CERT-SE:s veckobrev v.15

Veckobrev

Blandade nyheter från veckan som gått. Det har varit patchtisdag och flera tillverkare har släppt säkerhetsuppdateringar för sina produkter vilket CERT-SE uppmärksammat med flera artiklar.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

MSI hacked: Watch out for malicious fake software (7 apr)
https://www.pcworld.com/article/1780409/msi-confirms-ransomware-attack-asks-customers-to-be-alert.html

Pressmeddelande från MSI angående cyberangrepp (7 apr)
https://www.msi.com/news/detail/MSI-Statement-141688

Big Pharma-partnered Evotec on high alert after cyberattack takes systems offline (10 apr)
https://www.fiercebiotech.com/biotech/big-pharma-partnered-evotec-closes-down-hatchets-after-cyber-attack

Over 1 Million WordPress Sites Infected by Balada Injector Malware Campaign (10 apr)
https://thehackernews.com/2023/04/over-1-million-wordpress-sites-infected.html

KFC, Pizza Hut owner discloses data breach after ransomware attack (10 apr)
https://www.bleepingcomputer.com/news/security/kfc-pizza-hut-owner-discloses-data-breach-after-ransomware-attack/

40% of IT security pros say they’ve been told not to report a data leak (11 apr)
https://www.theregister.com/2023/04/11/in_brief_security/

Bryggeri i Vimmerby utsatt för it-attack (11 apr)
https://www.svt.se/nyheter/lokalt/smaland/bryggeri-i-vimmerby-utsatta-for-it-attack

Åbro igång igen – oklart hur mycket man förlorat: “Får räkna på det” (14 apr)
https://www.dagensvimmerby.se/nyheter/naringsliv/e/137705/abro-igang-igen-oklart-hur-mycket-man-forlorat-far-rakna-pa-det/

400,000 Users Hit by Data Breach at Media Player Maker Kodi (12 apr)
https://www.securityweek.com/400000-users-hit-by-data-breach-at-media-player-maker-kodi/

Hyundai data breach exposes owner details in France and Italy (12 apr)
https://www.bleepingcomputer.com/news/security/hyundai-data-breach-exposes-owner-details-in-france-and-italy/

German builder of yachts and military vessels hit by ransomware attack (12 apr)
https://therecord.media/german-builder-of-superyachts-and-military-boats

Informationssäkerhet och blandat

Terrifying study shows how fast AI can crack your passwords; here’s how to protect yourself (7 apr)
https://9to5mac.com/2023/04/07/ai-cracks-passwords-this-fast-how-to-protect/

All Dutch govt networks to use RPKI to prevent BGP hijacking (9 apr)
https://www.bleepingcomputer.com/news/security/all-dutch-govt-networks-to-use-rpki-to-prevent-bgp-hijacking/

Thieves are hacking into cars through their headlights, experts warn (9 apr)
https://www.telegraph.co.uk/business/2023/04/09/thieves-hacking-cars-through-headlights/

Debatt: “Här är den svaga punkten för Sveriges beredskap” (10 apr)
https://www.dn.se/debatt/har-ar-den-svaga-punkten-for-sveriges-beredskap/

Microsoft Exchange Server 2013 Reaches End of Support (11 apr)
https://www.securityweek.com/microsoft-exchange-server-2013-reaches-end-of-support/

FBI & FCC Warn on ‘Juice Jacking’ at Public Chargers, but What’s the Risk? (12 apr)
https://www.darkreading.com/ics-ot/fbi-fcc-warn-juice-jacking-public-chargers-risk

CISA: Security-by-Design and -Default (13 apr)
https://www.cisa.gov/resources-tools/resources/secure-by-design-and-default

Svenska operatörer tvingas blockera tre piratsajter (14 apr)
https://computersweden.idg.se/2.2683/1.778227/svenska-operatorer-tvingas-blockera-tre-piratsajter

Rapporter

March 2023’s Most Wanted Malware: New Emotet Campaign Bypasses Microsoft Blocks to Distribute Malicious OneNote Files (10 apr)
https://blog.checkpoint.com/security/march-2023s-most-wanted-malware-new-emotet-campaign-bypasses-microsoft-blocks-to-distribute-malicious-onenote-files/

‘Blatantly Obvious’: Spyware Offered to Cyberattackers via PyPI Python Repository (11 apr)
https://www.darkreading.com/vulnerabilities-threats/spyware-offered-cyberattackers-pypi-python-repository

Azure admins warned to disable shared key access as backdoor attack detailed (11 apr)
https://www.theregister.com/2023/04/11/orca_azure_access_keys/

https://orca.security/resources/blog/azure-shared-key-authorization-exploitation/

The Tipping Point: Exploring the Surge in IoT Cyberattacks Globally (11 apr)
https://blog.checkpoint.com/security/the-tipping-point-exploring-the-surge-in-iot-cyberattacks-plaguing-the-education-sector/

DDoS threat report for 2023 Q1 (11 apr)
https://blog.cloudflare.com/ddos-threat-report-2023-q1/

Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign (11 apr)
https://www.microsoft.com/en-us/security/blog/2023/04/11/guidance-for-investigating-attacks-using-cve-2022-21894-the-blacklotus-campaign/

Why is Source Address Validation Still a Problem? (12 apr)
https://www.manrs.org/2023/04/why-is-source-address-validation-still-a-problem/

Following the Lazarus group by tracking DeathNote campaign (12 apr)
https://securelist.com/the-lazarus-group-deathnote-campaign/109490/

LastPass Breach Reveals Important Lessons (12 apr)
https://www.darkreading.com/attacks-breaches/lastpass-breach-reveals-important-lessons

Ransomware in the UK, April 2022–March 2023 (12 apr)
https://www.malwarebytes.com/blog/threat-intelligence/2023/04/ransomware-review-uk

Money Ransomware: The Latest Double Extortion Group (12 apr)
https://yoroi.company/research/money-ransomware-the-latest-double-extortion-group/

Legion: an AWS Credential Harvester and SMTP Hijacker (13 apr)
https://www.cadosecurity.com/legion-an-aws-credential-harvester-and-smtp-hijacker/

CERT-SE i veckan

Adobes månatliga säkerhetsuppdateringar för april

SAP:s månatliga säkerhetsuppdateringar för april

Fortinets månatliga säkerhetsuppdateringar för april

Kritiska sårbarheter i Javascriptbiblioteket vm2

Microsofts månatliga säkerhetsuppdateringar för april 2023