CERT-SE:s veckobrev v.6
Ni missade väl inte Safer Internet Day i tisdags? Dagen som syftar till att göra internet lite säkrare, lite bättre, arrangerades i år för tjugonde gången i ordningen. På webbplatsen och i andra kanaler finns bra tips för både unga och lite mindre unga surfare.
Vi påminner om våra artiklar om nätfiske och överbelastningsangrepp
Trevlig helg önskar CERT-SE!
Nyheter i veckan
6 Ransomware Trends & Evolutions For 2023 (2 feb)
https://www.trendmicro.com/en_us/ciso/23/b/ransomware-trends-evolutions-2023.html
Cyberthreats facing UK finance sector “a national security threat” (3 feb)
https://www.malwarebytes.com/blog/news/2023/02/financials-are-facing-an-unprecedented-number-of-cybersecurity-threats
Cybersecurity Snapshot: As ChatGPT Fire Rages, NIST Issues AI Security Guidance (3 feb)
https://www.tenable.com/blog/cybersecurity-snapshot-as-chatgpt-fire-rages-nist-issues-ai-security-guidance
Until further notice, think twice before using Google to download software (3 feb)
https://arstechnica.com/information-technology/2023/02/until-further-notice-think-twice-before-using-google-to-download-software/
NY attorney general forces spyware vendor to alert victims (4 feb)
https://www.bleepingcomputer.com/news/security/ny-attorney-general-forces-spyware-vendor-to-alert-victims/
Finland’s Most-Wanted Hacker Nabbed in France (5 feb)
https://krebsonsecurity.com/2023/02/finlands-most-wanted-hacker-nabbed-in-france/
Feltänkta OT-produkter har massor av inbyggda säkerhetsrisker (6 feb)
https://computersweden.idg.se/2.2683/1.771156/feltankta-ot-produkter-har-massor-av-inbyggda-sakerhetsrisker
Vulnerabilities and exposures to rise to 1,900 a month in 2023: Coalition (6 feb)
https://www.csoonline.com/article/3687137/vulnerabilities-and-exposures-to-rise-to-1-900-a-month-in-2023-coalition.html
Cyber Threat Index 2023
https://info.coalitioninc.com/rs/566-KWJ-784/images/Coalition_Cyber-Threat-Index-2023.pdf
British steel industry supplier Vesuvius ‘currently managing cyber incident’ (6 feb)
https://therecord.media/vesuvius-plc-cyber-incident-steel-industry-supplier/
Vesuvius plc: Statement on cyber security incident (6 feb)
https://www.londonstockexchange.com/news-article/VSVS/cyber-security-incident/15824555
Major Florida Hospital Shuts Down Networks, Ransomware Attack Suspected (6 feb)
https://www.infosecurity-magazine.com/news/major-florida-hospital-shuts/
EU lawmakers aim for common position on draft AI rules by early March (6 feb)
https://www.reuters.com/technology/eu-lawmakers-aim-common-position-draft-ai-rules-by-early-march-2023-02-06/
Pupils across the UK crowned champions of the NCSC cyber contest for girls (6 feb)
https://www.ncsc.gov.uk/news/pupils-across-the-uk-crowned-champions-of-the-ncsc-cyber-contest-for-girls
New strike against encrypted criminal communications with dismantling of Exclu tool (6 feb)
https://www.eurojust.europa.eu/news/new-strike-against-encrypted-criminal-communications-dismantling-exclu-tool
Eurocops shut down Exclu encrypted messaging app, arrest dozens (7 feb)
https://www.theregister.com/2023/02/07/police_exclu_encrypted/
Anonymous leaked 128GB of data stolen from Russian ISP Convex revealing FSB’s warrantless surveillance (7 feb)
https://securityaffairs.com/141888/hacktivism/anonymous-fsb-surveillance.html
This notorious ransomware has now found a new target (7 feb)
https://www.zdnet.com/article/this-notorious-ransomware-is-now-targeting-linux-systems-too
OpenSSH addressed a new pre-auth double free vulnerability (7 feb)
https://securityaffairs.com/141907/hacking/openssh-pre-auth-double-free-bug.html
After Hive takedown, could the LockBit ransomware crew be the next to fall? (7 feb)
https://cyberscoop.com/lockbit-ransomware-crew-law-enforcement-hive/
Retail Sector Ransomware Attacks Grow by 67% in 2022 (7 feb)
https://www.blackfog.com/retail-sector-ransomware-attacks-2022/
Linux Variant of Clop Ransomware Spotted, But Uses Faulty Encryption Algorithm (7 feb)
https://thehackernews.com/2023/02/linux-variant-of-clop-ransomware.html
Cl0p Ransomware Targets Linux Systems with Flawed Encryption | Decryptor Available (7 feb)
https://www.sentinelone.com/labs/cl0p-ransomware-targets-linux-systems-with-flawed-encryption-decryptor-available/
NIST Selects ‘Lightweight Cryptography’ Algorithms to Protect Small Devices (7 feb)
https://www.nist.gov/news-events/news/2023/02/nist-selects-lightweight-cryptography-algorithms-protect-small-devices
Malware delivery through Microsoft OneNote files is growing in a post-macro world (7 feb)
https://www.techspot.com/news/97514-malware-delivery-through-microsoft-onenote-files-growing-post.html
Cybercriminals Bypass ChatGPT Restrictions to Generate Malicious Content (7 feb)
https://blog.checkpoint.com/2023/02/07/cybercriminals-bypass-chatgpt-restrictions-to-generate-malicious-content/
CISA says Killnet DDoS attacks on U.S. hospitals had little effect (7 feb)
https://therecord.media/ddos-hospitals-cisa-killnet-limited-effects/
Happy Safer Internet Day 2023! (7 feb)
