CERT-SE:s veckobrev v.51

VECKOBREV

Storhelgerna närmar sig med stormsteg, men av nyhetsflödet att döma slår cybersäkerhetsvärlden inte av på takten. Veckans svep bjuder på allt från uppdateringar om angrepp, metoder och skadlig kod, till nyheter om AI och lyckosamma ingripanden mot cyberkriminella.

Nyheter i veckan

Känsliga uppgifter kan ha röjts vid it-attacken mot Svenska kyrkan (8 dec)https://www.tv4.se/artikel/2nFtn2MIHSlPx89WkeAryV/kaensliga-uppgifter-kan-ha-roejts-vid-it-attacken-mot-svenska-kyrkan

EasyPark dataintrång (10 dec)https://www.easypark.com/sv-se/comm

Law Enforcement Reportedly Behind Takedown of BlackCat/Alphv Ransomware Website (11 dec)https://www.securityweek.com/law-enforcement-reportedly-behind-takedown-of-blackcat-alphv-ransomware-website/

Silent but deadly: The rise of zero-click attacks (11 dec)https://www.welivesecurity.com/en/mobile-security/silent-but-deadly-the-rise-of-zero-click-attacks/

Kelvin Security hacking group leader arrested in Spain (11 dec)https://www.bleepingcomputer.com/news/security/kelvin-security-hacking-group-leader-arrested-in-spain/

Analyzing AsyncRAT’s Code Injection into aspnet_compiler.exe Across Multiple Incident Response Cases (11 dec)https://www.trendmicro.com/en_us/research/23/l/analyzing-asyncrat-code-injection-into-aspnetcompiler-exe.html

Operation Blacksmith: Lazarus targets organizations worldwide using novel Telegram-based malware written in DLang (11 dec)https://blog.talosintelligence.com/lazarus_new_rats_dlang_and_telegram/

NCSC Sverige: Från kartläggning till angrepp (11 dec)https://www.ncsc.se/aktuellt/fran-kartlaggning-till-angrepp/

Security Brief: TA4557 Targets Recruiters Directly via Email (12 dec)https://www.proofpoint.com/uk/blog/threat-insight/security-brief-ta4557-targets-recruiters-directly-email

Ukraine’s leading phone operator Kyivstar targeted by hacker attack (12 dec)https://kyivindependent.com/ukraines-largest-phone-operator-kyivstar-down-internet-outages-reported/https://www.reuters.com/technology/cybersecurity/ukraines-biggest-mobile-operator-suffers-massive-hacker-attack-statement-2023-12-12/

Microsoft: Threat actors misuse OAuth applications to automate financially driven attacks (12 dec)https://www.microsoft.com/en-us/security/blog/2023/12/12/threat-actors-misuse-oauth-applications-to-automate-financially-driven-attacks/

Toyota Germany Says Customer Data Stolen in Ransomware Attack (12 dec)https://www.securityweek.com/toyota-germany-confirms-personal-information-stolen-in-ransomware-attack/

Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally (13 dec)https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3616384/russian-cyber-actors-are-exploiting-a-known-vulnerability-with-worldwide-impact/https://thehackernews.com/2023/12/russian-svr-linked-apt29-targets.html

Routers Roasting On An Open Firewall: The KV-Botnet Investigation (13 dec)https://blog.lumen.com/routers-roasting-on-an-open-firewall-the-kv-botnet-investigation/

Report: A hostage to fortune: ransomware and UK national security – Report Summary (13 dec)https://publications.parliament.uk/pa/jt5804/jtselect/jtnatsec/194/summary.htmlhttps://www.theguardian.com/technology/2023/dec/13/uk-at-high-risk-of-catastrophic-ransomware-attack-report-says

Hackers are exploiting critical Apache Struts flaw using public PoC (13 dec)https://www.bleepingcomputer.com/news/security/hackers-are-exploiting-critical-apache-struts-flaw-using-public-poc/https://www.trendmicro.com/en_us/research/23/l/decoding-cve-2023-50164–unveiling-the-apache-struts-file-upload.html

Nearly a million non-profit donors’ details left exposed in unsecured database (13 dec)https://www.theregister.com/2023/12/13/donorview_database_breach/

French authorities arrested a Russian national for his role in the Hive ransomware operation (13 dec)https://securityaffairs.com/155815/cyber-crime/french-authorities-hive-ransomware-member.html

MITRE, Red Balloon Security, and Narf Announce EMB3D – A Threat Model for Critical Infrastructure Embedded Devices (13 dec)https://www.mitre.org/news-insights/news-release/mitre-red-balloon-security-and-narf-announce-emb3d

FakeSG campaign, Akira ransomware and AMOS macOS stealer (13 dec)https://securelist.com/crimeware-report-fkesg-akira-amos/111483/

How to Analyze Malware’s Network Traffic in A Sandbox (13 dec)https://thehackernews.com/2023/12/how-to-analyze-malwares-network-traffic.html

Press and pressure: Ransomware gangs and the media (13 dec)https://news.sophos.com/en-us/2023/12/13/press-and-pressure-ransomware-gangs-and-the-media/

LockBit ransomware now poaching BlackCat, NoEscape affiliates (13 dec)https://www.bleepingcomputer.com/news/security/lockbit-ransomware-now-poaching-blackcat-noescape-affiliates/#google_vignette

