CERT-SE:s veckobrev v.31
Efter en färgglad vecka med både Pride och uppdatering av TLP kommer här lite omvärldsbevakning från CERT-SE. Det har rapporterats om ett antal olika angrepp, bland annat överbelastningsattacker och utpressningsvirus. Dessutom blir det som vanligt några djupdykningar i olika typer av skadlig kod.
Trevlig helg önskar CERT-SE! 🏳️🌈
Nyheter i veckan
Fake investment scams in Europe (29 jul)
https://blog.group-ib.com/investment-scams-europe
Cyberattack mot nyhetsbyrån STT – en del system stängdes ner som en försiktighetsåtgärd (29 jul)
https://svenska.yle.fi/a/7-10019151
Luxembourg energy companies struggling with alleged ransomware attack, data breach (1 aug)
https://therecord.media/luxembourg-energy-companies-struggling-with-alleged-ransomware-attack-data-breach/
Encevo Cyberattack
https://www.encevo.eu/en/encevo-cyberattack/
EU missile maker MBDA confirms data theft extortion, denies breach (2 aug)
https://www.bleepingcomputer.com/news/security/eu-missile-maker-mbda-confirms-data-theft-extortion-denies-breach/
Hacking allegations against MBDA Italy (1 aug)
https://www.mbda-systems.com/2022/08/01/hacking-allegations-against-mbda-italy/
Semiconductor manufacturer Semikron hit by LV ransomware attack (2 aug)
https://www.bleepingcomputer.com/news/security/semiconductor-manufacturer-semikron-hit-by-lv-ransomware-attack/
Cyber-Vorfall bei SEMIKRON (1 aug)
https://www.semikron.com/de/ueber-semikron/news-presse/detail/cyber-vorfall-bei-semikron-1.html
SSU shuts down million-strong bot farm that destabilized situation in Ukraine and worked for one of political forces (2 aug)
https://ssu.gov.ua/en/novyny/sbu-likviduvala-milionnu-botofermu-yaka-rozkhytuvala-obstanovku-v-ukraini-na-zamovlennia-odniiei-z-politsyl-video
Post-quantum encryption contender is taken out by single-core PC and 1 hour (2 aug)
https://arstechnica.com/information-technology/2022/08/sike-once-a-post-quantum-encryption-contender-is-koed-in-nist-smackdown/
Spanish Research Center Suffers Cyberattack Linked to Russia (2 aug)
https://www.securityweek.com/spanish-research-center-suffers-cyberattack-linked-russia
El Consejo Superior de Investigaciones Científicas (CSIC) recibe un ciberataque (2 aug)
https://www.ciencia.gob.es/en/Noticias/2022/Agosto/El-Consejo-Superior-de-Investigaciones-Cient-ficas–CSIC–recibe-un-ciberataque.html
Taiwanese President and Top Govt Sites Hit by DDoS Attacks Amid Pelosi visit (2 aug)
https://www.hackread.com/taiwanese-president-govt-sites-ddos-attacks-pelosi-visit/
Tory-partiets omröstning om ny ledare stoppad av hackerlarm (3 aug)
https://www.svt.se/nyheter/utrikes/konservativa-partiets-omrostning-stoppad-av-hackerlarm
Solana Wallets Targeted in Latest Multimillion-Dollar Hack (3 aug)
https://www.coindesk.com/markets/2022/08/03/phantom-wallet-exploit-drains-millions-in-sol-tokens/
FEMA warns emergency alert systems could be hacked to transmit fake messages unless software is updated (3 aug)
https://edition.cnn.com/2022/08/03/politics/fema-emergency-alert-software-warning/index.html
35,000 code repos not hacked—but clones flood GitHub to serve malware (3 aug)
https://www.bleepingcomputer.com/news/security/35-000-code-repos-not-hacked-but-clones-flood-github-to-serve-malware/
New Traffic Light Protocol standard released after five years (4 aug)
https://www.bleepingcomputer.com/news/security/new-traffic-light-protocol-standard-released-after-five-years/
TRAFFIC LIGHT PROTOCOL (TLP)
https://www.first.org/tlp/
German Chambers of Industry and Commerce hit by ‘massive’ cyberattack (4 aug)
https://www.bleepingcomputer.com/news/security/german-chambers-of-industry-and-commerce-hit-by-massive-cyberattack/
Informationssäkerhet och blandat
Largest European DDoS Attack on Record (27 jul)
https://www.akamai.com/blog/security/largest-european-ddos-attack-ever
SharpTongue Deploys Clever Mail-Stealing Browser Extension “SHARPEXT” (28 jul)
https://www.volexity.com/blog/2022/07/28/sharptongue-deploys-clever-mail-stealing-browser-extension-sharpext/
Why security teams should prepare to slay the three-headed dragon [Q&A] (1 aug)
https://betanews.com/2022/08/01/why-security-teams-should-prepare-to-slay-the-three-headed-dragon-qa/
Large-Scale AiTM Attack targeting enterprise users of Microsoft email services (2 aug)
https://www.zscaler.com/blogs/security-research/large-scale-aitm-attack-targeting-enterprise-users-microsoft-email-services
Deepwatch ATI detects and responds to never before discovered backdoor deployed using Confluence vulnerability for suspected Espionage (2 aug)
https://www.deepwatch.com/labs/deepwatch-ati-detects-and-responds-to-never-before-discovered-backdoor-deployed-using-confluence-vulnerability-for-suspected-espionage/
Woody RAT: A new feature-rich malware spotted in the wild (3 aug)
https://blog.malwarebytes.com/threat-intelligence/2022/08/woody-rat-a-new-feature-rich-malware-spotted-in-the-wild/
So RapperBot, What Ya Bruting For? (3 aug)
https://www.fortinet.com/blog/threat-research/rapperbot-malware-discovery
2021 Top Malware Strains (4 aug)
https://www.cisa.gov/uscert/ncas/alerts/aa22-216a
CERT-SE i veckan
Sårbarhet i PAN-OS och Prisma Access utnyttjas aktivt
Kritiska sårbarheter i Cisco-produkter
Sårbarheter i flera VMware-produkter
Kritiska sårbarheter i produkter från Atlassian (Uppdaterad 2022-08-01)