CERT-SE:s veckobrev v.33

Veckans nyhetsbrev bjuder på blandade godbitar och ett antal fördjupande artiklar. Bland annat berättar Viasat om vad som hände förra våren när de råkade ut för en omfattande attack. Dessutom har NCSC gått ut med en save the date inför sin konferens den 5 december.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Increase in Companies Falsely Claiming an Ability to Recover Funds Lost in Cryptocurrency Investment Scams (11 aug)
https://www.ic3.gov/Media/Y2023/PSA230811

5 arrested in Poland for running bulletproof hosting service for cybercrime gangs (11 aug)
https://www.europol.europa.eu/media-press/newsroom/news/5-arrested-in-poland-for-running-bulletproof-hosting-service-for-cybercrime-gangs

US cyber body to review cloud computing safety, Microsoft breach (11 aug)
https://www.reuters.com/technology/us-cyber-safety-review-board-assess-online-intrusion-microsoft-exchange-dhs-2023-08-11/

Security News This Week: A New Attack Reveals Everything You Type With 95 Percent Accuracy (12 aug)
https://www.wired.co.uk/article/keystroke-attack-security-roundup

Knight ransomware distributed in fake Tripadvisor complaint emails (12 aug)
https://www.bleepingcomputer.com/news/security/knight-ransomware-distributed-in-fake-tripadvisor-complaint-emails/

Veilid: A secure peer-to-peer network for apps that flips off the surveillance economy (12 aug)
https://www.theregister.com/2023/08/12/veilid_privacy_data/

MaginotDNS attacks exploit weak checks for DNS cache poisoning (13 aug)
https://www.bleepingcomputer.com/news/security/maginotdns-attacks-exploit-weak-checks-for-dns-cache-poisoning/

100,000 Hackers Exposed from Top Cybercrime Forums (14 aug)
https://www.hudsonrock.com/blog/100-000-hackers-exposed-from-top-cybercrime-forums

Tonåring från Uppsala län tar på sig två stora IT-attacker (14 aug)
https://www.svt.se/nyheter/lokalt/uppsala/tonaring-fran-uppsala-lan-tar-pa-sig-tva-stora-it-attacker–7c3ffr

Evasive Phishing Campaign Steals Cloud Credentials Using Cloudflare R2 and Turnstile (14 aug)
https://www.netskope.com/blog/evasive-phishing-campaign-steals-cloud-credentials-using-cloudflare-r2-and-turnstile

Discord.io confirms breach after hacker steals data of 760K users (14 aug)
https://www.bleepingcomputer.com/news/security/discordio-confirms-breach-after-hacker-steals-data-of-760k-users/

Cyber Criminals Targeting Victims through Mobile Beta-Testing Applications (14 aug)
https://www.ic3.gov/Media/Y2023/PSA230814

Millions of Americans’ health data stolen after MOVEit hackers targeted IBM (14 aug)
https://techcrunch.com/2023/08/14/millions-americans-health-data-moveit-hackers-clop-ibm/

Most DDoS attacks tied to gaming, business disputes, FBI and prosecutors say (14 aug)
https://therecord.media/ddos-attacks-tied-to-gaming-business-disputes-fbi-says

LinkedIn Accounts Under Attack (14 aug)
https://cyberint.com/blog/research/linkedin-accounts-under-attack-how-to-protect-yourself/

Shutdown of e-mail solution following cyberattack (15 aug)
https://www.regjeringen.no/en/aktuelt/shutdown-of-e-mail-solution-following-cyberattack/id2991023/

Misstänkt rysk it-attack mot Uppsala universitet: ”Kan öka sårbarheten” (15 aug)
https://www.svt.se/nyheter/lokalt/uppsala/misstankt-rysk-it-attack-mot-uppsala-universitet-kan-oka-sarbarheten–r0kbmr

Inside the largest-ever A.I. chatbot hack fest, where hackers tried to outsmart OpenAI, Microsoft, Google (15 aug)
https://www.cnbc.com/2023/08/15/def-con-hackers-try-to-crack-chatbots-from-openai-google-microsoft.html