https://www.saferinternetday.org/news/article?id=7043422
Saferinternetday - Bletchley Park’s top tips - part one (8 feb)
https://youtu.be/IYyywut-rrs
ION brings clients back online after ransomware attack - source (8 feb)
https://www.reuters.com/technology/ion-starts-bring-clients-back-online-after-ransomware-attack-source-2023-02-07/
Singapore hit by growing cybercrimes, clocks $501M in losses from scams (8 feb)
https://www.zdnet.com/article/singapore-hit-by-growing-cybercrimes-clocks-501m-in-losses-from-scams/
A Detailed Analysis of a New Stealer Called Stealerium (8 feb)
https://resources.securityscorecard.com/research/stealerium-detailed-analysis
2023 Security Report: Cyberattacks reach an all-time high in response to geo-political conflict, and the rise of ‘disruption and destruction’ malware (8 feb)
https://research.checkpoint.com/2023/2023-security-report-cyberattacks-reach-an-all-time-high-in-response-to-geo-political-conflict-and-the-rise-of-disruption-and-destruction-malware/
Tor and I2P networks hit by wave of ongoing DDoS attacks (8 feb)
https://www.bleepingcomputer.com/news/security/tor-and-i2p-networks-hit-by-wave-of-ongoing-ddos-attacks/
Drug distributor AmerisourceBergen confirms security breach (8 feb)
https://www.bleepingcomputer.com/news/security/drug-distributor-amerisourcebergen-confirms-security-breach/
Ransomware review: February 2023 (8 feb)
https://www.malwarebytes.com/blog/business/2023/02/ransomware-in-february-2023
Healthcare Industry Was the Most Common Victim of Third-Party Breaches in 2022 (8 feb)
https://circleid.com/posts/20230208-healthcare-industry-was-the-most-common-victim-of-third-party-breaches-in-2022
Stort intresse för Cyber Challenge 2023 (9 feb)
https://www.ncsc.se/aktuellt/stort-intresse-for-cyber-challenge-2023/
Hackers breach Reddit to steal source code and internal data (9 feb)
https://www.bleepingcomputer.com/news/security/hackers-breach-reddit-to-steal-source-code-and-internal-data/
Critical Infrastructure at Risk from New Vulnerabilities Found in Wireless IIoT Devices (9 feb)
https://thehackernews.com/2023/02/critical-infrastructure-at-risk-from.html
ESXiArgs ransomware
Ransomware scum launch wave of attacks on critical, but old, VMWare ESXi vuln (6 feb)
https://www.theregister.com/2023/02/06/esxi_ransomware_campaign/
No evidence global ransomware hack was by state entity, Italy says (6 feb)
https://www.reuters.com/technology/italys-govt-global-cyber-attack-did-not-come-state-entity-2023-02-06/
ESXi ransomware campaign strikes Florida Supreme Court, worldwide universities (8 feb)
https://www.itpro.com/security/cyber-attacks/370034/esxi-ransomware-florida-supreme-court-worldwide-universities
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a script to recover VMware ESXi servers infected with ESXiArgs ransomware (8 feb)
https://securityaffairs.com/141948/malware/uc-cisa-script-esxiargs-ransomware.html
CISA Alert (AA23-039A): ESXiArgs Ransomware Virtual Machine Recovery Guidance (8 feb)
https://www.cisa.gov/uscert/ncas/alerts/aa23-039a
ESXiArgs Ransomware Hits Over 3,800 Servers as Hackers Continue Improving Malware (9 feb)
https://www.securityweek.com/esxiargs-ransomware-hits-over-3800-servers-as-hackers-continue-improving-malware/
Informationssäkerhet och blandat
Test and Study: Do Security Solutions stop Current Ransomware under Windows 11? (20 jan)
https://www.av-test.org/en/news/test-and-study-do-security-solutions-stop-current-ransomware-under-windows-11/
School laptop auction devolves into extortion allegation (6 feb)
https://www.theregister.com/2023/02/06/school_laptop_auction_devolves_into/
Oväntade lärdomen i hemtjänsten efter IT-attacken: “Det borde ha varit kaos” (7 feb)
https://sverigesradio.se/artikel/ovantade-lardomen-i-hemtjansten-efter-it-attacken-det-borde-varit-kaos
Over 12% of analyzed online stores expose private data, backups (7 feb)
https://www.bleepingcomputer.com/news/security/over-12-percent-of-analyzed-online-stores-expose-private-data-backups/
How to find and remove spyware from your phone (7 feb)
https://www.zdnet.com/article/how-to-find-and-remove-spyware-from-your-phone/
Patient Information Compromised in Data Breach at San Diego Healthcare Provider (8 feb)
https://www.securityweek.com/patient-information-compromised-in-data-breach-at-san-diego-healthcare-provider/
150 lärare använde hackad tjänst – inlogg kan ha läckt (8 feb)
https://sverigesradio.se/artikel/150-larare-anvande-hackad-tjanst-inlogg-kan-ha-lackt
Lost and found: Codebreakers decipher 50+ letters of Mary, Queen of Scots (8 feb)
https://arstechnica.com/science/2023/02/lost-and-found-code-breakers-decipher-50-letters-of-mary-queen-of-scots/
More Than 12% of Analyzed Online Stores Expose Private Backups, Study Shows (8 feb)
https://www.bitdefender.com/blog/hotforsecurity/more-than-12-of-analyzed-online-stores-expose-private-backups-study-shows/
Sansec analysis: 12% of online stores leak private backups (7 feb)
https://sansec.io/research/sansec-analysis-12-of-online-stores-leak-private-backups