CERT-SE:s veckobrev v.30

Veckobrev

Även denna fredag, systemadministratörens dag, är nyhetsbrevet fullproppat med analyser och rapporter. Här finns även nyheter om både intrång och läckor.

Passa på att använda de förhoppningsvis lugnare sommardagarna till att se över er cyberhygien, och fira era systemadministratörer ordentligt!

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Albania Continues Investigations into Cyberattack as Online Services Resume (21 jul)
https://exit.al/en/2022/07/21/albania-continues-investigations-into-cyberattack-as-online-services-resume/

Hacker selling Twitter account data of 5.4 million users for $30k (22 jul)
https://www.bleepingcomputer.com/news/security/hacker-selling-twitter-account-data-of-54-million-users-for-30k/

Hackers breach Ukrainian radio network to spread fake news about Zelenskiy (22 jul)
https://www.bleepingcomputer.com/news/security/hackers-breach-ukrainian-radio-network-to-spread-fake-news-about-zelenskiy/

Hoten mot it-systemen ökar – forskningssatsning vid LTU på cybersäkerhet (22 jul)
https://www.svt.se/nyheter/lokalt/norrbotten/hoten-mot-it-systemen-okar-forskningssatsning-pa-cybersakerhet

Chrome use subject to restrictions in Dutch schools over data security concerns (23 jul)
https://www.bleepingcomputer.com/news/security/chrome-use-subject-to-restrictions-in-dutch-schools-over-data-security-concerns/

‘Audits Are Not Bulletproof’: How Audius Was Hacked for $6M in Ethereum Tokens (25 jul)
https://decrypt.co/105913/how-audius-was-hacked-6m-ethereum-tokens

Italy’s Tax Agency May Be Under Cyberattack, Ansa Reports (25 jul)
https://www.bloomberg.com/news/articles/2022-07-25/italy-s-tax-agency-may-be-under-cyberattack-ansa-says

European Cops Helped 1.5 Million People Decrypt Their Ransomwared Computers (26 jul)
https://www.vice.com/en/article/y3pv9v/european-cops-helped-15-million-people-decrypt-their-ransomwared-computers

Tågsystem låg nere – risk för försening (26 jul)
https://www.expressen.se/nyheter/stora-storningar-i-tagtrafiken-hela-landet-drabbat/

JusTalk spilled millions of user messages and locations for months (26 jul)
https://techcrunch.com/2022/07/26/justalk-spilled-millions-of-user-messages-and-locations-for-months/

EXCLUSIVE EU found evidence employee phones compromised with spyware -letter (27 jul)
https://www.reuters.com/technology/exclusive-eu-found-evidence-employee-phones-compromised-with-spyware-letter-2022-07-27/

Kansas MSP shuts down cloud services to fend off cyberattack (27 jul)
https://www.bleepingcomputer.com/news/security/kansas-msp-shuts-down-cloud-services-to-fend-off-cyberattack/

HR Emails Dupe Employees The Most – KnowBe4 research reveals (27 jul)
https://www.itsecurityguru.org/2022/07/27/hr-emails-dupe-employees-the-most-knowbe4-research-reveals/

Cyberspies use Google Chrome extension to steal emails undetected (28 jul)
https://www.bleepingcomputer.com/news/security/cyberspies-use-google-chrome-extension-to-steal-emails-undetected/

Spanish Police Arrest 2 Nuclear Power Workers for Cyberattacking the Radiation Alert System (29 jul)
https://thehackernews.com/2022/07/spanish-police-arrest-2-nuclear-power.html

Informationssäkerhet och blandat

Securonix Threat Labs Initial Coverage Advisory: STIFF#BIZON Detection Using Securonix – New Attack Campaign Observed Possibly Linked to Konni/APT37 (North Korea) (20 jul)
https://www.securonix.com/blog/stiffbizon-detection-new-attack-campaign-observed/

Atlas Intelligence Group (A.I.G) – The Wrath of a Titan (20 jul)
https://cyberint.com/blog/research/atlas-intelligence-group/

Amadey Bot Being Distributed Through SmokeLoader (21 jul)
https://asec.ahnlab.com/en/36634/

The Evolution of Cybercrime: Why the Dark Web is Supercharging the Threat Landscape and How to Fight Back (21 jul)
https://threatresearch.ext.hp.com/evolution-of-cybercrime-report/

TSA revises and reissues cybersecurity requirements for pipeline owners and operators (21 jul)
https://www.tsa.gov/news/press/releases/2022/07/21/tsa-revises-and-reissues-cybersecurity-requirements-pipeline-owners

DUCKTAIL: An infostealer malware targeting Facebook Business accounts (26 jul)
https://labs.withsecure.com/publications/ducktail

Robin Banks might be robbing your bank (26 jul)
https://www.ironnet.com/blog/robin-banks-a-new-phishing-as-a-service-platform

Attackers Move Quickly to Exploit High-Profile Zero Days: Insights From the 2022 Unit 42 Incident Response Report (26 jul)
https://unit42.paloaltonetworks.com/incident-response-report/

Sommarprat: Anne-Marie Eklund Löwinder (27 jul)
https://sverigesradio.se/avsnitt/anne-marie-eklund-lowinder-sommarprat-2022

Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits (27 jul)
https://www.microsoft.com/security/blog/2022/07/27/untangling-knotweed-european-private-sector-offensive-actor-using-0-day-exploits/

Malware Analysis Report (AR22-203A) (27 jul)
https://www.cisa.gov/uscert/ncas/analysis-reports/ar22-203a

Exfiltrating Data With Bookmarks (28 jul)
https://isc.sans.edu/diary/28884

How Threat Actors Are Adapting to a Post-Macro World (28 jul)
https://www.proofpoint.com/us/blog/threat-insight/how-threat-actors-are-adapting-post-macro-world

Fewer Ransomware Victims Pay, as Median Ransom Falls in Q2 2022 (28 jul)
https://www.coveware.com/blog/2022/7/27/fewer-ransomware-victims-pay-as-medium-ransom-falls-in-q2-2022

Cyber Guidance for Small Businesses
https://www.cisa.gov/small-business

CERT-SE i veckan

Flera sårbarheter i SambaKritisk sårbarhet i SonicWall-produkter