CERT-SE:s veckobrev v.48

Veckobrev

Uppgifter om ransomwareangrepp utmärker veckans nyhetsflöde samtidigt som att summerande årsrapporter och fördjupningar börjar trilla in nu när vi går mot årets slut.

Kolla gärna in våra norska CERT-kollegors julkalender i form av 24 poddavsnitt och se även till att delta i SANS Holiday Hack.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

New ransomware attacks in Ukraine linked to Russian Sandworm hackers (25 nov)
https://www.bleepingcomputer.com/news/security/new-ransomware-attacks-in-ukraine-linked-to-russian-sandworm-hackers/

Vice Society ransomware claims attack on Cincinnati State college (25 nov)
https://www.bleepingcomputer.com/news/security/vice-society-ransomware-claims-attack-on-cincinnati-state-college/

Ransomware gang targets Belgian municipality, hits police instead (26 nov)
https://www.bleepingcomputer.com/news/security/ransomware-gang-targets-belgian-municipality-hits-police-instead/

5.4 million Twitter users’ stolen data leaked online — more shared privately (27 nov)
https://www.bleepingcomputer.com/news/security/54-million-twitter-users-stolen-data-leaked-online-more-shared-privately/

Interpol beslagtar 1,35 miljarder i virtuella tillgångar (28 nov)
https://computersweden.idg.se/2.2683/1.773517/interpol-beslagtar-130-miljoner-dollar-i-virtuella-tillgangar

Så ska hackare stoppas från att ta över din bil (28 nov)
https://www.nyteknik.se/fordon/sa-ska-hackare-stoppas-fran-att-ta-over-din-bil-7041249

New cybersecurity measures are locking aftermarket tuners out of car systems (28 nov)
https://www.techspot.com/news/96780-new-cybersecurity-measures-locking-aftermarket-tuners-out-oem.html

EU stärker cybersäkerheten och resiliensen i hela unionen – antar ny lagstiftning (28 nov)
https://www.aktuellsakerhet.se/eu-starker-cybersakerheten-och-resiliensen-i-hela-unionen-antar-ny-lagstiftning/

Over a Dozen New BMC Firmware Flaws Expose OT and IoT Devices to Remote Attacks (28 nov)
https://thehackernews.com/2022/11/over-dozen-new-bmc-firmware-flaws.html

Researchers Detail AppSync Cross-Tenant Vulnerability in Amazon Web Services (28 nov)
https://thehackernews.com/2022/11/researchers-detail-appsync-cross-tenant.html

Virginia County Confirms Personal Information Stolen in Ransomware Attack (28 nov)
https://www.securityweek.com/virginia-county-confirms-personal-information-stolen-ransomware-attack

Malicious Android app found powering account creation service (28 nov)
https://www.bleepingcomputer.com/news/security/malicious-android-app-found-powering-account-creation-service/

Attacker Uses a Popular TikTok Challenge to Lure Users Into Installing Malicious Package (28 nov)
https://cybernews.com/news/tiktok-challenge-spreading-malware/

Black Basta Gang Deploys Qakbot Malware in Aggressive Cyber Campaign (28 nov)
https://www.darkreading.com/threat-intelligence/black-basta-gang-deploys-qakbot-malware-cyber-campaign

DOE tests blockchain technology to ensure grid security, resilience in first-of-its-kind demonstration (28 nov)
https://www.utilitydive.com/news/doe-tests-blockchain-technology-to-ensure-grid-security-resilience/637364/

Hackers Exploit RCE Vulnerability in Windows Internet Key Exchange (28 nov)
https://cyware.com/news/hackers-exploit-rce-vulnerability-in-windows-internet-key-exchange-ce908a01/

Emotet Strikes Again – LNK File Leads to Domain Wide Ransomware (28 nov)
https://thedfirreport.com/2022/11/28/emotet-strikes-again-lnk-file-leads-to-domain-wide-ransomware/

NATO’s flagship cyber defence exercise kicks off in Estonia (28 nov)
https://www.nato.int/cps/en/natohq/news_209405.htm?selectedLocale=en

Meta fined $275 million over data scraping practices that violated GDPR (28 nov)
https://therecord.media/meta-fined-275-million-over-data-scraping-practices-that-violated-gdpr/

