CERT-SE:s veckobrev v.11

Veckobrev

Vi ser ett fortsatt inflöde av intressanta årssammanställningar, några av dessa inkluderas i veckans svep. Ta gärna del av lärdomar och rekommendationer i MSB:s årsrapport om it-incidentrapportering 2022 som publicerades i veckan.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Xenomorph v3: a new variant with ATS targeting more than 400 institutions (10 mar)
https://www.threatfabric.com/blogs/xenomorph-v3-new-variant-with-ats.html

Microsoft OneNote to get enhanced security after recent malware abuse (10 mar)
https://www.bleepingcomputer.com/news/microsoft/microsoft-onenote-to-get-enhanced-security-after-recent-malware-abuse/

GoBruteforcer: Golang-Based Botnet Actively Harvests Web Servers (10 mar)
https://unit42.paloaltonetworks.com/gobruteforcer-golang-botnet/

CISA warns of actively exploited Plex bug after LastPass breach (11 mar)
https://www.bleepingcomputer.com/news/security/cisa-warns-of-actively-exploited-plex-bug-after-lastpass-breach/

Medusa ransomware gang picks up steam as it targets companies worldwide (12 mar)
https://www.bleepingcomputer.com/news/security/medusa-ransomware-gang-picks-up-steam-as-it-targets-companies-worldwide/

LockBit brags: We’ll leak thousands of SpaceX blueprints stolen from supplier (13 mar)
https://www.theregister.com/2023/03/13/lockbit_spacex_ransomware/

Emotet Returns, Now Adopts Binary Padding for Evasion (13 mar)
https://www.trendmicro.com/en_us/research/23/c/emotet-returns-now-adopts-binary-padding-for-evasion.html

Kali Linux 2023.1 introduces ‘Purple’ distro for defensive security (13 mar)
https://www.bleepingcomputer.com/news/security/kali-linux-20231-introduces-purple-distro-for-defensive-security/

Hackers steal $197 million in crypto in Euler Finance attack (13 mar)
https://www.bleepingcomputer.com/news/security/hackers-steal-197-million-in-crypto-in-euler-finance-attack/

DEV-1101 enables high-volume AiTM campaigns with open-source phishing kit (13 mar)
https://www.microsoft.com/en-us/security/blog/2023/03/13/dev-1101-enables-high-volume-aitm-campaigns-with-open-source-phishing-kit/

Ransomware Group Claims Hack of Amazon’s Ring (14 mar)
https://www.vice.com/en/article/qjvd9q/ransomware-group-claims-hack-of-amazons-ring

CISA Program Warns Critical Infrastructure Organizations Vulnerable to Ransomware Attacks (14 mar)
https://www.securityweek.com/cisa-program-warns-critical-infrastructure-organizations-vulnerable-to-ransomware-attacks/

Ransomware Vulnerability Warning Pilot
https://www.cisa.gov/stopransomware/Ransomware-Vulnerability-Warning-Pilot

NSA Releases Recommendations for Maturing Identity, Credential, and Access Management in Zero Trust (14 mar)
https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3328152/nsa-releases-recommendations-for-maturing-identity-credential-and-access-manage/

Breaking Down a Cyberattack, One Kill Chain Step at a Time (14 mar)
https://securityintelligence.com/articles/breaking-down-cyberattack-kill-chain-steps/

Talos uncovers espionage campaigns targeting CIS countries, embassies and EU health care agency (14 mar)
https://blog.talosintelligence.com/yorotrooper-espionage-campaign-cis-turkey-europe/

Cybersecurity of AI and Standardisation (14 mar)
https://www.enisa.europa.eu/publications/cybersecurity-of-ai-and-standardisation

Reduce, Reuse, Recycle: Bad Actors Practicing the Three Rs (15 mar)
https://www.fortinet.com/blog/threat-research/bad-actors-resurrecting-old-tactics

Threat Actors Exploit Progress Telerik Vulnerability in U.S. Government IIS Server (15 mar)
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-074a

