CERT-SE:s veckobrev v.21
Som en ypperlig Mors dags-present, klämmer CERT-SE även denna fredag ut ett veckobrev med högt flygande omvärldsbevakning. Ska du bygga upp en SOC? NCSC-UK har publicerat en ny vägledning i SOC-design. Myndigheten för psykologiskt försvar ger knep för att känna igen falsk och vilseledande information på den nylanserade sajten Bli inte lurad
Trevlig helg!
Nyheter i veckan
Over 380 000 open Kubernetes API servers (17 maj)
https://www.shadowserver.org/news/over-380-000-open-kubernetes-api-servers/
Ransomware group threatens to publish Vivalia patient data (19 maj)
https://www.brusselstimes.com/belgium/225790/ransomware-group-threatens-to-publish-vivalia-patient-data
Sandworm uses a new version of ArguePatch to attack targets in Ukraine (20 maj)
https://www.welivesecurity.com/2022/05/20/sandworm-ukraine-new-version-arguepatch-malware-loader/
Partial Patching Still Provides Strong Protection Against APTs (20 maj)
https://www.darkreading.com/application-security/reactive-patching-is-not-significantly-riskier-than-planned-updates-study-shows
Russian Sberbank says it’s facing massive waves of DDoS attacks (20 maj)
https://www.bleepingcomputer.com/news/security/russian-sberbank-says-it-s-facing-massive-waves-of-ddos-attacks/
Researchers find backdoor lurking in WordPress plugin used by schools (21 maj)
https://arstechnica.com/information-technology/2022/05/researchers-find-backdoor-lurking-in-wordpress-plugin-used-by-schools/
Ransomware attack exposes data of 500,000 Chicago students (21 maj)
https://www.bleepingcomputer.com/news/security/ransomware-attack-exposes-data-of-500-000-chicago-students/
Threat actors target the infoSec community with fake PoC exploits (23 maj)
https://securityaffairs.co/wordpress/131553/intelligence/fake-poc-exploits-attacks.html
Cyberattack Affects Greenland’s Healthcare Services (23 maj)
https://www.govinfosecurity.com/cyberattack-affects-greenlands-healthcare-services-a-19120
Hackers can hack your online accounts before you even register them (23 maj)
https://www.bleepingcomputer.com/news/security/hackers-can-hack-your-online-accounts-before-you-even-register-them/
Conti Ransomware Operation Shut Down After Brand Becomes Toxic (23 maj)
https://www.securityweek.com/conti-ransomware-operation-shut-down-after-brand-becomes-toxic
New phishing technique lures users with fake chatbot (23 maj)
https://www.techrepublic.com/article/new-phishing-technique-chatbot/
Yes, Containers Are Terrific, But Watch the Security Risks (23 maj)
https://thehackernews.com/2022/05/yes-containers-are-terrific-but-watch.html
PyPi-paketet CTX och phpass hackade (24 maj)
https://kryptera.se/pypi-paketet-ctx-och-phpass-hackade/
Malware Analysis: Trickbot (24 maj)
https://thehackernews.com/2022/05/malware-analysis-trickbot.html
CISA adds 41 vulnerabilities to list of bugs used in cyberattacks (24 maj)
https://www.bleepingcomputer.com/news/security/cisa-adds-41-vulnerabilities-to-list-of-bugs-used-in-cyberattacks/
Attackers Can Use Electromagnetic Signals to Control Touchscreens Remotely (27 maj)
https://thehackernews.com/2022/05/attackers-can-use-electromagnetic.html
Informationssäkerhet och blandat
Vidar distributed through backdoored Windows 11 downloads and abusing Telegram (19 maj)
https://www.zscaler.com/blogs/security-research/vidar-distributed-through-backdoored-windows-11-downloads-and-abusing
Region Gotland blockerar sociala medier på grund av cyberhot (21 maj)
https://www.svt.se/nyheter/lokalt/ost/region-gotland-blockerar-sociala-medier-pa-grund-av-cyberhot
DDoS attacks decreased in 2021, still above pre-pandemic levels (23 maj)
https://www.techrepublic.com/article/ddos-attacks-decreased-in-2021-still-above-pre-pandemic-levels/
23rd May – Threat Intelligence Report (23 maj)
https://research.checkpoint.com/2022/23rd-may-threat-intelligence-report/
New SOC guidance 101 (23 maj)
https://www.ncsc.gov.uk/blog-post/soc-guidance-101
Decrease DDoS attacks Q1 2022, concern about increase smaller attacks
https://www.nbip.nl/en/news/quarterly-update-about-ddos-attacks-q1-2022/
Industrial Control System Security: Top 10 threats and countermeasures 2022 (24 maj)
https://www.allianz-fuer-cybersicherheit.de/SharedDocs/Downloads/Webs/ACS/DE/BSI-CS/BSI-CS_005E.html
Personal Data of Tens of Millions of Russians and Ukrainians Exposed Online (24 maj)
https://www.hackread.com/personal-data-russians-ukrainians-exposed-online/
Think before you link app (24 maj)
https://www.professionalsecurity.co.uk/news/case-studies/think-before-you-link-app/
The Justice Department Will No Longer Charge Security Researchers with Criminal Hacking (24 maj)
https://www.schneier.com/blog/archives/2022/05/the-justice-department-will-no-longer-charge-security-researchers-with-criminal-hacking.html
How to encrypt your email and why you should (26 maj)
https://www.zdnet.com/article/how-to-encrypt-your-email-and-why-you-should/
Vårdtjänsten Kry Connect läckte persondata till Facebook (27 maj)
https://www.svt.se/nyheter/inrikes/vardtjansten-kry-connect-lackte-persondata-till-facebook