CERT-SE:s veckobrev v.43

Veckobrev

Efter en vecka med mycket rapportering i både svenska och internationella medier kommer här ett extra långt veckobrev. CERT-SE vill särskilt uppmärksamma att OpenSSL på tisdag släpper en säkerhetsuppdatering för att åtgärda en kritisk sårbarhet och det är en god idé att vara redo att uppdatera påverkade programvaror.Trevlig helg önskar CERT-SE!

Nyheter i veckan

Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn (20 okt) https://krebsonsecurity.com/2022/10/battle-with-bots-prompts-mass-purge-of-amazon-apple-employee-accounts-on-linkedin/INTERPOL launches first global police Metaverse (20 okt) https://www.interpol.int/en/News-and-Events/News/2022/INTERPOL-launches-first-global-police-MetaversePresident Biden still wants his cybersecurity labels on those smart devices (20 okt) https://www.theregister.com/2022/10/20/biden_administration_iot_security_labels/Wholesale giant METRO hit by IT outage after cyberattack (21 okt) https://www.bleepingcomputer.com/news/security/wholesale-giant-metro-hit-by-it-outage-after-cyberattack/List of Common Passwords Accounts for Nearly All Cyberattacks (21 okt) https://www.darkreading.com/endpoint/a-common-password-list-accounts-for-nearly-all-cyberattacksStopRansomware: Daixin Team (21 okt) https://www.cisa.gov/uscert/ncas/alerts/aa22-294aSecuring IoT devices against attacks that target critical infrastructure (21 okt) https://www.microsoft.com/en-us/security/blog/2022/10/21/securing-iot-devices-against-attacks-that-target-critical-infrastructure/Revidering av standarden ISO 27002 – riktlinjer för säkerhetsåtgärder (21 okt) https://www.sis.se/nyheter-och-press/nyheter/ny-version-av-isoiec-27002/Norway PM: Russia poses ‘real and serious’ cyber threat to oil and gas industry (21 okt) https://therecord.media/norway-pm-russia-poses-real-and-serious-cyber-threat-to-oil-and-gas-industry/What Impact, if Any, Does Killnet Have? (21 okt) https://www.lawfareblog.com/what-impact-if-any-does-killnet-haveIran’s atomic energy organization says e-mail was hacked (23 okt) https://www.reuters.com/world/middle-east/irans-atomic-energy-organization-says-e-mail-was-hacked-state-media-says-2022-10-23/Typosquat campaign mimics 27 brands to push Windows, Android malware (23 okt) https://www.bleepingcomputer.com/news/security/typosquat-campaign-mimics-27-brands-to-push-windows-android-malware/Australia flags increased penalties for data breaches following major cyberattacks (23 okt) https://www.reuters.com/technology/australia-flags-increased-penalties-data-breaches-following-major-cyberattacks-2022-10-22/Thousands of GitHub repositories deliver fake PoC exploits with malware (23 okt) https://www.bleepingcomputer.com/news/security/thousands-of-github-repositories-deliver-fake-poc-exploits-with-malware/ .. How security professionals are being attacked: A study of malicious CVE proof of concept exploits in GitHub (15 okt) https://arxiv.org/abs/2210.08374Experter: Mer kan bli hemligstämplat i framtiden (24 okt) https://sverigesradio.se/artikel/experter-mer-kan-bli-hemligt-i-framtidenHotfulla bluffmejl från ”Polisen” fortsätter cirkulera (24 okt) https://pcforalla.idg.se/2.1054/1.771983/hotfulla-bluffmejl-fran-polisen-fortsatter-cirkuleraPolisen varnar för sms från “ditt barn” (24 okt) https://sakerhetskollen.se/aktuella-brott/polisen-varnar-for-sms-fran-ditt-barnHive Ransomware Hackers Begin Leaking Data Stolen from Tata Power Energy Company (25 okt) https://thehackernews.com/2022/10/hive-ransomware-hackers-begin-leaking.htmlInformation till dig som finns registrerad i samband med serveringstillstånd (25 okt) https://goteborg.se/wps/portal/press-och-media/aktuelltarkivet/aktuellt/867a884e-4896-48e9-a43b-032aedaaf4d9How the “pizza123” password could take down an organization (25 okt) https://www.bleepingcomputer.com/news/security/how-the-pizza123-password-could-take-down-an-organization/German cyber agency warns threat situation is ‘higher than ever’ (25 okt) https://therecord.media/german-cyber-agency-warns-threat-situation-is-higher-than-ever/How the Software Supply Chain Security is Threatened by Hackers (25 okt) https://thehackernews.com/2022/10/how-software-supply-chain-security-is.htmlSäpos uppmaning till energiföretagen: Stärk skyddet (25 okt) https://sverigesradio.se/artikel/sapos-uppmaning-till-energiforetagen-stark-skyddetMedibank confirms hacker had access to data of all 3.9 million customers (26 okt) https://www.theguardian.com/technology/2022/oct/26/medibank-confirms-all-39-million-customers-had-data-accessed-in-hackMicrosoft fixes Windows vulnerable driver blocklist sync issue (26 okt) https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-vulnerable-driver-blocklist-sync-issue/London’s New Cyber Resilience Centre Set to Fight Cybercrime in the Capital (26 okt) https://www.infosecurity-magazine.com/news/new-cyber-resilience-centre-in/Notorious hacker Daniel Kaye arraigned for allegedly running dark web marketplace (26 okt) https://therecord.media/notorious-hacker-daniel-kaye-arraigned-for-allegedly-running-dark-web-marketplace/FACT SHEET: Biden-⁠Harris Administration Expands Public-Private Cybersecurity Partnership to Chemical Sector (26 okt) https://www.whitehouse.gov/briefing-room/statements-releases/2022/10/26/fact-sheet-biden-harris-administration-expands-public-private-cybersecurity-partnership-to-chemical-sector/Folkhälsomyndigheten hackades – falsk covidpatient lades till i smittodatabas (27 okt) https://www.dn.se/sverige/folkhalsomyndigheten-hackades-falsk-covidpatient-lades-till-i-smittodatabas/Polis sökte på släkting – frias för dataintrång (27 okt) https://www.expressen.se/nyheter/polis-sokte-pa-slakting-frias-for-dataintrang/Major German energy supplier hit by cyberattack (27 okt) https://therecord.media/major-german-energy-supplier-hit-by-cyberattack/Fodcha DDoS botnet reaches 1Tbps in power, injects ransoms in packets (27 okt) https://www.bleepingcomputer.com/news/security/fodcha-ddos-botnet-reaches-1tbps-in-power-injects-ransoms-in-packets/Efter cyberattacken – uppgifter om Naturvårdsverkets personal har läckt (28 okt) https://www.dn.se/sverige/efter-cyberattacken-uppgifter-om-naturvardsverkets-personal-har-lackt/

