CERT-SE:s veckobrev v.2

Veckobrev

Blandad läsning från en vecka med flera internationella nyheter om utpressnings- och överbelastningsangrepp mot samhällsviktig verksamhet, fortsatta årssummeringar med både fram- och tillbakablickar samt den månatliga patchtisdagen. Med anledning av Folk och försvars årliga konferens i Sälen har även cyberförsvar varit på agendan.

Trevlig läsning och helg önskar CERT-SE!

Nyheter i veckan

Schools hit by cyber attack and documents leaked (6 jan) https://www.bbc.com/news/uk-england-gloucestershire-63637883

https://www.darkreading.com/attacks-breaches/vice-society-releases-info-stolen-uk-schools-passport-scans

Dridex malware pops back up and turns its attention to macOS (6 jan)
https://www.theregister.com/2023/01/06/dridex_macos_microsoft_malware/

Kärnforskningslabb i USA utsatt för rysk hackergrupp (6 jan)
https://www.dn.se/varlden/karnforskningslabb-i-usa-utsatt-for-rysk-hackergrupp/

Air France and KLM notify customers of account hacks (6 jan)
https://www.bleepingcomputer.com/news/security/air-france-and-klm-notify-customers-of-account-hacks/

OPWNAI : Cybercriminals Starting to Use ChatGPT (6 jan)
https://research.checkpoint.com/2023/opwnai-cybercriminals-starting-to-use-chatgpt/

Distribution of NetSupport RAT Malware Disguised as a Pokemon Game (6 jan)
https://asec.ahnlab.com/en/45312/

Can You Trust Your VSCode Extensions? (6 jan)
https://blog.aquasec.com/can-you-trust-your-vscode-extensions

Moldovaʼs government hit by flood of phishing attacks (7 jan)
https://therecord.media/moldova%ca%bcs-government-hit-by-flood-of-phishing-attacks/

Så bryter sig hackare från Nordkorea in – och skaffar pengar till statskassan (9 jan)
https://www.dn.se/varlden/sa-bryter-sig-hackare-fran-nordkorea-in-och-skaffar-pengar-till-statskassan/

Disclosing a New Vulnerability in JWT Secret Poisoning (CVE-2022-23529) (9 jan)
https://unit42.paloaltonetworks.com/jsonwebtoken-vulnerability-cve-2022-23529/

UK gov website being used to redirect to porn sites (9 jan)
https://www.pentestpartners.com/security-blog/uk-gov-website-being-used-to-phish-porn-site-creds/

Facebook Termination Notices Leads to Phishing (9 jan)
https://www.avanan.com/blog/facebook-termination-notices-leads-to-phishing

BaFIN (tyska motsvarigheten till Finansinspektionen) utfärdar varning för hackningstrojanen Godfather (9 jan)
https://www.di.se/bors/telegram/4c5b37db-f1ce-46cf-82e4-127af9aaabc1/

Ökat underrättelsehot mot svenska universitet (9 jan)
https://www.tn.se/article/24823/okat-underrattelsehot-mot-svenska-universitet/

https://www.riksrevisionen.se/om-riksrevisionen/kommunikation-och-media/nyhetsarkiv/2023-01-04-riksrevisionen-granskar-larosatenas-skydd-av-forskningsdata.html

Så hotas Sverige av cyberattacker (9 jan)
https://www.aftonbladet.se/nyheter/a/xgMrWn/brist-pa-information-kring-cyberattackerna

Unwrapping Ursnifs Gifts (9 jan)
https://thedfirreport.com/2023/01/09/unwrapping-ursnifs-gifts/

New Study Uncovers Text-to-SQL Model Vulnerabilities Allowing Data Theft and DoS Attacks (9 jan)
https://thehackernews.com/2023/01/new-study-uncovers-text-to-sql-model.html

Softronic om attacken: ”Vi kommer inte prata om vem som ligger bakom” (10 jan)
https://computersweden.idg.se/2.2683/1.774883/softronic-om-attacken

Hackare registrerade över 100 000 fejkkonton för att gräva krypto (10 jan)
https://computersweden.idg.se/2.2683/1.774877/anfallare-registrerade-over-100-000-fejkkonton-for-att-grava-krypto

https://unit42.paloaltonetworks.com/purpleurchin-steals-cloud-resources/

Hackers hit websites of Danish central bank, other banks (10 jan)
https://www.reuters.com/technology/denmarks-central-bank-website-hit-by-cyberattack-2023-01-10/

Bankernes hjemmesider kører igen efter nedbrud (10 jan)
https://www.dr.dk/nyheder/seneste/bankernes-hjemmesider-koerer-igen-efter-nedbrud

Hackers leak sensitive files after attack on San Francisco transit police (10 jan)
https://www.nbcnews.com/tech/security/hackers-leak-sensitive-files-attack-san-francisco-transit-police-rcna65071

Iowa’s largest school district cancels classes after cyberattack (10 jan)
https://www.bleepingcomputer.com/news/security/iowa-s-largest-school-district-cancels-classes-after-cyberattack/

Cyber-attack on DNV impacts 6,000+ vessels using ShipManager software (10 jan)
https://theloadstar.com/cyber-attack-on-dnv-impacts-6000-vessels-using-shipmanager-software/

https://www.dnv.com/news/cyber-attack-on-shipmanager-a-dnv-software-237552

British company that helps make semiconductors hit by cyber incident (10 jan)
https://therecord.media/british-company-that-helps-make-semiconductors-hit-by-cyber-incident/

