CERT-SE:s veckobrev v.49

VECKOBREV

I veckan har ENISA släppt 2024 Report on the state of Cybersecurity in the Union. Rekommenderad läsning!

Trevlig andra advent önskar CERT-SE.

Nyheter i veckan

Ransom gang claims attack on NHS Alder Hey Children’s Hospital (29 nov)https://www.theregister.com/2024/11/29/inc_ransom_alder_hey_childrens_hospital

Novel phishing campaign uses corrupted Word documents to evade security (1 dec)https://www.bleepingcomputer.com/news/security/novel-phising-campaign-uses-corrupted-word-documents-to-evade-security/

INTERPOL Arrests 5,500 in Global Cybercrime Crackdown, Seizes Over $400 Million (2 dec)https://thehackernews.com/2024/12/interpol-arrests-5500-in-global.html

Former Polish spy chief arrested to testify before parliament in spyware probe (2 dec)https://therecord.media/poland-former-spy-chief-testifies-pegasus-spyware

Microsoft 365 credentials stolen via adversary-in-the-middle campaign (2 dec)https://www.scworld.com/news/microsoft-365-credentials-stolen-via-adversary-in-the-middle-campaign

Energy industry contractor says ransomware attack has limited access to IT systems (3 dec)https://therecord.media/energy-industry-contractor-ransomware-disruption

Data on 760K workers from Xerox, Nokia, BofA, Morgan Stanley and more dumped online (3 dec)https://www.theregister.com/2024/12/03/760k_xerox_nokia_bofa_morgan/

Corrupted Microsoft Word files used to launch phishing attacks (3 dec)https://www.techradar.com/pro/security/corrupted-microsoft-word-files-used-to-launch-phishing-attacks

No company too small for Phobos ransomware gang, indictment reveals (4 dec)https://www.malwarebytes.com/blog/news/2024/12/no-company-too-small-for-phobos-ransomware-gang-indictment-reveals

Rapporter och analyser

Top 10 Cyber-Attacks of 2024 (2 dec)https://www.infosecurity-magazine.com/news-features/top-cyber-attacks-2024/

Why OT environments are vulnerable – and what to do about it (2 dec)https://www.scworld.com/perspective/why-ot-environments-are-vulnerable-and-what-to-do-about-it

The cybersecurity landscape in 2025: Key trends and strategic shifts (3 dec)https://securitybrief.co.nz/story/the-cybersecurity-landscape-in-2025-key-trends-and-strategic-shifts

NCSC publishes Annual Review 2024 (3 dec)https://www.techuk.org/resource/ncsc-publishes-annual-review-2024.html

Why Phishers Love New TLDs Like .shop, .top and .xyz (3 dec)https://krebsonsecurity.com/2024/12/why-phishers-love-new-tlds-like-shop-top-and-xyz/

EU’s first ever report on the state of cybersecurity in the Union (3 dec)https://www.enisa.europa.eu/news/eus-first-ever-report-on-the-state-of-cybersecurity-in-the-union

FTC Takes Action Against Gravy Analytics, Venntel for Unlawfully Selling Location Data Tracking Consumers to Sensitive Sites (3 dec)https://www.ftc.gov/news-events/news/press-releases/2024/12/ftc-takes-action-against-gravy-analytics-venntel-unlawfully-selling-location-data-tracking-consumers

Gafgyt Malware Broadens Its Scope in Recent Attacks (3 dec)https://www.trendmicro.com/en_us/research/24/l/gafgyt-malware-targeting-docker-remote-api-servers.html

Cyber security evolves for software-defined vehicles (4 dec)https://www.automotiveworld.com/articles/connected-mobility-articles/cyber-security-evolves-for-software-defined-vehicles/

At least 8 US telcos, dozens of countries impacted by Salt Typhoon breaches, White House says (5 dec)https://therecord.media/eight-telcos-breached-salt-typhoon-nsc

Romania’s election systems targeted in over 85,000 cyberattacks (5 dec)https://www.bleepingcomputer.com/news/security/romanias-election-systems-targeted-in-over-85-000-cyberattacks/

Informationssäkerhet och blandat

The growing role of biometrics in identity verification (2 dec)https://www.biometricupdate.com/202412/the-growing-role-of-biometrics-in-identity-verification

Cybernav och insatsstyrkor – nu ska EU vässa cybersäkerheten (3 dec)https://computersweden.se/article/3616174/cybernav-och-insatsstyrkor-nu-ska-eu-vassa-cybersakerheten.html

New EU Regulation Establishes European ‘Cybersecurity Shield’ (3 dec)https://www.securityweek.com/new-eu-regulation-establishes-european-cybersecurity-shield/

INTERPOL campaign warns against cyber and financial crimes (3 dec)https://www.interpol.int/News-and-Events/News/2024/INTERPOL-campaign-warns-against-cyber-and-financial-crimes

Enhanced Visibility and Hardening Guidance for Communications Infrastructure (4 dec)https://www.cisa.gov/resources-tools/resources/enhanced-visibility-and-hardening-guidance-communications-infrastructure

CERT-SE i veckan

Kritiska sårbarheter i IBM Security Verify Access Appliance (3 dec)https://www.cert.se/2024/12/kritiska-sarbarheter-i-ibm-security-verify-access-appliance.html

Kritisk sårbarhet i Veeam Service Provider Console (4 dec)https://www.cert.se/2024/12/kritisk-sarbarhet-i-veeam-service-provider-console.html

CERT-SE:s veckobrev v.48

VECKOBREV

Blandade nyheter från veckan. Vi vill särskilt trycka på att NCSC har släppt en vägledning om hantering av överbelastningsangrepp.

Trevlig första advent önskar CERT-SE!

Nyheter i veckan

Varningen: ”Ryska cyberattacker kan slå ut elnätet för miljontals” (24 nov)https://sverigesradio.se/artikel/storbritannien-varnar-for-ryska-cyberattacker-kan-sla-ut-elnatet

Russian Cyberspies Hacked Building Across Street From Target for Wi-Fi Attack (25 nov)https://www.securityweek.com/russian-cyberspies-hacked-building-across-street-from-target-for-wi-fi-attack/

Microsoft 365 outage impacts Exchange Online, Teams, Sharepoint (25 nov)https://www.bleepingcomputer.com/news/microsoft/microsoft-365-outage-impacts-exchange-online-teams-sharepoint/

Are Law Enforcement Takedowns Against Ransomware Working? (25 nov)https://www.darkreading.com/vulnerabilities-threats/blackbasta-ransomware-group-conti

PyPI Python Library “aiocpa” Found Exfiltrating Crypto Keys via Telegram Bot (25 nov)https://thehackernews.com/2024/11/pypi-python-library-aiocpa-found.html

Malware Turns Trusted Avast Driver Into a Weapon (26 nov)https://informationsecuritybuzz.com/malware-turns-avast-driver-a-weapon/

Hackers abuse popular Godot game engine to infect thousands of PCs (27 nov)https://www.bleepingcomputer.com/news/security/new-godloader-malware-infects-thousands-of-gamers-using-godot-scripts/

Researchers Discover “Bootkitty” – First UEFI Bootkit Targeting Linux Kernels (27 nov)https://thehackernews.com/2024/11/researchers-discover-bootkitty-first.html

Phishing-as-a-Service “Rockstar 2FA” Targets Microsoft 365 Users with AiTM Attacks (29 nov)https://thehackernews.com/2024/11/phishing-as-service-rockstar-2fa.html

Rapporter och analyser

Guess Who’s Back – The Return of ANEL in the Recent Earth Kasha Spear-phishing Campaign in 2024 (26 nov)https://www.trendmicro.com/en_us/research/24/k/return-of-anel-in-the-recent-earth-kasha-spearphishing-campaign.html

