CERT-SE:s veckobrev v.48
Uppgifter om ransomwareangrepp utmärker veckans nyhetsflöde samtidigt som att summerande årsrapporter och fördjupningar börjar trilla in nu när vi går mot årets slut.
Kolla gärna in våra norska CERT-kollegors julkalender i form av 24 poddavsnitt och se även till att delta i SANS Holiday Hack.
Trevlig helg önskar CERT-SE!
Nyheter i veckan
New ransomware attacks in Ukraine linked to Russian Sandworm hackers (25 nov)
https://www.bleepingcomputer.com/news/security/new-ransomware-attacks-in-ukraine-linked-to-russian-sandworm-hackers/
Vice Society ransomware claims attack on Cincinnati State college (25 nov)
https://www.bleepingcomputer.com/news/security/vice-society-ransomware-claims-attack-on-cincinnati-state-college/
Ransomware gang targets Belgian municipality, hits police instead (26 nov)
https://www.bleepingcomputer.com/news/security/ransomware-gang-targets-belgian-municipality-hits-police-instead/
5.4 million Twitter users’ stolen data leaked online — more shared privately (27 nov)
https://www.bleepingcomputer.com/news/security/54-million-twitter-users-stolen-data-leaked-online-more-shared-privately/
Interpol beslagtar 1,35 miljarder i virtuella tillgångar (28 nov)
https://computersweden.idg.se/2.2683/1.773517/interpol-beslagtar-130-miljoner-dollar-i-virtuella-tillgangar
Så ska hackare stoppas från att ta över din bil (28 nov)
https://www.nyteknik.se/fordon/sa-ska-hackare-stoppas-fran-att-ta-over-din-bil-7041249
New cybersecurity measures are locking aftermarket tuners out of car systems (28 nov)
https://www.techspot.com/news/96780-new-cybersecurity-measures-locking-aftermarket-tuners-out-oem.html
EU stärker cybersäkerheten och resiliensen i hela unionen – antar ny lagstiftning (28 nov)
https://www.aktuellsakerhet.se/eu-starker-cybersakerheten-och-resiliensen-i-hela-unionen-antar-ny-lagstiftning/
Over a Dozen New BMC Firmware Flaws Expose OT and IoT Devices to Remote Attacks (28 nov)
https://thehackernews.com/2022/11/over-dozen-new-bmc-firmware-flaws.html
Researchers Detail AppSync Cross-Tenant Vulnerability in Amazon Web Services (28 nov)
https://thehackernews.com/2022/11/researchers-detail-appsync-cross-tenant.html
Virginia County Confirms Personal Information Stolen in Ransomware Attack (28 nov)
https://www.securityweek.com/virginia-county-confirms-personal-information-stolen-ransomware-attack
Malicious Android app found powering account creation service (28 nov)
https://www.bleepingcomputer.com/news/security/malicious-android-app-found-powering-account-creation-service/
Attacker Uses a Popular TikTok Challenge to Lure Users Into Installing Malicious Package (28 nov)
https://cybernews.com/news/tiktok-challenge-spreading-malware/
Black Basta Gang Deploys Qakbot Malware in Aggressive Cyber Campaign (28 nov)
https://www.darkreading.com/threat-intelligence/black-basta-gang-deploys-qakbot-malware-cyber-campaign
DOE tests blockchain technology to ensure grid security, resilience in first-of-its-kind demonstration (28 nov)
https://www.utilitydive.com/news/doe-tests-blockchain-technology-to-ensure-grid-security-resilience/637364/
Hackers Exploit RCE Vulnerability in Windows Internet Key Exchange (28 nov)
https://cyware.com/news/hackers-exploit-rce-vulnerability-in-windows-internet-key-exchange-ce908a01/
Emotet Strikes Again – LNK File Leads to Domain Wide Ransomware (28 nov)
https://thedfirreport.com/2022/11/28/emotet-strikes-again-lnk-file-leads-to-domain-wide-ransomware/
NATO’s flagship cyber defence exercise kicks off in Estonia (28 nov)
https://www.nato.int/cps/en/natohq/news_209405.htm?selectedLocale=en
Meta fined $275 million over data scraping practices that violated GDPR (28 nov)
