CERT-SE:s veckobrev v.27
Efter en lugn vecka på nyhetsfronten kommer här ett veckobrev med fokus på rapporter. CERT-SE:s veckobrev kommer ut som vanligt nästa vecka, men efter det tar vi sommaruppehåll och är tillbaka vecka 32.
Trevlig helg önskar CERT-SE!
Nyheter i veckan
More than a million NHS patients’ details compromised after cyberattack (29 jun)
https://www.independent.co.uk/news/health/nhs-patient-data-attack-b2364202.html
TSMC denies LockBit hack as ransomware gang demands $70 million (30 jun)
https://www.bleepingcomputer.com/news/security/tsmc-denies-lockbit-hack-as-ransomware-gang-demands-70-million/
DoS and DDoS Attacks against Multiple Sectors (30 jun)
https://www.cisa.gov/news-events/alerts/2023/06/30/dos-and-ddos-attacks-against-multiple-sectors
ChatGPT tricked into generating Windows 10 and Windows 11 keys (3 jul)
https://www.hackread.com/chatgpt-generating-windows-10-windows-11-keys/
Microsoft denies data breach, theft of 30 million customer accounts (3 jul)
https://www.bleepingcomputer.com/news/security/microsoft-denies-data-breach-theft-of-30-million-customer-accounts/
Fyra bolag måste sluta använda Google Analytics (3 jul)
https://www.imy.se/nyheter/fyra-bolag-maste-sluta-anvanda-google-analytics/
..
Swedish Data Protection Authority Warns Companies Against Google Analytics Use (4 jul)
https://thehackernews.com/2023/07/swedish-data-protection-authority-warns.html
Thirty-three US Hospitals Hit By Ransomware This Year (4 jul)
https://www.infosecurity-magazine.com/news/thirtythree-us-hospitals/
Japan’s largest port stops operations after ransomware attack (5 jul)
https://www.bleepingcomputer.com/news/security/japans-largest-port-stops-operations-after-ransomware-attack/
New tool exploits Microsoft Teams bug to send malware to users (5 jul)
https://www.bleepingcomputer.com/news/security/new-tool-exploits-microsoft-teams-bug-to-send-malware-to-users/
JumpCloud resets admin API keys amid ‘ongoing incident’ (6 jul)
https://www.bleepingcomputer.com/news/security/jumpcloud-resets-admin-api-keys-amid-ongoing-incident/
Informationssäkerhet och blandat
SNAPPY: Detecting Rogue and Fake 802.11 Wireless Access Points Through Fingerprinting Beacon Management Frames (27 jun)
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/snappy-detecting-rogue-and-fake-80211-wireless-access-points-through-fingerprinting-beacon-management-frames/
8Base Ransomware: A Heavy Hitting Player (28 jun)
https://blogs.vmware.com/security/2023/06/8base-ransomware-a-heavy-hitting-player.html
Unmasking HMRC Self-Assessment Phish: How Attackers Outsmart Secure Email Gateways (SEGs) (29 jun)
https://cofense2022stg.wpengine.com/blog/unmasking-hmrc-self-assessment-phish-how-attackers-outsmart-secure-email-gateways-segs/
Patch me if you can: Cyberattack Series (29 jun)
https://www.microsoft.com/en-us/security/blog/2023/06/29/patch-me-if-you-can-cyberattack-series/
Meduza Stealer: What Is It & How Does It Work? (30 jun)
https://www.uptycs.com/blog/what-is-meduza-stealer-and-how-does-it-work
Malvertising Used as Entry Vector for BlackCat, Actors Also Leverage SpyBoy Terminator (30 jun)
https://www.trendmicro.com/en_us/research/23/f/malvertising-used-as-entry-vector-for-blackcat-actors-also-lever.html
DDoS Carpet-Bombing – Coming In Fast And Brutal (2 jul)
https://www.radware.com/blog/uncategorized/2023/07/ddos-carpet-bombing-coming-in-fast-and-brutal/
Chinese Threat Actors Targeting Europe in SmugX Campaign (3 jul)
https://research.checkpoint.com/2023/chinese-threat-actors-targeting-europe-in-smugx-campaign/
Checking-up on Health: Ransomware Accounts for 54% of Cybersecurity Threats (5 jul)
https://www.enisa.europa.eu/news/checking-up-on-health-ransomware-accounts-for-54-of-cybersecurity-threats
Ransomware in the Cloud (5 jul)
https://www.sans.org/blog/ransomware-in-the-cloud/
Logging - part of a resilient cyber defence (5 jul)
https://www.cfcs.dk/en/forebyggelse/guidance/logging/
Active Cyber Defence: Sixth annual report now available (6 jul)
https://www.ncsc.gov.uk/blog-post/active-cyber-defence-6th-annual-report-available
Decryption tool for Akira ransomware available for free (6 jul)
https://www.tripwire.com/state-of-security/free-akira-ransomware-decryptor-released-victims-who-wish-recover-their-data
Increased Truebot Activity Infects U.S. and Canada Based Networks (6 jul)
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-187a