Expert Cybersecurity Predictions for 2025: What Lies Ahead? (27 nov)https://informationsecuritybuzz.com/isb-cybersecurity-predictions-2025-1/

Ransomware-driven data exfiltration: techniques and implications (27 nov)https://blog.sekoia.io/ransomware-driven-data-exfiltration-techniques-and-implications/

Vägledning om överbelastningsangrepp (27 nov)https://www.ncsc.se/sv/aktuellt/vagledning-om-overbelastningsangrepp/

SIRIUS EU Electronic Evidence Situation Report 2024 (28 nov)https://www.europol.europa.eu/publications-events/publications/sirius-eu-electronic-evidence-situation-report-2024

Informationssäkerhet och blandat

The threats of USB-based attacks for critical infrastructurehttps://www.techradar.com/pro/the-threats-of-usb-based-attacks-for-critical-infrastructure

Så arbetar Polisen med cyberbrott – ”vi har bra kompetens” (25 nov)https://computersweden.se/article/3610197/sa-arbetar-polisen-med-cyberbrott-vi-har-en-bra-kompetens.html

Collaboration is key to tackling cybercrime. Recent takedowns show why (26 nov)https://www.weforum.org/stories/2024/11/collaboration-key-tackling-cybercrime-cybersecurity/

AI-kommissionens Färdplan för Sverige (26 nov)https://regeringen.se/rapporter/2024/11/ai-kommissionens-fardplan-for-sverige/

Interpol Clamps Down on Cybercrime and Arrests Over 1,000 Suspects in Africa (26 nov)https://www.securityweek.com/interpol-clamps-down-on-cybercrime-and-arrests-over-1000-suspects-in-africa/

NCSC-konferensen 2024: Säkra verksamheten vid en cyberattack (26 nov)https://www.ncsc.se/sv/aktuellt/sakra-verksamheten-vid-en-cyberattack/

New VPN Attack Demonstrated Against Palo Alto Networks, SonicWall Products (27 nov)https://www.securityweek.com/new-vpn-attack-demonstrated-against-palo-alto-networks-sonicwall-products/

Growing Matrix Botnet Poses Escalating Global Threat (27 nov)https://informationsecuritybuzz.com/matrix-botnet-escalating-global-threat/

170 000 personnummer kan ha hanterats fel – i över tio år (28 nov)https://sverigesradio.se/artikel/170-000-personnummer-kan-ha-hanterats-fel-i-over-tio-ar

Why cybersecurity leaders trust the MITRE ATT&CK Evaluations (28 nov)https://www.helpnetsecurity.com/2024/11/28/cynet-mitre-attck-evaluations/

Analog utlåning i Kumla efter cyberangrepp (28 nov)https://www.biblioteksbladet.se/nyheter/analog-utlaning-i-kumla-efter-cyberangrepp/

CERT-SE:s veckobrev v.47

VECKOBREV

Vill du vara med och bidra till ett säkrare samhälle? Vi på CERT-SE, Sveriges nationella CSIRT, söker fler medarbetare.

Enhetschef Operativ Cybersäkerhetsanalys

Vill du ta en ledande roll i att skydda Sveriges digitala framtid? Vi söker en enhetschef för att bygga upp och leda vår nya operativa analysenhet – en nyckelroll i att skydda våra samhällskritiska funktioner mot cyberangrepp.

Mer information finns här: https://msb.varbi.com/se/what:job/jobID:773438/type:job/where:4/apply:1

Intresseanmälan

Vi söker fler medarbetare för att öka vår operativa förmåga och ge ytterligare stöd för att hantera och förebygga it-säkerhetsincidenter och cyberangrepp. Skicka in din intresseanmälan och bli en del av vårt viktiga uppdrag. Vi hanterar intresseanmälningar löpande.

Mer information finns här:https://www.msb.se/sv/om-msb/jobba-hos-oss/lediga-jobb/intresseanmalan-ar-du-var-nasta-medarbetare-till-cert-se-sveriges-nationella-csirt/

Trevlig helg önskar CERT-SE!

Nyheter i veckan

NSO Group used another WhatsApp zero-day after being sued, court docs say (15 nov)https://www.bleepingcomputer.com/news/security/nso-group-used-another-whatsapp-zero-day-after-being-sued-court-docs-say/

Kritik mot regeringens cybersatsning: ”För lite” (17 nov)https://sverigesradio.se/artikel/kritik-mot-regeringens-cybersatsning-for-lite

T-Mobile Network Reportedly Breached in Chinese Hacking Campaign (17 nov)https://www.pymnts.com/cybersecurity/2024/t-mobile-network-reportedly-breached-in-chinese-hacking-campaign/

Cyberattacken slog hårt mot biblioteket – nu är allt analogt (17 nov)https://www.svt.se/nyheter/lokalt/orebro/cyberattacken-slog-hart-mot-biblioteket-nu-ar-allt-analogt

Fler kommuner i Sydnärke drabbade av cyberattacken i Kumla (18 nov)https://www.svt.se/nyheter/lokalt/orebro/fler-kommuner-i-sydnarke-drabbade-av-cyberattacken-i-kumla

Swiss cheesed off as postal service used to spread malware (18 nov)https://www.theregister.com/2024/11/16/swiss_malware_qr

UK cyber security agency warns of major attacks coming on November 29 (18 nov)https://www.devonlive.com/news/uk-world-news/uk-cyber-security-agency-warns-9722446

Fake Discount Sites Exploit Black Friday to Hijack Shopper Information (18 nov)https://thehackernews.com/2024/11/fake-discount-sites-exploit-black.html

Ford ‘actively investigating’ after employee data allegedly parked on leak site (18 nov)https://www.theregister.com/2024/11/18/ford_actively_investigating_breach/

Varning för bluffmejl från elbolag (18 nov)https://sakerhetskollen.se/aktuella-brott/varning-for-bluffmejl-fran-elbolag

Thames Water’s IT ‘falling apart’ and is hit by cyber-attacks, sources claim (18 nov)https://www.theguardian.com/business/2024/nov/18/thames-waters-it-falling-apart-and-is-hit-by-cyber-attacks-sources-claim

Nu skickas den nya krisbroschyren från MSB ut: ”Om krisen eller kriget kommer” (18 nov)https://www.svt.se/nyheter/inrikes/nu-skickas-den-nya-krisbroschyren-fran-msb-uthttps://www.theregister.com/2024/11/18/sweden_updates_war_guide/

300 Drinking Water Systems in US Exposed to Disruptive, Damaging Hacker Attacks (18 nov)https://www.securityweek.com/300-drinking-water-systems-in-us-exposed-to-disruptive-damaging-hacker-attacks/

Hackaren: Så lätt är det att hacka ditt företag (18 nov)https://sakerhetskollen.se/nyheter/hackaren-sa-latt-ar-det-att-hacka-ditt-foretag

CISA Director Jen Easterly to Step Down (19 nov)https://www.securityweek.com/cisa-director-jen-easterly-to-step-down/

Cyber-espionage group Volt Typhoon resurfaces globally (19 nov)https://securitybrief.co.nz/story/cyber-espionage-group-volt-typhoon-resurfaces-globally

Säpo: Cyberhoten mot Sverige kommer bara att öka (20 nov)https://computersweden.se/article/3608733/sapo-cyberhoten-mot-sverige-kommer-bara-att-oka.html

Cyberattack at French hospital exposes health data of 750,000 patients (20 nov)https://www.bleepingcomputer.com/news/security/cyberattack-at-french-hospital-exposes-health-data-of-750-000-patients/

