CERT-SE:s veckobrev v.18

Veckobrev

Veckans skörd av nyheter om it-säkerhet och angränsande ämnen. Bland dessa finns flera artiklar om driftstörningar för webbplatser tillhörande samhällsviktig verksamhet i Sverige. Vi vill även svinga en ljussabel för World Password Day som ägde rum den 4 maj.

Tips: Det går fortfarande att anmäla digitalt deltagande på MSB:s årliga NIS-konferens som äger rum 10 maj: https://www.delegia.com/app/attendee/new_registration.asp?PROJECTID=19571&REGLINEID=111977

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Svenska kyrkans konton kapade på Facebook (30 apr)
https://www.aftonbladet.se/nyheter/a/O8eOAO/svenska-kyrkans-konton-kapade-pa-facebook

CISA Adds Three Known Exploited Vulnerabilities to Catalog (1 maj)
https://www.cisa.gov/news-events/alerts/2023/05/01/cisa-adds-three-known-exploited-vulnerabilities-catalog

IT giant Bitmarck shuts down customer, internal systems after cyberattack (1 maj)
https://www.theregister.com/2023/05/01/bitmarck_data_breach/
https://www.bitmarck.de/infothek/faq-cyberangriff

T-Mobile suffered the second data breach in 2023 (1 maj)
https://securityaffairs.com/145590/data-breach/t-mobile-second-data-breach-2022.html

ChatGPT Confirms Data Breach, Raising Security Concerns (2 maj)
https://securityintelligence.com/articles/chatgpt-confirms-data-breach/?c=Artificial

Medusa ransomware gang leaks students’ psychological reports and abuse allegations (2 maj)
https://www.bitdefender.com/blog/hotforsecurity/medusa-ransomware-gang-leaks-students-psychological-reports-and-abuse-allegations/

FBI seizes 9 crypto exchanges used to launder ransomware payments (2 maj)
https://www.bleepingcomputer.com/news/security/fbi-seizes-9-crypto-exchanges-used-to-launder-ransomware-payments/
https://www.justice.gov/usao-edmi/pr/fbi-disrupts-virtual-currency-exchanges-used-facilitate-criminal-activity

TT utsatt för DDOS-attack (2 maj)
https://www.dagensmedia.se/medier/dagspress/tt-utsatt-for-ddos-attack/

Riksdagens hemsida fungerar åter (3 maj)
https://www.svt.se/nyheter/inrikes/riksdagens-hemsida-ligger-nere-1

Driftstörningar för Trafikverket (3 maj)
https://www.aftonbladet.se/nyheter/a/Rr77qd/aftonbladet-direkt?pinnedEntry=1112598

City of Dallas hit by Royal ransomware attack impacting IT services (3 maj)
https://www.bleepingcomputer.com/news/security/city-of-dallas-hit-by-royal-ransomware-attack-impacting-it-services/

PTS drabbat av överbelastningsattack: ”En del e-tjänster påverkas” (3 maj)
https://telekomidag.se/pts-drabbat-av-overbelastningsattack/

Brightline data breach impacts 783K pediatric mental health patients (3 maj)
https://www.bleepingcomputer.com/news/security/brightline-data-breach-impacts-783k-pediatric-mental-health-patients/

Italian water supplier serving 500,000 people hit with ransomware attack (3 maj)
https://therecord.media/italian-water-supplier-ransomware-attack-disruptions-medusa

Ransomware gang hijacks university alert system to issue threats (4 maj)
https://www.bleepingcomputer.com/news/security/ransomware-gang-hijacks-university-alert-system-to-issue-threats/

Meta Takes Down Malware Campaign That Used ChatGPT as a Lure to Steal Accounts (4 maj)
https://thehackernews.com/2023/05/meta-takes-down-malware-campaign-that.html

Tennessee health system stops all operations amid cyberattack recovery (4 maj)
https://www.scmagazine.com/news/breach/tennessee-health-system-stops-all-operations-amid-cyberattack-recovery

