CERT-SE:s veckobrev v.33

Veckobrev

Ett brittiskt vattenföretag har utsatts för cyberattack, konferenserna DEFCON och Black Hat USA har varit förra veckan och CISA har publicerat fem säkerhetsråd gällande industriella styr- och kontrollsystem (ICS).

Håll huvudet kallt i sommarvärmen och era enheter väl uppdaterade.

Trevlig helg!

Nyheter i veckan

This Anti-Tracking Tool Checks If You’re Being Followed (11 aug)
https://www.wired.com/story/this-anti-tracking-tool-checks-if-youre-being-followed/

Alert (AA22-223A) | #StopRansomware: Zeppelin Ransomware (11 aug)
https://www.cisa.gov/uscert/ncas/alerts/aa22-223a

A vulnerability was found in Electron which is what drives Discord, Spotify, and Microsoft Teams (12 aug)
https://www.malwarebytes.com/blog/news/2022/08/a-vulnerability-was-found-in-electron-which-is-what-drives-discord-spotify-and-microsoft-teams

Evil PLC Attack: Using a Controller as Predator Rather than Prey (13 aug)
https://claroty.com/team82/research/evil-plc-attack-using-a-controller-as-predator-rather-than-prey

Over 9,000 VNC servers exposed online without a password (14 aug)
https://www.bleepingcomputer.com/news/security/over-9-000-vnc-servers-exposed-online-without-a-password/

Sverige sticker ut i ny mätning – så många VNC-servrar saknar lösenord (15 aug)
https://computersweden.idg.se/2.2683/1.769288/oskyddade-vnc-servrar

Nearly 1,900 Signal Messenger Accounts Potentially Compromised in Twilio Hack (15 aug)
https://thehackernews.com/2022/08/nearly-1900-signal-messenger-accounts.html

This String of Emojis Is Actually Malware (15 aug)
https://www.vice.com/en/article/wxnj49/this-string-of-emojis-is-actually-malware

Australian hacker devises jailbreak to run Doom on John Deere combines (16 aug)
https://www.techspot.com/news/95635-australian-hacker-devises-jailbreak-run-doom-john-deere.html

Staffordshire water company confirms cyber attack (16 aug)
https://www.irishnews.com/magazine/technology/2022/08/16/news/staffordshire_water_company_confirms_cyber_attack-2800666/

Water Company Says Supply Safe After Ransom Group Claims (16 aug)
https://www.infosecurity-magazine.com/news/water-company-says-supply-safe/

Hackers attack UK water supplier but extort wrong company (16 aug)
https://www.bleepingcomputer.com/news/security/hackers-attack-uk-water-supplier-but-extort-wrong-company/

Brazilian police launch investigation targeting Lapsus$ group (16 aug)
https://therecord.media/brazilian-police-launch-investigation-targeting-lapsus-group/

RTLS systems vulnerable to MiTM attacks, location manipulation (16 aug)
https://www.bleepingcomputer.com/news/security/rtls-systems-vulnerable-to-mitm-attacks-location-manipulation/

Fortinet: Use of wipers expanding beyond Ukraine to 24 countries (17 aug)
https://therecord.media/fortinet-use-of-wipers-expanding-beyond-ukraine-to-24-countries/

Malicious PyPi packages turn Discord into password-stealing malware (17 aug)
https://www.bleepingcomputer.com/news/security/malicious-pypi-packages-turn-discord-into-password-stealing-malware/

Estonia subjected to ‘extensive’ cyberattacks after moving Soviet monuments (18 aug)
https://news.err.ee/1608688201/estonia-subjected-to-extensive-cyberattacks-after-moving-soviet-monuments

CISA releases 5 Industrial Control Systems Advisories (18 aug)
https://www.cisa.gov/uscert/ncas/current-activity/2022/08/18/cisa-releases-5-industrial-control-systems-advisories

Informationssäkerhet och blandat

Ransomware Groups Refine Shakedown and Monetization Models (12 aug)
https://www.bankinfosecurity.com/ransomware-groups-refine-shakedown-monetization-models-a-19790

Microsoft disrupts Russian hackers’ operation on NATO targets (15 aug)
https://www.bleepingcomputer.com/news/security/microsoft-disrupts-russian-hackers-operation-on-nato-targets/

When Efforts to Contain a Data Breach Backfire (16 aug)
https://krebsonsecurity.com/2022/08/when-efforts-to-contain-a-data-breach-backfire/

Microsoft Employees Exposed Own Company’s Internal Logins (16 aug)
https://www.vice.com/en/article/m7gb43/microsoft-employees-exposed-login-credentials-azure-github

Healthcare Breaches Costliest for 12 Years Running, Hit New $10.1M Record High (17 aug)
https://securityintelligence.com/posts/healthcare-data-breaches-costliest/

iOS VPNs have leaked traffic for more than 2 years, researcher claims (17 aug)
https://arstechnica.com/information-technology/2022/08/ios-vpns-still-leak-traffic-more-than-2-years-later-researcher-claims/

Mozilla finds 18 of 25 popular reproductive health apps share your data (17 aug)
https://www.theregister.com/2022/08/17/mozilla_pregnancy_app/

Samhällets informations- och cybersäkerhet (18 aug)
https://www.riksrevisionen.se/nu-granskas/pagaende-granskningar/samhallets-informations–och-cybersakerhet.html

Janet Jackson music video declared a cybersecurity exploit (18 aug)
https://www.theregister.com/2022/08/18/janet_jackson_video_crashes_laptops/

Apple varnar för säkerhetsbrist hos Iphones och Ipads (19 aug)
https://www.dn.se/ekonomi/apple-varnar-for-sakerhetsbrist-hos-iphones-och-ipads/

CERT-SE i veckan

Kritisk sårbarhet i Zimbra Collaboration Suite

Flera sårbarheter i Apple-produkter