CERT-SE:s veckobrev v.4
Ett veckobrev med blandad läsning - nyheter, rapporter, rekommendationer och fördjupningar. Vi vill också slå ett slag för den årliga internationella dataskyddsdagen den 28 januari.
Den påminner oss om att personlig integritet och dataskydd inte bara är viktigt och ständigt aktuellt, utan även en mänsklig rättighet.
Trevlig läsning och helg önskar CERT-SE!
Nyheter i veckan
Ransomware attack hit KFC and Pizza Hut stores in the UK (20 jan)
https://www.bitdefender.com/blog/hotforsecurity/ransomware-attack-hit-kfc-and-pizza-hut-stores-in-the-uk/
Cyberattack on Nunavut energy supplier limits company operations (20 jan)
https://therecord.media/cyberattack-on-nunavut-energy-supplier-limits-company-operations/
Wi-Fi routers are being hit by a dangerous new Android malware with extra DNS hacks (20 jan)
https://www.techradar.com/news/wi-fi-routers-are-being-hit-by-a-dangerous-new-android-malware-with-extra-dns-hacks
NCSC to retire Logging Made Easy (20 jan)
https://www.ncsc.gov.uk/blog-post/ncsc-to-retire-logging-made-easy
Ransomware money laundering operation disrupted, founder arrested (20 jan)
https://www.malwarebytes.com/blog/news/2023/01/bitzlato-ransomware-laundry-operation-sees-founder-arrested
A hack at ODIN Intelligence exposes a huge trove of police raid files (21 jan)
https://techcrunch.com/2023/01/21/odin-intelligence-breach-police-surveillance/
This odd phishing scam targets victims with a blank image (21 jan)
https://www.techradar.com/news/this-odd-phishing-scam-targets-victims-with-a-blank-image
Hackers now use Microsoft OneNote attachments to spread malware (21 jan)
https://www.bleepingcomputer.com/news/security/hackers-now-use-microsoft-onenote-attachments-to-spread-malware/
https://isc.sans.edu/diary/rss/29470
Massive ad-fraud op dismantled after hitting millions of iOS devices (21 jan)
https://www.bleepingcomputer.com/news/security/massive-ad-fraud-op-dismantled-after-hitting-millions-of-ios-devices/
https://www.humansecurity.com/learn/blog/traffic-signals-the-vastflux-takedown?hsLang=en-us
Expert found critical flaws in OpenText Enterprise Content Management System (22 jan)
https://securityaffairs.com/141157/security/opentext-critical-flaws.html
A hacker stumbled upon TSA’s no-fly list via unsecured airline server (22 jan)
https://mashable.com/article/no-fly-list-leaked
Scammers Target Fans of ‘The Last of Us’ with Malware and Phishing Attacks (22 jan)
https://www.ghacks.net/scammers-target-fans-of-the-last-of-us
Sverige bygger en andra kvantdator: ”Pågår en kapplöpning” (23 jan)
https://www.dn.se/ekonomi/sverige-bygger-en-andra-kvantdator-pagar-en-kapplopning/
Emotet Returns With New Methods of Evasion (23 jan)
https://blogs.blackberry.com/en/2023/01/emotet-returns-with-new-methods-of-evasion
If skickade mejl med otillräcklig kryptering – får kritik (23 jan)
https://computersweden.idg.se/2.2683/1.775318/if-skickade-mejl-med-otillracklig-kryptering–far-kritik
Microsoft says it will start blocking XLL add-ins from the internet (23 jan)
https://www.scmagazine.com/news/malware/microsoft-says-it-will-start-blocking-xll-add-ins-from-the-internet
Felet hos Telia hittat: ”Tar lite tid att slå i genom för alla” (23 jan)
https://www.dn.se/ekonomi/storningar-hos-telia-2/
Apple fixes actively exploited iOS zero-day on older iPhones, iPads (23 jan)
https://www.bleepingcomputer.com/news/apple/apple-fixes-actively-exploited-ios-zero-day-on-older-iphones-ipads/
GTA Online bug exploited to ban, corrupt players’ accounts (23 jan)
https://www.bleepingcomputer.com/news/security/gta-online-bug-exploited-to-ban-corrupt-players-accounts/
International Counter Ransomware Task Force kicks off (23 jan)
https://therecord.media/international-counter-ransomware-task-force-kicks-off/
Vice Society Ransomware Group Targets Manufacturing Companies (24 jan)
https://www.trendmicro.com/en_us/research/23/a/vice-society-ransomware-group-targets-manufacturing-companies.html
First Europe organisation to defend rights online forms (24 jan)
