CERT-SE:s veckobrev v.50

Veckobrev

Experter fördömer tystnadskulturen, vi behöver lära oss av varandra. Passa på att lära av CERT-SE:s veckobrev som denna vecka innehåller både matnyttiga analyser flera artiklar om intrång och störningar.

Trevlig helg önskar CERT-SE

Nyheter i veckan

FPA:s och Kantas webbtjänster utsatta för attacker – kundernas uppgifter utom fara (9 dec)
https://abounderrattelser.fi/fpas-webbtjanster-och-kanta-utsatta-for-attacker-kundernas-uppgifter-inte-i-fara/

Update about an alleged incident impacting some accounts on Twitter (9 dec)
https://privacy.twitter.com/en/blog/2022/update-about-an-alleged-incident-impacting-some-accounts-on-twitter

Most of the 10 largest healthcare data breaches in 2022 are tied to vendors (12 dec)
https://www.scmagazine.com/feature/breach/most-of-the-10-largest-healthcare-data-breaches-in-2022-are-tied-to-vendors

Verktyg som Chat GPT kan revolutionera it-säkerheten – men blir den bättre eller sämre? (12 dec)
https://computersweden.idg.se/2.2683/1.774081/blir-chatgpl-en-gamechanger-i-cybersakerhetsvarlden

Cyberattack lamslår klinik i Sunne (12 dec)
https://www.tandlakartidningen.se/nyhet/cyberattack-lamslar-klinik-i-sunne/

Hive ransomware gang claims responsibility for attack on Intersport that left cash registers disabled (12 dec)
https://www.bitdefender.com/blog/hotforsecurity/hive-ransomware-gang-claims-responsibility-for-attack-on-intersport-that-left-cash-registers-disabled/

Uber suffers new data breach after attack on vendor, info leaked online (12 dec)
https://www.bleepingcomputer.com/news/security/uber-suffers-new-data-breach-after-attack-on-vendor-info-leaked-online/

PLAY ransomware group claims responsibility for Antwerp attack as second Belgian city confirms new incident (12 dec)
https://therecord.media/play-ransomware-group-claims-responsibility-for-antwerp-attack-as-second-belgian-city-confirms-new-incident/

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked (13 dec)
https://krebsonsecurity.com/2022/12/fbis-vetted-info-sharing-network-infragard-hacked/

Problem med kortbetalningar hos Ica (13 dec)
https://www.svt.se/nyheter/problem-med-kortbetalningar-hos-ica

Lockbit ransomware gang hacked California Department of Finance (13 dec)
https://securityaffairs.co/wordpress/139599/cyber-crime/lockbit-ransomware-california-department-of-finance.html .. Statement on Cybersecurity Incident (12 dec)
https://news.caloes.ca.gov/statement-on-cybersecurity-incident/

Irish Healthcare Ransomware Hack Cost Over 80 Million Euros (13 dec)
https://www.databreachtoday.co.uk/irish-healthcare-ransomware-hack-cost-over-80-million-euros-a-20699

Experter fördömer tystnadskulturen – bättre att jobba tillsammas med it-säkerheten (dec 13)
https://computersweden.idg.se/2.2683/1.774147/tyst-om-sakerhet

It-angrepp på Öland – kommundata kopierad (13 dec)
https://www.dn.se/sverige/it-angrepp-mot-olandska-kommuner/ .. Cyberattacken – så påverkas Borgholm: ”Säkra vår verksamhet” (13 dec)
https://www.olandsbladet.se/oland/cyberattacken-sa-paverkas-borgholm-sakra-var-verksamhet/ .. Cyberattacken: Prognos ändrad - återgång till normalläge dröjer (15 dec)
https://www.olandsbladet.se/oland/cyberattacken-prognos-andrad-atergang-till-normallage-drojer/

Dataintrång ökar i landet – Chefsjuristen: “Ofta är det nyfikenhet” (14 dec)
https://sverigesradio.se/artikel/dataintrang-okar-kraftigt-i-landet-ofta-ar-det-nyfikenhet

