CERT-SE:s veckobrev v.2

Veckobrev

God fortsättning på det nya året! I veckan som gått har det varit patchtisdag, vilket inneburit att flera kritiska sårbarheter rättats i vanligt förekommande it-produkter. I detta första veckobrev för året inkluderar vi även ett antal utvalda länkar från juluppehållet längst ner på sidan. Trevlig helg önskar CERT-SE!

Nyheter i veckan

Cyberattacker och desinformation väntas under supervalår (2 jan) https://sverigesradio.se/artikel/cyberattacker-och-desinformation-vantas-under-supervalar

Anställdas sjukintyg och bankkonton röjda efter attack (2 jan) https://sverigesradio.se/artikel/anstalldas-sjukintyg-och-bankkonton-rojda-efter-attack ..
Hackerattack mot Svenska kyrkan ska utredas av FBI (6 jan) https://sverigesradio.se/artikel/en-manads-gisslandrama-kyrkan-hoppas-pa-fbi

Nearly 11 million SSH servers vulnerable to new Terrapin attacks (3 jan) https://www.bleepingcomputer.com/news/security/nearly-11-million-ssh-servers-vulnerable-to-new-terrapin-attacks

Follow-On Extortion Campaign Targeting Victims of Akira and Royal Ransomware (4 jan) https://arcticwolf.com/resources/blog/follow-on-extortion-campaign-targeting-victims-of-akira-and-royal-ransomware

Stealthy AsyncRAT malware attacks targets US infrastructure for 11 months (7 jan) https://www.bleepingcomputer.com/news/security/stealthy-asyncrat-malware-attacks-targets-us-infrastructure-for-11-months

AI advances risk facilitating cyber crime, top US officials say (9 jan) https://www.reuters.com/technology/cybersecurity/ai-advances-risk-facilitating-cyber-crime-top-us-officials-say-2024-01-09

Hackers target Microsoft SQL servers in Mimic ransomware attacks (9 jan) https://www.bleepingcomputer.com/news/security/hackers-target-microsoft-sql-servers-in-mimic-ransomware-attacks

Finland warns of Akira ransomware wiping NAS and tape backup devices (11 jan) https://www.bleepingcomputer.com/news/security/finland-warns-of-akira-ransomware-wiping-nas-and-tape-backup-devices

Fidelity National Financial cyberattack – more than one million impacted (11 jan) https://www.insurancebusinessmag.com/us/news/cyber/fidelity-national-financial-cyberattack--more-than-one-million-impacted-472531.aspx

Researchers Flag FBot Hacking Tool Hijacking Cloud, Payment Services (11 jan) https://www.securityweek.com/researchers-flag-fbot-hacking-tool-hijacking-cloud-payment-services

Approaching the international perspective on cybersecurity (11 jan) https://www.ocsc.info/insights/news/approaching-the-international-perspective-on-cybersecurity

Rapporter och analyser

NIST Identifies Types of Cyberattacks That Manipulate Behavior of AI Systems (4 jan) https://www.nist.gov/news-events/news/2024/01/nist-identifies-types-cyberattacks-manipulate-behavior-ai-systems

Deceptive Cracked Software Spreads Lumma Variant on YouTube (8 jan) https://www.fortinet.com/blog/threat-research/lumma-variant-on-youtube

Ti sårbarheter går igjen i norske IKT-systemer (8 jan) https://nsm.no/aktuelt/ti-sarbarheter-gar-igjen-i-norske-ikt-systemer

New decryptor for Babuk Tortilla ransomware variant released (9 jan) https://blog.talosintelligence.com/decryptor-babuk-tortilla

You Had Me at Hi — Mirai-Based NoaBot Makes an Appearance (10 jan) https://www.akamai.com/blog/security-research/mirai-based-noabot-crypto-mining

Unit 42 Attack Surface Threat Report (11 jan) https://www.paloaltonetworks.com/resources/research/2023-unit-42-attack-surface-threat-report

Clearing the Fog of War (11 jan) https://www.forescout.com/resources/clearing-the-fog-of-war/

Informationssäkerhet och blandat

Entire population of Brazil possibly exposed in massive data leak (10 jan) https://cybernews.com/security/brazil-data-leak-cpf-card

New guidance to help small organisations use online services more securely (11 jan) https://www.ncsc.gov.uk/blog-post/using-online-services-safely

Info-stealers can steal cookies for permanent access to your Google account (11 jan) https://www.malwarebytes.com/blog/news/2024/01/info-stealers-can-steal-cookies-for-permanent-access-to-your-google-account

