CERT-SE:s veckobrev v.16

Veckobrev

Veckobrevet bjuder på blandad kompott. Trevlig helg önskar CERT-SE!

Nyheter i veckan

Android malware infiltrates 60 Google Play apps with 100M installs (15 apr)
https://www.bleepingcomputer.com/news/security/android-malware-infiltrates-60-google-play-apps-with-100m-installs/

CISA warns of Android bug exploited by Chinese app to spy on users (16 apr)
https://www.bleepingcomputer.com/news/security/cisa-warns-of-android-bug-exploited-by-chinese-app-to-spy-on-users/

LockBit ransomware encryptors found targeting Mac devices (16 apr)
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-encryptors-found-targeting-mac-devices/

Driftstörning hos Handelsbanken (17 apr)
https://www.expressen.se/ekonomi/driftstorning-hos-handelsbanken-/

Bank-cio får miljonböter efter it-haveri (17 apr)
https://cio.idg.se/2.1782/1.778280/bank-cio-far-miljonboter-efter-it-haveri

New QBot email attacks use PDF and WSF combo to install malware (17 apr)
https://www.bleepingcomputer.com/news/security/new-qbot-email-attacks-use-pdf-and-wsf-combo-to-install-malware/

Åbro igång efter attacken – övervägde aldrig att betala lösesumman (18 apr)
https://computersweden.idg.se/2.2683/1.778285/abro-bryggeri-igang-igen-efter-attack–overvagde-aldrig-att-betala-losesumman

Criminal Records Service still disrupted 4 weeks after hack (20 apr)
https://www.bbc.com/news/technology-65324125

Trigona Ransomware targets Microsoft SQL servers (20 apr)
https://securityaffairs.com/145036/cyber-crime/trigona-ransomware-targets-microsoft-sql-servers.html

The Huge 3CX Breach Was Actually 2 Linked Supply Chain Attacks (20 apr)
https://www.wired.com/story/3cx-supply-chain-attack-times-two/

3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible (20 apr)
https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise

Informationssäkerhet och blandat

APT28 exploits known vulnerability to carry out reconnaissance and deploy malware on Cisco routers
https://www.ncsc.gov.uk/news/apt28-exploits-known-vulnerability-to-carry-out-reconnaissance-and-deploy-malware-on-cisco-routers

How to write an effective ransomware playbook
https://red-goat.com/how-to-write-an-effective-ransomware-playbook/

NCSC warns of emerging threat to critical national infrastructure
https://www.ncsc.gov.uk/news/ncsc-warns-of-emerging-threat-to-critical-national-infrastructure

Microsoft shifts to a new threat actor naming taxonomy (18 apr)
https://www.microsoft.com/en-us/security/blog/2023/04/18/microsoft-shifts-to-a-new-threat-actor-naming-taxonomy/

Beyond CVEs: The Key to Mitigating High-Risk Security Exposures (18 apr)
https://www.darkreading.com/vulnerabilities-threats/beyond-cves-the-key-to-mitigating-high-risk-security-exposures

They were investigating a mass kidnapping. Then their iPhones were hacked. (18 apr)
https://www.washingtonpost.com/technology/2023/04/18/nso-apple-iphones-citizen-lab/

Unit 42 släpper sin största undersökning om cyberhot mot molnet (18 apr)
https://www.aktuellsakerhet.se/unit-42-slapper-sin-storsta-undersokning-om-cyberhot-mot-molnet/

Unit 42 Cloud Threat Report, Volume 7
https://start.paloaltonetworks.com/unit-42-cloud-threat-report-volume-7

Cyber: towards stronger EU capabilities for effective operational cooperation, solidarity and resilience (18 apr)
https://ec.europa.eu/commission/presscorner/detail/en/ip_23_2243

Ransomware victims at all-time high, with 91% increase in March – NCC Group (19 apr)
https://itsecuritywire.com/news/ransomware-victims-at-all-time-high-with-91-increase-in-march-ncc-group/

Cybersecurity Best Practices for Smart Cities (19 apr)
https://www.cisa.gov/resources-tools/resources/cybersecurity-best-practices-smart-cities

Used routers often come loaded with corporate secrets (19 apr)
https://arstechnica.com/information-technology/2023/04/used-routers-often-come-loaded-with-corporate-secrets/

Cyber security begins at school (21 apr)
https://www.itpro.com/business/careers-and-training/cyber-security-begins-at-school

CERT-SE i veckan

Kritisk sårbarhet i VMware Aria Operations for Logs

Säkerhetsuppdateringar från Cisco

Oracles kvartalsvisa säkerhetsuppdatering för april 2023