CERT-SE:s veckobrev v.9

Veckobrev

Blandade nyheter från veckan. Bland annat flera nyheter och rapporter om ransomware, och MSB har publicerat en rapport om offentliga organisationers informations- och cybersäkerhetsarbete.

Trevlig helg!

Nyheter i veckan

IT-attacker på flera håll i Danmark: ”Verkar vara ryska hackare” (25 feb) https://sverigesradio.se/artikel/hackerattack-mot-kopenhamns-flygplats-sajten-ligger-nere

LockBit Ransomware Gang Resurfaces With New Leak Site (26 feb) https://www.securityweek.com/lockbit-ransomware-gang-resurfaces-with-new-site/
Russia-based LockBit ransomware hackers attempt comeback (26 feb) https://www.theguardian.com/technology/2024/feb/26/russian-based-lockbit-ransomware-hackers-attempt-comeback

Region Örebro län har drabbats av dataintrång (26 feb) https://via.tt.se/pressmeddelande/3421820/region-orebro-lan-har-drabbats-av-dataintrang

Hacker group hides malware in images to target Ukrainian organizations (26 feb) https://www.csoonline.com/article/1309858/hacker-group-hides-malware-in-images-to-target-ukrainian-organizations.html

Hackargruppen Akira hotar att läcka svenska data (27 feb) https://www.dn.se/sverige/hackargruppen-akira-hotar-att-lacka-svenska-data/

Sophiahemmet utsatt för omfattande hackerattack (27 feb) https://www.svt.se/nyheter/lokalt/stockholm/sophiahemmet-utsatt-for-omfattande-hackerattack

Bjuvs kommun i stabsläge – hotas av rysk hackergrupp (27 feb) https://sverigesradio.se/artikel/bjuvs-kommun-i-stabslage-hotas-av-rysk-hackergrupp

Black Basta, Bl00dy ransomware gangs join ScreenConnect attacks (27 feb) https://www.bleepingcomputer.com/news/security/black-basta-bl00dy-ransomware-gangs-join-screenconnect-attacks/

Calendar Meeting Links Used to Spread Mac Malware (28 feb) https://krebsonsecurity.com/2024/02/calendar-meeting-links-used-to-spread-mac-malware/

Lazarus hackers exploited Windows zero-day to gain Kernel privileges (28 feb) https://www.bleepingcomputer.com/news/security/lazarus-hackers-exploited-windows-zero-day-to-gain-kernel-privileges/

Europe’s Pepco loses $17M in phishing attack (29 feb) https://www.scmagazine.com/brief/europes-pepco-loses-17m-in-phishing-attack

Facebook bug could have allowed attacker to take over accounts (29 feb) https://www.malwarebytes.com/blog/news/2024/02/facebook-bug-could-have-allowed-attacker-to-take-over-accounts

Skottdag orsakade tekniska problem på Ica (29 feb) https://www.tv4.se/artikel/3j2QhGxJX5cBbp5kbEvIHO/gar-inte-betala-med-kort-pa-ica

Rapporter och analyser

StopRansomware: ALPHV Blackcat (27 feb) https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-353a

Best Practices for Cyber Crisis Management (28 feb) https://www.enisa.europa.eu/publications/best-practices-for-cyber-crisis-management

StopRansomware: Phobos Ransomware (29 feb) https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-060a

Sju av tio organisationer har allvarliga brister i sitt säkerhetsarbete (1 mar) https://www.msb.se/sv/aktuellt/nyheter/2024/mars/sju-av-tio-organisationer-har-allvarliga-brister-i-sitt-sakerhetsarbete/

Informationssäkerhet och blandat

Undutmaning 2024 https://undutmaning.se/

NIST Cybersecurity Framework 2.0 Officially Released (27 feb) https://www.securityweek.com/nist-cybersecurity-framework-2-0-officially-released/

Registrars can now block all domains that resemble brand names (28 feb) https://www.bleepingcomputer.com/news/technology/registrars-can-now-block-all-domains-that-resemble-brand-names/

Expert: Fler hackarattacker mot kommuner i framtiden (29 feb) https://www.dn.se/sverige/expert-fler-hackarattacker-mot-kommuner-i-framtiden/

CERT-SE i veckan

Kritisk sårbarhet i Aruba Clearpass (29 feb) https://www.cert.se/2024/02/kritisk-sarbarhet-i-aruba-clearpass.html

Utskick från CERT-SE om ANTS (29 feb) https://www.cert.se/2024/02/utskick-fran-cert-se-om-ants.html

Ivanti-sårbarheter utnyttjas aktivt (1 mar) https://www.cert.se/2024/03/ivanti-sarbarheter-utnyttjas-aktivt.html