Publicerad: 2022-06-10 15:17

CERT-SE:s veckobrev v.23

I veckans nyhetsbrev ryms såväl incidenter som rapporter och verktyg. Ett par artiklar tar även upp presentationer från RSA-konferensen och det har hållits en europeisk cybersäkerhetsövning med fokus på sjukvårdssektorn.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Dutch Used Pegasus Spyware on Most-Wanted Criminal: Report (2 jun)
https://www.securityweek.com/dutch-used-pegasus-spyware-most-wanted-criminal-report

Microsoft disrupts Bohrium hackers’ spear-phishing operation (3 jun)
https://www.bleepingcomputer.com/news/security/microsoft-disrupts-bohrium-hackers-spear-phishing-operation/

Novartis says no sensitive data was compromised in cyberattack (3 jun)
https://www.bleepingcomputer.com/news/security/novartis-says-no-sensitive-data-was-compromised-in-cyberattack/

State-Backed Hackers Exploit Microsoft ‘Follina’ Bug to Target Entities in Europe and U.S (5 jun)
https://thehackernews.com/2022/06/state-backed-hackers-exploit-microsoft.html

10 Most Prolific Banking Trojans Targeting Hundreds of Financial Apps with Over a Billion Users (6 jun)
https://thehackernews.com/2022/06/10-most-prolific-banking-trojans.html

Mandiant: “No evidence” we were hacked by LockBit ransomware (6 jun)
https://www.bleepingcomputer.com/news/security/mandiant-no-evidence-we-were-hacked-by-lockbit-ransomware/

Shining the Light on Black Basta (6 jun)
https://research.nccgroup.com/2022/06/06/shining-the-light-on-black-basta/

Italian city of Palermo shuts down all systems to fend off cyberattack (6 jun)
https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/

Qbot malware now uses Windows MSDT zero-day in phishing attacks (7 jun)
https://www.bleepingcomputer.com/news/security/qbot-malware-now-uses-windows-msdt-zero-day-in-phishing-attacks/

Online gun shops in the US hacked to steal credit cards (7 jun)
https://www.bleepingcomputer.com/news/security/online-gun-shops-in-the-us-hacked-to-steal-credit-cards/

SSNDOB Marketplace, A Series Of Websites That Listed More Than 20 Million Social Security Numbers For Sale, Seized And Dismantled In International Operation (7 jun)
https://www.justice.gov/usao-mdfl/pr/ssndob-marketplace-series-websites-listed-more-20-million-social-security-numbers-sale

People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices (7 jun)
https://www.cisa.gov/uscert/ncas/alerts/aa22-158a

MITRE System of Trust identifies and quantifies supply chain security risks (7 jun)
https://www.helpnetsecurity.com/2022/06/07/mitre-system-of-trust/

MITRE System of Trust
https://sot.mitre.org/

New Briefing Pack for the NCSC Board Toolkit now available (7 jun)
https://www.ncsc.gov.uk/blog-post/new-briefing-pack-for-the-ncsc-board-toolkit

2 Million Impacted by Data Breach at Massachusetts Health Care Organization (8 jun)
https://www.nbcboston.com/news/local/massachusetts-health-care-group-investigating-data-security-breach/2741994/

New Emotet Variant Stealing Users’ Credit Card Information from Google Chrome (8 jun)
https://thehackernews.com/2022/06/new-emotet-variant-stealing-users.html

An Emerging Threat: Attacking 5G Via Network Slices (8 jun)
https://www.darkreading.com/threat-intelligence/an-emerging-threat-attacking-5g-via-network-slices

BankID varnar för en ökning av falska sms (8 jun)
https://sakerhetskollen.se/aktuella-brott/bankid-varnar-for-en-okning-av-falska-sms

Tekniktrasslet på myndigheterna löst (9 jun)
https://tt.omni.se/tekniktrasslet-pa-myndigheterna-lost/a/wOlElP

Symbiote: A New, Nearly-Impossible-to-Detect Linux Threat (9 jun)
https://blogs.blackberry.com/en/2022/06/symbiote-a-new-nearly-impossible-to-detect-linux-threat

Cyber Europe 2022: Testing the Resilience of the European Healthcare Sector (9 jun)
https://www.enisa.europa.eu/news/enisa-news/cyber-europe-2022-testing-the-resilience-of-the-european-healthcare-sector

Informationssäkerhet och blandat

SVCReady: A New Loader Gets Ready (6 jun)
https://threatresearch.ext.hp.com/svcready-a-new-loader-reveals-itself/

How to audit Node.js modules (9 jun)
https://mattermost.com/blog/how-to-audit-nodejs-modules/

LockBit 2.0: How This RaaS Operates and How to Protect Against It (9 jun)
https://unit42.paloaltonetworks.com/lockbit-2-ransomware/

Reducing the Significant Risk of Known Exploited Vulnerabilities
https://www.cisa.gov/known-exploited-vulnerabilities

Ransomware The True Cost to Business
https://www.cybereason.com/hubfs/dam/collateral/reports/Ransomware-The-True-Cost-to-Business-2022.pdf

CERT-SE i veckan

Kritisk 0-day-sårbarhet i Confluence (Uppdaterad 2022-06-09)

Kontakta oss - dygnet runt

CERT-SE är tillgängliga dygnet runt alla dagar på året för att kunna agera och inom vårt uppdrag hjälpa verksamheter som har drabbats av it-säkerhetsincidenter.

telefon

010-240 40 40

e-post

cert@cert.se

Fler nyheter

2024-04-19 14:07

CERT-SE:s veckobrev v.16

Denna vecka gick CERT-SE ut med årets andra blixtmeddelande, gällande en kritisk sårbarhet i Palo Alto...

Veckobrev
2024-04-19 13:06 Uppdaterad

Kritiska sårbarheter i Ivanti Avalanche

Ivanti har rättat flera sårbarheter i Avalanche, varav två bedöms som kritiska. De kan kan orsaka...

Sårbarhet Ivanti Avalanche
2024-04-18 16:25

Oracles kvartalsvisa säkerhetsuppdatering för april 2024

Oracle har publicerat sina kvartalsvisa säkerhetsuppdateringar för april. Säkerhetsuppdateringarna berör ett stort antal produkter. Totalt publiceras...

Sårbarhet Oracle
2024-04-18 15:16

Allvarlig sårbarhet i Cisco IMC

En sårbarhet i CLI (command line interface) i Cisco IMC möjliggör för en autentiserad användare att...

Sårbarhet Cisco
2024-04-18 14:00 Uppdaterad Blixtmeddelande

BM24-002 Kritisk sårbarhet i PAN-OS

Palo Alto varnar om en kritisk sårbarhet i PAN-OS. Sårbarheten har fått maximal CVSS-klassning, 10 av...

Blixtmeddelande PAN-OS Palo Alto

Nyheter