CERT-SE:s veckobrev v.2
Blandad läsning från en vecka med flera internationella nyheter om utpressnings- och överbelastningsangrepp mot samhällsviktig verksamhet, fortsatta årssummeringar med både fram- och tillbakablickar samt den månatliga patchtisdagen. Med anledning av Folk och försvars årliga konferens i Sälen har även cyberförsvar varit på agendan.
Trevlig läsning och helg önskar CERT-SE!
Nyheter i veckan
Schools hit by cyber attack and documents leaked (6 jan) https://www.bbc.com/news/uk-england-gloucestershire-63637883
Dridex malware pops back up and turns its attention to macOS (6 jan)
https://www.theregister.com/2023/01/06/dridex_macos_microsoft_malware/
Kärnforskningslabb i USA utsatt för rysk hackergrupp (6 jan)
https://www.dn.se/varlden/karnforskningslabb-i-usa-utsatt-for-rysk-hackergrupp/
Air France and KLM notify customers of account hacks (6 jan)
https://www.bleepingcomputer.com/news/security/air-france-and-klm-notify-customers-of-account-hacks/
OPWNAI : Cybercriminals Starting to Use ChatGPT (6 jan)
https://research.checkpoint.com/2023/opwnai-cybercriminals-starting-to-use-chatgpt/
Distribution of NetSupport RAT Malware Disguised as a Pokemon Game (6 jan)
https://asec.ahnlab.com/en/45312/
Can You Trust Your VSCode Extensions? (6 jan)
https://blog.aquasec.com/can-you-trust-your-vscode-extensions
Moldovaʼs government hit by flood of phishing attacks (7 jan)
https://therecord.media/moldova%ca%bcs-government-hit-by-flood-of-phishing-attacks/
Så bryter sig hackare från Nordkorea in – och skaffar pengar till statskassan (9 jan)
https://www.dn.se/varlden/sa-bryter-sig-hackare-fran-nordkorea-in-och-skaffar-pengar-till-statskassan/
Disclosing a New Vulnerability in JWT Secret Poisoning (CVE-2022-23529) (9 jan)
https://unit42.paloaltonetworks.com/jsonwebtoken-vulnerability-cve-2022-23529/
UK gov website being used to redirect to porn sites (9 jan)
https://www.pentestpartners.com/security-blog/uk-gov-website-being-used-to-phish-porn-site-creds/
Facebook Termination Notices Leads to Phishing (9 jan)
https://www.avanan.com/blog/facebook-termination-notices-leads-to-phishing
BaFIN (tyska motsvarigheten till Finansinspektionen) utfärdar varning för hackningstrojanen Godfather (9 jan)
https://www.di.se/bors/telegram/4c5b37db-f1ce-46cf-82e4-127af9aaabc1/
Ökat underrättelsehot mot svenska universitet (9 jan)
https://www.tn.se/article/24823/okat-underrattelsehot-mot-svenska-universitet/
Så hotas Sverige av cyberattacker (9 jan)
https://www.aftonbladet.se/nyheter/a/xgMrWn/brist-pa-information-kring-cyberattackerna
Unwrapping Ursnifs Gifts (9 jan)
https://thedfirreport.com/2023/01/09/unwrapping-ursnifs-gifts/
New Study Uncovers Text-to-SQL Model Vulnerabilities Allowing Data Theft and DoS Attacks (9 jan)
https://thehackernews.com/2023/01/new-study-uncovers-text-to-sql-model.html
Softronic om attacken: ”Vi kommer inte prata om vem som ligger bakom” (10 jan)
https://computersweden.idg.se/2.2683/1.774883/softronic-om-attacken
Hackare registrerade över 100 000 fejkkonton för att gräva krypto (10 jan)
https://computersweden.idg.se/2.2683/1.774877/anfallare-registrerade-over-100-000-fejkkonton-for-att-grava-krypto
https://unit42.paloaltonetworks.com/purpleurchin-steals-cloud-resources/
Hackers hit websites of Danish central bank, other banks (10 jan)
https://www.reuters.com/technology/denmarks-central-bank-website-hit-by-cyberattack-2023-01-10/
Bankernes hjemmesider kører igen efter nedbrud (10 jan)
https://www.dr.dk/nyheder/seneste/bankernes-hjemmesider-koerer-igen-efter-nedbrud
Hackers leak sensitive files after attack on San Francisco transit police (10 jan)
https://www.nbcnews.com/tech/security/hackers-leak-sensitive-files-attack-san-francisco-transit-police-rcna65071
Iowa’s largest school district cancels classes after cyberattack (10 jan)
https://www.bleepingcomputer.com/news/security/iowa-s-largest-school-district-cancels-classes-after-cyberattack/
Cyber-attack on DNV impacts 6,000+ vessels using ShipManager software (10 jan)
https://theloadstar.com/cyber-attack-on-dnv-impacts-6000-vessels-using-shipmanager-software/
https://www.dnv.com/news/cyber-attack-on-shipmanager-a-dnv-software-237552
British company that helps make semiconductors hit by cyber incident (10 jan)
https://therecord.media/british-company-that-helps-make-semiconductors-hit-by-cyber-incident/
A government watchdog spent $15,000 to crack a federal agency’s passwords in minutes (10 jan)