https://securitybrief.co.nz/story/first-europe-organisation-to-defend-rights-online-forms
Sweden To Upgrade Nvidia-Powered Berzelius Supercomputer (24 jan)
https://www.silicon.co.uk/e-innovation/artificial-intelligence/sweden-nvidia-upgrade-supercomputer-494319
FBI says Lazarus behind $100 million dollar harmony bridge heist (24 jan)
https://duo.com/decipher/fbi-says-lazarus-group-behind-usd100-million-harmony-bridge-heist
Administrator of RSOCKS Proxy Botnet Pleads Guilty (24 jan)
https://krebsonsecurity.com/2023/01/administrator-of-rsocks-proxy-botnet-pleads-guilty/
US Cyber Command, DARPA ink cyberwar R&D pact (24 jan)
https://www.theregister.com/2023/01/24/us_cyber_command_darpa_constellation/
Ticketmaster Blames Bots in Taylor Swift ‘Eras’ Tour Debacle (24 jan)
https://www.darkreading.com/attacks-breaches/ticketmaster-blames-bots-taylor-swift-eras-tour-debacle
Arm Vulnerability Leads to Code Execution, Root on Pixel 6 Phones (24 jan)
https://www.securityweek.com/arm-vulnerability-leads-to-code-execution-root-on-pixel-6-phones/
Up to 350,000 open source projects vulnerable to 15-year-old Python bug (24 jan)
https://www.itpro.co.uk/development/open-source/369920/350000-open-source-projects-vulnerable-15-year-old-python-bug
Riot Games receives ransom demand from hackers, refuses to pay (24 jan)
https://www.bleepingcomputer.com/news/security/riot-games-receives-ransom-demand-from-hackers-refuses-to-pay/
75k WordPress sites impacted by critical online course plugin flaws (24 jan)
https://www.bleepingcomputer.com/news/security/75k-wordpress-sites-impacted-by-critical-online-course-plugin-flaws/
Canadian tool manufacturer hit by cyber attack (24 jan)
https://www.itworldcanada.com/article/canadian-tool-manufacturer-hit-by-cyber-attack/523620
The Rise of Amadey Bot: A Growing Concern for Internet Security (25 jan)
https://blog.cyble.com/2023/01/25/the-rise-of-amadey-bot-a-growing-concern-for-internet-security/
LastPass Parent Company GoTo Suffers Data Breach, Customers’ Backups Compromised (25 jan)
https://thehackernews.com/2023/01/lastpass-parent-company-goto-suffers.html
https://duo.com/decipher/attacker-stole-goto-customer-backups-and-encryption-key
Problem med Microsofts molntjänster – kraftiga störningar (25 jan)
https://www.svt.se/nyheter/inrikes/problem-med-microsofts-molntjanster-ligger-nere
https://techcrunch.com/2023/01/25/microsoft-teams-outlook-service-outage/
Här är de främsta cyberhoten mot finanssektorn just nu (25 jan)
https://computersweden.idg.se/2.2683/1.775431/har-ar-de-framsta-cyberhoten-mot-finanssektorn
Hilton denies hack after data from 3.7 million honors customers offered for sale (25 jan)
https://therecord.media/hilton-denies-hack-after-data-from-3-7-million-honors-customer-offered-for-sale/
Turkiskt hackerforum manar till attacker mot svenska banker (26 jan)
https://www.svt.se/nyheter/inrikes/turkiskt-hackerforum-manar-till-attacker-mot-sverige
Gotlandshem: Vi har varit utsatta för dataintrång (26 jan)
https://www.gotlandshem.se/nyheter/vi-har-varit-utsatta-for-dataintrang/
Bloke allegedly stole, sold private info belonging to ‘tens of millions’ globally (26 jan)
https://www.theregister.com/2023/01/26/crook_stole_tens_of_millions_private_data/
U.S. Federal Agencies Fall Victim to Cyber Attack Utilizing Legitimate RMM Software (26 jan)
https://thehackernews.com/2023/01/us-federal-agencies-fall-victim-to.html
Svensk polis har deltagit i internationell insats mot ransomware-nätverket Hive (26 jan)
https://polisen.se/aktuellt/nyheter/2023/januari/svensk-polis-har-deltagit-i-internationell-insats-mot-ransomware-natverket-hive/
U.S. Department of Justice Disrupts Hive Ransomware Variant (26 jan)
https://www.justice.gov/opa/pr/us-department-justice-disrupts-hive-ransomware-variant
SEABORGIUM and TA453 continue their respective spear-phishing campaigns against targets of interest (26 jan)
https://www.ncsc.gov.uk/news/spear-phishing-campaigns-targets-of-interest
Nye ministern om Sveriges cybersäkerhet: ”Alla måste börja göra sitt jobb nu” (27 jan)
