CERT-SE:s veckobrev v.39

Veckobrev

I helgen inleds årets cybersäkerhetsmånad. Det firar vi med att lansera årets upplaga av CERT-SE:s CTF-utmaning, CERT-SE CTF2022. Välkommen att leta flaggor! Lycka till!

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Kommuner larmar: Uppgifter om barn har läckt (23 sep)
https://www.dn.se/sverige/kommuner-larmar-uppgifter-om-barn-har-lackt/

American Airlines learned it was breached from phishing targets (24 sep)
https://www.bleepingcomputer.com/news/security/american-airlines-learned-it-was-breached-from-phishing-targets/

London Police arrested a teen suspected to be behind Uber, Rockstar Games breaches (24 sep)
https://securityaffairs.co/wordpress/136146/cyber-crime/uber-rockstar-games-hacker-arrest.html

Covid antigen test results of 1.7m Indian and foreign nationals leaked online (25 sep)
https://www.hackread.com/covid-antigen-test-results-india-leaked/

Hackers Leak French Hospital Patient Data in Ransom Fight (26 sep)
https://www.securityweek.com/hackers-leak-french-hospital-patient-data-ransom-fight

Natoövning om hybridhot genomförd i Sverige (26 sep)
https://www.aktuellsakerhet.se/natoovning-om-hybridhot-genomford-i-sverige

Hackers use PowerPoint files for ‘mouseover’ malware delivery (26 sep)
https://www.bleepingcomputer.com/news/security/hackers-use-powerpoint-files-for-mouseover-malware-delivery/

Hacktivist Attacks Show Ease of Hacking Industrial Control Systems (26 sep)
https://www.securityweek.com/hacktivist-attacks-show-ease-hacking-industrial-control-systems

Purported Optus hacker releases 10,000 records including email addresses from defence and prime minister’s office (27 sep)
https://www.theguardian.com/business/2022/sep/27/police-all-over-dark-web-ransom-threat-to-release-10000-customer-records-a-day-optus-ceo-says
..
Australia asks FBI to help find attacker who stole data from millions of users (28 sep)
https://www.theregister.com/2022/09/28/optus_data_breach_summary/

Most Attackers Need Less Than 10 Hours to Find Weaknesses (28 sep)
https://www.darkreading.com/attacks-breaches/attackers-less-than-ten-hours-find-weaknesses

Hacker breaches Fast Company systems to send offensive Apple News notifications (28 sep)
https://techcrunch.com/2022/09/28/hacker-breaches-fast-company-systems-to-send-offensive-apple-news-notifications/

New Royal Ransomware emerges in multi-million dollar attacks (29 sep)
https://www.bleepingcomputer.com/news/security/new-royal-ransomware-emerges-in-multi-million-dollar-attacks/

Hackers Aid Protests Against Iranian Government with Proxies, Leaks and Hacks (29 sep)
https://thehackernews.com/2022/09/hackers-aid-protests-against-iranian.html

Kortbetalningar låg nere på Lidl (29 sep)
https://www.tv4.se/artikel/5xnotzW5XLSJFFg4C0cj7Z/kortbetalningar-ligger-nere-pa-lidl

Informationssäkerhet och blandat

Control System Defense: Know the Opponent (22 sep)
https://www.cisa.gov/uscert/ncas/alerts/aa22-265a

IVAs guldmedaljörer 2022: Peter Löthberg (22 sep)
https://www.youtube.com/watch?v=Eu67hcjWrBI

The Mystery of Metador | An Unattributed Threat Hiding in Telcos, ISPs, and Universities (22 sep)
https://www.sentinelone.com/labs/the-mystery-of-metador-an-unattributed-threat-hiding-in-telcos-isps-and-universities/

FARGO Ransomware (Mallox) Being Distributed to Unsecured MS-SQL Servers (23 sep)
https://asec.ahnlab.com/en/39152/

Hunting for Unsigned DLLs to Find APTs (26 sep)
https://unit42.paloaltonetworks.com/unsigned-dlls/

How Quantum Physics Leads to Decrypting Common Algorithms (26 sep)
https://www.darkreading.com/dr-tech/how-quantum-physics-leads-to-decrypting-common-algorithms

Forensic artifacts in Office 365 and where to find them (26 sep)
https://techcommunity.microsoft.com/t5/security-compliance-and-identity/forensic-artifacts-in-office-365-and-where-to-find-them/ba-p/3634865

Security in the billions: Toward a multinational strategy to better secure the IoT ecosystem (26 sep)
https://www.atlanticcouncil.org/in-depth-research-reports/report/security-in-the-billions/

NullMixer: oodles of Trojans in a single dropper (26 sep)
https://securelist.com/nullmixer-oodles-of-trojans-in-a-single-dropper/107498/

What happens with a hacked Instagram account – and how to recover it (26 sep)
https://www.welivesecurity.com/2022/09/26/what-happens-hacked-instagram-account-how-recover/

BumbleBee: Round Two (26 sep)
https://thedfirreport.com/2022/09/26/bumblebee-round-two/

More Than Meets the Eye: Exposing a Polyglot File That Delivers IcedID (27 sep)
https://unit42.paloaltonetworks.com/polyglot-file-icedid-payload/

How Underground Groups Use Stolen Identities and Deepfakes (27 sep)
https://www.trendmicro.com/en_us/research/22/i/how-underground-groups-use-stolen-identities-and-deepfakes.html

Detecting STEEP#MAVERICK: New Covert Attack Campaign Targeting Military Contractors (28 sep)
https://www.securonix.com/blog/detecting-steepmaverick-new-covert-attack-campaign-targeting-military-contractors/

Cyberförsvaret – en introduktion (28 sep)
https://kkrva.se/cyberforsvaret-en-introduktion/

Chaos is a Go-based Swiss army knife of malware (28 sep)
https://blog.lumen.com/chaos-is-a-go-based-swiss-army-knife-of-malware/

CERT-SE i veckan

Ny attackmetod i Microsoft Exchange

CERT-SE CTF2022

Kritisk sårbarhet i Sophos Firewall