Microsoft Disrupts Cybercrime Service That Created 750 Million Fraudulent Accounts (14 dec)https://www.securityweek.com/microsoft-disrupts-cybercrime-service-that-created-750-million-fraudulent-accounts/https://blogs.microsoft.com/on-the-issues/2023/12/13/cybercrime-cybersecurity-storm-1152-fraudulent-accounts/

Experten varnar för ny nätfiskevåg – ”övervakar mejlen i veckor” (14 dec)https://computersweden.idg.se/2.2683/1.780613/experten-varnar-for-ny-natfiskevag-overvakar-mejlen-i-veckor

Svenska kyrkan i Kalmar låg steget före hackarna – var förberedda på cyberattack (15 dec)https://www.svt.se/nyheter/lokalt/smaland/svenska-kyrkan-i-kalmar-lag-steget-fore-hackarna-var-forberedda-pa-cyberattack–es3zg0

Efter cyberattacken: ”Blir mycket papper och penna” (15 dec)https://sverigesradio.se/artikel/efter-cyberattacken-blir-mycket-papper-och-penna

Ubiquiti users claim to have access to other peoples devices (14 dec)https://securityaffairs.com/155871/security/ubiquiti-wifi-products-issue.html

Experts explain why libraries can become cybercrime targets (15 dec)https://www.cbc.ca/news/canada/london/2-experts-explain-why-libraries-can-become-cybercrime-targets-1.7059002

Resecurity has uncovered a meaningful link between three major ransomware groups, BianLian, White Rabbit, and Mario Ransomware (15 dec)https://securityaffairs.com/155893/cyber-crime/bianlian-white-rabbit-mario-ransomware-joint-campaign.html

Informationssäkerhet och blandat

Årsdagen av Log4j 9 december: State of Log4j Vulnerabilities – How Much Did Log4Shell Change?https://www.veracode.com/blog/research/state-log4j-vulnerabilities-how-much-did-log4shell-change

Commission welcomes political agreement on Artificial Intelligence Act (9 dec)https://ec.europa.eu/commission/presscorner/detail/en/ip_23_6473https://www.infosecurity-magazine.com/news/eu-agreement-ai-act/

Nytt avtal: EU och USA ska dela mer information om cybersäkerhet (11 dec)https://computersweden.idg.se/2.2683/1.780588/europas-och-usas-cybersakerhetsmyndigheter-ska-dela-mer-informationhttps://digital-strategy.ec.europa.eu/sv/news/eu-and-united-states-hold-cyber-dialogue-brussels

Europol warning on the criminal use of Bluetooth trackers for geolocalisation (11 dec)https://www.europol.europa.eu/publications-events/publications/early-warning-notification-use-of-bluetooth-trackers-for-geolocation-in-organised-crime

Satsning på AI-assistenter för att spara pengar i vården (12 dec)https://www.svt.se/nyheter/inrikes/satsning-pa-ai-assistenter-for-att-spara-pengar-i-varden–vvz3zdhttps://computersweden.idg.se/2.2683/1.780608/offentliga-sektorn-far-en-egen-chat-gpt–tas-fram-av-ai-sweden

Thea och Irma Berglund lär sig etiskt hackande (12 dec)https://www.dn.se/ekonomi/thea-och-irma-lar-sig-etiskt-hackande/

NSA Releases Recommendations to Mitigate Software Supply Chain Risks (14 dec)https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3617462/nsa-releases-recommendations-to-mitigate-software-supply-chain-risks/

Latest UN Cybercrime Treaty draft a ‘significant step in the wrong direction,’ experts warn (13 dec)https://therecord.media/un-cybercrime-treaty-draft-criticizedhttps://www.scmagazine.com/brief/newest-un-cybercrime-treaty-draft-slammed

Microsoft’s Digital Crime Unit Goes Deep on How It Disrupts Cybercrime (14 dec)https://www.wired.com/story/microsoft-digital-crime-unit-2023/

Sveriges Radio P3: Artificiell intelligens 2 – den generativa revolutionen (15 dec)https://sverigesradio.se/avsnitt/artificiell-intelligens-2-den-generativa-revolutionen

World Economic Forum: Cybersecurity Futures 2030 – New Foundationshttps://www.weforum.org/publications/cybersecurity-futures-2030-new-foundations/

CERT-SE i veckan

Apache rättar kritisk sårbarhet i Apache Struts 2 (14 dec)https://cert.se/2023/12/apache-r%C3%A4ttar-kritisk-s%C3%A5rbarhet-i-apache-struts-2.html

Flera sårbarheter varav en kritisk i Fortinet-produkter (13 dec)https://cert.se/2023/12/flera-sarbarheter-varav-en-kritisk-i-fortinet-produkter.html

SAP:s månatliga säkerhetsuppdateringar för december 2023 (13 dec)https://cert.se/2023/12/sap-s-manatliga-sakerhetsuppdateringar-for-december-2023.html

Adobes månatliga säkerhetsuppdateringar för december 2023 (13 dec)https://cert.se/2023/12/adobes-manatliga-sakerhetsuppdateringar-for-december-2023.html

Microsofts månatliga säkerhetsuppdateringar för december 2023 (13 dec)https://cert.se/2023/12/microsofts-manatliga-sakerhetsuppdateringar-for-december-2023.html

CERT-SE:s veckobrev v.50

Vi vill vara tydliga med att CERT-SE:s nyhetsbrev produceras av CERT.se som ligger under Myndigheten för Samhällsskydd och Beredskap (MSB).

