CERT-SE:s veckobrev v.26

Veckobrev

Denna vecka bland annat om omfattande cyberangrepp i Litauen och Norge. CISA uppmärksammar hur Log4Shell fortsatt utnyttjas i VMware Horizon-system.

Trevlig helg!

Nyheter i veckan

Google: How we tackled this iPhone, Android spyware (24 jun)
https://www.theregister.com/2022/06/24/spyware_iphones_android_isp/

NSO claims ‘more than 5’ EU states use Pegasus spyware (24 jun)
https://www.theregister.com/2022/06/24/nso_customers_eu_pegasus/

Fake copyright infringement emails install LockBit ransomware (26 jun)
https://www.bleepingcomputer.com/news/security/fake-copyright-infringement-emails-install-lockbit-ransomware/

We’re now truly in the era of ransomware as pure extortion without the encryption (25 jun)
https://www.theregister.com/2022/06/25/ransomware_gangs_extortion_feature/

Clever phishing method bypasses MFA using Microsoft WebView2 apps (26 jun)
https://www.bleepingcomputer.com/news/security/clever-phishing-method-bypasses-mfa-using-microsoft-webview2-apps/

Pro-Russian Hacker Group Killnet Hits Critical Government Websites in Lithuania (27 jun)
https://www.infosecurity-magazine.com/news/killnet-hacks-lithuania-government/

Russia’s Killnet hacker group says it attacked Lithuania (27 jun)
https://www.reuters.com/technology/russias-killnet-hacker-group-says-it-attacked-lithuania-2022-06-27/

Vice Society claims ransomware attack on Med. University of Innsbruck (27 jun)
https://www.bleepingcomputer.com/news/security/vice-society-claims-ransomware-attack-on-med-university-of-innsbruck/

Slovak Telekom targeted in huge cyber attack (27 jun)
https://spectator.sme.sk/c/22947883/slovak-telekom-targeted-in-huge-cyber-attack.html

Cyberattack Forces Iran Steel Company to Halt Production (27 jun)
https://www.securityweek.com/cyberattack-forces-iran-steel-company-halt-production

Google varnar för det italienska spionverktyget Hermit (27 jun)
https://computersweden.idg.se/2.2683/1.767964/google-varnar-for-det-italienska-spionverktyget-hermit

APT Hackers Targeting Industrial Control Systems with ShadowPad Backdoor (28 jun)
https://thehackernews.com/2022/06/apt-hackers-targeting-industrial.html

Hertzbleed explained (28 jun)
https://blog.cloudflare.com/hertzbleed-explained/

Dozens of cryptography libraries vulnerable to private key theft (28 jun)
https://portswigger.net/daily-swig/dozens-of-cryptography-libraries-vulnerable-to-private-key-theft

Carnival Cruises bruised by $6.25 million fine after series of cyberattacks (28 juni)
https://www.bitdefender.com/blog/hotforsecurity/carnival-cruises-bruised-by-6-25-million-find-after-series-of-cyberattacks/

AMD investigates RansomHouse hack claims, theft of 450GB data (28 jun)
https://www.bleepingcomputer.com/news/security/amd-investigates-ransomhouse-hack-claims-theft-of-450gb-data/

Ukraine arrests cybercrime gang operating over 400 phishing sites (29 jun)
https://www.bleepingcomputer.com/news/security/ukraine-arrests-cybercrime-gang-operating-over-400-phishing-sites/

Rysk grupp bakom IT-attack mot Norge (29 jun)
https://www.svd.se/a/282A7R/norska-bank-id-nere-rysk-grupp-tar-pa-sig-attack

Kraftig ddos-attack mot Norge – flera stora sajter nere (29 jun)
https://computersweden.idg.se/2.2683/1.768037/kraftig-ddos-attack-mot-norge–flera-stora-sajter-nere

Microsoft warning: This malware that targets Linux just got a big update (30 jun)
https://www.zdnet.com/article/microsoft-warning-this-malware-that-targets-linux-just-got-a-big-update/

Rapporter

2022 CWE Top 25 Most Dangerous Software Weaknesses
https://cwe.mitre.org/top25/archive/2022/2022_cwe_top25.html

Keeping PowerShell: Security Measures to Use and Embrace
https://www.cisa.gov/uscert/ncas/current-activity/2022/06/22/keeping-powershell-measures-use-and-embrace

Malicious Cyber Actors Continue to Exploit Log4Shell in Vmware Horizon Systems (24 jun)
https://www.cisa.gov/uscert/ncas/alerts/aa22-174a

StopRansomware: MedusaLocker (30 jun)
https://www.cisa.gov/uscert/ncas/alerts/aa22-181a

Händelser i Sverige

Sveriges Radio lät it-tekniker från Israel och Ryssland jobba innanför skalskyddet (27 jun)
https://www.dn.se/sverige/sveriges-radio-lat-it-tekniker-fran-israel-och-ryssland-jobba-innanfor-skalskyddet/

Sverige bas för rysk hackergrupp - förvarade server i Stockholm (28 jun)
https://www.dn.se/sverige/sverige-bas-for-rysk-hackergrupp-forvarade-server-i-stockholm/

Beslut om att förverka en hårddisk (28 jun)
https://www.aklagare.se/nyheter-press/pressmeddelanden/2022/juni/beslut-om-att-forverka-en-harddisk/

Tekniska förutsättningar i molntjänster (28 jun)
https://www.esamverka.se/download/18.1ec521a61817ffb56514fea9/1656598104185/Tekniska%20f%C3%B6ruts%C3%A4ttningar%20i%20molntj%C3%A4nster%202.0_2022.pdf

Cyberattacker mot tjänsteföretag vanligt – vart femte drabbat (30 jun)
https://computersweden.idg.se/2.2683/1.768065/cyberattacker-mot-tjansteforetag-vanligt–vart-femte-drabbat

Kalix nya lösningar ska minska risken för cyberattacker (1 jul)
https://www.dn.se/ekonomi/kalix-nya-losningar-ska-minska-risken-for-cyberattacker/

Informationssäkerhet och blandat

FRA 80 år
https://fra.se/system/mainentrynews/fra80ar.5.6a76c4041614726b25a11b.html

Japanese man loses USB stick with entire city’s personal details (25 jun)
https://www.bbc.com/news/world-asia-61921222

IVA fokuserar på: Cyberangrepp – ett växande hot mot svenskt näringsliv (27 jun)
https://www.iva.se/publicerat/iva-fokuserar-pa-cyberangrepp-ett-vaxande-hot-mot-svenskt-naringsliv/

5 years after NotPetya: Lessons learned (27 jun)
https://www.csoonline.com/article/3664930/5-years-after-notpetya-lessons-learned.html

Ryska hackerattacker mot en rad länder – men gör de någon verklig skada (30 jun)
https://www.svt.se/nyheter/utrikes/ryska-hackerattacker-mot-en-rad-lander-men-gor-de-nagon-skada-overhuvudtaget