Som du ser är vår webbplats inte anpassad för äldre webbläsare. Vi rekommenderar att du uppgraderar till en nyare webbläsare.
!!

Vi söker chef till Enheten för operativ cybersäkerhetsförmåga, en viktig roll i arbetet med att utveckla Sveriges förmåga att förebygga och hantera it-incidenter. Sista ansökningsdag är den 19 oktober.

Publicerad - Veckobrev

CERT-SE:s veckobrev v.2

Blandad läsning från en vecka med flera internationella nyheter om utpressnings- och överbelastningsangrepp mot samhällsviktig verksamhet, fortsatta årssummeringar med både fram- och tillbakablickar samt den månatliga patchtisdagen. Med anledning av Folk och försvars årliga konferens i Sälen har även cyberförsvar varit på agendan.

Trevlig läsning och helg önskar CERT-SE!

Nyheter i veckan

Schools hit by cyber attack and documents leaked (6 jan)
https://www.bbc.com/news/uk-england-gloucestershire-63637883
...
https://www.darkreading.com/attacks-breaches/vice-society-releases-info-stolen-uk-schools-passport-scans

Dridex malware pops back up and turns its attention to macOS (6 jan)
https://www.theregister.com/2023/01/06/dridex_macos_microsoft_malware/

Kärnforskningslabb i USA utsatt för rysk hackergrupp ( 6 jan)
https://www.dn.se/varlden/karnforskningslabb-i-usa-utsatt-for-rysk-hackergrupp/

Air France and KLM notify customers of account hacks (6 jan)
https://www.bleepingcomputer.com/news/security/air-france-and-klm-notify-customers-of-account-hacks/

OPWNAI : Cybercriminals Starting to Use ChatGPT (6 jan)
https://research.checkpoint.com/2023/opwnai-cybercriminals-starting-to-use-chatgpt/

Distribution of NetSupport RAT Malware Disguised as a Pokemon Game (6 jan)
https://asec.ahnlab.com/en/45312/

Can You Trust Your VSCode Extensions? (6 jan)
https://blog.aquasec.com/can-you-trust-your-vscode-extensions

Moldovaʼs government hit by flood of phishing attacks (7 jan)
https://therecord.media/moldova%ca%bcs-government-hit-by-flood-of-phishing-attacks/

Så bryter sig hackare från Nordkorea in – och skaffar pengar till statskassan (9 jan)
https://www.dn.se/varlden/sa-bryter-sig-hackare-fran-nordkorea-in-och-skaffar-pengar-till-statskassan/

Disclosing a New Vulnerability in JWT Secret Poisoning (CVE-2022-23529) (9 jan)
https://unit42.paloaltonetworks.com/jsonwebtoken-vulnerability-cve-2022-23529/

UK gov website being used to redirect to porn sites (9 jan)
https://www.pentestpartners.com/security-blog/uk-gov-website-being-used-to-phish-porn-site-creds/

Facebook Termination Notices Leads to Phishing (9 jan)
https://www.avanan.com/blog/facebook-termination-notices-leads-to-phishing

BaFIN [tyska motsvarigheten till Finansinspektionen] utfärdar varning för hackningstrojanen Godfather (9 jan)
https://www.di.se/bors/telegram/4c5b37db-f1ce-46cf-82e4-127af9aaabc1/

Ökat underrättelsehot mot svenska universitet (9 jan)
https://www.tn.se/article/24823/okat-underrattelsehot-mot-svenska-universitet/
...
https://www.riksrevisionen.se/om-riksrevisionen/kommunikation-och-media/nyhetsarkiv/2023-01-04-riksrevisionen-granskar-larosatenas-skydd-av-forskningsdata.html

Så hotas Sverige av cyberattacker (9 jan)
https://www.aftonbladet.se/nyheter/a/xgMrWn/brist-pa-information-kring-cyberattackerna

Unwrapping Ursnifs Gifts (9 jan)
https://thedfirreport.com/2023/01/09/unwrapping-ursnifs-gifts/

New Study Uncovers Text-to-SQL Model Vulnerabilities Allowing Data Theft and DoS Attacks (9 jan)
https://thehackernews.com/2023/01/new-study-uncovers-text-to-sql-model.html

Softronic om attacken: ”Vi kommer inte prata om vem som ligger bakom” (10 jan)
https://computersweden.idg.se/2.2683/1.774883/softronic-om-attacken

Hackare registrerade över 100 000 fejkkonton för att gräva krypto (10 jan)
https://computersweden.idg.se/2.2683/1.774877/anfallare-registrerade-over-100-000-fejkkonton-for-att-grava-krypto
...
https://unit42.paloaltonetworks.com/purpleurchin-steals-cloud-resources/

Hackers hit websites of Danish central bank, other banks (10 jan)
https://www.reuters.com/technology/denmarks-central-bank-website-hit-by-cyberattack-2023-01-10/
...
Bankernes hjemmesider kører igen efter nedbrud (10 jan)
https://www.dr.dk/nyheder/seneste/bankernes-hjemmesider-koerer-igen-efter-nedbrud

Hackers leak sensitive files after attack on San Francisco transit police (10 jan)
https://www.nbcnews.com/tech/security/hackers-leak-sensitive-files-attack-san-francisco-transit-police-rcna65071

Iowa’s largest school district cancels classes after cyberattack (10 jan)
https://www.bleepingcomputer.com/news/security/iowa-s-largest-school-district-cancels-classes-after-cyberattack/

Cyber-attack on DNV impacts 6,000+ vessels using ShipManager software (10 jan)
https://theloadstar.com/cyber-attack-on-dnv-impacts-6000-vessels-using-shipmanager-software/
...
https://www.dnv.com/news/cyber-attack-on-shipmanager-a-dnv-software-237552