https://techcrunch.com/2023/01/10/interior-department-watchdog-passwords/
Raspberry Robin’s botnet second life (10 jan)
https://blog.sekoia.io/raspberry-robins-botnet-second-life/
Dark Pink: New APT group targets governmental, military organizations in APAC, Europe (11 jan)
https://www.group-ib.com/media-center/press-releases/dark-pink-apt/
Software maintenance mistake at center of major FAA computer meltdown: Official (11 jan)
https://abcnews.go.com/US/computer-failure-faa-impact-flights-nationwide/story?id=96358202
Flygstoppet i USA hävt - hittills inga bevis på cyberattack (11 jan)
https://computersweden.idg.se/2.2683/1.774990/flygningar-over-usa-har-stoppats-efter-it-haveri
Royal Mail hit by cyber attack as export service suffers ‘severe disruption’ (11 jan)
https://www.independent.co.uk/business/royal-mail-cyber-attack-exports-b2260308.html
https://www.bbc.com/news/business-64249540
The Guardian confirms ransomware attack stole employee data (11 jan)
https://techcrunch.com/2023/01/11/the-guardian-confirms-ransomware-attacks-stole-employee-data/
Hackergrupp pekas ut som ansvarig efter it-attacken mot Ölandskommunerna (11 jan)
https://www.svt.se/nyheter/lokalt/smaland/hackergrupp-pekas-ut-som-ansvarig-efter-it-attacken-mot-olandskommunerna
Hackers stole data of 460,000 individuals in MFHS ransomware attack (11 jan)
https://techcrunch.com/2023/01/11/hackers-mfhs-ransomware/
Passive detection of internet-connected systems affected by vulnerabilities from the CISA KEV catalog (11 jan)
https://isc.sans.edu/diary/Passive+detection+of+internetconnected+systems+affected+by+vulnerabilities+from+the+CISA+KEV+catalog/29426/
Informationssäkerhet och blandat
The Age of Digital, Transparent Warfare Is Here (6 jan)
https://www.wired.co.uk/article/digital-warfare
Regeringen har tillsatt utredning om säker och tillgänglig digital identitet (6 jan)
https://www.aktuellsakerhet.se/regeringen-har-tillsatt-utredning-om-saker-och-tillganglig-digital-identitet/
UN to Hold Hearing on Proposed Cybercrime Treaty (8 jan)
https://www.govinfosecurity.com/un-to-hold-hearing-on-proposed-cybercrime-treaty-a-20884
ÖB: Måste kunna slåss när allt blir mörkt (9 jan)
https://tt.omni.se/ob-maste-kunna-slass-nar-allt-blir-morkt/a/2BPnrl
U.S. Supreme Court lets Meta’s WhatsApp pursue ‘Pegasus’ spyware suit (9 jan)
https://www.reuters.com/legal/us-supreme-court-lets-metas-whatsapp-pursue-pegasus-spyware-suit-2023-01-09/
This is the end, Windows 7 and 8 friends: Microsoft drops support this week (9 jan)
https://www.theregister.com/2023/01/09/microsoft_windows_7_8_support_ends/
Supporten för Windows Server 2012 upphör i oktober (9 jan)
https://computersweden.idg.se/2.2683/1.633354/windows-server-2012-support
Säpo-chefen: Ryskt spionage mot Sverige kommer att öka (10 jan)
https://www.svt.se/nyheter/inrikes/sapo-chefen-ryskt-spionage-mot-sverige-kommer-att-oka
Using MSPs to administer your cloud services (10 jan)
https://www.ncsc.gov.uk/blog-post/using-msps-to-administer-your-cloud-services
Homeland Security, CISA builds AI-based cybersecurity analytics sandbox (10 jan)
https://www.theregister.com/2023/01/10/dhs_cisa_cybersecurity_sandbox/
Creatively malicious prompt engineering (11 jan)
https://labs.withsecure.com/publications/creatively-malicious-prompt-engineering
Myndigheter tappar kontroll över känslig data (11 jan)
https://www.aktuellsakerhet.se/myndigheter-tappar-kontroll-over-kanslig-data/
Passive detection of internet-connected systems affected by vulnerabilities from the CISA KEV catalog (11 jan)
https://isc.sans.edu/diary/Passive+detection+of+internetconnected+systems+affected+by+vulnerabilities+from+the+CISA+KEV+catalog/29426/
Microsoft patch dashboard by Morphus Labs (11 jan)
https://patchtuesdaydashboard.com/
Låt inte NIS2 bli ett nytt GDPR (12 jan)
https://www.aktuellsakerhet.se/lat-inte-nis2-bli-ett-nytt-gdpr/
Rapporter och trendspaningar
Top SaaS Cybersecurity Threats in 2023: Are You Ready? (9 jan)
https://thehackernews.com/2023/01/top-saas-cybersecurity-threats-in-2023.html
ENCS: 2022 – Year in Review (10 jan)
https://encs.eu/news/2022-year-in-review/
Fortinets säkerhetsprognos- nya hot och ökande cyberbrottslighet inför 2023 (10 jan)
https://it-finans.se/fortinets-sakerhetsprognos-nya-hot-och-okande/
CERT-SE i veckan
Kritiska sårbarheter påverkar SAP-produkter
Microsofts månatliga säkerhetsuppdateringar för januari 2023