CERT-SE:s veckobrev v.20
Denna vecka klämmer vi ut en rejäl samling nyheter där bland annat AI, .zip respektive .mov TLD diskuteras samt en hel del händelser kopplat till olika ransomware. Infosäkkollen 2023 har öppnat och nytt för i år är It-säkkollen, vars mätning kommer bidra både till den nationella lägesbilden och regeringens nya cybersäkerhetsstrategi.
Trevlig helg önskar CERT-SE!
Nyheter i veckan
XWorm Malware Exploits Follina Vulnerability in New Wave of Attacks (12 maj)
https://thehackernews.com/2023/05/xworm-malware-exploits-follina.html
New TLDs: Not Bad, Actually (13 maj)
https://textslashplain.com/2023/05/13/new-tlds-not-bad-actually/
..
New ZIP domains spark debate among cybersecurity experts (16 maj)
https://www.bleepingcomputer.com/news/security/new-zip-domains-spark-debate-among-cybersecurity-experts/
Philadelphia Inquirer Hit by Cyberattack Causing Newspaper’s Largest Disruption in Decades (14 maj)
https://www.securityweek.com/philadelphia-inquirer-hit-by-cyberattack-causing-newspapers-largest-disruption-in-decades/
Hackers target Wordpress plugin flaw after PoC exploit released (14 maj)
https://www.bleepingcomputer.com/news/security/hackers-target-wordpress-plugin-flaw-after-poc-exploit-released/
The new info-stealing malware operations to watch out for (15 maj)
https://www.bleepingcomputer.com/news/security/the-new-info-stealing-malware-operations-to-watch-out-for/
Criminal Website Genesis ‘Still Online’ After Takedown (15 maj)
https://www.silicon.co.uk/security/cyberwar/genesis-hacking-takedown-511818
Water Orthrus’s New Campaigns Deliver Rootkit and Phishing Modules (15 maj)
https://www.trendmicro.com/en_us/research/23/e/water-orthrus-new-campaigns-deliver-rootkit-and-phishing-modules.html
New ‘MichaelKors’ Ransomware-as-a-Service Targeting Linux and VMware ESXi Systems (15 maj)
https://thehackernews.com/2023/05/new-michaelkors-ransomware-as-service.html
Ransomware corrupts data, so backups can be faster and cheaper than paying up (15 maj)
https://www.theregister.com/2023/05/15/ransomware_corrupts_data/
Bad bots are coming for APIs (15 maj)
https://www.helpnetsecurity.com/2023/05/15/bad-bot-traffic-volume/
Beyond the firewall: How social engineers use psychology to compromise organizational cybersecurity (15 maj)
https://www.tripwire.com/state-of-security/beyond-firewall-how-social-engineers-use-psychology-compromise-organizational
Lancefly: Group Uses Custom Backdoor to Target Orgs in Government, Aviation, Other Sectors (15 maj)
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lancefly-merdoor-zxshell-custom-backdoor
Region Stockholms IT-problem över (16 maj)
https://sverigesradio.se/artikel/it-system-ligger-nere-stora-problem-for-sjukhusen
Israeli hospitals suffered 13 major cyberattacks - comptroller (16 maj)
https://www.jpost.com/israel-news/article-743220
New Babuk-Based Ransomware Targeting Organizations in US, Korea (16 maj)
https://www.securityweek.com/new-babuk-based-ransomware-targeting-organizations-in-us-korea/
Malicious VSCode extensions with more than 45K downloads steal PII and enable backdoors (16 maj)
https://blog.checkpoint.com/securing-the-cloud/malicious-vscode-extensions-with-more-than-45k-downloads-steal-pii-and-enable-backdoors/
Lacroix Group shut down three facilities after a ‘targeted cyberattack’ (16 maj)
https://securityaffairs.com/146335/cyber-crime/lacroix-group-ransomware-attack.html
Inside Qilin Ransomware: Affiliates Take Home 85% of Ransom Payouts (16 maj)
https://thehackernews.com/2023/05/inside-qilin-ransomware-affiliates-take.html
Hackers Using Golang Variant of Cobalt Strike to Target Apple macOS Systems (16 maj)
https://thehackernews.com/2023/05/hackers-using-golang-variant-of-cobalt.html
SIM Swapping and Abuse of the Microsoft Azure Serial Console: Serial Is Part of a Well Balanced Attack (16 maj)
