CERT-SE:s veckobrev v.50

Veckobrev

Storhelgerna närmar sig med stormsteg, men av nyhetsflödet att döma slår cybersäkerhetsvärlden inte av på takten. Veckans svep bjuder på allt från uppdateringar om angrepp, metoder och skadlig kod, till nyheter om AI och lyckosamma ingripanden mot cyberkriminella.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Känsliga uppgifter kan ha röjts vid it-attacken mot Svenska kyrkan (8 dec) https://www.tv4.se/artikel/2nFtn2MIHSlPx89WkeAryV/kaensliga-uppgifter-kan-ha-roejts-vid-it-attacken-mot-svenska-kyrkan

EasyPark dataintrång (10 dec) https://www.easypark.com/sv-se/comm

Law Enforcement Reportedly Behind Takedown of BlackCat/Alphv Ransomware Website (11 dec) https://www.securityweek.com/law-enforcement-reportedly-behind-takedown-of-blackcat-alphv-ransomware-website/

Silent but deadly: The rise of zero-click attacks (11 dec) https://www.welivesecurity.com/en/mobile-security/silent-but-deadly-the-rise-of-zero-click-attacks/

Kelvin Security hacking group leader arrested in Spain (11 dec) https://www.bleepingcomputer.com/news/security/kelvin-security-hacking-group-leader-arrested-in-spain/

Analyzing AsyncRAT’s Code Injection into aspnet_compiler.exe Across Multiple Incident Response Cases (11 dec) https://www.trendmicro.com/en_us/research/23/l/analyzing-asyncrat-code-injection-into-aspnetcompiler-exe.html

Operation Blacksmith: Lazarus targets organizations worldwide using novel Telegram-based malware written in DLang (11 dec) https://blog.talosintelligence.com/lazarus_new_rats_dlang_and_telegram/

NCSC Sverige: Från kartläggning till angrepp (11 dec) https://www.ncsc.se/aktuellt/fran-kartlaggning-till-angrepp/

Security Brief: TA4557 Targets Recruiters Directly via Email (12 dec) https://www.proofpoint.com/uk/blog/threat-insight/security-brief-ta4557-targets-recruiters-directly-email

Ukraine’s leading phone operator Kyivstar targeted by hacker attack (12 dec) https://kyivindependent.com/ukraines-largest-phone-operator-kyivstar-down-internet-outages-reported/https://www.reuters.com/technology/cybersecurity/ukraines-biggest-mobile-operator-suffers-massive-hacker-attack-statement-2023-12-12/

Microsoft: Threat actors misuse OAuth applications to automate financially driven attacks (12 dec) https://www.microsoft.com/en-us/security/blog/2023/12/12/threat-actors-misuse-oauth-applications-to-automate-financially-driven-attacks/

Toyota Germany Says Customer Data Stolen in Ransomware Attack (12 dec) https://www.securityweek.com/toyota-germany-confirms-personal-information-stolen-in-ransomware-attack/

Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally (13 dec) https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3616384/russian-cyber-actors-are-exploiting-a-known-vulnerability-with-worldwide-impact/https://thehackernews.com/2023/12/russian-svr-linked-apt29-targets.html

Routers Roasting On An Open Firewall: The KV-Botnet Investigation (13 dec) https://blog.lumen.com/routers-roasting-on-an-open-firewall-the-kv-botnet-investigation/

Report: A hostage to fortune: ransomware and UK national security – Report Summary (13 dec) https://publications.parliament.uk/pa/jt5804/jtselect/jtnatsec/194/summary.htmlhttps://www.theguardian.com/technology/2023/dec/13/uk-at-high-risk-of-catastrophic-ransomware-attack-report-says

Hackers are exploiting critical Apache Struts flaw using public PoC (13 dec) https://www.bleepingcomputer.com/news/security/hackers-are-exploiting-critical-apache-struts-flaw-using-public-poc/https://www.trendmicro.com/en_us/research/23/l/decoding-cve-2023-50164--unveiling-the-apache-struts-file-upload.html

Nearly a million non-profit donors’ details left exposed in unsecured database (13 dec) https://www.theregister.com/2023/12/13/donorview_database_breach/

French authorities arrested a Russian national for his role in the Hive ransomware operation (13 dec) https://securityaffairs.com/155815/cyber-crime/french-authorities-hive-ransomware-member.html

MITRE, Red Balloon Security, and Narf Announce EMB3D – A Threat Model for Critical Infrastructure Embedded Devices (13 dec) https://www.mitre.org/news-insights/news-release/mitre-red-balloon-security-and-narf-announce-emb3d

FakeSG campaign, Akira ransomware and AMOS macOS stealer (13 dec) https://securelist.com/crimeware-report-fkesg-akira-amos/111483/

How to Analyze Malware’s Network Traffic in A Sandbox (13 dec) https://thehackernews.com/2023/12/how-to-analyze-malwares-network-traffic.html

Press and pressure: Ransomware gangs and the media (13 dec) https://news.sophos.com/en-us/2023/12/13/press-and-pressure-ransomware-gangs-and-the-media/

LockBit ransomware now poaching BlackCat, NoEscape affiliates (13 dec) https://www.bleepingcomputer.com/news/security/lockbit-ransomware-now-poaching-blackcat-noescape-affiliates/#google_vignette

