CERT-SE:s veckobrev v.47

Veckobrev

Ett veckobrev i svart nu när det är högtid för onlinebedrägerier. Förutom CERT-SE:s egna nyhet om spoofing, vill vi en fredag som denna tipsa om flera bra sajter att kolla på innan du shoppar loss online:Säkerhetskollen med systersajten Tänk säkert!

Ha en trevlig förstaadventshelg!

Nyheter i veckan

NSA rekommenderar minnes-säkra programspråk (15 nov)
https://kryptera.se/nsa-rekommenderar-minnes-sakra-programsprak/

New attacks use Windows security bypass zero-day to drop malware (19 nov)
https://www.bleepingcomputer.com/news/security/new-attacks-use-windows-security-bypass-zero-day-to-drop-malware/

AirAsia victim of ransomware attack, passenger and employee data acquired (19 nov)
https://www.databreaches.net/airasia-victim-of-ransomware-attack-passenger-and-employee-data-acquired/

Google releases 165 YARA rules to detect Cobalt Strike attacks (21 nov)
https://www.bleepingcomputer.com/news/security/google-releases-165-yara-rules-to-detect-cobalt-strike-attacks/

Montreal-area city hit by ransomware: Report (21 nov)
https://www.itbusiness.ca/news/montreal-area-city-hit-by-ransomware-report/123408

Threat Assessment: Luna Moth Callback Phishing Campaign (21 nov)
https://unit42.paloaltonetworks.com/luna-moth-callback-phishing/

Log4Shell campaigns are using Nashorn to get reverse shell on victim’s machines (21 nov)
https://isc.sans.edu/diary/rss/29266

Emotet is back and delivers payloads like IcedID and Bumblebee (22 nov)
https://securityaffairs.co/wordpress/138824/cyber-crime/emotet-is-back-nov-2022.html

Teknikstrul för SVT: ”Större problem” (22 nov)
https://www.expressen.se/noje/teknikstrul-for-svt-storre-problem/

Varning för bluff-sms om tullavgifter – så undviker du att bli lurad (23 nov)
https://internetstiftelsen.se/om-oss/press/pressmeddelanden/varning-for-bluff-sms-om-tullavgifter-sa-undviker-du-att-bli-lurad/

Dutch national cyber security strategy aims to protect digital society (23 nov)
https://www.computerweekly.com/news/252527557/Dutch-national-cyber-security-strategy-aims-to-protect-digital-society

EU Parliament’s website targeted by cyber attack (23 nov)
https://www.rte.ie/news/2022/1123/1337718-european-parliament-russia/ .. Uppgifter om rysk hackerattack efter EU:s terrorstämpel (23 nov)
https://www.svt.se/nyheter/utrikes/uppgifter-om-rysk-hackerattack-efter-eu-s-terrorstampel .. Resolution: Recognising the Russian Federation as a state sponsor of terrorism (23 nov)
https://www.europarl.europa.eu/doceo/document/TA-9-2022-0405_EN.html

Scammers, bots dominate threat landscape ahead of Black Friday and Cyber Monday (24 nov)
https://therecord.media/scammers-bots-dominate-threat-landscape-ahead-of-black-friday-and-cyber-monday/

Google says Google and other Android manufacturers haven’t patched security flaws (24 nov)
https://www.engadget.com/google-arm-android-phones-security-flaw-mali-gpu-samsung-oppo-xiaomi-183029261.html

Discover more:AIIMS, Cyber Attack, Cybersecurity, Data Breach, ransomware AIIMS under major ransomware attack; hospital services running on manual mode (24 nov)
https://www.medianama.com/2022/11/223-aiims-ransomware-attack/ .. India’s AIIMS hit by outages after cyber attack (25 nov)
https://ustoday.news/indias-aiims-hit-by-outages-after-cyber-attack/

U.K. Police Arrest 142 in Global Crackdown on ‘iSpoof’ Phone Spoofing Service (25 nov)
https://thehackernews.com/2022/11/uk-police-arrest-142-in-global.html

Produktionsstopp i Ronneby efter befarad hackerattack (25 nov)
https://www.svt.se/nyheter/lokalt/blekinge/produktionsstopp-efter-befarad-hackerattack

