CERT-SE:s veckobrev v.51

Veckobrev

Arbetet med att hantera Log4Shell fortsätter och under veckan har även ransomware-angreppet mot Kalix kommun fått stor uppmärksamhet. Veckobrevet tar uppehåll till den 14 januari, men CERT-SE finns fortsatt tillgängliga för råd och stöd dygnet runt.

God jul och gott nytt år önskar CERT-SE!

Nyheter i veckan

Report: Audio Tech Giant Exposed Thousands of Customers’ Data (16 dec)
https://www.vpnmentor.com/blog/report-sennheiser-leak/

Pegasus vs. Predator - Dissident’s Doubly-Infected iPhone Reveals Cytrox Mercenary Spyware (16 dec)
https://citizenlab.ca/2021/12/pegasus-vs-predator-dissidents-doubly-infected-iphone-reveals-cytrox-mercenary-spyware/

Facebook locks out 1,500 fake accounts used by cyber-spy firms to snoop on people, alerts 50k potential targets (17 dec)
https://www.theregister.com/2021/12/17/cyber_spying_firms_facebook_meta/

PseudoManuscrypt’s nonstandard industrial attack (17 dec)
https://www.kaspersky.com/blog/pseudomanuscrypt-industrial-malware/43177/

Russian hackers leak confidential UK police data on the ‘dark web’ after their ransom was rejected (19 dec)
https://www.dailymail.co.uk/news/article-10325189/Russian-hackers-leak-confidential-UK-police-data-dark-web-ransom-rejected.html

Cyberattacks That Made Headlines In 2021 (20 dec)
https://datatechvibe.com/data/cyberattacks-that-made-headlines-in-2021/

Belgian Defence ministry network partially down following cyber attack (20 dec)
https://www.brusselstimes.com/belgium/198521/belgian-defence-ministry-network-partially-down-following-cyber-attack

Open Source Pwned Passwords with FBI Feed and 225M New NCA Passwords is Now Live! (20 dec)
https://www.troyhunt.com/open-source-pwned-passwords-with-fbi-feed-and-225m-new-nca-passwords-is-now-live/

Efter it-attacken – hackarna läcker personaldata från Nordic Choice Hotel (20 dec)
https://www.nyteknik.se/sakerhet/efter-it-attacken-hackarna-lacker-personaldata-fran-nordic-choice-hotel-7026425

Faking A Positive COVID Test (21 dec)
https://labs.f-secure.com/blog/faking-a-positive-covid-test

Russian Hacker Extradited to US for Trading on Stolen Information (21 dec)
https://www.securityweek.com/russian-hacker-extradited-us-trading-stolen-information

De varnade för bluffmejl – saknar själva grundskydd (21 dec)
https://sverigesradio.se/artikel/de-varnade-for-bluffmejl-saknar-sjalva-grundskydd

Kalix

System fortfarande nere efter it-attack i Kalix (17 dec)
https://www.dn.se/sverige/system-fortfarande-nere-efter-it-attack-i-kalix/

“Kan drabba vilken organisation som helst” (17 dec)
https://sverigesradio.se/artikel/kan-drabba-vilken-organisation-som-helst

Linus Larsson: Nu är det lönsamt att hacka vem som helst (17 dec)
https://www.dn.se/sverige/linus-larsson-nu-ar-det-lonsamt-att-hacka-vem-som-helst/

“IT-attacken mot Kalix är bara toppen på ett isberg” (20 dec)
https://sverigesradio.se/artikel/it-attacken-mot-kalix-ar-bara-toppen-pa-ett-isberg

SKR om att motverka it-attacker: Regeringen behöver utforma bättre stöd (20 dec)
https://www.svt.se/nyheter/inrikes/skr-om-att-motverka-it-attacker-regeringen-behover-utforma-battre-stod

Kalix-attacken: Ingen data har blivit stulen (21 dec)
https://www.nyteknik.se/sakerhet/kalix-attacken-ingen-data-har-blivit-stulen-7026467

Log4Shell

Västra Götalandsregionens IT-avdelning i stabsläge: kritisk sårbarhet (17 dec)
https://sverigesradio.se/artikel/vastra-gotalandsregionens-it-avdelning-i-stabslage-kritisk-sarbarhet

Understanding the Impact of Apache Log4j Vulnerability (17 dec)
https://security.googleblog.com/2021/12/understanding-impact-of-apache-log4j.html

CISA issues emergency directive to fix Log4j vulnerability (17 dec)
https://www.theregister.com/2021/12/17/cisa_issues_emergency_directive_to/

Emergency Directive 22-02 Mitigate Apache Log4j Vulnerability
https://www.cisa.gov/emergency-directive-22-02

Apache releases new 2.17.0 patch for Log4j to solve denial of service vulnerability (18 dec)
https://www.zdnet.com/article/apache-releases-new-2-17-0-patch-for-log4j-to-solve-denial-of-service-vulnerability/

Conti Ransomware Group Exploiting Log4j Vulnerability (18 dec)
https://www.hackread.com/conti-ransomware-group-exploit-log4j-vulnerability/

Log4Shell: The Movie… a short, safe visual tour for work and home (20 dec)
https://nakedsecurity.sophos.com/2021/12/20/log4shell-the-movie-a-short-safe-visual-tour-for-work-and-home/

Mitigating Log4Shell and Other Log4j-Related Vulnerabilities (22 dec)
https://www.cisa.gov/uscert/ncas/alerts/aa21-356a

Informationssäkerhet och blandat

Cybersäkerhet för ökad konkurrenskraft
https://www.iva.se/globalassets/bilder/projekt/cybersakerhet/202111-iva-cybersakerhet-a5-e.pdf

Ransomware affects the entire retail supply chain this holiday season (17 dec)
https://www.zdnet.com/article/ransomware-affects-the-entire-retail-supply-chain-this-holiday-season/

5 Ways to Reduce the Risk of Ransomware to Your OT Network (21 dec)
https://www.securityweek.com/5-ways-reduce-risk-ransomware-your-ot-network

CERT-SE i veckan

Kritisk sårbarhet i Apache HTTP Server 2.4

Kritisk sårbarhet i VMware Workspace ONE UEM

BM21-004: Kritisk sårbarhet i vanligt förekommande Apache-biblioteket Log4j (uppdaterad 2021-12-20)