CERT-SE:s veckobrev v.28
Här kommer det sista veckobrevet innan sommarupphållet. Det innehåller en rejäl samling sårbarhetsartiklar, inte minst från patch-tisdag, och en massa andra nyheter. Veckobrevet är tillbaka vecka 32!
Trevlig helg!
Nyheter i veckan
Major cyber attack at Scottish university as police and government called in (7 jul)
https://www.thescottishsun.co.uk/news/scottish-news/10925930/university-uws-cyber-attack-police-government/
RomCom Threat Actor Suspected of Targeting Ukraine’s NATO Membership Talks at the NATO Summit (8 jul)
https://blogs.blackberry.com/en/2023/07/romcom-targets-ukraine-nato-membership-talks-at-nato-summit
French Government Allows Remote Access to Suspects’ Devices: Privacy Concerns Arise (9 jul)
https://www.itsecuritynews.info/french-government-allows-remote-access-to-suspects-devices-privacy-concerns-arise/
Lithuania Hit by Cyberattacks on NATO Summit Eve (10 jul)
https://www.kyivpost.com/post/19293
Busy Japanese port hit by cyberattack (10 jul)
https://www.ship-technology.com/news/busy-japanese-port-hit-by-cyberattack/
Bay Area city shuts down municipal sites following cyberattack (10 juli)
https://therecord.media/hayward-california-shuts-down-municipal-sites-cyberattack
Deutsche Bank confirms provider breach exposed customer data (11 jul)
https://www.bleepingcomputer.com/news/security/deutsche-bank-confirms-provider-breach-exposed-customer-data/
The Demoscene, Now An Irreplaceable Piece Of Cultural Heritage (11 jul)
https://hackaday.com/2023/07/11/the-demoscene-now-an-irreplaceable-piece-of-cultural-heritage/
Mitigation for China-Based Threat Actor Activity (11 jul)
https://blogs.microsoft.com/on-the-issues/2023/07/11/mitigation-china-based-threat-actor/
Tampa Bay zoo targeted in cyberattack by apparent offshoot of Royal ransomware (12 juli)
https://therecord.media/tampa-zoo-targeted-in-cyberattack
Apple re-releases zero-day patch after fixing browsing issue (12 juli)
https://www.bleepingcomputer.com/news/apple/apple-re-releases-zero-day-patch-after-fixing-browsing-issue/
Ransomware Attacks on Banking Industry (12 juli)
https://socradar.io/ransomware-attacks-on-banking-industry/
Big Head Ransomware Found in Malvertising and Fake Windows Updates (12 juli)
https://www.hackread.com/big-head-ransomware-fake-windows-updates/
Cyberattack on Norwegian Refugee Council online database (13 jul)
https://www.nrc.no/news/2023/july/cyberattack-on-norwegian-refugee-council-online-database/
The last Russian hacker kick at the NATO summit: a questionable data leak (13 juli)
https://cybernews.com/news/russian-gang-leaks-nato-summit-docs-vilnius/
Hackers Target Chinese Gamers With Microsoft-Signed Rootkit (13 jul)
https://www.darkreading.com/attacks-breaches/researchers-discover-microsoft-signed-rootkit-for-loading-2nd-stage-kernel-module
BlackLotus UEFI Bootkit Source Code Leaked on GitHub (13 juli)
https://www.securityweek.com/blacklotus-uefi-bootkit-source-code-leaked-on-github/
Informationssäkerhet och blandat
Google plans to scrape everything you post online to train its AI (5 jul)
https://www.malwarebytes.com/blog/news/2023/07/google-plans-to-scrape-everything-you-post-online-to-train-its-ai
Apps with 1.5M installs on Google Play send your data to China (6 jul)
https://www.bleepingcomputer.com/news/security/apps-with-15m-installs-on-google-play-send-your-data-to-china/
June 2023’s Most Wanted Malware: Qbot Most Prevalent Malware in First Half of 2023 and Mobile Trojan SpinOk Makes its Debut (6 jul)
https://blog.checkpoint.com/security/june-2023s-most-wanted-malware-qbot-most-prevalent-malware-in-first-half-of-2023-and-mobile-trojan-spinok-makes-its-debut/
Data Protection: European Commission adopts new adequacy decision for safe and trusted EU-US data flows (10 jul)
https://ec.europa.eu/commission/presscorner/detail/en/ip_23_3721
Big Head’ malware threat looms, warn researchers (10 jul)
https://www.scmagazine.com/news/ransomware/big-head-malware-threat-looms
Serious Security: Rowhammer returns to gaslight your computer (10 jul)
https://nakedsecurity.sophos.com/2023/07/10/serious-security-rowhammer-returns-to-gaslight-your-computer/
Storm-0978 attacks reveal financial and espionage motives
https://www.microsoft.com/en-us/security/blog/2023/07/11/storm-0978-attacks-reveal-financial-and-espionage-motives/
EU Council cuts down special product categories in cybersecurity law (11 jul)
https://www.euractiv.com/section/cybersecurity/news/eu-council-cuts-down-special-product-categories-in-cybersecurity-law/
The Spies Who Loved You: Infected USB Drives to Steal Secrets (11 jul)
https://www.mandiant.com/resources/blog/infected-usb-steal-secrets
Old certificate, new signature: Open-source tools forge signature timestamps on Windows drivers (11 juli)
https://blog.talosintelligence.com/old-certificate-new-signature/
Inside the Mind of the Hacker: Report Shows Speed and Efficiency of Hackers in Adopting New Technologies (12 jul)
https://www.securityweek.com/inside-the-mind-of-the-hacker-report-shows-speed-and-efficiency-of-hackers-in-adopting-new-technologies/
Enhanced Monitoring to Detect APT Activity Targeting Outlook Online (12 juli)
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-193a
Chinese Cyberspies Used Forged Authentication Tokens to Hack Government Emails (12 jul)
https://www.securityweek.com/chinese-cyberspies-used-forged-authentication-tokens-to-hack-government-emails/
How a Cloud Flaw Gave Chinese Spies a Key to Microsoft’s Kingdom (12 juli)
https://www.wired.com/story/microsoft-cloud-attack-china-hackers/
Microsoft SQL password-guessing attacks rising as hackers picot from OneNote vectors
https://www.techcentral.ie/microsoft-sql-password-guessing-attacks-rising-as-hackers-picot-from-onenote-vectors/
USB drive malware attacks spiking again in first half of 2023 (13 jul)
https://www.bleepingcomputer.com/news/security/usb-drive-malware-attacks-spiking-again-in-first-half-of-2023/
New Common Vulnerability Scoring System (CVSS) set to be cyber sector game-changer (13 jul)
https://www.first.org/newsroom/releases/20230713
CERT-SE i veckan
Kritisk sårbarhet i Ghostscript PDF-bibliotek
Kritiska sårbarheter i SonicWall-produkter
Kritisk sårbarhet Citrix Secure Access för Ubuntu
Kritisk sårbarhet i Fortinet-produkter
Flera allvarliga sårbarheter i HPE Aruba-produkter
SAP:s månatliga säkerhetsuppdateringar för juli