CERT-SE:s veckobrev v.13

Veckobrev

Idag är det World backup day, hurra! Ta gärna tillfället i akt att se över hur (och hur ofta) din organisation sparar sin information. Rekommendationer finns bland annat på MSB:s webbplats. Trevlig helg önskar CERT-SE!

Nyheter i veckan

NCA infiltrates cyber crime market with disguised DDoS sites (24 mar)
https://www.nationalcrimeagency.gov.uk/news/nca-infiltrates-cyber-crime-market-with-disguised-ddos-sites

FBI confirms access to Breached cybercrime forum database (24 mar)
https://www.bleepingcomputer.com/news/security/fbi-confirms-access-to-breached-cybercrime-forum-database/

Säkerhetsexperter: Ryssland kan ligga bakom attacken mot äldreomsorgen (24 mar)
https://www.svt.se/nyheter/inrikes/sakerhetsexperten-om-attacken-mot-trygghetslarmen

Hackarna slog ut barnens skolskjuts – ”Fick ta fram papper och penna” (26 mar)
https://www.tv4.se/artikel/7rAHkljlvZguTU3r4YCHOS/hackarna-slog-ut-barnens-skolskjuts-fick-ta-fram-papper-och-penna

Cybersäkerhetsexpertens bästa tips: ”Så undviker du att bli hackad” (26 mar)
https://www.tv4.se/klipp/va/20488369/cybersakerhetsexpertens-basta-tips-sa-undviker-du-att-bli-hackad

Cyberattack mot Västtrafik del av oroande trend för transportsektorn (27 mar)
https://computersweden.idg.se/2.2683/1.777705/vasttrafik-bara-borjan–svenska-transportsektorn-sarskilt-utsatt-for-cyberangrepp

France bans all recreational apps – including TikTok – from government devices (27 mar)
https://www.theregister.com/2023/03/27/france_bans_all_recreational_apps/

Försvarsmakten förbjuder Tiktok för sina anställda (27 mar)
https://www.svt.se/nyheter/inrikes/forsvarsmakten-forbjuder-tiktok-for-sina-anstallda

Varning för försök till nätfiske på Messenger (27 mar)
https://sakerhetskollen.se/aktuella-brott/varning-for-forsok-till-natfiske-pa-messenger

The criminal use of ChatGPT – a cautionary tale about large language models (27 mar)
https://www.europol.europa.eu/media-press/newsroom/news/criminal-use-of-chatgpt-cautionary-tale-about-large-language-models

Fork in the Ice: The New Era of IcedID (27 mar)
https://www.proofpoint.com/us/blog/threat-insight/fork-ice-new-era-icedid

”Hacktivister” siktar på Europa – Sverige bland de mest utsatta (27 mar)
https://sverigesradio.se/artikel/hacktivister-siktar-pa-europa-sverige-bland-de-mest-utsatta

Biden Restricts Use of Commercial Hacking Tools by U.S. Agencies (27 mar)
https://www.wsj.com/articles/biden-restricts-use-of-commercial-hacking-tools-by-u-s-agencies-f0a4afda?st=pw651tabz4mv7ve

Exchange Online to block emails from vulnerable on-prem servers (27 mar)
https://www.bleepingcomputer.com/news/security/exchange-online-to-block-emails-from-vulnerable-on-prem-servers/

Rhadamanthys: The “Everything Bagel” Infostealer (27 mar)
https://research.checkpoint.com/2023/rhadamanthys-the-everything-bagel-infostealer/

CISA: Untitled Goose Tool (27 mar)
https://github.com/cisagov/untitledgoosetool

Untitled Goose Tool: Fact Sheet (27 mar)
https://www.cisa.gov/sites/default/files/2023-03/untitled_goose_tool_fact_sheet_final_508cv2.pdf

Överbelastningsattack mot Skandiabanken (28 mar)
https://www.dn.se/ekonomi/overbelastningsattack-mot-skandia/

Bay Area Bank Collapse and the Cybersecurity Impact (28 mar)
https://www.trendmicro.com/en_us/ciso/23/c/bay-area-bank-collapse-cybersecurity-impact.html

Stealthy DBatLoader Malware Loader Spreading Remcos RAT and Formbook in Europe (28 mar)
https://thehackernews.com/2023/03/stealthy-dbatloader-malware-loader.html

Mélofée: a new alien malware in the Panda’s toolset targeting Linux hosts (28 mar)
https://blog.exatrack.com/melofee/

Rapport: Hackare från Nordkorea angrep Sverige (28 mar)
https://www.dn.se/varlden/rapport-hackare-fran-nordkorea-angrep-sverige/

Diagnose your SME’s Cybersecurity and Scan for Recommendations (28 mar)
https://www.enisa.europa.eu/news/diagnose-your-sme2019s-cybersecurity-and-scan-for-recommendations

WiFi protocol flaw allows attackers to hijack network traffic (28 mar)
https://www.bleepingcomputer.com/news/security/wifi-protocol-flaw-allows-attackers-to-hijack-network-traffic/

