CERT-SE:s veckobrev v.32

Veckobrev

Vi hälsar er välkomna tillbaka efter en förhoppningsvis solig och avslappnande semester! I veckan som gått har det varit patchtisdag vilket inneburit att ett flertal kritiska sårbarheter rättats i vanligt förekommande it-produkter. I detta första veckobrev efter sommaruppehållet har vi lagt in ett antal utvalda länkar längst ner på sidan som publicerades tidigare under sommaren.

Trevlig helg!

Nyheter i veckan

Cyberattack disrupts hospital computer systems across US, hindering services (4 aug)
https://www.theguardian.com/us-news/2023/aug/04/cyberattack-us-hospitals-california

Läckta personuppgifter i UL-appen – 700 000 drabbade (4 aug)
https://www.svt.se/nyheter/lokalt/uppsala/lackta-personuppgifter-i-ul-appen-700-000-drabbade–tjfntl

Norsk säkerhetspolis: Hackers bakom hämnduppmaning (4 aug)
https://www.dn.se/varlden/norsk-sakerhetspolis-hackers-bakom-hamnduppmaning/

Gränspolisens IT-haveri löst – resenärer fick vänta i timmar (5 aug)
https://www.expressen.se/nyheter/granspolisens-it-system-har-havererat-omfattande-problem/

Polisvolontärer kan ha fått uppgifter läckta (6 aug)
https://www.svt.se/nyheter/inrikes/polisvolontarer-kan-ha-fatt-uppgifter-lackta .. Intrång hos webbplats för polisvolontärer (6 aug)
https://polisen.se/aktuellt/nyheter/2023/augusti/intrang-hos-webbplats-for-polisvolontarer/

Störningar hos Halmstads stadsnät (7 aug)
https://sverigesradio.se/artikel/stora-storningar-hos-halmstads-stadsnat .. Halmstad med internet igen (8 aug)
https://www.aftonbladet.se/nyheter/a/Rr77qd/aftonbladet-direkt?pinnedEntry=1155382

Electoral Commission apologises for security breach involving UK voters’ data (8 aug)
https://www.theguardian.com/technology/2023/aug/08/uk-electoral-commission-registers-targeted-by-hostile-hackers .. Public notification of cyber-attack on Electoral Commission systems (8 aug)
https://www.electoralcommission.org.uk/privacy-policy/public-notification-cyber-attack-electoral-commission-systems

Northern Ireland police officers’ details exposed in ‘monumental’ breach (8 aug)
https://www.theguardian.com/uk-news/2023/aug/08/major-data-breach-involving-northern-ireland-police-officers-and-staff

Trafikverket anmäler möjlig it-läcka efter tips – återupptar nedlagd utredning (8 aug)
https://www.svt.se/nyheter/inrikes/trafikverket-anmaler-mojlig-it-lacka-aterupptar-utredning-efter-tips

Analysis: MOVEit hack spawned over 600 breaches but is not done yet -cyber analysts (8 aug)
https://www.reuters.com/technology/moveit-hack-spawned-around-600-breaches-isnt-done-yet-cyber-analysts-2023-08-08/

Notorious phishing platform shut down, arrests in international police operation (8 aug)
https://www.interpol.int/News-and-Events/News/2023/Notorious-phishing-platform-shut-down-arrests-in-international-police-operation

Rapporter och analyser

Discarded medical devices found to have troves of information on healthcare facilities (4 aug)
https://therecord.media/discarded-medical-devices-have-data

New ‘Deep Learning Attack’ Deciphers Laptop Keystrokes with 95% Accuracy (7 aug)
https://thehackernews.com/2023/08/new-deep-learning-attack-deciphers.html .. A Practical Deep Learning-Based Acoustic Side Channel Attack on Keyboards (2 aug)
https://arxiv.org/abs/2308.01074

New Report Reveals Increase of Unique Malware and Sudden Surge of Public Sector Attacks (8 aug)
https://blogs.blackberry.com/en/2023/08/unique-malware-public-sector-attack-surge-threat-report-aug

Understanding Active Directory Attack Paths to Improve Security (8 aug)
https://thehackernews.com/2023/08/understanding-active-directory-attack.html

Informationssäkerhet och blandat

CISA Cybersecurity Strategic Plan: Shifting the Arc of National Risk to Create a Safer Future (4 aug) https://www.cisa.gov/news-events/news/cisa-cybersecurity-strategic-plan-shifting-arc-national-risk-create-safer-future .. CISA Cybersecurity Strategic Plan 2023-2025
https://www.cisa.gov/sites/default/files/2023-08/FY2024-2026_Cybersecurity_Strategic_Plan.pdf

UK Government: Cyber-Attacks Could Kill or Maim Thousands (4 aug)
https://www.infosecurity-magazine.com/news/uk-government-cyberattacks-kill/ .. National Risk Register 2023 edition
https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/1175834/2023_NATIONAL_RISK_REGISTER_NRR.pdf

Datatilsynet griper inn mot Yangos overføring av personopplysninger til Russland (8 aug)
https://www.datatilsynet.no/aktuelt/aktuelle-nyheter-2023/datatilsynet-griper-inn-mot-yangos-overforing-av-personopplysninger-til-russland/

The NIST Cybersecurity Framework 2.0 (8 aug)
https://csrc.nist.gov/pubs/cswp/29/the-nist-cybersecurity-framework-20/ipd

