CERT-SE:s veckobrev v.51
Lagom inför julens mässa, de onda vill dig utpressa
Och vill du inte betala, metoderna blir brutala
Data till molnet laddas upp, och kanske sprids av taskig grupp
Önskas stöd att ordna saken, CERT-SE är alltid vaken
Till skillnad från CERT-SE tar veckobrevet jullov och är tillbaka vecka 2, den 12 januari.
God jul och gott nytt år önskar CERT-SE!
Nyheter i veckan
Phishing via Google Forms (14 dec) https://www.avanan.com/blog/phishing-via-google-forms
Cyber incident at the EU Agency for Cooperation of Energy Regulators (ACER) (15 dec) https://www.acer.europa.eu/news-and-events/news/cyber-incident-eu-agency-cooperation-energy-regulators-acer-1
CISA Secure by Design Alert Urges Manufacturers to Eliminate Default Passwords (15 dec) https://www.cisa.gov/news-events/alerts/2023/12/15/cisa-secure-design-alert-urges-manufacturers-eliminate-default-passwords
Central Bank of Lesotho facing outages after cyberattack (15 dec) https://therecord.media/central-bank-lesotho-cyberattack-causes-outages
MongoDB says customer data was exposed in a cyberattack (16 dec) https://www.bleepingcomputer.com/news/security/mongodb-says-customer-data-was-exposed-in-a-cyberattack/
Vans and North Face owner VF Corp hit by ransomware attack (18 dec) https://www.bleepingcomputer.com/news/security/vans-and-north-face-owner-vf-corp-hit-by-ransomware-attack/
Svenska kyrkan varnades innan IT-attacken – täppte inte till säkerhetshål (18 dec) https://www.svt.se/nyheter/inrikes/svenska-kyrkan-varnades-innan-it-attacken-tappte-inte-till-sakerhetshal
Iran petrol stations hit by cyberattack, oil minister says (18 dec) https://www.reuters.com/world/middle-east/software-problem-disrupts-iranian-gas-stations-fars-2023-12-18/
QakBot’s Low-Volume Resurgence Targets Hospitality (18 dec) https://www.infosecurity-magazine.com/news/qakbots-resurgence-targets/ eller Stängdes ner av polis – nu är skadeprogrammet Qakbot tillbaka (19 dec) https://computersweden.idg.se/2.2683/1.780645/skadeprogrammet-qakbot-ar-tillbaka--angriper-hotellindustrin
USD 300 million seized and 3,500 suspects arrested in international financial crime operation (19 dec) https://www.interpol.int/en/News-and-Events/News/2023/USD-300-million-seized-and-3-500-suspects-arrested-in-international-financial-crime-operation
Justice Department Disrupts Prolific ALPHV/Blackcat Ransomware Variant (19 dec) https://www.justice.gov/opa/pr/justice-department-disrupts-prolific-alphvblackcat-ransomware-variant
36 million people affected by data breach at Xfinity (19 dec) https://therecord.media/millions-affected-by-xfinity-data-breach
More cyber criminals turning to remote desktop protocol attacks (19 dec) https://www.insurancetimes.co.uk/news/more-cyber-criminals-turning-to-remote-desktop-protocol-attacks/1447408.article
Insomniac: Spider-Man 2 PlayStation studio victim of huge hack (19 dec) https://www.bbc.com/news/newsbeat-67754897
Fake F5 BIG-IP zero-day warning emails push data wipers (20 dec) https://www.bleepingcomputer.com/news/security/fake-f5-big-ip-zero-day-warning-emails-push-data-wipers/
Stora brister i Regions Skånes it-säkerhet – riskerar patientdata (20 dec) https://computersweden.idg.se/2.2683/1.780655/stora-brister-i-regions-skanes-it-sakerhet-riskerar-patientdata
First American takes IT systems offline after cyberattack (21 dec) https://www.bleepingcomputer.com/news/security/first-american-takes-it-systems-offline-after-cyberattack/
Blackcat bakom angrepp mot Svenska kyrkan – FBI inkopplat (21 dec) https://www.svt.se/nyheter/inrikes/blackcat-bakom-angrepp-mot-svenska-kyrkan-fbi-inkopplat
BidenCash darkweb market gives 1.9 million credit cards for free (21 dec) https://www.bleepingcomputer.com/news/security/bidencash-darkweb-market-gives-19-million-credit-cards-for-free/
Hackerattack mot Coop mitt i julruschen: ”Går inte betala med kort” (22 dec) https://sverigesradio.se/artikel/just-nu-kortbetalningen-ligger-nere-i-julruschen
Informationssäkerhet och blandat
TRAP; RESET; POISON; - Taking over a country Kaminsky style (29 nov) https://sec-consult.com/blog/detail/taking-over-a-country-kaminsky-style/
Imperva Detects Undocumented 8220 Gang Activities (14 dec) https://www.imperva.com/blog/imperva-detects-undocumented-8220-gang-activities/
SMTP Smuggling - Spoofing E-Mails Worldwide (18 dec) https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/
#StopRansomware: Play Ransomware (18 dec) https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-352a
#StopRansomware: ALPHV Blackcat (19 dec) https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-353a
Web injections are back on the rise: 40+ banks affected by new malware campaign (19 dec) https://securityintelligence.com/posts/web-injections-back-on-rise-banks-affected-danabot-malware/
Remote Identity Proofing - 2023 (20 dec) https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/ANSSI-BSI-joint-releases/ANSSI-BSI_joint-release_2023.html
Instagram Phishing Targets Backup Codes (20 dec) https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/instagram-phishing-targets-backup-codes/
Terrapin Attack https://terrapin-attack.com/
Varför har mjukvaror sårbarheter? https://www.foi.se/rest-api/report/FOI-R--5550--SE
Europe’s hidden security crisis https://www.iccl.ie/wp-content/uploads/2023/11/Europes-hidden-security-crisis.pdf