CERT-SE:s veckobrev v.35

Nyheter i veckan

Data breach at French govt agency exposes info of 10 million people (25 aug)
https://www.bleepingcomputer.com/news/security/data-breach-at-french-govt-agency-exposes-info-of-10-million-people/

Sveriges skolor, universitet och forskningscenter utsätts för färre cyberattacker än i resten av världen (25 aug)
https://www.aktuellsakerhet.se/sveriges-skolor-universitet-och-forskningscenter-utsatts-for-farre-cyberattacker-an-i-resten-av-varlden/

Met Police investigating suspected data breach (28 aug)
https://www.bbc.com/news/uk-england-london-66631386

Kraftig ökning av ransomware i sommar – här är ligan som dominerar just nu (28 aug)
https://computersweden.idg.se/2.2683/1.779831/stor-okning-av-ransomware-i-sommar–har-ar-ligan-som-dominerar-just-nu

Experts Uncover How Cybercriminals Could Exploit Microsoft Entra ID for Elevated Privilege (28 aug)
https://thehackernews.com/2023/08/experts-uncover-how-cybercriminals.html

Attacks on Citrix NetScaler systems linked to ransomware actor (28 aug)
https://www.bleepingcomputer.com/news/security/attacks-on-citrix-netscaler-systems-linked-to-ransomware-actor/

Microsoft will enable Exchange Extended Protection by default this fall (28 aug)
https://www.bleepingcomputer.com/news/security/microsoft-will-enable-exchange-extended-protection-by-default-this-fall/

Manufacturing companies hit by the worst encryption rate in three years (29 aug)
https://manufacturing-today.com/news/manufacturing-companies-hit-by-the-worst-encryption-rate-in-three-years/

Hackers infiltrated Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC) for months (29 aug)
https://securityaffairs.com/150041/intelligence/japan-nisc-infiltrated.html

University of Michigan shuts down network after cyberattack (29 aug)
https://www.bleepingcomputer.com/news/security/university-of-michigan-shuts-down-network-after-cyberattack/

National Grid plots ‘honeypots’ to catch hackers as cyber attacks ramp up (29 aug)
https://www.telegraph.co.uk/business/2023/08/29/national-grid-honeypots-catch-hackers-cyber-attacks-infra/

Grave flaws in BGP Error handling (29 aug)
https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling

FBI, Partners Dismantle Qakbot Infrastructure in Multinational Cyber Takedown (29 aug)
https://www.fbi.gov/news/stories/fbi-partners-dismantle-qakbot-infrastructure-in-multinational-cyber-takedown

Qakbot botnet infrastructure shattered after international operation (30 aug)
https://www.europol.europa.eu/media-press/newsroom/news/qakbot-botnet-infrastructure-shattered-after-international-operation

Data From The Qakbot Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI (30 aug)
https://www.troyhunt.com/data-from-the-qakbot-malware-is-now-searchable-in-have-i-been-pwned-courtesy-of-the-fbi/

Montreal electricity organization latest victim in LockBit ransomware spree (30 aug)
https://therecord.media/montreal-electricity-organization-lockbit-victim

Data om 186 000 svenska pensionskunder har läckt ut (30 aug)
https://www.svt.se/nyheter/inrikes/svt-avslojar-data-om-186-000-svenska-pensionskunder-rojdes

Hackers attack 2 of the world’s most advanced telescopes, forcing shutdown (30 aug)
https://www.livescience.com/space/astronomy/hackers-attack-2-of-the-worlds-most-advanced-telescopes-forcing-shutdown

Healthcare Organizations Hit by Cyberattacks Last Year Reported Big Impact, Costs (30 aug)
https://www.securityweek.com/healthcare-organizations-hit-by-cyberattacks-last-year-reported-big-impact-costs/

Rapporter och fördjupningar

MalDoc in PDF – Detection bypass by embedding a malicious Word file into a PDF file (28 aug)
https://blogs.jpcert.or.jp/en/2023/08/maldocinpdf.html

Diving Deep into UNC4841 Operations Following Barracuda ESG Zero-Day Remediation (CVE-2023-2868) (29 aug)
https://www.mandiant.com/resources/blog/unc4841-post-barracuda-zero-day-remediation

Dive into the Deep Sea: A View of the Subsea Cable Ecosystem (31 aug)
https://www.enisa.europa.eu/news/dive-into-the-deep-sea-a-view-of-the-subsea-cable-ecosystem

Malware Analysis Report: Infamous Chisel (31 aug)
https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/infamous-chisel/NCSC-MAR-Infamous-Chisel.pdf

Informationssäkerhet och blandat

The Cheap Radio Hack That Disrupted Poland’s Railway System (27 aug)
https://www.wired.com/story/poland-train-radio-stop-attack/

Global cybercrime treaty could be ‘disastrous for human rights,’ NGOs warn (28 aug)
https://therecord.media/global-cybercrime-treaty-disastrous-rights-orgs

Trygg-Hansa tvingas betala 35 miljoner efter säkerhetsbrister (30 aug)
https://www.svt.se/nyheter/inrikes/trygg-hansa-tvingas-betala-35-miljoner-efter-sakerhetsbrister

CERT-SE i veckan

Kritisk sårbarhet i VMware Aria Operations for Networks

Vanligare med bedrägerier på ehandelssajter som använder AI

I takt med att ehandelssajter använder AI i allt större utsträckning ökar också risken för att kunderna utsätts för bedrägerier. Flera utländska ehandelssajter lurar sina kunder genom att tillåta att partners säljer falska kopior på dyra designprodukter som lampor, möbler och klockor. För konsumenten kan det vara svårt att avgöra om man köper en äkta vara. Hos Konsumentverket växer nu antalet klagomål.