CERT-SE:s veckobrev v.3

Veckobrev

Även denna vecka innehåller veckobrevet många artiklar om ransomware. Vi passar på att rekommendera alla att se över sin cyberhygien och vill tipsa om att Enisa i veckan släppte en verktygslåda för att öka medvetenheten om cybersäkerhet: https://cert.se/2022/02/dags-att-se-over-cyberhygienen-i-verksamheten

Trevlig helg önskar CERT-SE!

Nyheter i veckan

NortonLifeLock warns that hackers breached Password Manager accounts (13 jan)
https://www.bleepingcomputer.com/news/security/nortonlifelock-warns-that-hackers-breached-password-manager-accounts/

Dataintrång hos Stena fastigheter – hyresgäster drabbade (13 jan)
https://www.svt.se/nyheter/lokalt/vast/dataintrang-hos-stena-fastigheter-hyresgaster-berorda

CircleCI, LastPass, Okta, and Slack: Cyberattackers Pivot to Target Core Enterprise Tools (13 jan)
https://www.darkreading.com/attacks-breaches/circleci-lastpass-okta-slack-cyberattackers-target-enterprise-tools

Malware Attack on CircleCI Engineer’s Laptop Leads to Recent Security Incident (14 jan)
https://thehackernews.com/2023/01/malware-attack-on-circleci-engineers.html

Datadog rotates RPM signing key exposed in CircleCI hack (16 jan)
https://www.bleepingcomputer.com/news/security/datadog-rotates-rpm-signing-key-exposed-in-circleci-hack/

Supply Chain Attack Using Identical PyPI Packages, “colorslib”, “httpslib”, and “libhttps” (14 jan)
https://www.fortinet.com/blog/threat-research/supply-chain-attack-using-identical-pypi-packages-colorslib-httpslib-libhttps

Canada’s largest alcohol retailer’s site hacked to steal credit cards (14 jan)
https://www.bleepingcomputer.com/news/security/canadas-largest-alcohol-retailers-site-hacked-to-steal-credit-cards/

1.7 TB of data stolen from digital intelligence firm Cellebrite leaked online (15 jan)
https://securityaffairs.com/140838/data-breach/cellebrite-software-leaked-online.html

Hacktivists Leak 1.7TB of Cellebrite, 103GB of MSAB Data (16 jan)
https://www.hackread.com/hacktivists-leak-cellebrite-msab-data/

Filer från Micro Systemation ute på nätet - dataintrång utesluts inte (17 jan)
https://www.di.se/bors/telegram/c95215f3-db4d-5d1a-a6f4-4b342c9d67f0/

New Backdoor Created Using Leaked CIA’s Hive Malware Discovered in the Wild (16 jan)
https://thehackernews.com/2023/01/new-backdoor-created-using-leaked-cias.html

Vice Society ransomware leaks University of Duisburg-Essen’s data (16 jan)
https://www.bleepingcomputer.com/news/security/vice-society-ransomware-leaks-university-of-duisburg-essen-s-data/

MSI accidentally breaks Secure Boot for hundreds of motherboards (16 jan)
https://www.bleepingcomputer.com/news/security/msi-accidentally-breaks-secure-boot-for-hundreds-of-motherboards/

https://dawidpotocki.com/en/2023/01/13/msi-insecure-boot/

Europol arrested cryptocurrency scammers that stole millions from victims (16 jan)
https://securityaffairs.com/140854/cyber-crime/europol-arrested-cryptocurrency-scammers.html

Abusing a GitHub Codespaces Feature For Malware Delivery (16 jan)
https://www.trendmicro.com/en_se/research/23/a/abusing-github-codespaces-for-malware-delivery.html

Statsstödda grupper dominerade cyberattackerna 2022 (16 jan)
https://www.di.se/digital/statsstodda-grupper-dominerade-cyberattackerna-2022/

https://blog.talosintelligence.com/talos-year-in-review-2022/

6 Common Phishing Attacks and How to Protect Against Them (16 jan)
https://www.tripwire.com/state-of-security/6-common-phishing-attacks-and-how-to-protect-against-them

Kommunens analys: ”Så tog hackarna sig in” (17 jan)
https://www.securityuser.com/se/Nyheter/Samhalle/kommunens-analys-sa-tog-hackarna-sig-in

