CERT-SE:s veckobrev v.38
Ännu ett sammandrag av nyheter från veckan med bland annat varningar från polisen om olika bedrägerikampanjer både via mejl och telefonsamtal, övningen Safe Cyber och ett stort grattis till Danmark för ECSC-vinsten!
Trevlig helg önskar CERT-SE!
Nyheter i veckan
Chrome & Edge Enhanced Spellcheck Features Expose PII, Even Your Passwords (16 sept)
https://www.otto-js.com/news/article/chrome-and-edge-enhanced-spellcheck-features-expose-pii-even-your-passwords
Trojanized versions of PuTTY utility being used to spread backdoor (16 sept)
https://arstechnica.com/information-technology/2022/09/trojanized-versions-of-putty-utility-being-used-to-spread-backdoor/
Cybersäkerhetens hotnivå har stigit – även aktivitet mot Finland har ökat (16 sept)
https://www.traficom.fi/sv/aktuellt/cybersakerhetens-hotniva-har-stigit-aven-aktivitet-mot-finland-har-okat
EU moves to protect journalists from spyware (17 sept)
https://therecord.media/eu-moves-to-protect-journalists-from-spyware/
IHG hack: ‘Vindictive’ couple deleted hotel chain data for fun (17 sept)
https://www.bbc.com/news/technology-62937678
How to Use DuckDuckGo’s Privacy-First Email (18 sept)
https://www.wired.com/story/how-to-use-duckduckgo-privacy-first-email/
How botnet attacks work and how to defend against them (19 sept)
https://www.bleepingcomputer.com/news/security/how-botnet-attacks-work-and-how-to-defend-against-them/
Free Decryptor Available for LockerGoga Ransomware Victims (19 sept)
https://www.securityweek.com/free-decryptor-available-lockergoga-ransomware-victims
Russian Sandworm hackers pose as Ukrainian telcos to drop malware (19 sept)
https://www.bleepingcomputer.com/news/security/russian-sandworm-hackers-pose-as-ukrainian-telcos-to-drop-malware/
Emotet Botnet Started Distributing Quantum and BlackCat Ransomware (19 sept)
https://thehackernews.com/2022/09/emotet-botnet-started-distributing.html
Record 25.3 Billion Request Multiplexing Attack Mitigated by Imperva (19 sept)
https://www.imperva.com/blog/record-25-3-billion-request-multiplexing-attack-mitigated-by-imperva/
New York Emergency Services Provider Says Patient Data Stolen in Ransomware Attack (20 sept)
https://www.securityweek.com/new-york-emergency-services-provider-says-patient-data-stolen-ransomware-attack
Hive ransomware claims attack on New York Racing Association (20 sept)
https://www.bleepingcomputer.com/news/security/hive-ransomware-claims-attack-on-new-york-racing-association/
The last man selling floppy disks says he still receives orders from airlines (20 sept)
https://www.techspot.com/news/96042-last-man-selling-floppy-disks-receives-orders-airlines.html
Domain Shadowing: A Stealthy Use of DNS Compromise for Cybercrime (21 sept)
https://unit42.paloaltonetworks.com/domain-shadowing/
LockBit ransomware builder leaked online by “angry developer” (21 sept)
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-builder-leaked-online-by-angry-developer-/
Revealed: US Military Bought Mass Monitoring Tool That Includes Internet Browsing, Email Data (21 sept)
https://www.vice.com/en/article/y3pnkw/us-military-bought-mass-monitoring-augury-team-cymru-browsing-email-data
Unpatched 15-year old Python bug allows code execution in 350k projects (21 sept)
https://www.bleepingcomputer.com/news/security/unpatched-15-year-old-python-bug-allows-code-execution-in-350k-projects/
–
Tarfile: Exploiting the World With a 15-Year-Old Vulnerability (21 sept)
https://www.trellix.com/en-us/about/newsroom/stories/research/tarfile-exploiting-the-world.html
What you need to know about Evil-Colon attacks (22 sept)
https://www.helpnetsecurity.com/2022/09/22/evil-colon-attacks/
Denmark latest to conclude Google Analytics is unlawful (22 sept)
https://www.computing.co.uk/news/4056735/denmark-conclude-google-analytics-unlawful
–
Press release: Use of Google Analytics for web analytics (21 sept)
https://www.datatilsynet.dk/english/google-analytics/use-of-google-analytics-for-web-analytics
Databases. EXPOSED! (Redis) (22 sept)
https://censys.io/databases-exposed-redis/