https://computersweden.idg.se/2.2683/1.775419/ministern-om-sveriges-cybersakerhet–alla-aktorer-maste-borja-gora-sitt-jobb-nu
Informationssäkerhet och blandat
Healthcare ransomware attacks cause patient deaths, health IT security experts say (20 jan)
https://www.beckershospitalreview.com/cybersecurity/healthcare-ransomware-attacks-cause-patient-deaths-health-it-security-experts-say.html
Phishing and ransomware amongst biggest threats to charity sector (20 jan)
https://www.ncsc.gov.uk/blog-post/phishing-and-ransomware-amongst-biggest-threats-to-charity-sector
Ransomware Revenue Down As More Victims Refuse to Pay (20 jan)
https://www.itsecurityguru.org/2023/01/20/ransomware-revenue-down-as-more-victims-refuse-to-pay/
EU Commission to propose mandatory measures to accelerate network rollout (20 jan)
https://www.euractiv.com/section/digital/news/leak-eu-commission-to-propose-mandatory-measures-to-accelerate-network-rollout/
Linux malware hit a new high in 2022 (22 jan)
https://www.techradar.com/news/linux-malware-hit-a-new-high-in-2022
NHS Is The Most Phished UK Government Organization (22 jan)
https://www.databreaches.net/nhs-is-the-most-phished-uk-government-organization/
Dragos Industrial Ransomware Analysis: Q4 2022 (23 jan)
https://www.dragos.com/blog/industry-news/dragos-industrial-ransomware-analysis-q4-2022/
Celebrating Data Privacy Day – 28th January 2023 (23 jan)
https://informationsecuritybuzz.com/data-privacy-day-28-january-2023/
SOCs to Face Greater Challenges From Cybercriminals Targeting Governments and Media in 2023 (23 jan)
https://www.darkreading.com/attacks-breaches/socs-to-face-greater-challenges-from-cybercriminals-targeting-governments-and-media-in-2023
Brand Phishing report – Q4 2022 (23 jan)
https://blog.checkpoint.com/2023/01/23/brand-phishing-report-q4-2022/
ACSC Ransomware Profile - Royal (24 jan)
https://www.cyber.gov.au/acsc/view-all-content/advisories/2023-01-acsc-ransomware-profile-royal
2022 Cyber Attacks Statistics (24 jan)
https://www.hackmageddon.com/2023/01/24/2022-cyber-attacks-statistics/
Realtek SDK Vulnerability Attacks Highlight IoT Supply Chain Threats (24 jan)
https://unit42.paloaltonetworks.com/realtek-sdk-vulnerability/
Attacks Evade Detection with SparkRAT and Golang Source Code Interpretation (24 jan)
https://www.sentinelone.com/labs/dragonspark-attacks-evade-detection-with-sparkrat-and-golang-source-code-interpretation/
Why CISOs Make Great Board Members (24 jan)
https://www.securityweek.com/why-cisos-make-great-board-members/
Threat Landscape Topic Summary Report: Cisco Talos Year in Review 2022 (24 jan)
https://blog.talosintelligence.com/threat-landscape-topic-summary-report-cisco-talos-year-in-review-2022/
The risks of 5G security (25 jan)
https://www.techrepublic.com/article/risks-5g-security/
Attacking The Supply Chain: Developer (25 jan)
https://www.trendmicro.com/en_se/research/23/a/attacking-the-supply-chain-developer.html
NSA, CISA, and MS-ISAC Release Guidance for Securing Remote Monitoring and Management Software (25 jan)
https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3277084/nsa-cisa-and-ms-isac-release-guidance-for-securing-remote-monitoring-and-manage/
Securonix Security Advisory: Python-Based PY#RATION Attack Campaign Leverages Fernet Encryption and Websockets to Avoid Detection (25 jan)
https://www.securonix.com/blog/security-advisory-python-based-pyration-attack-campaign/
New Mimic Ransomware Abuses Everything APIs for its Encryption Process (26 jan)
https://www.trendmicro.com/en_us/research/23/a/new-mimic-ransomware-abuses-everything-apis-for-its-encryption-p.html
Protecting Data: Can we Engineer Data Sharing? (27 jan)
https://www.enisa.europa.eu/news/protecting-data-can-we-engineer-data-sharing
School safety and security: Partnering with K-12 Organizations
https://www.cisa.gov/protecting-our-future-partnering-safeguard-k-12-organizations-cybersecurity-threats
Ransomware Diaries: Volume 1
https://analyst1.com/ransomware-diaries-volume-1/