CERT-SE:s veckobrev v.33
Veckans nyhetsbrev bjuder på blandade godbitar och ett antal fördjupande artiklar. Bland annat berättar Viasat om vad som hände förra våren när de råkade ut för en omfattande attack. Dessutom har NCSC gått ut med en save the date inför sin konferens den 5 december.
Trevlig helg önskar CERT-SE!
Nyheter i veckan
Increase in Companies Falsely Claiming an Ability to Recover Funds Lost in Cryptocurrency Investment Scams (11 aug)
https://www.ic3.gov/Media/Y2023/PSA230811
5 arrested in Poland for running bulletproof hosting service for cybercrime gangs (11 aug)
https://www.europol.europa.eu/media-press/newsroom/news/5-arrested-in-poland-for-running-bulletproof-hosting-service-for-cybercrime-gangs
US cyber body to review cloud computing safety, Microsoft breach (11 aug)
https://www.reuters.com/technology/us-cyber-safety-review-board-assess-online-intrusion-microsoft-exchange-dhs-2023-08-11/
Security News This Week: A New Attack Reveals Everything You Type With 95 Percent Accuracy (12 aug)
https://www.wired.co.uk/article/keystroke-attack-security-roundup
Knight ransomware distributed in fake Tripadvisor complaint emails (12 aug)
https://www.bleepingcomputer.com/news/security/knight-ransomware-distributed-in-fake-tripadvisor-complaint-emails/
Veilid: A secure peer-to-peer network for apps that flips off the surveillance economy (12 aug)
https://www.theregister.com/2023/08/12/veilid_privacy_data/
MaginotDNS attacks exploit weak checks for DNS cache poisoning (13 aug)
https://www.bleepingcomputer.com/news/security/maginotdns-attacks-exploit-weak-checks-for-dns-cache-poisoning/
100,000 Hackers Exposed from Top Cybercrime Forums (14 aug)
https://www.hudsonrock.com/blog/100-000-hackers-exposed-from-top-cybercrime-forums
Tonåring från Uppsala län tar på sig två stora IT-attacker (14 aug)
https://www.svt.se/nyheter/lokalt/uppsala/tonaring-fran-uppsala-lan-tar-pa-sig-tva-stora-it-attacker–7c3ffr
Evasive Phishing Campaign Steals Cloud Credentials Using Cloudflare R2 and Turnstile (14 aug)
https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile
Discord.io confirms breach after hacker steals data of 760K users (14 aug)
https://www.bleepingcomputer.com/news/security/discordio-confirms-breach-after-hacker-steals-data-of-760k-users/
Cyber Criminals Targeting Victims through Mobile Beta-Testing Applications (14 aug)
https://www.ic3.gov/Media/Y2023/PSA230814
Millions of Americans’ health data stolen after MOVEit hackers targeted IBM (14 aug)
https://techcrunch.com/2023/08/14/millions-americans-health-data-moveit-hackers-clop-ibm/
Most DDoS attacks tied to gaming, business disputes, FBI and prosecutors say (14 aug)
https://therecord.media/ddos-attacks-tied-to-gaming-business-disputes-fbi-says
LinkedIn Accounts Under Attack (14 aug)
https://cyberint.com/blog/research/linkedin-accounts-under-attack-how-to-protect-yourself/
Shutdown of e-mail solution following cyberattack (15 aug)
https://www.regjeringen.no/en/aktuelt/shutdown-of-e-mail-solution-following-cyberattack/id2991023/
Misstänkt rysk it-attack mot Uppsala universitet: ”Kan öka sårbarheten” (15 aug)
https://www.svt.se/nyheter/lokalt/uppsala/misstankt-rysk-it-attack-mot-uppsala-universitet-kan-oka-sarbarheten–r0kbmr
Inside the largest-ever A.I. chatbot hack fest, where hackers tried to outsmart OpenAI, Microsoft, Google (15 aug)
