Publicerad: 2023-04-28 14:07

CERT-SE:s veckobrev v.17

Veckans nyhetsflöde bjuder på gott och blandat. Rapportering om den svensk-isländska segern i Locked Shields, en artikel som kartlägger de senaste 25 åren på internet och ett antal kvartalsrapporter om de senaste trenderna inom cybervärlden.

Trevlig läsning och glad valborgshelg önskar CERT-SE!

Nyheter i veckan

Kubernetes RBAC abused to create persistent cluster backdoors (21 apr)
https://www.bleepingcomputer.com/news/security/kubernetes-rbac-abused-to-create-persistent-cluster-backdoors/

Capita admits data stolen during cyberattack (21 apr)
https://www.scmagazine.com/analysis/ransomware/capita-admits-data-stolen-during-cyberattack

The Internet twenty-five years later (21 apr)
https://blog.apnic.net/2023/04/21/the-internet-twenty-five-years-later/

NATO Allies and Partners take part in world’s largest cyber defence exercise (21 apr)
https://www.nato.int/cps/en/natohq/news_214144.htm

Sweden-Iceland Joint Team Emerges on Top of Locked Shields 2023 Cyber (21 apr)
https://ccdcoe.org/news/2023/sweden-iceland-joint-team-emerges-on-top-of-locked-shields-2023-cyber-defense-exercise/

Försvarsmaktens lag vann världens största cybersäkerhetsövning (21 apr)
https://www.forsvarsmakten.se/sv/aktuellt/2023/04/forsvarsmaktens-lag-vann-varldens-storsta-cybersakerhetsovning/

European air traffic control confirms website ‘under attack’ by pro-Russia hackers (22 apr)
https://www.theregister.com/2023/04/22/eurocontrol_russia_attack/

Decoy Dog malware toolkit found after analyzing 70 billion DNS queries (23 apr)
https://www.bleepingcomputer.com/news/security/decoy-dog-malware-toolkit-found-after-analyzing-70-billion-dns-queries/

Cloud Complexity Means Bugs Are Missed in Testing (24 apr)
https://www.infosecurity-magazine.com/news/cloud-complexity-means-bugs-missed/

Over 70 billion unprotected files available on unsecured web servers (24 apr)
https://www.helpnetsecurity.com/2023/04/24/critical-cybersecurity-exposures/

US Navy Contractor Fincantieri Marine Group Hit by Cyber-Attack (24 apr)
https://www.infosecurity-magazine.com/news/us-navy-contractor-cyberattack/

Yellow Pages Canada confirms cyber attack as Black Basta leaks data (24 apr)
https://www.bleepingcomputer.com/news/security/yellow-pages-canada-confirms-cyber-attack-as-black-basta-leaks-data/

Microsoft pledges support to EU Cybersecurity Skills Academy (24 apr)
https://blogs.microsoft.com/eupolicy/2023/04/25/microsoft-eu-cybersecurity-skills-academy/

U.S. Sent Teams into Foreign Networks to Hunt SolarWinds, Microsoft Hackers (24 apr)
https://www.wsj.com/articles/u-s-sent-teams-into-foreign-networks-to-hunt-solarwinds-microsoft-hackers-f71341f3

Hackers Exploit Outdated WordPress Plugin to Backdoor Thousands of WordPress Sites (24 apr)
https://thehackernews.com/2023/04/hackers-exploit-outdated-wordpress.html

New All-in-One “EvilExtractor” Stealer for Windows Systems Surfaces on the Dark Web (24 apr)
https://thehackernews.com/2023/04/new-all-in-one-evilextractor-stealer.html

FBI och Europol bakom insats i region Bergslagen – en person misstänkt (24 apr)
https://www.svt.se/nyheter/lokalt/varmland/fbi-och-europol-bakom-insats-i-region-bergslagen-en-person-misstankt

Region Bergslagen med i internationell insats mot illegal marknadsplats (24 apr)
https://polisen.se/aktuellt/pressmeddelanden/2023/april/region-bergslagen-med-i-internationell-insats–mot-cyberbrottslighet/