https://therecord.media/meta-fined-275-million-over-data-scraping-practices-that-violated-gdpr/
Ikea bekräftar cyberattack med utpressningsvirus (29 nov)
https://www.dn.se/ekonomi/ikea-bekraftar-cyberattack-med-utpressningsvirus/
Trigona ransomware spotted in increasing attacks worldwide (29 nov)
https://www.bleepingcomputer.com/news/security/trigona-ransomware-spotted-in-increasing-attacks-worldwide/
Killnet Gloats About DDoS Attacks Downing Starlink, White House (29 nov)
https://www.darkreading.com/threat-intelligence/killnet-gloats-ddos-attacks-starlink-whitehouse-gov
Spanish police dismantle operation that made €12M via investment scams (29 nov)
https://www.bleepingcomputer.com/news/security/spanish-police-dismantle-operation-that-made-12m-via-investment-scams/
Cyberattackers Selling Access to Networks Compromised via Recent Fortinet Flaw (29 nov)
https://www.darkreading.com/threat-intelligence/tcyberattackers-selling-access-networks-compromised-fortinet-flaw
Pairing up Cybersecurity and Data Protection Efforts: EDPS and ENISA sign Memorandum of Understanding (30 nov)
https://www.enisa.europa.eu/news/pairing-up-cybersecurity-and-data-protection-efforts-edps-and-enisa-sign-memorandum-of-understanding
Researchers find bugs allowing access, remote control of cars (30 nov)
https://therecord.media/researchers-find-bugs-allowing-access-remote-control-of-cars/
UK introducing mandatory cyber incident reporting for managed service providers (30 nov)
https://therecord.media/uk-introducing-mandatory-cyber-incident-reporting-for-managed-service-providers/
French Electricity Provider Fined for Storing Users’ Passwords with Weak MD5 Algorithm (30 nov)
https://thehackernews.com/2022/11/french-electricity-provider-fined-for.html
Vatican website down in suspected hacker attack (30 nov)
https://www.reuters.com/technology/vatican-website-down-suspected-hacker-attack-2022-11-30/
Latest LockBit ransomware versions have wormable capabilities (30 nov)
https://www.computerweekly.com/news/252527830/Latest-LockBit-ransomware-versions-have-wormable-capabilities
Majority of US Defense Contractors Not Meeting Basic Cybersecurity Requirements (30 nov)
https://www.infosecurity-magazine.com/news/us-defense-contractors/
Öriket Vanuatu hårt drabbat av hackerattack (30 nov)
https://sverigesradio.se/artikel/oriket-vanuatu-hart-drabbat-av-hackerattack
GoTo, LastPass Confirm Hacker Attack On Shared Cloud-Storage Services (30 nov)
https://www.crn.com/news/security/goto-lastpass-confirm-hacker-attack-on-shared-cloud-storage-services
Self-Replicating Malware Used by Chinese Cyberspies Spreads via USB Drives (30 nov)
https://www.securityweek.com/self-replicating-malware-used-chinese-cyberspies-spreads-usb-drives
Cybersecurity researchers take down DDoS botnet by accident (30 nov)
https://www.bleepingcomputer.com/news/security/cybersecurity-researchers-take-down-ddos-botnet-by-accident/
Sandworm-hackare angriper Ukraina med ransomware (30 nov)
https://computersweden.idg.se/2.2683/1.773652/sandworm-hackare-angriper-ukraina-med-ransomware
Twitter Replacement Hive Shuts Down Servers to Fix Security Flaws (1 dec)
https://tech.co/news/hive-shuts-servers-security-flaw
WhatsApp Files on Dark Web Show Millions of Records For Sale (1 dec)
https://www.infosecurity-magazine.com/news/dark-web-show-millions-of-whatsapp/
Så jobbar Conti – cyberkriminella som hellre stjäl än låser upp data (1 dec)
https://computersweden.idg.se/2.2683/1.765664/sa-jobbar-conti–cyberkriminella-som-hellre-stjalan-laser-upp-data
Efter läckt EU-utkast – oro att amerikanska molntjänster kan utestängas (1 dec)