Security incident recovery times are over 7 months on average (20 nov)https://www.itpro.com/security/security-incident-recovery-times-are-over-7-months-on-average

5 charged in “Scattered Spider,” one of the most profitable phishing scams ever (21)https://arstechnica.com/information-technology/2024/11/prosecutors-charge-5-in-phishing-scams-that-stole-millions-of-dollars/

Winter is coming. So are Russia’s elite hackers (22 nov)https://www.politico.eu/article/russia-hackers-europe-winter-energy-infrastructure-moscow-gas-hike-digital/

SafePay ransomware gang claims Microlise attack that disrupted prison van tracking (22 nov)https://www.theregister.com/2024/11/22/safepay_microlise/

145,000+ Unsecured ICS Devices Exposed To Attackers (22 nov)https://cybersecuritynews.com/145000-unsecured-ics-devices-exposed/

Rapporter och analyser

Malware Spotlight: A Deep-Dive Analysis of WezRat (14 nov)https://research.checkpoint.com/2024/wezrat-malware-deep-dive/

Google thinks these are the biggest security threats facing businesses in 2025 (16 nov)https://www.techradar.com/pro/security/google-thinks-these-are-the-biggest-security-threats-facing-businesses-in-2025

Checkpoint: Threat Intelligence Report (18 nov)https://research.checkpoint.com/2024/18th-november-threat-intelligence-report/

Defeating Adversary-in-the-Middle phishing attacks (18 nov)https://techcommunity.microsoft.com/blog/identity/defeating-adversary-in-the-middle-phishing-attacks/1751777

Now Hackers Are Using Snail Mail In Cyber Attacks—Here’s How (18 nov)https://www.forbes.com/sites/daveywinder/2024/11/18/now-hackers-are-using-snail-mail-in-cyber-attacks-heres-how/

Threat Spotlight: Bad bots are evolving to become more ‘human’ (19 nov)https://blog.barracuda.com/2024/11/19/threat-spotlight-bad-bots-evolving-more-human

Crowdstrike: Unveiling LIMINAL PANDA: A Closer Look at China’s Cyber Threats to the Telecom Sector (19 nov)https://www.crowdstrike.com/en-us/blog/liminal-panda-telecom-sector-threats/?utm_source=newsletter&utm_medium=email&utm_campaign=sendto_newslettertest_technology&stream=top

Cisco reveals top cybersecurity threats trends (19 nov)https://www.electronicspecifier.com/products/cyber-security/cisco-reveals-top-cybersecurity-threats-trends

CISA #StopRansomware: BianLian Ransomware Group (20 nov)https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-136a

Phishing-Resistant Multi-Factor Authentication (MFA) Success Story: USDA’s Fast IDentity Online (FIDO) Implementation (20 nov)https://www.cisa.gov/resources-tools/resources/phishing-resistant-multi-factor-authentication-mfa-success-story-usdas-fast-identity-online-fido

97% of organisations hit by Gen AI-related security breaches, survey finds (20 nov)https://www.techmonitor.ai/technology/cybersecurity/97-of-organisations-hit-by-gen-ai-related-security-breaches-survey-finds?cf-view

Hackers Don’t Hack, They Log In – Stealer Logs and Identity Attacks (21 nov)https://socradar.io/hackers-dont-hack-they-log-in-stealer-logs-and-identity-attacks/

Unveiling WolfsBane: Gelsemium’s Linux counterpart to Gelsevirine (21 nov)https://www.welivesecurity.com/en/eset-research/unveiling-wolfsbane-gelsemiums-linux-counterpart-to-gelsevirine/

DDoS Attack Growing Bigger & Dangerous, New Report Reveals (21 nov)https://cybersecuritynews.com/ddos-attack-growing-bigger/

Report reveals a major ransomware entry point for cyberattacks (21 nov)https://www.insurancebusinessmag.com/us/news/cyber/report-reveals-a-major-ransomware-entry-point-for-cyberattacks-514943.aspx

Ransomware attacks primarily caused by poor cyber hygiene (21 nov)https://www.scworld.com/brief/ransomware-attacks-primarily-caused-by-poor-cyber-hygiene

Cybercriminals turn to pen testers to test ransomware efficiency (22 nov)https://www.helpnetsecurity.com/2024/11/22/pen-testers-ransomware-recruiting/

70% of Hong Kong companies saw cyberattacks this year, privacy watchdog survey finds (22 nov)https://hongkongfp.com/2024/11/22/70-of-hong-kong-companies-saw-cyberattacks-this-year-privacy-watchdog-survey-finds/

Informationssäkerhet och blandat

In cybersecurity bias is persistent, but so are women (19 nov)https://www.scworld.com/feature/in-cybersecurity-bias-is-persistent-but-so-are-women

Genombrottet nära för supersäkra lösennycklar – ”Alla företag bör börja med det direkt” (20 nov)https://www.nyteknik.se/tech/genombrottet-nara-for-supersakra-losennycklar-alla-foretag-bor-borja-med-det-direkt/4307192

Malicious QR Codes: How big of a problem is it, really? (20 nov)https://blog.talosintelligence.com/malicious_qr_codes/

Chinese Manufactured Batteries Pose Cybersecurity Threat to Critical Infrastructure (21 nov)https://www.jdsupra.com/legalnews/chinese-manufactured-batteries-pose-1640151/

Enhancing Cyber Resilience: Insights from CISA Red Team Assessment of a US Critical Infrastructure Sector Organization (21 nov)https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-326a

ENISA: Navigating cybersecurity investments in the time of NIS 2 (21 nov)https://www.enisa.europa.eu/news/navigating-cybersecurity-investments-in-the-time-of-nis-2

Australien: Albanese Government delivers world-leading legislation to protect children online (21 nov)https://www.pm.gov.au/media/albanese-government-delivers-world-leading-legislation-protect-children-online

Secure Future Initiative (SFI)https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/final/en-us/microsoft-brand/documents/SFI_November_2024_update.pdf

CWE Top 25 Most Dangerous Software Weaknesseshttps://cwe.mitre.org/top25/

CERT-SE i veckan

Kritisk sårbarhet i VMware vCenter Server (publicerad 18 sep, uppdaterad 19 nov)https://www.cert.se/2024/09/kritiska-sarbarheter-i-vmware-vcenter-server.html

CERT-SE:s veckobrev v.46

VECKOBREV

Vi vill tipsa om Mognadsdialogen som är ett pedagogiskt verktyg för att följa upp hur effektivt er organisation arbetar med att skydda information utifrån behov, krav och förutsättningar. Läs mer här: https://www.msb.se/sv/amnesomraden/informationssakerhet-cybersakerhet-och-sakra-kommunikationer/arbeta-systematiskt-informationssakerhet-och-cybersakerhet/mognadsdialogen

Kika även på våra artiklar om patchtisdagen från tidigare i veckan, och se till att uppdatera sårbara system så snart som möjligt.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

IT-chefen förväntar sig hackerattack – svårt att motarbeta (8 nov)https://sverigesradio.se/artikel/it-chefen-forvantar-sig-hackerattack-svart-att-motarbeta

ASML hit with global IT outage that was resolved (8 nov)https://www.reuters.com/technology/asml-hit-with-global-it-outage-that-was-resolved-2024-11-08

Expert om cyberattacker: Inte frågan OM utan NÄR (9 nov)https://sverigesradio.se/artikel/expert-om-cyberattacker-inte-fragan-om-utan-nar

Därför vill hackare komma åt Kumla kommuns känsliga uppgifter (10 nov)https://sverigesradio.se/artikel/darfor-vill-hackare-komma-at-kommunens-kansliga-uppgifter

Watch out, that Excel document could be infected with dangerous malware (12 nov)https://www.techradar.com/pro/security/watch-out-that-excel-document-could-be-infected-with-dangerous-malware

