CERT-SE:s veckobrev v.17
Veckans nyhetsflöde bjuder på gott och blandat. Rapportering om den svensk-isländska segern i Locked Shields, en artikel som kartlägger de senaste 25 åren på internet och ett antal kvartalsrapporter om de senaste trenderna inom cybervärlden.
Trevlig läsning och glad valborgshelg önskar CERT-SE!
Nyheter i veckan
Kubernetes RBAC abused to create persistent cluster backdoors (21 apr)
https://www.bleepingcomputer.com/news/security/kubernetes-rbac-abused-to-create-persistent-cluster-backdoors/
Capita admits data stolen during cyberattack (21 apr)
https://www.scmagazine.com/analysis/ransomware/capita-admits-data-stolen-during-cyberattack
The Internet twenty-five years later (21 apr)
https://blog.apnic.net/2023/04/21/the-internet-twenty-five-years-later/
NATO Allies and Partners take part in world’s largest cyber defence exercise (21 apr)
https://www.nato.int/cps/en/natohq/news_214144.htm
Sweden-Iceland Joint Team Emerges on Top of Locked Shields 2023 Cyber (21 apr)
https://ccdcoe.org/news/2023/sweden-iceland-joint-team-emerges-on-top-of-locked-shields-2023-cyber-defense-exercise/
Försvarsmaktens lag vann världens största cybersäkerhetsövning (21 apr)
https://www.forsvarsmakten.se/sv/aktuellt/2023/04/forsvarsmaktens-lag-vann-varldens-storsta-cybersakerhetsovning/
European air traffic control confirms website ‘under attack’ by pro-Russia hackers (22 apr)
https://www.theregister.com/2023/04/22/eurocontrol_russia_attack/
Decoy Dog malware toolkit found after analyzing 70 billion DNS queries (23 apr)
https://www.bleepingcomputer.com/news/security/decoy-dog-malware-toolkit-found-after-analyzing-70-billion-dns-queries/
Cloud Complexity Means Bugs Are Missed in Testing (24 apr)
https://www.infosecurity-magazine.com/news/cloud-complexity-means-bugs-missed/
Over 70 billion unprotected files available on unsecured web servers (24 apr)
https://www.helpnetsecurity.com/2023/04/24/critical-cybersecurity-exposures/
US Navy Contractor Fincantieri Marine Group Hit by Cyber-Attack (24 apr)
https://www.infosecurity-magazine.com/news/us-navy-contractor-cyberattack/
Yellow Pages Canada confirms cyber attack as Black Basta leaks data (24 apr)
https://www.bleepingcomputer.com/news/security/yellow-pages-canada-confirms-cyber-attack-as-black-basta-leaks-data/
Microsoft pledges support to EU Cybersecurity Skills Academy (24 apr)
https://blogs.microsoft.com/eupolicy/2023/04/25/microsoft-eu-cybersecurity-skills-academy/
U.S. Sent Teams into Foreign Networks to Hunt SolarWinds, Microsoft Hackers (24 apr)
https://www.wsj.com/articles/u-s-sent-teams-into-foreign-networks-to-hunt-solarwinds-microsoft-hackers-f71341f3
Hackers Exploit Outdated WordPress Plugin to Backdoor Thousands of WordPress Sites (24 apr)
https://thehackernews.com/2023/04/hackers-exploit-outdated-wordpress.html
New All-in-One “EvilExtractor” Stealer for Windows Systems Surfaces on the Dark Web (24 apr)
https://thehackernews.com/2023/04/new-all-in-one-evilextractor-stealer.html
FBI och Europol bakom insats i region Bergslagen – en person misstänkt (24 apr)
https://www.svt.se/nyheter/lokalt/varmland/fbi-och-europol-bakom-insats-i-region-bergslagen-en-person-misstankt
Region Bergslagen med i internationell insats mot illegal marknadsplats (24 apr)
https://polisen.se/aktuellt/pressmeddelanden/2023/april/region-bergslagen-med-i-internationell-insats–mot-cyberbrottslighet/
VirusTotal now has an AI-powered malware analysis feature (24 apr)
https://www.bleepingcomputer.com/news/security/virustotal-now-has-an-ai-powered-malware-analysis-feature/
Huntress: Most PaperCut Installations Not Patched Against Already-Exploited Security Flaw (24 apr)
https://www.securityweek.com/huntress-most-papercut-installations-not-patched-against-already-exploited-security-flaw/
Intel CPUs vulnerable to new transient execution side-channel attack (24 apr)
https://www.bleepingcomputer.com/news/security/intel-cpus-vulnerable-to-new-transient-execution-side-channel-attack/
Millions of Artifacts, Misconfigured Enterprise Software Registries Are Ripe for Pwning (25 apr)
https://www.darkreading.com/application-security/millions-artifacts-misconfigured-enterprise-software-registries-pwning
So you think you can block Macros? (25 apr)
https://outflank.nl/blog/2023/04/25/so-you-think-you-can-block-macros/
Attackers are logging in instead of breaking in (25 apr)