A government watchdog spent $15,000 to crack a federal agency’s passwords in minutes (10 jan)
https://techcrunch.com/2023/01/10/interior-department-watchdog-passwords/

Raspberry Robin’s botnet second life (10 jan)
https://blog.sekoia.io/raspberry-robins-botnet-second-life/

Dark Pink: New APT group targets governmental, military organizations in APAC, Europe (11 jan)
https://www.group-ib.com/media-center/press-releases/dark-pink-apt/

Software maintenance mistake at center of major FAA computer meltdown: Official (11 jan)
https://abcnews.go.com/US/computer-failure-faa-impact-flights-nationwide/story?id=96358202

Flygstoppet i USA hävt - hittills inga bevis på cyberattack (11 jan)
https://computersweden.idg.se/2.2683/1.774990/flygningar-over-usa-har-stoppats-efter-it-haveri

Royal Mail hit by cyber attack as export service suffers ‘severe disruption’ (11 jan)
https://www.independent.co.uk/business/royal-mail-cyber-attack-exports-b2260308.html

https://www.bbc.com/news/business-64249540

The Guardian confirms ransomware attack stole employee data (11 jan)
https://techcrunch.com/2023/01/11/the-guardian-confirms-ransomware-attacks-stole-employee-data/

Hackergrupp pekas ut som ansvarig efter it-attacken mot Ölandskommunerna (11 jan)
https://www.svt.se/nyheter/lokalt/smaland/hackergrupp-pekas-ut-som-ansvarig-efter-it-attacken-mot-olandskommunerna

Hackers stole data of 460,000 individuals in MFHS ransomware attack (11 jan)
https://techcrunch.com/2023/01/11/hackers-mfhs-ransomware/

Passive detection of internet-connected systems affected by vulnerabilities from the CISA KEV catalog (11 jan)
https://isc.sans.edu/diary/Passive+detection+of+internetconnected+systems+affected+by+vulnerabilities+from+the+CISA+KEV+catalog/29426/

Informationssäkerhet och blandat

The Age of Digital, Transparent Warfare Is Here (6 jan)
https://www.wired.co.uk/article/digital-warfare

Regeringen har tillsatt utredning om säker och tillgänglig digital identitet (6 jan)
https://www.aktuellsakerhet.se/regeringen-har-tillsatt-utredning-om-saker-och-tillganglig-digital-identitet/

UN to Hold Hearing on Proposed Cybercrime Treaty (8 jan)
https://www.govinfosecurity.com/un-to-hold-hearing-on-proposed-cybercrime-treaty-a-20884

ÖB: Måste kunna slåss när allt blir mörkt (9 jan)
https://tt.omni.se/ob-maste-kunna-slass-nar-allt-blir-morkt/a/2BPnrl

U.S. Supreme Court lets Meta’s WhatsApp pursue ‘Pegasus’ spyware suit (9 jan)
https://www.reuters.com/legal/us-supreme-court-lets-metas-whatsapp-pursue-pegasus-spyware-suit-2023-01-09/

This is the end, Windows 7 and 8 friends: Microsoft drops support this week (9 jan)
https://www.theregister.com/2023/01/09/microsoft_windows_7_8_support_ends/

Supporten för Windows Server 2012 upphör i oktober (9 jan)
https://computersweden.idg.se/2.2683/1.633354/windows-server-2012-support

Säpo-chefen: Ryskt spionage mot Sverige kommer att öka (10 jan)
https://www.svt.se/nyheter/inrikes/sapo-chefen-ryskt-spionage-mot-sverige-kommer-att-oka

Using MSPs to administer your cloud services (10 jan)
https://www.ncsc.gov.uk/blog-post/using-msps-to-administer-your-cloud-services

Homeland Security, CISA builds AI-based cybersecurity analytics sandbox (10 jan)
https://www.theregister.com/2023/01/10/dhs_cisa_cybersecurity_sandbox/

Creatively malicious prompt engineering (11 jan)
https://labs.withsecure.com/publications/creatively-malicious-prompt-engineering

Myndigheter tappar kontroll över känslig data (11 jan)
https://www.aktuellsakerhet.se/myndigheter-tappar-kontroll-over-kanslig-data/

Passive detection of internet-connected systems affected by vulnerabilities from the CISA KEV catalog (11 jan)
https://isc.sans.edu/diary/Passive+detection+of+internetconnected+systems+affected+by+vulnerabilities+from+the+CISA+KEV+catalog/29426/

Microsoft patch dashboard by Morphus Labs (11 jan)
https://patchtuesdaydashboard.com/

Låt inte NIS2 bli ett nytt GDPR (12 jan)
https://www.aktuellsakerhet.se/lat-inte-nis2-bli-ett-nytt-gdpr/

Rapporter och trendspaningar

Top SaaS Cybersecurity Threats in 2023: Are You Ready? (9 jan)
https://thehackernews.com/2023/01/top-saas-cybersecurity-threats-in-2023.html

ENCS: 2022 – Year in Review (10 jan)
https://encs.eu/news/2022-year-in-review/

Fortinets säkerhetsprognos- nya hot och ökande cyberbrottslighet inför 2023 (10 jan)
https://it-finans.se/fortinets-sakerhetsprognos-nya-hot-och-okande/

CERT-SE i veckan

Kritiska sårbarheter påverkar SAP-produkter

Microsofts månatliga säkerhetsuppdateringar för januari 2023