CERT-SE:s veckobrev v.4

Veckobrev

Ett veckobrev med blandad läsning - nyheter, rapporter, rekommendationer och fördjupningar. Vi vill också slå ett slag för den årliga internationella dataskyddsdagen den 28 januari.

Den påminner oss om att personlig integritet och dataskydd inte bara är viktigt och ständigt aktuellt, utan även en mänsklig rättighet.

Trevlig läsning och helg önskar CERT-SE!

Nyheter i veckan

Ransomware attack hit KFC and Pizza Hut stores in the UK (20 jan)
https://www.bitdefender.com/blog/hotforsecurity/ransomware-attack-hit-kfc-and-pizza-hut-stores-in-the-uk/

Cyberattack on Nunavut energy supplier limits company operations (20 jan)
https://therecord.media/cyberattack-on-nunavut-energy-supplier-limits-company-operations/

Wi-Fi routers are being hit by a dangerous new Android malware with extra DNS hacks (20 jan)
https://www.techradar.com/news/wi-fi-routers-are-being-hit-by-a-dangerous-new-android-malware-with-extra-dns-hacks

NCSC to retire Logging Made Easy (20 jan)
https://www.ncsc.gov.uk/blog-post/ncsc-to-retire-logging-made-easy

Ransomware money laundering operation disrupted, founder arrested (20 jan)
https://www.malwarebytes.com/blog/news/2023/01/bitzlato-ransomware-laundry-operation-sees-founder-arrested

A hack at ODIN Intelligence exposes a huge trove of police raid files (21 jan)
https://techcrunch.com/2023/01/21/odin-intelligence-breach-police-surveillance/

This odd phishing scam targets victims with a blank image (21 jan)
https://www.techradar.com/news/this-odd-phishing-scam-targets-victims-with-a-blank-image

Hackers now use Microsoft OneNote attachments to spread malware (21 jan)
https://www.bleepingcomputer.com/news/security/hackers-now-use-microsoft-onenote-attachments-to-spread-malware/

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/trojanized-onenote-document-leads-to-formbook-malware/

https://isc.sans.edu/diary/rss/29470

Massive ad-fraud op dismantled after hitting millions of iOS devices (21 jan)
https://www.bleepingcomputer.com/news/security/massive-ad-fraud-op-dismantled-after-hitting-millions-of-ios-devices/

https://www.humansecurity.com/learn/blog/traffic-signals-the-vastflux-takedown?hsLang=en-us

Expert found critical flaws in OpenText Enterprise Content Management System (22 jan)
https://securityaffairs.com/141157/security/opentext-critical-flaws.html

A hacker stumbled upon TSA’s no-fly list via unsecured airline server (22 jan)
https://mashable.com/article/no-fly-list-leaked

Scammers Target Fans of ‘The Last of Us’ with Malware and Phishing Attacks (22 jan)
https://www.ghacks.net/scammers-target-fans-of-the-last-of-us

Sverige bygger en andra kvantdator: ”Pågår en kapplöpning” (23 jan)
https://www.dn.se/ekonomi/sverige-bygger-en-andra-kvantdator-pagar-en-kapplopning/

Emotet Returns With New Methods of Evasion (23 jan)
https://blogs.blackberry.com/en/2023/01/emotet-returns-with-new-methods-of-evasion

If skickade mejl med otillräcklig kryptering – får kritik (23 jan)
https://computersweden.idg.se/2.2683/1.775318/if-skickade-mejl-med-otillracklig-kryptering–far-kritik

Microsoft says it will start blocking XLL add-ins from the internet (23 jan)
https://www.scmagazine.com/news/malware/microsoft-says-it-will-start-blocking-xll-add-ins-from-the-internet

Felet hos Telia hittat: ”Tar lite tid att slå i genom för alla” (23 jan)
https://www.dn.se/ekonomi/storningar-hos-telia-2/

Apple fixes actively exploited iOS zero-day on older iPhones, iPads (23 jan)
https://www.bleepingcomputer.com/news/apple/apple-fixes-actively-exploited-ios-zero-day-on-older-iphones-ipads/

GTA Online bug exploited to ban, corrupt players’ accounts (23 jan)
https://www.bleepingcomputer.com/news/security/gta-online-bug-exploited-to-ban-corrupt-players-accounts/

International Counter Ransomware Task Force kicks off (23 jan)
https://therecord.media/international-counter-ransomware-task-force-kicks-off/

https://www.cybersecurityconnect.com.au/strategy/8633-a-new-australian-led-anti-ransomware-task-force-is-now-operational

Vice Society Ransomware Group Targets Manufacturing Companies (24 jan)
https://www.trendmicro.com/en_us/research/23/a/vice-society-ransomware-group-targets-manufacturing-companies.html

