CERT-SE:s veckobrev v.29

Vi avslutar en het vecka med rykande färska nyheter. Trevlig helg och lycka till ikväll alla 🇸🇪fotbollshjältar🇸🇪 önskar CERT-SE!

Nyheter i veckan

PSA: Sudden Increase In Attacks On Modern WPBakery Page Builder Addons Vulnerability (13 jul) https://www.wordfence.com/blog/2022/07/attacks-on-modern-wpbakery-page-builder-addons-vulnerability/Healthcare Provider Exposed Transplant Donor and Recipient Data (14 jul) https://www.infosecurity-magazine.com/news/healthcare-provider-transplant-data/New variant of Android SpyJoker malware removed from Play Store after 3 million+ installs (14 jul) https://blog.malwarebytes.com/android/2022/07/new-variant-of-android-spyjoker-malware-removed-from-play-store-after-3-million-installs/Tenet Health sued after affiliate hack, health data theft impacting 1.2M (14 jul) https://www.scmagazine.com/editorial/analysis/breach/tenet-health-sued-after-affiliate-hack-health-data-theft-impacting-1-2mThe Trojan Horse Malware & Password “Cracking” Ecosystem Targeting Industrial Operators (14 jul) https://www.dragos.com/blog/the-trojan-horse-malware-password-cracking-ecosystem-targeting-industrial-operators/Above the Fold and in Your Inbox: Tracing State-Aligned Activity Targeting Journalists, Media (14 jul) https://www.proofpoint.com/us/blog/threat-insight/above-fold-and-your-inbox-tracing-state-aligned-activity-targeting-journalistsTor Browser now bypasses internet censorship automatically (15 jul) https://www.bleepingcomputer.com/news/security/tor-browser-now-bypasses-internet-censorship-automatically/Unverified Commits: Are You Unknowingly Trusting Attackers’ Code? (15 jul) https://checkmarx.com/blog/unverified-commits-are-you-unknowingly-trusting-attackers-code/Microsoft investigates July updates breaking Access applications (15 jul) https://www.bleepingcomputer.com/news/microsoft/microsoft-investigates-july-updates-breaking-access-applications/Google-datorer stoppas i danska skolor (16 jul) https://tt.omni.se/google-datorer-stoppas-i-danska-skolor/a/bGEE9eTaiwan government faces surge of Emotet malware attacks (16 jul) https://www.taiwannews.com.tw/en/news/4598445Zero-day attacks climb as hackers get more sophisticated (18 jul) https://securitybrief.co.nz/story/zero-day-attacks-climb-as-hackers-get-more-sophisticatedAmid Rising Magecart Attacks on Online Ordering Platforms, Recent Campaigns Infect 311 Restaurants (18 jul) https://www.recordedfuture.com/amid-rising-magecart-attacks-online-ordering-platformsAlbanian government websites go dark after cyberattack (18 jul) https://www.theregister.com/2022/07/18/albania_down/Building materials giant Knauf hit by Black Basta ransomware gang (19 jul) https://www.bleepingcomputer.com/news/security/building-materials-giant-knauf-hit-by-black-basta-ransomware-gang/CISA Set to Open London Office (19 jul) https://www.infosecurity-magazine.com/news/cisa-set-to-open-london-office/IMY öppnar visselblåsarfunktion – tryggt att anmäla slarv med dataskydd (19 jul) https://computersweden.idg.se/2.2683/1.768479/nu-kan-du-visselblasa-till-integritetsskyddsmyndigheten .. https://www.imy.se/privatperson/utfora-arenden/visselblasning/UK heat wave causes Google and Oracle cloud outages (19 jul) https://www.bleepingcomputer.com/news/security/uk-heat-wave-causes-google-and-oracle-cloud-outages/Neopets data breach exposes personal data of 69 million members (20 jul) https://www.bleepingcomputer.com/news/security/neopets-data-breach-exposes-personal-data-of-69-million-members/US seizes stolen funds from suspected North Korean hackers (20 jul) https://www.bbc.com/news/technology-62239638Microsoft Teams settings leave govt officials open to cyberattacks (21 jul) https://cybernews.com/security/microsoft-teams-settings-leave-govt-officials-open-to-cyberattacks/

Informationssäkerhet och blandat

New Ransomware Groups on the Rise (12 jul) https://blog.cyble.com/2022/07/12/new-ransomware-groups-on-the-rise/The Kit That Wants It All: Scam Mimics PayPal’s Known Security Measures (13 jul) https://www.akamai.com/blog/security/paypal-phishing-scam-mimics-known-security-measuresBlackCat ransomware attacks not merely a byproduct of bad luck (14 jul) https://news.sophos.com/en-us/2022/07/14/blackcat-ransomware-attacks-not-merely-a-byproduct-of-bad-luck/North Korean threat actor targets small and midsize businesses with H0lyGh0st ransomware (14 jul) https://www.microsoft.com/security/blog/2022/07/14/north-korean-threat-actor-targets-small-and-midsize-businesses-with-h0lygh0st-ransomware/CP/M’s open-source status clarified after 21 years (15 jul) https://www.theregister.com/2022/07/15/cpm_open_sourceDigium Phones Under Attack: Insight Into the Web Shell Implant (15 jul) https://unit42.paloaltonetworks.com/digium-phones-web-shell/SATAn: Air-Gap Exfiltration Attack via Radio Signals From SATA Cables (15 jul) https://arxiv.org/abs/2207.07413Anatomy of Attack: Truth Behind the Costa Rica Government Ransomware 5-Day Intrusion (18 jul) https://www.advintel.io/post/anatomy-of-attack-truth-behind-the-costa-rica-government-ransomware-5-day-intrusionRussian APT29 Hackers Use Online Storage Services, DropBox and Google Drive (19 jul) https://unit42.paloaltonetworks.com/cloaked-ursa-online-storage-services-campaigns/Continued cyber activity in Eastern Europe observed by TAG (19 jul) https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag/I see what you did there: A look at the CloudMensis macOS spyware (19 jul) https://www.welivesecurity.com/2022/07/19/i-see-what-you-did-there-look-cloudmensis-macos-spyware/Redeemer Ransomware back Action (20 jul) https://blog.cyble.com/2022/07/20/redeemer-ransomware-back-action/Lightning Framework: New Undetected “Swiss Army Knife” Linux Malware (21 jul) https://www.intezer.com/blog/research/lightning-framework-new-linux-threat/British intelligence recycles old argument for borking encryption: think of the children! (22 jul) https://www.theregister.com/2022/07/22/british_encryption_scanning/Ukrainian Radio Stations Hacked to Broadcast Fake News About Zelenskyy’s Health (22 jul) https://thehackernews.com/2022/07/ukrainian-radio-stations-hacked-to.html

CERT-SE i veckan

Kritiska sårbarheter i Cisco Nexus DashboardKritiska sårbarheter i produkter från AtlassianOracles kvartalsvisa säkerhetsuppdatering för juli 2022