CERT-SE:s veckobrev v.27

Kaseya meddelar att säkerhetsuppdateringen för Kaseya VSA släpps på söndag (11/7) samt varnar för att falska meddelanden gällande säkerhetsuppdateringar florerar och sprider skadlig kod. För den som inte hängt med i hängmattan och inte vill ha mardrömmar, har vi en gedigen samling både Kaseya-länkar och annat smått och gott i detta veckobrev.

Trevlig helg!

Nyheter i veckan

Svensk Bilsport utsatt för dataintrång (2 jul)
https://www.mynewsdesk.com/se/svenska_bilsportforbundet/pressreleases/svensk-bilsport-utsatt-foer-dataintraang-3114482

Skapar eget cybersäkerhetscentrum och träningsanläggning för cybersäkerhet (2 jul)
https://www.nyteknik.se/sakerhet/skapar-eget-cybersakerhetscentrum-och-traningsanlaggning-for-cybersakerhet-7017605

Leaked Babuk Locker ransomware builder used in new attacks (30 jun)
https://www.bleepingcomputer.com/news/security/leaked-babuk-locker-ransomware-builder-used-in-new-attacks/

Audacity 3.0 called spyware over data collection changes by new owner (4 jul)
https://appleinsider.com/articles/21/07/04/open-source-audacity-deemed-spyware-over-data-collection-changes

Japan to bolster national cybersecurity defence with 800 new hires: Report (6 jul)
https://www.zdnet.com/article/japan-to-bolster-national-cybersecurity-defence-with-800-new-hires-report/

Kaspersky Password Manager’s random password generator was about as random as your wall clock (6 jul)
https://www.theregister.com/AMP/2021/07/06/kaspersky_password_manager/

Interpol Arrests Moroccan Hacker Engaged in Nefarious Cyber Activities (6 jul)
https://thehackernews.com/2021/07/interpol-arrests-hacker-in-morocco-who.html

Polisens arbete mot cyberangrepp (7 jul)
https://polisen.se/aktuellt/nyheter/2021/juli/polisens-arbete-mot-cyberangrepp

Microsoft struggles to wake from PrintNightmare: Latest print spooler patch can be bypassed, researchers say (7 jul)
https://www.theregister.com/2021/07/07/printnightmare_fix_fail/

WildPressure’s multi-platform malware hits macOS in the Middle East (7 jul)
https://www.kaspersky.com/about/press-releases/2021_wildpressures-multi-platform-malware-hits-macos-in-the-middle-east .. New Mac Malware: OSX.WildPressure (8 jul)
https://www.patreon.com/posts/53462690

NSW Department of Education struck by cyber attack (8 jul) https://www.zdnet.com/article/nsw-department-of-education-struck-by-cyber-attack/

Ransomware incidents, online scams, and COVID-19-related phishing activities dominated cyber landscape in 2020 (8 jul)
https://www.csa.gov.sg/en/News/Press-Releases/ransomware-incidents-online-scams-and-covid19-related-phishing-activities-dominated-cyber-landscape-in-2020

PrintNightmare vulnerability explained: Exploits, patches, and workarounds (8 jul)
https://www.reseller.co.nz/article/689631/printnightmare-vulnerability-explained-exploits-patches-workarounds/

Kaseya-incidenten

CISA-FBI Guidance for MSPs and their Customers Affected by the Kaseya VSA Supply-Chain Ransomware Attack (4 jul)
https://us-cert.cisa.gov/ncas/current-activity/2021/07/04/cisa-fbi-guidance-msps-and-their-customers-affected-kaseya-vsa

Independence Day: REvil uses supply chain exploit to attack hundreds of businesses (5 jul)
https://news.sophos.com/en-us/2021/07/04/independence-day-revil-uses-supply-chain-exploit-to-attack-hundreds-of-businesses/amp/

“Kaseya Attack”: Over 1000 organizations globally attacked on Fourth of July weekend, biggest supply chain attack since Sunburst (5 jul)
https://blog.checkpoint.com/2021/07/05/russian-speaking-group-strikes-on-us-independence-weekend-hitting-several-organizations-with-ransomware-demands-in-the-biggest-supply-chain-attack-since-sunburst/

”Attacken mot Coop kan vara precis vad vi behövde” (5 jul)
https://www.nyteknik.se/digitalisering/attacken-mot-coop-kan-vara-precis-vad-vi-behovde-7017668

FRA om cyberattacken mot Coop: ”Vi kommer se fler attacker av den här typen” (6 jul)
https://www.svt.se/nyheter/inrikes/fra-om-cyberattacken-mot-coop-vi-kommer-att-se-fler-attacker-av-den-har-typen

Researchers uncovered the network infrastructure of REVil – The notorious ransomware group that hit Kaseya (7 jul)
https://securityaffairs.co/wordpress/119799/cyber-crime/researchers-infrastructure-revil-ransomware-gang.html

Kaseya VSA Limited Disclosure | Why we are only disclosing limited details on the Kaseya vulnerabilities (7 jul)
https://csirt.divd.nl/2021/07/07/Kaseya-Limited-Disclosure/

Bogus Kaseya VSA patches circulate, booby-trapped with remote-access tool (7 jul)
https://www.theregister.com/2021/07/07/kaseya_malware_patches_/

Kaseya ransomware attack: Your questions answered (8 jul)
https://www.zdnet.com/article/kaseya-ransomware-attack-your-questions-answered/

White hats reported key Kaseya VSA flaw months ago. Ransomware outran the patch (8 jul)
https://www.theregister.com/2021/07/08/kaseya_dutch_vulnerability/

Coops vapen i ransomware-attacken (8 jul)
https://www.voister.se/artikel/2021/07/coops-vapen-i-ransomware-attacken/

Bonus! Ökad aktivitet av ransomware i Sverige (2 nov, 2020)
https://www.msb.se/sv/aktuellt/nyheter/2020/november/okad-aktivitet-av-ransomware-i-sverige/

CERT-SE i veckan

Kritiska sårbarheter i Kaseya VSA - stäng omedelbart av servrar med tillgång