Utvalda länkar från juluppehållet

NSA Publishes 2023 Cybersecurity Year in Review (19 dec) https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3621654/nsa-publishes-2023-cybersecurity-year-in-review

Cyberattack mot Coop i Värmland (22 dec) https://www.tv4.se/artikel/1wCdrTThajamWHl1nV9oG6/hackerattack-mot-coop-gar-inte-betala-med-kort

Action against digital skimming reveals 443 compromised online merchants (22 dec) https://www.europol.europa.eu/media-press/newsroom/news/action-against-digital-skimming-reveals-443-compromised-online-merchants

The ticking time bomb of Microsoft Exchange Server 2013 (22 dec) https://doublepulsar.com/the-ticking-time-bomb-of-microsoft-exchange-server-2013-d0850b80465b

Quantum Computing’s Hard, Cold Reality Check (22 dec) https://spectrum.ieee.org/quantum-computing-skeptics

Larmet: Sju av tio i offentlig sektor är inte cybersäkra (23 dec) https://sverigesradio.se/artikel/msb-dalig-cybersakerhet-inom-offentlig-sektor

Misstänkt it-attack mot Härjedalens kommun: ”Alla system påverkade” (24 dec) https://sverigesradio.se/artikel/misstankt-it-attack-mot-harjedalens-kommun-kommunchef-alla-system-paverkade ..
Efter cyberattacken: Härjedalens kommun kämpar med att återställa it-systemen (8 jan) https://computersweden.idg.se/2.2683/1.780708/efter-cyberattacken-harjedalens-kommun-kampar-med-att-aterstalla-it-systemen

Varnar: Betala inte hackarnas utpressningar – slår dubbelt (26 dec) https://sverigesradio.se/artikel/varnar-betala-inte-hackarnas-utpressningar-slar-dubbelt

Hackerattack mot parkeringsjätte: Har sannolikt inte avancerat skydd (27 dec) https://www.dn.se/sverige/hackerattack-mot-parkeringsjatte-har-sannolikt-inte-avancerat-skydd

Lockbit ransomware disrupts emergency care at German hospitals (27 dec) https://www.bleepingcomputer.com/news/security/lockbit-ransomware-disrupts-emergency-care-at-german-hospitals

Efter it-attacken i Kalix: ”Kostar tre miljoner mer idag” (28 dec) https://sverigesradio.se/artikel/efter-it-attacken-i-kalix-kostar-tre-miljoner-mer-idag

Top 10 Vulnerabilities That Were Exploited the Most In 2023 (28 dec) https://cybersecuritynews.com/top-10-vulnerabilities-that-were-exploited-the-most-in-2023

WCC hit by ransomware attack (28 dec) https://www.oikoumene.org/news/wcc-hit-by-ransomware-attack ..
Kyrkornas världsråd drabbat av cyber-angrepp (28 dec) https://via.tt.se/pressmeddelande/3393640/cyberangrepp-mot-svenska-kyrkan

Cyber-hackers target UK nuclear waste company RWM (31 dec) https://www.theguardian.com/business/2023/dec/31/cyber-hackers-target-uk-nuclear-waste-company-rwm

CERT-SE i veckan

Kritiska sårbarheter i Juniper-produkter https://www.cert.se/2024/01/kritiska-sarbarheter-i-juniper-produkter.html

Kritisk sårbarhet i Fortinet-produkter https://www.cert.se/2024/01/kritisk-sarbarhet-i-fortinet-produkter.html

Kritiska sårbarheter i Ivanti Connect Secure och Policy Secure https://www.cert.se/2024/01/kritiska-sarbarheter-i-ivanti-connect-secure-och-policy-secure.html

SAP:s månatliga säkerhetsuppdateringar för januari 2024 https://www.cert.se/2024/01/sap-manatliga-sakerhetsuppdateringar-for-januari-2024.html

Microsofts månatliga säkerhetsuppdateringar för januari 2024 https://www.cert.se/2024/01/microsofts-manatliga-sakerhetsuppdateringar-for-januari-2024.html

Ivanti rättar kritisk sårbarhet i Ivanti EPM https://www.cert.se/2024/01/ivanti-rättar-kritisk-sårbarhet-i-ivanti-epm.html

Kritisk sårbarhet i Apache OfBiz https://www.cert.se/2023/12/kritisk-sarbarhet-i-apache-ofbiz.html