VirusTotal now has an AI-powered malware analysis feature (24 apr)
https://www.bleepingcomputer.com/news/security/virustotal-now-has-an-ai-powered-malware-analysis-feature/

Huntress: Most PaperCut Installations Not Patched Against Already-Exploited Security Flaw (24 apr)
https://www.securityweek.com/huntress-most-papercut-installations-not-patched-against-already-exploited-security-flaw/

Intel CPUs vulnerable to new transient execution side-channel attack (24 apr)
https://www.bleepingcomputer.com/news/security/intel-cpus-vulnerable-to-new-transient-execution-side-channel-attack/

Millions of Artifacts, Misconfigured Enterprise Software Registries Are Ripe for Pwning (25 apr)
https://www.darkreading.com/application-security/millions-artifacts-misconfigured-enterprise-software-registries-pwning

So you think you can block Macros? (25 apr)
https://outflank.nl/blog/2023/04/25/so-you-think-you-can-block-macros/

Attackers are logging in instead of breaking in (25 apr)
https://www.helpnetsecurity.com/2023/04/25/attacks-dwell-time/

Särskild utredningsgrupp vid polisen tar sig an komplexa cyberbrott (25 apr)
https://www.svt.se/nyheter/lokalt/varmland/sarskild-utredningsgrupp-vid-polisen-tar-sig-an-komplexa-cyberbrott

Microsoft Edge is leaking the sites you visit to Bing (25 apr)
https://www.theverge.com/2023/4/25/23697532/microsoft-edge-browser-url-leak-bing-privacy

Abuse of the Service Location Protocol May Lead to DoS Attacks (25 apr)
https://www.cisa.gov/news-events/alerts/2023/04/25/abuse-service-location-protocol-may-lead-dos-attacks

Students’ psychological reports, abuse allegations leaked by ransomware hackers (26 apr)
https://www.nbcnews.com/tech/security/students-psychological-reports-abuse-allegations-leaked-ransomware-hac-rcna79414

US National Cyber Director: Fending off cyber threats in space is ‘urgent,’ needs ‘high level attention’ (26 apr)
https://www.theregister.com/2023/04/26/kemba_walden_cybersecurity_space/

Debattartikel: ”FRA får ta över ansvaret för Sveriges cybersäkerhet” (26 apr)
https://www.dn.se/debatt/fra-far-ta-over-ansvaret-for-sveriges-cybersakerhet/

Skellefteås rekryteringssystem ur funktion efter hackerattack (26 apr)
https://www.svt.se/nyheter/lokalt/vasterbotten/skellefteas-rekryteringssystem-ur-funktion

Driftstörningar i rekryteringsverktyget Visma Recruit (27 apr)
https://www.orebronyheter.com/driftstorningar-i-rekryteringsverktyget-visma-recruit/

Misstänkt cyberattack mot rekryteringssystem – Enköping drabbad (28 apr)
https://sverigesradio.se/artikel/misstankt-cyberattack-mot-rekryteringssystem-enkoping-drabbad

Ineffektivt arbete för att stärka informations- och cybersäkerheten (27 apr)
https://www.riksrevisionen.se/om-riksrevisionen/kommunikation-och-media/nyhetsarkiv/2023-04-27-ineffektivt-arbete-for-att-starka-informations–och-cybersakerheten.html

Regeringens styrning av samhällets informations- och cybersäkerhet − både brådskande och viktig (27 apr)
https://www.riksrevisionen.se/rapporter/granskningsrapporter/2023/regeringens-styrning-av-samhallets-informations–och-cybersakerhet—bade-bradskande-och-viktig.html

Combating Kubernetes — the Newest IAM Challenge (27 apr)
https://www.darkreading.com/attacks-breaches/combating-kubernetes-the-newest-iam-challenge-

How Long Does It Take AI to Crack Your Password? You’d Be Surprised (27 apr)
https://www.makeuseof.com/how-long-for-ai-crack-password/

RTM Locker’s First Linux Ransomware Strain Targeting NAS and ESXi Hosts (27 apr)
https://thehackernews.com/2023/04/rtm-lockers-first-linux-ransomware.html

