CERT-SE:s veckobrev v.41

Veckobrev

En maffig samling av blandade nyheter från en händelserik vecka. CERT-SE har uppmärksammat flera kritiska sårbarheter.

Trevlig helg!

Nyheter i veckan

Binance-linked blockchain hit by $570 million crypto hack (7 okt)
https://www.reuters.com/technology/hackers-steal-around-100-million-cryptocurrency-binance-linked-blockchain-2022-10-07/

A Visualizza into Recent IcedID Campaigns: Reconstructing Threat Actor Metrics with Pure Signal Recon (7 okt)
https://www.team-cymru.com/post/a-visualizza-into-recent-icedid-campaigns

Callback phishing attacks evolve their social engineering tactics (8 okt)
https://www.bleepingcomputer.com/news/security/callback-phishing-attacks-evolve-their-social-engineering-tactics/

https://www.trellix.com/en-us/about/newsroom/stories/research/evolution-of-bazarcall-social-engineering-tactics.html

400 appar kan ha stulit Facebook-användares inloggningsuppgifter (8 okt)
https://pcforalla.idg.se/2.1054/1.771365/400-appar-kan-ha-stulit-facebook-anvandares-inloggningsuppgifter

Intel confirms leaked Alder Lake BIOS Source Code is authentic (9 okt)
https://www.bleepingcomputer.com/news/security/intel-confirms-leaked-alder-lake-bios-source-code-is-authentic/

https://www.tomshardware.com/news/intel-confirms-6gb-alder-lake-bios-source-code-leak-new-details-emerge

That thing to help protect internet traffic from hijacking? Here’s how to break it (9 okt)
https://www.theregister.com/2022/10/09/internet_traffic_routing_defense/

US airports’ sites taken down in DDoS attacks by pro-Russian hackers (10 okt)
https://www.bleepingcomputer.com/news/security/us-airports-sites-taken-down-in-ddos-attacks-by-pro-russian-hackers/

The Fresh Phish Market: Behind the Scenes of the Caffeine Phishing-as-a-Service Platform (10 okt)
https://www.mandiant.com/resources/blog/caffeine-phishing-service-platform

Criminal multitool LilithBot arrives on malware-as-a-service scene (10 okt)
https://www.theregister.com/2022/10/10/eternity_lilithbot_malware_bundle/

https://www.zscaler.com/blogs/security-research/analysis-lilithbot-malware-and-eternity-threat-group

Toyota discloses data leak after access key exposed on GitHub (10 okt)
https://www.bleepingcomputer.com/news/security/toyota-discloses-data-leak-after-access-key-exposed-on-github/

Second Australia-based Singtel subsidiary hacked (10 okt)
https://www.channelnewsasia.com/business/second-australia-based-singtel-subsidiary-hacked-2999046

Poddtips: Serious Security: OAuth 2 and why Microsoft is finally forcing you into it (10 okt)
https://nakedsecurity.sophos.com/2022/10/10/serious-security-oauth-2-and-why-microsoft-is-finally-forcing-you-into-it/

The Race to Native Code Execution in PLCs: Using RCE to Uncover Siemens SIMATIC S7-1200/1500 Hardcoded Cryptographic Keys (11 okt)
https://claroty.com/team82/research/the-race-to-native-code-execution-in-plcs-using-rce-to-uncover-siemens-simatic-s7-1200-1500-hardcoded-cryptographic-keys

Hidden DNS resolver insecurity creates widespread website hijack risk (11 okt)
https://portswigger.net/daily-swig/hidden-dns-resolver-insecurity-creates-widespread-website-hijack-risk

A Way to Watering Hole Attack and its Exploitation Steps (11 okt)
https://securityboulevard.com/2022/10/a-way-to-watering-hole-attack-and-its-exploitation-steps/

KB5020282—Account lockout available for local administrators (11 okt)
https://support.microsoft.com/en-us/topic/kb5020282-account-lockout-available-for-local-administrators-bce45c4d-f28d-43ad-b6fe-70156cb2dc00

How Wi-Fi spy drones snooped on financial firm (12 okt)
https://www.theregister.com/2022/10/12/drone-roof-attack/

Black Basta Ransomware Gang Infiltrates networks via QAKBOT, Brute Ratel, and Cobalt Strike (12 okt)
https://www.trendmicro.com/en_us/research/22/j/black-basta-infiltrates-networks-via-qakbot-brute-ratel-and-coba.html

Hospital giant’s IT still poorly a week after suspected ransomware infection (12 okt)
https://www.theregister.com/2022/10/12/hospital_outages_ransomware/

Securing IoT Devices in a World of Complexity (12 okt)
https://securityboulevard.com/2022/10/securing-iot-devices-in-a-world-of-complexity/

Nine months on from the Cyber Essentials update - debunking some myths (13 okt)
https://www.ncsc.gov.uk/blog-post/reviewing-the-cyber-essentials-update-2022

Alchimist: A new attack framework in Chinese for Mac, Linux and Windows (13 okt)
https://blog.talosintelligence.com/2022/10/alchimist-offensive-framework.html

Mirai Botnet Launched 2.5 Tbps DDoS Attack Against Minecraft Server (13 okt)
https://www.securityweek.com/mirai-botnet-launched-25-tbps-ddos-attack-against-minecraft-server