VECKOBREV

Storhelgerna närmar sig med stormsteg, men av nyhetsflödet att döma slår cybersäkerhetsvärlden inte av på takten. Veckans svep bjuder på allt från uppdateringar om angrepp, metoder och skadlig kod, till nyheter om AI och lyckosamma ingripanden mot cyberkriminella.

Nyheter i veckan

Känsliga uppgifter kan ha röjts vid it-attacken mot Svenska kyrkan (8 dec)https://www.tv4.se/artikel/2nFtn2MIHSlPx89WkeAryV/kaensliga-uppgifter-kan-ha-roejts-vid-it-attacken-mot-svenska-kyrkan

EasyPark dataintrång (10 dec)https://www.easypark.com/sv-se/comm

Law Enforcement Reportedly Behind Takedown of BlackCat/Alphv Ransomware Website (11 dec)https://www.securityweek.com/law-enforcement-reportedly-behind-takedown-of-blackcat-alphv-ransomware-website/

Silent but deadly: The rise of zero-click attacks (11 dec)https://www.welivesecurity.com/en/mobile-security/silent-but-deadly-the-rise-of-zero-click-attacks/

Kelvin Security hacking group leader arrested in Spain (11 dec)https://www.bleepingcomputer.com/news/security/kelvin-security-hacking-group-leader-arrested-in-spain/

Analyzing AsyncRAT’s Code Injection into aspnet_compiler.exe Across Multiple Incident Response Cases (11 dec)https://www.trendmicro.com/en_us/research/23/l/analyzing-asyncrat-code-injection-into-aspnetcompiler-exe.html

Operation Blacksmith: Lazarus targets organizations worldwide using novel Telegram-based malware written in DLang (11 dec)https://blog.talosintelligence.com/lazarus_new_rats_dlang_and_telegram/

NCSC Sverige: Från kartläggning till angrepp (11 dec)https://www.ncsc.se/aktuellt/fran-kartlaggning-till-angrepp/

Security Brief: TA4557 Targets Recruiters Directly via Email (12 dec)https://www.proofpoint.com/uk/blog/threat-insight/security-brief-ta4557-targets-recruiters-directly-email

Ukraine’s leading phone operator Kyivstar targeted by hacker attack (12 dec)https://kyivindependent.com/ukraines-largest-phone-operator-kyivstar-down-internet-outages-reported/https://www.reuters.com/technology/cybersecurity/ukraines-biggest-mobile-operator-suffers-massive-hacker-attack-statement-2023-12-12/

Microsoft: Threat actors misuse OAuth applications to automate financially driven attacks (12 dec)https://www.microsoft.com/en-us/security/blog/2023/12/12/threat-actors-misuse-oauth-applications-to-automate-financially-driven-attacks/

Toyota Germany Says Customer Data Stolen in Ransomware Attack (12 dec)https://www.securityweek.com/toyota-germany-confirms-personal-information-stolen-in-ransomware-attack/

Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally (13 dec)https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3616384/russian-cyber-actors-are-exploiting-a-known-vulnerability-with-worldwide-impact/https://thehackernews.com/2023/12/russian-svr-linked-apt29-targets.html

Routers Roasting On An Open Firewall: The KV-Botnet Investigation (13 dec)https://blog.lumen.com/routers-roasting-on-an-open-firewall-the-kv-botnet-investigation/

Report: A hostage to fortune: ransomware and UK national security – Report Summary (13 dec)https://publications.parliament.uk/pa/jt5804/jtselect/jtnatsec/194/summary.htmlhttps://www.theguardian.com/technology/2023/dec/13/uk-at-high-risk-of-catastrophic-ransomware-attack-report-says

Hackers are exploiting critical Apache Struts flaw using public PoC (13 dec)https://www.bleepingcomputer.com/news/security/hackers-are-exploiting-critical-apache-struts-flaw-using-public-poc/https://www.trendmicro.com/en_us/research/23/l/decoding-cve-2023-50164–unveiling-the-apache-struts-file-upload.html

Nearly a million non-profit donors’ details left exposed in unsecured database (13 dec)https://www.theregister.com/2023/12/13/donorview_database_breach/

French authorities arrested a Russian national for his role in the Hive ransomware operation (13 dec)https://securityaffairs.com/155815/cyber-crime/french-authorities-hive-ransomware-member.html

MITRE, Red Balloon Security, and Narf Announce EMB3D – A Threat Model for Critical Infrastructure Embedded Devices (13 dec)https://www.mitre.org/news-insights/news-release/mitre-red-balloon-security-and-narf-announce-emb3d

FakeSG campaign, Akira ransomware and AMOS macOS stealer (13 dec)https://securelist.com/crimeware-report-fkesg-akira-amos/111483/

How to Analyze Malware’s Network Traffic in A Sandbox (13 dec)https://thehackernews.com/2023/12/how-to-analyze-malwares-network-traffic.html

