CERT-SE:s veckobrev v.21

Veckobrev

Veckans nyhetsbrev bjuder på fördjupningar och analyser av både skadlig kod och taktiker. Dessutom blir det tips på hur man skyddar sig och ett antal artiklar från CERT-SE om sårbarheter i olika produkter.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Cyber Signals: Shifting tactics fuel surge in business email compromise (19 maj)
https://www.microsoft.com/en-us/security/blog/2023/05/19/cyber-signals-shifting-tactics-fuel-surge-in-business-email-compromise/

Researchers tie FIN7 cybercrime family to Clop ransomware (19 maj)
https://therecord.media/researchers-tie-fin7-cybercrime-family-to-clop-ransomware-microsoft

Suzuki Motorcycle India halts operations due to cyberattack (19 maj)
https://auto.economictimes.indiatimes.com/news/two-wheelers/cyberattack-brings-suzuki-motorcycle-india-operations-to-a-halt-since-may-10/100361726

PyPI Repository Under Attack: User Sign-Ups and Package Uploads Temporarily Halted (21 maj)
https://thehackernews.com/2023/05/pypi-repository-under-attack-user-sign.html

FOI i Linköping ska öka Sveriges motståndskraft mot cyberhot (22 maj)
https://www.svt.se/nyheter/lokalt/ost/foi-i-linkoping-ska-oka-sveriges-motstandskraft-mot-cyberhot
.. I FOI:s toppmoderna anläggning i Linköping övas cyberförsvar (22 maj)
https://www.svt.se/nyheter/lokalt/ost/i-foi-s-toppmoderna-anlaggning-i-linkoping-ovas-cyberforsvar
.. Experten förklarar: Så går en cyberattack till (22 maj)
https://www.svt.se/nyheter/lokalt/ost/experten-forklarar-sa-gar-en-cyberattack-till

Arbetsförmedlingen ligger nere (22 maj)
https://www.aftonbladet.se/nyheter/a/Rr77qd/aftonbladet-direkt?pinnedEntry=1124686

ABB informerar om IT-säkerhetsincident (23 maj)
https://new.abb.com/news/sv/detail/103412/abb-informerar-om-it-sakerhetsincident

Securing the seas and the skies (24 maj)
https://www.enisa.europa.eu/news/securing-the-seas-and-the-skies

Speljätten tvingas stärka skyddet – ”ransomware är det ultimata hotet” (24 maj)
https://computersweden.idg.se/2.2683/1.779173/ransomware-det-ultimata-hotet—kindreds-sakerhetschef-om-en-standigt-vaxande-hotbild

Hackers target 1.5M WordPress sites with cookie consent plugin exploit (24 maj)
https://www.bleepingcomputer.com/news/security/hackers-target-15m-wordpress-sites-with-cookie-consent-plugin-exploit/

This legit Android app turned into mic-snooping malware – and Google missed it (24 maj)
https://www.theregister.com/2023/05/24/a_legit_android_app_turned/

Jobbsökandes personuppgifter läckta efter cyberattack (24 maj)
https://www.aftonbladet.se/nyheter/a/8JW521/skr-utsatt-for-hackerattack-personuppgifter-lackta

Barracuda warns of email gateways breached via zero-day flaw (24 maj)
https://www.bleepingcomputer.com/news/security/barracuda-warns-of-email-gateways-breached-via-zero-day-flaw/

Volt Typhoon targets US critical infrastructure with living-off-the-land techniques (24 maj)
https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/

Fabrikschefen om hackerattacken: “Vi har krishantering så vi löser det” (25 maj)
https://sverigesradio.se/artikel/heidelberg-materials-utsatt-for-hackerattack

Informationssäkerhet och blandat

Making The Most Of A Penetration Test: The Organizational Perspective (19 maj)
https://www.forbes.com/sites/davidbalaban/2023/05/19/making-the-most-of-a-penetration-test-the-organizational-perspective/

New cyber security training packages launched to manage supply chain risk (25 maj)
https://www.ncsc.gov.uk/blog-post/new-cyber-security-training-packages-launched-to-manage-supply-chain-risk

Shedding light on AceCryptor and its operation (25 maj)
https://www.welivesecurity.com/2023/05/25/shedding-light-acecryptor-operation/

Are Your APIs Leaking Sensitive Data? (22 maj)
https://thehackernews.com/2023/05/are-your-apis-leaking-sensitive-data.html

BlackCat Ransomware Deploys New Signed Kernel Driver (22 maj)
https://www.trendmicro.com/en_us/research/23/e/blackcat-ransomware-deploys-new-signed-kernel-driver.html

Future Exploitation Vector: File Extensions as Top-Level Domains (23 maj)
https://www.trendmicro.com/en_us/research/23/e/future-exploitation-vector-file-extensions-as-top-level-domains.html

CISA publishes an updated #StopRansomware guide (23 maj)
https://www.cisa.gov/news-events/alerts/2023/05/23/cisa-and-partners-update-stopransomware-guide-developed-through-joint-ransomware-task-force-jrtf

Content Discovery: Understanding Your Web Attack Surface (23 maj)
https://www.praetorian.com/blog/content-discovery-understanding-your-web-attack-surface/

The race to make hospitals cybersecure (24 maj)
https://ec.europa.eu/research-and-innovation/en/horizon-magazine/race-make-hospitals-cybersecure

Best Password Practices to Defend Against Modern Cracking Attacks
https://specopssoft.com/blog/best-password-practices-to-defend-against-modern-cracking-attacks/

CERT-SE i veckan

Kritiska sårbarheter i Zyxel-produkter

Kritisk sårbarhet i GitLab

Sårbarhet i programvaran LANTIME

Kritiska sårbarheter i Cisco-switchar

Kritisk sårbarhet i Zyxel-brandväggar (uppdaterad 2023-05-22)