Ikea bekräftar cyberattack med utpressningsvirus (29 nov)
https://www.dn.se/ekonomi/ikea-bekraftar-cyberattack-med-utpressningsvirus/

Trigona ransomware spotted in increasing attacks worldwide (29 nov)
https://www.bleepingcomputer.com/news/security/trigona-ransomware-spotted-in-increasing-attacks-worldwide/

Killnet Gloats About DDoS Attacks Downing Starlink, White House (29 nov)
https://www.darkreading.com/threat-intelligence/killnet-gloats-ddos-attacks-starlink-whitehouse-gov

Spanish police dismantle operation that made €12M via investment scams (29 nov)
https://www.bleepingcomputer.com/news/security/spanish-police-dismantle-operation-that-made-12m-via-investment-scams/

Cyberattackers Selling Access to Networks Compromised via Recent Fortinet Flaw (29 nov)
https://www.darkreading.com/threat-intelligence/tcyberattackers-selling-access-networks-compromised-fortinet-flaw

Pairing up Cybersecurity and Data Protection Efforts: EDPS and ENISA sign Memorandum of Understanding (30 nov)
https://www.enisa.europa.eu/news/pairing-up-cybersecurity-and-data-protection-efforts-edps-and-enisa-sign-memorandum-of-understanding

Researchers find bugs allowing access, remote control of cars (30 nov)
https://therecord.media/researchers-find-bugs-allowing-access-remote-control-of-cars/

UK introducing mandatory cyber incident reporting for managed service providers (30 nov)
https://therecord.media/uk-introducing-mandatory-cyber-incident-reporting-for-managed-service-providers/

French Electricity Provider Fined for Storing Users’ Passwords with Weak MD5 Algorithm (30 nov)
https://thehackernews.com/2022/11/french-electricity-provider-fined-for.html

Vatican website down in suspected hacker attack (30 nov)
https://www.reuters.com/technology/vatican-website-down-suspected-hacker-attack-2022-11-30/

Latest LockBit ransomware versions have wormable capabilities (30 nov)
https://www.computerweekly.com/news/252527830/Latest-LockBit-ransomware-versions-have-wormable-capabilities

Majority of US Defense Contractors Not Meeting Basic Cybersecurity Requirements (30 nov)
https://www.infosecurity-magazine.com/news/us-defense-contractors/

Öriket Vanuatu hårt drabbat av hackerattack (30 nov)
https://sverigesradio.se/artikel/oriket-vanuatu-hart-drabbat-av-hackerattack

GoTo, LastPass Confirm Hacker Attack On Shared Cloud-Storage Services (30 nov)
https://www.crn.com/news/security/goto-lastpass-confirm-hacker-attack-on-shared-cloud-storage-services

Self-Replicating Malware Used by Chinese Cyberspies Spreads via USB Drives (30 nov)
https://www.securityweek.com/self-replicating-malware-used-chinese-cyberspies-spreads-usb-drives

Cybersecurity researchers take down DDoS botnet by accident (30 nov)
https://www.bleepingcomputer.com/news/security/cybersecurity-researchers-take-down-ddos-botnet-by-accident/

Sandworm-hackare angriper Ukraina med ransomware (30 nov)
https://computersweden.idg.se/2.2683/1.773652/sandworm-hackare-angriper-ukraina-med-ransomware

Twitter Replacement Hive Shuts Down Servers to Fix Security Flaws (1 dec)
https://tech.co/news/hive-shuts-servers-security-flaw

WhatsApp Files on Dark Web Show Millions of Records For Sale (1 dec)
https://www.infosecurity-magazine.com/news/dark-web-show-millions-of-whatsapp/

Så jobbar Conti – cyberkriminella som hellre stjäl än låser upp data (1 dec)
https://computersweden.idg.se/2.2683/1.765664/sa-jobbar-conti–cyberkriminella-som-hellre-stjalan-laser-upp-data

Efter läckt EU-utkast – oro att amerikanska molntjänster kan utestängas (1 dec)
https://computersweden.idg.se/2.2683/1.773715/efter-lackt-eu-utkast–oro-att-amerikanska-molntjanster-kan-utestangas