Rapporter

Sophos 2023 Threat Report - Defending against the new malware “as-a-service” global economy
https://www.sophos.com/en-us/content/security-threat-report

Global Cyber Risk at Elevated Level (17 nov)
https://www.trendmicro.com/en_ca/research/22/k/cyber-risk-index-1h-22-snapshot.html

RansomExx Upgrades to Rust (22 nov)
https://securityintelligence.com/posts/ransomexx-upgrades-rust/

Vulnerable SDK components lead to supply chain risks in IoT and OT environments (22 nov)
https://www.microsoft.com/en-us/security/blog/2022/11/22/vulnerable-sdk-components-lead-to-supply-chain-risks-in-iot-and-ot-environments/

Informationssäkerhet och blandat

Researchers Quietly Cracked Zeppelin Ransomware Keys (17 nov)
https://krebsonsecurity.com/2022/11/researchers-quietly-cracked-zeppelin-ransomware-keys/

Cyber as important as missile defences - ex-NATO general (21 nov)
https://www.reuters.com/world/cyber-important-missile-defences-ex-nato-general-2022-11-21/

US, Estonian authorities arrest two over $575 million cryptocurrency fraud (21 nov)
https://therecord.media/us-estonian-authorities-arrest-two-over-575-million-cryptocurrency-fraud/

World Cup phishing emails spike in Middle Eastern countries (21 nov)
https://www.theregister.com/2022/11/21/world_cup_phishing_emails/

CISA Updates the Infrastructure Resilience Planning Framework (22 nov)
https://www.cisa.gov/news/2022/11/22/cisa-updates-infrastructure-resilience-planning-framework

90% of organizations have Microsoft 365 security gaps (22 nov)
https://www.helpnetsecurity.com/2022/11/22/microsoft-365-security-protections/

Cyberhoten ser annorlunda ut mot offentlig sektor – experter förklarar varför (22 nov)
https://www.aktuellsakerhet.se/cyberhoten-ser-annorlunda-ut-mot-offentlig-sektor-experter-forklarar-varfor/

DraftKings gamblers lose $300,000 to credential stuffing attack (22 nov)
https://www.theregister.com/2022/11/22/draftkings_credential_stuffing_attack/

DUCKTAIL returns: Underneath the ruffled feathers (22 nov)
https://labs.withsecure.com/publications/ducktail-returns

U.S. FBI joins Continental cyberattack investigation (23 nov)
https://www.reuters.com/technology/us-fbi-joins-continental-cyberattack-investigation-handelsblatt-2022-11-23/

Medical Software Firm exposes vulnerable children’s sensitive data (23 nov)
https://www.hackread.com/medical-software-expose-child-data/

Stora brister i IT-säkerheten hos nya bilar (23 nov)
https://www.aktuellsakerhet.se/stora-brister-i-it-sakerheten-hos-nya-bilar/

Cybersecurity Investments in the EU: Is the Money Enough to Meet the New Cybersecurity Standards? (23 nov)
https://www.enisa.europa.eu/news/cybersecurity-investments-in-the-eu-is-the-money-enough-to-meet-the-new-cybersecurity-standards

Japan considers creating new cyber defence agency as attacks ramp up in region (24 nov)
https://www.itpro.com/security/cyber-attacks/369593/japan-considers-creating-new-cyber-defence-agency-as-attacks-ramp-up

Phone numbers of nearly 500 million WhatsApp users around the globe up for sale (24 nov)
https://www.neowin.net/news/phone-numbers-of-nearly-500-million-whatsapp-users-around-the-globe-is-up-for-sale/

Action against criminal website that offered ‘spoofing’ services to fraudsters: 142 arrests (24 nov)
https://www.europol.europa.eu/media-press/newsroom/news/action-against-criminal-website-offered-%E2%80%98spoofing%E2%80%99-services-to-fraudsters-142-arrests

UK bans Chinese CCTV cameras on ‘sensitive’ government sites (25 nov)
https://www.theregister.com/2022/11/25/uk_government_china_cctv_ban_/

CERT-SE i veckan

Spoofad e-postdress användes i nätfiskekampanj