CERT-SE:s veckobrev v.23
I veckans nyhetsbrev ryms såväl incidenter som rapporter och verktyg. Ett par artiklar tar även upp presentationer från RSA-konferensen och det har hållits en europeisk cybersäkerhetsövning med fokus på sjukvårdssektorn.
Trevlig helg önskar CERT-SE!
Nyheter i veckan
Dutch Used Pegasus Spyware on Most-Wanted Criminal: Report (2 jun)
https://www.securityweek.com/dutch-used-pegasus-spyware-most-wanted-criminal-report
Microsoft disrupts Bohrium hackers’ spear-phishing operation (3 jun)
https://www.bleepingcomputer.com/news/security/microsoft-disrupts-bohrium-hackers-spear-phishing-operation/
Novartis says no sensitive data was compromised in cyberattack (3 jun)
https://www.bleepingcomputer.com/news/security/novartis-says-no-sensitive-data-was-compromised-in-cyberattack/
State-Backed Hackers Exploit Microsoft ‘Follina’ Bug to Target Entities in Europe and U.S (5 jun)
https://thehackernews.com/2022/06/state-backed-hackers-exploit-microsoft.html
10 Most Prolific Banking Trojans Targeting Hundreds of Financial Apps with Over a Billion Users (6 jun)
https://thehackernews.com/2022/06/10-most-prolific-banking-trojans.html
Mandiant: “No evidence” we were hacked by LockBit ransomware (6 jun)
https://www.bleepingcomputer.com/news/security/mandiant-no-evidence-we-were-hacked-by-lockbit-ransomware/
Shining the Light on Black Basta (6 jun)
https://research.nccgroup.com/2022/06/06/shining-the-light-on-black-basta/
Italian city of Palermo shuts down all systems to fend off cyberattack (6 jun)
https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/
Qbot malware now uses Windows MSDT zero-day in phishing attacks (7 jun)
https://www.bleepingcomputer.com/news/security/qbot-malware-now-uses-windows-msdt-zero-day-in-phishing-attacks/
Online gun shops in the US hacked to steal credit cards (7 jun)
https://www.bleepingcomputer.com/news/security/online-gun-shops-in-the-us-hacked-to-steal-credit-cards/
SSNDOB Marketplace, A Series Of Websites That Listed More Than 20 Million Social Security Numbers For Sale, Seized And Dismantled In International Operation (7 jun)
https://www.justice.gov/usao-mdfl/pr/ssndob-marketplace-series-websites-listed-more-20-million-social-security-numbers-sale
People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices (7 jun)
https://www.cisa.gov/uscert/ncas/alerts/aa22-158a
MITRE System of Trust identifies and quantifies supply chain security risks (7 jun)
https://www.helpnetsecurity.com/2022/06/07/mitre-system-of-trust/
MITRE System of Trust
https://sot.mitre.org/
New Briefing Pack for the NCSC Board Toolkit now available (7 jun)
https://www.ncsc.gov.uk/blog-post/new-briefing-pack-for-the-ncsc-board-toolkit
2 Million Impacted by Data Breach at Massachusetts Health Care Organization (8 jun)
https://www.nbcboston.com/news/local/massachusetts-health-care-group-investigating-data-security-breach/2741994/
New Emotet Variant Stealing Users’ Credit Card Information from Google Chrome (8 jun)
https://thehackernews.com/2022/06/new-emotet-variant-stealing-users.html
An Emerging Threat: Attacking 5G Via Network Slices (8 jun)
https://www.darkreading.com/threat-intelligence/an-emerging-threat-attacking-5g-via-network-slices
BankID varnar för en ökning av falska sms (8 jun)
https://sakerhetskollen.se/aktuella-brott/bankid-varnar-for-en-okning-av-falska-sms
Tekniktrasslet på myndigheterna löst (9 jun)
https://tt.omni.se/tekniktrasslet-pa-myndigheterna-lost/a/wOlElP
Symbiote: A New, Nearly-Impossible-to-Detect Linux Threat (9 jun)
https://blogs.blackberry.com/en/2022/06/symbiote-a-new-nearly-impossible-to-detect-linux-threat
Cyber Europe 2022: Testing the Resilience of the European Healthcare Sector (9 jun)
https://www.enisa.europa.eu/news/enisa-news/cyber-europe-2022-testing-the-resilience-of-the-european-healthcare-sector
Informationssäkerhet och blandat
SVCReady: A New Loader Gets Ready (6 jun)
https://threatresearch.ext.hp.com/svcready-a-new-loader-reveals-itself/
How to audit Node.js modules (9 jun)
https://mattermost.com/blog/how-to-audit-nodejs-modules/
LockBit 2.0: How This RaaS Operates and How to Protect Against It (9 jun)
https://unit42.paloaltonetworks.com/lockbit-2-ransomware/
Reducing the Significant Risk of Known Exploited Vulnerabilities
https://www.cisa.gov/known-exploited-vulnerabilities
Ransomware The True Cost to Business
https://www.cybereason.com/hubfs/dam/collateral/reports/Ransomware-The-True-Cost-to-Business-2022.pdf
CERT-SE i veckan
Kritisk 0-day-sårbarhet i Confluence (Uppdaterad 2022-06-09)