New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks (12 nov)https://thehackernews.com/2024/11/new-ymir-ransomware-exploits-memory-for.html

Was Amazon Hacked? No—Your Account And Password Have Not Been Compromised. Here’s What You Need To Know (13 nov)https://www.forbes.com/sites/daveywinder/2024/11/12/was-amazon-hacked-are-your-password-and-credit-card-compromised

US govt officials’ communications compromised in recent telecom hack (13 nov)https://www.bleepingcomputer.com/news/security/chinese-hackers-compromised-us-government-officials-private-communications-in-recent-telecom-breach

Polisen jagar hackarna – ny bevisning avgörande (15 nov)https://sverigesradio.se/artikel/efter-hackerattacken-stulen-data-publicerad-pa-darknet

Så ska it-attacker som den mot Kumla förhindras – MSB: ”Fler behöver jobba med cybersäkerhet” (15 nov)https://www.svt.se/nyheter/lokalt/orebro/sa-ska-it-attacker-som-den-mot-kumla-forhindras-msb-fler-behover-jobba-med-cybersakerhet

Rapporter och analyser

New Campaign Uses Remcos RAT to Exploit Victims (8 nov)https://www.fortinet.com/blog/threat-research/new-campaign-uses-remcos-rat-to-exploit-victims

Threat Hunting Case Study: Uncovering Turla (11 nov)https://intel471.com/blog/threat-hunting-case-study-uncovering-turla

Phishing by Design: Two-Step Attacks Using Microsoft Visio Files (11 nov)https://perception-point.io/blog/phishing-by-design-two-step-attacks-using-microsoft-visio-files

October 2024’s Most Wanted Malware: Infostealers Surge as Cyber Criminals Leverage Innovative Attack Vectors (11 nov)https://blog.checkpoint.com/security/october-2024s-most-wanted-malware-infostealers-surge-as-cyber-criminals-leverage-innovative-attack-vectors

2023 Top Routinely Exploited Vulnerabilities (12 nov)https://cisa.gov/news-events/cybersecurity-advisories/aa24-317a

Informationssäkerhet och blandat

Threat Spotlight: Evolving ‘we know where you live’ tactics personalize sextortion scams (12 nov)https://blog.barracuda.com/2024/11/12/threat-spotlight-personalize-sextortion-scams

Palo Alto Networks Emphasizes Hardening Guidance (13 nov)https://www.cisa.gov/news-events/alerts/2024/11/13/palo-alto-networks-emphasizes-hardening-guidance

CISA’s ScubaGear Tool Improves Security for Organizations Using M365 and Surpasses 30,000 Downloads (13 nov)https://www.cisa.gov/news-events/news/cisas-scubagear-tool-improves-security-organizations-using-m365-and-surpasses-30000-downloads-0

CERT-SE i veckan

Microsofts månatliga säkerhetsuppdateringar för november 2024 (13 nov)https://www.cert.se/2024/11/microsofts-manatliga-sakerhetsuppdateringar-for-november-2024.html

Adobes månatliga säkerhetsuppdateringar för november 2024 (13 nov)https://www.cert.se/2024/11/adobes-manatliga-sakerhetsuppdateringar-for-november-2024.html

Kritiska sårbarheter i Ivanti Endpoint Manager, Connect Secure och Policy Secure (13 nov)https://www.cert.se/2024/11/kritiska-sarbarheter-i-ivanti-endpoint-manager-connect-secure-och-policy-secure.html

Allvarliga sårbarheter i Citrix Virtual Apps and Desktops (13 nov)https://www.cert.se/2024/11/allvarliga-sarbarheter-i-citrix-virtual-apps-and-desktops.html

Allvarlig sårbarhet i SAP Web Dispatcher (14 nov)https://www.cert.se/2024/11/allvarlig-sarbarhet-i-sap-web-dispatcher.html

CERT-SE:s veckobrev v.45

VECKOBREV

För er som skickat in lösningar på CERT-SE:s CTF och kanske hade svårt att hitta vissa flaggor finns nu facit på cert.se. I övrigt vill vi uppmärksamma att vi gjort en mindre uppdatering av vårt blixtmeddelande om en kritisk sårbarhet i Fortinet FortiManager.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

German Police Disrupt DDoS-for-Hire Platform dstat[.]cc; Suspects Arrested (4 nov)https://thehackernews.com/2024/11/german-police-disrupt-ddos-for-hire.html

Kumla kommun utsatt för cyberangrepp (4 nov)https://www.kumla.se/kommun-och-politik/nyheter/viktigt-meddelande/2024-11-04-kumla-kommun-utsatt-for-cyberangrepp.html

Nokia investigates breach after hacker claims to steal source code (4 nov)https://www.bleepingcomputer.com/news/security/nokia-investigates-breach-after-hacker-claims-to-steal-source-code/

INTERPOL cyber operation takes down 22,000 malicious IP addresses (5 nov)https://www.interpol.int/News-and-Events/News/2024/INTERPOL-cyber-operation-takes-down-22-000-malicious-IP-addresses

Center for Cybersikkerhed skal have ny chef (5 nov)https://www.cfcs.dk/da/nyheder/2024/center-for-cybersikkerhed-skal-have-ny-chef/

Hacker Behind Snowflake Data Breach Arrested in Canada (6 nov)https://cybersecuritynews.com/hacker-behind-snowflake-data-breach-arrested/

Cyberattack disables tracking systems and panic alarms on British prison vans (6 nov)https://therecord.media/british-prison-vans-cyberattack

Schneider Electric suffers data breach, exposing critical project and user data (6 nov)https://www.csoonline.com/article/3599966/schneider-electric-suffers-data-breach-exposing-critical-project-and-user-data.html

NIS2 blir svensk lag först nästa år – men för vissa gäller kraven från i dag (7 nov)https://computersweden.se/article/3599201/nis2-blir-svensk-lag-forst-nasta-ar-men-for-vissa-galler-kraven-fran-i-dag.html

Regeringen stärker säkerheten och kostnadseffektiviteten genom statlig it-drift (7 nov)https://www.regeringen.se/pressmeddelanden/2024/11/regeringen-starker-sakerheten-och-kostnadseffektiviteten-genom-statlig-it-drift/

Regeringsbeslut: Möjligheten till hemlig dataavläsning permanentas (7 nov)https://sverigesradio.se/artikel/regeringsbeslut-mojligheten-till-hemlig-dataavlasning-permanentas

Parets cyklar värda 400 000 stals – tjuvar kan ha spårat via träningsapp (8 nov)https://www.svt.se/nyheter/lokalt/stockholm/fracka-cykelstolder-hugo-och-annas-blev-av-med-sina-mountainbikes-varda-400-000-kronor

Rapporter och fördjupningar

ChatGPT-4o can be used for autonomous voice-based scams (3 nov)https://www.bleepingcomputer.com/news/security/chatgpt-4o-can-be-used-for-autonomous-voice-based-scams/

Check point research – 4th November – Threat Intelligence Report (4 nov)https://research.checkpoint.com/2024/4th-november-threat-intelligence-report/

Attackers Abuse DocuSign API to Send Authentic-Looking Invoices At Scale (5 nov)https://lab.wallarm.com/attackers-abuse-docusign-api-to-send-authentic-looking-invoices-at-scale/

Unwrapping the emerging Interlock ransomware attack (7 nov)https://blog.talosintelligence.com/emerging-interlock-ransomware/

ESET APT Activity Report Q2 2024–Q3 2024 (7 nov)https://www.welivesecurity.com/en/eset-research/eset-apt-activity-report-q2-2024-q3-2024/