Magniber Ransomware Adopts JavaScript, Targeting Home Users with Fake Software Updates (13 okt)
https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/

Attacken mot Naturvårdsverket – mängder av data ska ha läckt (14 okt)
https://computersweden.idg.se/2.2683/1.771674/attacken-mot-naturvardsverket–mangder-av-data-ska-ha-lackt

Informationssäkerhet och blandat

Debatt: MSB:s generaldirektör: Sveriges beredskap har allvarliga brister (7 okt)
https://www.altinget.se/rikspolitik/artikel/msb-sveriges-beredskap-har-allvarliga-brister

Polisanställd gjorde slagningar på grannar och släktingar – döms (7 okt)
https://www.dagensjuridik.se/nyheter/polisanstalld-gjorde-slagningar-pa-grannar-och-slaktingar-doms/

Joe Biden skriver under garantier för dataöverföring – molnkaoset går mot sitt slut (7 okt)
https://computersweden.idg.se/2.2683/1.771360/molnkaoset-gar-mot-sitt-slut–biden-ger-nya-integritetsgarantier-for-overforinghttps://www.reuters.com/technology/biden-signs-order-implement-eu-us-data-privacy-framework-2022-10-07/

LofyGang – Software Supply Chain Attackers; Organized, Persistent, and Operating for over a Year (7 okt)
https://checkmarx.com/blog/lofygang-software-supply-chain-attackers-organized-persistent-and-operating-for-over-a-year/

Make your neighbor think their house is haunted by blinking their Ikea smart bulbs (8 okt)
https://www.theregister.com/2022/10/08/buggy_ikea_smart_bulbs/

47 000 elevers personuppgifter läckta – ligger ute till försäljning (8 okt)
https://www.gp.se/nyheter/g%C3%B6teborg/47-000-elevers-personuppgifter-l%C3%A4ckta-ligger-ute-till-f%C3%B6rs%C3%A4ljning-1.82796658

Personuppgiftsincident i lärplattformen V-klass (8 okt)
https://goteborg.se/wps/portal/press-och-media/aktuelltarkivet/aktuellt/cb01f3e1-3a78-40d8-8a73-197f663c7d37 .. Så svarar Vklass vd om de läckta uppgifterna i Göteborg (9 okt) https://www.svt.se/nyheter/lokalt/vast/vklass-vd-svarar-efter-lackan-med-elevers-uppgifter-i-goteborg

AI-driven ‘thermal attack’ system reveals passwords in seconds (10 okt)
https://www.gla.ac.uk/news/headline_885914_en.html

Ingen utredning efter dataintrång på Östersundshem (10 okt)
https://sverigesradio.se/artikel/ingen-utredning-efter-dataintrang-pa-ostersundshem

What You Should Know About the Honda Key Fob Vulnerability (10 okt)
https://securityintelligence.com/articles/what-to-know-honda-key-fob-vulnerability/

Human-Centric No-Code Automation is the Future of Cybersecurity (10 okt)
https://securityboulevard.com/2022/10/human-centric-no-code-automation-is-the-future-of-cybersecurity/

Ny metod varnar dig för skumrask online (11 okt)
https://www.forskning.se/2022/10/11/ny-metod-varnar-dig-for-skumrask-online/

Ny rapport: Många oroar sig för säkerheten på nätet (11 okt)
https://www.dn.se/ekonomi/ny-rapport-manga-oroar-sig-for-sakerheten-pa-natet/

https://svenskarnaochinternet.se/rapporter/svenskarna-och-internet-2022/

Crate-CTF - En tävling i cybersäkerhet (11 okt)
https://foi.se/cratectf

7 IoT and OT Cyber Risks in the Transportation Industry (11 okt)
https://www.globaltrademag.com/7-iot-and-ot-cyber-risks-in-the-transportation-industry/

Inserting a Backdoor into a Machine-Learning System (11 okr)
https://www.schneier.com/blog/archives/2022/10/inserting-a-backdoor-into-a-machine-learning-system.html

Centrets arbete under valet (12 okt)
https://www.ncsc.se/aktuellt/centrets-arbete-under-valet/

Supply chain cyber security: new guidance from the NCSC (12 okt)
https://www.ncsc.gov.uk/blog-post/supply-chain-cyber-security-new-guidance-from-the-ncsc

Fel hos Arbetsförmedlingen – hundratals kan ha fått sina identiteter röjda (14 okt)
https://www.aftonbladet.se/nyheter/a/dwwmjA/arbetsformedlingen-kan-ha-rojt-identiteter

CERT-SE i veckan

Kritiska sårbarheter i produkter från Palo alto networks och Aruba networks (14 okt)

Kritisk sårbarhet i Fortinet-produkter (uppdaterad 14 okt)

Kritiska sårbarheter i Zimbra Collaboration Suite (uppdaterad 11 okt)

Microsofts månatliga säkerhetsuppdateringar för oktober 2022 (12 ok)

Adobes månatliga säkerhetsuppdateringar för oktober (12 okt)

Flera fall av svårupptäckt nätfiske - öka vaksamheten (13 okt)

Kritisk sårbarhet i Javascript-biblioteket vm2 (13 okt)