CERT-SE:s veckobrev v.38

Veckobrev

Ett matigt veckosvep med rapporter, fördjupningar och flertalet nyheter om cybersäkerhetshändelser runt om i världen.

Vi passar även på att nämna att vi nästa vecka tjuvstartar cybersäkerhetsmånaden med att släppa CERT-SE:s årliga CTF!

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Thousands of Juniper Junos firewalls still open to hijacks, exploit code available to all (18 sep)
https://www.theregister.com/2023/09/18/juniper_firewalls_rce/

Latest evolution of ‘pig butchering’ scam lures victim into fake mining scheme (18 sep)
https://news.sophos.com/en-us/2023/09/18/latest-evolution-of-pig-butchering-scam-lures-victim-into-fake-mining-scheme/

Retool Falls Victim to SMS-Based Phishing Attack Affecting 27 Cloud Clients (18 sep)
https://thehackernews.com/2023/09/retool-falls-victim-to-sms-based.html

Financially Motivated UNC3944 Threat Actor Shifts Focus to Ransomware Attacks (18 sep)
https://thehackernews.com/2023/09/financially-motivated-unc3944-threat.html

Bumblebee malware returns in new attacks abusing WebDAV folders (18 sep)
https://www.bleepingcomputer.com/news/security/bumblebee-malware-returns-in-new-attacks-abusing-webdav-folders/#google_vignette

Kuwait’s finance ministry says cyber attack hits one of its systems (18 sep)
https://www.reuters.com/world/middle-east/kuwaits-finance-ministry-says-cyber-attack-hits-one-its-systems-2023-09-18/

Sri Lanka Government Hit by Ransomware, Loses Critical Data (18 sep)
https://techreport.com/news/sri-lanka-government-hit-by-ransomware-loses-critical-data/

Third-party ransomware attack disrupts major Colombian government agencies (18 sep)
https://www.scmagazine.com/brief/third-party-ransomware-attack-disrupts-major-colombian-government-agencies

DHS: Ransomware attackers headed for second most profitable year (18 sep)
https://therecord.media/dhs-ransomware-headed-for-second-profits

One Million Plus Dymocks Customers Impacted by Cyber Attack (18 sep)
https://australiancybersecuritymagazine.com.au/one-million-plus-dymocks-customers-impacted-by-cyber-attack/

Government to create six “cyber shields” to layer Australian protection (18 sep)
https://www.itnews.com.au/news/government-to-create-six-cyber-shields-to-layer-australian-protection-600355

Microsoft AI Researchers Accidentally Expose 38 Terabytes of Confidential Data (19 sep)
https://thehackernews.com/2023/09/microsoft-ai-researchers-accidentally.html

More than 20,000 details ‘at risk’ after police data cyber attack (19 sep)
https://www.bbc.com/news/uk-england-manchester-66843618

Chinese Spies Infected Dozens of Networks With Thumb Drive Malware (19 sep)
https://www.wired.com/story/china-usb-sogu-malware/

Unveiling the Shadows: The Dark Alliance between GuLoader and Remcos (19 sep)
https://research.checkpoint.com/2023/unveiling-the-shadows-the-dark-alliance-between-guloader-and-remcos/

Cyberattack on Kansas town affects email, phone, payment systems (19 sep)
https://therecord.media/pittsburg-kansas-government-cyberattack

Manitoba government confirms it was hacked in recent cyber attack (19 sep)
https://winnipeg.citynews.ca/2023/09/19/manitoba-government-confirms-it-was-hacked-in-recent-cyber-attack/

Hackers backdoor telecom providers with new HTTPSnoop malware (19 sep)
https://www.bleepingcomputer.com/news/security/hackers-backdoor-telecom-providers-with-new-httpsnoop-malware/

Fake CVE-2023-40477 Proof of Concept Leads to VenomRAT (19 sep)
https://unit42.paloaltonetworks.com/fake-cve-2023-40477-poc-hides-venomrat/https://www.helpnetsecurity.com/2023/09/21/fake-winrar-poc/

Earth Lusca’s New SprySOCKS Linux Backdoor Targets Government Entities (19 sep)
https://thehackernews.com/2023/09/earth-luscas-new-sprysocks-linux.html

Finland, Europol take down PIILOPUOTI dark web marketplace (19 sep)
https://therecord.media/europol-finland-take-down-pillopuoti-dark-web-market

FBI and CISA Release Advisory on Snatch Ransomware (20 sep)
https://www.cisa.gov/news-events/alerts/2023/09/20/fbi-and-cisa-release-advisory-snatch-ransomware

International Criminal Court Suffers Cyberattack (20 sep)
https://www.darkreading.com/attacks-breaches/international-criminal-court-faces-cyber-intrusion-launches-investigation

Pizza Hut Australia hack: data breach exposes customer information and order details (20 sep)
https://www.theguardian.com/australia-news/2023/sep/20/pizza-hut-hack-australia-data-breach-passwords-information-leak

Attacks on 5G Infrastructure From Users’ Devices (20 sep)
https://www.trendmicro.com/en_us/research/23/i/attacks-on-5g-infrastructure-from-users-devices.html

Signal Messenger Introduces PQXDH Quantum-Resistant Encryption (20 sep)
https://thehackernews.com/2023/09/signal-messenger-introduces-pqxdh.html

P2PInfect botnet activity surges 600x with stealthier malware variants (20 sep)
https://www.bleepingcomputer.com/news/security/p2pinfect-botnet-activity-surges-600x-with-stealthier-malware-variants/https://www.cadosecurity.com/cado-security-labs-researchers-witness-a-600x-increase-in-p2pinfect-traffic/

MGM Resorts computers back up after 10 days as analysts eye effects of casino cyberattacks (21 sep)
https://apnews.com/article/vegas-mgm-resorts-caesars-cyberattack-shutdown-a01b9a2606e58e702b8e872e979040cc

Cyber attack brought Elron ticketing system down Wednesday (21 sep)
https://news.err.ee/1609107212/cyber-attack-brought-elron-ticketing-system-down-wednesday

Air Canada says hackers accessed limited employee records during cyberattack (21 sep)
https://therecord.media/air-canada-limited-employee-info-accessed

Informationssäkerhet och blandat

Fostering Digital Resilience: Strategies for Building Robust Cybersecurity in an Evolving Threat Landscape (18 sep)
https://www.indrastra.com/2023/09/fostering-digital-resilience-strategies.html

FBI Tech Tuesday: Building a Digital Defense Against QR Code Scams (19 sep)
https://www.fbi.gov/contact-us/field-offices/elpaso/news/fbi-tech-tuesday-building-a-digital-defense-against-qr-code-scams

The mystery of the CVEs that are not vulnerabilities (19 sep)
https://www.malwarebytes.com/blog/news/2023/09/the-mystery-of-the-cves-that-are-not-vulnerabilities

Shadow IT: Security policies may be a problem (20 sep)
https://www.helpnetsecurity.com/2023/09/20/shadow-it-security-policies/

Have I been hacked? Cybersecurity experts share tips for protecting personal data (20 sep)
https://www.theglobeandmail.com/canada/article-cybersecurity-hacked-security-tips/

Ger nytt liv till inbyggda datorsystem (20 sep)
https://kaw.wallenberg.org/forskning/ger-nytt-liv-till-inbyggda-datorsystem

DDoS Attack Statistics and Facts You Must Know (2018-2023 Data) (21 sep)
https://techreport.com/statistics/ddos-statistics-facts/

CERT-SE i veckan

GitLab rättar kritisk sårbarhet