Publicerad: 2023-05-12 14:53

CERT-SE:s veckobrev v.19

Veckans svep bjuder på blandad läsning med nyheter och fördjupningar. Det har även varit patchtisdag vilket CERT-SE uppmärksammat med flera publiceringar om viktiga säkerhetsuppdateringar, se länkar till dem längst ned.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Ny våg av cyberattacker mot svenska hemsidor (5 maj)
https://sverigesradio.se/artikel/ny-vag-av-cyberattacker-mot-svenska-hemsidor

Ny lokal sårbarhet i Linux Netfilter (5 maj)
https://kryptera.se/ny-lokal-sarbarhet-i-linux-netfilter/

Deconstructing a Cybersecurity Event (5 maj)
https://www.dragos.com/blog/deconstructing-a-cybersecurity-event/

Meet Akira — A new ransomware operation targeting the enterprise (7 maj)
https://www.bleepingcomputer.com/news/security/meet-akira-a-new-ransomware-operation-targeting-the-enterprise/

IT-problem hos flera myndigheter – “Felsöker” (7 maj)
https://sverigesradio.se/artikel/polisens-it-problem-felsoker

https://computersweden.idg.se/2.2683/1.778858/it-strul-pa-flera-hall-i-sverige–skatteverket-utsatt-for-angrepp

CERT-UA Warns of SmokeLoader and RoarBAT Malware Attacks Against Ukraine (8 maj)
https://thehackernews.com/2023/05/cert-ua-warns-of-smokeloader-and.html

T-Mobile US suffers second data theft within months (8 maj)
https://www.theregister.com/2023/05/08/in_brief_security/

Cyberattacks on health care are increasing. Inside one hospital’s fight to recover (8 maj)
https://www.npr.org/sections/health-shots/2023/05/08/1172569347/cyberattacks-on-health-care-are-increasing-inside-one-hospitals-fight-to-recover

FBI seizes 13 more domains linked to DDoS-for-hire services (8 maj)
https://www.bleepingcomputer.com/news/security/fbi-seizes-13-more-domains-linked-to-ddos-for-hire-services/

NextGen Healthcare says hackers accessed personal data of more than 1 million patients (8 maj)
https://techcrunch.com/2023/05/08/nextgen-healthcare-data-breach/

Intel investigating leak of Intel Boot Guard private keys after MSI breach (8 maj)
https://www.bleepingcomputer.com/news/security/intel-investigating-leak-of-intel-boot-guard-private-keys-after-msi-breach/

QR codes used in fake parking tickets, surveys to steal your money (8 maj)
https://www.bleepingcomputer.com/news/security/qr-codes-used-in-fake-parking-tickets-surveys-to-steal-your-money/

E-hälsomyndigheten ligger nere (9 maj)
https://www.svt.se/nyheter/inrikes/e-halsomyndigheten-ligger-nere

New Ransomware Strain ‘CACTUS’ Exploits VPN Flaws to Infiltrate Networks (9 maj)
https://thehackernews.com/2023/05/new-ransomware-strain-cactus-exploits.html

Cyberpolisen på NOA utreder it-angrepp mot myndigheter (9 maj)
https://www.svt.se/nyheter/inrikes/cyberpolisen-pa-noa-utreder-it-angrepp-mot-myndigheter

Spanish police dismantle phishing operation linked to crime ring (9 maj)
https://www.bleepingcomputer.com/news/security/spanish-police-dismantle-phishing-operation-linked-to-crime-ring/

Hunting Russian Intelligence “Snake” Malware (9 maj)
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-129a

https://www.svt.se/nyheter/inrikes/fbi-knackte-ryskt-spionprogram-sverige-en-av-maltavlorna

Fake system update drops Aurora stealer via Invalid Printer loader (9 maj)
https://www.malwarebytes.com/blog/threat-intelligence/2023/05/fake-system-update-drops-new-highly-evasive-loader

Royal ransomware gang quickly expands reign (9 maj)
https://www.scmagazine.com/news/ransomware/royal-ransomware-expands-reign

New ransomware decryptor recovers data from partially encrypted files (10 maj)
https://www.bleepingcomputer.com/news/security/new-ransomware-decryptor-recovers-data-from-partially-encrypted-files/

https://www.darkreading.com/attacks-breaches/free-tool-unlocks-some-encrypted-data-in-ransomware-attacks

New phishing-as-a-service tool “Greatness” already seen in the wild (10 maj)
https://blog.talosintelligence.com/new-phishing-as-a-service-tool-greatness-already-seen-in-the-wild/

De startar nytt säkerhetscenter – vill hjälpa kommuner (10 maj)
https://computersweden.idg.se/2.2683/1.778941/de-startar-nytt-sakerhetscenter–vill-hjalpa-kommuner

