CERT-SE:s veckobrev v.44
Denna vecka har i hög grad präglats av bevakningen av sårbarheter i OpenSSL. Sårbarheterna bedömdes slutligen som allvarliga och CERT-SE rekommenderar att uppdatera sårbara system så snart som möjligt samt att se över vilka programvaror som den egna organisationen använder som kan vara påverkade.
Trevlig helg önskar CERT-SE!
Nyheter i veckan
Joint CISA FBI MS-ISAC Guide on Responding to DDoS Attacks and DDoS Guidance for Federal Agencies (28 okt)
https://www.cisa.gov/uscert/ncas/current-activity/2022/10/28/joint-cisa-fbi-ms-isac-guide-responding-ddos-attacks-and-ddosNational
Cyber Threat Assessment 2023-2024 (28 okt)
https://www.cyber.gc.ca/en/guidance/national-cyber-threat-assessment-2023-2024Cyberattack mot Europas största kopparproducent (28 okt)
https://computersweden.idg.se/2.2683/1.772191/cyberattack-mot-europas-storsta-kopparproducent
…
https://www.aurubis.com/en/media/press-releases/press-releases-2022/update-on-cyber-attack-at-aurubis
Solceller kan vara säkerhetsrisk – hacker tog över en miljon anläggningar (29 okt) https://sverigesradio.se/artikel/solceller-kan-vara-sakerhetsrisk-hacker-tog-over-en-miljon-anlaggningar … Solceller kan bli måltavla för främmande makt: “Måste ha ett säkert elsystem” (1 nov) https://sverigesradio.se/artikel/solceller-kan-bli-maltavla-for-frammande-makt-maste-ha-ett-sakert-elsystem
ESF Partners, NSA, and CISA Release Software Supply Chain Guidance for Suppliers (31 okt)
https://www.nsa.gov/Press-Room/News-Highlights/Article/Article/3204427/esf-partners-nsa-and-cisa-release-software-supply-chain-guidance-for-suppliers/
Banking Trojan Techniques: How Financially Motivated Malware Became Infrastructure (31 okt) https://unit42.paloaltonetworks.com/banking-trojan-techniques/
Ransomware hackers hit Australian defence communications platform (31 okt)
https://www.reuters.com/technology/ransomware-hackers-hit-australian-defence-communications-platform-2022-10-31/
Analysis: In Australia, a hacking frenzy spurred by an undersized cybersecurity workforce (31 okt)
https://www.reuters.com/technology/australia-hacking-frenzy-spurred-by-an-undersized-cybersecurity-workforce-2022-10-31/
Liz Truss phone hack claim prompts calls for investigation (31 okt)
https://www.bbc.com/news/uk-politics-63442813Hackers selling access to 576 corporate networks for $4 million (31 okt)
https://www.bleepingcomputer.com/news/security/hackers-selling-access-to-576-corporate-networks-for-4-million/
…
https://ke-la.com/wp-content/uploads/2022/10/KELA-RESEARCH_Ransomware-Victims-and-Network-Access-Sales-in-Q3-2022.pdf
Extortion fears after hacker stole patient files from Dutch mental health clinics (31 okt) https://www.bitdefender.com/blog/hotforsecurity/extortion-fears-after-hacker-stole-patient-files-from-dutch-mental-health-clinics/
Last Years Open Source - Tomorrow’s Vulnerabilities (1 nov)
https://thehackernews.com/2022/11/last-years-open-source-tomorrows.html
Scanning the internet for fun and profit (1 nov)
https://www.ncsc.gov.uk/blog-post/scanning-the-internet-for-fun-and-profit
Phylum Discovers Dozens More PyPI Packages Attempting to Deliver W4SP Stealer in Ongoing Supply-Chain Attack (1 nov)
https://blog.phylum.io/phylum-discovers-dozens-more-pypi-packages-attempting-to-deliver-w4sp-stealer-in-ongoing-supply-chain-attack
Ecuador’s military denies ransomware attack after website goes offline (1 nov)
https://therecord.media/ecuadors-military-denies-ransomware-attack-after-website-goes-offline/
Osaka hospital suspends services after ransomware cyberattack (1 nov)
https://www3.nhk.or.jp/nhkworld/en/news/20221101_07/
Emotet botnet starts blasting malware again after 5 month break (2 nov)
https://www.bleepingcomputer.com/news/security/emotet-botnet-starts-blasting-malware-again-after-5-month-break/
Hackers Stole Source Code, Personal Data From Dropbox Following Phishing Attack (2 nov)