https://www.mandiant.com/resources/blog/sim-swapping-abuse-azure-serial
The cyber threat against the Danish energy sector (17 maj)
https://www.cfcs.dk/en/cybertruslen/threat-assessments/the-cyber-threat-against-the–danish-energy-sector
StopRansomware: BianLian Ransomware Group (17 maj)
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-136a
Helsingfors och Nådendals hamnars webbplatser har kraschat – rysk hackergrupp tog på sig skulden (17 maj)
https://svenska.yle.fi/a/7-10034592
Debatt: Glöm inte kommuner och regioner när ni kraftsamlar cybersäkerhetsarbetet (17 maj)
https://skr.se/skr/tjanster/pressrum/skridebatten/debattartiklar/debattartiklar/glomintekommunerochregionernarnikraftsamlarcybersakerhetsarbetet.71149.html
Akira (.akira) ransomware virus - removal and decryption options (17 maj)
https://www.pcrisk.com/removal-guides/26677-akira-ransomware
The distinctive rattle of APT SideWinder (17 maj)
https://www.group-ib.com/blog/hunting-sidewinder/
Monitoring the dark web to identify threats to energy sector organizations (17 maj)
https://securityaffairs.com/146357/deep-web/dark-web-initial-access-energy-sector-orgs.html
Another security calamity for Capita: An unsecured AWS bucket (17 maj)
https://www.theregister.com/2023/05/17/another_security_calamity_for_capita/
Lemon Group’s Cybercriminal Businesses Built on Preinfected Devices (17 maj)
https://www.trendmicro.com/en_us/research/23/e/lemon-group-cybercriminal-businesses-built-on-preinfected-devices.html
Once Again, Malware Discovered Hidden in npm (18 maj)
https://www.darkreading.com/application-security/once-again-malware-discovered-hidden-in-npm
LockBit Leaks 1.5TB of Data Stolen From Indonesia’s BSI Bank (18 maj)
https://www.bankinfosecurity.com/lockbit-leaks-15tb-data-stolen-from-indonesias-bsi-bank-a-22110
Enhancing open source security: Insights from the OpenSSF on addressing key challenges (18 maj)
https://www.helpnetsecurity.com/2023/05/18/brian-behlendorf-openssf-open-source-security/
Searching for AI Tools? Watch Out for Rogue Sites Distributing RedLine Malware (19 maj)
https://thehackernews.com/2023/05/searching-for-ai-tools-watch-out-for.html
Informationssäkerhet och blandat
CERT-EU: Decoding the double-edged sword of Generative AI (11 maj)
https://cert.europa.eu/blog/generative-ai
Toyota: Car location data of 2 million customers exposed for ten years (12 maj)
https://www.bleepingcomputer.com/news/security/toyota-car-location-data-of-2-million-customers-exposed-for-ten-years/
Personal info of 90k hikers leaked by French tourism company La Malle Postale (13 maj)
https://securityaffairs.com/146191/data-breach/personal-info-of-90k-hikers-leaked-by-french-tourism-company-la-malle-postale.html
Can We Trust AI Decision-Making in Cybersecurity? (14 maj)
https://readwrite.com/can-we-trust-ai-decision-making-in-cybersecurity/
VirusTotal AI code analysis expands Windows, Linux script support (15 maj)
https://www.bleepingcomputer.com/news/security/virustotal-ai-code-analysis-expands-windows-linux-script-support/
WHO calls for safe and ethical AI for health (16 maj)
https://www.who.int/news/item/16-05-2023-who-calls-for-safe-and-ethical-ai-for-health
Infosäkkollen 2023 öppnar 17 maj (17 maj)
https://www.msb.se/sv/aktuellt/nyheter/2023/maj/infosakkollen-2023-oppnar-17-maj/
Här är Försäkringskassans Teams-alternativ – sätter standard för myndigheter (17 maj)
https://computersweden.idg.se/2.2683/1.779125/forsakringskassan-rullar-ut-teams-alternativ-for-offentlig-sektor–en-resa-som-inte-tar-slut
The NATO CCDCOE welcomes new members Iceland, Ireland, Japan, and Ukraine (17 maj)
https://ccdcoe.org/news/2023/the-nato-ccdcoe-welcomes-new-members-iceland-ireland-japan-and-ukraine/
Organizations reporting cyber resilience are hardly resilient (18 maj)
https://www.csoonline.com/article/3696932/organizations-reporting-cyber-resilience-are-hardly-resilient-study.html