CERT-SE:s veckobrev v.38

Veckobrev

Ännu ett sammandrag av nyheter från veckan med bland annat varningar från polisen om olika bedrägerikampanjer både via mejl och telefonsamtal, övningen Safe Cyber och ett stort grattis till Danmark för ECSC-vinsten!

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Chrome & Edge Enhanced Spellcheck Features Expose PII, Even Your Passwords (16 sept)
https://www.otto-js.com/news/article/chrome-and-edge-enhanced-spellcheck-features-expose-pii-even-your-passwords

Trojanized versions of PuTTY utility being used to spread backdoor (16 sept)
https://arstechnica.com/information-technology/2022/09/trojanized-versions-of-putty-utility-being-used-to-spread-backdoor/

Cybersäkerhetens hotnivå har stigit – även aktivitet mot Finland har ökat (16 sept)
https://www.traficom.fi/sv/aktuellt/cybersakerhetens-hotniva-har-stigit-aven-aktivitet-mot-finland-har-okat

EU moves to protect journalists from spyware (17 sept)
https://therecord.media/eu-moves-to-protect-journalists-from-spyware/

IHG hack: ‘Vindictive’ couple deleted hotel chain data for fun (17 sept)
https://www.bbc.com/news/technology-62937678

How to Use DuckDuckGo’s Privacy-First Email (18 sept)
https://www.wired.com/story/how-to-use-duckduckgo-privacy-first-email/

How botnet attacks work and how to defend against them (19 sept)
https://www.bleepingcomputer.com/news/security/how-botnet-attacks-work-and-how-to-defend-against-them/

Free Decryptor Available for LockerGoga Ransomware Victims (19 sept)
https://www.securityweek.com/free-decryptor-available-lockergoga-ransomware-victims

Russian Sandworm hackers pose as Ukrainian telcos to drop malware (19 sept)
https://www.bleepingcomputer.com/news/security/russian-sandworm-hackers-pose-as-ukrainian-telcos-to-drop-malware/

Emotet Botnet Started Distributing Quantum and BlackCat Ransomware (19 sept)
https://thehackernews.com/2022/09/emotet-botnet-started-distributing.html

Record 25.3 Billion Request Multiplexing Attack Mitigated by Imperva (19 sept)
https://www.imperva.com/blog/record-25-3-billion-request-multiplexing-attack-mitigated-by-imperva/

New York Emergency Services Provider Says Patient Data Stolen in Ransomware Attack (20 sept)
https://www.securityweek.com/new-york-emergency-services-provider-says-patient-data-stolen-ransomware-attack

Hive ransomware claims attack on New York Racing Association (20 sept)
https://www.bleepingcomputer.com/news/security/hive-ransomware-claims-attack-on-new-york-racing-association/

The last man selling floppy disks says he still receives orders from airlines (20 sept)
https://www.techspot.com/news/96042-last-man-selling-floppy-disks-receives-orders-airlines.html

Domain Shadowing: A Stealthy Use of DNS Compromise for Cybercrime (21 sept)
https://unit42.paloaltonetworks.com/domain-shadowing/

LockBit ransomware builder leaked online by “angry developer” (21 sept)
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-builder-leaked-online-by-angry-developer-/

Revealed: US Military Bought Mass Monitoring Tool That Includes Internet Browsing, Email Data (21 sept)
https://www.vice.com/en/article/y3pnkw/us-military-bought-mass-monitoring-augury-team-cymru-browsing-email-data

Unpatched 15-year old Python bug allows code execution in 350k projects (21 sept)
https://www.bleepingcomputer.com/news/security/unpatched-15-year-old-python-bug-allows-code-execution-in-350k-projects/

Tarfile: Exploiting the World With a 15-Year-Old Vulnerability (21 sept)
https://www.trellix.com/en-us/about/newsroom/stories/research/tarfile-exploiting-the-world.html

What you need to know about Evil-Colon attacks (22 sept)
https://www.helpnetsecurity.com/2022/09/22/evil-colon-attacks/

Denmark latest to conclude Google Analytics is unlawful (22 sept)
https://www.computing.co.uk/news/4056735/denmark-conclude-google-analytics-unlawful

Press release: Use of Google Analytics for web analytics (21 sept)
https://www.datatilsynet.dk/english/google-analytics/use-of-google-analytics-for-web-analytics

Databases. EXPOSED! (Redis) (22 sept)
https://censys.io/databases-exposed-redis/

ALPHV/BlackCat ransomware family becoming more dangerous (22 sept)
https://www.computerweekly.com/news/252525240/ALPHV-BlackCat-ransomware-family-becoming-more-dangerous

