CERT-SE:s veckobrev v.50
Experter fördömer tystnadskulturen, vi behöver lära oss av varandra. Passa på att lära av CERT-SE:s veckobrev som denna vecka innehåller både matnyttiga analyser flera artiklar om intrång och störningar.
Trevlig helg önskar CERT-SE
Nyheter i veckan
FPA:s och Kantas webbtjänster utsatta för attacker – kundernas uppgifter utom fara (9 dec)
https://abounderrattelser.fi/fpas-webbtjanster-och-kanta-utsatta-for-attacker-kundernas-uppgifter-inte-i-fara/
Update about an alleged incident impacting some accounts on Twitter (9 dec)
https://privacy.twitter.com/en/blog/2022/update-about-an-alleged-incident-impacting-some-accounts-on-twitter
Most of the 10 largest healthcare data breaches in 2022 are tied to vendors (12 dec)
https://www.scmagazine.com/feature/breach/most-of-the-10-largest-healthcare-data-breaches-in-2022-are-tied-to-vendors
Verktyg som Chat GPT kan revolutionera it-säkerheten – men blir den bättre eller sämre? (12 dec)
https://computersweden.idg.se/2.2683/1.774081/blir-chatgpl-en-gamechanger-i-cybersakerhetsvarlden
Cyberattack lamslår klinik i Sunne (12 dec)
https://www.tandlakartidningen.se/nyhet/cyberattack-lamslar-klinik-i-sunne/
Hive ransomware gang claims responsibility for attack on Intersport that left cash registers disabled (12 dec)
https://www.bitdefender.com/blog/hotforsecurity/hive-ransomware-gang-claims-responsibility-for-attack-on-intersport-that-left-cash-registers-disabled/
Uber suffers new data breach after attack on vendor, info leaked online (12 dec)
https://www.bleepingcomputer.com/news/security/uber-suffers-new-data-breach-after-attack-on-vendor-info-leaked-online/
PLAY ransomware group claims responsibility for Antwerp attack as second Belgian city confirms new incident (12 dec)
https://therecord.media/play-ransomware-group-claims-responsibility-for-antwerp-attack-as-second-belgian-city-confirms-new-incident/
FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked (13 dec)
https://krebsonsecurity.com/2022/12/fbis-vetted-info-sharing-network-infragard-hacked/
Problem med kortbetalningar hos Ica (13 dec)
https://www.svt.se/nyheter/problem-med-kortbetalningar-hos-ica
Lockbit ransomware gang hacked California Department of Finance (13 dec)
https://securityaffairs.co/wordpress/139599/cyber-crime/lockbit-ransomware-california-department-of-finance.html
..
Statement on Cybersecurity Incident (12 dec)
https://news.caloes.ca.gov/statement-on-cybersecurity-incident/
Irish Healthcare Ransomware Hack Cost Over 80 Million Euros (13 dec)
https://www.databreachtoday.co.uk/irish-healthcare-ransomware-hack-cost-over-80-million-euros-a-20699
Experter fördömer tystnadskulturen – bättre att jobba tillsammas med it-säkerheten (dec 13)
https://computersweden.idg.se/2.2683/1.774147/tyst-om-sakerhet
It-angrepp på Öland – kommundata kopierad (13 dec)
https://www.dn.se/sverige/it-angrepp-mot-olandska-kommuner/
..
Cyberattacken – så påverkas Borgholm: ”Säkra vår verksamhet” (13 dec)
https://www.olandsbladet.se/oland/cyberattacken-sa-paverkas-borgholm-sakra-var-verksamhet/
..
Cyberattacken: Prognos ändrad - återgång till normalläge dröjer (15 dec)
https://www.olandsbladet.se/oland/cyberattacken-prognos-andrad-atergang-till-normallage-drojer/
Dataintrång ökar i landet – Chefsjuristen: “Ofta är det nyfikenhet” (14 dec)
https://sverigesradio.se/artikel/dataintrang-okar-kraftigt-i-landet-ofta-ar-det-nyfikenhet
Royal Ransomware Puts Novel Spin on Encryption Tactics (14 dec)
https://www.darkreading.com/attacks-breaches/royal-ransomware-novel-spin-encryption-tactics
Met Opera’s Website and Box Office Are Back, 9 Days After Cyberattack (15 dec)
https://www.nytimes.com/2022/12/15/arts/music/met-opera-cyberattack.html
Global crackdown against DDoS services shuts down most popular platforms (15 dec)
https://www.europol.europa.eu/media-press/newsroom/news/global-crackdown-against-ddos-services-shuts-down-most-popular-platforms
Varnar för att insulinpumpar kan hackas (15 dec)
https://www.svt.se/nyheter/varnar-for-att-insulinpumpar-kan-hackas
3.5m IP cameras exposed, with US in the lead (15 dec)
https://cybernews.com/security/millions-ip-cameras-exposed/
Informationssäkerhet och blandat
Cybersecurity & Foreign Interference in the EU Information Ecosystem (8 dec)
https://www.enisa.europa.eu/news/cybersecurity-foreign-interference-in-the-eu-information-ecosystem
One Year Since Log4Shell: Lessons Learned for the next ‘code red’ (12 dec)
https://blog.fox-it.com/2022/12/12/one-year-since-log4shell-lessons-learned-for-the-next-code-red/
This evasive new cyberattack can bypass air-gapped systems to steal data from the most sensitive networks (12 dec)
https://www.zdnet.com/article/this-evasive-new-cyberattack-can-bypass-air-gapped-systems-to-steal-data-from-the-most-sensitive-networks/
..
COVID-bit: Keep a Distance of (at least) 2m From My Air-Gap Computer!
https://arxiv.org/pdf/2212.03520.pdf
HC3: Analyst Note BlackCat (AKA ALPHV) (12 dec)
https://www.hhs.gov/sites/default/files/blackcat-analyst-note.pdf
HC3: Analyst Note LockBit 3.0 Ransomware (12 dec)
https://www.hhs.gov/sites/default/files/lockbit-3-analyst-note.pdf
Artificial intelligence will shape future cyberattacks (13 dec)
https://www.kyberturvallisuuskeskus.fi/en/news/artificial-intelligence-will-shape-future-cyberattacks
Why and How to Use HTTP Security Headers? (13 dec)
https://infosecwriteups.com/why-and-how-to-use-http-security-headers-d2034306fb33
Signed driver malware moves up the software trust chain (13 dec)
https://news.sophos.com/en-us/2022/12/13/signed-driver-malware-moves-up-the-software-trust-chain/
Is the EU Healthcare Sector Cyber Healthy? The Conclusions of Cyber Europe 2022 (13 dec)
https://www.enisa.europa.eu/news/is-the-eu-healthcare-sector-cyber-healthy-the-conclusions-of-cyber-europe-2022
Announcing OSV-Scanner: Vulnerability Scanner for Open Source (13 dec)
https://security.googleblog.com/2022/12/announcing-osv-scanner-vulnerability.html
HTML smugglers turn to SVG images (13 dec)
https://blog.talosintelligence.com/html-smugglers-turn-to-svg-images/
Digital policy ranks low on Swedish EU presidency’s priority list (14 dec)
https://www.euractiv.com/section/digital/news/digital-policy-ranks-low-on-swedish-eu-presidencys-priority-list/
The 2022 SANS Holiday Hack Challenge
https://www.sans.org/mlp/holiday-hack-challenge/
CERT-SE i veckan
Kritiska sårbarheter i flera SAP-produkter
Kritiska sårbarheter i flera VMware-produkter
Microsofts månatliga säkerhetsuppdateringar för december 2022