CERT-SE:s veckobrev v.50VeckobrevStorhelgerna närmar sig med stormsteg, men av nyhetsflödet att döma slår cybersäkerhetsvärlden inte av på takten. Veckans svep bjuder på allt från uppdateringar om angrepp, metoder och skadlig kod, till nyheter om AI och lyckosamma ingripanden mot cyberkriminella. Trevlig helg önskar CERT-SE! Nyheter i veckanKänsliga uppgifter kan ha röjts vid it-attacken mot Svenska kyrkan (8 dec) https://www.tv4.se/artikel/2nFtn2MIHSlPx89WkeAryV/kaensliga-uppgifter-kan-ha-roejts-vid-it-attacken-mot-svenska-kyrkanEasyPark dataintrång (10 dec) https://www.easypark.com/sv-se/commLaw Enforcement Reportedly Behind Takedown of BlackCat/Alphv Ransomware Website (11 dec) https://www.securityweek.com/law-enforcement-reportedly-behind-takedown-of-blackcat-alphv-ransomware-website/Silent but deadly: The rise of zero-click attacks (11 dec) https://www.welivesecurity.com/en/mobile-security/silent-but-deadly-the-rise-of-zero-click-attacks/Kelvin Security hacking group leader arrested in Spain (11 dec) https://www.bleepingcomputer.com/news/security/kelvin-security-hacking-group-leader-arrested-in-spain/Analyzing AsyncRAT’s Code Injection into aspnet_compiler.exe Across Multiple Incident Response Cases (11 dec) https://www.trendmicro.com/en_us/research/23/l/analyzing-asyncrat-code-injection-into-aspnetcompiler-exe.htmlOperation Blacksmith: Lazarus targets organizations worldwide using novel Telegram-based malware written in DLang (11 dec) https://blog.talosintelligence.com/lazarus_new_rats_dlang_and_telegram/NCSC Sverige: Från kartläggning till angrepp (11 dec) https://www.ncsc.se/aktuellt/fran-kartlaggning-till-angrepp/Security Brief: TA4557 Targets Recruiters Directly via Email (12 dec) https://www.proofpoint.com/uk/blog/threat-insight/security-brief-ta4557-targets-recruiters-directly-emailUkraine’s leading phone operator Kyivstar targeted by hacker attack (12 dec) https://kyivindependent.com/ukraines-largest-phone-operator-kyivstar-down-internet-outages-reported/ … https://www.reuters.com/technology/cybersecurity/ukraines-biggest-mobile-operator-suffers-massive-hacker-attack-statement-2023-12-12/Microsoft: Threat actors misuse OAuth applications to automate financially driven attacks (12 dec) https://www.microsoft.com/en-us/security/blog/2023/12/12/threat-actors-misuse-oauth-applications-to-automate-financially-driven-attacks/Toyota Germany Says Customer Data Stolen in Ransomware Attack (12 dec) https://www.securityweek.com/toyota-germany-confirms-personal-information-stolen-in-ransomware-attack/Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally (13 dec) https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3616384/russian-cyber-actors-are-exploiting-a-known-vulnerability-with-worldwide-impact/ … https://thehackernews.com/2023/12/russian-svr-linked-apt29-targets.htmlRouters Roasting On An Open Firewall: The KV-Botnet Investigation (13 dec) https://blog.lumen.com/routers-roasting-on-an-open-firewall-the-kv-botnet-investigation/Report: A hostage to fortune: ransomware and UK national security – Report Summary (13 dec) https://publications.parliament.uk/pa/jt5804/jtselect/jtnatsec/194/summary.html … https://www.theguardian.com/technology/2023/dec/13/uk-at-high-risk-of-catastrophic-ransomware-attack-report-saysHackers are exploiting critical Apache Struts flaw using public PoC (13 dec) https://www.bleepingcomputer.com/news/security/hackers-are-exploiting-critical-apache-struts-flaw-using-public-poc/ … https://www.trendmicro.com/en_us/research/23/l/decoding-cve-2023-50164--unveiling-the-apache-struts-file-upload.htmlNearly a million non-profit donors’ details left exposed in unsecured database (13 dec) https://www.theregister.com/2023/12/13/donorview_database_breach/French authorities arrested a Russian national for his role in the Hive ransomware operation (13 dec) https://securityaffairs.com/155815/cyber-crime/french-authorities-hive-ransomware-member.htmlMITRE, Red Balloon Security, and Narf Announce EMB3D – A Threat Model for Critical Infrastructure Embedded Devices (13 dec) https://www.mitre.org/news-insights/news-release/mitre-red-balloon-security-and-narf-announce-emb3dFakeSG campaign, Akira ransomware and AMOS macOS stealer (13 dec) https://securelist.com/crimeware-report-fkesg-akira-amos/111483/How to Analyze Malware’s Network Traffic in A Sandbox (13 dec) https://thehackernews.com/2023/12/how-to-analyze-malwares-network-traffic.htmlPress and pressure: Ransomware gangs and the media (13 dec) https://news.sophos.com/en-us/2023/12/13/press-and-pressure-ransomware-gangs-and-the-media/LockBit ransomware now poaching BlackCat, NoEscape affiliates (13 dec) https://www.bleepingcomputer.com/news/security/lockbit-ransomware-now-poaching-blackcat-noescape-affiliates/#google_vignetteMicrosoft Disrupts Cybercrime Service That Created 750 Million Fraudulent Accounts (14 dec) https://www.securityweek.com/microsoft-disrupts-cybercrime-service-that-c
