Publicerad 2022-11-04 10:29 CERT-SE:s veckobrev v.44Denna vecka har i hög grad präglats av bevakningen av sårbarheter i OpenSSL. Sårbarheterna bedömdes slutligen som allvarliga och CERT-SE rekommenderar att uppdatera sårbara system så snart som möjligt samt att se över vilka programvaror som den egna organisationen använder som kan vara påverkade. Trevlig helg önskar CERT-SE! Nyheter i veckanJoint CISA FBI MS-ISAC Guide on Responding to DDoS Attacks and DDoS Guidance for Federal Agencies (28 okt)https://www.cisa.gov/uscert/ncas/current-activity/2022/10/28/joint-cisa-fbi-ms-isac-guide-responding-ddos-attacks-and-ddosNational Cyber Threat Assessment 2023-2024 (28 okt)https://www.cyber.gc.ca/en/guidance/national-cyber-threat-assessment-2023-2024Cyberattack mot Europas största kopparproducent (28 okt)https://computersweden.idg.se/2.2683/1.772191/cyberattack-mot-europas-storsta-kopparproducent...https://www.aurubis.com/en/media/press-releases/press-releases-2022/update-on-cyber-attack-at-aurubisSolceller kan vara säkerhetsrisk – hacker tog över en miljon anläggningar (29 okt)https://sverigesradio.se/artikel/solceller-kan-vara-sakerhetsrisk-hacker-tog-over-en-miljon-anlaggningar...Solceller kan bli måltavla för främmande makt: "Måste ha ett säkert elsystem" (1 nov)https://sverigesradio.se/artikel/solceller-kan-bli-maltavla-for-frammande-makt-maste-ha-ett-sakert-elsystemESF Partners, NSA, and CISA Release Software Supply Chain Guidance for Suppliers (31 okt)https://www.nsa.gov/Press-Room/News-Highlights/Article/Article/3204427/esf-partners-nsa-and-cisa-release-software-supply-chain-guidance-for-suppliers/Banking Trojan Techniques: How Financially Motivated Malware Became Infrastructure (31 okt)https://unit42.paloaltonetworks.com/banking-trojan-techniques/Ransomware hackers hit Australian defence communications platform (31 okt)https://www.reuters.com/technology/ransomware-hackers-hit-australian-defence-communications-platform-2022-10-31/Analysis: In Australia, a hacking frenzy spurred by an undersized cybersecurity workforce (31 okt)https://www.reuters.com/technology/australia-hacking-frenzy-spurred-by-an-undersized-cybersecurity-workforce-2022-10-31/Liz Truss phone hack claim prompts calls for investigation (31 okt)https://www.bbc.com/news/uk-politics-63442813Hackers selling access to 576 corporate networks for $4 million (31 okt)https://www.bleepingcomputer.com/news/security/hackers-selling-access-to-576-corporate-networks-for-4-million/...https://ke-la.com/wp-content/uploads/2022/10/KELA-RESEARCH_Ransomware-Victims-and-Network-Access-Sales-in-Q3-2022.pdfExtortion fears after hacker stole patient files from Dutch mental health clinics (31 okt)https://www.bitdefender.com/blog/hotforsecurity/extortion-fears-after-hacker-stole-patient-files-from-dutch-mental-health-clinics/Last Years Open Source - Tomorrow's Vulnerabilities (1 nov)https://thehackernews.com/2022/11/last-years-open-source-tomorrows.htmlScanning the internet for fun and profit (1 nov)https://www.ncsc.gov.uk/blog-post/scanning-the-internet-for-fun-and-profitPhylum Discovers Dozens More PyPI Packages Attempting to Deliver W4SP Stealer in Ongoing Supply-Chain Attack (1 nov)https://blog.phylum.io/phylum-discovers-dozens-more-pypi-packages-attempting-to-deliver-w4sp-stealer-in-ongoing-supply-chain-attackEcuador’s military denies ransomware attack after website goes offline (1 nov)https://therecord.media/ecuadors-military-denies-ransomware-attack-after-website-goes-offline/Osaka hospital suspends services after ransomware cyberattack (1 nov)https://www3.nhk.or.jp/nhkworld/en/news/20221101_07/Emotet botnet starts blasting malware again after 5 month break (2 nov)https://www.bleepingcomputer.com/news/security/emotet-botnet-starts-blasting-malware-again-after-5-month-break/Hackers Stole Source Code, Personal Data From Dropbox Following Phishing Attack (2 nov)https://www.securityweek.com/hackers-stole-source-code-personal-data-dropbox-following-phishing-attackVodafone Italy discloses data breach after reseller hacked (2 nov)https://www.bleepingcomputer.com/news/security/vodafone-italy-discloses-data-breach-after-reseller-hacked/Toppmötet avslutat – 37 länder lovar hårdare tag mot ransomware (2 nov)https://computersweden.idg.se/2.2683/1.772358/toppmotet-avslutat--37-lander-utlovar-hardare-tag-mot-ransomwareFortinet fixed 16 vulnerabilities, 6 rated as high severity (3 nov)https://securityaffairs.co/wordpress/138021/security/fortinet-nov-2022-flaws.htmlRapport: OPERA1ER - Playing god without permission (3 nov)https://www.group-ib.com/resources/threat-research/opera1er.htmlResearchers discover security loophole allowing attackers to use Wi-Fi to see through walls (3 nov)https://techxplore.com/news/2022-11-loophole-wi-fi-walls.html...https://dl.acm.org/doi/abs/10.1145/3495243.3560530After a series of cyberattacks, states look to secure election results websites (3 nov)https://www.nbcnews.com/tech/security/states-look-secure-election-results-websites-ahead-midterms-


Source:   Dagens Nyheter
November 04, 2022 09:40 UTC