https://www.helpnetsecurity.com/2023/04/25/attacks-dwell-time/
Särskild utredningsgrupp vid polisen tar sig an komplexa cyberbrott (25 apr)
https://www.svt.se/nyheter/lokalt/varmland/sarskild-utredningsgrupp-vid-polisen-tar-sig-an-komplexa-cyberbrott
Microsoft Edge is leaking the sites you visit to Bing (25 apr)
https://www.theverge.com/2023/4/25/23697532/microsoft-edge-browser-url-leak-bing-privacy
Abuse of the Service Location Protocol May Lead to DoS Attacks (25 apr)
https://www.cisa.gov/news-events/alerts/2023/04/25/abuse-service-location-protocol-may-lead-dos-attacks
Students’ psychological reports, abuse allegations leaked by ransomware hackers (26 apr)
https://www.nbcnews.com/tech/security/students-psychological-reports-abuse-allegations-leaked-ransomware-hac-rcna79414
US National Cyber Director: Fending off cyber threats in space is ‘urgent,’ needs ‘high level attention’ (26 apr)
https://www.theregister.com/2023/04/26/kemba_walden_cybersecurity_space/
Debattartikel: ”FRA får ta över ansvaret för Sveriges cybersäkerhet” (26 apr)
https://www.dn.se/debatt/fra-far-ta-over-ansvaret-for-sveriges-cybersakerhet/
Skellefteås rekryteringssystem ur funktion efter hackerattack (26 apr)
https://www.svt.se/nyheter/lokalt/vasterbotten/skellefteas-rekryteringssystem-ur-funktion
Driftstörningar i rekryteringsverktyget Visma Recruit (27 apr)
https://www.orebronyheter.com/driftstorningar-i-rekryteringsverktyget-visma-recruit/
Misstänkt cyberattack mot rekryteringssystem – Enköping drabbad (28 apr)
https://sverigesradio.se/artikel/misstankt-cyberattack-mot-rekryteringssystem-enkoping-drabbad
Ineffektivt arbete för att stärka informations- och cybersäkerheten (27 apr)
https://www.riksrevisionen.se/om-riksrevisionen/kommunikation-och-media/nyhetsarkiv/2023-04-27-ineffektivt-arbete-for-att-starka-informations–och-cybersakerheten.html
Regeringens styrning av samhällets informations- och cybersäkerhet − både brådskande och viktig (27 apr)
https://www.riksrevisionen.se/rapporter/granskningsrapporter/2023/regeringens-styrning-av-samhallets-informations–och-cybersakerhet—bade-bradskande-och-viktig.html
Combating Kubernetes — the Newest IAM Challenge (27 apr)
https://www.darkreading.com/attacks-breaches/combating-kubernetes-the-newest-iam-challenge-
How Long Does It Take AI to Crack Your Password? You’d Be Surprised (27 apr)
https://www.makeuseof.com/how-long-for-ai-crack-password/
RTM Locker’s First Linux Ransomware Strain Targeting NAS and ESXi Hosts (27 apr)
https://thehackernews.com/2023/04/rtm-lockers-first-linux-ransomware.html
SANS Reveals Top 5 Most Dangerous Cyberattacks for 2023 (27 apr)
https://www.darkreading.com/attacks-breaches/sans-lists-top-5-most-dangerous-cyberattacks-in-2023
Rapporter
Rapport: Threat Intelligence Report (24 apr)
https://research.checkpoint.com/2023/24th-april-threat-intelligence-report/
F-Secure rapport: Cyberhoten blir allt mer personliga (26 apr)
https://www.aktuellsakerhet.se/rapport-cyberhoten-blir-allt-mer-personliga/
Rapport: F-Secured Annual Threat Guide 2023
https://assets.f-secure.com/p/f-secured/annual-threats-guide-2023.pdf
Cisco Talos Intelligence rapport: Incident Response Trends in Q1 2023 (26 apr)
https://blog.talosintelligence.com/quarterly-report-incident-response-trends-in-q1-2023/
Security Risks of AI (27 apr)
https://www.schneier.com/blog/archives/2023/04/security-risks-of-ai.html
Adversarial Machine Learning and Cybersecurity: Risks, Challenges, and Legal Implications
https://fsi9-prod.s3.us-west-1.amazonaws.com/s3fs-public/2023-04/adversarial_machine_learning_and_cybersecurity_v7_pdf_1.pdf
Informationssäkerhet och övrigt
Data Breach at American Bar Association exposes credentials of over 1.4 million members (24 apr)
https://www.bitdefender.com/blog/hotforsecurity/data-breach-at-american-bar-association-exposes-credentials-of-over-1-4-million-members/
Why you shouldn’t turn on Google Authenticator’s cloud sync feature (26 apr)
https://www.ghacks.net/2023/04/26/why-you-shouldnt-turn-on-google-authenticators-cloud-sync-feature/
Sanktionsavgift mot Region Skåne (27 apr)
https://www.imy.se/nyheter/sanktionsavgift-mot-region-skane/
Morse Code Day (27 apr)
https://nationaltoday.com/morse-code-day/
Many Public Salesforce Sites are Leaking Private Data (27 apr)
https://krebsonsecurity.com/2023/04/many-public-salesforce-sites-are-leaking-private-data/