Uppdaterad lägesinformation i samband med att Norrköpings kommun fått indikationer om en möjlig cybersäkerhetsincident (1 dec)
https://norrkoping.se/nyhetsarkiv/nyheter/2022-12-02-uppdaterad-lagesinformation-i-samband-med-norrkopings-kommuns-cybersakerhetsincident

Flera myndighetssidor ligger nere efter cyberattack (2 dec)
https://www.nyteknik.se/sakerhet/flera-myndighetssidor-ligger-nere-efter-cyberattack-7041586

Försvarsmaktens webbplats utsatt för överbelastningsattack (2 dec)
https://www.forsvarsmakten.se/sv/aktuellt/2022/12/forsvarsmaktens-webbplats-utsatt-for-overbelastningsattack/

A-kassor stängs tillfälligt ned efter misstänkt cyberattack (2 dec)
https://www.svt.se/nyheter/inrikes/a-kassor-stangs-tillfalligt-ned

Softronics kunder utslagna efter attack (2 dec)
https://computersweden.idg.se/2.2683/1.773802/softronics-kunder

Pressmeddelande från Softtronic (2 dec)
https://news.cision.com/se/softronic-ab/r/incident,c3676628

Informationssäkerhet och blandat

For Gaming Companies, Cybersecurity Has Become a Major Value Proposition (25 nov)
https://www.darkreading.com/threat-intelligence/cybersecurity-major-game-company-value-proposition

All You Need to Know About Emotet in 2022 (26 nov)
https://thehackernews.com/2022/11/all-you-need-to-know-about-emotet-in.html

SANS Holiday Hack Challenge 2022 (28 nov)
https://www.theregister.com/2022/11/28/want_to_boost_your_cyber/

What’s next in cybersecurity (28 nov)
https://www.technologyreview.com/2022/11/28/1063703/whats-next-in-cybersecurity/

Worms of Wisdom: How WannaCry Shapes Cybersecurity Today (28 nov)
https://securityintelligence.com/articles/how-wannacry-shapes-cybersecurity/

Cyberspaning: Fler globala attacker, statlig reglering och konsolidering under 2023 (29 nov)
https://www.aktuellsakerhet.se/cyberspaning-fler-globala-attacker-statlig-reglering-och-konsolidering-under-2023/

Cyber and Physical Threats Illuminate Need for Security Convergence in Energy Sector (29 nov)
https://www.hstoday.us/featured/cyber-and-physical-threats-illuminate-need-for-security-convergence-in-energy-sector/

CISA’s Strategic Plan Is Ushering in a New Cybersecurity Era (29 nov)
https://www.darkreading.com/vulnerabilities-threats/cisa-s-strategic-plan-is-ushering-in-a-new-cybersecurity-era

Julegradert – en julekalender fra NSM (30 nov)
https://nsm.no/aktuelt/julegradert-en-julekalender-fra-nsm

How to find hidden data breaches and uncover threats in your supply chain (30 nov)
https://www.helpnetsecurity.com/2022/11/30/how-to-find-hidden-data-breaches-and-uncover-threats-in-your-supply-chain/

How businesses can prevent becoming the next ransomware victim (30 nov)
https://www.securitymagazine.com/articles/98668-how-businesses-can-prevent-becoming-the-next-ransomware-victim

IoT Connected Devices to Become More Resilient Against Cybercrime
https://securityboulevard.com/2022/11/iot-connected-devices-to-become-more-resilient-against-cybercrime/

Begränsa attackytan mot er organisation (30 nov)
https://kryptera.se/begransa-attackytan-mot-er-organisation/

A year later, Log4Shell still lingers (1 dec)
https://www.helpnetsecurity.com/2022/12/01/log4shell-2022/

Mobile Cybersecurity Shared Services
https://www.cisa.gov/mobile-cybersecurity-shared-services

IMY: Digital integritet 2022
https://www.imy.se/publikationer/digital-integritet-2022/

KTH: Kraftsamling för ett cybercampus
https://intra.kth.se/eecs/aktuellt-pa-eecs/nyheter/kraftsamling-for-ett-cybercampus-1.1210047

CERT-SE i veckan

Cybersäkerhetsincidenter drabbar svenska verksamheter - se över era it-miljöer