CERT-SE:s veckobrev v.28

Veckobrev

Trots semestertider fortsätter störningar och angrepp mot it-system. I veckans nyhetsbrev finns artiklar om allt från dataläckor till utpressningsvirus och överbelastningsattacker. Dessutom har det i veckan varit patchtisdag.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

PQC Standardization Process: Announcing Four Candidates to be Standardized, Plus Fourth Round Candidates (5 jul)
https://csrc.nist.gov/news/2022/pqc-candidates-to-be-standardized-and-round-4

From Follina to Rozena - Leveraging Discord to Distribute a Backdoor (6 jul)
https://www.fortinet.com/blog/threat-research/follina-rozena-leveraging-discord-to-distribute-a-backdoor

New 0mega ransomware targets businesses in double-extortion attacks (8 jul)
https://www.bleepingcomputer.com/news/security/new-0mega-ransomware-targets-businesses-in-double-extortion-attacks/

French telecom company La Poste Mobile struggling to recover from ransomware attack (8 jul)
https://therecord.media/french-telecom-company-la-poste-mobile-struggling-to-recover-from-ransomware-attack/

Rogers says services mostly restored after daylong outage left millions offline (8 jul)
https://www.cbc.ca/news/business/rogers-outage-cell-mobile-wifi-1.6514373

Mangatoon data breach exposes data from 23 million accounts (9 jul)
https://www.bleepingcomputer.com/news/security/mangatoon-data-breach-exposes-data-from-23-million-accounts/

Microsoft says decision to unblock Office macros is temporary (11 jul)
https://www.bleepingcomputer.com/news/microsoft/microsoft-says-decision-to-unblock-office-macros-is-temporary/

ECB Says Lagarde Was Targeted in Cyber Attack, No Data Stolen (12 jul)
https://www.bloomberg.com/news/articles/2022-07-12/ecb-says-lagarde-was-targeted-in-cyber-attack-no-data-stolen

Lithuanian Energy Firm Disrupted by DDOS Attack (12 jul)
https://www.infosecurity-magazine.com/news/lithuanian-energy-ddos-attack/

Rise in Qakbot attacks traced to evolving threat techniques (12 jul)
https://www.zscaler.com/blogs/security-research/rise-qakbot-attacks-traced-evolving-threat-techniques

From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud (12 jul)
https://www.microsoft.com/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-financial-fraud/

India Calls for Stricter Actions Against Cybercriminals (12 jul)
https://www.bankinfosecurity.com/india-calls-for-stricter-actions-against-cybercriminals-a-19552

Microsoft open sources Salus software bill of materials (SBOM) generation tool (12 jul)
https://devblogs.microsoft.com/engineering-at-microsoft/microsoft-open-sources-salus-software-bill-of-materials-sbom-generation-tool/

ICS Patch Tuesday: Siemens, Schneider Electric Address 59 Vulnerabilities (12 jul)
https://www.securityweek.com/ics-patch-tuesday-siemens-schneider-electric-address-59-vulnerabilities
…Siemens Security Advisories https://new.siemens.com/global/en/products/services/cert.html?d=2022-07#SecurityPublications

Elden Ring gaming giant Bandai Namco says hackers may have stolen customer data (13 jul) https://techcrunch.com/2022/07/13/bandai-namco-data-stolen/

New Android malware on Google Play installed 3 million times (13 jul)
https://www.bleepingcomputer.com/news/security/new-android-malware-on-google-play-installed-3-million-times/

Android security: How this new malware has become a top smartphone threat (13 jul)
https://www.zdnet.com/article/android-security-how-this-new-malware-has-become-a-top-smartphone-threat

New Lilith ransomware emerges with extortion site, lists first victim (13 jul)
https://www.bleepingcomputer.com/news/security/new-lilith-ransomware-emerges-with-extortion-site-lists-first-victim/

Misstänkt dataintrång har polisanmälts (14 jul)
https://www.folkhalsomyndigheten.se/nyheter-och-press/nyhetsarkiv/2022/juli/misstankt-dataintrang-har-polisanmalts/

Mantis botnet behind the record-breaking DDoS attack in June (14 jul)
https://www.bleepingcomputer.com/news/security/mantis-botnet-behind-the-record-breaking-ddos-attack-in-june/

Översyn av lagen om signalspaning i försvarsunderrättelseverksamhet (14 jul)
https://www.regeringen.se/pressmeddelanden/2022/07/oversyn-av-lagen-om-signalspaning-i-forsvarsunderrattelseverksamhet/

Attackers scan 1.6 million WordPress sites for vulnerable plugin (15 jul)
https://www.bleepingcomputer.com/news/security/attackers-scan-16-million-wordpress-sites-for-vulnerable-plugin/

Informationssäkerhet och blandat

Tallinn Workshop Report (6 jul)
https://eccri.eu/events/tallinn-workshop-report/

ENISA Threat Landscape Methodology (6 jul)
https://www.enisa.europa.eu/publications/enisa-threat-landscape-methodology

How To Detect Privilege Escalation: Attack Path Analysis (6 jul)
https://sonraisecurity.com/blog/how-to-detect-privilege-escalation/

Tech support scammers caught by their own cameras (11 jul)
https://blog.malwarebytes.com/tech-support-scams/2022/07/tech-support-scammers-get-caught-on-camera/

ChromeLoader: New Stubborn Malware Campaign (12 jul)
https://unit42.paloaltonetworks.com/chromeloader-malware/

Building a TLS-compatible Honeypot
https://github.com/Nirusu/how-to-setup-a-honeypot

NCSC (IE): Securing Operational Technology
https://www.ncsc.gov.ie/pdfs/Securing_Operational_Technology.pdf

CERT-SE i veckan

Kritiska sårbarheter i Cisco-produkter

Adobes månatliga säkerhetsuppdateringar för juli

Microsofts månatliga säkerhetsuppdateringar för juli 2022