CERT-SE:s veckobrev v.45
November kan kännas som en mörk månad, men denna fredag lyser vi upp med glada nyheter från Europol, nya samarbetsinsatser kring cybersäkerhet och en liten puff för att det har varit patchtisdag.
Trevlig helg önskar CERT-SE!
Nyheter i veckan
Law Enforcement Operation Targets Clop Ransomware (7 nov)
https://www.bankinfosecurity.com/interpol-disrupts-global-malware-crime-network-a-17858
Five affiliates to Sodinokibi/REvil unplugged (8 nov)
https://www.europol.europa.eu/newsroom/news/five-affiliates-to-sodinokibi/revil-unplugged
Flera personer gripna för cyberattacker i Europolinsats (8 nov)
https://polisen.se/aktuellt/nyheter/2021/november/flera-personer-gripna-for-cyberattacker-i-europolinsats/
US seizes $6 million from REvil ransomware, arrest Kaseya hacker (8 nov)
https://www.bleepingcomputer.com/news/security/us-seizes-6-million-from-revil-ransomware-arrest-kaseya-hacker/
State hackers breach defense, energy, healthcare orgs worldwide (8 nov)
https://www.bleepingcomputer.com/news/security/state-hackers-breach-defense-energy-healthcare-orgs-worldwide/
MediaMarkt hit by Hive ransomware, initial $240 million ransom (8 nov)
https://www.bleepingcomputer.com/news/security/mediamarkt-hit-by-hive-ransomware-initial-240-million-ransom/
Robinhood discloses data breach impacting 7 million customers (8 nov)
https://www.bleepingcomputer.com/news/security/robinhood-discloses-data-breach-impacting-7-million-customers/
Nätmäklaren Robinhood hackad – 7 miljoner användare drabbade (9 nov)
https://www.nyteknik.se/digitalisering/natmaklaren-robinhood-hackad-7-miljoner-anvandare-drabbade-7024088
Mexico Arrests Suspect in Pegasus Spyware Case (9 nov)
https://www.securityweek.com/mexico-arrests-suspect-pegasus-spyware-case
TrickBot teams up with Shatak phishers for Conti ransomware attacks (10 nov)
https://www.bleepingcomputer.com/news/security/trickbot-teams-up-with-shatak-phishers-for-conti-ransomware-attacks/
Indonesia, UK discuss future technology and cybersecurity (11 nov)
https://abcnews.go.com/Technology/wireStory/indonesia-uk-discuss-future-technology-cybersecurity-81104715
Researchers Uncover Hacker-for-Hire Group That’s Active Since 2015 (11 nov)
https://thehackernews.com/2021/11/researchers-uncover-hacker-for-hire.html
Interpol Closes in on Global BEC Gang (12 nov)
https://www.infosecurity-magazine.com/news/interpol-closes-in-on-global-bec/
USA och EU går med i initiativ för cyberkrigsregler (12 nov)
https://computersweden.idg.se/2.2683/1.758705/usa-och-eu-gar-med-i-initiativ-for-cyberkrigsregler
Informationssäkerhet och blandat
Decrypting Cobalt Strike Traffic With Keys Extracted From Process Memory (6 nov)
https://isc.sans.edu/forums/diary/Decrypting+Cobalt+Strike+Traffic+With+Keys+Extracted+From+Process+Memory/28006/
Paris Call for trust and security in cyberspace
https://pariscall.international/en/
US Army cyber operations team visiting Lithuania (8 nov)
https://www.baltictimes.com/us_army_cyber_operations_team_visiting_lithuania/
FinCEN Releases Updated Advisory on Ransomware and the Use of the Financial System to Facilitate Ransom Payments (8 nov)
https://www.fincen.gov/news/news-releases/fincen-releases-updated-advisory-ransomware-and-use-financial-system-facilitate
FIN-2021-A004 Advisory on Ransomware and the Use of the Financial System to Facilitate Ransom Payments (8 nov)
https://www.fincen.gov/sites/default/files/2021-11/FinCEN%20Ransomware%20Advisory_FINAL_508_.pdf
Supporting an Independent TF-CSIRT (9 nov)
https://labs.ripe.net/author/kjerstin-burdiek/supporting-an-independent-tf-csirt/
Most ransomware attacks rely on exploiting older, unpatched vulnerabilities (10 nov)
https://www.techradar.com/news/most-ransomware-attacks-rely-on-exploiting-older-unpatched-vulnerabilities
The hunt for NOBELIUM, the most sophisticated nation-state attack in history (10 nov)
https://www.microsoft.com/security/blog/2021/11/10/the-hunt-for-nobelium-the-most-sophisticated-nation-state-attack-in-history/
Walking on APT31 infrastructure footprints (10 nov) https://www.sekoia.io/en/walking-on-apt31-infrastructure-footprints/
Firms Will Struggle to Secure Extended Attack Surface in 2022 (10 nov)
https://www.darkreading.com/risk/firms-will-struggle-to-secure-extended-attack-surface-in-2022
A Brief History of the Meris Botnet (11 nov)
https://blog.cloudflare.com/meris-botnet/
Internet Organised Crime Threat Assessment (IOCTA) 2021 (11 nov)
https://www.europol.europa.eu/activities-services/main-reports/internet-organised-crime-threat-assessment-iocta-2021
The role of online ID authentication in increasing social media safety (11 nov)
https://www.information-age.com/role-of-online-id-authentication-increasing-social-media-safety-123497644/
October 2021’s Most Wanted Malware: Trickbot Takes Top Spot for Fifth Time (11 nov)
https://blog.checkpoint.com/2021/11/11/october-2021s-most-wanted-malware-trickbot-takes-top-spot-for-fifth-time/
CERT-SE i veckan
Kritisk sårbarhet i Citrix-produkter
Kritiska sårbarheter i SAP-produkter
Adobes månatliga säkerhetsuppdateringar för november
Microsofts månatliga säkerhetsuppdateringar för november 2021