CERT-SE:s veckobrev v.52

Veckobrev

Inför nyårshelgen bjuder vi på intressant läsning och lyssning, exempelvis den officiella versionen av NIS 2 samt en hel del årssummeringar och tittande i spåkulan inför 2023.

Trevlig läsning och gott nytt år önskar CERT-SE!

Nyheter i veckan

Kopplade bort internet – så räddade kommunerna systemen (23 dec) https://sverigesradio.se/artikel/kopplade-bort-internet-sa-raddade-kommunerna-systemen

Ny AI-bot kan förvandla vem som helst till hacker (23 dec)
https://www.aktuellsakerhet.se/ny-ai-bot-kan-forvandla-vem-som-helst-till-hacker/

OpwnAI: AI That Can Save the Day or HACK it Away (19 dec)
https://research.checkpoint.com/2022/opwnai-ai-that-can-save-the-day-or-hack-it-away/

Hackers exploit bug in WordPress gift card plugin with 50K installs (23 dec)
https://www.bleepingcomputer.com/news/security/hackers-exploit-bug-in-wordpress-gift-card-plugin-with-50k-installs/

Trade with caution - bad guys are stealing (23 dec)
https://www.zscaler.com/blog/security-research/trade-with-caution

Google: With Cloud Comes APIs & Security Headaches (23 dec)
https://www.darkreading.com/cloud/google-cloud-apis-security-headaches

GuLoader Malware Utilizing New Techniques to Evade Security Software (26 dec)
https://thehackernews.com/2022/12/guloader-malware-utilizing-new.html

Europaparlamentets och rådets direktiv (EU) 2022/2555 av den 14 december 2022 om åtgärder för en hög gemensam cybersäkerhetsnivå i hela unionen, om ändring av förordning (EU) nr 910/2014 och direktiv (EU) 2018/1972 och om upphävande av direktiv (EU) 2016/1148 (NIS 2-direktivet) (27 dec)
https://eur-lex.europa.eu/legal-content/SV/TXT/HTML/?uri=CELEX:32022L2555&from=SV

Data of 400 Million Twitter Users for Sale as Irish Privacy Watchdog Announces Probe (27 dec)
https://www.securityweek.com/data-400-million-twitter-users-sale-irish-privacy-watchdog-announces-probe

Pure coder offers multiple malware for sale in Darkweb forums (27 dec)
https://blog.cyble.com/2022/12/27/pure-coder-offers-multiple-malware-for-sale-in-darkweb-forums/

EarSpy attack eavesdrops on Android phones via motion sensors (27 dec)
https://www.bleepingcomputer.com/news/security/earspy-attack-eavesdrops-on-android-phones-via-motion-sensors/

Canada’s largest children’s hospital struggles to recover from pre-Christmas ransomware attack (27 dec)
https://therecord.media/canadas-largest-childrens-hospital-struggles-to-recover-from-pre-christmas-ransomware-attack/

Hackers stole data from multiple electric utilities in recent ransomware attack (27 dec)
https://edition.cnn.com/2022/12/27/politics/hackers-data-utilities-ransomware-sargent-lundy/index.html

Navigating the Vast Ocean of Sandbox Evasions (27 dec)
https://unit42.paloaltonetworks.com/sandbox-evasion-memory-detection/

New wave of Financial Fraud: Scammers Monitoring Social Media Complaints (27 dec)
https://blog.cyble.com/2022/12/27/new-wave-of-finacial-fraud-scammers-monitoring-social-media-complaints/

Så kan fiender attackera vårt elnät (28 dec)
https://sverigesradio.se/avsnitt/sa-kan-fiender-attackera-vart-elnat-grans

US House boots TikTok from government phones (28 dec)
https://www.theregister.com/2022/12/28/us_tiktok_government_ban/

Reported phishing attacks have quintupled (28 dec)
https://www.helpnetsecurity.com/2022/12/28/reported-phishing-attacks-quintupled/

Phishing Activity Trends Report (12 dec)
https://docs.apwg.org/reports/apwg_trends_report_q3_2022.pdf

Log4Shell remains a big threat and a common cause for security breaches (28 dec) https://www.csoonline.com/article/3684108/log4shell-remains-a-big-threat-and-a-common-cause-for-security-breaches.html

Här är bluffmejlet som lurade kommunens anställda (28 dec)
https://www.svt.se/nyheter/lokalt/sodertalje/har-ar-bluffmejlet-som-lurade-var-fjarde-kommunanstalld

100 000 Tele2-kunder var utan bredband – felet åtgärdat (28 dec)
https://www.svt.se/nyheter/lokalt/stockholm/storningar-hos-tele2-tiotusentals-paverkas

