CERT-SE:s veckobrev v.51
Denna elektroniska klapp får ej plats på en enkel papperslapp. Ty händelserna i omvärlden äro många och skrollisterna blir snabbt långa. Denna sista arbetsdagen innan jul bjuder vi på båd’ allvar och kul. I övrigt vill vi poängtera vikten av att sina system uppdatera.
En riktigt god jul önskar CERT-SE!
Nyheter i veckan
Agenda Ransomware Uses Rust to Target More Vital Industries (16 dec)
https://www.trendmicro.com/en_us/research/22/l/agenda-ransomware-uses-rust-to-target-more-vital-industries.html
Sophisticated DarkTortilla Malware Spreading Via Phishing Sites (16 dec)
https://blog.cyble.com/2022/12/16/sophisticated-darktortilla-malware-spreading-via-phishing-sites/
Email hijackers scam food out of businesses, not just money (17 dec)
https://www.theregister.com/2022/12/17/in_brief_security/
Restaurant CRM platform ‘SevenRooms’ confirms breach after data for sale (18 dec)
https://www.bleepingcomputer.com/news/security/restaurant-crm-platform-sevenrooms-confirms-breach-after-data-for-sale/
NCSC-SE: Nya rapporter om cybersäkerhet (19 dec)
https://www.ncsc.se/aktuellt/nya-rapporter-om-cybersakerhet/
A Closer Look at Windows Kernel Threats (19 dec)
https://www.trendmicro.com/en_se/research/22/l/a-closer-look-at-windows-kernel-threats.html
Play ransomware claims attack on German hotel chain H-Hotels (19 dec)
https://www.bleepingcomputer.com/news/security/play-ransomware-claims-attack-on-german-hotel-chain-h-hotels/
Gatekeeper’s Achilles heel: Unearthing a macOS vulnerability (19 dec)
https://www.microsoft.com/en-us/security/blog/2022/12/19/gatekeepers-achilles-heel-unearthing-a-macos-vulnerability/
SentinelSneak: Malicious PyPI module poses as security software development kit (19 dec)
https://blog.reversinglabs.com/blog/sentinelsneak-malicious-pypi-module-poses-as-security-sdk
Old vulnerabilities in Cisco products actively exploited in the wild (dec 19)
https://securityaffairs.co/wordpress/139821/security/cisco-old-vulnerabilities-exploitation.html
Diving into an Old Exploit Chain and Discovering 3 new SIP-Bypass Vulnerabilities (19 dec)
https://www.trendmicro.com/en_se/research/22/l/diving-into-an-old-exploit-chain-and-discovering-3-new-sip-bypas.html
Sårbarheter i Passwordstate: Better Make Sure Your Password Manager Is Secure (19 dec)
https://www.modzero.com/modlog/archives/2022/12/19/better_make_sure_your_password_manager_is_secure/index.html
Some Cisco DNA Center Appliances Shipped Between September 2022 and November 2022 Have Incorrect Firmware Installed (19 dec)
https://www.cisco.com/c/en/us/support/docs/field-notices/725/fn72520.html
Hacked Ring Cams Used to Record Swatting Victims (19 dec)
https://krebsonsecurity.com/2022/12/hacked-ring-cams-used-to-record-swatting-victims/
Efter cyberattacken: Ölandskommunerna åter uppkopplade (20 dec)
https://www.kalmarposten.se/oland/efter-cyberattacken-olandskommunerna-ater-uppkopplade-6eeb637a/
Raspberry Robin Malware Targets Telecom, Governments (20 dec)
https://www.trendmicro.com/en_us/research/22/l/raspberry-robin-malware-targets-telecom-governments.html
Elastic IP Hijacking — A New Attack Vector in AWS (21 dec)
https://www.mitiga.io/blog/elastic-ip-hijacking-a-new-attack-vector-in-aws
VIP impersonation attack on a Microsoft Office 365 environment targets 100,000 mailboxes (20 dec)
https://www.scmagazine.com/news/email-security/vip-impersonation-attack-on-a-microsoft-office-365-environment-targets-100000-mailboxes
Threat Spotlight: XLLing in Excel - threat actors using malicious add-ins (20 dec)
https://blog.talosintelligence.com/xlling-in-excel-malicious-add-ins/
GodFather Malware Returns Targeting Banking Users (20 dec)
https://blog.cyble.com/2022/12/20/godfather-malware-returns-targeting-banking-users/
Okta’s source code stolen after GitHub repositories hacked (21 dec)
https://www.bleepingcomputer.com/news/security/oktas-source-code-stolen-after-github-repositories-hacked/
…
https://sec.okta.com/articles/2022/12/okta-code-repositories
Detecting Windows AMSI Bypass Techniques (21 dec)
https://www.trendmicro.com/en_se/research/22/l/detecting-windows-amsi-bypass-techniques.html
Industrial Giant Thyssenkrupp Again Targeted by Cybercriminals (21 dec)
https://www.securityweek.com/industrial-giant-thyssenkrupp-again-targeted-cybercriminals