Informationssäkerhet och blandat

Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine (4 nov)https://thehackernews.com/2024/11/googles-ai-tool-big-sleep-finds-zero.html

Siemens and Rockwell Tackle Industrial Cybersecurity, but Face Customer Hesitation (4 nov)https://www.securityweek.com/siemens-and-rockwell-tackle-industrial-cybersecurity-but-face-customer-hesitation/

Därför väljer allt fler att outsourca cybersäkerheten (4 nov)https://computersweden.se/article/3596559/darfor-valjer-allt-fler-att-outsourca-cybersakerheten.html

Här lär sig BTH-studenter att stoppa hackerattacker (6 nov)https://www.svt.se/nyheter/lokalt/blekinge/har-lar-sig-bth-studenter-att-stoppa-hackerattacker

Brist på samverkan bromsar Sveriges digitalisering (6 nov)https://computersweden.se/article/3599400/brist-pa-samverkan-bromsar-sveriges-digitalisering.htmlhttps://www.digg.se/om-oss/nyheter/analys-och-uppfoljning/nyheter/2024-11-05-minskad-oppenhet-ett-hot-mot-sveriges-digitalisering

Asking for your feedback: ENISA technical guidance for the cybersecurity measures of the NIS2 Implementing Act (7 nov)https://www.enisa.europa.eu/news/asking-for-your-feedback-enisa-technical-guidance-for-the-cybersecurity-measures-of-the-nis2-implementing-act

Saknas: 4,8 miljoner cybersäkerhetsproffs (8 nov)https://computersweden.se/article/3600652/saknas-48-miljoner-cybersakerhetsproffs.html

CERT-SE i veckan

BM24-005 Kritisk sårbarhet i Fortinet FortiManager utnyttjas aktivt (uppdatering 4 nov)https://www.cert.se/2024/10/bm24-005-kritisk-sarbarhet-i-fortinet-FortiManager-utnyttjas-aktivt.html

Facit för CERT-SE CTF 2024 (6 nov)https://www.cert.se/2024/11/cert-se-ctf-facit.html

CERT-SE:s veckobrev v.44

VECKOBREV

Den här veckan avslutas cybersäkerhetsmånaden och med det stänger vi CERT-SEs CTF-utmaning. Vi är imponerade av era lösningar och vill rikta ett stort tack till alla som skickat in sina svar!

Notera gärna vår uppdaterade artikel om FortiManager, då Fortinet uppdaterat sina råd gällande sårbarheten.

I övrigt ett mastigt veckobrev med flera fördjupningar och analyser lagom till långhelgen.

Ha en fin allhelgonahelg!

Nyheter i veckan

Four REvil members sentenced to more than four years in prison (25 okt)https://therecord.media/four-revil-ransomware-gang-members-sentenced-prison-russia

San Francisco billboards call out tech firms for not paying for open source (25 okt)https://www.theregister.com/2024/10/25/open_source_funding_ads/

Joint Statement by FBI and CISA on PRC Activity Targeting Telecommunications (25 okt)https://www.cisa.gov/news-events/news/joint-statement-fbi-and-cisa-prc-activity-targeting-telecommunications

Nordea utsatt för överbelastningsattack (25 okt)https://sverigesradio.se/artikel/nordea-utsatt-for-overbelastningsattack

Kinesiska hackare har tagit del av USA-politikers samtal (27 okt)https://www.dn.se/direkt/2024-10-27/uppgifter-kinesiska-hackare-har-tagit-del-av-usa-politikers-samtal/

Sveriges Radio: Vissa inloggningsmetoder inte så säkra som du tror (27 okt)https://sverigesradio.se/artikel/expert-vissa-inloggningsmetoder-inte-sa-sakra-som-du-tror

Lunds universitet satsar på Tiktok – ser inga hinder för IT-säkerheten (28 okt)https://www.svt.se/nyheter/lokalt/skane/lunds-universitet-satsar-pa-tiktok-ser-inga-hinder-for-it-sakerheten

Fällande dom efter överbelastningsattack mot SL (28 okt)https://www.securityuser.com/se/Nyheter/Samhalle/fallande-dom-efter-overbelastningsattack-mot-sl

‘All servers’ for Redline and Meta infostealers hacked by Dutch police and FBI (28 okt)https://therecord.media/infostealer-servers-takedown-dutch-police-fbi

Hacker claims to have data linked to 19 million French mobile and internet customers (29 okt)https://www.itpro.com/security/cyber-attacks/hacker-claims-to-have-data-linked-to-19-million-french-mobile-and-internet-customers

Många techföretag nobbar offentliga upphandlingar – ”krångligt” (29 okt)https://computersweden.se/article/3591846/manga-techforetag-nobbar-offentliga-upphandlingar-krangligt.html

Anmälda bedrägeribrott minskar (29 okt)https://polisen.se/aktuellt/nyheter/nationell/2024/oktober/bedragerierna-minskar/

Hackers Downgrading Remote Desktop Security Setting For Unauthorized Access (29 okt)https://cybersecuritynews.com/hackers-downgrading-remote-desktop-security/

Massive Midnight Blizzard Phishing Attack Via Weaponized RDP Files (30 okt)https://cybersecuritynews.com/phishing-attack-weaponized-rdp-file/..

Russia’s ‘Midnight Blizzard’ hackers target government workers in novel info-stealing campaign (30 okt)https://therecord.media/russia-midnight-blizzard-hackers-target-government-sector

Hackers Exploit Microsoft Teams In New Ransomware Scam (30 okt)https://www.forbes.com/sites/larsdaniel/2024/10/30/hackers-posing-as-it-support-on-teams-new-ransomware-scam-targeting-your-workplace/

QNAP patches second zero-day exploited at Pwn2Own to get root (30 okt)https://www.bleepingcomputer.com/news/security/qnap-patches-second-zero-day-exploited-at-pwn2own-to-get-root/

Informationssäkerhet och blandat

Fog Ransomware Targets SonicWall VPNs to Breach Corporate Networks (27 okt)https://www.bleepingcomputer.com/news/security/fog-ransomware-targets-sonicwall-vpns-to-breach-corporate-networks/

German MPs and their staff fail simple phishing attack test (27 okt)https://www.tomshardware.com/tech-industry/cyber-security/german-mps-and-their-staff-fail-simple-phishing-attack-test

A good cyber leader prioritizes the greater good (28 okt)https://www.helpnetsecurity.com/2024/10/28/good-cyber-leader-responsibility/

Sveriges Radio; Följ med till Sveriges hemligaste myndighet – FRA (28 okt)https://sverigesradio.se/artikel/folj-med-till-sveriges-hemligaste-myndighet-fra–2

Sveriges Radio: Nätverket som blivit en guldgruva för spioner (29 okt)https://sverigesradio.se/avsnitt/natverket-som-blivit-en-guldgruva-for-spioner-grans

Regeringen ger Finansinspektionen och Riksbanken nya verktyg för att stärka den digitala motståndskraften i finanssektorn (29 okt)https://www.regeringen.se/pressmeddelanden/2024/10/egeringen-ger-finansinspektionen-och-riksbanken-nya-verktyg-for-att-starka-den-digitala-motstandskraften-i-finanssektorn/

“You must do better”: Information Commissioner John Edwards calls on firms to beef up support for data breach victims (30 okt)https://www.itpro.com/security/data-protection/you-must-do-better-information-commissioner-john-edwards-calls-on-firms-to-beef-up-support-for-data-breach-victims

Report: Safer Together – Strengthening Europe’s Civilian and Military Preparedness and Readiness (30 okt)https://commission.europa.eu/topics/defence/safer-together-path-towards-fully-prepared-union_en

Understanding the NIS2 Directive: Strengthening Cybersecurity Across the EUhttps://www.enisa.europa.eu/topics/cybersecurity-education/awareness-campaigns/network-and-information-systems-directive-2-nis2

NCSC-UK: CyberFirst overviewhttps://www.ncsc.gov.uk/cyberfirst/overview

Rapporter och analyser

BPFDoor Linux Malware Detected By AhnLab EDR (10 okt)https://asec.ahnlab.com/en/83925/..

