CERT-SE:s veckobrev v.40

Veckobrev

Blandade nyheter från veckan som gått.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

CrowdStrike Falcon Platform Identifies Supply Chain Attack via a Trojanized Comm100 Chat Installer (30 sep)
https://www.crowdstrike.com/blog/new-supply-chain-attack-leverages-comm100-chat-installer/

Attackers use novel technique, malware to compromise hypervisors and virtual machines (30 sep)
https://www.helpnetsecurity.com/2022/09/30/compromise-hypervisors-virtual-machines/

Hack puts Latin American security agencies on edge (1 okt)
https://apnews.com/article/technology-mexico-caribbean-chile-hacking-47c914bbe268d336c2dfba611323f729

Ransomware gang leaks data stolen from LAUSD school system (2 okt)
https://www.bleepingcomputer.com/news/security/ransomware-gang-leaks-data-stolen-from-lausd-school-system/ .. Hackers leak 500GB trove of data stolen during LAUSD ransomware attack (2 okt)
https://techcrunch.com/2022/10/03/los-angeles-school-district-ransomware-data/

New Pegasus Spyware Abuses Identified in Mexico (2 okt)
https://citizenlab.ca/2022/10/new-pegasus-spyware-abuses-identified-in-mexico/

Microsoft mitigation for new Exchange Server zero-day exploits can be bypassed (3 okt)
https://www.csoonline.com/article/3675557/microsoft-mitigation-for-new-exchange-server-zero-day-exploits-can-be-bypassed.html

Varning för trojan som följer med chatt-program (3 okt)
https://computersweden.idg.se/2.2683/1.771145/varning-for-trojan-som-foljer-med-chatt-program

Live support service hacked to spread malware in supply chain attack (3 okt)
https://www.bleepingcomputer.com/news/security/live-support-service-hacked-to-spread-malware-in-supply-chain-attack/

Binding Operational Directive 23-01 - Improving Asset Visibility and Vulnerability Detection on Federal Networks (3 okt)
https://www.cisa.gov/binding-operational-directive-23-01

RansomEXX gang claims to have hacked Ferrari and leaked online internal documents (3 okt)
https://securityaffairs.co/wordpress/136571/data-breach/ferrari-alleged-data-breach.html .. Ferrari denies being hacked after ransomware group publishes stolen documents (4 okt)
https://siliconangle.com/2022/10/04/ferrari-denies-hacked-ransomware-group-publishes-stolen-documents/

CISA orders federal agencies to catalog their networks, and scan for bugs (4 okt)
https://www.tripwire.com/state-of-security/government/cisa-orders-federal-agencies-catalog-networks-scan-for-bugs/

Optus Hack Exposes Data of Nearly 2.1 Million Australian Telecom Customers (4 okt)
https://thehackernews.com/2022/10/optus-hack-exposes-data-of-nearly-21.html

NSA, CISA, FBI Warn of Custom Exfiltration Tools Being Used Against Defense Industrial Base Organization (4 okt)
https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3178468/nsa-cisa-fbi-warn-of-custom-exfiltration-tools-being-used-against-defense-indus/

Netwalker ransomware affiliate sentenced to 20 years in prison (4 okt)
https://www.bleepingcomputer.com/news/security/netwalker-ransomware-affiliate-sentenced-to-20-years-in-prison/

Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization (4 okt)
https://www.cisa.gov/uscert/ncas/alerts/aa22-277a

US Ports and Terminals Sustain Increased Cybersecurity Attacks (4 okt)
https://www.joneswalker.com/en/insights/us-ports-and-terminals-sustain-increased-cybersecurity-attacks.html

FBI, CISA, and NSA Reveal How Hackers Targeted a Defense Industrial Base Organization (5 okt)
https://thehackernews.com/2022/10/fbi-cisa-and-nsa-reveal-how-hackers.html

FBI: Cyberattacks targeting election systems unlikely to affect results (5 okt)
https://www.bleepingcomputer.com/news/security/fbi-cyberattacks-targeting-election-systems-unlikely-to-affect-results/

