CERT-SE:s veckobrev v.24
Patch-tisdag, phishing och Panchan … lite från ännu en händelserik veckan. Flera versioner av Internet Explorer har gått i graven och fortfarande finns det anledning att uppmana till extra vaksamhet gällande phishing. Trevlig helg!
Nyheter i veckan
MIT Researchers Discover New Flaw in Apple M1 CPUs That Can’t Be Patched (11 jun)
https://thehackernews.com/2022/06/mit-researchers-discover-new-flaw-in.html
PyPI package ‘keep’ mistakenly included a password stealer (12 jun)
https://www.bleepingcomputer.com/news/security/pypi-package-keep-mistakenly-included-a-password-stealer/
Kaiser Permanente data breach exposes health data of 69K people (13 jun)
https://www.bleepingcomputer.com/news/security/kaiser-permanente-data-breach-exposes-health-data-of-69k-people/
Cloudflare Saw Record-Breaking DDoS Attack Peaking at 26 Million Request Per Second (14 jun)
https://thehackernews.com/2022/06/cloudflare-saw-record-breaking-ddos.html
Firefox rolls out Total Cookie Protection by default to all users worldwide (14 jun)
https://blog.mozilla.org/en/products/firefox/firefox-rolls-out-total-cookie-protection-by-default-to-all-users-worldwide/
Svenska storföretag dåligt skyddade mot mejl-spoofing – ”nonchalant och allvarligt” (15 jun)
https://computersweden.idg.se/2.2683/1.767533/svenska-storforetag-daligt-skyddade-mot-mejl-spoofing–nonchalant-och-allvarligt
Hertzbleed Side-Channel Attack allows to remotely steal encryption keys from AMD and Intel chips (15 jun)
https://securityaffairs.co/wordpress/132316/hacking/hertzbleed-side-channel-attack-allows-to-remotely-steal-encryption-keys-from-amd-and-intel-chips.html
Hertzbleed Attack
https://www.hertzbleed.com/
Heineken says there’s no free beer, warns of phishing scam (15 jun)
https://www.theregister.com/2022/06/15/heineken_phishing_scam/
Cybercriminals Capitalizing on Resurgence in Travel (15 jun)
https://www.darkreading.com/attacks-breaches/cybercriminals-capitalizing-on-resurgence-in-travel
New Linux Rootkit Malware ‘Syslogk’ Triggers Backdoors With Magic Packets (15 jun)
https://gbhackers.com/linux-rootkit-malware/
Sophisticated Android Spyware ‘Hermit’ Used by Governments (16 jun)
https://www.securityweek.com/sophisticated-android-spyware-hermit-used-governments
Proofpoint Discovers Potentially Dangerous Microsoft Office 365 Functionality that can Ransom Files Stored on SharePoint and OneDrive (16 jun)
https://www.proofpoint.com/us/blog/cloud-security/proofpoint-discovers-potentially-dangerous-microsoft-office-365-functionality
BlackCat ransomware
The many lives of BlackCat ransomware (13 jun)
https://www.microsoft.com/security/blog/2022/06/13/the-many-lives-of-blackcat-ransomware/
Microsoft: Exchange servers hacked to deploy BlackCat ransomware (13 jun)
https://www.bleepingcomputer.com/news/security/microsoft-exchange-servers-hacked-to-deploy-blackcat-ransomware/
Unpatched Exchange server, stolen RDP logins… How miscreants get BlackCat ransomware on your network (15 jun)
https://www.theregister.com/2022/06/15/blackcat-ransomware-microsoft/
Internet Explorer
Lifecycle FAQ - Internet Explorer and Microsoft Edge
https://docs.microsoft.com/en-us/lifecycle/faq/internet-explorer-microsoft-edge#what-is-the-lifecycle-policy-for-internet-explorer-
June 15: It’s the end of the Internet Explorer era (13 jun)
https://www.zdnet.com/article/june-15-its-the-end-of-the-internet-explorer-era/
Internet Explorer Now Retired but Still an Attacker Target (17 jun)
https://www.darkreading.com/vulnerabilities-threats/internet-explorer-will-likely-remain-an-attacker-target-for-some-time
Informationssäkerhet och blandat
Using Google Takeout to reclaim your data (11 jun)
https://www.itpro.co.uk/security/privacy/368243/using-google-takeout-to-reclaim-your-data
Your Computer Secretly Stores All Your Wi-Fi Passwords. Here’s How to Find Them (11 jun)
https://www.cnet.com/tech/computing/your-computer-secretly-stores-all-your-wi-fi-passwords-heres-how-to-find-them/
Change This Privacy Setting to Reduce Tracking on Roku, Apple TV, Fire TV and Chromecast (11 jun)
https://www.cnet.com/tech/home-entertainment/change-this-privacy-setting-to-reduce-tracking-on-roku-apple-tv-fire-tv-and-chromecast/
Conti’s Attack Against Costa Rica Sparks a New Ransomware Era (12 jun)
https://www.wired.com/story/costa-rica-ransomware-conti/
Your browser stores passwords and sensitive data in clear text in memory (12 jun)
https://www.ghacks.net/2022/06/12/your-browser-stores-passwords-and-sensitive-data-in-clear-text-in-memory/
“Downthem” DDoS-for-Hire Boss Gets 2 Years in Prison (13 jun)
https://krebsonsecurity.com/2022/06/downthem-ddos-for-hire-boss-gets-2-years-in-prison/
Ukraine Has Begun Moving Sensitive Data Outside Its Borders (14 jun)
https://nationalcybersecurity.com/ukraine-has-begun-moving-sensitive-data-outside-its-borders-cybersecurity-cyberattack-cybersecurity-infosecurity-hacker/
What is the Essential Eight (And Why Non-Aussies Should Care) (14 jun)
https://thehackernews.com/2022/06/what-is-essential-eight-and-why-non.html
Stora it-störningar påverkade akutsjukhus i Stockholm och Gotland (14 juni)
https://www.dn.se/sverige/stora-it-storningar-pa-akutsjukhus-i-stockholm/
In Case You Missed RSA Conference 2022: A News Digest (15 jun)
https://www.darkreading.com/threat-intelligence/in-case-you-missed-it-what-went-down-at-rsa-conference-2022
Why We Need Security Knowledge and Not Just Threat Intel (15 jun)
https://www.darkreading.com/threat-intelligence/why-we-need-security-knowledge-and-not-just-threat-intel
State of OT Security in 2022: Big Survey Key Insights (15 jun)
https://www.trendmicro.com/en_us/research/22/f/state-of-ot-security-2022.html
Attacks on Blockchain (15 jun)
https://securityboulevard.com/2022/06/attacks-on-blockchain-2/
Panchan’s Mining Rig: New Golang Peer-to-Peer Botnet Says “Hi!” (15 jun)
https://www.akamai.com/blog/security/new-p2p-botnet-panchan
CISOs Gain False Confidence in the Calm After the Storm of the Pandemic (16 jun)
https://www.darkreading.com/attacks-breaches/cisos-gain-false-confidence-in-the-calm-after-the-storm-of-the-pandemic
CERT-SE i veckan
Kritisk sårbarhet i Citrix ADM
Kritiska sårbarheter i Cisco-produkter
Kritisk sårbarhet påverkar SAP Business Client