Som du ser är vår webbplats inte anpassad för äldre webbläsare. Vi rekommenderar att du uppgraderar till en nyare webbläsare.
!!

Vi söker chef till Enheten för operativ cybersäkerhetsförmåga, en viktig roll i arbetet med att utveckla Sveriges förmåga att förebygga och hantera it-incidenter. Sista ansökningsdag är den 19 oktober.

Publicerad - Veckobrev

CERT-SE:s veckobrev v.23

Blandade nyheter från denna soliga nationaldagsvecka. Trevlig helg önskar CERT-SE!

Nyheter i veckan

Hackers hijack legitimate sites to host credit card stealer scripts (4 jun)
https://www.bleepingcomputer.com/news/security/hackers-hijack-legitimate-sites-to-host-credit-card-stealer-scripts/

Bortglömda konton en enorm säkerhetsrisk (5 jun)
https://computersweden.idg.se/2.2683/1.779272/bortglomda-konton-en-enorm-sakerhetsrisk

Ransomware Group Used MOVEit Exploit to Steal Data From Dozens of Organizations (5 jun)
https://www.securityweek.com/ransomware-group-used-moveit-exploit-to-steal-data-from-dozens-of-organizations/

SpinOk Android malware found in more apps with 30 million installs (5 jun)
https://www.bleepingcomputer.com/news/security/spinok-android-malware-found-in-more-apps-with-30-million-installs/

It-attack mot Systembolaget och Swish (5 jun)
https://sverigesradio.se/artikel/it-attack-mot-systembolaget-och-swish

New ‘PowerDrop’ malware targeting US aerospace industry (6 jun)
https://therecord.media/powerdrop-malware-targets-us-aerospace-industry

MoveIt hack: What action can data-breach victims take? (7 jun)
https://www.bbc.com/news/technology-65820603

#StopRansomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability (7 jun)
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-158a

BBC, BA and Boots issued with ultimatum by cyber gang Clop (8 jun)
https://www.bbc.com/news/technology-65829726

Aix-Marseille, France’s largest university, hit by cyberattack (8 jun)
https://therecord.media/aix-marseille-university-cyberattack-france

Pharmaceutical Giant Eisai Takes Systems Offline Following Ransomware Attack (8 jun)
https://www.securityweek.com/pharmaceutical-giant-eisai-takes-systems-offline-following-ransomware-attack/

Nokia report: IoT Botnet DDoS Attacks Threaten Global Telecom Networks (9 jun)
https://www.hackread.com/iot-botnet-ddos-attacks-telecom-networks-nokia/

Informationssäkerhet och blandat

10 notable critical infrastructure cybersecurity initiatives in 2023 (5 jun)
https://www.csoonline.com/article/3698190/10-notable-critical-infrastructure-cybersecurity-initiatives-in-2023.html

Introducing PCVARK and their malicious ad blockers (5 jun)
https://palant.info/2023/06/05/introducing-pcvark-and-their-malicious-ad-blockers/

2023 Data Breach Investigations Report (DBIR)
https://www.verizon.com/business/resources/T12f/reports/2023-data-breach-investigations-report-dbir.pdf

Service Rents Email Addresses for Account Signups (6 jun)
https://krebsonsecurity.com/2023/06/service-rents-email-addresses-for-account-signups/

Guide to Securing Remote Access Software (6 jun)
https://www.cisa.gov/resources-tools/resources/guide-securing-remote-access-software

Adversaries increasingly using vendor and contractor accounts to infiltrate networks (6 jun)
https://blog.talosintelligence.com/vendor-contractor-account-abuse/

ChatGPT Hallucinations Open Developers to Supply Chain Malware Attacks (6 jun)
https://www.darkreading.com/application-security/chatgpt-hallucinations-developers-supply-chain-malware-attacks

Microsoft Preps $425M Payment for LinkedIn GDPR Violations (6 jun)
https://www.darkreading.com/endpoint/microsoft-425m-payment-linkedin-gdpr-violations

Experten: Prata inte hemligheter i Kina-bilar (7 jun)
https://teknikensvarld.expressen.se/nyheter/bil-och-trafik/experten-prata-inte-hemligheter-i-kina-bilar/

6 av 10 incidenter orsakas av mänskliga faktorn (7 jun)
https://www.imy.se/nyheter/6-av-10-incidenter-orsakas-av-manskliga-faktorn/
...
Över 5 300 incidenter anmäldes till IMY förra året – men mörkertalet är stort ( 7 jun)
https://computersweden.idg.se/2.2683/1.779363/over-5-300-incidenter-anmaldes-till-imy-forra-aret-men-morkertalet-ar-stort

10 security tool categories needed to shore up software supply chain security (7 jun)
https://www.csoonline.com/article/3697792/10-security-tool-categories-needed-to-shore-up-software-supply-chain-security.html

CERT-SE i veckan

Kritiska sårbarheter i Marval MSM