CERT-SE:s veckobrev v.49
Lagom till andra advent kommer här ett fylligt veckobrev från CERT-SE. Flera artiklar berör olika aspekter av AI, intrång och läckor, och det rapporteras fortsatt om cyberangreppet mot Svenska kyrkan. Det blir även ett par historiska tillbakablickar och för den som är sugen på pyssel finns en CTF från Yellow Yak.
Trevlig helg önskar CERT-SE!
Nyheter i veckan
Många tar på sig it-attacken – pressar kyrkan på pengar (30 nov)
https://sverigesradio.se/artikel/svenska-kyrkan-utpressas-av-flera-aktorer
..
Kyrkan kan inte betala räkningar – efter it-attacken (1 dec)
https://sverigesradio.se/artikel/anstallda-kan-bli-utan-lon-efter-attack
..
It-attacken påverkar gravsättningar i Göteborg (4 dec)
https://omni.se/it-attacken-paverkar-gravsattningar-i-goteborg/a/APKGl5
..
Stora problem efter cyberattack mot Svenska kyrkan (6 dec)
https://www.svt.se/nyheter/lokalt/helsingborg/stora-problem-efter-cyberattack-mot-svenska-kyrkan--wv2vhq
Sellafield nuclear site hacked by groups linked to Russia and China (4 dec) https://www.theguardian.com/business/2023/dec/04/sellafield-nuclear-site-hacked-groups-russia-china
Russian Hacker Vladimir Dunaev Pleads Guilty for Creating TrickBot Malware (2 dec) https://thehackernews.com/2023/12/russian-hacker-vladimir-dunaev.html
Microsoft Warns of Malvertising Scheme Spreading CACTUS Ransomware (4 dec) https://thehackernews.com/2023/12/microsoft-warns-of-malvertising-scheme.html
Cyberangrep i høytiden – NSM anbefaler virksomheter å gjøre gode juleforberedelser (4 dec) https://nsm.no/aktuelt/cyberangrep-i-hoytiden-nsm-anbefaler-virksomheter-a-gjore-gode-juleforberedelser
Rhysida ransomware gang hits hospital holding royal family’s data (4 dec) https://www.computerweekly.com/news/366561917/Rhysida-ransomware-gang-hits-hospital-holding-royal-familys-data
Meta AI Models Cracked Open With Exposed API Tokens (4 dec) https://www.darkreading.com/vulnerabilities-threats/meta-ai-models-cracked-open-exposed-api-tokens
What it means — CitrixBleed ransomware group woes grow as over 60 credit unions, hospitals, financial services and more breached in US. (4 dec) https://doublepulsar.com/what-it-means-citrixbleed-ransom-group-woes-grow-as-over-60-credit-unions-hospitals-47766a091d4f
Threat Spotlight: Phishing emails using Adobe InDesign on the rise (4 dec) https://blog.barracuda.com/2023/12/04/threat-spotlight-phishing-emails-adobe-indesign
23andMe confirms hackers stole ancestry data on 6.9 million users (4 dec) https://techcrunch.com/2023/12/04/23andme-confirms-hackers-stole-ancestry-data-on-6-9-million-users/
Supply-chain ransomware attack causes outages at over 60 credit unions (4 dec) https://www.tripwire.com/state-of-security/supply-chain-ransomware-attack-causes-outages-over-60-credit-unions
BlackCat ransomware crims threaten to directly extort victim’s customers (5 dec) https://www.theregister.com/2023/12/05/alphvblackcat_shakes_up_tactics_again/
Your car is probably harvesting your data. Here’s how you can wipe it (5 dec) https://therecord.media/car-data-privacy-service-wiping
Frankrike förbjuder ministrar att använda Whatsapp, Telegram och Signal (5 dec) https://computersweden.idg.se/2.2683/1.780553/frankrike-forbjuder-ministrar-att-anvanda-whatsapp-och-signal
Inte längre tillåtet att be Chat GPT repetera ord (5 dec) https://omni.se/inte-langre-tillatet-att-be-chat-gpt-repetera-ord/a/mQmz5E
Riskerna med AI – tre olika generationer (5 dec) https://www.svt.se/nyheter/vetenskap/riskerna-med-ai-tre-olika-generationer--k2xphu