Utvalda länkar från sommaruppehållet

Ortivus elektroniska patientjournalsystem ligger nere för några av bolagets brittiska kunder till följd av en cyberattack (18 jul)
https://www.ortivus.com/sv/mfn_news/ortivus-elektroniska-patientjournalsystem-ligger-nere-for-nagra-av-bolagets-brittiska-kunder-till-foljd-av-en-cyberattack/ .. Software Vendor Attack Slows Down 2 UK Ambulance Services (26 jul)
https://www.govinfosecurity.com/software-vendor-attack-slows-down-2-uk-ambulance-services-a-22659

TOMRA utsatt för cyberattack (18 juli)
https://languagesites.tomra.com/sv-se/collection/reverse-vending/reverse-vending-news/2023/tomra-utsatt-for-cyberattack

Shadowserver reported that +15K Citrix servers are likely vulnerable to attacks exploiting the flaw CVE-2023-3519 (23 jul)
https://securityaffairs.com/148735/hacking/15k-citrix-servers-vulnerable-cve-2023-3519.html .. Over 640 Citrix servers backdoored with web shells in ongoing attacks (2 aug)
https://www.bleepingcomputer.com/news/security/over-640-citrix-servers-backdoored-with-web-shells-in-ongoing-attacks/ .. CISA Releases Cybersecurity Advisory on Threat Actors Exploiting Citrix CVE-2023-3519 (20 jul)
https://www.cisa.gov/news-events/alerts/2023/07/20/cisa-releases-cybersecurity-advisory-threat-actors-exploiting-citrix-cve-2023-3519

Departementer utsatt for dataangrep (24 juli)
https://www.regjeringen.no/no/aktuelt/presseinvitasjon/id2990098/ .. Threat Actors Exploiting Ivanti EPMM Vulnerabilities (1 aug)
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-213a

Yamaha confirms cyberattack after multiple ransomware gangs claim attacks (24 juli)
https://therecord.media/yamaha-confirms-cyberattack-after-multiple-ransomware-gangs-claim

Problem med trygghetslarm i flera kommuner (27 jul)
https://www.svt.se/nyheter/inrikes/problem-med-trygghetslarm-i-flera-kommuner .. 1 700 trygghetslarm slogs ut i Eskilstuna (27 jul)
https://www.svt.se/nyheter/lokalt/sormland/1-700-trygghetslarm-ur-funktion-i-eskilstuna

Misstänkt kartläggning av kommuners säkerhetsorganisation förbryllar (27 jul)
https://sverigesradio.se/artikel/misstankt-kartlaggning-av-kommuners-sakerhetsorganisation-forbryllar

Flere Schibsted-aviser rammet av dataangrep (27 jul)
https://www.nrk.no/norge/dataproblemer-hos-politiet-og-pst-1.16497344

The Ups and Downs of 0-days: A Year in Review of 0-days Exploited In-the-Wild in 2022 (27 jul)
https://security.googleblog.com/2023/07/the-ups-and-downs-of-0-days-year-in.html

CISA Releases Malware Analysis Reports on Barracuda Backdoors (28 jul)
https://www.cisa.gov/news-events/alerts/2023/07/28/cisa-releases-malware-analysis-reports-barracuda-backdoors

Mattress giant Tempur Sealy hit with cyberattack forcing system shutdown (31 jul)
https://therecord.media/mattress-giant-tempur-sealy-cyberattack

Hackers steal Signal, WhatsApp user data with fake Android chat app (31 jul)
https://www.bleepingcomputer.com/news/security/hackers-steal-signal-whatsapp-user-data-with-fake-android-chat-app/

Canon Inkjet Printers at Risk for Third-Party Compromise via Wi-Fi (1 aug)
https://www.darkreading.com/endpoint/canon-inkjet-printers-at-risk-for-third-party-compromise-via-wi-fi

Google AMP – The Newest of Evasive Phishing Tactic (1 aug)
https://cofense.com/blog/google-amp-the-newest-of-evasive-phishing-tactic/

Cloud company assisted 17 different government hacking groups, U.S. researchers say (1 aug)
https://www.reuters.com/technology/cloud-company-assisted-17-different-government-hacking-groups-us-researchers-2023-08-01/

Finland sees fourfold spike in ransomware attacks since joining NATO, senior cyber official says (3 aug)
https://therecord.media/finland-sees-fourfold-spike-in-rasomware-attacks-nato

2022 Top Routinely Exploited Vulnerabilities (3 aug)
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-215a

Cyberthreats increasingly target the world’s biggest event stages (3 aug)
https://www.microsoft.com/en-us/security/business/security-insider/reports/cyber-signals/cyber-signals-issue-5-cyberthreats-increasingly-target-the-worlds-biggest-event-stages/

CERT-SE:s publiceringar under sommaren

Många äldre sårbarheter på listan över 2022 års mest utnyttjade

SAP:s månatliga säkerhetsuppdateringar för augusti 2023

Adobes månatliga säkerhetsuppdateringar för augusti 2023

Microsofts månatliga säkerhetsuppdateringar för augusti 2023

Kritiska sårbarheter i ArubaOS

Kritisk sårbarhet i Ivanti Endpoint Manager Mobile (Mobileiron Core)

Säkerhetsbrist rättad i OpenSSH

Oracles kvartalsvisa säkerhetsuppdatering för juli 2023

Kritisk sårbarhet i Citrix NetScaler ADC och Gateway