The frontman of the American alternative rock band Smashing Pumpkins, Billy Corgan, has revealed he paid hackers who stole the band’s songs (10 maj)
https://securityaffairs.com/146029/cyber-crime/smashing-pumpkins-paid-ransom.html

Hackade Obama och Bidens Twitterkonton – 23-åring riskerar 70 års fängelse (10 maj)
https://www.dn.se/varlden/hackade-obama-och-bidens-twitterkonton-23-aring-riskerar-70-ars-fangelse/

https://thehackernews.com/2023/05/mastermind-behind-twitter-2020-hack.html

Multinational tech firm ABB hit by Black Basta ransomware attack (11 maj)
https://www.bleepingcomputer.com/news/security/multinational-tech-firm-abb-hit-by-black-basta-ransomware-attack/

Babuk Source Code Sparks 9 Different Ransomware Strains Targeting VMware ESXi Systems (11 maj)
https://thehackernews.com/2023/05/babuk-source-code-sparks-9-new.html

Så fungerar zero day-attacker – okända sårbarheter blir öppningar för attacker (11 maj)
https://computersweden.idg.se/2.2683/1.751381/sa-fungerar-zero-day-attacker–okanda-sarbarheter-blir-oppningar-for-attacker

NCSC brought in to help protect Eurovision as cyberattack cited as organisers’ biggest concern (11 maj)
https://www.publictechnology.net/articles/news/ncsc-brought-help-protect-eurovision-cyberattack-cited-organisers%E2%80%99-biggest-concern

Undersökning: Stor ökning av krypterade DDoS-attacker mot Sverige under senaste året (11 maj)
https://www.aktuellsakerhet.se/undersokning-stor-okning-av-krypterade-ddos-attacker-mot-sverige-under-senaste-aret/

Debatt/opinion: Why more transparency around cyber attacks is a good thing for everyone (11 maj)
https://www.ncsc.gov.uk/blog-post/why-more-transparency-around-cyber-attacks-is-a-good-thing-for-everyone

CISA and FBI Release Joint Advisory in Response to Active Exploitation of PaperCut Vulnerability
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-131a

Informationssäkerhet och blandat

Tipsade om sexbrott – privata detaljer kan ha skickats till Facebook (9 maj)
https://sverigesradio.se/artikel/tipsade-om-sexbrott-privata-detaljer-kan-ha-skickats-till-facebook

AI: Europaparlamentet vill skärpa lagförslag (11 maj)
https://www.dn.se/varlden/ai-europaparlamentet-vill-skarpa-lagforslag/

https://cointelegraph.com/news/eu-ai-act-updated-with-public-facial-recognition-ban

Twitter Finally Rolling Out Encrypted Direct Messages — Starting with Verified Users (11 maj)
https://thehackernews.com/2023/05/twitter-finally-rolling-out-encrypted.html

CERT-SE i veckan

SAP:s månatliga säkerhetsuppdateringar för maj 2023

Microsofts månatliga säkerhetsuppdateringar för maj 2023

CERT-SE efterlyser observationer av avvikelser i produkter från Atlassian

Kontakta oss - dygnet runt

CERT-SE är tillgängliga dygnet runt alla dagar på året för att kunna agera och inom vårt uppdrag hjälpa verksamheter som har drabbats av it-säkerhetsincidenter.

telefon

010-240 40 40

e-post

cert@cert.se

Fler nyheter

2024-04-26 13:37

CERT-SE:s veckobrev v.17

Ett lite kortare veckobrev denna vecka. Bland händelserna finns angrepp och tekniska problem som drabbat svenska...

Veckobrev
2024-04-25 10:12

Sårbarheter i Cisco-produkter utnyttjas aktivt

Cisco varnar för tre sårbarheter i produktserierna Adaptive Security Appliance (ASA) och Firepower Threat Defense (FTD)....

Sårbarhet Cisco
2024-04-24 15:53

Sårbarhet i Progress Flowmon

Progress har rättat en sårbarhet (CVE-2024-2389) i produkten Flowmon, som används för att övervaka och analysera...

Sårbarhet Progress Flowmon
2024-04-19 14:07

CERT-SE:s veckobrev v.16

Denna vecka gick CERT-SE ut med årets andra blixtmeddelande, gällande en kritisk sårbarhet i Palo Alto...

Veckobrev
2024-04-19 13:06 Uppdaterad

Kritiska sårbarheter i Ivanti Avalanche

Ivanti har rättat flera sårbarheter i Avalanche, varav två bedöms som kritiska. De kan kan orsaka...

Sårbarhet Ivanti Avalanche

Nyheter