CERT-SE startsida
Sök inom CERT-SE
Publicerad: 2023-12-08 14:45

CERT-SE:s veckobrev v.49

Veckobrev

Lagom till andra advent kommer här ett fylligt veckobrev från CERT-SE. Flera artiklar berör olika aspekter av AI, intrång och läckor, och det rapporteras fortsatt om cyberangreppet mot Svenska kyrkan. Det blir även ett par historiska tillbakablickar och för den som är sugen på pyssel finns en CTF från Yellow Yak.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Många tar på sig it-attacken – pressar kyrkan på pengar (30 nov) https://sverigesradio.se/artikel/svenska-kyrkan-utpressas-av-flera-aktorer ..
Kyrkan kan inte betala räkningar – efter it-attacken (1 dec) https://sverigesradio.se/artikel/anstallda-kan-bli-utan-lon-efter-attack ..
It-attacken påverkar gravsättningar i Göteborg (4 dec) https://omni.se/it-attacken-paverkar-gravsattningar-i-goteborg/a/APKGl5 ..
Stora problem efter cyberattack mot Svenska kyrkan (6 dec) https://www.svt.se/nyheter/lokalt/helsingborg/stora-problem-efter-cyberattack-mot-svenska-kyrkan--wv2vhq

Sellafield nuclear site hacked by groups linked to Russia and China (4 dec) https://www.theguardian.com/business/2023/dec/04/sellafield-nuclear-site-hacked-groups-russia-china

Russian Hacker Vladimir Dunaev Pleads Guilty for Creating TrickBot Malware (2 dec) https://thehackernews.com/2023/12/russian-hacker-vladimir-dunaev.html

Microsoft Warns of Malvertising Scheme Spreading CACTUS Ransomware (4 dec) https://thehackernews.com/2023/12/microsoft-warns-of-malvertising-scheme.html

Cyberangrep i høytiden – NSM anbefaler virksomheter å gjøre gode juleforberedelser (4 dec) https://nsm.no/aktuelt/cyberangrep-i-hoytiden-nsm-anbefaler-virksomheter-a-gjore-gode-juleforberedelser

Rhysida ransomware gang hits hospital holding royal family’s data (4 dec) https://www.computerweekly.com/news/366561917/Rhysida-ransomware-gang-hits-hospital-holding-royal-familys-data

Meta AI Models Cracked Open With Exposed API Tokens (4 dec) https://www.darkreading.com/vulnerabilities-threats/meta-ai-models-cracked-open-exposed-api-tokens

What it means — CitrixBleed ransomware group woes grow as over 60 credit unions, hospitals, financial services and more breached in US. (4 dec) https://doublepulsar.com/what-it-means-citrixbleed-ransom-group-woes-grow-as-over-60-credit-unions-hospitals-47766a091d4f

Threat Spotlight: Phishing emails using Adobe InDesign on the rise (4 dec) https://blog.barracuda.com/2023/12/04/threat-spotlight-phishing-emails-adobe-indesign

23andMe confirms hackers stole ancestry data on 6.9 million users (4 dec) https://techcrunch.com/2023/12/04/23andme-confirms-hackers-stole-ancestry-data-on-6-9-million-users/

Supply-chain ransomware attack causes outages at over 60 credit unions (4 dec) https://www.tripwire.com/state-of-security/supply-chain-ransomware-attack-causes-outages-over-60-credit-unions

BlackCat ransomware crims threaten to directly extort victim’s customers (5 dec) https://www.theregister.com/2023/12/05/alphvblackcat_shakes_up_tactics_again/

Your car is probably harvesting your data. Here’s how you can wipe it (5 dec) https://therecord.media/car-data-privacy-service-wiping

Frankrike förbjuder ministrar att använda Whatsapp, Telegram och Signal (5 dec) https://computersweden.idg.se/2.2683/1.780553/frankrike-forbjuder-ministrar-att-anvanda-whatsapp-och-signal

Inte längre tillåtet att be Chat GPT repetera ord (5 dec) https://omni.se/inte-langre-tillatet-att-be-chat-gpt-repetera-ord/a/mQmz5E