SANS Reveals Top 5 Most Dangerous Cyberattacks for 2023 (27 apr)
https://www.darkreading.com/attacks-breaches/sans-lists-top-5-most-dangerous-cyberattacks-in-2023

Rapporter

Rapport: Threat Intelligence Report (24 apr)
https://research.checkpoint.com/2023/24th-april-threat-intelligence-report/

F-Secure rapport: Cyberhoten blir allt mer personliga (26 apr)
https://www.aktuellsakerhet.se/rapport-cyberhoten-blir-allt-mer-personliga/

Rapport: F-Secured Annual Threat Guide 2023
https://assets.f-secure.com/p/f-secured/annual-threats-guide-2023.pdf

Cisco Talos Intelligence rapport: Incident Response Trends in Q1 2023 (26 apr)
https://blog.talosintelligence.com/quarterly-report-incident-response-trends-in-q1-2023/

Security Risks of AI (27 apr)
https://www.schneier.com/blog/archives/2023/04/security-risks-of-ai.html

Adversarial Machine Learning and Cybersecurity: Risks, Challenges, and Legal Implications
https://fsi9-prod.s3.us-west-1.amazonaws.com/s3fs-public/2023-04/adversarial_machine_learning_and_cybersecurity_v7_pdf_1.pdf

Informationssäkerhet och övrigt

Data Breach at American Bar Association exposes credentials of over 1.4 million members (24 apr)
https://www.bitdefender.com/blog/hotforsecurity/data-breach-at-american-bar-association-exposes-credentials-of-over-1-4-million-members/

Why you shouldn’t turn on Google Authenticator’s cloud sync feature (26 apr)
https://www.ghacks.net/2023/04/26/why-you-shouldnt-turn-on-google-authenticators-cloud-sync-feature/

Sanktionsavgift mot Region Skåne (27 apr)
https://www.imy.se/nyheter/sanktionsavgift-mot-region-skane/

Morse Code Day (27 apr)
https://nationaltoday.com/morse-code-day/

Many Public Salesforce Sites are Leaking Private Data (27 apr)
https://krebsonsecurity.com/2023/04/many-public-salesforce-sites-are-leaking-private-data/

CERT-SE i veckan

Kritiska sårbarheter i VMware Workstation och Fusion

Kritisk sårbarhet i Zyxel-brandväggar

Kontakta oss - dygnet runt

CERT-SE är tillgängliga dygnet runt alla dagar på året för att kunna agera och inom vårt uppdrag hjälpa verksamheter som har drabbats av it-säkerhetsincidenter.

telefon

010-240 40 40

e-post

cert@cert.se

Fler nyheter

2024-04-19 14:07

CERT-SE:s veckobrev v.16

Denna vecka gick CERT-SE ut med årets andra blixtmeddelande, gällande en kritisk sårbarhet i Palo Alto...

Veckobrev
2024-04-19 13:06 Uppdaterad

Kritiska sårbarheter i Ivanti Avalanche

Ivanti har rättat flera sårbarheter i Avalanche, varav två bedöms som kritiska. De kan kan orsaka...

Sårbarhet Ivanti Avalanche
2024-04-18 16:25

Oracles kvartalsvisa säkerhetsuppdatering för april 2024

Oracle har publicerat sina kvartalsvisa säkerhetsuppdateringar för april. Säkerhetsuppdateringarna berör ett stort antal produkter. Totalt publiceras...

Sårbarhet Oracle
2024-04-18 15:16

Allvarlig sårbarhet i Cisco IMC

En sårbarhet i CLI (command line interface) i Cisco IMC möjliggör för en autentiserad användare att...

Sårbarhet Cisco
2024-04-18 14:00 Uppdaterad Blixtmeddelande

BM24-002 Kritisk sårbarhet i PAN-OS

Palo Alto varnar om en kritisk sårbarhet i PAN-OS. Sårbarheten har fått maximal CVSS-klassning, 10 av...

Blixtmeddelande PAN-OS Palo Alto

Nyheter