British company that helps make semiconductors hit by cyber incident (10 jan)
https://therecord.media/british-company-that-helps-make-semiconductors-hit-by-cyber-incident/

A government watchdog spent $15,000 to crack a federal agency’s passwords in minutes (10 jan)
https://techcrunch.com/2023/01/10/interior-department-watchdog-passwords/

Raspberry Robin’s botnet second life (10 jan)
https://blog.sekoia.io/raspberry-robins-botnet-second-life/

Dark Pink: New APT group targets governmental, military organizations in APAC, Europe (11 jan)
https://www.group-ib.com/media-center/press-releases/dark-pink-apt/

Software maintenance mistake at center of major FAA computer meltdown: Official (11 jan)
https://abcnews.go.com/US/computer-failure-faa-impact-flights-nationwide/story?id=96358202
...
Flygstoppet i USA hävt - hittills inga bevis på cyberattack (11 jan)
https://computersweden.idg.se/2.2683/1.774990/flygningar-over-usa-har-stoppats-efter-it-haveri

Royal Mail hit by cyber attack as export service suffers 'severe disruption' (11 jan)
https://www.independent.co.uk/business/royal-mail-cyber-attack-exports-b2260308.html
...
https://www.bbc.com/news/business-64249540

The Guardian confirms ransomware attack stole employee data (11 jan)
https://techcrunch.com/2023/01/11/the-guardian-confirms-ransomware-attacks-stole-employee-data/

Hackergrupp pekas ut som ansvarig efter it-attacken mot Ölandskommunerna (11 jan)
https://www.svt.se/nyheter/lokalt/smaland/hackergrupp-pekas-ut-som-ansvarig-efter-it-attacken-mot-olandskommunerna

Hackers stole data of 460,000 individuals in MFHS ransomware attack (11 jan)
https://techcrunch.com/2023/01/11/hackers-mfhs-ransomware/

Passive detection of internet-connected systems affected by vulnerabilities from the CISA KEV catalog (11 jan)
https://isc.sans.edu/diary/Passive+detection+of+internetconnected+systems+affected+by+vulnerabilities+from+the+CISA+KEV+catalog/29426/

Informationssäkerhet och blandat

The Age of Digital, Transparent Warfare Is Here (6 jan)
https://www.wired.co.uk/article/digital-warfare

Regeringen har tillsatt utredning om säker och tillgänglig digital identitet (6 jan)
https://www.aktuellsakerhet.se/regeringen-har-tillsatt-utredning-om-saker-och-tillganglig-digital-identitet/

UN to Hold Hearing on Proposed Cybercrime Treaty (8 jan)
https://www.govinfosecurity.com/un-to-hold-hearing-on-proposed-cybercrime-treaty-a-20884

ÖB: Måste kunna slåss när allt blir mörkt (9 jan)
https://tt.omni.se/ob-maste-kunna-slass-nar-allt-blir-morkt/a/2BPnrl

U.S. Supreme Court lets Meta's WhatsApp pursue 'Pegasus' spyware suit (9 jan)
https://www.reuters.com/legal/us-supreme-court-lets-metas-whatsapp-pursue-pegasus-spyware-suit-2023-01-09/

This is the end, Windows 7 and 8 friends: Microsoft drops support this week (9 jan)
https://www.theregister.com/2023/01/09/microsoft_windows_7_8_support_ends/

Supporten för Windows Server 2012 upphör i oktober (9 jan)
https://computersweden.idg.se/2.2683/1.633354/windows-server-2012-support

Säpo-chefen: Ryskt spionage mot Sverige kommer att öka (10 jan)
https://www.svt.se/nyheter/inrikes/sapo-chefen-ryskt-spionage-mot-sverige-kommer-att-oka

Using MSPs to administer your cloud services (10 jan)
https://www.ncsc.gov.uk/blog-post/using-msps-to-administer-your-cloud-services

Homeland Security, CISA builds AI-based cybersecurity analytics sandbox (10 jan)
https://www.theregister.com/2023/01/10/dhs_cisa_cybersecurity_sandbox/

Creatively malicious prompt engineering (11 jan)
https://labs.withsecure.com/publications/creatively-malicious-prompt-engineering

Myndigheter tappar kontroll över känslig data (11 jan)
https://www.aktuellsakerhet.se/myndigheter-tappar-kontroll-over-kanslig-data/

Passive detection of internet-connected systems affected by vulnerabilities from the CISA KEV catalog (11 jan)
https://isc.sans.edu/diary/Passive+detection+of+internetconnected+systems+affected+by+vulnerabilities+from+the+CISA+KEV+catalog/29426/

Microsoft patch dashboard by Morphus Labs (11 jan)
https://patchtuesdaydashboard.com/

Låt inte NIS2 bli ett nytt GDPR (12 jan)
https://www.aktuellsakerhet.se/lat-inte-nis2-bli-ett-nytt-gdpr/

Rapporter och trendspaningar

Top SaaS Cybersecurity Threats in 2023: Are You Ready? (9 jan)
https://thehackernews.com/2023/01/top-saas-cybersecurity-threats-in-2023.html

ENCS: 2022 – Year in Review (10 jan)
https://encs.eu/news/2022-year-in-review/

Fortinets säkerhetsprognos- nya hot och ökande cyberbrottslighet inför 2023 (10 jan)
https://it-finans.se/fortinets-sakerhetsprognos-nya-hot-och-okande/

CERT-SE i veckan

Kritiska sårbarheter påverkar SAP-produkter

Microsofts månatliga säkerhetsuppdateringar för januari 2023