Skellefteå kommun utsatt för utpressningsvirus (17 jan)
https://www.svt.se/nyheter/lokalt/vasterbotten/skelleftea-kommun-utsatt-for-utpressningsvirus

Hackers Using Leaked CIA’s Hive Multi-Platform Attack Kit in the Wild (17 jan)
https://cybersecuritynews.com/leaked-cias-hive-multi-platform/

Over 4,000 Sophos Firewall devices vulnerable to RCE attacks (17 jan)
https://www.bleepingcomputer.com/news/security/over-4-000-sophos-firewall-devices-vulnerable-to-rce-attacks/

Nissan North America data breach caused by vendor-exposed database (17 jan)
https://www.bleepingcomputer.com/news/security/nissan-north-america-data-breach-caused-by-vendor-exposed-database/

Microsoft resolves four SSRF vulnerabilities in Azure cloud services (17 jan)
https://msrc-blog.microsoft.com/2023/01/17/microsoft-resolves-four-ssrf-vulnerabilities-in-azure-cloud-services/

Batloader Malware Abuses Legitimate Tools, Uses Obfuscated JavaScript Files in Q4 2022 Attacks (17 jan)
https://www.trendmicro.com/en_us/research/23/a/batloader-malware-abuses-legitimate-tools-uses-obfuscated-javasc.html

59.4 million compromised payment card records posted for sale on dark web in 2022: report (17 jan)
https://therecord.media/59-4-million-compromised-payment-card-records-posted-for-sale-on-dark-web-in-2022-report/

Is WordPress Secure? (17 jan)
https://blog.sucuri.net/2023/01/is-wordpress-secure.html

CISA Updates Best Practices for Mapping to MITRE ATT&CK (17 jan)
https://www.cisa.gov/uscert/ncas/current-activity/2023/01/17/cisa-updates-best-practices-mapping-mitre-attckr

QBot Campaigns Overwhelmingly Lead Reported Payloads in Q4 (17 jan)
https://www.phishlabs.com/blog/qbot-campaigns-overwhelmingly-lead-reported-payloads-in-q4/

Hackers push malware via Google search ads for VLC, 7-Zip, CCleaner (17 jan)
https://www.bleepingcomputer.com/news/security/hackers-push-malware-via-google-search-ads-for-vlc-7-zip-ccleaner/

Malicious Google Ad –> Fake Notepad++ Page –> Aurora Stealer malware (18 jan)
https://isc.sans.edu/diary/Malicious+Google+Ad+Fake+Notepad+Page+Aurora+Stealer+malware/29448/

Vulnerable Historian Servers Imperil OT Networks (18 jan)
https://www.darkreading.com/ics-ot/vulnerable-historian-servers-imperil-ot-networks

NSA Publishes Internet Protocol Version 6 (IPv6) Security Guidance (18 jan)
https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3270451/nsa-publishes-internet-protocol-version-6-ipv6-security-guidance/

Vendors Actively Bypass Security Patch for Year-Old Magento Vulnerability (18 jan)
https://www.securityweek.com/vendors-actively-bypass-security-patch-year-old-magento-vulnerability

https://sansec.io/research/vendors-defeat-magento-security-patch-simple-check

Almost Half of Critical Manufacturing at Risk of Breach (18 jan)
https://www.infosecurity-magazine.com/news/critical-manufacturing-risk-of/

https://resources.securityscorecard.com/davos-2023/addressing-the-trust-deficit

Aurora – A Stealer Using Shapeshifting Tactics (18 jan)
https://blog.cyble.com/2023/01/18/aurora-a-stealer-using-shapeshifting-tactics/

Ransomware attack severs 1,000 ships from their on-shore servers (19 jan)
https://www.theregister.com/2023/01/19/ransomware_attack_cuts_1000_ships/

https://www.dnv.com/news/cyber-attack-on-shipmanager-servers-update-237931

Following the LNK metadata trail (19 jan)
https://blog.talosintelligence.com/following-the-lnk-metadata-trail/

New ‘Blank Image’ attack hides phishing scripts in SVG files (19 jan)
https://www.bleepingcomputer.com/news/security/new-blank-image-attack-hides-phishing-scripts-in-svg-files/

https://www.avanan.com/blog/the-blank-image-attack

Finally, ransomware victims are refusing to pay up (19 jan)
https://www.theregister.com/2023/01/19/ransomware_payments_down/

https://blog.chainalysis.com/reports/crypto-ransomware-revenue-down-as-victims-refuse-to-pay/

