CERT-SE:s veckobrev v.6
I veckan har det rapporterats om flera angrepp, bland annat på ett bolag som tillhandahåller tjänster för ett stort antal flygplatser och på mobilnät i Portugal.
Cybersäkerhetsmyndigheter i USA, Australien och Storbritannien har också gått ut med en gemensam varning för att de under 2021 såg en ökning av ransomware mot samhällskritisk infrastruktur.
Dessutom bjuder HSE på spännande läsning om deras erfarenheter från angreppet på den irländska sjukvårdssektorn förra året.
Trevlig helg önskar CERT-SE!
Nyheter i veckan
Swissport ransomware attack delays flights, disrupts operations (4 feb)
https://www.bleepingcomputer.com/news/security/swissport-ransomware-attack-delays-flights-disrupts-operations/
Media Giant News Corp Targeted in China-Linked Cyberattack (4 feb)
https://www.securityweek.com/media-giant-news-corp-targeted-china-linked-cyberattack
ACTINIUM targets Ukrainian organizations (4 feb)
https://www.microsoft.com/security/blog/2022/02/04/actinium-targets-ukrainian-organizations/
FBI shares Lockbit ransomware technical details, defense tips (5 feb)
https://www.bleepingcomputer.com/news/security/fbi-shares-lockbit-ransomware-technical-details-defense-tips/
..
Indicators of Compromise Associated with LockBit 2.0 Ransomware (4 feb)
https://www.ic3.gov/Media/News/2022/220204.pdfQbot Likes to Move It, Move It (7 feb)
https://thedfirreport.com/2022/02/07/qbot-likes-to-move-it-move-it/
Microsoft Disables MSIX Protocol Due to Abuse by Malware (7 feb)
https://www.securityweek.com/microsoft-disables-msix-protocol-due-abuse-malware
..
Disabling the MSIX ms-appinstaller protocol handler (4 feb)
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/disabling-the-msix-ms-appinstaller-protocol-handler/ba-p/3119479
Puma hit by data breach after Kronos ransomware attack (7 feb)
https://www.bleepingcomputer.com/news/security/puma-hit-by-data-breach-after-kronos-ransomware-attack/
Russia arrests third hacking group, seizes carding forums (7 feb)
https://www.bleepingcomputer.com/news/security/russia-arrests-third-hacking-group-seizes-carding-forums/
Microsoft disables VBA macros in Office by default following years of complaints (8 feb)
https://www.itpro.co.uk/software/microsoft-office/362184/microsoft-disables-vba-macros-in-office-by-default
Cyberattack brings down Vodafone Portugal mobile, voice, and TV services (8 feb)
https://therecord.media/cyberattack-brings-down-vodafone-portugal-mobile-voice-and-tv-services/
Foreign Office target of ‘serious cyber incident’ (9 feb)
https://www.bbc.com/news/technology-60309335
2021 Trends Show Increased Globalized Threat of Ransomware (9 feb)
https://www.cisa.gov/uscert/ncas/alerts/aa22-040a
Ransomware dev releases Egregor, Maze master decryption keys (9 feb)
https://www.bleepingcomputer.com/news/security/ransomware-dev-releases-egregor-maze-master-decryption-keys/
Fake Windows 11 upgrade installers infect you with RedLine malware (9 feb)
https://www.bleepingcomputer.com/news/security/fake-windows-11-upgrade-installers-infect-you-with-redline-malware/
Informationssäkerhet och blandat
Lessons Learned from the HSE Cyber Attack (3 feb)
https://www.hhs.gov/sites/default/files/lessons-learned-hse-attack.pdf
THREAT ANALYSIS REPORT: All Paths Lead to Cobalt Strike - IcedID, Emotet and QBot (10 feb)
https://www.cybereason.com/blog/threat-analysis-report-all-paths-lead-to-cobalt-strike-icedid-emotet-and-qbot
Medusa: a marriage partner as gunslinger (feb)
https://www.threatfabric.com/blogs/partners-in-crime-medusa-cabassous.html
Together for a better internet
https://www.saferinternetday.org/
CERT-SE i veckan
Flera sårbarheter i Citrix Hypervisor
Adobes månatliga säkerhetsuppdateringar för februari
Flera kritiska sårbarheter i SAP-produkter
Microsofts månatliga säkerhetsuppdateringar för februari 2022