Press and pressure: Ransomware gangs and the media (13 dec)https://news.sophos.com/en-us/2023/12/13/press-and-pressure-ransomware-gangs-and-the-media/

LockBit ransomware now poaching BlackCat, NoEscape affiliates (13 dec)https://www.bleepingcomputer.com/news/security/lockbit-ransomware-now-poaching-blackcat-noescape-affiliates/#google_vignette

Microsoft Disrupts Cybercrime Service That Created 750 Million Fraudulent Accounts (14 dec)https://www.securityweek.com/microsoft-disrupts-cybercrime-service-that-created-750-million-fraudulent-accounts/https://blogs.microsoft.com/on-the-issues/2023/12/13/cybercrime-cybersecurity-storm-1152-fraudulent-accounts/

Experten varnar för ny nätfiskevåg – ”övervakar mejlen i veckor” (14 dec)https://computersweden.idg.se/2.2683/1.780613/experten-varnar-for-ny-natfiskevag-overvakar-mejlen-i-veckor

Svenska kyrkan i Kalmar låg steget före hackarna – var förberedda på cyberattack (15 dec)https://www.svt.se/nyheter/lokalt/smaland/svenska-kyrkan-i-kalmar-lag-steget-fore-hackarna-var-forberedda-pa-cyberattack–es3zg0

Efter cyberattacken: ”Blir mycket papper och penna” (15 dec)https://sverigesradio.se/artikel/efter-cyberattacken-blir-mycket-papper-och-penna

Ubiquiti users claim to have access to other peoples devices (14 dec)https://securityaffairs.com/155871/security/ubiquiti-wifi-products-issue.html

Experts explain why libraries can become cybercrime targets (15 dec)https://www.cbc.ca/news/canada/london/2-experts-explain-why-libraries-can-become-cybercrime-targets-1.7059002

Resecurity has uncovered a meaningful link between three major ransomware groups, BianLian, White Rabbit, and Mario Ransomware (15 dec)https://securityaffairs.com/155893/cyber-crime/bianlian-white-rabbit-mario-ransomware-joint-campaign.html

Informationssäkerhet och blandat

Årsdagen av Log4j 9 december: State of Log4j Vulnerabilities – How Much Did Log4Shell Change?https://www.veracode.com/blog/research/state-log4j-vulnerabilities-how-much-did-log4shell-change

Commission welcomes political agreement on Artificial Intelligence Act (9 dec)https://ec.europa.eu/commission/presscorner/detail/en/ip_23_6473https://www.infosecurity-magazine.com/news/eu-agreement-ai-act/

Nytt avtal: EU och USA ska dela mer information om cybersäkerhet (11 dec)https://computersweden.idg.se/2.2683/1.780588/europas-och-usas-cybersakerhetsmyndigheter-ska-dela-mer-informationhttps://digital-strategy.ec.europa.eu/sv/news/eu-and-united-states-hold-cyber-dialogue-brussels

Europol warning on the criminal use of Bluetooth trackers for geolocalisation (11 dec)https://www.europol.europa.eu/publications-events/publications/early-warning-notification-use-of-bluetooth-trackers-for-geolocation-in-organised-crime

Satsning på AI-assistenter för att spara pengar i vården (12 dec)https://www.svt.se/nyheter/inrikes/satsning-pa-ai-assistenter-for-att-spara-pengar-i-varden–vvz3zdhttps://computersweden.idg.se/2.2683/1.780608/offentliga-sektorn-far-en-egen-chat-gpt–tas-fram-av-ai-sweden

Thea och Irma Berglund lär sig etiskt hackande (12 dec)https://www.dn.se/ekonomi/thea-och-irma-lar-sig-etiskt-hackande/

NSA Releases Recommendations to Mitigate Software Supply Chain Risks (14 dec)https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3617462/nsa-releases-recommendations-to-mitigate-software-supply-chain-risks/

Latest UN Cybercrime Treaty draft a ‘significant step in the wrong direction,’ experts warn (13 dec)https://therecord.media/un-cybercrime-treaty-draft-criticizedhttps://www.scmagazine.com/brief/newest-un-cybercrime-treaty-draft-slammed

Microsoft’s Digital Crime Unit Goes Deep on How It Disrupts Cybercrime (14 dec)https://www.wired.com/story/microsoft-digital-crime-unit-2023/

Sveriges Radio P3: Artificiell intelligens 2 – den generativa revolutionen (15 dec)https://sverigesradio.se/avsnitt/artificiell-intelligens-2-den-generativa-revolutionen

World Economic Forum: Cybersecurity Futures 2030 – New Foundationshttps://www.weforum.org/publications/cybersecurity-futures-2030-new-foundations/

CERT-SE i veckan

Apache rättar kritisk sårbarhet i Apache Struts 2 (14 dec)https://cert.se/2023/12/apache-r%C3%A4ttar-kritisk-s%C3%A5rbarhet-i-apache-struts-2.html

Flera sårbarheter varav en kritisk i Fortinet-produkter (13 dec)https://cert.se/2023/12/flera-sarbarheter-varav-en-kritisk-i-fortinet-produkter.html

SAP:s månatliga säkerhetsuppdateringar för december 2023 (13 dec)https://cert.se/2023/12/sap-s-manatliga-sakerhetsuppdateringar-for-december-2023.html

Adobes månatliga säkerhetsuppdateringar för december 2023 (13 dec)https://cert.se/2023/12/adobes-manatliga-sakerhetsuppdateringar-for-december-2023.html

Microsofts månatliga säkerhetsuppdateringar för december 2023 (13 dec)https://cert.se/2023/12/microsofts-manatliga-sakerhetsuppdateringar-for-december-2023.html

Threads till Europa och Sverige

Meta-koncernen har idag lanserat Twitterutmanaren (X) Threads i Europa. Plattformen kommer också att vara tillgänglig i Sverige. Threads har flera likheter med X-plattformen.

