Publicerad 2022-08-19 14:29 CERT-SE:s veckobrev v.33Ett brittiskt vattenföretag har utsatts för cyberattack, konferenserna DEFCON och Black Hat USA har varit förra veckan och CISA har publicerat fem säkerhetsråd gällande industriella styr- och kontrollsystem (ICS). Håll huvudet kallt i sommarvärmen och era enheter väl uppdaterade. Trevlig helg! Nyheter i veckanThis Anti-Tracking Tool Checks If You’re Being Followed (11 aug)https://www.wired.com/story/this-anti-tracking-tool-checks-if-youre-being-followed/Alert (AA22-223A) | #StopRansomware: Zeppelin Ransomware (11 aug)https://www.cisa.gov/uscert/ncas/alerts/aa22-223aA vulnerability was found in Electron which is what drives Discord, Spotify, and Microsoft Teams (12 aug)https://www.malwarebytes.com/blog/news/2022/08/a-vulnerability-was-found-in-electron-which-is-what-drives-discord-spotify-and-microsoft-teamsEvil PLC Attack: Using a Controller as Predator Rather than Prey (13 aug)https://claroty.com/team82/research/evil-plc-attack-using-a-controller-as-predator-rather-than-preyOver 9,000 VNC servers exposed online without a password (14 aug)https://www.bleepingcomputer.com/news/security/over-9-000-vnc-servers-exposed-online-without-a-password/..Sverige sticker ut i ny mätning – så många VNC-servrar saknar lösenord (15 aug)https://computersweden.idg.se/2.2683/1.769288/oskyddade-vnc-servrarNearly 1,900 Signal Messenger Accounts Potentially Compromised in Twilio Hack (15 aug)https://thehackernews.com/2022/08/nearly-1900-signal-messenger-accounts.htmlThis String of Emojis Is Actually Malware (15 aug)https://www.vice.com/en/article/wxnj49/this-string-of-emojis-is-actually-malwareAustralian hacker devises jailbreak to run Doom on John Deere combines (16 aug)https://www.techspot.com/news/95635-australian-hacker-devises-jailbreak-run-doom-john-deere.htmlStaffordshire water company confirms cyber attack (16 aug)https://www.irishnews.com/magazine/technology/2022/08/16/news/staffordshire_water_company_confirms_cyber_attack-2800666/..Water Company Says Supply Safe After Ransom Group Claims (16 aug)https://www.infosecurity-magazine.com/news/water-company-says-supply-safe/..Hackers attack UK water supplier but extort wrong company (16 aug)https://www.bleepingcomputer.com/news/security/hackers-attack-uk-water-supplier-but-extort-wrong-company/Brazilian police launch investigation targeting Lapsus$ group (16 aug)https://therecord.media/brazilian-police-launch-investigation-targeting-lapsus-group/RTLS systems vulnerable to MiTM attacks, location manipulation (16 aug)https://www.bleepingcomputer.com/news/security/rtls-systems-vulnerable-to-mitm-attacks-location-manipulation/Fortinet: Use of wipers expanding beyond Ukraine to 24 countries (17 aug)https://therecord.media/fortinet-use-of-wipers-expanding-beyond-ukraine-to-24-countries/Malicious PyPi packages turn Discord into password-stealing malware (17 aug)https://www.bleepingcomputer.com/news/security/malicious-pypi-packages-turn-discord-into-password-stealing-malware/Estonia subjected to 'extensive' cyberattacks after moving Soviet monuments (18 aug)https://news.err.ee/1608688201/estonia-subjected-to-extensive-cyberattacks-after-moving-soviet-monumentsCISA releases 5 Industrial Control Systems Advisories (18 aug)https://www.cisa.gov/uscert/ncas/current-activity/2022/08/18/cisa-releases-5-industrial-control-systems-advisoriesInformationssäkerhet och blandatRansomware Groups Refine Shakedown and Monetization Models (12 aug)https://www.bankinfosecurity.com/ransomware-groups-refine-shakedown-monetization-models-a-19790Microsoft disrupts Russian hackers' operation on NATO targets (15 aug)https://www.bleepingcomputer.com/news/security/microsoft-disrupts-russian-hackers-operation-on-nato-targets/When Efforts to Contain a Data Breach Backfire (16 aug)https://krebsonsecurity.com/2022/08/when-efforts-to-contain-a-data-breach-backfire/Microsoft Employees Exposed Own Company’s Internal Logins (16 aug)https://www.vice.com/en/article/m7gb43/microsoft-employees-exposed-login-credentials-azure-githubHealthcare Breaches Costliest for 12 Years Running, Hit New $10.1M Record High (17 aug)https://securityintelligence.com/posts/healthcare-data-breaches-costliest/iOS VPNs have leaked traffic for more than 2 years, researcher claims (17 aug)https://arstechnica.com/information-technology/2022/08/ios-vpns-still-leak-traffic-more-than-2-years-later-researcher-claims/Mozilla finds 18 of 25 popular reproductive health apps share your data (17 aug)https://www.theregister.com/2022/08/17/mozilla_pregnancy_app/Samhällets informations- och cybersäkerhet (18 aug)https://www.riksrevisionen.se/nu-granskas/pagaende-granskningar/samhallets-informations--och-cybersakerhet.htmlJanet Jackson music video declared a cybersecurity exploit (18 aug)https://www.theregister.com/2022/08/18/janet_jackson_video_crashes_laptops/Apple varnar för säkerhetsbrist hos Iphones och Ipads (19 aug)https://www.dn.se/ekonomi/apple-varnar-for-sakerhetsbrist-hos-iphones-och-ipads/CERT-SE

Source: Dagens Nyheter August 19, 2022 12:46 UTC