CERT-SE:s veckobrev v.42

Veckobrev

Denna vecka uppmärksammar vi bland annat att MSB publicerat en vägledning för säkerhet i informationssystem, samt även en termbank för informationssäkerhet.

Vi påminner också om att det är hög tid att anta CERT-SE:s CTF-utmaning! Sista dag att inkomma med svar är den 31 oktober. Se https://www.cert.se/2022/09/cert-se-ctf2022 för vidare information.

Nyheter i veckan

Google Translate is being hijacked by phishers to steal your data (14 okt)
https://www.techradar.com/news/google-translate-is-being-hijacked-by-phishers-to-steal-your-data

CISA Releases RedEye: Red Team Campaign Visualization and Reporting Tool (14 okt)
https://www.cisa.gov/uscert/ncas/current-activity/2022/10/14/cisa-releases-redeye-red-team-campaign-visualization-and-reporting

Concerns Over Fortinet Flaw Mount; PoC Released, Exploit Activity Grows (14 okt)
https://www.darkreading.com/attacks-breaches/concerns-fortinet-flaw-poc-increased-exploit-activity

Microsoft Office 365 email encryption could expose message content (14 okt)
https://www.bleepingcomputer.com/news/security/microsoft-office-365-email-encryption-could-expose-message-content/

Threat actors hacked hundreds of servers by exploiting Zimbra CVE-2022-41352 bug (16 okt)
https://securityaffairs.co/wordpress/137164/apt/zimbra-cve-2022-41352-exploitation.html

Venus Ransomware targets publicly exposed Remote Desktop services (16 okt)
https://www.bleepingcomputer.com/news/security/venus-ransomware-targets-publicly-exposed-remote-desktop-services/

Police dismantles criminal ring that hacked keyless cars (17 okt)
https://www.bleepingcomputer.com/news/security/police-dismantles-criminal-ring-that-hacked-keyless-cars/

Naturvårdsverkets IT-system öppnar (17 okt)
https://www.naturvardsverket.se/om-oss/aktuellt/nyheter-och-pressmeddelanden/naturvardsverkets-it-system-oppnar/

Så upptäcker ni bakdörrar i IT-system (18 okt)
https://kryptera.se/sa-upptacker-ni-bakdorrar-i-it-system/

Why Log4Text is not another Log4Shell (19 okt)
https://www.malwarebytes.com/blog/news/2022/10/why-log4text-is-not-another-log4shell

Nya uppgifter i Vklass-läckan: Personuppgifter spreds från elevkonto (20 okt)
https://www.svt.se/nyheter/lokalt/vast/nya-uppgifter-personuppgifter-lacktes-fran-elevkonto

Check Point Research analyzes the newly emerged Black Basta Ransomware, alerts organizations to adopt prevention best practices (20 okt)
https://blog.checkpoint.com/2022/10/20/check-point-research-analyzes-the-newly-emerged-black-basta-ransomware-alerts-organizations-to-adopt-prevention-best-practices/

Good news, URSNIF no longer a banking trojan. Bad news, it’s now a backdoor (21 okt)
https://www.theregister.com/2022/10/21/ursnif_trojan_shift_ransomware/

Informationssäkerhet och blandat

Vägledning : säkerhetsåtgärder i informationssystem
https://www.msb.se/sv/publikationer/vagledning–sakerhetsatgarder-i-informationssystem/

White House readies new cyber regulation rollouts (14 okt)
https://www.axios.com/2022/10/14/white-house-cyber-regulations

Infosec still (mostly) a boys club (15 okt)
https://www.theregister.com/2022/10/15/infosec_boys_club/

Mysterious Prestige ransomware targets organizations in Ukraine and Poland (16 okt)
https://securityaffairs.co/wordpress/137203/apt/prestige-ransomware-targets-ukraine.html

Ny rapport: Cybersäkerhet för ökad konkurrenskraft (17 okt)
https://www.iva.se/publicerat/ny-rapport-cybersakerhet-for-okad-konkurrenskraft/

Granskningar visar brister i Västerbottens IT-säkerhet (17 okt)
https://lakartidningen.se/aktuellt/nyheter/2022/10/granskningar-visar-brister-i-vasterbottens-it-sakerhet/

An Acquisition Security Framework for Supply Chain Risk Management (17 okt)
https://insights.sei.cmu.edu/blog/an-acquisition-security-framework-for-supply-chain-risk-management/

Police tricked a ransomware gang into handing over its decryption keys. Here’s how they did it (17 okt)
https://www.zdnet.com/article/police-tricked-a-ransomware-gang-into-handing-over-its-decryption-keys-heres-how-they-did-it

UK government in talks with datacenter operators over blackouts (18 okt)
https://www.theregister.com/2022/10/18/uk_government_in_talks_with/

Germany fires cybersecurity chief ‘over Russia ties’ (19 okt)
https://www.bbc.com/news/world-europe-63301864

Ny termbank för informationssäkerhet (19 okt)
https://www.msb.se/sv/aktuellt/nyheter/2022/oktober/ny-termbank-for-informationssakerhet/

Internet connectivity worldwide impacted by severed fiber cables in France (20 okt)
https://www.bleepingcomputer.com/news/technology/internet-connectivity-worldwide-impacted-by-severed-fiber-cables-in-france/

CERT-SE i veckan

Oracles kvartalsvisa säkerhetsuppdatering för oktober 2022Kritisk sårbarhet i Apache Commons Text (uppdaterad 2022-10-18)