North Korea hackers may have stolen data on laser weapon -police (6 dec) https://www.reuters.com/technology/cybersecurity/north-korea-hackers-may-have-stolen-data-laser-weapon-police-2023-12-06/
Russian spies targeting UK MPs and media with ‘cyber interference’ (7 dec) https://www.theguardian.com/politics/2023/dec/07/russian-spies-targeting-uk-mps-and-media-with-cyber-interference
Talks on EU’s AI Act to resume Friday after marathon debate (7 dec) https://www.reuters.com/technology/eu-still-hammering-out-landmark-ai-rules-marathon-overnight-talks-2023-12-07/
Nasjonal sikkerhetsmyndighet (NSM) har inngått ulovlig låneavtale på 200 millioner kroner (8 dec) https://www.regjeringen.no/no/aktuelt/nasjonal-sikkerhetsmyndighet-nsm-har-inngatt-ulovlig-laneavtale-pa-200-millioner-kroner/id3017665/
Informationssäkerhet och blandat
Cyberresiliensakten: överenskommelse mellan rådet och parlamentet om säkerhetskrav för digitala produkter (30 nov) https://www.consilium.europa.eu/sv/press/press-releases/2023/11/30/cyber-resilience-act-council-and-parliament-strike-a-deal-on-security-requirements-for-digital-products/
40 years of Turbo Pascal, the coding dinosaur that revolutionized IDEs (4 dec) https://www.theregister.com/2023/12/04/40_years_of_turbo_pascal/
USB-C For Hackers: Program Your Own PSU (4 dec) https://hackaday.com/2023/12/04/usb-c-for-hackers-program-your-own-psu/
A Decade of Have I Been Pwned (4 dec) https://www.troyhunt.com/a-decade-of-have-i-been-pwned/
SQL Brute Force Leads to BlueSky Ransomware (4 dec) https://thedfirreport.com/2023/12/04/sql-brute-force-leads-to-bluesky-ransomware/
P2Pinfect - New Variant Targets MIPS Devices (4 dec) https://www.cadosecurity.com/p2pinfect-new-variant-targets-mips-devices/
By the same token: How adversaries infiltrate AWS cloud accounts (5 dec) https://redcanary.com/blog/aws-sts/
Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers (5 dec) https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-339a
Beware of predatory fin(tech): Loan sharks use Android apps to reach new depths (5 dec) https://www.welivesecurity.com/en/eset-research/beware-predatory-fintech-loan-sharks-use-android-apps-reach-new-depths/
ENISA Threat Landscape for DoS Attacks (6 dec) https://www.enisa.europa.eu/publications/enisa-threat-landscape-for-dos-attacks
Whose packet is it anyway: a new RFC for attribution of internet probes (6 dec) https://isc.sans.edu/diary/rss/30456
The Case for Memory Safe Roadmaps (6 dec) https://www.cisa.gov/resources-tools/resources/case-memory-safe-roadmaps
Dieselgate, but for trains – some heavyweight hardware hacking (6 dec) https://badcyber.com/dieselgate-but-for-trains-some-heavyweight-hardware-hacking/
Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns (7 dec) https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-341a
SAMMANFATTNING TILL LEDARE OCH BESLUTSFATTARE - AI och cybersäkerhet (dec) https://www.ri.se/sites/default/files/2023-11/CfCs_Rapport_AI-cybers%C3%A4kerhet-dec-23.pdf
Yellow Yak CTF https://yellowyak.website/
CERT-SE i veckan
Flera kritiska sårbarheter i Nessus Network Monitor-komponenter (1 dec) https://www.cert.se/2023/12/flera-kritiska-sarbarheter-i-Nessus-network-monitor-komponenter.html
Kritisk sårbarhet i VMware Cloud Director Appliance (uppdaterad 4 dec) https://www.cert.se/2023/11/kritisk-sarbarhet-i-vmware-cloud-director-appliance.html
Kritisk RCE-sårbarhet i Confluence-produkter (6 dec) https://www.cert.se/2023/12/kritisk-rce-sarbarhet-i-confluence-produkter.html