Linux Persistence Techniques Detected By AhnLab EDRhttps://asec.ahnlab.com/en/83779/

Decrypted: Mallox ransomware (22 okt)https://www.gendigital.com/blog/news/innovation/decrypted-mallox-ransomware

Doubling Down on Trusted Partnerships: Our Commitment to Researchers (22 okt)https://www.whitehouse.gov/oncd/briefing-room/2024/10/22/doubling-down-on-trusted-partnerships-our-commitment-to-researchers/

Threat Spotlight: WarmCookie/BadSpace (23 okt)https://blog.talosintelligence.com/warmcookie-analysis

Scattered Spider x RansomHub: A New Partnership (24 okt)https://www.reliaquest.com/blog/scattered-spider-x-ransomhub-a-new-partnership

Cloud Malware: A Threat Hunter’s Guide to Analysis, Techniques and Delivery (24 okt)https://www.sentinelone.com/labs/cloud-malware-a-threat-hunters-guide-to-analysis-techniques-and-delivery

AWS’s Predictable Bucket Names Make Accounts Easier to Crack (24 okt)https://www.darkreading.com/threat-intelligence/aws-cdk-default-s3-bucket-naming-pattern-lets-adversaries-waltz-into-admin-access

The Real Monsters of Street Level Surveillance (25 okt)https://www.eff.org/deeplinks/2024/10/real-monsters-street-level-surveillance

Two currently (old) exploited Ivanti vulnerabilities (27 okt)https://isc.sans.edu/diary/Two%20currently%20%28old%29%20exploited%20Ivanti%20vulnerabilities/31384

CloudScout: Evasive Panda Scouting Cloud Services (28 okt)https://www.welivesecurity.com/en/eset-research/cloudscout-evasive-panda-scouting-cloud-services/

New tool bypasses Google Chrome’s new cookie encryption system (28 okt)https://www.bleepingcomputer.com/news/security/new-tool-bypasses-google-chromes-new-cookie-encryption-system/

Anatomy of an LLM RCE (28 okt)https://www.cyberark.com/resources/threat-research-blog/anatomy-of-an-llm-rce

Self-contained HTML phishing attachment using Telegram to exfiltrate stolen credentials (28 okt)https://isc.sans.edu/diary/Self-contained%20HTML%20phishing%20attachment%20using%20Telegram%20to%20exfiltrate%20stolen%20credentials/31388

Announcing General Availability of Inbound SMTP DANE with DNSSEC for Exchange Online (28 okt)https://techcommunity.microsoft.com/t5/exchange-team-blog/announcing-general-availability-of-inbound-smtp-dane-with-dnssec/ba-p/4281292

Report: Unveiling the Persistent Risks of Connected Medical Devices (29 okt)https://www.forescout.com/resources/iomt-persistent-risk-report/

New Research Reveals Spectre Vulnerability Persists in Latest AMD and Intel Processors (29 okt)https://thehackernews.com/2024/10/new-research-reveals-spectre.html

Lumma/Amadey: fake CAPTCHAs want to know if you’re human (29 okt)https://securelist.com/fake-captcha-delivers-lumma-amadey/114312/

Jumpy Pisces Engages in Play Ransomware (30 okt)https://unit42.paloaltonetworks.com/north-korean-threat-group-play-ransomware/

Three quarters of businesses report increase in cyberattacks (30 okt)https://www.rte.ie/news/business/2024/1030/1478040-cyber-attacks-survey/

Hackers Exploit Microsoft Teams In New Ransomware Scam (30 okt)https://www.forbes.com/sites/larsdaniel/2024/10/30/this-halloween-beware-the-pig-butcher/?

CERT-SE i veckan

CERT-SE används i bedrägeriförsök (28 okt)https://www.cert.se/2024/10/cert-se-anvands-i-bedrageriforsok.html

Uppdaterad – Kritisk sårbarhet i Fortinet FortiManager utnyttjas aktivt (31 okt)https://www.cert.se/2024/10/bm24-005-kritisk-sarbarhet-i-fortinet-FortiManager-utnyttjas-aktivt.html

CERT-SE används i bedrägeriförsök

Just nu utnyttjas namnet CERT-SE i olika bedrägeriförsök. Ett exempel är att en e-postadress som liknar vår egen används som avsändare.

CERT-SE kommunicerar med e-postadresser från domänen cert.se. Om du känner dig tveksam om ett mejl kommer från oss kan du ringa till CERT-SE på 010-240 40 40.

Är du osäker på vem som är avsändare kan du kan kryptera meddelanden med vår publika PGP-nyckel och skicka till oss. Det innebär att det bara är vi på cert.se som kan läsa ditt meddelande eftersom vi har den privata PGP-nyckeln. Du kan läsa mer på https://www.cert.se/pgp/.

CERT-SE tar gärna emot både teknisk och generell information från drabbade. Mejla till cert@cert.se och märk tydligt upp mejlet med ämnesraden [Bedrägeri (avsändarens mejladress)]. Inkludera gärna mejlets header.

Se CERT-SE:s temasida med generella råd gällande nätfiske: https://www.cert.se/tema/natfiske

CERT-SE är tillgängliga dygnet runt alla dagar på året för att kunna agera och inom vårt uppdrag hjälpa verksamheter som har drabbats av it-säkerhetsincidenter.

CERT-SE:s veckobrev v.43

VECKOBREV

I veckan har CERT-SE skickat ut ett blixtmeddelande med anledning av en kritisk sårbarhet i Fortinet FortiManager som utnyttjas aktivt. Blixtmeddelanden skickas ut vid speciellt allvarliga sårbarheter eller hot och där det finns behov av att agera omedelbart eller skyndsamt. CERT-SE vill därför trycka extra på att snarast möjligt åtgärda enligt tillverkarens rekommendationer.

Se vidare: https://www.cert.se/2024/10/bm24-005-kritisk-sarbarhet-i-fortinet-FortiManager-utnyttjas-aktivt.html

Vi vill också påminna om att vi går in i sista veckan för att lösa CERT-SE:s CTF för 2024. Sista dagen att skicka in svar är den 31 oktober.

https://www.cert.se/2024/09/cert-se-ctf2024.html

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Kallar sina AI-modeller “öppen källkod” – nu får Meta skarp kritik (18 okt)https://computersweden.se/article/3568236/kallar-sina-ai-modeller-oppen-kallkod-nu-far-meta-skarp-kritik.html

Internet Archive breached again through stolen access tokens (20 okt)https://www.bleepingcomputer.com/news/security/internet-archive-breached-again-through-stolen-access-tokens/

Microsoft missade att samla in kritiska säkerhetsloggar (21 okt)https://computersweden.se/article/3570572/microsoft-missade-att-samla-in-kritiska-sakerhetsloggar.html..