PayPal says crooks poked around 35,000 accounts in credential stuffing attack (19 jan)
https://www.theregister.com/2023/01/19/paypal_data_breach/

Microsoft pushes KB5021751 to check for outdated Office installs (19 jan)
https://www.bleepingcomputer.com/news/microsoft/microsoft-pushes-kb5021751-to-check-for-outdated-office-installs/

New T-Mobile Breach Affects 37 Million Accounts (19 jan)
https://krebsonsecurity.com/2023/01/new-t-mobile-breach-affects-37-million-accounts/

Ransomware gang steals data from KFC, Taco Bell, and Pizza Hut brand owner (19 jan)
https://www.bleepingcomputer.com/news/security/ransomware-gang-steals-data-from-kfc-taco-bell-and-pizza-hut-brand-owner/

https://www.yum.com/wps/portal/yumbrands/Yumbrands/news/company-stories/Yum+Brands+January+18+2023+Statement

Längre väntan på pengar från a-kassor (19 jan)
https://www.publikt.se/nyhet/langre-vantan-pa-pengar-fran-kassor-24939

EmojiDeploy Attack Chain Targets Misconfigured Azure Service (20 jan)
https://www.darkreading.com/cloud/emojideploy-attack-chain-targets-misconfigured-azure-service

https://ermetic.com/blog/azure/emojideploy-smile-your-azure-web-service-just-got-rced

Phishing and ransomware amongst biggest threats to charity sector (20 jan)
https://www.ncsc.gov.uk/blog-post/phishing-and-ransomware-amongst-biggest-threats-to-charity-sector

Informationssäkerhet och blandat

CISA Releases 2022 Year in Review (12 jan)
https://www.cisa.gov/news/2023/01/12/cisa-releases-2022-year-review

200 akademiker lurade i it-fälla – köpte universitetets semesterbluff (16 jan)
https://www.tv4.se/artikel/lqxTPZcfnHzZaqoWprwan/sa-lurades-200-akademiker-i-malmoe-var-tionde-gick-rakt-i-it-faellan

Java, .NET Developers Prone to More Frequent Vulnerabilities (16 jan)
https://www.darkreading.com/threat-intelligence/java-net-developers-frequent-vulnerabilities

Nordic states to develop common cybersecurity strategy (17 jan)
https://www.defensenews.com/global/europe/2023/01/17/nordic-states-to-develop-common-cybersecurity-strategy/

UK schools build cyber resilience (17 jan)
https://www.ncsc.gov.uk/blog-post/uk-schools-build-cyber-resilience

Polisen stavade fel – obehöriga fick mejl om brottsoffer (17 jan)
https://www.dn.se/sverige/polisen-stavade-fel-obehoriga-fick-mejl-om-brottsoffer/

Mailchimp says it was hacked — again (18 jan)
https://techcrunch.com/2023/01/18/mailchimp-hacked/

Ransomware Remains Top Cyberthreat, Former NCSC Chief Says (18 jan)
https://www.govinfosecurity.com/ransomware-remains-top-cyber-threat-former-ncsc-chief-says-a-20966

British and Ukrainian cyber officials meet in London for threat intelligence talks (18 jan)
https://therecord.media/british-and-ukrainian-cyber-officials-meet-in-london-for-threat-intelligence-talks/

Ukraine cyber defenders in UK for high-level talks (19 jan)
https://www.ncsc.gov.uk/news/ukraine-cyber-defenders-in-uk-for-high-level-talks

Hur ska kritisk infrastruktur skyddas? Nato testar nu med AI (19 jan)
https://computersweden.idg.se/2.2683/1.775177/hur-ska-kritisk-infrastruktur-skyddas-nato-testar-hur-ai-kan-anvandas-mot-cyberattacker

Cybersecurity Awareness Raising: Peek Into the ENISA-Do-It-Yourself Toolbox (19 jan)
https://www.enisa.europa.eu/news/cybersecurity-awareness-raising-peek-into-the-enisa-do-it-yourself-toolbox

CERT-SE i veckan

Oracles kvartalsvisa säkerhetsuppdatering för januari 2023