Royal Ransomware Puts Novel Spin on Encryption Tactics (14 dec)
https://www.darkreading.com/attacks-breaches/royal-ransomware-novel-spin-encryption-tactics

Met Opera’s Website and Box Office Are Back, 9 Days After Cyberattack (15 dec)
https://www.nytimes.com/2022/12/15/arts/music/met-opera-cyberattack.html

Global crackdown against DDoS services shuts down most popular platforms (15 dec)
https://www.europol.europa.eu/media-press/newsroom/news/global-crackdown-against-ddos-services-shuts-down-most-popular-platforms

Varnar för att insulinpumpar kan hackas (15 dec)
https://www.svt.se/nyheter/varnar-for-att-insulinpumpar-kan-hackas

3.5m IP cameras exposed, with US in the lead (15 dec)
https://cybernews.com/security/millions-ip-cameras-exposed/

Informationssäkerhet och blandat

Cybersecurity & Foreign Interference in the EU Information Ecosystem (8 dec)
https://www.enisa.europa.eu/news/cybersecurity-foreign-interference-in-the-eu-information-ecosystem

One Year Since Log4Shell: Lessons Learned for the next ‘code red’ (12 dec)
https://blog.fox-it.com/2022/12/12/one-year-since-log4shell-lessons-learned-for-the-next-code-red/

This evasive new cyberattack can bypass air-gapped systems to steal data from the most sensitive networks (12 dec)
https://www.zdnet.com/article/this-evasive-new-cyberattack-can-bypass-air-gapped-systems-to-steal-data-from-the-most-sensitive-networks/ .. COVID-bit: Keep a Distance of (at least) 2m From My Air-Gap Computer!
https://arxiv.org/pdf/2212.03520.pdf

HC3: Analyst Note BlackCat (AKA ALPHV) (12 dec)
https://www.hhs.gov/sites/default/files/blackcat-analyst-note.pdf

HC3: Analyst Note LockBit 3.0 Ransomware (12 dec)
https://www.hhs.gov/sites/default/files/lockbit-3-analyst-note.pdf

Artificial intelligence will shape future cyberattacks (13 dec)
https://www.kyberturvallisuuskeskus.fi/en/news/artificial-intelligence-will-shape-future-cyberattacks

Why and How to Use HTTP Security Headers? (13 dec)
https://infosecwriteups.com/why-and-how-to-use-http-security-headers-d2034306fb33

Signed driver malware moves up the software trust chain (13 dec)
https://news.sophos.com/en-us/2022/12/13/signed-driver-malware-moves-up-the-software-trust-chain/

Is the EU Healthcare Sector Cyber Healthy? The Conclusions of Cyber Europe 2022 (13 dec)
https://www.enisa.europa.eu/news/is-the-eu-healthcare-sector-cyber-healthy-the-conclusions-of-cyber-europe-2022

Announcing OSV-Scanner: Vulnerability Scanner for Open Source (13 dec)
https://security.googleblog.com/2022/12/announcing-osv-scanner-vulnerability.html

HTML smugglers turn to SVG images (13 dec)
https://blog.talosintelligence.com/html-smugglers-turn-to-svg-images/

Digital policy ranks low on Swedish EU presidency’s priority list (14 dec)
https://www.euractiv.com/section/digital/news/digital-policy-ranks-low-on-swedish-eu-presidencys-priority-list/

The 2022 SANS Holiday Hack Challenge
https://www.sans.org/mlp/holiday-hack-challenge/

CERT-SE i veckan

Kritiska sårbarheter i flera SAP-produkter

Kritiska sårbarheter i flera VMware-produkter

Microsofts månatliga säkerhetsuppdateringar för december 2022

Kritisk sårbarhet i Citrix ADC och Citrix Gateway

Kritisk sårbarhet i FortiOS