Microsoft confirms partial loss of security log data on multiple platforms (21 okt)https://www.techcentral.ie/microsoft-confirms-partial-loss-of-security-log-data-on-multiple-platforms/

AI-Powered Attacks Flood Retail Websites (22 okt)https://www.infosecurity-magazine.com/news/aipowered-attacks-flood-retail/

Pixel perfect Ghostpulse malware loader hides inside PNG image files (22 okt)https://www.theregister.com/2024/10/22/ghostpulse_malware_loader_png/

Bumblebee and Latrodectus Malware Return with Sophisticated Phishing Strategies (22 okt)https://thehackernews.com/2024/10/bumblebee-and-latrodectus-malware.html

Exploit released for new Windows Server “WinReg” NTLM Relay attack (22 okt)https://www.bleepingcomputer.com/news/security/exploit-released-for-new-windows-server-winreg-ntlm-relay-attack/

Cyber Attackers Set Their Sights on Manufacturing (23 okt)https://informationsecuritybuzz.com/cyber-attackers-sights-manufacturing/

Hackers are stepping up ‘qishing’ attacks by hiding malicious QR codes in PDF email attachments (23 okt)https://www.itpro.com/security/hackers-are-stepping-up-qishing-attacks-by-hiding-malicious-qr-codes-in-pdf-email-attachments

Hackers exploit 52 zero-days on the first day of Pwn2Own Ireland (23 okt)https://www.bleepingcomputer.com/news/security/hackers-exploit-52-zero-days-on-the-first-day-of-pwn2own-ireland/

The Lazarus APT Strikes Again: New Zero-Day Exploit Targets Investors through DeFi Games (24 okt)https://informationsecuritybuzz.com/the-lazarus-apt-strikes-again-zero-day/

Fällande dom efter överbelastningsattack mot SL (25 okt)https://polisen.se/aktuellt/nyheter/nationell/2024/oktober/fallande-dom-efter-overlastningsattack-mot-sl/

Rapporter och analyser

Microsoft vanligast för nätbedrägerier (20 okt)https://www.mobil.se/nyheter/microsoft-fortfarande-nummer-ett/1590226..

Check Point Research Unveils Q3 2024 Brand Phishing Trends: Microsoft Remains Most Imitated Brand as Alibaba and Adobe Enter Top 10https://blog.checkpoint.com/research/check-point-research-unveils-q3-2024-brand-phishing-trends-microsoft-remains-most-imitated-brand-as-alibaba-and-adobe-enter-top-10/

Attacker blottar brister i rysk cyber­säkerhet (22 okt)https://foi.se/nyheter-och-press/nyheter/2024-10-22-attacker-blottar-brister-i-rysk-cybersakerhet.html

Informationssäkerhet och blandat

Microsoft Digital Defense Report 2024https://www.microsoft.com/en-us/security/security-insider/intelligence-reports/microsoft-digital-defense-report-2024

Akira ransomware continues to evolve (21 okt)https://blog.talosintelligence.com/akira-ransomware-continues-to-evolve/

Därför är små företag ”lågt hängande frukt” för hackare (22 okt)https://www.siljannews.se/naringsliv/darfor-ar-sma-foretag-lagt-hangande-frukt-for-hackare

Skatteverket varnar: Nya bedrägerier har tagit fart (22 okt)https://nyheter24.se/nyheter/ekonomi/privatekonomi/1357773-skatteverket-varnar-nya-bedragerier-har-tagit-fart..

Om nätbedrägerierhttps://skatteverket.se/omoss/kontaktaoss/mejlaoss/omnatbedragerier.4.8bcb26d16a5646a148128ae.html

Myndighet studerar påverkanskampanjer i USA-valet (23 okt)https://sverigesradio.se/artikel/myndighet-studerar-paverkanskampanjer-i-usa-valet

Här tränar eleverna försvar mot cyberangrepp – genom fejkad attack (24 okt)https://www.svt.se/nyheter/lokalt/stockholm/har-lar-sig-eleverna-sta-emot-cyberangrepp-genom-latsasattack

Varning för industrins svaga punkt (25 okt)https://www.di.se/nyheter/varning-for-industrins-svaga-punkt/

CERT-SE i veckan

Kritisk sårbarhet i VMware vCenter Server (uppdaterad 23 okt, publicerad 18 sep)https://www.cert.se/2024/09/kritiska-sarbarheter-i-vmware-vcenter-server.html

BM24-005 Kritisk sårbarhet i Fortinet FortiManager utnyttjas aktivt (24 okt)https://www.cert.se/2024/10/bm24-005-kritisk-sarbarhet-i-fortinet-FortiManager-utnyttjas-aktivt.html

CERT-SE:s veckobrev v.42

CERT-SE:s veckobrev v.42

VECKOBREV

Mycket information i veckobrevet denna gång. Genomförandeakten för NIS 2 har publicerats. CERT-SE har återigen observerat fall av nätfiske mot kommuner, läs gärna vår artikel på ämnet. Slutligen vill vi också påminna om vår CTF, den ligger ute till månadsskiftet så se till att ta chansen att testa era cyberfärdigheter. Trevlig helg önskar CERT-SE!

Nyheter i veckan

6 biggest healthcare security threats (11 okt)https://www.csoonline.com/article/564832/biggest-healthcare-security-threats.html

Microsoft deprecates PPTP and L2TP VPN protocols in Windows Server (12 okt)https://www.bleepingcomputer.com/news/microsoft/microsoft-deprecates-pptp-and-l2tp-vpn-protocols-in-windows-server

New Gmail Security Alert For 2.5 Billion Users As AI Hack Confirmed (13 okt)https://www.forbes.com/sites/daveywinder/2024/10/13/new-gmail-security-alert-for-billions-as-7-day-ai-hack-confirmed

Phishing tactics: The top attacks trends in 2024 (14 okt)https://www.itpro.com/security/cyber-attacks/phishing-tactics-the-top-attacks-trends-in-year

Så ser allmänhetens IT-beteende ut 2024 (14 okt)https://www.msb.se/sv/aktuellt/nyheter/2024/oktober/sa-ser-allmanhetens-it-beteende-ut-2024

Punjab Police will use an AI chatbot to solve cybercrime cases, say hello to Cyber Mittar (15 okt)https://www.businessinsider.in/india/news/punjab-police-will-use-an-ai-chatbot-to-solve-cybercrime-cases-say-hello-to-cyber-mittar/articleshow/114238170.cms

Pokémon-utvecklare utsatt för hackerattack (15 okt)https://www.svt.se/kultur/pokemon-utvecklare-utsatt-for-hackerattack

Nya nätfiskemetoder via QR-kod kringgår vanliga säkerhetslösningar (15 okt)https://www.aktuellsakerhet.se/nya-natfiskemetoder-via-qr-kod-kringgar-vanliga-sakerhetslosningar

Experten: Därför har it-attacker blivit vanligare (15 okt)https://sverigesradio.se/artikel/experten-darfor-har-it-attacker-blivit-vanligare

EDRSilencer red team tool used in attacks to bypass security (15 okt)https://www.bleepingcomputer.com/news/security/edrsilencer-red-team-tool-used-in-attacks-to-bypass-security

Tusentals bankkonton läckta i hackerattack: ”Jätteorolig” (16 okt)https://sverigesradio.se/artikel/tusentals-bankkonton-lackta-i-hackerattack-jatteorolig

UK Government Launches AI Safety Scheme to Tackle Deepfakes (16 okt)https://www.infosecurity-magazine.com/news/uk-government-launches-ai-safety

Nordea utsatt för cyberattacker – i en månad (16 okt)https://sverigesradio.se/artikel/nordea-utsatt-for-cyberattacker-i-en-manad

Firm hacked after accidentally hiring North Korean cyber criminal (16 okt)https://www.bbc.com/news/articles/ce8vedz4yk7o

‘Nationally significant’ cyberattacks are surging, warns the UK’s new cyber chief (16 okt)https://therecord.media/uk-nationally-significant-cyberattacks-ncsc-horne-warning