Riskerna med AI – tre olika generationer (5 dec) https://www.svt.se/nyheter/vetenskap/riskerna-med-ai-tre-olika-generationer--k2xphu

North Korea hackers may have stolen data on laser weapon -police (6 dec) https://www.reuters.com/technology/cybersecurity/north-korea-hackers-may-have-stolen-data-laser-weapon-police-2023-12-06/

Russian spies targeting UK MPs and media with ‘cyber interference’ (7 dec) https://www.theguardian.com/politics/2023/dec/07/russian-spies-targeting-uk-mps-and-media-with-cyber-interference

Talks on EU’s AI Act to resume Friday after marathon debate (7 dec) https://www.reuters.com/technology/eu-still-hammering-out-landmark-ai-rules-marathon-overnight-talks-2023-12-07/

Nasjonal sikkerhetsmyndighet (NSM) har inngått ulovlig låneavtale på 200 millioner kroner (8 dec) https://www.regjeringen.no/no/aktuelt/nasjonal-sikkerhetsmyndighet-nsm-har-inngatt-ulovlig-laneavtale-pa-200-millioner-kroner/id3017665/

Informationssäkerhet och blandat

Cyberresiliensakten: överenskommelse mellan rådet och parlamentet om säkerhetskrav för digitala produkter (30 nov) https://www.consilium.europa.eu/sv/press/press-releases/2023/11/30/cyber-resilience-act-council-and-parliament-strike-a-deal-on-security-requirements-for-digital-products/

40 years of Turbo Pascal, the coding dinosaur that revolutionized IDEs (4 dec) https://www.theregister.com/2023/12/04/40_years_of_turbo_pascal/

USB-C For Hackers: Program Your Own PSU (4 dec) https://hackaday.com/2023/12/04/usb-c-for-hackers-program-your-own-psu/

A Decade of Have I Been Pwned (4 dec) https://www.troyhunt.com/a-decade-of-have-i-been-pwned/

SQL Brute Force Leads to BlueSky Ransomware (4 dec) https://thedfirreport.com/2023/12/04/sql-brute-force-leads-to-bluesky-ransomware/

P2Pinfect - New Variant Targets MIPS Devices (4 dec) https://www.cadosecurity.com/p2pinfect-new-variant-targets-mips-devices/

By the same token: How adversaries infiltrate AWS cloud accounts (5 dec) https://redcanary.com/blog/aws-sts/

Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers (5 dec) https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-339a

Beware of predatory fin(tech): Loan sharks use Android apps to reach new depths (5 dec) https://www.welivesecurity.com/en/eset-research/beware-predatory-fintech-loan-sharks-use-android-apps-reach-new-depths/

ENISA Threat Landscape for DoS Attacks (6 dec) https://www.enisa.europa.eu/publications/enisa-threat-landscape-for-dos-attacks

Whose packet is it anyway: a new RFC for attribution of internet probes (6 dec) https://isc.sans.edu/diary/rss/30456

The Case for Memory Safe Roadmaps (6 dec) https://www.cisa.gov/resources-tools/resources/case-memory-safe-roadmaps

Dieselgate, but for trains – some heavyweight hardware hacking (6 dec) https://badcyber.com/dieselgate-but-for-trains-some-heavyweight-hardware-hacking/

Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns (7 dec) https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-341a

SAMMANFATTNING TILL LEDARE OCH BESLUTSFATTARE - AI och cybersäkerhet (dec) https://www.ri.se/sites/default/files/2023-11/CfCs_Rapport_AI-cybers%C3%A4kerhet-dec-23.pdf

Yellow Yak CTF https://yellowyak.website/

CERT-SE i veckan

Flera kritiska sårbarheter i Nessus Network Monitor-komponenter (1 dec) https://www.cert.se/2023/12/flera-kritiska-sarbarheter-i-Nessus-network-monitor-komponenter.html

Kritisk sårbarhet i VMware Cloud Director Appliance (uppdaterad 4 dec) https://www.cert.se/2023/11/kritisk-sarbarhet-i-vmware-cloud-director-appliance.html

Kritisk RCE-sårbarhet i Confluence-produkter (6 dec) https://www.cert.se/2023/12/kritisk-rce-sarbarhet-i-confluence-produkter.html