Som du ser är vår webbplats inte anpassad för äldre webbläsare. Vi rekommenderar att du uppgraderar till en nyare webbläsare.
!!

Vi söker chef till Enheten för operativ cybersäkerhetsförmåga, en viktig roll i arbetet med att utveckla Sveriges förmåga att förebygga och hantera it-incidenter. Sista ansökningsdag är den 19 oktober.

Publicerad - Veckobrev

CERT-SE:s veckobrev v.35

Den gångna veckan har det rapporterats om att botnätverket Qakbot tagits ner efter gemensamma ansträngningar av myndigheter i Europa och USA, men även om intrång i organisationers system, både här hemma och i flera europeiska länder. Trevlig helg önskar CERT-SE!

Nyheter i veckan

Data breach at French govt agency exposes info of 10 million people (25 aug)
https://www.bleepingcomputer.com/news/security/data-breach-at-french-govt-agency-exposes-info-of-10-million-people/

Sveriges skolor, universitet och forskningscenter utsätts för färre cyberattacker än i resten av världen (25 aug)
https://www.aktuellsakerhet.se/sveriges-skolor-universitet-och-forskningscenter-utsatts-for-farre-cyberattacker-an-i-resten-av-varlden/

Met Police investigating suspected data breach (28 aug)
https://www.bbc.com/news/uk-england-london-66631386

Kraftig ökning av ransomware i sommar – här är ligan som dominerar just nu (28 aug)
https://computersweden.idg.se/2.2683/1.779831/stor-okning-av-ransomware-i-sommar--har-ar-ligan-som-dominerar-just-nu

Experts Uncover How Cybercriminals Could Exploit Microsoft Entra ID for Elevated Privilege (28 aug)
https://thehackernews.com/2023/08/experts-uncover-how-cybercriminals.html

Attacks on Citrix NetScaler systems linked to ransomware actor (28 aug)
https://www.bleepingcomputer.com/news/security/attacks-on-citrix-netscaler-systems-linked-to-ransomware-actor/

Microsoft will enable Exchange Extended Protection by default this fall (28 aug)
https://www.bleepingcomputer.com/news/security/microsoft-will-enable-exchange-extended-protection-by-default-this-fall/

Manufacturing companies hit by the worst encryption rate in three years (29 aug)
https://manufacturing-today.com/news/manufacturing-companies-hit-by-the-worst-encryption-rate-in-three-years/

Hackers infiltrated Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC) for months (29 aug)
https://securityaffairs.com/150041/intelligence/japan-nisc-infiltrated.html

University of Michigan shuts down network after cyberattack (29 aug)
https://www.bleepingcomputer.com/news/security/university-of-michigan-shuts-down-network-after-cyberattack/

National Grid plots ‘honeypots’ to catch hackers as cyber attacks ramp up (29 aug)
https://www.telegraph.co.uk/business/2023/08/29/national-grid-honeypots-catch-hackers-cyber-attacks-infra/

Grave flaws in BGP Error handling (29 aug)
https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling

FBI, Partners Dismantle Qakbot Infrastructure in Multinational Cyber Takedown (29 aug)
https://www.fbi.gov/news/stories/fbi-partners-dismantle-qakbot-infrastructure-in-multinational-cyber-takedown
--
Qakbot botnet infrastructure shattered after international operation (30 aug)
https://www.europol.europa.eu/media-press/newsroom/news/qakbot-botnet-infrastructure-shattered-after-international-operation
--
Data From The Qakbot Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI (30 aug)
https://www.troyhunt.com/data-from-the-qakbot-malware-is-now-searchable-in-have-i-been-pwned-courtesy-of-the-fbi/

Montreal electricity organization latest victim in LockBit ransomware spree (30 aug)
https://therecord.media/montreal-electricity-organization-lockbit-victim

Data om 186 000 svenska pensionskunder har läckt ut (30 aug)
https://www.svt.se/nyheter/inrikes/svt-avslojar-data-om-186-000-svenska-pensionskunder-rojdes

Hackers attack 2 of the world's most advanced telescopes, forcing shutdown (30 aug)
https://www.livescience.com/space/astronomy/hackers-attack-2-of-the-worlds-most-advanced-telescopes-forcing-shutdown

Healthcare Organizations Hit by Cyberattacks Last Year Reported Big Impact, Costs (30 aug)
https://www.securityweek.com/healthcare-organizations-hit-by-cyberattacks-last-year-reported-big-impact-costs/

Rapporter och fördjupningar

MalDoc in PDF - Detection bypass by embedding a malicious Word file into a PDF file (28 aug)
https://blogs.jpcert.or.jp/en/2023/08/maldocinpdf.html

Diving Deep into UNC4841 Operations Following Barracuda ESG Zero-Day Remediation (CVE-2023-2868) (29 aug)
https://www.mandiant.com/resources/blog/unc4841-post-barracuda-zero-day-remediation

Dive into the Deep Sea: A View of the Subsea Cable Ecosystem (31 aug)
https://www.enisa.europa.eu/news/dive-into-the-deep-sea-a-view-of-the-subsea-cable-ecosystem

Malware Analysis Report: Infamous Chisel (31 aug)
https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/infamous-chisel/NCSC-MAR-Infamous-Chisel.pdf

Informationssäkerhet och blandat

The Cheap Radio Hack That Disrupted Poland’s Railway System (27 aug)
https://www.wired.com/story/poland-train-radio-stop-attack/

Global cybercrime treaty could be ‘disastrous for human rights,’ NGOs warn (28 aug)
https://therecord.media/global-cybercrime-treaty-disastrous-rights-orgs

Trygg-Hansa tvingas betala 35 miljoner efter säkerhetsbrister (30 aug)
https://www.svt.se/nyheter/inrikes/trygg-hansa-tvingas-betala-35-miljoner-efter-sakerhetsbrister

CERT-SE i veckan

Kritisk sårbarhet i VMware Aria Operations for Networks