Threads ska enligt Meta tillgodose Europeiska krav på skydd av personuppgifter enligt GDPR.

Raps News finns förstås på denna plattform f o m idag.

CERT-SE:s veckobrev v.49

VECKOBREV

Lagom till andra advent kommer här ett fylligt veckobrev från CERT-SE. Flera artiklar berör olika aspekter av AI, intrång och läckor, och det rapporteras fortsatt om cyberangreppet mot Svenska kyrkan. Det blir även ett par historiska tillbakablickar och för den som är sugen på pyssel finns en CTF från Yellow Yak.

Nyheter i veckan

Många tar på sig it-attacken – pressar kyrkan på pengar (30 nov)https://sverigesradio.se/artikel/svenska-kyrkan-utpressas-av-flera-aktorer..
Kyrkan kan inte betala räkningar – efter it-attacken (1 dec)https://sverigesradio.se/artikel/anstallda-kan-bli-utan-lon-efter-attack..
It-attacken påverkar gravsättningar i Göteborg (4 dec)https://omni.se/it-attacken-paverkar-gravsattningar-i-goteborg/a/APKGl5..
Stora problem efter cyberattack mot Svenska kyrkan (6 dec)https://www.svt.se/nyheter/lokalt/helsingborg/stora-problem-efter-cyberattack-mot-svenska-kyrkan–wv2vhq

Sellafield nuclear site hacked by groups linked to Russia and China (4 dec)https://www.theguardian.com/business/2023/dec/04/sellafield-nuclear-site-hacked-groups-russia-china

Russian Hacker Vladimir Dunaev Pleads Guilty for Creating TrickBot Malware (2 dec)https://thehackernews.com/2023/12/russian-hacker-vladimir-dunaev.html

Microsoft Warns of Malvertising Scheme Spreading CACTUS Ransomware (4 dec)https://thehackernews.com/2023/12/microsoft-warns-of-malvertising-scheme.html

Cyberangrep i høytiden – NSM anbefaler virksomheter å gjøre gode juleforberedelser (4 dec)https://nsm.no/aktuelt/cyberangrep-i-hoytiden-nsm-anbefaler-virksomheter-a-gjore-gode-juleforberedelser

Rhysida ransomware gang hits hospital holding royal family’s data (4 dec)https://www.computerweekly.com/news/366561917/Rhysida-ransomware-gang-hits-hospital-holding-royal-familys-data

Meta AI Models Cracked Open With Exposed API Tokens (4 dec)https://www.darkreading.com/vulnerabilities-threats/meta-ai-models-cracked-open-exposed-api-tokens

What it means — CitrixBleed ransomware group woes grow as over 60 credit unions, hospitals, financial services and more breached in US. (4 dec)https://doublepulsar.com/what-it-means-citrixbleed-ransom-group-woes-grow-as-over-60-credit-unions-hospitals-47766a091d4f

Threat Spotlight: Phishing emails using Adobe InDesign on the rise (4 dec)https://blog.barracuda.com/2023/12/04/threat-spotlight-phishing-emails-adobe-indesign

23andMe confirms hackers stole ancestry data on 6.9 million users (4 dec)https://techcrunch.com/2023/12/04/23andme-confirms-hackers-stole-ancestry-data-on-6-9-million-users/

Supply-chain ransomware attack causes outages at over 60 credit unions (4 dec)https://www.tripwire.com/state-of-security/supply-chain-ransomware-attack-causes-outages-over-60-credit-unions

BlackCat ransomware crims threaten to directly extort victim’s customers (5 dec)https://www.theregister.com/2023/12/05/alphvblackcat_shakes_up_tactics_again/

Your car is probably harvesting your data. Here’s how you can wipe it (5 dec)https://therecord.media/car-data-privacy-service-wiping

Frankrike förbjuder ministrar att använda Whatsapp, Telegram och Signal (5 dec)https://computersweden.idg.se/2.2683/1.780553/frankrike-forbjuder-ministrar-att-anvanda-whatsapp-och-signal

Inte längre tillåtet att be Chat GPT repetera ord (5 dec)https://omni.se/inte-langre-tillatet-att-be-chat-gpt-repetera-ord/a/mQmz5E

Riskerna med AI – tre olika generationer (5 dec)https://www.svt.se/nyheter/vetenskap/riskerna-med-ai-tre-olika-generationer–k2xphu

North Korea hackers may have stolen data on laser weapon -police (6 dec)https://www.reuters.com/technology/cybersecurity/north-korea-hackers-may-have-stolen-data-laser-weapon-police-2023-12-06/

