CERT-SE:s veckobrev v.28
Trots semestertider fortsätter störningar och angrepp mot it-system. I veckans nyhetsbrev finns artiklar om allt från dataläckor till utpressningsvirus och överbelastningsattacker. Dessutom har det i veckan varit patchtisdag.
Trevlig helg önskar CERT-SE!
Nyheter i veckan
PQC Standardization Process: Announcing Four Candidates to be Standardized, Plus Fourth Round Candidates (5 jul)
https://csrc.nist.gov/news/2022/pqc-candidates-to-be-standardized-and-round-4
From Follina to Rozena - Leveraging Discord to Distribute a Backdoor (6 jul)
https://www.fortinet.com/blog/threat-research/follina-rozena-leveraging-discord-to-distribute-a-backdoor
New 0mega ransomware targets businesses in double-extortion attacks (8 jul)
https://www.bleepingcomputer.com/news/security/new-0mega-ransomware-targets-businesses-in-double-extortion-attacks/
French telecom company La Poste Mobile struggling to recover from ransomware attack (8 jul)
https://therecord.media/french-telecom-company-la-poste-mobile-struggling-to-recover-from-ransomware-attack/
Rogers says services mostly restored after daylong outage left millions offline (8 jul)
https://www.cbc.ca/news/business/rogers-outage-cell-mobile-wifi-1.6514373
Mangatoon data breach exposes data from 23 million accounts (9 jul)
https://www.bleepingcomputer.com/news/security/mangatoon-data-breach-exposes-data-from-23-million-accounts/
Microsoft says decision to unblock Office macros is temporary (11 jul)
https://www.bleepingcomputer.com/news/microsoft/microsoft-says-decision-to-unblock-office-macros-is-temporary/
ECB Says Lagarde Was Targeted in Cyber Attack, No Data Stolen (12 jul)
https://www.bloomberg.com/news/articles/2022-07-12/ecb-says-lagarde-was-targeted-in-cyber-attack-no-data-stolen
Lithuanian Energy Firm Disrupted by DDOS Attack (12 jul)
https://www.infosecurity-magazine.com/news/lithuanian-energy-ddos-attack/
Rise in Qakbot attacks traced to evolving threat techniques (12 jul)
https://www.zscaler.com/blogs/security-research/rise-qakbot-attacks-traced-evolving-threat-techniques
From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud (12 jul)
https://www.microsoft.com/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-financial-fraud/
India Calls for Stricter Actions Against Cybercriminals (12 jul)
https://www.bankinfosecurity.com/india-calls-for-stricter-actions-against-cybercriminals-a-19552
Microsoft open sources Salus software bill of materials (SBOM) generation tool (12 jul)
https://devblogs.microsoft.com/engineering-at-microsoft/microsoft-open-sources-salus-software-bill-of-materials-sbom-generation-tool/
ICS Patch Tuesday: Siemens, Schneider Electric Address 59 Vulnerabilities (12 jul)
https://www.securityweek.com/ics-patch-tuesday-siemens-schneider-electric-address-59-vulnerabilities
…Siemens Security Advisories https://new.siemens.com/global/en/products/services/cert.html?d=2022-07#SecurityPublications
Elden Ring gaming giant Bandai Namco says hackers may have stolen customer data (13 jul) https://techcrunch.com/2022/07/13/bandai-namco-data-stolen/
New Android malware on Google Play installed 3 million times (13 jul)
https://www.bleepingcomputer.com/news/security/new-android-malware-on-google-play-installed-3-million-times/
Android security: How this new malware has become a top smartphone threat (13 jul)
https://www.zdnet.com/article/android-security-how-this-new-malware-has-become-a-top-smartphone-threat
New Lilith ransomware emerges with extortion site, lists first victim (13 jul)
https://www.bleepingcomputer.com/news/security/new-lilith-ransomware-emerges-with-extortion-site-lists-first-victim/
Misstänkt dataintrång har polisanmälts (14 jul)
https://www.folkhalsomyndigheten.se/nyheter-och-press/nyhetsarkiv/2022/juli/misstankt-dataintrang-har-polisanmalts/
Mantis botnet behind the record-breaking DDoS attack in June (14 jul)
https://www.bleepingcomputer.com/news/security/mantis-botnet-behind-the-record-breaking-ddos-attack-in-june/
Översyn av lagen om signalspaning i försvarsunderrättelseverksamhet (14 jul)
https://www.regeringen.se/pressmeddelanden/2022/07/oversyn-av-lagen-om-signalspaning-i-forsvarsunderrattelseverksamhet/
Attackers scan 1.6 million WordPress sites for vulnerable plugin (15 jul)
https://www.bleepingcomputer.com/news/security/attackers-scan-16-million-wordpress-sites-for-vulnerable-plugin/
Informationssäkerhet och blandat
Tallinn Workshop Report (6 jul)
https://eccri.eu/events/tallinn-workshop-report/
ENISA Threat Landscape Methodology (6 jul)
https://www.enisa.europa.eu/publications/enisa-threat-landscape-methodology
How To Detect Privilege Escalation: Attack Path Analysis (6 jul)
https://sonraisecurity.com/blog/how-to-detect-privilege-escalation/
Tech support scammers caught by their own cameras (11 jul)
https://blog.malwarebytes.com/tech-support-scams/2022/07/tech-support-scammers-get-caught-on-camera/
ChromeLoader: New Stubborn Malware Campaign (12 jul)
https://unit42.paloaltonetworks.com/chromeloader-malware/
Building a TLS-compatible Honeypot
https://github.com/Nirusu/how-to-setup-a-honeypot
NCSC (IE): Securing Operational Technology
https://www.ncsc.gov.ie/pdfs/Securing_Operational_Technology.pdf
CERT-SE i veckan
Kritiska sårbarheter i Cisco-produkter