Suburban DC school district responds to cyberattack (15 aug)
https://therecord.media/prince-georges-county-schools-maryland-cyberattack

Överbelastningsattack på Jordbruksverket i Jönköping (15 aug)
https://www.svt.se/nyheter/lokalt/jonkoping/overbelastningsattack-pa-jordbruksverket-i-jonkoping

Toward Quantum Resilient Security Keys (15 aug)
https://security.googleblog.com/2023/08/toward-quantum-resilient-security-keys.html

Varningar för investeringsbedrägerier fortsätter öka (16 aug)
https://www.fi.se/sv/publicerat/nyheter/2023/varningar-for-investeringsbedragerier-fortsatter-oka/

Tech glitch let people with empty bank accounts withdraw hundreds in cash (16 aug)
https://arstechnica.com/information-technology/2023/08/tech-error-let-people-with-empty-bank-accounts-withdraw-hundreds-in-cash/

Angreps av Ryssland – nu berättar Viasat om attacken som slog ut internet i Ukraina (18 aug)
https://computersweden.idg.se/2.2683/1.779778/angreps-av-ryssland–nu-berattar-viasat-om-attacken-som-slog-ut-internet-i-ukraina

Informationssäkerhet och blandat

Monti Ransomware Unleashes a New Encryptor for Linux (14 aug)
https://www.trendmicro.com/en_us/research/23/h/monti-ransomware-unleashes-a-new-encryptor-for-linux.html

What’s New in the NIST Cybersecurity Framework 2.0 (14 aug)
https://www.darkreading.com/operations/whats-new-in-nist-cybersecurity-framework-2-0

Approximately 2000 Citrix NetScalers backdoored in mass-exploitation campaign (15 aug)
https://blog.fox-it.com/2023/08/15/approximately-2000-citrix-netscalers-backdoored-in-mass-exploitation-campaign/

Introducing Cloudflare’s 2023 phishing threats report (16 aug)
https://blog.cloudflare.com/2023-phishing-report/

Intel insiders go undercover revealing fresh details into NoName hacktivist operations (16 aug)
https://cybernews.com/cyber-war/new-undercover-intel-noname-russian-hacktivist-operations/

Windows feature that resets system clocks based on random data is wreaking havoc (16 aug)
https://arstechnica.com/security/2023/08/windows-feature-that-resets-system-clocks-based-on-random-data-is-wreaking-havoc/

Raccoon Stealer malware back with updated version following administrator arrest (16 aug)
https://therecord.media/raccoon-malware-back-with-updated-version

PowerHell: Active Flaws in PowerShell Gallery Expose Users to Attacks (16 aug)
https://blog.aquasec.com/powerhell-active-flaws-in-powershell-gallery-expose-users-to-attacks

CISA Publishes JCDC Remote Monitoring and Management Systems Cyber Defense Plan (16 aug)
https://www.cisa.gov/news-events/news/cisa-publishes-jcdc-remote-monitoring-and-management-systems-cyber-defense-plan

Major Energy Company Targeted in Large QR Code Campaign (16 aug)
https://cofense.com/blog/major-energy-company-targeted-in-large-qr-code-campaign/

ProxyNation: The dark nexus between proxy apps and malware (16 aug)
https://cybersecurity.att.com/blogs/labs-research/proxynation-the-dark-nexus-between-proxy-apps-and-malware

Protecting your information and data when using applications- ITSAP.40.200
https://www.cyber.gc.ca/en/protecting-your-information-and-data-when-using-applications-itsap40200

Debian Celebrates 30 years!
https://bits.debian.org/2023/08/debian-turns-30.html

Save the date: NCSC konferens 5 december 2023
https://www.ncsc.se/aktuellt/ncsc-konferens-2023/

CERT-SE i veckan

Kritisk sårbarhet i Citrix NetScaler ADC och Gateway (uppdaterad 2023-08-17)