Russian spies targeting UK MPs and media with ‘cyber interference’ (7 dec)https://www.theguardian.com/politics/2023/dec/07/russian-spies-targeting-uk-mps-and-media-with-cyber-interference

Talks on EU’s AI Act to resume Friday after marathon debate (7 dec)https://www.reuters.com/technology/eu-still-hammering-out-landmark-ai-rules-marathon-overnight-talks-2023-12-07/

Nasjonal sikkerhetsmyndighet (NSM) har inngått ulovlig låneavtale på 200 millioner kroner (8 dec)https://www.regjeringen.no/no/aktuelt/nasjonal-sikkerhetsmyndighet-nsm-har-inngatt-ulovlig-laneavtale-pa-200-millioner-kroner/id3017665/

Informationssäkerhet och blandat

Cyberresiliensakten: överenskommelse mellan rådet och parlamentet om säkerhetskrav för digitala produkter (30 nov)https://www.consilium.europa.eu/sv/press/press-releases/2023/11/30/cyber-resilience-act-council-and-parliament-strike-a-deal-on-security-requirements-for-digital-products/

40 years of Turbo Pascal, the coding dinosaur that revolutionized IDEs (4 dec)https://www.theregister.com/2023/12/04/40_years_of_turbo_pascal/

USB-C For Hackers: Program Your Own PSU (4 dec)https://hackaday.com/2023/12/04/usb-c-for-hackers-program-your-own-psu/

A Decade of Have I Been Pwned (4 dec)https://www.troyhunt.com/a-decade-of-have-i-been-pwned/

SQL Brute Force Leads to BlueSky Ransomware (4 dec)https://thedfirreport.com/2023/12/04/sql-brute-force-leads-to-bluesky-ransomware/

P2Pinfect – New Variant Targets MIPS Devices (4 dec)https://www.cadosecurity.com/p2pinfect-new-variant-targets-mips-devices/

By the same token: How adversaries infiltrate AWS cloud accounts (5 dec)https://redcanary.com/blog/aws-sts/

Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers (5 dec)https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-339a

Beware of predatory fin(tech): Loan sharks use Android apps to reach new depths (5 dec)https://www.welivesecurity.com/en/eset-research/beware-predatory-fintech-loan-sharks-use-android-apps-reach-new-depths/

ENISA Threat Landscape for DoS Attacks (6 dec)https://www.enisa.europa.eu/publications/enisa-threat-landscape-for-dos-attacks

Whose packet is it anyway: a new RFC for attribution of internet probes (6 dec)https://isc.sans.edu/diary/rss/30456

The Case for Memory Safe Roadmaps (6 dec)https://www.cisa.gov/resources-tools/resources/case-memory-safe-roadmaps

Dieselgate, but for trains – some heavyweight hardware hacking (6 dec)https://badcyber.com/dieselgate-but-for-trains-some-heavyweight-hardware-hacking/

Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns (7 dec)https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-341a

SAMMANFATTNING TILL LEDARE OCH BESLUTSFATTARE – AI och cybersäkerhet (dec)https://www.ri.se/sites/default/files/2023-11/CfCs_Rapport_AI-cybers%C3%A4kerhet-dec-23.pdf

Yellow Yak CTFhttps://yellowyak.website/

CERT-SE i veckan

Flera kritiska sårbarheter i Nessus Network Monitor-komponenter (1 dec)https://www.cert.se/2023/12/flera-kritiska-sarbarheter-i-Nessus-network-monitor-komponenter.html

Kritisk sårbarhet i VMware Cloud Director Appliance (uppdaterad 4 dec)https://www.cert.se/2023/11/kritisk-sarbarhet-i-vmware-cloud-director-appliance.html

Kritisk RCE-sårbarhet i Confluence-produkter (6 dec)https://www.cert.se/2023/12/kritisk-rce-sarbarhet-i-confluence-produkter.html

Svag statlig styrning av SOS Alarm

Riksrevisionen har i en revisionsrapport granskat hur SOS Alarm leds och styrs. Verksamheten är lagd i ett bolag som till lika delar ägs av staten och Sveriges Kommuner och Regioner (SKR). Ägarkonstellationen har varit föremål för diskussion ända sedan SOS Alarm bildades. Men på det stora hela har denna samhällsviktiga tjänst löst uppdraget. På senare år har SOS Alarm, som också ansvarar för larmnumret 112 fått allt svårare att leverera samhällsuppdraget med de krav som beställaren, ytterst allmänheten, ställer på verksamheten.

SOS Alarm har de senaste tio åren misslyckats med att svara på larmnumret 112 inom de 8 sekunder som ställs som krav i avtalet mellan staten och bolaget. Man har förklarat de allt längre svarstiderna med det återkommande semesterperioderna, långhelgerna och svårigheter med att rekrytera personal. Men det biter inte på Riksrevisionen som menar att semestrar och långhelger är förutsebara. Det kan rimligen inte förklara de alltför långa svarstiderna.

SOS Alarms nytillträdda Vd menar att man under 2023 kommit till rätta med svarstiderna för larmnumret 112. Ett förändringsresa pågår där målet är att kvaliteten i de tjänster som SOS Alarm levererar ska motsvarar de krav som beställaren d v s staten ställer på bolaget.

