CERT-SE:s veckobrev v.25

Veckobrev

Denna vecka förmedlar vi flera nyheter om händelser i Sverige som är särskilt relevanta för CERT-SE. OT:Icefall är en rapport i veckans gedigna rapportsamling, vilken belyser sårbarheter i industriella kontroll- och styrsystem.

Nu nalkas midsommar och därmed start på semester för många. Veckobrevet kommer ni kunna ta del av hela sommaren, om än i ett kortare “sommarformat”.

Glad midsommar!

Nyheter i veckan

QNAP ‘thoroughly investigating’ new DeadBolt ransomware attacks (17 jun)
https://www.bleepingcomputer.com/news/security/qnap-thoroughly-investigating-new-deadbolt-ransomware-attacks/

Cisco says it won’t fix zero-day RCE in end-of-life VPN routers (17 jun)
https://www.bleepingcomputer.com/news/security/cisco-says-it-won-t-fix-zero-day-rce-in-end-of-life-vpn-routers/

QNAP NAS devices targeted by surge of eCh0raix ransomware attacks (18 jun)
https://www.bleepingcomputer.com/news/security/qnap-nas-devices-targeted-by-surge-of-ech0raix-ransomware-attacks/

New phishing attack infects devices with Cobalt Strike (18 jun)
https://www.bleepingcomputer.com/news/security/new-phishing-attack-infects-devices-with-cobalt-strike/

Microsoft 365 credentials targeted in new fake voicemail campaign (20 jun)
https://www.bleepingcomputer.com/news/security/microsoft-365-credentials-targeted-in-new-fake-voicemail-campaign/

Researchers Disclose 56 Vulnerabilities Impacting OT Devices from 10 Vendors (21 jun)
https://thehackernews.com/2022/06/researchers-disclose-56-vulnerabilities.html

Massive Cloudflare outage caused by network configuration error (21 jun)
https://www.bleepingcomputer.com/news/technology/massive-cloudflare-outage-caused-by-network-configuration-error/

New NTLM Relay Attack Lets Attackers Take Control Over Windows Domain (21 jun)
https://thehackernews.com/2022/06/new-ntlm-relay-attack-lets-attackers.html

APT ToddyCat (21 jun)
https://securelist.com/toddycat/106799/

Microsoft reveals cause behind this week’s Microsoft 365 outage (22 jun)
https://www.bleepingcomputer.com/news/microsoft/microsoft-reveals-cause-behind-this-week-s-microsoft-365-outage/

Meet the Administrators of the RSOCKS Proxy Botnet (22 jun)
https://krebsonsecurity.com/2022/06/meet-the-administrators-of-the-rsocks-proxy-botnet/

Rapporter

New Report Shows What Data Is Most at Risk to (and Prized by) Ransomware Attackers (16 jun)
https://www.rapid7.com/blog/post/2022/06/16/new-report-shows-what-data-is-most-at-risk-to-and-prized-by-ransomware-attackers/

Securing Network Management Systems (Part 3): Siemens SINEC NMS (16 jun)
https://claroty.com/2022/06/16/blog-research-securing-network-management-systems-part-3-siemens-sinec-nms/

BRATA is evolving into an Advanced Persistent Threat (17 jun)
https://www.cleafy.com/cleafy-labs/brata-is-evolving-into-an-advanced-persistent-threat

Over a Dozen Flaws Found in Siemens’ Industrial Network Management System (17 jun)
https://thehackernews.com/2022/06/over-dozen-flaws-found-in-siemens.html

Cyberthreat Defense Report 2022: Key Points You Should Know (19 jun)
https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/cyberthreat-defense-report-key-points/

OT:ICEFALL - A Decade of Insecure-by-Design Practices in OT
https://www.forescout.com/research-labs/ot-icefall/

Q1 2022 Phishing Threat Trends and Intelligence Report (20 jun)
https://www.tripwire.com/state-of-security/security-data-protection/phishing-threat-trends-intelligence-report/

Det systematiska informationssäkerhetsarbetet behöver stärkas (22 jun)
https://www.mynewsdesk.com/se/msb/pressreleases/det-systematiska-informationssaekerhetsarbetet-behoever-staerkas-3189722

Resultatredovisning Infosäkkollen 2021: https://rib.msb.se/filer/pdf/30002.pdf

Händelser i Sverige

Nationellt cybersäkerhetscenter
https://www.ncsc.se/

Regeringen presenterar cybersäkerhetspaket för att stärka Sverige https://www.regeringen.se/pressmeddelanden/2022/06/regeringen-presenterar-cybersakerhetspaket-for-att-starka-sverige/

MSB stärker förebyggandet och hanterandet av it-incidenter (22 juni)
https://www.regeringen.se/pressmeddelanden/2022/06/msb-starker-forebyggandet-och-hanterandet-av-it-incidenter/

Regeringen satsar 900 miljoner på stärkt cybersäkerhet (21 jun)
https://www.svt.se/nyheter/inrikes/900-miljoner-till-starkt-cybersakerhet

Informationssäkerhet och blandat

Google Chrome extensions can be fingerprinted to track you online (19 jun)
https://www.bleepingcomputer.com/news/security/google-chrome-extensions-can-be-fingerprinted-to-track-you-online/

Hats off to Team Europe - Winners of the 1st International Cybersecurity Challenge! (20 jun)
https://www.enisa.europa.eu/news/enisa-news/hats-off-to-team-europe-winners-of-the-1st-international-cybersecurity-challenge

Phishing gang behind several million euros worth of losses busted in Belgium and the Netherlands (21 jun)
https://www.europol.europa.eu/media-press/newsroom/news/phishing-gang-behind-several-million-euros-worth-of-losses-busted-in-belgium-and-netherlands

Risk Disconnect in the Cloud (22 jun)
https://www.darkreading.com/cloud/risk-disconnect-in-the-cloud