CERT-SE:s veckobrev v.37

Denna fredag den 15 september innebär 99 dagar kvar till julafton! Strax innan jul väntas SANS släppa sin 2023 SANS Holiday Hack Challenge & KringleCon. Fram till dess går det bra att ta en titt på 2021 och 2022 års upplagor.

https://www.sans.org/mlp/holiday-hack-challenge-2023/

Nyheter i veckan

Associated Press warns that AP Stylebook data breach led to phishing attack (10 sep)
https://www.bleepingcomputer.com/news/security/associated-press-warns-that-ap-stylebook-data-breach-led-to-phishing-attack/

Square: Last week’s outage was caused by DNS issue, not a cyberattack (11 sep)
https://www.bleepingcomputer.com/news/technology/square-last-weeks-outage-was-caused-by-dns-issue-not-a-cyberattack/

Council of Europe report calls use of Pegasus spyware by several countries potentially illegal (11 sep)
https://therecord.media/council-of-europe-report-pegasus-spyware

Cyberkriminella stjäl processorkraft från svenska företag (11 sep)
https://www.aktuellsakerhet.se/cyberkriminella-stjal-processorkraft-fran-svenska-foretag/

Ransomwaregäng påstår sig ha hackat Rädda Barnen – som bekräftar intrång (12 sep)
https://computersweden.idg.se/2.2683/1.779963/cyberbrottslingar-pastar-sig-ha-kommit-at-radda-barnen

Apple backports BLASTPASS zero-day fix to older iPhones (12 sep)
https://www.bleepingcomputer.com/news/security/apple-backports-blastpass-zero-day-fix-to-older-iphones/

MGM Resorts: Slot machines go down in cyber-attack on firm (12 sep)
https://www.bbc.com/news/technology-66784894

Israeli Hospital Hit By Ransomware Attack, 1TB Data Stolen (12 sep)
https://www.darkreading.com/dr-global/israeli-hospital-hit-by-attackers-1tb-data-stolen

Microsoft Warns of New Phishing Campaign Targeting Corporations via Teams Messages (13 sep)
https://thehackernews.com/2023/09/microsoft-warns-of-new-phishing.html

Caesars Confirms Ransomware Hack, Stolen Loyalty Program Database (14 sep)
https://www.securityweek.com/caesars-confirms-ransomware-hack-stolen-loyalty-program-database/

Manchester Police officers’ data exposed in ransomware attack (14 sep)
https://www.bleepingcomputer.com/news/security/manchester-police-officers-data-exposed-in-ransomware-attack/

Cyber-attacks: the apex of crime-as-a-service (IOCTA 2023) (15 sep)
https://www.europol.europa.eu/publication-events/main-reports/cyber-attacks-apex-of-crime-service-iocta-2023

Nederländernas fotbollsförbund betalar lösensumma efter rysk cyberattack (15 sep)
https://www.dn.se/sport/nederlandernas-fotbollsforbund-betalar-losensumma-efter-rysk-cyberattack/

Informationssäkerhet och blandat

The International Criminal Court will now prosecute cyberwar crimes (8 sep)
https://arstechnica.com/information-technology/2023/09/the-international-criminal-court-will-now-prosecute-cyberwar-crimes/

Record number of cyberattacks targeting critical IT infrastructure reported to UK gov’t this year (11 sep)
https://therecord.media/uk-critical-it-infrastructure-attacks-reports-to-nis

The European Cyber Shield (12 sep)
https://cert.at/en/blog/2023/9/european-cyber-shield

Guide till säkrare containers (12 sep)
https://kryptera.se/guide-till-sakrare-containers/

5 Password Cracking Techniques Used in Cyber Attacks (13 sep)
https://www.proofpoint.com/us/blog/information-protection/password-cracking-techniques-used-in-cyber-attacks

Contextualizing Deepfake Threats to Organizations
https://media.defense.gov/2023/Sep/12/2003298925/-1/-1/0/CSI-DEEPFAKE-THREATS.PDF

CERT-SE i veckan

Sårbarhet i Cisco-produkter utnyttjas aktivt

Microsofts säkerhetsuppdateringar för september 2023

Adobes månatliga säkerhetsuppdateringar för september 2023

CERT-SE har fått förnyad certifiering från Trusted Introducer