CERT-SE:s veckobrev v.38

Ett matigt veckosvep med rapporter, fördjupningar och flertalet nyheter om cybersäkerhetshändelser runt om i världen. 

Vi passar även på att nämna att vi nästa vecka tjuvstartar cybersäkerhetsmånaden med att släppa CERT-SE:s årliga CTF!

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Thousands of Juniper Junos firewalls still open to hijacks, exploit code available to all (18 sep)
https://www.theregister.com/2023/09/18/juniper_firewalls_rce/

Latest evolution of ‘pig butchering’ scam lures victim into fake mining scheme (18 sep)
https://news.sophos.com/en-us/2023/09/18/latest-evolution-of-pig-butchering-scam-lures-victim-into-fake-mining-scheme/

Retool Falls Victim to SMS-Based Phishing Attack Affecting 27 Cloud Clients (18 sep)
https://thehackernews.com/2023/09/retool-falls-victim-to-sms-based.html

Financially Motivated UNC3944 Threat Actor Shifts Focus to Ransomware Attacks (18 sep)
https://thehackernews.com/2023/09/financially-motivated-unc3944-threat.html

Bumblebee malware returns in new attacks abusing WebDAV folders (18 sep)
https://www.bleepingcomputer.com/news/security/bumblebee-malware-returns-in-new-attacks-abusing-webdav-folders/#google_vignette

Kuwait’s finance ministry says cyber attack hits one of its systems (18 sep)
https://www.reuters.com/world/middle-east/kuwaits-finance-ministry-says-cyber-attack-hits-one-its-systems-2023-09-18/

Sri Lanka Government Hit by Ransomware, Loses Critical Data (18 sep)
https://techreport.com/news/sri-lanka-government-hit-by-ransomware-loses-critical-data/

Third-party ransomware attack disrupts major Colombian government agencies (18 sep)
https://www.scmagazine.com/brief/third-party-ransomware-attack-disrupts-major-colombian-government-agencies

DHS: Ransomware attackers headed for second most profitable year (18 sep)
https://therecord.media/dhs-ransomware-headed-for-second-profits

One Million Plus Dymocks Customers Impacted by Cyber Attack (18 sep)
https://australiancybersecuritymagazine.com.au/one-million-plus-dymocks-customers-impacted-by-cyber-attack/

Government to create six ”cyber shields” to layer Australian protection (18 sep)
https://www.itnews.com.au/news/government-to-create-six-cyber-shields-to-layer-australian-protection-600355

Microsoft AI Researchers Accidentally Expose 38 Terabytes of Confidential Data (19 sep)
https://thehackernews.com/2023/09/microsoft-ai-researchers-accidentally.html

More than 20,000 details ’at risk’ after police data cyber attack (19 sep)
https://www.bbc.com/news/uk-england-manchester-66843618

Chinese Spies Infected Dozens of Networks With Thumb Drive Malware (19 sep)
https://www.wired.com/story/china-usb-sogu-malware/

Unveiling the Shadows: The Dark Alliance between GuLoader and Remcos (19 sep)
https://research.checkpoint.com/2023/unveiling-the-shadows-the-dark-alliance-between-guloader-and-remcos/

Cyberattack on Kansas town affects email, phone, payment systems (19 sep)
https://therecord.media/pittsburg-kansas-government-cyberattack

Manitoba government confirms it was hacked in recent cyber attack (19 sep)
https://winnipeg.citynews.ca/2023/09/19/manitoba-government-confirms-it-was-hacked-in-recent-cyber-attack/

Hackers backdoor telecom providers with new HTTPSnoop malware (19 sep)
https://www.bleepingcomputer.com/news/security/hackers-backdoor-telecom-providers-with-new-httpsnoop-malware/

Fake CVE-2023-40477 Proof of Concept Leads to VenomRAT (19 sep)
https://unit42.paloaltonetworks.com/fake-cve-2023-40477-poc-hides-venomrat/

https://www.helpnetsecurity.com/2023/09/21/fake-winrar-poc/

Earth Lusca’s New SprySOCKS Linux Backdoor Targets Government Entities (19 sep)
https://thehackernews.com/2023/09/earth-luscas-new-sprysocks-linux.html