https://www.securityweek.com/hackers-stole-source-code-personal-data-dropbox-following-phishing-attack
Vodafone Italy discloses data breach after reseller hacked (2 nov)
https://www.bleepingcomputer.com/news/security/vodafone-italy-discloses-data-breach-after-reseller-hacked/
Toppmötet avslutat – 37 länder lovar hårdare tag mot ransomware (2 nov)
https://computersweden.idg.se/2.2683/1.772358/toppmotet-avslutat–37-lander-utlovar-hardare-tag-mot-ransomware
Fortinet fixed 16 vulnerabilities, 6 rated as high severity (3 nov)
https://securityaffairs.co/wordpress/138021/security/fortinet-nov-2022-flaws.html
Rapport: OPERA1ER - Playing god without permission (3 nov)
https://www.group-ib.com/resources/threat-research/opera1er.html
Researchers discover security loophole allowing attackers to use Wi-Fi to see through walls (3 nov)
https://techxplore.com/news/2022-11-loophole-wi-fi-walls.html
…
https://dl.acm.org/doi/abs/10.1145/3495243.3560530
After a series of cyberattacks, states look to secure election results websites (3 nov)
https://www.nbcnews.com/tech/security/states-look-secure-election-results-websites-ahead-midterms-rcna50441
Volatile Geopolitics Shake the Trends of the 2022 Cybersecurity Threat Landscape (3 nov)
https://www.enisa.europa.eu/news/volatile-geopolitics-shake-the-trends-of-the-2022-cybersecurity-threat-landscape
Cobalt Strike Analysis and Tutorial: Identifying Beacon Team Servers in the Wild (3 nov)
https://unit42.paloaltonetworks.com/cobalt-strike-team-server/
RomCom RAT malware campaign impersonates KeePass, SolarWinds NPM, Veeam (3 nov)
https://www.bleepingcomputer.com/news/security/romcom-rat-malware-campaign-impersonates-keepass-solarwinds-npm-veeam/
LockBit ransomware claims attack on Continental automotive giant (3 nov)
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-claims-attack-on-continental-automotive-giant/
Hundreds of US news sites hacked to send out malware (3 nov)
https://www.techradar.com/news/hundreds-of-us-news-sites-hacked-to-send-out-malware
Tågfel i Danmark orsakat av cyberattack (3 nov)
https://www.svt.se/nyheter/utrikes/tagfel-i-danmark-orsakat-av-cyberattack
ALMA Observatory shuts down operations due to a cyberattack (3 nov)
https://www.bleepingcomputer.com/news/security/alma-observatory-shuts-down-operations-due-to-a-cyberattack/
ACSC Annual Cyber Threat Report, July 2021 to June 2022 (4 nov)
https://www.cyber.gov.au/acsc/view-all-content/reports-and-statistics/acsc-annual-cyber-threat-report-july-2021-june-2022
Informationssäkerhet och blandat
DHS Announces New Cybersecurity Performance Goals for Critical Infrastructure (27 okt)
https://www.dhs.gov/news/2022/10/27/dhs-announces-new-cybersecurity-performance-goals-critical-infrastructure
Desinformation har blivit en cybersäkerhetsfråga – ”vi har alltid ljugit” (31 okt)
https://computersweden.idg.se/2.2683/1.772193/desinformation-har-blivit-en-cybersakerhetsfraga–vi-har-alltid-ljugit
Rapport: Är det it-säkert?
https://www.foretagarna.se/politik-paverkan/rapporter/2022/ar-det-it-sakert/
NCSC Annual Review 2022 (1 nov)
https://www.ncsc.gov.uk/collection/annual-review-2022
CISA Upgrades to TLP 2.0 (1 nov)
https://www.cisa.gov/uscert/ncas/current-activity/2022/11/01/cisa-upgrades-tlp-20
Mejlade känsliga uppgifter – anmäls till Säpo (2 nov)
https://www.dn.se/sverige/mejlade-kansliga-uppgifter-anmals-till-sapo/
Royal Mail customer data leak shutters online Click and Drop (3 nov)
https://www.theregister.com/2022/11/03/royal_mail_customer_data_leak/
Finanssektorn är särskilt skyddsvärd (3 nov)
https://www.finansliv.se/artikel/finanssektorn-ar-sarskilt-skyddsvard/
Ellevio-kunders data läckte till Facebook (3 nov)
https://www.svt.se/nyheter/inrikes/ellevio-kunders-data-lackte-till-facebook
TikTok says staff in China can access UK and EU user data (3 nov)
https://www.bbc.com/news/business-63494951