Microsoft research uncovers new Zerobot capabilities (21 dec)
https://www.microsoft.com/en-us/security/blog/2022/12/21/microsoft-research-uncovers-new-zerobot-capabilities/
Meddler-in-the-Middle Phishing Attacks Explained (21 dec)
https://unit42.paloaltonetworks.com/meddler-phishing-attacks/
Guardian hit by serious IT incident believed to be ransomware attack (21 dec)
https://www.theguardian.com/media/2022/dec/21/guardian-hit-by-serious-it-incident-believed-to-be-ransomware-attack
FBI: Cyber Criminals Impersonating Brands Using Search Engine Advertisement Services to Defraud Users (21 dec)
https://www.ic3.gov/Media/Y2022/PSA221221
Cyber-Incident Causes System Failures at Canadian Children’s Hospital (21 dec)
https://www.infosecurity-magazine.com/news/cyber-incident-failure-children/
Conti Team One Splinter Group Resurfaces as Royal Ransomware with Callback Phishing Attacks (21 dec)
https://www.trendmicro.com/en_us/research/22/l/conti-team-one-splinter-group-resurfaces-as-royal-ransomware-wit.html
Lastpass: Hackers stole customer vault data in cloud storage breach (22 dec)
https://www.bleepingcomputer.com/news/security/lastpass-hackers-stole-customer-vault-data-in-cloud-storage-breach/
…
https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/
Leading sports betting firm BetMGM discloses data breach (22 dec)
https://www.bleepingcomputer.com/news/security/leading-sports-betting-firm-betmgm-discloses-data-breach/
…
https://www.betmgminc.com/notice-regarding-patron-personal-information/
Custom-Branded Ransomware: The Vice Society Group and the Threat of Outsourced Development (22 dec)
https://www.sentinelone.com/labs/custom-branded-ransomware-the-vice-society-group-and-the-threat-of-outsourced-development/
FIN7 hackers create auto-attack platform to breach Exchange servers (22 dec)
https://www.bleepingcomputer.com/news/security/fin7-hackers-create-auto-attack-platform-to-breach-exchange-servers/
Informationssäkerhet och blandat
Fortnite Video Game Maker Epic Games to Pay More Than Half a Billion Dollars over FTC Allegations of Privacy Violations and Unwanted Charges (19 dec)
https://www.ftc.gov/news-events/news/press-releases/2022/12/fortnite-video-game-maker-epic-games-pay-more-half-billion-dollars-over-ftc-allegations
How Reveton Ransomware-as-a-Service Changed Cybersecurity (19 dec)
https://securityintelligence.com/articles/how-reveton-raas-changed-cybersecurity/
Cybercrime (and Security) Predictions for 2023 (19 dec)
https://thehackernews.com/2022/12/cybercrime-and-security-predictions-for.html
Grattis Transistorn — 75 år på fredag (20 dec)
https://www.hamnews.se/2022/12/20/grattis-transistorn-75-ar-pa-fredag/#more-47295
McGraw Hill’s S3 buckets exposed 100,000 students’ grades and personal info (20 dec)
https://www.theregister.com/2022/12/20/mcgraw_hills_s3_buckets_exposed/
Regeringen kräver skärpt it-säkerhet på högskolor (21 dec)
https://www.dn.se/sverige/regeringen-kraver-skarpt-it-sakerhet-pa-hogskolor/
Shoemaker Ecco leaks over 60GB of sensitive data for 500+ days (21 dec)
https://cybernews.com/security/ecco-leaks-sensitive-data-for-months/
Febril jakt på fiberavtal (22 dec)
https://upphandling24.se/febril-jakt-pa-fiberavtal/
Regeringen vill införa säkrare e-legitimation (22 dec)
https://tt.omni.se/regeringen-vill-infora-sakrare-e-legitimation/a/AP7Lbz
Nytt nätverk ger stöd mot it-angrepp i energisektorn (22 dec)
https://www.energi.se/artiklar/2022/december-2022/nytt-natverk-ger-stod-mot-it-angrepp-i-energisektorn/
France’s privacy watchdog fines Microsoft over cookies (22 dec)
https://www.reuters.com/technology/frances-privacy-watchdog-fines-microsoft-over-cookies-2022-12-22/
The scariest cyber security horror stories of 2022 (22 dec)
https://www.itpro.com/security/cyber-security/369758/the-scariest-cyber-security-horror-stories-of-2022
Biden Signs Post-Quantum Cybersecurity Guidelines Into Law (22 dec)
https://www.darkreading.com/risk/biden-signs-post-quantum-cybersecurity-guidelines-into-law
…
https://www.congress.gov/bill/117th-congress/house-bill/7535
CERT-SE i veckan
Prenumerera på CERT-SE:s artiklar via RSS
Ny attackmetod i Microsoft Exchange (uppdaterad 2022-12-21)
Sårbarheter i Shibboleth Identity Provider
Microsofts månatliga säkerhetsuppdateringar för december 2022 (uppdaterad 2022-12-22)