CERT-SE:s veckobrev v.24

Veckobrev

Denna veckas nyhetssamling innehåller lite fler länkar om MOVEit eftersom flera organisationer har kommunicerat att de är drabbade.

Nyheter i veckan

Detecting and mitigating a multi-stage AiTM phishing and BEC campaign (8 jun)
https://www.microsoft.com/en-us/security/blog/2023/06/08/detecting-and-mitigating-a-multi-stage-aitm-phishing-and-bec-campaign/

Swiss Fear Government Data Stolen in Cyberattack (12 jun)
https://www.securityweek.com/swiss-fear-government-data-stolen-in-cyberattack/

Cyberattack on German university takes ‘entire IT infrastructure’ offline (12 jun)
https://therecord.media/ransomware-attack-kaiserslautern-university-applied-sciences-germany

Cybercriminals Using Powerful BatCloak Engine to Make Malware Fully Undetectable (12 jun)
https://thehackernews.com/2023/06/cybercriminals-using-powerful-batcloak.html .. Analyzing the FUD Malware Obfuscation Engine BatCloak (9 jun)
https://www.trendmicro.com/en_us/research/23/f/analyzing-the-fud-malware-obfuscation-engine-batcloak.html

Microsoft keeps quiet amid talk of possible DDoS attack against Azure (13 jun)
https://www.theregister.com/2023/06/13/microsoft_azure_ddos/

Good Practices for Supply Chain Cybersecurity (13 jun)
https://www.enisa.europa.eu/publications/good-practices-for-supply-chain-cybersecurity

Attackers set up rogue GitHub repos with malware posing as zero-day exploits (14 jun)
https://www.csoonline.com/article/3699710/attackers-set-up-rogue-github-repos-with-malware-posing-as-zero-day-exploits.html

Understanding Ransomware Threat Actors: LockBit (14 jun)
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-165a

CISA and NSA Release Joint Guidance on Hardening Baseboard Management Controllers (BMCs) (14 jun)
https://www.cisa.gov/news-events/alerts/2023/06/14/cisa-and-nsa-release-joint-guidance-hardening-baseboard-management-controllers-bmcs

Cyber Attack Takes Down Australia’s Peak Body In Charge of Privacy Breaches (15 jun)
https://www.theepochtimes.com/cyber-attack-takes-down-australias-peak-body-in-charge-of-privacy-breaches_5334707.html

Cyberattacks on Renewables: The Stuff of Nightmares for Europe’s Power Sector (15 jun)
https://www.insurancejournal.com/news/international/2023/06/15/725342.htm

Watch out - a fake security researcher is pushing malware disguised as zero-day PoC (15 jun)
https://www.techradar.com/news/watch-out-a-fake-security-researcher-is-pushing-malware-disguised-as-zero-day-poc

Threat Actors Exploit Progress Telerik Vulnerabilities in Multiple U.S. Government IIS Servers (15 jun)
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-074a

New Zealand’s Smartpay hit with ransomware in latest antipodean cyberattack incident (16 jun)
https://www.reuters.com/technology/new-zealands-smartpay-experiences-ransomware-attack-2023-06-16/

Sårbarheten i MOVEit Transfer

New MOVEit Vulnerabilities Found as More Zero-Day Attack Victims Come Forward (12 jun)
https://www.securityweek.com/new-moveit-vulnerabilities-found-as-more-zero-day-attack-victims-come-forward/

Ransomware gang lists first victims of MOVEit mass-hacks, including US banks and universities (15 jun)
https://techcrunch.com/2023/06/15/moveit-clop-mass-hacks-banks-universities

MOVEit Cyber Attack Hits UK Printing Firm Used by Insurers, Brokers and Banks (15 jun)
https://www.insurancejournal.com/news/international/2023/06/15/725327.htm

Oil and gas giant Shell confirms it was impacted by Clop ransomware attacks (15 jun)
https://therecord.media/shell-impacted-in-clop-ransomware-attack

Clop ransomware gang starts extorting MOVEit data-theft victims (15 jun)
https://www.bleepingcomputer.com/news/security/clop-ransomware-gang-starts-extorting-moveit-data-theft-victims/

Rapporter

RAPPORT: Så sprider sig skadlig kod (12 jun)
https://www.aktuellsakerhet.se/rapport-sa-sprider-sig-skadlig-kod/

To Fight Cyber Extortion and Ransomware, Shift Left (15 jun)
https://www.trendmicro.com/en_us/research/23/f/fight-cyber-extortion.html

Informationssäkerhet och blandat

Common Vulnerability Scoring System Version 4.0 (8 jun)
https://www.first.org/cvss/v4-0/

Google Introduces SAIF, a Framework for Secure AI Development and Use (9 jun)
https://www.securityweek.com/google-introduces-saif-a-framework-for-secure-ai-development-and-use/

NVD damage continued (12 jun)
https://daniel.haxx.se/blog/2023/06/12/nvd-damage-continued/

Världen har ett dataproblem och lösningen kan vara dna (11 jun)
https://www.dn.se/sverige/varlden-har-ett-dataproblem-och-losningen-kan-vara-dna/

Cost of living crisis raises cyber risk from unhappy staff (15 jun)
https://betanews.com/2023/06/15/cost-of-living-crisis-raises-cyber-risk-from-unhappy-staff/

Academedia mörkade stor läcka av dokument – 169 lärare drabbade (16 jun)
https://www.aftonbladet.se/nyheter/a/XbnL9x/lackta-dokument-avslojar-academedias-rankingsystem

CERT-SE i veckan

Kritisk sårbarhet i MOVEit Transfer (uppdaterad 2023-06-16)

Nätfiske med falska avsändare och PDF-bilagor

Microsofts månatliga säkerhetsuppdateringar för juni 2023

Kritisk sårbarhet i Fortigate