Framing Frames: Bypassing Wi-Fi Encryption by Manipulating Transmit Queues
https://papers.mathyvanhoef.com/usenix2023-wifi.pdf

Ny cyberattack mot Piteå kommun – 1 500 är drabbade (29 mar)
https://www.svt.se/nyheter/lokalt/norrbotten/ny-cyberattak-mot-pitea-kommun-1-500-ar-drabbade

ENISA Foresight Cybersecurity Threats for 2030 (29 mar)
https://www.enisa.europa.eu/publications/enisa-foresight-cybersecurity-threats-for-2030

Microsoft släpper GPT-4-assistent för cybersäkerhet (29 mar)
https://computersweden.idg.se/2.2683/1.777857/microsoft-slapper-ai-assistent-for-sakerhetsavdelningen

Spyware vendors use 0-days and n-days against popular platforms (29 mar)
https://blog.google/threat-analysis-group/spyware-vendors-use-0-days-and-n-days-against-popular-platforms/

API Security Trends (29 mar)
https://salt.security/api-security-trends?utm_source=blog

Microsoft Defender shoots down legit URLs as malicious (29 mar)
https://www.theregister.com/2023/03/29/microsoft_defender_url_alerts/

The US Is Sending Money to Countries Devastated by Cyberattacks (29 mar)
https://www.wired.com/story/white-house-costa-rica-albania-ransomware-aid/

Refreshed ‘cyber security toolkit’ helps board members to govern online risk (30 mar)
https://www.ncsc.gov.uk/blog-post/refreshed-toolkit-helps-board-members-to-govern-cyber-risk

Hackare använder kapad telefon-app i leverantörsattacker (30 mar)
https://computersweden.idg.se/2.2683/1.777905/hackare-anvander-kapad-telefon-app-i-leverantorsattacker

Informationssäkerhet och blandat

Procter & Gamble confirms data theft via GoAnywhere zero-day (24 mar)
https://www.bleepingcomputer.com/news/security/procter-and-gamble-confirms-data-theft-via-goanywhere-zero-day/

2600? How Phreaking Really Worked (26 mar)
https://www.youtube.com/watch?v=8PmkUPBhL4U

Australia’s Latitude Group says 7.9 million driver licence numbers stolen in data theft (27 mar)
https://www.reuters.com/technology/australias-latitude-group-says-79-mln-driver-licence-numbers-stolen-data-theft-2023-03-26/

Dataintrång i systemet för serviceresor (28 mar)
https://www.svt.se/nyheter/lokalt/jonkoping/dataintrang-i-systemet-for-seviceresor

Sannolikt att personuppgifter stals när trygghetslarmen havererade (28 mar)
https://www.svt.se/nyheter/lokalt/smaland/sannolikt-att-personuppgifter-stals-nar-trygghetslarmen-havererade

E-postintrång ett mycket dyrare gissel för företagen än ransomware (28 mar)
https://computersweden.idg.se/2.2683/1.775379/darfor-kostar-e-postintrang-mer-an-ransomware

Vem begår cyberbrott? (28 mar)
https://www.his.se/nyheter/2023/mars/vem-begar-cyberbrott/

Children’s data feared stolen in Fortra ransomware attack (28 mar)
https://techcrunch.com/2023/03/28/children-data-fortra-ransomware/

A Growing Goldmine: Your LinkedIn Data Abused For Cybercrime (28 mar)
https://www.trendmicro.com/vinfo/es/security/news/cybercrime-and-digital-threats/a-growing-goldmine-your-linkedin-data-abused-for-cybercrime

ChatGPT Vulnerability May Have Exposed Users’ Payment Information (29 mar)
https://www.infosecurity-magazine.com/news/chatgpt-vulnerability-payment/

It-personalen är trött på förändringar – det hindrar utvecklingen (30 mar)
https://cio.idg.se/2.1782/1.777903/it-personalen-ar-trott-pa-forandringar–det-hindrar-utvecklingen

Gartner Highlights Four Steps CIOs Can Take to Mitigate IT Employee Fatigue (30 mar)
https://www.gartner.com/en/newsroom/press-releases/2023-03-30-gartner-highlights-four-steps-cios-can-take-to-mitigate-it-employee-fatigue

Over 70% of Employees Keep Work Passwords on Personal Devices (30 mar)
https://www.infosecurity-magazine.com/news/70-employees-keep-work-passwords/

World Backup Day (31 mar)
https://www.worldbackupday.com/en

Säkerhetskopiera och säkra din information
https://www.msb.se/sv/rad-till-privatpersoner/informationssakerhet/sakra-din-information-med-en-sakerhetskopia/

CERT-SE i veckan

Sårbarhet i VoIP-tjänsten 3CX utnyttjas för angrepp mot kunder

Pågående nätfiskekampanj riktad mot bland annat kommuner och skolor

Säkerhetsuppdateringar från Apple