CERT-SE:s veckobrev v.21
Veckans nyhetsbrev bjuder på fördjupningar och analyser av både skadlig kod och taktiker. Dessutom blir det tips på hur man skyddar sig och ett antal artiklar från CERT-SE om sårbarheter i olika produkter.
Trevlig helg önskar CERT-SE!
Nyheter i veckan
Cyber Signals: Shifting tactics fuel surge in business email compromise (19 maj)
https://www.microsoft.com/en-us/security/blog/2023/05/19/cyber-signals-shifting-tactics-fuel-surge-in-business-email-compromise/
Researchers tie FIN7 cybercrime family to Clop ransomware (19 maj)
https://therecord.media/researchers-tie-fin7-cybercrime-family-to-clop-ransomware-microsoft
Suzuki Motorcycle India halts operations due to cyberattack (19 maj)
https://auto.economictimes.indiatimes.com/news/two-wheelers/cyberattack-brings-suzuki-motorcycle-india-operations-to-a-halt-since-may-10/100361726
PyPI Repository Under Attack: User Sign-Ups and Package Uploads Temporarily Halted (21 maj)
https://thehackernews.com/2023/05/pypi-repository-under-attack-user-sign.html
FOI i Linköping ska öka Sveriges motståndskraft mot cyberhot (22 maj)
https://www.svt.se/nyheter/lokalt/ost/foi-i-linkoping-ska-oka-sveriges-motstandskraft-mot-cyberhot
..
I FOI:s toppmoderna anläggning i Linköping övas cyberförsvar (22 maj)
https://www.svt.se/nyheter/lokalt/ost/i-foi-s-toppmoderna-anlaggning-i-linkoping-ovas-cyberforsvar
..
Experten förklarar: Så går en cyberattack till (22 maj)
https://www.svt.se/nyheter/lokalt/ost/experten-forklarar-sa-gar-en-cyberattack-till
Arbetsförmedlingen ligger nere (22 maj)
https://www.aftonbladet.se/nyheter/a/Rr77qd/aftonbladet-direkt?pinnedEntry=1124686
ABB informerar om IT-säkerhetsincident (23 maj)
https://new.abb.com/news/sv/detail/103412/abb-informerar-om-it-sakerhetsincident
Securing the seas and the skies (24 maj)
https://www.enisa.europa.eu/news/securing-the-seas-and-the-skies
Speljätten tvingas stärka skyddet – ”ransomware är det ultimata hotet” (24 maj)
https://computersweden.idg.se/2.2683/1.779173/ransomware-det-ultimata-hotet—kindreds-sakerhetschef-om-en-standigt-vaxande-hotbild
Hackers target 1.5M WordPress sites with cookie consent plugin exploit (24 maj)
https://www.bleepingcomputer.com/news/security/hackers-target-15m-wordpress-sites-with-cookie-consent-plugin-exploit/
This legit Android app turned into mic-snooping malware – and Google missed it (24 maj)
https://www.theregister.com/2023/05/24/a_legit_android_app_turned/
Jobbsökandes personuppgifter läckta efter cyberattack (24 maj)
https://www.aftonbladet.se/nyheter/a/8JW521/skr-utsatt-for-hackerattack-personuppgifter-lackta
Barracuda warns of email gateways breached via zero-day flaw (24 maj)
https://www.bleepingcomputer.com/news/security/barracuda-warns-of-email-gateways-breached-via-zero-day-flaw/
Volt Typhoon targets US critical infrastructure with living-off-the-land techniques (24 maj)
https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/
Fabrikschefen om hackerattacken: “Vi har krishantering så vi löser det” (25 maj)
https://sverigesradio.se/artikel/heidelberg-materials-utsatt-for-hackerattack
Informationssäkerhet och blandat
Making The Most Of A Penetration Test: The Organizational Perspective (19 maj)
https://www.forbes.com/sites/davidbalaban/2023/05/19/making-the-most-of-a-penetration-test-the-organizational-perspective/
New cyber security training packages launched to manage supply chain risk (25 maj)
https://www.ncsc.gov.uk/blog-post/new-cyber-security-training-packages-launched-to-manage-supply-chain-risk
Shedding light on AceCryptor and its operation (25 maj)
https://www.welivesecurity.com/2023/05/25/shedding-light-acecryptor-operation/
Are Your APIs Leaking Sensitive Data? (22 maj)
https://thehackernews.com/2023/05/are-your-apis-leaking-sensitive-data.html
BlackCat Ransomware Deploys New Signed Kernel Driver (22 maj)
https://www.trendmicro.com/en_us/research/23/e/blackcat-ransomware-deploys-new-signed-kernel-driver.html
Future Exploitation Vector: File Extensions as Top-Level Domains (23 maj)
https://www.trendmicro.com/en_us/research/23/e/future-exploitation-vector-file-extensions-as-top-level-domains.html
CISA publishes an updated #StopRansomware guide (23 maj)
https://www.cisa.gov/news-events/alerts/2023/05/23/cisa-and-partners-update-stopransomware-guide-developed-through-joint-ransomware-task-force-jrtf
Content Discovery: Understanding Your Web Attack Surface (23 maj)
https://www.praetorian.com/blog/content-discovery-understanding-your-web-attack-surface/
The race to make hospitals cybersecure (24 maj)
https://ec.europa.eu/research-and-innovation/en/horizon-magazine/race-make-hospitals-cybersecure
Best Password Practices to Defend Against Modern Cracking Attacks
https://specopssoft.com/blog/best-password-practices-to-defend-against-modern-cracking-attacks/
CERT-SE i veckan
Kritiska sårbarheter i Zyxel-produkter
Sårbarhet i programvaran LANTIME
Kritiska sårbarheter i Cisco-switchar
Kritisk sårbarhet i Zyxel-brandväggar (uppdaterad 2023-05-22)