Tonårskillar straffas efter dataintrånget i Vklass (28 dec)
https://www.svt.se/nyheter/lokalt/vast/tonarskillar-straffas-dataintranget-i-vklass

Ransomware attack at Louisiana hospital impacts 270,000 patients (28 dec) https://www.bleepingcomputer.com/news/security/ransomware-attack-at-louisiana-hospital-impacts-270-000-patients/

LockBit ransomware used in attack on Ohio town’s court, police department and more (28 dec)
https://therecord.media/lockbit-ransomware-group-attacks-ohio-towns-court-police-department-and-more/

APT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector (28 dec)
https://thehackernews.com/2022/12/apt-hackers-turn-to-malicious-excel-add.html

BitKeep Confirms Cyber Attack, Loses Over $9 Million in Digital Currencies (28 dec)
https://thehackernews.com/2022/12/bitkeep-confirms-cyber-attack-loses.html

Hackers abuse Google Ads to spread malware in legit software (28 dec)
https://www.bleepingcomputer.com/news/security/hackers-abuse-google-ads-to-spread-malware-in-legit-software/

Cyber attacks set to become “uninsurable” suggests Zurich’s Greco (28 dec)
https://www.reinsurancene.ws/cyber-attacks-set-to-become-uninsurable-suggests-zurichs-greco/

Southwest Airlines blames IT breakdown for stranding holiday travelers (28 dec)
https://www.theregister.com/2022/12/28/southwest_outdated_it/

Japanese police successful in decrypting data attacked by LockBit ransomware (29 dec)
https://cybernews.com/news/japan-police-successful-decrypting-data-lockbit-ransomware/

LockBit claims an attack on the Port of Lisbon (29 dec)
https://cybernews.com/news/lockbit-attacks-port-of-lisbon/

Twitter in data-protection probe after ‘400 million’ user details up for sale (29 dec)
https://www.bbc.com/news/technology-64109777

Google Home speakers allowed hackers to snoop on conversations (29 dec)
https://www.bleepingcomputer.com/news/security/google-home-speakers-allowed-hackers-to-snoop-on-conversations/

Årssummeringar och nyårsspaningar

Invasionen i Ukraina satte cyberkriget i fokus – 2022 ett dystert år för it-säkerheten (27 dec)
https://computersweden.idg.se/2.2683/1.774368/invasionen-i-ukraina-satte-cyberkriget-i-fokus

The Most Prolific Ransomware Gangs of 2022 (27 dec)
https://securityintelligence.com/articles/4-most-prolific-ransomware-gangs-2022/

It’s all in the (lack of) details: 2022’s badly handled data breaches (27 dec)
https://techcrunch.com/2022/12/27/badly-handled-data-breaches-2022/

Geopolitical threats, supply chain issues and phishing scams – cybersecurity predictions for 2023 (28 dec)
https://betanews.com/2022/12/28/geopolitical-threats-supply-chain-issues-and-phishing-scams-cybersecurity-predictions-for-2023/

Will the Crypto Crash Impact Cybersecurity in 2023? Maybe. (28 dec)
https://www.darkreading.com/threat-intelligence/crypto-crash-impact-cybersecurity-2023-maybe

The Worst Hacks of 2022 (29 dec)
https://www.wired.com/story/worst-hacks-2022/

The 13 Costliest Cyberattacks of 2022: Looking Back (29 dec) https://securityintelligence.com/articles/13-costliest-cyberattacks-2022/

NCSC reveals top government email impersonation scams taken down in 2022 (30 dec)
https://www.ncsc.gov.uk/news/ncsc-reveals-top-government-email-impersonation-scams-taken-down-in-2022

Informationssäkerhet och blandat

Cybersecurity Education Initiatives in the EU Member States (20 dec)
https://www.enisa.europa.eu/publications/cybersecurity-education-initiatives-in-the-eu-member-states

Can you please tell me what time it is? Adventures with public NTP servers. (21 dec)
https://isc.sans.edu/diary/rss/29368

TikTok admits using its app to spy on reporters in effort to track leaks (23 dec)
https://www.theguardian.com/technology/2022/dec/22/tiktok-bytedance-workers-fired-data-access-journalists

LastPass Breach (26 dec)
https://www.schneier.com/blog/archives/2022/12/lastpass-breach.html

Yes, It’s Time to Ditch LastPass (28 dec) https://www.wired.com/story/lastpass-breach-vaults-password-managers/

Biometric devices sold on eBay reportedly contained sensitive US military data (27 dec) https://www.engadget.com/report-iris-scanners-sold-on-e-bay-contained-sensitive-biometric-data-102418292.html