Finland, Europol take down PIILOPUOTI dark web marketplace (19 sep)
https://therecord.media/europol-finland-take-down-pillopuoti-dark-web-market

FBI and CISA Release Advisory on Snatch Ransomware (20 sep)
https://www.cisa.gov/news-events/alerts/2023/09/20/fbi-and-cisa-release-advisory-snatch-ransomware

International Criminal Court Suffers Cyberattack (20 sep)
https://www.darkreading.com/attacks-breaches/international-criminal-court-faces-cyber-intrusion-launches-investigation

Pizza Hut Australia hack: data breach exposes customer information and order details (20 sep)
https://www.theguardian.com/australia-news/2023/sep/20/pizza-hut-hack-australia-data-breach-passwords-information-leak

Attacks on 5G Infrastructure From Users’ Devices (20 sep)
https://www.trendmicro.com/en_us/research/23/i/attacks-on-5g-infrastructure-from-users-devices.html

Signal Messenger Introduces PQXDH Quantum-Resistant Encryption (20 sep)
https://thehackernews.com/2023/09/signal-messenger-introduces-pqxdh.html

P2PInfect botnet activity surges 600x with stealthier malware variants (20 sep)
https://www.bleepingcomputer.com/news/security/p2pinfect-botnet-activity-surges-600x-with-stealthier-malware-variants/

https://www.cadosecurity.com/cado-security-labs-researchers-witness-a-600x-increase-in-p2pinfect-traffic/

MGM Resorts computers back up after 10 days as analysts eye effects of casino cyberattacks (21 sep)
https://apnews.com/article/vegas-mgm-resorts-caesars-cyberattack-shutdown-a01b9a2606e58e702b8e872e979040cc

Cyber attack brought Elron ticketing system down Wednesday (21 sep)
https://news.err.ee/1609107212/cyber-attack-brought-elron-ticketing-system-down-wednesday

Air Canada says hackers accessed limited employee records during cyberattack (21 sep)
https://therecord.media/air-canada-limited-employee-info-accessed

Informationssäkerhet och blandat

Fostering Digital Resilience: Strategies for Building Robust Cybersecurity in an Evolving Threat Landscape (18 sep)
https://www.indrastra.com/2023/09/fostering-digital-resilience-strategies.html

FBI Tech Tuesday: Building a Digital Defense Against QR Code Scams (19 sep)
https://www.fbi.gov/contact-us/field-offices/elpaso/news/fbi-tech-tuesday-building-a-digital-defense-against-qr-code-scams

The mystery of the CVEs that are not vulnerabilities (19 sep)
https://www.malwarebytes.com/blog/news/2023/09/the-mystery-of-the-cves-that-are-not-vulnerabilities

Shadow IT: Security policies may be a problem (20 sep)
https://www.helpnetsecurity.com/2023/09/20/shadow-it-security-policies/

Have I been hacked? Cybersecurity experts share tips for protecting personal data (20 sep)
https://www.theglobeandmail.com/canada/article-cybersecurity-hacked-security-tips/

Ger nytt liv till inbyggda datorsystem (20 sep)
https://kaw.wallenberg.org/forskning/ger-nytt-liv-till-inbyggda-datorsystem

DDoS Attack Statistics and Facts You Must Know (2018-2023 Data) (21 sep)
https://techreport.com/statistics/ddos-statistics-facts/

Felaktigt mailutskick via CERT.se

Alldeles nyss såg vi ett felaktigt mailutskick från CERT.se. Företaget Autora köper upp och säljer vidare taxibilar och på något sätt har deras utskick hamnat hos en rad myndigheter och företag som prenumererar på nyhetsbrev från CERT.se.

R.A.P.S. har varit i kontakt med CERT.se som bekräftar att man arbetar med att ta reda på hur ett blixmeddelande från deras prenumerationstjänst kunnat få en helt annan avsändare.

CERT.se har anmält händelsen till IMY (Integritetsskyddsmyndigheten).

Information från CERT.se om felaktigt utskick