CERT-SE:s veckobrev v.9
Blandade nyheter från veckan. Bland annat flera nyheter och rapporter om ransomware, och MSB har publicerat en rapport om offentliga organisationers informations- och cybersäkerhetsarbete.
Trevlig helg!
Nyheter i veckan
IT-attacker på flera håll i Danmark: ”Verkar vara ryska hackare” (25 feb) https://sverigesradio.se/artikel/hackerattack-mot-kopenhamns-flygplats-sajten-ligger-nere
LockBit Ransomware Gang Resurfaces With New Leak Site (26 feb)
https://www.securityweek.com/lockbit-ransomware-gang-resurfaces-with-new-site/
…
Russia-based LockBit ransomware hackers attempt comeback (26 feb)
https://www.theguardian.com/technology/2024/feb/26/russian-based-lockbit-ransomware-hackers-attempt-comeback
Region Örebro län har drabbats av dataintrång (26 feb) https://via.tt.se/pressmeddelande/3421820/region-orebro-lan-har-drabbats-av-dataintrang
Hacker group hides malware in images to target Ukrainian organizations (26 feb) https://www.csoonline.com/article/1309858/hacker-group-hides-malware-in-images-to-target-ukrainian-organizations.html
Hackargruppen Akira hotar att läcka svenska data (27 feb) https://www.dn.se/sverige/hackargruppen-akira-hotar-att-lacka-svenska-data/
Sophiahemmet utsatt för omfattande hackerattack (27 feb) https://www.svt.se/nyheter/lokalt/stockholm/sophiahemmet-utsatt-for-omfattande-hackerattack
Bjuvs kommun i stabsläge – hotas av rysk hackergrupp (27 feb) https://sverigesradio.se/artikel/bjuvs-kommun-i-stabslage-hotas-av-rysk-hackergrupp
Black Basta, Bl00dy ransomware gangs join ScreenConnect attacks (27 feb) https://www.bleepingcomputer.com/news/security/black-basta-bl00dy-ransomware-gangs-join-screenconnect-attacks/
Calendar Meeting Links Used to Spread Mac Malware (28 feb) https://krebsonsecurity.com/2024/02/calendar-meeting-links-used-to-spread-mac-malware/
Lazarus hackers exploited Windows zero-day to gain Kernel privileges (28 feb) https://www.bleepingcomputer.com/news/security/lazarus-hackers-exploited-windows-zero-day-to-gain-kernel-privileges/
Europe’s Pepco loses $17M in phishing attack (29 feb) https://www.scmagazine.com/brief/europes-pepco-loses-17m-in-phishing-attack
Facebook bug could have allowed attacker to take over accounts (29 feb) https://www.malwarebytes.com/blog/news/2024/02/facebook-bug-could-have-allowed-attacker-to-take-over-accounts
Skottdag orsakade tekniska problem på Ica (29 feb) https://www.tv4.se/artikel/3j2QhGxJX5cBbp5kbEvIHO/gar-inte-betala-med-kort-pa-ica
Rapporter och analyser
StopRansomware: ALPHV Blackcat (27 feb) https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-353a
Best Practices for Cyber Crisis Management (28 feb) https://www.enisa.europa.eu/publications/best-practices-for-cyber-crisis-management
StopRansomware: Phobos Ransomware (29 feb) https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-060a
Sju av tio organisationer har allvarliga brister i sitt säkerhetsarbete (1 mar) https://www.msb.se/sv/aktuellt/nyheter/2024/mars/sju-av-tio-organisationer-har-allvarliga-brister-i-sitt-sakerhetsarbete/
Informationssäkerhet och blandat
Undutmaning 2024 https://undutmaning.se/
NIST Cybersecurity Framework 2.0 Officially Released (27 feb) https://www.securityweek.com/nist-cybersecurity-framework-2-0-officially-released/
Registrars can now block all domains that resemble brand names (28 feb) https://www.bleepingcomputer.com/news/technology/registrars-can-now-block-all-domains-that-resemble-brand-names/
Expert: Fler hackarattacker mot kommuner i framtiden (29 feb) https://www.dn.se/sverige/expert-fler-hackarattacker-mot-kommuner-i-framtiden/
CERT-SE i veckan
Kritisk sårbarhet i Aruba Clearpass (29 feb) https://www.cert.se/2024/02/kritisk-sarbarhet-i-aruba-clearpass.html
Utskick från CERT-SE om ANTS (29 feb) https://www.cert.se/2024/02/utskick-fran-cert-se-om-ants.html
Ivanti-sårbarheter utnyttjas aktivt (1 mar) https://www.cert.se/2024/03/ivanti-sarbarheter-utnyttjas-aktivt.html