CERT-SE:s veckobrev v.16

Veckobrev

Veckans rapportering innehåller en hel del sårbarheter och några artiklar om olika cyberkriminella grupper. CERT-SE vill även passa på att säga stort grattis till våra finska kollegor som vann årets upplaga av Locked Shields!

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Cyberattack on Hawaii undersea communications cable thwarted by Homeland Security (12 apr)
https://www.staradvertiser.com/2022/04/12/breaking-news/cyberattack-on-hawaii-undersea-communications-cable-thwarted-by-homeland-security/

March 2022’s Most Wanted Malware: Easter Phishing Scams Help Emotet Assert its Dominance (12 apr)
https://www.checkpoint.com/press/2022/march-2022s-most-wanted-malware-easter-phishing-scams-help-emotet-assert-its-dominance/

Feds Uncover a ‘Swiss Army Knife’ for Hacking Industrial Control Systems (13 apr)
https://www.wired.com/story/pipedream-ics-malware/

APT Cyber Tools Targeting ICS/SCADA Devices (13 apr)
https://www.cisa.gov/uscert/ncas/alerts/aa22-103a

Cybercriminals Trick Victims into Transferring Funds to “Reverse” Instant Payments (14 apr)
https://www.ic3.gov/Media/Y2022/PSA220414

Security alert: Attack campaign involving stolen OAuth user tokens issued to two third-party integrators (15 apr)
https://github.blog/2022-04-15-security-alert-stolen-oauth-user-tokens/

Ukraine war scams: Cybercriminals stole my identity (17 apr)
https://www.bbc.com/news/av/world-61100181

Conti’s Ransomware Toll on the Healthcare Industry (18 apr)
https://krebsonsecurity.com/2022/04/contis-ransomware-toll-on-the-healthcare-industry/

UK Prime Minister, Catalan groups ‘targeted by NSO Pegasus spyware’ (18 apr)
https://www.theregister.com/2022/04/18/uk_catalan_spyware/

“SCuBA”? It means better visibility, standards and security practices for government cloud (19 apr)
https://www.cisa.gov/blog/2022/04/19/scuba-it-means-better-visibility-standards-and-security-practices-government-cloud

CISA warns of attackers now exploiting Windows Print Spooler bug (19 apr)
https://www.bleepingcomputer.com/news/security/cisa-warns-of-attackers-now-exploiting-windows-print-spooler-bug/

New Zealand Industry Leaders Call for Greater Cyber Security Literacy (19 apr)
https://opengovasia.com/new-zealand-industry-leaders-call-for-greater-cyber-security-literacy/

Emotet botnet switches to 64-bit modules, increases activity (19 apr)
https://www.bleepingcomputer.com/news/security/emotet-botnet-switches-to-64-bit-modules-increases-activity/

7-zip vulnerability gives hackers the keys to the kingdom (19 apr)
https://www.techradar.com/news/7-zip-vulnerability-gives-hackers-the-keys-to-the-kingdom

Hackers can infect >100 Lenovo models with unremovable malware. Are you patched? (19 apr)
https://arstechnica.com/information-technology/2022/04/bugs-in-100-lenovo-models-fixed-to-prevent-unremovable-infections/

CVE-2022-21449: Psychic Signatures in Java (19 apr)
https://neilmadden.blog/2022/04/19/psychic-signatures-in-java/

Over 2000 Cyber Experts from 32 nations at the Locked Shields Exercise (20 apr)
https://ccdcoe.org/news/2022/over-2000-cyber-experts-from-32-nations-at-the-locked-shields-exercise/

…Resultat: https://twitter.com/ccdcoe/status/1517445496339673088

Most Email Security Approaches Fail to Block Common Threats (20 apr) https://threatpost.com/email-security-fail-block-threats/179370/

Rapport: Phishing, BEC, and Ransomware Threats for Microsoft 365 Users
https://www.cyren.com/2022_04_rpt_osterman

Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure (20 apr)
https://www.cisa.gov/uscert/ncas/alerts/aa22-110a

REvil’s TOR sites come alive to redirect to new ransomware operation (20 apr)
https://www.bleepingcomputer.com/news/security/revils-tor-sites-come-alive-to-redirect-to-new-ransomware-operation/

Analyzing Attempts to Exploit the Spring4Shell Vulnerability CVE-2022-22965 to Deploy Cryptocurrency Miners (20 apr)
https://www.trendmicro.com/en_us/research/22/d/spring4shell-exploited-to-deploy-cryptocurrency-miners.html

Shuckworm: Espionage Group Continues Intense Campaign Against Ukraine (20 apr)
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-intense-campaign-ukraine

AWS’s Log4j patches blew holes in its own security (20 apr)
https://www.theregister.com/2022/04/20/aws_log4j_patches/

Ny satsning från Internetstiftelsen ska göra svenskarna säkrare på nätet (20 apr)
https://www.aktuellsakerhet.se/ny-satsning-fran-internetstiftelsen-ska-gora-svenskarna-sakrare-pa-natet/

FBI: BlackCat ransomware breached at least 60 entities worldwide (21 apr)
https://www.bleepingcomputer.com/news/security/fbi-blackcat-ransomware-breached-at-least-60-entities-worldwide/

Kriminella marknadsplatsen borta från nätet – kastas ut av franskt it-bolag (21 apr)
https://www.dn.se/sverige/kriminella-marknadsplatsen-borta-fran-natet-kastas-ut-av-franskt-it-bolag/

Informationssäkerhet och blandat

Cyber Risk Index (CRI)
https://www.trendmicro.com/en_se/security-intelligence/breaking-news/cyber-risk-index.html

Social Networks Most Likely to be Imitated by Criminal Groups, with LinkedIn Now Accounting for Half of all Phishing Attempts Worldwide
https://blog.checkpoint.com/2022/04/19/social-networks-most-likely-to-be-imitated-by-criminal-groups-with-linkedin-now-accounting-for-half-of-all-phishing-attempts-worldwide/

How Democracies Spy on Their Citizens (18 apr)
https://www.newyorker.com/magazine/2022/04/25/how-democracies-spy-on-their-citizens

M-Trends 2022: Cyber Security Metrics, Insights and Guidance From the Frontlines (19 apr)
https://www.mandiant.com/resources/m-trends-2022

Cybercriminals are finding new ways to target cloud environments (20 apr)
https://www.techrepublic.com/article/cybercriminals-finding-new-target-cloud-environments/

Rapport: 2022 Cloud Native Threat Report
https://info.aquasec.com/cloud-native-threat-report-2022

Undetectable backdoors for machine learning models (20 apr)
https://doctorow.medium.com/undetectable-backdoors-for-machine-learning-models-8df33d92da30

Planting Undetectable Backdoors in Machine Learning Models (14)
https://arxiv.org/abs/2204.06974

CERT-SE i veckan

Oracles kvartalsvisa säkerhetsuppdatering för april 2022