CERT-SE:s veckobrev v.50
Storhelgerna närmar sig med stormsteg, men av nyhetsflödet att döma slår cybersäkerhetsvärlden inte av på takten. Veckans svep bjuder på allt från uppdateringar om angrepp, metoder och skadlig kod, till nyheter om AI och lyckosamma ingripanden mot cyberkriminella.
Trevlig helg önskar CERT-SE!
Nyheter i veckan
Känsliga uppgifter kan ha röjts vid it-attacken mot Svenska kyrkan (8 dec) https://www.tv4.se/artikel/2nFtn2MIHSlPx89WkeAryV/kaensliga-uppgifter-kan-ha-roejts-vid-it-attacken-mot-svenska-kyrkan
EasyPark dataintrång (10 dec) https://www.easypark.com/sv-se/comm
Law Enforcement Reportedly Behind Takedown of BlackCat/Alphv Ransomware Website (11 dec) https://www.securityweek.com/law-enforcement-reportedly-behind-takedown-of-blackcat-alphv-ransomware-website/
Silent but deadly: The rise of zero-click attacks (11 dec) https://www.welivesecurity.com/en/mobile-security/silent-but-deadly-the-rise-of-zero-click-attacks/
Kelvin Security hacking group leader arrested in Spain (11 dec) https://www.bleepingcomputer.com/news/security/kelvin-security-hacking-group-leader-arrested-in-spain/
Analyzing AsyncRAT’s Code Injection into aspnet_compiler.exe Across Multiple Incident Response Cases (11 dec) https://www.trendmicro.com/en_us/research/23/l/analyzing-asyncrat-code-injection-into-aspnetcompiler-exe.html
Operation Blacksmith: Lazarus targets organizations worldwide using novel Telegram-based malware written in DLang (11 dec) https://blog.talosintelligence.com/lazarus_new_rats_dlang_and_telegram/
NCSC Sverige: Från kartläggning till angrepp (11 dec) https://www.ncsc.se/aktuellt/fran-kartlaggning-till-angrepp/
Security Brief: TA4557 Targets Recruiters Directly via Email (12 dec) https://www.proofpoint.com/uk/blog/threat-insight/security-brief-ta4557-targets-recruiters-directly-email
Ukraine’s leading phone operator Kyivstar targeted by hacker attack (12 dec) https://kyivindependent.com/ukraines-largest-phone-operator-kyivstar-down-internet-outages-reported/ … https://www.reuters.com/technology/cybersecurity/ukraines-biggest-mobile-operator-suffers-massive-hacker-attack-statement-2023-12-12/
Microsoft: Threat actors misuse OAuth applications to automate financially driven attacks (12 dec) https://www.microsoft.com/en-us/security/blog/2023/12/12/threat-actors-misuse-oauth-applications-to-automate-financially-driven-attacks/
Toyota Germany Says Customer Data Stolen in Ransomware Attack (12 dec) https://www.securityweek.com/toyota-germany-confirms-personal-information-stolen-in-ransomware-attack/
Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally (13 dec) https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3616384/russian-cyber-actors-are-exploiting-a-known-vulnerability-with-worldwide-impact/ … https://thehackernews.com/2023/12/russian-svr-linked-apt29-targets.html
Routers Roasting On An Open Firewall: The KV-Botnet Investigation (13 dec) https://blog.lumen.com/routers-roasting-on-an-open-firewall-the-kv-botnet-investigation/
Report: A hostage to fortune: ransomware and UK national security – Report Summary (13 dec) https://publications.parliament.uk/pa/jt5804/jtselect/jtnatsec/194/summary.html … https://www.theguardian.com/technology/2023/dec/13/uk-at-high-risk-of-catastrophic-ransomware-attack-report-says
Hackers are exploiting critical Apache Struts flaw using public PoC (13 dec) https://www.bleepingcomputer.com/news/security/hackers-are-exploiting-critical-apache-struts-flaw-using-public-poc/ … https://www.trendmicro.com/en_us/research/23/l/decoding-cve-2023-50164--unveiling-the-apache-struts-file-upload.html
Nearly a million non-profit donors’ details left exposed in unsecured database (13 dec) https://www.theregister.com/2023/12/13/donorview_database_breach/
French authorities arrested a Russian national for his role in the Hive ransomware operation (13 dec) https://securityaffairs.com/155815/cyber-crime/french-authorities-hive-ransomware-member.html
MITRE, Red Balloon Security, and Narf Announce EMB3D – A Threat Model for Critical Infrastructure Embedded Devices (13 dec) https://www.mitre.org/news-insights/news-release/mitre-red-balloon-security-and-narf-announce-emb3d
FakeSG campaign, Akira ransomware and AMOS macOS stealer (13 dec) https://securelist.com/crimeware-report-fkesg-akira-amos/111483/
How to Analyze Malware’s Network Traffic in A Sandbox (13 dec) https://thehackernews.com/2023/12/how-to-analyze-malwares-network-traffic.html
Press and pressure: Ransomware gangs and the media (13 dec) https://news.sophos.com/en-us/2023/12/13/press-and-pressure-ransomware-gangs-and-the-media/