Microsoft Disrupts Cybercrime Service That Created 750 Million Fraudulent Accounts (14 dec) https://www.securityweek.com/microsoft-disrupts-cybercrime-service-that-created-750-million-fraudulent-accounts/https://blogs.microsoft.com/on-the-issues/2023/12/13/cybercrime-cybersecurity-storm-1152-fraudulent-accounts/

Experten varnar för ny nätfiskevåg – ”övervakar mejlen i veckor” (14 dec) https://computersweden.idg.se/2.2683/1.780613/experten-varnar-for-ny-natfiskevag-overvakar-mejlen-i-veckor

Svenska kyrkan i Kalmar låg steget före hackarna – var förberedda på cyberattack (15 dec) https://www.svt.se/nyheter/lokalt/smaland/svenska-kyrkan-i-kalmar-lag-steget-fore-hackarna-var-forberedda-pa-cyberattack--es3zg0

Efter cyberattacken: ”Blir mycket papper och penna” (15 dec) https://sverigesradio.se/artikel/efter-cyberattacken-blir-mycket-papper-och-penna

Ubiquiti users claim to have access to other peoples devices (14 dec) https://securityaffairs.com/155871/security/ubiquiti-wifi-products-issue.html

Experts explain why libraries can become cybercrime targets (15 dec) https://www.cbc.ca/news/canada/london/2-experts-explain-why-libraries-can-become-cybercrime-targets-1.7059002

Resecurity has uncovered a meaningful link between three major ransomware groups, BianLian, White Rabbit, and Mario Ransomware (15 dec) https://securityaffairs.com/155893/cyber-crime/bianlian-white-rabbit-mario-ransomware-joint-campaign.html

Informationssäkerhet och blandat

Årsdagen av Log4j 9 december: State of Log4j Vulnerabilities - How Much Did Log4Shell Change? https://www.veracode.com/blog/research/state-log4j-vulnerabilities-how-much-did-log4shell-change

Commission welcomes political agreement on Artificial Intelligence Act (9 dec) https://ec.europa.eu/commission/presscorner/detail/en/ip_23_6473https://www.infosecurity-magazine.com/news/eu-agreement-ai-act/

Nytt avtal: EU och USA ska dela mer information om cybersäkerhet (11 dec) https://computersweden.idg.se/2.2683/1.780588/europas-och-usas-cybersakerhetsmyndigheter-ska-dela-mer-informationhttps://digital-strategy.ec.europa.eu/sv/news/eu-and-united-states-hold-cyber-dialogue-brussels

Europol warning on the criminal use of Bluetooth trackers for geolocalisation (11 dec) https://www.europol.europa.eu/publications-events/publications/early-warning-notification-use-of-bluetooth-trackers-for-geolocation-in-organised-crime

Satsning på AI-assistenter för att spara pengar i vården (12 dec) https://www.svt.se/nyheter/inrikes/satsning-pa-ai-assistenter-for-att-spara-pengar-i-varden--vvz3zdhttps://computersweden.idg.se/2.2683/1.780608/offentliga-sektorn-far-en-egen-chat-gpt--tas-fram-av-ai-sweden

Thea och Irma Berglund lär sig etiskt hackande (12 dec) https://www.dn.se/ekonomi/thea-och-irma-lar-sig-etiskt-hackande/

NSA Releases Recommendations to Mitigate Software Supply Chain Risks (14 dec) https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3617462/nsa-releases-recommendations-to-mitigate-software-supply-chain-risks/

Latest UN Cybercrime Treaty draft a ‘significant step in the wrong direction,’ experts warn (13 dec) https://therecord.media/un-cybercrime-treaty-draft-criticizedhttps://www.scmagazine.com/brief/newest-un-cybercrime-treaty-draft-slammed

Microsoft’s Digital Crime Unit Goes Deep on How It Disrupts Cybercrime (14 dec) https://www.wired.com/story/microsoft-digital-crime-unit-2023/

Sveriges Radio P3: Artificiell intelligens 2 – den generativa revolutionen (15 dec) https://sverigesradio.se/avsnitt/artificiell-intelligens-2-den-generativa-revolutionen

World Economic Forum: Cybersecurity Futures 2030 - New Foundations https://www.weforum.org/publications/cybersecurity-futures-2030-new-foundations/

CERT-SE i veckan

Apache rättar kritisk sårbarhet i Apache Struts 2 (14 dec) https://cert.se/2023/12/apache-r%C3%A4ttar-kritisk-s%C3%A5rbarhet-i-apache-struts-2.html

Flera sårbarheter varav en kritisk i Fortinet-produkter (13 dec) https://cert.se/2023/12/flera-sarbarheter-varav-en-kritisk-i-fortinet-produkter.html

SAP:s månatliga säkerhetsuppdateringar för december 2023 (13 dec) https://cert.se/2023/12/sap-s-manatliga-sakerhetsuppdateringar-for-december-2023.html

Adobes månatliga säkerhetsuppdateringar för december 2023 (13 dec) https://cert.se/2023/12/adobes-manatliga-sakerhetsuppdateringar-for-december-2023.html

Microsofts månatliga säkerhetsuppdateringar för december 2023 (13 dec) https://cert.se/2023/12/microsofts-manatliga-sakerhetsuppdateringar-for-december-2023.html