First Europe organisation to defend rights online forms (24 jan)
https://securitybrief.co.nz/story/first-europe-organisation-to-defend-rights-online-forms

Sweden To Upgrade Nvidia-Powered Berzelius Supercomputer (24 jan)
https://www.silicon.co.uk/e-innovation/artificial-intelligence/sweden-nvidia-upgrade-supercomputer-494319

FBI says Lazarus behind $100 million dollar harmony bridge heist (24 jan)
https://duo.com/decipher/fbi-says-lazarus-group-behind-usd100-million-harmony-bridge-heist

Administrator of RSOCKS Proxy Botnet Pleads Guilty (24 jan)
https://krebsonsecurity.com/2023/01/administrator-of-rsocks-proxy-botnet-pleads-guilty/

US Cyber Command, DARPA ink cyberwar R&D pact (24 jan)
https://www.theregister.com/2023/01/24/us_cyber_command_darpa_constellation/

Ticketmaster Blames Bots in Taylor Swift ‘Eras’ Tour Debacle (24 jan)
https://www.darkreading.com/attacks-breaches/ticketmaster-blames-bots-taylor-swift-eras-tour-debacle

Arm Vulnerability Leads to Code Execution, Root on Pixel 6 Phones (24 jan)
https://www.securityweek.com/arm-vulnerability-leads-to-code-execution-root-on-pixel-6-phones/

Up to 350,000 open source projects vulnerable to 15-year-old Python bug (24 jan)
https://www.itpro.co.uk/development/open-source/369920/350000-open-source-projects-vulnerable-15-year-old-python-bug

https://www.scmagazine.com/analysis/application-security/trellix-automates-patching-for-62000-open-source-projects-linked-to-a-15-year-old-python-bug

Riot Games receives ransom demand from hackers, refuses to pay (24 jan)
https://www.bleepingcomputer.com/news/security/riot-games-receives-ransom-demand-from-hackers-refuses-to-pay/

75k WordPress sites impacted by critical online course plugin flaws (24 jan)
https://www.bleepingcomputer.com/news/security/75k-wordpress-sites-impacted-by-critical-online-course-plugin-flaws/

Canadian tool manufacturer hit by cyber attack (24 jan)
https://www.itworldcanada.com/article/canadian-tool-manufacturer-hit-by-cyber-attack/523620

The Rise of Amadey Bot: A Growing Concern for Internet Security (25 jan)
https://blog.cyble.com/2023/01/25/the-rise-of-amadey-bot-a-growing-concern-for-internet-security/

LastPass Parent Company GoTo Suffers Data Breach, Customers’ Backups Compromised (25 jan)
https://thehackernews.com/2023/01/lastpass-parent-company-goto-suffers.html

https://duo.com/decipher/attacker-stole-goto-customer-backups-and-encryption-key

Problem med Microsofts molntjänster – kraftiga störningar (25 jan)
https://www.svt.se/nyheter/inrikes/problem-med-microsofts-molntjanster-ligger-nere

https://techcrunch.com/2023/01/25/microsoft-teams-outlook-service-outage/

Här är de främsta cyberhoten mot finanssektorn just nu (25 jan)
https://computersweden.idg.se/2.2683/1.775431/har-ar-de-framsta-cyberhoten-mot-finanssektorn

Hilton denies hack after data from 3.7 million honors customers offered for sale (25 jan)
https://therecord.media/hilton-denies-hack-after-data-from-3-7-million-honors-customer-offered-for-sale/

Turkiskt hackerforum manar till attacker mot svenska banker (26 jan)
https://www.svt.se/nyheter/inrikes/turkiskt-hackerforum-manar-till-attacker-mot-sverige

Gotlandshem: Vi har varit utsatta för dataintrång (26 jan)
https://www.gotlandshem.se/nyheter/vi-har-varit-utsatta-for-dataintrang/

Bloke allegedly stole, sold private info belonging to ‘tens of millions’ globally (26 jan)
https://www.theregister.com/2023/01/26/crook_stole_tens_of_millions_private_data/

U.S. Federal Agencies Fall Victim to Cyber Attack Utilizing Legitimate RMM Software (26 jan)
https://thehackernews.com/2023/01/us-federal-agencies-fall-victim-to.html

Svensk polis har deltagit i internationell insats mot ransomware-nätverket Hive (26 jan)
https://polisen.se/aktuellt/nyheter/2023/januari/svensk-polis-har-deltagit-i-internationell-insats-mot-ransomware-natverket-hive/

U.S. Department of Justice Disrupts Hive Ransomware Variant (26 jan)
https://www.justice.gov/opa/pr/us-department-justice-disrupts-hive-ransomware-variant

SEABORGIUM and TA453 continue their respective spear-phishing campaigns against targets of interest (26 jan)
https://www.ncsc.gov.uk/news/spear-phishing-campaigns-targets-of-interest