Launch of coordinated enforcement on role of data protection officers (15 mar)
https://edpb.europa.eu/news/news/2023/launch-coordinated-enforcement-role-data-protection-officers_en

FBI: Ransomware hit 860 critical infrastructure orgs in 2022 (15 mar)
https://www.bleepingcomputer.com/news/security/fbi-ransomware-hit-860-critical-infrastructure-orgs-in-2022/

FBI: 2022 Internet Crime Report
https://www.ic3.gov/Media/PDF/AnnualReport/2022_IC3Report.pdf

Beware of Bank-Related Scams (15 mar)
https://www.cisa.gov/news-events/alerts/2023/03/15/beware-bank-related-scams

Störningar för Tele2: ”Stor del av 4G-trafiken har problem” (15 mar)
https://www.svt.se/nyheter/lokalt/vast/storningar-for-tele-2-stor-del-av-4g-trafiken-har-problem

Viktiga lärdomar för Sverige från cyberkriget i Ukraina (16 mar)
https://www.msb.se/sv/aktuellt/nyheter/2023/mars/viktiga-lardomar-for-sverige-fran-cyberkriget-i-ukraina/

När kriget kom nära: Årsrapport it-incidentrapportering 2022
https://rib.msb.se/Filer/pdf/30339.pdf

StopRansomware: LockBit 3.0 (16 mar)
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-075a

Bee-Ware of Trigona, An Emerging Ransomware Strain (16 mar)
https://unit42.paloaltonetworks.com/trigona-ransomware-update/

Multiple Hacker Groups Exploit 3-Year-Old Vulnerability to Breach U.S. Federal Agency (16 mar)
https://thehackernews.com/2023/03/multiple-hacker-groups-exploit-3-year.html

Säpo: Allvarliga brister i svensk beredskap för cyberangrepp (17 mar)
https://sverigesradio.se/artikel/sapo-allvarliga-brister-i-svensk-beredskap-for-cyberangrepp

Nasty bug allows hackers to take over many Android phones. Here’s what you can do. (17 mar)
https://mashable.com/article/android-phones-exynos-modem-bug

Informationssäkerhet och blandat

Nu kan du (äntligen?) uppdatera systemet på din gamla Amiga (10 mar)
https://computersweden.idg.se/2.2683/1.777232/nu-kan-du-uppdatera-systemet-pa-din-gamla-amiga

CISA joins forces with Women in CyberSecurity to break up the boy’s club (13 mar)
https://www.theregister.com/2023/03/13/cisa_joins_forces_with_women/

ChatGPT and large language models: what’s the risk? (14 mar)
https://www.ncsc.gov.uk/blog-post/chatgpt-and-large-language-models-whats-the-risk

Cybercriminals exploit SVB collapse to steal money and data (14 mar)
https://www.bleepingcomputer.com/news/security/cybercriminals-exploit-svb-collapse-to-steal-money-and-data/

Ransomware attacks have entered a heinous new phase (14 mar)
https://arstechnica.com/information-technology/2023/03/ransomware-attacks-have-entered-a-heinous-new-phase/

Cancer patient sues hospital after ransomware gang leaks her nude medical photos (15 mar)
https://www.theregister.com/2023/03/15/cancer_lvhn_sues_hospital/

Security Firm Rubrik breached by Clop gang through GoAnywhere Zero-Day exploitation (15 mar)
https://securityaffairs.com/143512/cyber-crime/rubrik-breached-goanywhere-zero-day-exploitation.html

IPFS phishing and the need for correctly set HTTP security headers (15 mar)
https://isc.sans.edu/diary/rss/29638

CERT-SE i veckan

Flera fall av likartat nätfiske mot svenska verksamheter

Kritiska sårbarheter påverkar SAP-produkter

Adobes månatliga säkerhetsuppdateringar för mars

Microsofts månatliga säkerhetsuppdateringar för mars 2023