CERT-SE:s veckobrev v.31

Efter en färgglad vecka med både Pride och uppdatering av TLP kommer här lite omvärldsbevakning från CERT-SE. Det har rapporterats om ett antal olika angrepp, bland annat överbelastningsattacker och utpressningsvirus. Dessutom blir det som vanligt några djupdykningar i olika typer av skadlig kod.

Trevlig helg önskar CERT-SE! 🏳️‍🌈

Nyheter i veckan

Fake investment scams in Europe (29 jul)
https://blog.group-ib.com/investment-scams-europe

Cyberattack mot nyhetsbyrån STT – en del system stängdes ner som en försiktighetsåtgärd (29 jul)
https://svenska.yle.fi/a/7-10019151

Luxembourg energy companies struggling with alleged ransomware attack, data breach (1 aug)
https://therecord.media/luxembourg-energy-companies-struggling-with-alleged-ransomware-attack-data-breach/

Encevo Cyberattack
https://www.encevo.eu/en/encevo-cyberattack/

EU missile maker MBDA confirms data theft extortion, denies breach (2 aug)
https://www.bleepingcomputer.com/news/security/eu-missile-maker-mbda-confirms-data-theft-extortion-denies-breach/

Hacking allegations against MBDA Italy (1 aug)
https://www.mbda-systems.com/2022/08/01/hacking-allegations-against-mbda-italy/

Semiconductor manufacturer Semikron hit by LV ransomware attack (2 aug)
https://www.bleepingcomputer.com/news/security/semiconductor-manufacturer-semikron-hit-by-lv-ransomware-attack/

Cyber-Vorfall bei SEMIKRON (1 aug)
https://www.semikron.com/de/ueber-semikron/news-presse/detail/cyber-vorfall-bei-semikron-1.html

SSU shuts down million-strong bot farm that destabilized situation in Ukraine and worked for one of political forces (2 aug)
https://ssu.gov.ua/en/novyny/sbu-likviduvala-milionnu-botofermu-yaka-rozkhytuvala-obstanovku-v-ukraini-na-zamovlennia-odniiei-z-politsyl-video

Post-quantum encryption contender is taken out by single-core PC and 1 hour (2 aug)
https://arstechnica.com/information-technology/2022/08/sike-once-a-post-quantum-encryption-contender-is-koed-in-nist-smackdown/

Spanish Research Center Suffers Cyberattack Linked to Russia (2 aug)
https://www.securityweek.com/spanish-research-center-suffers-cyberattack-linked-russia

El Consejo Superior de Investigaciones Científicas (CSIC) recibe un ciberataque (2 aug)
https://www.ciencia.gob.es/en/Noticias/2022/Agosto/El-Consejo-Superior-de-Investigaciones-Cient-ficas–CSIC–recibe-un-ciberataque.html

Taiwanese President and Top Govt Sites Hit by DDoS Attacks Amid Pelosi visit (2 aug)
https://www.hackread.com/taiwanese-president-govt-sites-ddos-attacks-pelosi-visit/

Tory-partiets omröstning om ny ledare stoppad av hackerlarm (3 aug)
https://www.svt.se/nyheter/utrikes/konservativa-partiets-omrostning-stoppad-av-hackerlarm

Solana Wallets Targeted in Latest Multimillion-Dollar Hack (3 aug)
https://www.coindesk.com/markets/2022/08/03/phantom-wallet-exploit-drains-millions-in-sol-tokens/

FEMA warns emergency alert systems could be hacked to transmit fake messages unless software is updated (3 aug)
https://edition.cnn.com/2022/08/03/politics/fema-emergency-alert-software-warning/index.html

35,000 code repos not hacked—but clones flood GitHub to serve malware (3 aug)
https://www.bleepingcomputer.com/news/security/35-000-code-repos-not-hacked-but-clones-flood-github-to-serve-malware/

New Traffic Light Protocol standard released after five years (4 aug)
https://www.bleepingcomputer.com/news/security/new-traffic-light-protocol-standard-released-after-five-years/

TRAFFIC LIGHT PROTOCOL (TLP)
https://www.first.org/tlp/

German Chambers of Industry and Commerce hit by ‘massive’ cyberattack (4 aug)
https://www.bleepingcomputer.com/news/security/german-chambers-of-industry-and-commerce-hit-by-massive-cyberattack/

Informationssäkerhet och blandat

Largest European DDoS Attack on Record (27 jul)
https://www.akamai.com/blog/security/largest-european-ddos-attack-ever

SharpTongue Deploys Clever Mail-Stealing Browser Extension “SHARPEXT” (28 jul)
https://www.volexity.com/blog/2022/07/28/sharptongue-deploys-clever-mail-stealing-browser-extension-sharpext/

Why security teams should prepare to slay the three-headed dragon [Q&A] (1 aug)
https://betanews.com/2022/08/01/why-security-teams-should-prepare-to-slay-the-three-headed-dragon-qa/

Large-Scale AiTM Attack targeting enterprise users of Microsoft email services (2 aug)
https://www.zscaler.com/blogs/security-research/large-scale-aitm-attack-targeting-enterprise-users-microsoft-email-services

Deepwatch ATI detects and responds to never before discovered backdoor deployed using Confluence vulnerability for suspected Espionage (2 aug)
https://www.deepwatch.com/labs/deepwatch-ati-detects-and-responds-to-never-before-discovered-backdoor-deployed-using-confluence-vulnerability-for-suspected-espionage/

Woody RAT: A new feature-rich malware spotted in the wild (3 aug)
https://blog.malwarebytes.com/threat-intelligence/2022/08/woody-rat-a-new-feature-rich-malware-spotted-in-the-wild/

So RapperBot, What Ya Bruting For? (3 aug)
https://www.fortinet.com/blog/threat-research/rapperbot-malware-discovery

2021 Top Malware Strains (4 aug)
https://www.cisa.gov/uscert/ncas/alerts/aa22-216a

CERT-SE i veckan

Sårbarhet i PAN-OS och Prisma Access utnyttjas aktivt

Kritiska sårbarheter i Cisco-produkter

Sårbarheter i flera VMware-produkter

Kritiska sårbarheter i produkter från Atlassian (Uppdaterad 2022-08-01)