LockBit ransomware now poaching BlackCat, NoEscape affiliates (13 dec) https://www.bleepingcomputer.com/news/security/lockbit-ransomware-now-poaching-blackcat-noescape-affiliates/#google_vignette
Microsoft Disrupts Cybercrime Service That Created 750 Million Fraudulent Accounts (14 dec) https://www.securityweek.com/microsoft-disrupts-cybercrime-service-that-created-750-million-fraudulent-accounts/ … https://blogs.microsoft.com/on-the-issues/2023/12/13/cybercrime-cybersecurity-storm-1152-fraudulent-accounts/
Experten varnar för ny nätfiskevåg – ”övervakar mejlen i veckor” (14 dec) https://computersweden.idg.se/2.2683/1.780613/experten-varnar-for-ny-natfiskevag-overvakar-mejlen-i-veckor
Svenska kyrkan i Kalmar låg steget före hackarna – var förberedda på cyberattack (15 dec) https://www.svt.se/nyheter/lokalt/smaland/svenska-kyrkan-i-kalmar-lag-steget-fore-hackarna-var-forberedda-pa-cyberattack--es3zg0
Efter cyberattacken: ”Blir mycket papper och penna” (15 dec) https://sverigesradio.se/artikel/efter-cyberattacken-blir-mycket-papper-och-penna
Ubiquiti users claim to have access to other peoples devices (14 dec) https://securityaffairs.com/155871/security/ubiquiti-wifi-products-issue.html
Experts explain why libraries can become cybercrime targets (15 dec) https://www.cbc.ca/news/canada/london/2-experts-explain-why-libraries-can-become-cybercrime-targets-1.7059002
Resecurity has uncovered a meaningful link between three major ransomware groups, BianLian, White Rabbit, and Mario Ransomware (15 dec) https://securityaffairs.com/155893/cyber-crime/bianlian-white-rabbit-mario-ransomware-joint-campaign.html
Informationssäkerhet och blandat
Årsdagen av Log4j 9 december: State of Log4j Vulnerabilities - How Much Did Log4Shell Change? https://www.veracode.com/blog/research/state-log4j-vulnerabilities-how-much-did-log4shell-change
Commission welcomes political agreement on Artificial Intelligence Act (9 dec) https://ec.europa.eu/commission/presscorner/detail/en/ip_23_6473 … https://www.infosecurity-magazine.com/news/eu-agreement-ai-act/
Nytt avtal: EU och USA ska dela mer information om cybersäkerhet (11 dec) https://computersweden.idg.se/2.2683/1.780588/europas-och-usas-cybersakerhetsmyndigheter-ska-dela-mer-information … https://digital-strategy.ec.europa.eu/sv/news/eu-and-united-states-hold-cyber-dialogue-brussels
Europol warning on the criminal use of Bluetooth trackers for geolocalisation (11 dec) https://www.europol.europa.eu/publications-events/publications/early-warning-notification-use-of-bluetooth-trackers-for-geolocation-in-organised-crime
Satsning på AI-assistenter för att spara pengar i vården (12 dec) https://www.svt.se/nyheter/inrikes/satsning-pa-ai-assistenter-for-att-spara-pengar-i-varden--vvz3zd … https://computersweden.idg.se/2.2683/1.780608/offentliga-sektorn-far-en-egen-chat-gpt--tas-fram-av-ai-sweden
Thea och Irma Berglund lär sig etiskt hackande (12 dec) https://www.dn.se/ekonomi/thea-och-irma-lar-sig-etiskt-hackande/
NSA Releases Recommendations to Mitigate Software Supply Chain Risks (14 dec) https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3617462/nsa-releases-recommendations-to-mitigate-software-supply-chain-risks/
Latest UN Cybercrime Treaty draft a ‘significant step in the wrong direction,’ experts warn (13 dec) https://therecord.media/un-cybercrime-treaty-draft-criticized … https://www.scmagazine.com/brief/newest-un-cybercrime-treaty-draft-slammed
Microsoft’s Digital Crime Unit Goes Deep on How It Disrupts Cybercrime (14 dec) https://www.wired.com/story/microsoft-digital-crime-unit-2023/
Sveriges Radio P3: Artificiell intelligens 2 – den generativa revolutionen (15 dec) https://sverigesradio.se/avsnitt/artificiell-intelligens-2-den-generativa-revolutionen
World Economic Forum: Cybersecurity Futures 2030 - New Foundations https://www.weforum.org/publications/cybersecurity-futures-2030-new-foundations/
CERT-SE i veckan
Apache rättar kritisk sårbarhet i Apache Struts 2 (14 dec) https://cert.se/2023/12/apache-r%C3%A4ttar-kritisk-s%C3%A5rbarhet-i-apache-struts-2.html
Flera sårbarheter varav en kritisk i Fortinet-produkter (13 dec) https://cert.se/2023/12/flera-sarbarheter-varav-en-kritisk-i-fortinet-produkter.html
SAP:s månatliga säkerhetsuppdateringar för december 2023 (13 dec) https://cert.se/2023/12/sap-s-manatliga-sakerhetsuppdateringar-for-december-2023.html
Adobes månatliga säkerhetsuppdateringar för december 2023 (13 dec) https://cert.se/2023/12/adobes-manatliga-sakerhetsuppdateringar-for-december-2023.html
Microsofts månatliga säkerhetsuppdateringar för december 2023 (13 dec) https://cert.se/2023/12/microsofts-manatliga-sakerhetsuppdateringar-for-december-2023.html