CERT-SE:s veckobrev v.4

Veckobrev

I veckans nyhetsbrev blir det som vanligt artiklar om skadlig kod och phishing. Det blir också ett par artiklar om Log4Shell. NCSC-UK och CISA ger råd om hur man kan skydda sin organisation, så passa på att se över er cyberhygien.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Singapore pushed to introduce security measures amidst online banking scams (19 jan)
https://www.zdnet.com/article/singapore-pushed-to-introduce-security-measures-amidst-online-banking-scams/

Cynerio Research Finds Critical Medical Device Risks Continue to Threaten Hospital Security and Patient Safety (19 jan)
https://www.cynerio.com/blog/cynerio-research-finds-critical-medical-device-risks-continue-to-threaten-hospital-security-and-patient-safety

MoonBounce: the dark side of UEFI firmware (20 jan)
https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/

Merck Awarded $1.4B Insurance Payout over NotPetya Attack (21 jan)
https://threatpost.com/merck-insurance-payout-notpetya-attack/177872/

CISA adds 17 vulnerabilities to list of bugs exploited in attacks (22 jan)
https://www.bleepingcomputer.com/news/security/cisa-adds-17-vulnerabilities-to-list-of-bugs-exploited-in-attacks/

Hactivists say they hacked Belarus rail system to stop Russian military buildup (24 jan)
https://arstechnica.com/information-technology/2022/01/hactivists-say-they-hacked-belarus-rail-system-to-stop-russian-military-buildup/

Log4Shell: No Mass Abuse, But No Respite, What Happened? (24 jan)
https://news.sophos.com/en-us/2022/01/24/log4shell-no-mass-abuse-but-no-respite-what-happened/

Norska Stortinget riskerar GDPR-bot på två miljoner efter cyberattack (24 jan)
https://computersweden.idg.se/2.2683/1.761794/norska-stortinget-riskerar-gdpr-bot-pa-tva-miljoner-efter-cyberattack

Segway store compromised with Magecart skimmer (24 jan)
https://blog.malwarebytes.com/threat-intelligence/2022/01/segway-store-compromised-with-magecart-skimmer/

New macOS Malware ‘DazzleSpy’ Used in Hong Kong Attacks (25 jan)
https://www.securityweek.com/new-macos-malware-dazzlespy-used-hong-kong-attacks

Canada’s foreign affairs ministry hacked, some services down (25 jan)
https://www.bleepingcomputer.com/news/security/canadas-foreign-affairs-ministry-hacked-some-services-down/

German govt warns of APT27 hackers backdooring business networks (26 jan)
https://www.bleepingcomputer.com/news/security/german-govt-warns-of-apt27-hackers-backdooring-business-networks/

Take Immediate Actions to Stop Your NAS from Exposing to the Internet, and Update QTS to the latest available version. Fight Against Ransomware Together (26 jan)
https://www.qnap.com/en/security-news/2022/take-immediate-actions-to-stop-your-nas-from-exposing-to-the-internet-and-update-qts-to-the-latest-available-version-fight-against-ransomware-together

Microsoft warns of phishy OAuth apps (26 jan)
https://blog.malwarebytes.com/privacy-2/2022/01/microsoft-warns-of-phishy-oauth-apps/

VMware urges customers to patch VMware Horizon servers against Log4j attacks (26 jan)
https://securityaffairs.co/wordpress/127214/security/vmware-horizon-patches-log4j-flaws.html

Let’s Encrypt is revoking lots of SSL certificates in two days (26 jan)
https://www.bleepingcomputer.com/news/security/lets-encrypt-is-revoking-lots-of-ssl-certificates-in-two-days/

Cyberattack mot Nobelprisets webbsidor (26 jan)
https://sverigesradio.se/artikel/cyberattack-mot-nobelprisets-webbsidor

Evolved phishing: Device registration trick adds to phishers’ toolbox for victims without MFA (26 jan)
https://www.microsoft.com/security/blog/2022/01/26/evolved-phishing-device-registration-trick-adds-to-phishers-toolbox-for-victims-without-mfa/

Informationssäkerhet och blandat

Actions to take when the cyber threat is heightened (17 jan)
https://www.ncsc.gov.uk/guidance/actions-to-take-when-the-cyber-threat-is-heightened

Implement Cybersecurity Measures Now to Protect Against Potential Critical Threats (18 jan)
https://www.cisa.gov/sites/default/files/publications/CISA_Insights-Implement_Cybersecurity_Measures_Now_to_Protect_Against_Critical_Threats_508C.pdf

Emotet Spam Abuses Unconventional IP Address Formats to Spread Malware (21 jan)
https://www.trendmicro.com/en_us/research/22/a/emotet-spam-abuses-unconventional-ip-address-formats-spread-malware.html

We think Cyber Essentials is, well, still essential … (24 jan)
https://www.ncsc.gov.uk/blog-post/we-think-cyber-essentials-is-well-still-essential

How BRATA is monitoring your bank account (24 jan)
https://www.cleafy.com/cleafy-labs/how-brata-is-monitoring-your-bank-account

DTPacker – a .NET Packer with a Curious Password (24 jan)
https://www.proofpoint.com/us/blog/threat-insight/dtpacker-net-packer-curious-password-1

Ten of the Biggest Ransomware Attacks of 2021 (24 jan)
https://www.cybereason.com/blog/ten-of-the-biggest-ransomware-attacks-of-2021

Log4U, Shell4Me (26 jan)
https://blogs.blackberry.com/en/2022/01/log4u-shell4me

Why It’s Time to Rethink Incident Response (26 jan)
https://www.darkreading.com/vulnerabilities-threats/why-it-s-time-to-rethink-incident-response

Industry 100 women can do it! (27 jan)
https://www.ncsc.gov.uk/blog-post/industry-100-women-can-do-it

Insight from a large-scale phishing study (27 jan)
https://blog.f-secure.com/insight-from-a-large-scale-phishing-study/

CERT-SE i veckan

Viktiga sårbarheter påverkar Linux-system

Problem i Safari kan medföra informationsläckage (uppdaterad 2022-01-27)