CERT-SE:s veckobrev v.32

Nyheter i veckan

Cyberattack disrupts hospital computer systems across US, hindering services (4 aug)
https://www.theguardian.com/us-news/2023/aug/04/cyberattack-us-hospitals-california

Läckta personuppgifter i UL-appen – 700 000 drabbade (4 aug)
https://www.svt.se/nyheter/lokalt/uppsala/lackta-personuppgifter-i-ul-appen-700-000-drabbade–tjfntl

Norsk säkerhetspolis: Hackers bakom hämnduppmaning (4 aug)
https://www.dn.se/varlden/norsk-sakerhetspolis-hackers-bakom-hamnduppmaning/

Gränspolisens IT-haveri löst – resenärer fick vänta i timmar (5 aug)
https://www.expressen.se/nyheter/granspolisens-it-system-har-havererat-omfattande-problem/

Polisvolontärer kan ha fått uppgifter läckta (6 aug)
https://www.svt.se/nyheter/inrikes/polisvolontarer-kan-ha-fatt-uppgifter-lackta

Intrång hos webbplats för polisvolontärer (6 aug)
https://polisen.se/aktuellt/nyheter/2023/augusti/intrang-hos-webbplats-for-polisvolontarer/

Störningar hos Halmstads stadsnät (7 aug)
https://sverigesradio.se/artikel/stora-storningar-hos-halmstads-stadsnat

Halmstad med internet igen (8 aug)
https://www.aftonbladet.se/nyheter/a/Rr77qd/aftonbladet-direkt?pinnedEntry=1155382

Electoral Commission apologises for security breach involving UK voters’ data (8 aug)
https://www.theguardian.com/technology/2023/aug/08/uk-electoral-commission-registers-targeted-by-hostile-hackers

Public notification of cyber-attack on Electoral Commission systems (8 aug)
https://www.electoralcommission.org.uk/privacy-policy/public-notification-cyber-attack-electoral-commission-systems

Northern Ireland police officers’ details exposed in ‘monumental’ breach (8 aug)
https://www.theguardian.com/uk-news/2023/aug/08/major-data-breach-involving-northern-ireland-police-officers-and-staff

Trafikverket anmäler möjlig it-läcka efter tips – återupptar nedlagd utredning (8 aug)
https://www.svt.se/nyheter/inrikes/trafikverket-anmaler-mojlig-it-lacka-aterupptar-utredning-efter-tips

Analysis: MOVEit hack spawned over 600 breaches but is not done yet -cyber analysts (8 aug)
https://www.reuters.com/technology/moveit-hack-spawned-around-600-breaches-isnt-done-yet-cyber-analysts-2023-08-08/

Notorious phishing platform shut down, arrests in international police operation (8 aug)
https://www.interpol.int/News-and-Events/News/2023/Notorious-phishing-platform-shut-down-arrests-in-international-police-operation

Rapporter och analyser

Discarded medical devices found to have troves of information on healthcare facilities (4 aug)
https://therecord.media/discarded-medical-devices-have-data

New ’Deep Learning Attack’ Deciphers Laptop Keystrokes with 95% Accuracy (7 aug)
https://thehackernews.com/2023/08/new-deep-learning-attack-deciphers.html

A Practical Deep Learning-Based Acoustic Side Channel Attack on Keyboards (2 aug)
https://arxiv.org/abs/2308.01074

New Report Reveals Increase of Unique Malware and Sudden Surge of Public Sector Attacks (8 aug)
https://blogs.blackberry.com/en/2023/08/unique-malware-public-sector-attack-surge-threat-report-aug

Understanding Active Directory Attack Paths to Improve Security (8 aug)
https://thehackernews.com/2023/08/understanding-active-directory-attack.html

Informationssäkerhet och blandat

CISA Cybersecurity Strategic Plan: Shifting the Arc of National Risk to Create a Safer Future (4 aug)
https://www.cisa.gov/news-events/news/cisa-cybersecurity-strategic-plan-shifting-arc-national-risk-create-safer-future

CISA Cybersecurity Strategic Plan 2023-2025
https://www.cisa.gov/sites/default/files/2023-08/FY2024-2026_Cybersecurity_Strategic_Plan.pdf

UK Government: Cyber-Attacks Could Kill or Maim Thousands (4 aug)
https://www.infosecurity-magazine.com/news/uk-government-cyberattacks-kill/

National Risk Register 2023 edition
https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/1175834/2023_NATIONAL_RISK_REGISTER_NRR.pdf

Datatilsynet griper inn mot Yangos overføring av personopplysninger til Russland (8 aug)
https://www.datatilsynet.no/aktuelt/aktuelle-nyheter-2023/datatilsynet-griper-inn-mot-yangos-overforing-av-personopplysninger-til-russland/

The NIST Cybersecurity Framework 2.0 (8 aug)
https://csrc.nist.gov/pubs/cswp/29/the-nist-cybersecurity-framework-20/ipd