EU varnar för terrorattentat inför storhelgerna

Storhelger som den stundande jul- och nyårshelgen lockar ofta terrorister att utföra terrorattentat. Under gårdagen har EU-kommissionären Ylva Johansson varnat för att det är en hög sannolikhet för terrorattacker. Hon hänvisar till kriget mellan Hamas och Israel men också på en ökad islamofobi och antisemitism i samhället. Polariseringen är tydlig och har kanske aldrig varit så påtaglig som nu.

Även Säkerhetspolisen (SÄPO) ser ett alltmer försämrat säkerhetsläge där julhandeln kan vara ett potentiellt mål för terrorister. Precis som EU ser man en högre aktivitet bland våldsbejakande extermmiljöerna där kriget i Gaza motiverar allt fler till att gå från ord till handling.

Magnus Ranstorp menar dock att risken för att den enskilde ska hamna i ett terrorattentat är mycket liten. Han menar att man ska vara uppmärksam på sådant som avviker från normalbilden men i övrigt leva som vanligt.

Sverige har sedan i höstas höjt terrorhotnivån till en fyra på den femgradiga skalan. Säpos bedömning är att man kommer att ligga kvar på den nivån under överskådlig tid.

Flera kritiska sårbarheter i Nessus Network Monitor-komponenter

Publicerad av CERT 2023-12-01

SÅRBARHETNESSUS NETWORK MONITOR

Tenable har släppt en ny verions av Nessus Network Monitor. I version 6.3.1 är kritiska säkerhetsbrister i tredjepartskomponenterna HandlebarsJS, OpenSSL och jquery-file-upload lagade [1].

Påverkade produkter

Nessus Network Monitor 6.3.0 och tidigare

I Nessus Network Monitor 6.3.1 uppdateras HandlebarsJS till version 4.7.8, OpenSSL till version 3.0.12 och jquery-file-upload till version 10.8.0.

Rekommendationer

CERT-SE rekommenderar att uppdatera sårbara produkter snarast.

Källor

[1] https://www.tenable.com/security/tns-2023-43

CERT-SE:s veckobrev v.48

VECKOBREV

Det har varit en händelserik vecka i cybervärlden. Här kommer ett urval av CERT-SE:s omvärldsbevakning samt en cyberutmaning till adventsmyset.

Nyheter i veckan

ESET Research dives into the onboarding and scamming processes of Telekopye online fraudsters (23 nov)https://www.eset.com/int/about/newsroom/press-releases/research/eset-research-dives-into-the-onboarding-and-scamming-processes-of-telekopye-online-fraudsters/

Bekräftat: Ransomware-attack mot Svenska kyrkan (24 nov)https://www.kyrkanstidning.se/nyhet/allvarlig-it-storning-pa-svenska-kyrkans-webbplats..
Cyberangrepp mot Svenska kyrkan (23 nov)https://via.tt.se/pressmeddelande/3393640/cyberangrepp-mot-svenska-kyrkan

Legal tech firm investigating cyberattack that could scupper sales (24 nov)https://www.estateagenttoday.co.uk/breaking-news/2023/11/legal-tech-firm-investigating-cyberattack-that-could-scupper-sales

UK police plan national roll-out of facial-recognition phone app (24 nov)https://www.computerweekly.com/news/366560813/UK-police-plan-national-roll-out-of-facial-recognition-phone-app

Hackers Hijack Industrial Control System at US Water Utility (27 nov)https://www.securityweek.com/hackers-hijack-industrial-control-system-at-us-water-utility/..
Water Utility Control System Cyber Incident Advisory: ICS/SCADA Incident at Municipal Water Authority of Aliquippa (27 nov)https://www.waterisac.org/portal/tlpclear-water-utility-control-system-cyber-incident-advisory-icsscada-incident-municipal..
Exploitation of Unitronics PLCs used in Water and Wastewater Systems (28 nov)https://www.cisa.gov/news-events/alerts/2023/11/28/exploitation-unitronics-plcs-used-water-and-wastewater-systems

Ardent hospital ERs disrupted in 6 states after ransomware attack (27 nov)https://www.bleepingcomputer.com/news/security/ardent-hospital-ers-disrupted-in-6-states-after-ransomware-attack/..
Capital Health | Information Technology Security Incidenthttps://www.capitalhealth.org/information-technology-security-incident

Slovenia’s largest power provider HSE hit by ransomware attack (27 nov)https://www.bleepingcomputer.com/news/security/slovenias-largest-power-provider-hse-hit-by-ransomware-attack/

Cyberattack on Japan firm managing Line app was ‘supply chain attack’ targeting weakness (28 nov)https://mainichi.jp/english/articles/20231128/p2a/00m/0bu/023000c

Joint Cyberspace Command participates in execise Cyber Coalition 2023 (28 nov)https://emad.defensa.gob.es/en/prensa/noticias/2023/11/Listado/231128-ni-ciber-mcce-em.html

New BLUFFS attack lets attackers hijack Bluetooth connections (28 nov)https://www.bleepingcomputer.com/news/security/new-bluffs-attack-lets-attackers-hijack-bluetooth-connections/