Hackers Targeting Unpatched Atlassian Confluence Servers to Deploy Crypto Miners (22 sept)
https://thehackernews.com/2022/09/hackers-targeting-unpatched-atlassian.html

Malicious OAuth applications used to compromise email servers and spread spam (22 sept)
https://www.microsoft.com/security/blog/2022/09/22/malicious-oauth-applications-used-to-compromise-email-servers-and-spread-spam/Prompt Injection/Extraction

Attacks against AI Systems (22 sept)
https://www.schneier.com/blog/archives/2022/09/prompt-injection-extraction-attacks-against-ai-systems.html

Jättearbetsgivare utsatt för IT-attack – verksamheten ligger nere (22 sept)
https://sverigesradio.se/artikel/jattearbetsgivare-utsatt-for-it-attack-verksamheten-ligger-nere

Informationssäkerhet och blandat

Massive Data Breach at Uber (16 sept)
https://www.schneier.com/blog/archives/2022/09/massive-data-breach-at-uber.html

The Uber Hack’s Devastation Is Just Starting to Reveal Itself (16 sept)
https://www.wired.com/story/uber-hack-mfa-phishing/

Uber links breach to Lapsus$ group, blames contractor for hack (19 sept)
https://www.bleepingcomputer.com/news/security/uber-links-breach-to-lapsus-group-blames-contractor-for-hack/

Can reflections in eyeglasses actually leak info from Zoom calls? Here’s a study into it (17 sept)
https://www.theregister.com/2022/09/17/glasses_reflections_zoom/

GTA 6 source code and videos leaked after Rockstar Games hack (18 sept)
https://www.bleepingcomputer.com/news/security/gta-6-source-code-and-videos-leaked-after-rockstar-games-hack/

Madeleine, 26, vill locka fler till cybersäkerhetsjobb (18 sept)
https://www.dn.se/ekonomi/madeleine-26-vill-locka-fler-till-cybersakerhetsjobb/

American Airlines discloses data breach after employee email compromise (19 sept)
https://www.bleepingcomputer.com/news/security/american-airlines-discloses-data-breach-after-employee-email-compromise/

Microsoft 365 phishing attacks impersonate U.S. govt agencies (19 sept)
https://www.bleepingcomputer.com/news/security/microsoft-365-phishing-attacks-impersonate-us-govt-agencies/

Credential Phishing Targeting Government Contractors Evolves Over Time (19 sept)
https://cofense.com/blog/credential-phishing-targeting-government-contractors-evolves-over-time

Hurrah for Denmark, Top Winner of the 2022 European Cybersecurity Challenge (19 sept)
https://www.enisa.europa.eu/news/hurrah-for-denmark-top-winner-of-the-2022-european-cybersecurity-challenge

Swedbank varnar för pågående smishingkampanj (20 sept)
https://sakerhetskollen.se/aktuella-brott/swedbank-varnar-for-pagaende-smishingkampanj

Revolut data breach: 50,000+ users affected (20 sept)
https://www.helpnetsecurity.com/2022/09/20/revolut-data-breach-phishing/

MFA Fatigue: Hackers’ new favorite tactic in high-profile breaches (20 sept)
https://www.bleepingcomputer.com/news/security/mfa-fatigue-hackers-new-favorite-tactic-in-high-profile-breaches/

Hotfulla bluffmejl till hundratals personer (21 sept)
https://www.aftonbladet.se/nyheter/a/rlWn0R/bluffmejl-och-samtal-fran-polisen-okar-lagg-pa

Ask.FM database with 350m user records allegedly sold online (21 sept)
https://cybernews.com/news/ask-fm-database-with-350m-user-records-sold-online/

Portugal’s TAP says hackers stole, published passengers’ personal data (22 sept)
https://www.reuters.com/business/aerospace-defense/portugals-tap-says-hackers-stole-published-passengers-personal-data-2022-09-22/

Australia phones cyber-attack exposes personal data (22 sept)
https://www.bbc.com/news/technology-62996101

Polisen varnar för en stor ökning av bluffsamtal (22 sept)
https://sakerhetskollen.se/aktuella-brott/polisen-varnar-for-en-stor-okning-av-bluffsamtal

Cybersoldater repövade för första gången (23 sept)
https://www.aktuellsakerhet.se/cybersoldater-repovade-for-forsta-gangen/

Här utbildar försvaret och KTH Sveriges cybersoldater (23 sept)
https://www.di.se/nyheter/har-utbildar-forsvaret-och-kth-sveriges-cybersoldater/