ALPHV/BlackCat ransomware family becoming more dangerous (22 sept)
https://www.computerweekly.com/news/252525240/ALPHV-BlackCat-ransomware-family-becoming-more-dangerous
Hackers Targeting Unpatched Atlassian Confluence Servers to Deploy Crypto Miners (22 sept)
https://thehackernews.com/2022/09/hackers-targeting-unpatched-atlassian.html
Malicious OAuth applications used to compromise email servers and spread spam (22 sept)
https://www.microsoft.com/security/blog/2022/09/22/malicious-oauth-applications-used-to-compromise-email-servers-and-spread-spam/Prompt Injection/Extraction
Attacks against AI Systems (22 sept)
https://www.schneier.com/blog/archives/2022/09/prompt-injection-extraction-attacks-against-ai-systems.html
Jättearbetsgivare utsatt för IT-attack – verksamheten ligger nere (22 sept)
https://sverigesradio.se/artikel/jattearbetsgivare-utsatt-for-it-attack-verksamheten-ligger-nere
Informationssäkerhet och blandat
Massive Data Breach at Uber (16 sept)
https://www.schneier.com/blog/archives/2022/09/massive-data-breach-at-uber.html
–
The Uber Hack’s Devastation Is Just Starting to Reveal Itself (16 sept)
https://www.wired.com/story/uber-hack-mfa-phishing/
–
Uber links breach to Lapsus$ group, blames contractor for hack (19 sept)
https://www.bleepingcomputer.com/news/security/uber-links-breach-to-lapsus-group-blames-contractor-for-hack/
Can reflections in eyeglasses actually leak info from Zoom calls? Here’s a study into it (17 sept)
https://www.theregister.com/2022/09/17/glasses_reflections_zoom/
GTA 6 source code and videos leaked after Rockstar Games hack (18 sept)
https://www.bleepingcomputer.com/news/security/gta-6-source-code-and-videos-leaked-after-rockstar-games-hack/
Madeleine, 26, vill locka fler till cybersäkerhetsjobb (18 sept)
https://www.dn.se/ekonomi/madeleine-26-vill-locka-fler-till-cybersakerhetsjobb/
American Airlines discloses data breach after employee email compromise (19 sept)
https://www.bleepingcomputer.com/news/security/american-airlines-discloses-data-breach-after-employee-email-compromise/
Microsoft 365 phishing attacks impersonate U.S. govt agencies (19 sept)
https://www.bleepingcomputer.com/news/security/microsoft-365-phishing-attacks-impersonate-us-govt-agencies/
Credential Phishing Targeting Government Contractors Evolves Over Time (19 sept)
https://cofense.com/blog/credential-phishing-targeting-government-contractors-evolves-over-time
Hurrah for Denmark, Top Winner of the 2022 European Cybersecurity Challenge (19 sept)
https://www.enisa.europa.eu/news/hurrah-for-denmark-top-winner-of-the-2022-european-cybersecurity-challenge
Swedbank varnar för pågående smishingkampanj (20 sept)
https://sakerhetskollen.se/aktuella-brott/swedbank-varnar-for-pagaende-smishingkampanj
Revolut data breach: 50,000+ users affected (20 sept)
https://www.helpnetsecurity.com/2022/09/20/revolut-data-breach-phishing/
MFA Fatigue: Hackers’ new favorite tactic in high-profile breaches (20 sept)
https://www.bleepingcomputer.com/news/security/mfa-fatigue-hackers-new-favorite-tactic-in-high-profile-breaches/
Hotfulla bluffmejl till hundratals personer (21 sept)
https://www.aftonbladet.se/nyheter/a/rlWn0R/bluffmejl-och-samtal-fran-polisen-okar-lagg-pa
Ask.FM database with 350m user records allegedly sold online (21 sept)
https://cybernews.com/news/ask-fm-database-with-350m-user-records-sold-online/
Portugal’s TAP says hackers stole, published passengers’ personal data (22 sept)
https://www.reuters.com/business/aerospace-defense/portugals-tap-says-hackers-stole-published-passengers-personal-data-2022-09-22/
Australia phones cyber-attack exposes personal data (22 sept)
https://www.bbc.com/news/technology-62996101
Polisen varnar för en stor ökning av bluffsamtal (22 sept)
https://sakerhetskollen.se/aktuella-brott/polisen-varnar-for-en-stor-okning-av-bluffsamtal
Cybersoldater repövade för första gången (23 sept)
https://www.aktuellsakerhet.se/cybersoldater-repovade-for-forsta-gangen/
Här utbildar försvaret och KTH Sveriges cybersoldater (23 sept)
https://www.di.se/nyheter/har-utbildar-forsvaret-och-kth-sveriges-cybersoldater/