Myndigheter utsatta för it-angrepp (4 maj)
https://www.sydsvenskan.se/2023-05-04/myndigheter-utsatta-for-it-angrepp

Informationssäkerhet och blandat

OpenAI: ChatGPT back in Italy after meeting watchdog demands (28 apr)
https://apnews.com/article/chatgpt-openai-data-privacy-italy-b9ab3d12f2b2cfe493237fd2b9675e21

Cyberexperten om nya ransomware-vågen: ”Backuperna det första de ger sig på” (2 maj)
https://computersweden.idg.se/2.2683/1.778565/cyberexperten-om-nya-ransomware-vagen-backuperna-det-forsta-de-ger-sig-pa

An Update on the Lock Icon (2 maj)
https://blog.chromium.org/2023/05/an-update-on-lock-icon.html

Tor Project, LGBTQ groups and CDT sound alarm over efforts to weaken encryption (3 maj)
https://www.scmagazine.com/news/privacy/dozens-of-press-digital-rights-groups-urge-governments-not-to-weaken-encryption

Prosecutors Argue for 15 Months in Jail for Uber CISO (3 maj)
https://securityboulevard.com/2023/05/prosecutors-argue-for-15-months-in-jail-for-uber-ciso/

FTC says Facebook broke terms of $5B data privacy settlement (3 maj)
https://www.scmagazine.com/news/privacy/ftc-facebook-broke-terms-5b-data-privacy-settlement

Welsh Government announces Cyber Action Plan (4 maj)
https://governmentbusiness.co.uk/news/04052023/welsh-government-announces-cyber-action-plan

World Password Day: 2 + 2 = 4 (4 maj)
https://nakedsecurity.sophos.com/2023/05/04/world-password-day-2-2-4/

Rapporter

SANS Reveals Top 5 Most Dangerous Cyberattacks for 2023 (27 apr)
https://www.darkreading.com/attacks-breaches/sans-lists-top-5-most-dangerous-cyberattacks-in-2023

Quick IOC Scan With Docker (28 apr)
https://isc.sans.edu/diary/Quick+IOC+Scan+With+Docker/29788/

Recent Trends in Internet Threats: Common Industries Impersonated in Phishing Attacks, Web Skimmer Analysis and More (28 apr)
https://unit42.paloaltonetworks.com/internet-threats-late-2022/

Rapture, a Ransomware Family With Similarities to Paradise (28 apr)
https://www.trendmicro.com/en_us/research/23/d/rapture-a-ransomware-family-with-similarities-to-paradise.html

Researchers Uncover New BGP Flaws in Popular Internet Routing Protocol Software (2 maj)
https://thehackernews.com/2023/05/researchers-uncover-new-bgp-flaws-in.html

Global Cyber Risk Lowers to Moderate Level in 2H’ 2022 (2 maj)
https://www.trendmicro.com/en_us/research/23/e/global-cyber-risk-level-2h-2022.html

A doubled “Dragon Breath” adds new air to DLL sideloading attacks (3 maj)
https://news.sophos.com/en-us/2023/05/03/doubled-dll-sideloading-dragon-breath/

Threat Spotlight: Proportion of malicious HTML attachments doubles within a year (3 maj)
https://blog.barracuda.com/2023/05/03/threat-spotlight-malicious-html-attachments-doubles/

Legitimate Software Abuse: A Disturbing Trend in Ransomware Attacks (3 maj)
https://www.darkreading.com/application-security/legitimate-software-abuse-a-disturbing-trend-in-ransomware-attacks

Infostealer Embedded in a Word Document (4 maj)
https://isc.sans.edu/diary/rss/29810

Subscription Trojan Downloaded 600K Times From Google Play (5 maj)
https://www.infosecurity-magazine.com/news/subscription-trojan-downloaded/

CERT-SE i veckan

Råd gällande förebyggande och hantering av överbelastningsangrepp