Informationssäkerhet och blandat

Forensic Value of Prefetch (20 okt) https://isc.sans.edu/forums/diary/Forensic%20Value%20of%20Prefetch/29168/Time is an illusion, Unix time doubly so… (23 okt) https://www.netmeister.org/blog/epoch.html“Dormant Colors”: Live Campaign With Over 1M Data Stealing Extensions Installed (23 okt) https://guardiosecurity.medium.com/dormant-colors-live-campaign-with-over-1m-data-stealing-extensions-installed-9a9a459b5849Scammers Most Likely to Impersonate DHL, Warns New Brand Phishing Report (24 okt) https://www.checkpoint.com/press-releases/scammers-most-likely-to-impersonate-dhl-warns-new-brand-phishing-report/Attacking Very Weak RC4-Like Ciphers the Hard Way (24 okt) https://research.checkpoint.com/2022/attacking-very-weak-rc4-like-ciphers-the-hard-way/Treasure trove. Alive and well point-of-sale malware (24 okt) https://blog.group-ib.com/majikpos_treasurehunter_malwareLinkedIn Email Attack: Welcome to your ProPHISHional Community (25 okt) https://www.armorblox.com/blog/linkedin-email-attack/Sysdig TRT uncovers massive cryptomining operation leveraging GitHub Actions (25 okt) https://sysdig.com/blog/massive-cryptomining-operation-github-actions/Ransomware down this year – but there’s a catch (26 okt) https://www.theregister.com/2022/10/26/sonicwall_ransomware_raas/ .. 2022 SonicWall Threat Mindset Survey https://www.sonicwall.com/resources/white-papers/2022-sonicwall-threat-mindset-survey/Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity (27 okt) https://www.microsoft.com/en-us/security/blog/2022/10/27/raspberry-robin-worm-part-of-larger-ecosystem-facilitating-pre-ransomware-activity/Threat Landscape Report - The 10 Years Edition https://cert.europa.eu/publications/tlr-10-years/

CERT-SE i veckan

Kommande säkerhetsuppdatering från OpenSSLKritisk sårbarhet i VMware Cloud FoundationSäkerhetsuppdateringar från AppleKritiska sårbarheter drabbar flera produkter från SynologyKritisk sårbarhet i F5 BIG-IP