CERT-SE:s veckobrev v.46

Veckobrev

Veckans nyhetsbrev bjuder på flertalet råd och guider om bland annat DDoS, leverantörskedjor och prioritering av sårbarheter. Även CERT-SE vill passa på att tipsa om att se över sin cyberhygien.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

CISA Releases SSVC Methodology to Prioritize Vulnerabilities (10 nov)
https://www.cisa.gov/uscert/ncas/current-activity/2022/11/10/cisa-releases-ssvc-methodology-prioritize-vulnerabilities

Cyberförsvar: EU stärker insatserna mot cyberhot (10 nov)
https://ec.europa.eu/commission/presscorner/detail/sv/IP_22_6642

Cookies for MFA Bypass Gain Traction Among Cyberattackers (11 nov)
https://www.darkreading.com/threat-intelligence/cookies-mfa-bypass-cyberattackers

Sobeys data breach serves as wake-up call for industry: expert (11 nov)
https://www.thestar.com/business/2022/11/11/two-provincial-privacy-watchdogs-confirm-sobeys-experiencing-data-breach.html

Thales position on LockBit 3.0 (11 nov)
https://www.thalesgroup.com/en/worldwide/group/press_release/thales-position-lockbit-30

LockBit suspect cuffed after ransomware forces emergency services to use pen and paper (12 nov)
https://www.theregister.com/2022/11/12/in_brief_security/

Ska ha loggat in olagligt hundratals gånger – drabbade kräver skadestånd (13 nov)
https://sverigesradio.se/artikel/ska-ha-loggat-in-olagligt-hundratals-ganger-drabbade-kraver-skadestand

Australia to ‘stand up and punch back’ against cyber crims (14 nov)
https://www.theregister.com/2022/11/14/australia_offensive_ops_against_ransomware/

Online shopping fraud – a winter tale that always ends with fraudsters behind bars (14 nov)
https://www.europol.europa.eu/media-press/newsroom/news/online-shopping-fraud-%E2%80%93-winter-tale-always-ends-fraudsters-behind-bars

NSA Publishes Guidance on Mitigating Software Memory Safety Issues (14 nov)
https://www.securityweek.com/nsa-publishes-guidance-mitigating-software-memory-safety-issues

GitHub sets up private vulnerability reports for public repos to avoid ‘naming and shaming’ (14 nov)
https://www.theregister.com/2022/11/14/github_private_vulnerability_reporting/

Google to Pay a record $391M fine for misleading users about the collection of location data (15 nov)
https://securityaffairs.co/wordpress/138555/reports/google-settlement-personal-location-data.html

Russia-based Pushwoosh tricks US Army and others into running its code – for a while (15 nov)
https://www.theregister.com/2022/11/15/russia_pushwoosh_us_army/

Jägarregistret inte målet för dataintrång på Naturvårdsverket (15 nov)
https://www.svt.se/nyheter/inrikes/jagarregistret-inte-malet-for-dataintrang-pa-naturvardsverket

Europa dräneras på egen cybersäkerhet (15 nov)
https://computersweden.idg.se/2.2683/1.772837/eu-draneras-pa-egen-cybersakerhet–sa-ska-trenden-vandas

PCspooF: New Vulnerability Affects Networking Tech Used by Spacecraft and Aircraft (15 nov)
https://thehackernews.com/2022/11/pcspoof-new-vulnerability-affects.html

2022 holiday DDoS protection guide (15 nov)
https://www.microsoft.com/en-us/security/blog/2022/11/15/2022-holiday-ddos-protection-guide/

FBI is ‘extremely concerned’ about China’s influence through TikTok on U.S. users (15 nov)
https://www.cnbc.com/2022/11/15/fbi-is-extremely-concerned-about-chinas-influence-through-tiktok.html

Disneyland Malware Team: It’s a Puny World After All (16 nov)
https://krebsonsecurity.com/2022/11/disneyland-malware-team-its-a-puny-world-after-all/

Så förvandlar kriminella stulna och till synes harmlösa datauppgifter till pengar (16 nov)
https://computersweden.idg.se/2.2683/1.754680/stulna-data-till-pengar

Två misstänkta för dataintrånget i Vklass (16 nov)
https://www.gp.se/nyheter/g%C3%B6teborg/tv%C3%A5-misst%C3%A4nkta-f%C3%B6r-dataintr%C3%A5nget-i-vklass-1.85726335

Magento stores targeted in massive surge of TrojanOrders attacks (16 nov)
https://www.bleepingcomputer.com/news/security/magento-stores-targeted-in-massive-surge-of-trojanorders-attacks/

