CERT-SE:s veckobrev v.35
Den gångna veckan har det rapporterats om att botnätverket Qakbot tagits ner efter gemensamma ansträngningar av myndigheter i Europa och USA, men även om intrång i organisationers system, både här hemma och i flera europeiska länder. Trevlig helg önskar CERT-SE!
Nyheter i veckan
Data breach at French govt agency exposes info of 10 million people (25 aug)
https://www.bleepingcomputer.com/news/security/data-breach-at-french-govt-agency-exposes-info-of-10-million-people/
Sveriges skolor, universitet och forskningscenter utsätts för färre cyberattacker än i resten av världen (25 aug)
https://www.aktuellsakerhet.se/sveriges-skolor-universitet-och-forskningscenter-utsatts-for-farre-cyberattacker-an-i-resten-av-varlden/
Met Police investigating suspected data breach (28 aug)
https://www.bbc.com/news/uk-england-london-66631386
Kraftig ökning av ransomware i sommar – här är ligan som dominerar just nu (28 aug)
https://computersweden.idg.se/2.2683/1.779831/stor-okning-av-ransomware-i-sommar–har-ar-ligan-som-dominerar-just-nu
Experts Uncover How Cybercriminals Could Exploit Microsoft Entra ID for Elevated Privilege (28 aug)
https://thehackernews.com/2023/08/experts-uncover-how-cybercriminals.html
Attacks on Citrix NetScaler systems linked to ransomware actor (28 aug)
https://www.bleepingcomputer.com/news/security/attacks-on-citrix-netscaler-systems-linked-to-ransomware-actor/
Microsoft will enable Exchange Extended Protection by default this fall (28 aug)
https://www.bleepingcomputer.com/news/security/microsoft-will-enable-exchange-extended-protection-by-default-this-fall/
Manufacturing companies hit by the worst encryption rate in three years (29 aug)
https://manufacturing-today.com/news/manufacturing-companies-hit-by-the-worst-encryption-rate-in-three-years/
Hackers infiltrated Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC) for months (29 aug)
https://securityaffairs.com/150041/intelligence/japan-nisc-infiltrated.html
University of Michigan shuts down network after cyberattack (29 aug)
https://www.bleepingcomputer.com/news/security/university-of-michigan-shuts-down-network-after-cyberattack/
National Grid plots ‘honeypots’ to catch hackers as cyber attacks ramp up (29 aug)
https://www.telegraph.co.uk/business/2023/08/29/national-grid-honeypots-catch-hackers-cyber-attacks-infra/
Grave flaws in BGP Error handling (29 aug)
https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling
FBI, Partners Dismantle Qakbot Infrastructure in Multinational Cyber Takedown (29 aug)
https://www.fbi.gov/news/stories/fbi-partners-dismantle-qakbot-infrastructure-in-multinational-cyber-takedown
…
Qakbot botnet infrastructure shattered after international operation (30 aug)
https://www.europol.europa.eu/media-press/newsroom/news/qakbot-botnet-infrastructure-shattered-after-international-operation
…
Data From The Qakbot Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI (30 aug)
https://www.troyhunt.com/data-from-the-qakbot-malware-is-now-searchable-in-have-i-been-pwned-courtesy-of-the-fbi/
Montreal electricity organization latest victim in LockBit ransomware spree (30 aug)
https://therecord.media/montreal-electricity-organization-lockbit-victim
Data om 186 000 svenska pensionskunder har läckt ut (30 aug)
https://www.svt.se/nyheter/inrikes/svt-avslojar-data-om-186-000-svenska-pensionskunder-rojdes
Hackers attack 2 of the world’s most advanced telescopes, forcing shutdown (30 aug)
https://www.livescience.com/space/astronomy/hackers-attack-2-of-the-worlds-most-advanced-telescopes-forcing-shutdown
Healthcare Organizations Hit by Cyberattacks Last Year Reported Big Impact, Costs (30 aug)
https://www.securityweek.com/healthcare-organizations-hit-by-cyberattacks-last-year-reported-big-impact-costs/
Rapporter och fördjupningar
MalDoc in PDF - Detection bypass by embedding a malicious Word file into a PDF file (28 aug)
https://blogs.jpcert.or.jp/en/2023/08/maldocinpdf.html
Diving Deep into UNC4841 Operations Following Barracuda ESG Zero-Day Remediation (CVE-2023-2868) (29 aug)
https://www.mandiant.com/resources/blog/unc4841-post-barracuda-zero-day-remediation
Dive into the Deep Sea: A View of the Subsea Cable Ecosystem (31 aug)
https://www.enisa.europa.eu/news/dive-into-the-deep-sea-a-view-of-the-subsea-cable-ecosystem
Malware Analysis Report: Infamous Chisel (31 aug)
https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/infamous-chisel/NCSC-MAR-Infamous-Chisel.pdf
Informationssäkerhet och blandat
The Cheap Radio Hack That Disrupted Poland’s Railway System (27 aug)
https://www.wired.com/story/poland-train-radio-stop-attack/
Global cybercrime treaty could be ‘disastrous for human rights,’ NGOs warn (28 aug)
https://therecord.media/global-cybercrime-treaty-disastrous-rights-orgs
Trygg-Hansa tvingas betala 35 miljoner efter säkerhetsbrister (30 aug)
https://www.svt.se/nyheter/inrikes/trygg-hansa-tvingas-betala-35-miljoner-efter-sakerhetsbrister