https://www.cnbc.com/2023/08/15/def-con-hackers-try-to-crack-chatbots-from-openai-google-microsoft.html
Suburban DC school district responds to cyberattack (15 aug)
https://therecord.media/prince-georges-county-schools-maryland-cyberattack
Överbelastningsattack på Jordbruksverket i Jönköping (15 aug)
https://www.svt.se/nyheter/lokalt/jonkoping/overbelastningsattack-pa-jordbruksverket-i-jonkoping
Toward Quantum Resilient Security Keys (15 aug)
https://security.googleblog.com/2023/08/toward-quantum-resilient-security-keys.html
Varningar för investeringsbedrägerier fortsätter öka (16 aug)
https://www.fi.se/sv/publicerat/nyheter/2023/varningar-for-investeringsbedragerier-fortsatter-oka/
Tech glitch let people with empty bank accounts withdraw hundreds in cash (16 aug)
https://arstechnica.com/information-technology/2023/08/tech-error-let-people-with-empty-bank-accounts-withdraw-hundreds-in-cash/
Angreps av Ryssland – nu berättar Viasat om attacken som slog ut internet i Ukraina (18 aug)
https://computersweden.idg.se/2.2683/1.779778/angreps-av-ryssland–nu-berattar-viasat-om-attacken-som-slog-ut-internet-i-ukraina
Informationssäkerhet och blandat
Monti Ransomware Unleashes a New Encryptor for Linux (14 aug)
https://www.trendmicro.com/en_us/research/23/h/monti-ransomware-unleashes-a-new-encryptor-for-linux.html
What’s New in the NIST Cybersecurity Framework 2.0 (14 aug)
https://www.darkreading.com/operations/whats-new-in-nist-cybersecurity-framework-2-0
Approximately 2000 Citrix NetScalers backdoored in mass-exploitation campaign (15 aug)
https://blog.fox-it.com/2023/08/15/approximately-2000-citrix-netscalers-backdoored-in-mass-exploitation-campaign/
Introducing Cloudflare’s 2023 phishing threats report (16 aug)
https://blog.cloudflare.com/2023-phishing-report/
Intel insiders go undercover revealing fresh details into NoName hacktivist operations (16 aug)
https://cybernews.com/cyber-war/new-undercover-intel-noname-russian-hacktivist-operations/
Windows feature that resets system clocks based on random data is wreaking havoc (16 aug)
https://arstechnica.com/security/2023/08/windows-feature-that-resets-system-clocks-based-on-random-data-is-wreaking-havoc/
Raccoon Stealer malware back with updated version following administrator arrest (16 aug)
https://therecord.media/raccoon-malware-back-with-updated-version
PowerHell: Active Flaws in PowerShell Gallery Expose Users to Attacks (16 aug)
https://blog.aquasec.com/powerhell-active-flaws-in-powershell-gallery-expose-users-to-attacks
CISA Publishes JCDC Remote Monitoring and Management Systems Cyber Defense Plan (16 aug)
https://www.cisa.gov/news-events/news/cisa-publishes-jcdc-remote-monitoring-and-management-systems-cyber-defense-plan
Major Energy Company Targeted in Large QR Code Campaign (16 aug)
https://cofense.com/blog/major-energy-company-targeted-in-large-qr-code-campaign/
ProxyNation: The dark nexus between proxy apps and malware (16 aug)
https://cybersecurity.att.com/blogs/labs-research/proxynation-the-dark-nexus-between-proxy-apps-and-malware
Protecting your information and data when using applications- ITSAP.40.200
https://www.cyber.gc.ca/en/protecting-your-information-and-data-when-using-applications-itsap40200
Debian Celebrates 30 years!
https://bits.debian.org/2023/08/debian-turns-30.html
Save the date: NCSC konferens 5 december 2023
https://www.ncsc.se/aktuellt/ncsc-konferens-2023/