ÖB har beordrat digitalisering av Försvarsmakten – så ska det gå till (16 nov)
https://cio.idg.se/2.1782/1.772848/ob-har-beordrat-digitalisering-av-forsvarsmakten–och-med-nato-kan-farten-oka

New research shows Elon Musk’s verification scheme is running headlong into Twitter’s ‘dark web problem’ (16 nov)
https://www.scmagazine.com/analysis/cybercrime/new-research-shows-elon-musks-new-verification-scheme-is-running-headlong-twitters-dark-web-problem

Hostile states are targeting you, Speaker warns MPs (17 nov)
https://www.bbc.com/news/uk-politics-63654863Exercise in a Box is here (17 nov) https://www.cyber.gov.au/acsc/view-all-content/news/exercise-box-here

ESF Partners, NSA, and CISA Release Software Supply Chain Guidance for Customers (17 nov)
https://www.nsa.gov/Press-Room/News-Highlights/Article/Article/3221208/esf-partners-nsa-and-cisa-release-software-supply-chain-guidance-for-customers/

QBot phishing abuses Windows Control Panel EXE to infect devices (17 nov)
https://www.bleepingcomputer.com/news/security/qbot-phishing-abuses-windows-control-panel-exe-to-infect-devices/

What Caused the Uber Data Breach? (18 nov)
https://www.upguard.com/blog/what-caused-the-uber-data-breach

Ekerö hotas med cyberattack – 1 500 anställda måste byta lösenord (18 nov)
https://sverigesradio.se/artikel/ekero-hotas-med-cyberattack-1-500-anstallda-maste-byta-losenord

Informationssäkerhet och blandat

Massive ois[.]is Black Hat Redirect Malware Campaign (8 nov)
https://blog.sucuri.net/2022/11/massive-ois-is-black-hat-redirect-malware-campaign.html

KmsdBot: The Attack and Mine Malware (10 nov)
https://www.akamai.com/blog/security-research/kmdsbot-the-attack-and-mine-malware

Accidental $70k Google Pixel Lock Screen Bypass (10 nov)
https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass/

Cybersecurity Threats Fast-Forward 2030: Fasten your Security-Belt Before the Ride! (11 nov)
https://www.enisa.europa.eu/news/cybersecurity-threats-fast-forward-2030

Advanced threat predictions for 2023 (14 nov)
https://securelist.com/advanced-threat-predictions-for-2023/107939/

Billbug: State-sponsored Actor Targets Cert Authority, Government Agencies in Multiple Asian Countries (15 nov)
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/espionage-asia-governments-cert-authority

Forecast and Recommendations: 2022 Elastic Global Threat Report (15 nov)
https://www.elastic.co/blog/forecast-and-recommendations-2022-elastic-global-threat-report

New RapperBot Campaign – We Know What You Bruting for this Time (15 nov)
https://www.fortinet.com/blog/threat-research/new-rapperbot-campaign-ddos-attacks

DTrack activity targeting Europe and Latin America (15 nov)
https://securelist.com/dtrack-targeting-europe-latin-america/107798/

WASP Attack on Python — Polymorphic Malware Shipping WASP Stealer; Infecting Hundreds Of Victims (15 nov)
https://medium.com/checkmarx-security/wasp-attack-on-python-polymorphic-malware-shipping-wasp-stealer-infecting-hundreds-of-victims-10e92439d192

A Comprehensive Look at Emotet’s Fall 2022 Return (16 nov)
https://www.proofpoint.com/us/blog/threat-insight/comprehensive-look-emotets-fall-2022-return

Token tactics: How to prevent, detect, and respond to cloud token theft (16 nov)
https://www.microsoft.com/en-us/security/blog/2022/11/16/token-tactics-how-to-prevent-detect-and-respond-to-cloud-token-theft/

Network Security Trends: May-July 2022 (16 nov)
https://unit42.paloaltonetworks.com/network-security-trends-update/

Oops, I Leaked It Again — How Mitiga Found PII in Exposed Amazon RDS Snapshots (16 nov)
https://www.mitiga.io/blog/how-mitiga-found-pii-in-exposed-amazon-rds-snapshots

StopRansomware: Hive Ransomware (17 nov)
https://www.cisa.gov/uscert/ncas/alerts/aa22-321a

DEV-0569 finds new ways to deliver Royal ransomware, various payloads (17 nov)
https://www.microsoft.com/en-us/security/blog/2022/11/17/dev-0569-finds-new-ways-to-deliver-royal-ransomware-various-payloads/

CERT-SE i veckan

Microsofts månatliga säkerhetsuppdateringar för november 2022 (uppdaterad 2022-11-18)