https://computersweden.idg.se/2.2683/1.773715/efter-lackt-eu-utkast–oro-att-amerikanska-molntjanster-kan-utestangas
Uppdaterad lägesinformation i samband med att Norrköpings kommun fått indikationer om en möjlig cybersäkerhetsincident (1 dec)
https://norrkoping.se/nyhetsarkiv/nyheter/2022-12-02-uppdaterad-lagesinformation-i-samband-med-norrkopings-kommuns-cybersakerhetsincident
Flera myndighetssidor ligger nere efter cyberattack (2 dec)
https://www.nyteknik.se/sakerhet/flera-myndighetssidor-ligger-nere-efter-cyberattack-7041586
Försvarsmaktens webbplats utsatt för överbelastningsattack (2 dec)
https://www.forsvarsmakten.se/sv/aktuellt/2022/12/forsvarsmaktens-webbplats-utsatt-for-overbelastningsattack/
A-kassor stängs tillfälligt ned efter misstänkt cyberattack (2 dec)
https://www.svt.se/nyheter/inrikes/a-kassor-stangs-tillfalligt-ned
Softronics kunder utslagna efter attack (2 dec)
https://computersweden.idg.se/2.2683/1.773802/softronics-kunder
Pressmeddelande från Softtronic (2 dec)
https://news.cision.com/se/softronic-ab/r/incident,c3676628
Informationssäkerhet och blandat
For Gaming Companies, Cybersecurity Has Become a Major Value Proposition (25 nov)
https://www.darkreading.com/threat-intelligence/cybersecurity-major-game-company-value-proposition
All You Need to Know About Emotet in 2022 (26 nov)
https://thehackernews.com/2022/11/all-you-need-to-know-about-emotet-in.html
SANS Holiday Hack Challenge 2022 (28 nov)
https://www.theregister.com/2022/11/28/want_to_boost_your_cyber/
What’s next in cybersecurity (28 nov)
https://www.technologyreview.com/2022/11/28/1063703/whats-next-in-cybersecurity/
Worms of Wisdom: How WannaCry Shapes Cybersecurity Today (28 nov)
https://securityintelligence.com/articles/how-wannacry-shapes-cybersecurity/
Cyberspaning: Fler globala attacker, statlig reglering och konsolidering under 2023 (29 nov)
https://www.aktuellsakerhet.se/cyberspaning-fler-globala-attacker-statlig-reglering-och-konsolidering-under-2023/
Cyber and Physical Threats Illuminate Need for Security Convergence in Energy Sector (29 nov)
https://www.hstoday.us/featured/cyber-and-physical-threats-illuminate-need-for-security-convergence-in-energy-sector/
CISA’s Strategic Plan Is Ushering in a New Cybersecurity Era (29 nov)
https://www.darkreading.com/vulnerabilities-threats/cisa-s-strategic-plan-is-ushering-in-a-new-cybersecurity-era
Julegradert – en julekalender fra NSM (30 nov)
https://nsm.no/aktuelt/julegradert-en-julekalender-fra-nsm
How to find hidden data breaches and uncover threats in your supply chain (30 nov)
https://www.helpnetsecurity.com/2022/11/30/how-to-find-hidden-data-breaches-and-uncover-threats-in-your-supply-chain/
How businesses can prevent becoming the next ransomware victim (30 nov)
https://www.securitymagazine.com/articles/98668-how-businesses-can-prevent-becoming-the-next-ransomware-victim
IoT Connected Devices to Become More Resilient Against Cybercrime
https://securityboulevard.com/2022/11/iot-connected-devices-to-become-more-resilient-against-cybercrime/
Begränsa attackytan mot er organisation (30 nov)
https://kryptera.se/begransa-attackytan-mot-er-organisation/
A year later, Log4Shell still lingers (1 dec)
https://www.helpnetsecurity.com/2022/12/01/log4shell-2022/
Mobile Cybersecurity Shared Services
https://www.cisa.gov/mobile-cybersecurity-shared-services
IMY: Digital integritet 2022
https://www.imy.se/publikationer/digital-integritet-2022/
KTH: Kraftsamling för ett cybercampus
https://intra.kth.se/eecs/aktuellt-pa-eecs/nyheter/kraftsamling-for-ett-cybercampus-1.1210047
CERT-SE i veckan
Cybersäkerhetsincidenter drabbar svenska verksamheter - se över era it-miljöer