårbarheter i SAP-produkter

Microsofts månatliga säkerhetsuppdateringar för februari 2022