Felsökning kring journalsystemet TakeCare fortsätter (29 nov)https://www.regionstockholm.se/verksamhet/halsa-och-vard/nyheter-halsa-och-vard/2023/11/felsokning-kring-journalsystemet-takecare-fortsatter/

Japan’s space agency hit by cyberattack (29 nov)https://therecord.media/japan-space-agency-cyberattack

Okta says hackers stole data for all customer support users in cyber breach (29 nov)https://www.reuters.com/technology/cybersecurity/okta-says-hackers-stole-data-all-customer-support-users-cyber-breach-2023-11-29/..
Okta | October Customer Support Security Incident – Update and Recommended Actions (29 nov)https://sec.okta.com/harfiles

Behind the Attack: LUMMA Malware (29 nov)https://perception-point.io/blog/behind-the-attack-lumma-malware/

Zoom Vulnerability Allowed Hackers to Take Over Meetings, Steal Data (29 nov)https://www.hackread.com/zoom-vulnerability-hackers-hijack-meetings-data/

Cybersäkerhetscentrets veckoöversikt – 47/2023 (29 nov)https://www.kyberturvallisuuskeskus.fi/sv/aktuellt/cybersakerhetscentrets-veckooversikt-472023

Promon discovers new Android banking malware, “FjordPhantom” (30 nov)https://promon.co/security-news/fjordphantom-android-malware/

RedLine Stealer Malware Deployed Via ScrubCrypt Evasion Tool (30 nov)https://www.infosecurity-magazine.com/news/redline-stealer-malware-scrubcrypt/

CACTUS Ransomware Exploits Qlik Sense Vulnerabilities in Targeted Attacks (30 nov)https://thehackernews.com/2023/11/cactus-ransomware-exploits-qlik-sense.html

Informationssäkerhet och blandat

DHS CISA and UK NCSC Release Joint Guidelines for Secure AI System Development (26 nov)https://www.cisa.gov/news-events/news/dhs-cisa-and-uk-ncsc-release-joint-guidelines-secure-ai-system-development..
Roadmap for AIhttps://www.cisa.gov/resources-tools/resources/roadmap-ai..
Guidelines for secure AI system development (27 nov)https://www.ncsc.gov.uk/collection/guidelines-secure-ai-system-development..
4 key takeaways from new global AI security guidelines (27 nov)https://www.scmagazine.com/news/4-key-takeaways-from-new-global-ai-security-guidelines

Women in Cybersecurity: Breaking Barriers & Shaping Futures (27 nov)https://techround.co.uk/startups/women-cybersecurity-breaking-barriers-shaping-future/

Digg och IMY publicerar vägledning om dataskydd och innovation (27 nov)https://www.imy.se/nyheter/digg-och-imy-publicerar-vagledning-om-dataskydd-och-innovation/

Digital car keys are here. Are we ready? (27 nov)https://www.theverge.com/23970875/digital-car-key-iphone-unlock-start-ccc-standard

‘Tis the season to be wary: 12 steps to ruin a cybercriminal’s day (27 nov)https://www.welivesecurity.com/en/scams/tis-season-wary-ruin-cybercriminals-day/

Försvarsmakten bygger ut cyberförsvar: ”Blivit högre intresse” (28 nov)https://sverigesradio.se/artikel/forsvaret-behover-fler-cyberkunniga

International collaboration leads to dismantlement of ransomware group in Ukraine amidst ongoing war (28 nov)https://www.europol.europa.eu/media-press/newsroom/news/international-collaboration-leads-to-dismantlement-of-ransomware-group-in-ukraine-amidst-ongoing-war

Stort säkerhetsfokus i Kil efter it-attack mot grannkommunen (29 nov)https://www.voister.se/artikel/2023/11/stort-sakerhetsfokus-i-kil-efter-it-attack-mot-grannkommunen

CISA Announces Secure by Design Alert Series: How Vendor Decisions Can Reduce Harm at a Global Scale (29 nov)https://www.cisa.gov/news-events/news/cisa-announces-secure-design-alert-series-how-vendor-decisions-can-reduce-harm-global-scale..
Secure by Design Alert: How Software Manufacturers Can Shield Web Management Interfaces From Malicious Cyber Activity (29 nov)https://www.cisa.gov/resources-tools/resources/secure-design-alert-how-software-manufacturers-can-shield-web-management-interfaces-malicious-cyber

Black Basta ransomware victims have paid over $100 million (29 nov)https://www.elliptic.co/blog/black-basta-ransomware-victims-have-paid-over-100-million

Five Cybersecurity Predictions for 2024 (29 nov)https://www.securityweek.com/five-cybersecurity-predictions-for-2024/

How AI Is Shaping Malware Analysis (29 nov)https://blog.virustotal.com/2023/11/how-ai-is-shaping-malware-analysis.html

AI: The new puppet master behind cyberattacks (30 nov)https://www.scmagazine.com/perspective/ai-the-new-puppetmaster-behind-cyberattacks

2023 SANS Holiday Hack Challenge & KringleConhttps://www.sans.org/mlp/holiday-hack-challenge-2023/

CERT-SE i veckan

Flera kritiska sårbarheter i Zyxels NAS-produkter (1 dec)https://www.cert.se/2023/12/flera-kritiska-sarbarheter-i-zyxels-nas-produkter.html