Nye ministern om Sveriges cybersäkerhet: ”Alla måste börja göra sitt jobb nu” (27 jan)
https://computersweden.idg.se/2.2683/1.775419/ministern-om-sveriges-cybersakerhet–alla-aktorer-maste-borja-gora-sitt-jobb-nu

Informationssäkerhet och blandat

Healthcare ransomware attacks cause patient deaths, health IT security experts say (20 jan)
https://www.beckershospitalreview.com/cybersecurity/healthcare-ransomware-attacks-cause-patient-deaths-health-it-security-experts-say.html

Phishing and ransomware amongst biggest threats to charity sector (20 jan)
https://www.ncsc.gov.uk/blog-post/phishing-and-ransomware-amongst-biggest-threats-to-charity-sector

Ransomware Revenue Down As More Victims Refuse to Pay (20 jan)
https://www.itsecurityguru.org/2023/01/20/ransomware-revenue-down-as-more-victims-refuse-to-pay/

EU Commission to propose mandatory measures to accelerate network rollout (20 jan)
https://www.euractiv.com/section/digital/news/leak-eu-commission-to-propose-mandatory-measures-to-accelerate-network-rollout/

Linux malware hit a new high in 2022 (22 jan)
https://www.techradar.com/news/linux-malware-hit-a-new-high-in-2022

NHS Is The Most Phished UK Government Organization (22 jan)
https://www.databreaches.net/nhs-is-the-most-phished-uk-government-organization/

Dragos Industrial Ransomware Analysis: Q4 2022 (23 jan)
https://www.dragos.com/blog/industry-news/dragos-industrial-ransomware-analysis-q4-2022/

Celebrating Data Privacy Day – 28th January 2023 (23 jan)
https://informationsecuritybuzz.com/data-privacy-day-28-january-2023/

SOCs to Face Greater Challenges From Cybercriminals Targeting Governments and Media in 2023 (23 jan)
https://www.darkreading.com/attacks-breaches/socs-to-face-greater-challenges-from-cybercriminals-targeting-governments-and-media-in-2023

Brand Phishing report – Q4 2022 (23 jan)
https://blog.checkpoint.com/2023/01/23/brand-phishing-report-q4-2022/

ACSC Ransomware Profile - Royal (24 jan)
https://www.cyber.gov.au/acsc/view-all-content/advisories/2023-01-acsc-ransomware-profile-royal

2022 Cyber Attacks Statistics (24 jan)
https://www.hackmageddon.com/2023/01/24/2022-cyber-attacks-statistics/

Realtek SDK Vulnerability Attacks Highlight IoT Supply Chain Threats (24 jan)
https://unit42.paloaltonetworks.com/realtek-sdk-vulnerability/

Attacks Evade Detection with SparkRAT and Golang Source Code Interpretation (24 jan)
https://www.sentinelone.com/labs/dragonspark-attacks-evade-detection-with-sparkrat-and-golang-source-code-interpretation/

Why CISOs Make Great Board Members (24 jan)
https://www.securityweek.com/why-cisos-make-great-board-members/

Threat Landscape Topic Summary Report: Cisco Talos Year in Review 2022 (24 jan)
https://blog.talosintelligence.com/threat-landscape-topic-summary-report-cisco-talos-year-in-review-2022/

The risks of 5G security (25 jan)
https://www.techrepublic.com/article/risks-5g-security/

Attacking The Supply Chain: Developer (25 jan)
https://www.trendmicro.com/en_se/research/23/a/attacking-the-supply-chain-developer.html

NSA, CISA, and MS-ISAC Release Guidance for Securing Remote Monitoring and Management Software (25 jan)
https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3277084/nsa-cisa-and-ms-isac-release-guidance-for-securing-remote-monitoring-and-manage/

Securonix Security Advisory: Python-Based PY#RATION Attack Campaign Leverages Fernet Encryption and Websockets to Avoid Detection (25 jan)
https://www.securonix.com/blog/security-advisory-python-based-pyration-attack-campaign/

New Mimic Ransomware Abuses Everything APIs for its Encryption Process (26 jan)
https://www.trendmicro.com/en_us/research/23/a/new-mimic-ransomware-abuses-everything-apis-for-its-encryption-p.html

Protecting Data: Can we Engineer Data Sharing? (27 jan)
https://www.enisa.europa.eu/news/protecting-data-can-we-engineer-data-sharing

School safety and security: Partnering with K-12 Organizations
https://www.cisa.gov/protecting-our-future-partnering-safeguard-k-12-organizations-cybersecurity-threats

Ransomware Diaries: Volume 1
https://analyst1.com/ransomware-diaries-volume-1/

CERT-SE i veckan

Kritiska sårbarheter i VMware vRealize Log Insight