New Maggie malware already infected over 250 Microsoft SQL servers (5 okt)
https://securityaffairs.co/wordpress/136693/cyber-crime/maggie-malware-microsoft-sql-server.html

SCADA Systems Involved in Many Breaches Suffered by US Ports, Terminals (5 okt)
https://www.securityweek.com/scada-systems-involved-many-breaches-suffered-us-ports-terminals

Ransomware: This is how half of attacks begin, and this is how you can stop them (5 okt)
https://www.zdnet.com/article/ransomware-this-is-how-half-of-attacks-begin-and-this-is-how-you-can-stop-them/#ftag=RSSbaffb68

Efter it-attack mot leverantör – mängder av böcker försenade (5 okt)
https://www.svt.se/kultur/bokforlag-it-attack-speed-group-leverantor-utsatt-for-it-attack-bokleveranser-forsenade

Hundreds of Microsoft SQL servers backdoored with new malware (5 okt)
https://www.bleepingcomputer.com/news/security/hundreds-of-microsoft-sql-servers-backdoored-with-new-malwareHundreds

Naturvårdsverkets IT-system ligger nere (6 okt)
https://www.naturvardsverket.se/om-oss/aktuellt/nyheter-och-pressmeddelanden/naturvardsverkets-it-system-ligger-nere/ .. Cyberattack mot Naturvårdsverket – system nere (6 okt)
https://www.svt.se/nyheter/inrikes/cyberattack-mot-naturvardsverket-system-nere

Informationssäkerhet och blandat

European Cyber Security Month
https://cybersecuritymonth.eu/

Oskyddade internetkablar i Östersjön sårbara för sabotage (1 okt)
https://www.dn.se/sverige/oskyddade-internetkablar-i-ostersjon-sarbara-for-sabotage/

DeftTorero: tactics, techniques and procedures of intrusions revealed (3 okt)
https://securelist.com/defttorero-tactics-techniques-and-procedures/107610/

Finnish intelligence warns of Russia’s cyberespionage activities (3 okt)
https://securityaffairs.co/wordpress/136558/intelligence/finnish-intelligence-russia-cyberespionage.html

Here are the craziest stories from the new Hacking Google documentary (3 okt)
https://www.androidauthority.com/hacking-google-documentary-3215298/

Cybersäkerhet – våra största utmaningar just nu (4 okt)
https://blogg.knowit.se/cybersakerhet-och-juridik/cybers%C3%A4kerhet-v%C3%A5ra-st%C3%B6rsta-utmaningar-just-nu

Frivilligrörelsen får uppdrag inom cyberförsvar och cybersäkerhet (4 okt)
https://www.forsvarsmakten.se/sv/aktuellt/2022/10/frivilligrorelsen-far-uppdrag-inom-cyberforsvar-och-cybersakerhetfrivilligrorelsen-far-uppdrag-inom-cyberforsvar-och-cybersakerhet/

White House Unveils Artificial Intelligence ‘Bill of Rights’ (4 okt)
https://www.securityweek.com/white-house-unveils-artificial-intelligence-%E2%80%98bill-rights%E2%80%99

Should we take comfort in knowing that threat actors are finding ways to bypass MFA? (4 okt)
https://www.scmagazine.com/news/identity-and-access/should-we-take-comfort-in-knowing-that-threat-actors-are-finding-ways-to-bypass-mfa

Is OTP a Viable Alternative to NIST’s Post-Quantum Algorithms? (4 okt)
https://www.securityweek.com/otp-viable-alternative-nists-post-quantum-algorithms

Läkare läste patientjournaler om covid-19 – riskerar att få prövotid (4 okt)
https://lakartidningen.se/aktuellt/nyheter/2022/10/lakare-laste-patientjournaler-om-covid-19-riskerar-att-fa-provotid/

Undersökning visar ökad oro för att utsättas för it-relaterad brottslighet (4 okt)
https://www.svt.se/nyheter/inrikes/okad-oro-for-it-relaterad-brottslighet