Är it-chefer noga med säkerheten? Nja. (17 okt)https://computersweden.se/article/3567378/ar-it-chefer-noga-med-sakerheten-nja.html..
Arctic Wolf 2024 Human Risk Behavior Snapshot Reveals Nearly Two-Thirds of Security and IT Leaders Have Fallen for Phishing Attacks (16 okt)https://arcticwolf.com/resources/press-releases/arctic-wolf-2024-human-risk-behavior-snapshot-reveals-nearly-two-thirds-of-security-and-it-leaders-have-fallen-for-phishing-attacks

Casio says ‘no prospect of recovery yet’ after ransomware attack (17 okt)https://techcrunch.com/2024/10/17/casio-says-no-prospect-of-recovery-yet-after-ransomware-attack

European companies anxious over non-implementation of EU cyber rules (17 okt)https://www.euronews.com/next/2024/10/17/european-companies-anxious-over-non-implementation-of-eu-cyber-rules

Hackerattackerna ökar kraftigt – så skyddar sig Luleåborna (17 okt)https://www.svt.se/nyheter/lokalt/norrbotten/hackerattackerna-okar-kraftigt-sa-skyddar-sig-luleaborna

Nya regler för att öka cybersäkerheten i EU:s kritiska entiteter och nätverk (17 okt)https://ec.europa.eu/commission/presscorner/detail/sv/ip_24_5342

Anonymous Sudan har stoppats – svensk polis deltog i insatsen (17 okt)https://computersweden.se/article/3567737/anonymous-sudan-har-stoppats-svensk-polis-deltog.html..
Hackergruppen Anonymous Sudan reducerad med hjälp av svensk polis (17 okt)https://polisen.se/aktuellt/nyheter/nationell/2024/oktober/hackergruppen-anonymous-sudan–reducerad-med-hjalp-av-svensk-polis

Rapporter och analyser

Cyber Signals Issue 8 | Education under siege: How cybercriminals target our schools​​ (10 okt)https://www.microsoft.com/en-us/security/blog/2024/10/10/cyber-signals-issue-8-education-under-siege-how-cybercriminals-target-our-schools

Mängden skadlig kod i öppen källkod-arkiv ökar kraftigt (14 okt)https://computersweden.se/article/3560202/mangden-skadlig-kod-i-oppen-kallkod-arkiv-okar-kraftigt.html..
State of the Software Supply Chain reporthttps://www.sonatype.com/state-of-the-software-supply-chain/Introduction

Cyberattackers Unleash Flood of Potentially Disruptive Election-Related Activity (15 okt)https://www.darkreading.com/cyberattacks-data-breaches/attackers-unleash-flood-potentially-disruptive-election-related-activity..
A Deep Dive into Cyber Threats surrounding U.S. Election 2024 (PDF)https://www.fortinet.com/content/dam/fortinet/assets/intelligence-reports/FortiGuard-Labs-2024-US-Election-Security-Report.pdf

Microsoft Digital Defense Report 2024 (15 okt)https://www.microsoft.com/en-us/security/security-insider/intelligence-reports/microsoft-digital-defense-report-2024

Ransomware: Threat Level Remains High in Third Quarter (17 okt)https://www.security.com/threat-intelligence/ransomware-threat-level-remains-high

Informationssäkerhet och blandat

Strategi för cybersäkerheten i Finland 2024–2035 (10 okt)https://julkaisut.valtioneuvosto.fi/handle/10024/165861

CERT-SE i veckan

Pågående nätfiskekampanj riktad mot kommuner och skolor (uppdaterad 17 okt)https://www.cert.se/2024/06/pagaende-natfiskekampanj-riktad-mot-kommuner-och-skolor.html

Oracles kvartalsvisa säkerhetsuppdatering för oktober 2024 (16 okt)https://www.cert.se/2024/10/oracles-kvartalsvisa-sakerhetsuppdateringar-for-oktober-2024.html

CERT-SE:s veckobrev v.41

VECKOBREV

Det har varit patchtisdag och CERT-SE har publicerat sammanfattningar av säkerhetsuppdateringar från Microsoft, Adobe, Ivanti och SAP. Se till att uppdatera dessa, och övriga sårbarheter vi skrivit om i veckan, så snart det går.

Den här veckan informerar vi även om en kritisk sårbarhet i Fortinet-produkter som nu utnyttjas aktivt (CVE-2024-23113, CVSS-klassning på 9.8). För mer information, se Kritisk sårbarhet i Fortinet-produkter utnyttjas aktivt på www.cert.se.https://www.cert.se/2024/10/kritisk-sarbarhet-i-fortinet-produkter-utnyttjas-aktivt.html

Trevlig helg!

Nyheter i veckan

Rekordstor ddos-attack registrerad – 3,8 terabit per sekund (4 okt)https://computersweden.se/article/3546703/rekordstor-ddos-attack-registrerad-38-terabit-per-sekund.html

White House official says insurance companies must stop funding ransomware payments (4 okt)https://therecord.media/cyber-insurance-ransomware-payments-anne-neuberger-op-ed

E.U. Court Limits Meta’s Use of Personal Facebook Data for Targeted Ads (7 okt)https://thehackernews.com/2024/10/eu-court-limits-metas-use-of-personal.html

Nu finns AI som gymnasieämne – bara åtta behöriga lärare (7 okt)https://www.dn.se/sverige/nu-finns-ai-som-gymnasieamne-bara-atta-behoriga-larare/

Defending healthcare systems against ransomware attacks [Q&A] (7 okt)https://betanews.com/2024/10/07/defending-healthcare-systems-against-ransomware-attacks-qa/

New Gorilla Botnet Launches Over 300,000 DDoS Attacks Across 100 Countries (7 okt)https://thehackernews.com/2024/10/new-gorilla-botnet-launches-over-300000.html

AT&T, Verizon reportedly hacked to target US govt wiretapping platform (7 okt)https://www.bleepingcomputer.com/news/security/atandt-verizon-reportedly-hacked-to-target-us-govt-wiretapping-platform/

Headhuntad? Drömjobbet kan vara en fälla (7 okt)https://computersweden.se/article/3544937/headhuntad-dromjobbet-kan-vara-en-falla.html

American Water Confirms Hack: Customer Portal and Billing Services Suspended (7 okt)https://www.securityweek.com/american-water-confirms-hack-customer-portal-and-billing-services-suspended/

Smart TV Surveillance? How Samsung and LG’s ACR Technology Tracks What You Watch (7 okt)https://www.securityweek.com/smart-tv-surveillance-how-samsung-and-lgs-acr-technology-tracks-what-you-watch/

Qualcomm patches high-severity zero-day exploited in attacks (7 okt)https://www.bleepingcomputer.com/news/security/qualcomm-patches-high-severity-zero-day-exploited-in-attacks/..
October 2024 Security Bulletinhttps://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html

NCSC-UK: Engaging with Boards to improve the management of cyber security risk (7 okt)https://www.ncsc.gov.uk/guidance/board-level-cyber-discussions-communicating-clearly..
Board-CISO Mismatch on Cyber Responsibility, NCSC Research Finds (7 okt)https://www.infosecurity-magazine.com/news/boardciso-mismatch-on-cyber/

MFA Isn’t Failing, But It’s Not Succeeding: Why a Trusted Security Tool Still Falls Short (7 okt)https://www.securityweek.com/mfa-isnt-failing-but-its-not-succeeding-why-a-trusted-security-tool-still-falls-short/

Billion-dollar cyberfraud industry expands in Southeast Asia as criminals adopt new technologies (7 okt)https://www.unodc.org/roseap/en/2024/10/cyberfraud-industry-expands-southeast-asia/story.html

Ukraine’s defense ministry launches military CERT to counter Russian cyberattacks (8 okt)https://therecord.media/ukraine-creates-military-cert

Lego Hacked by Crypto-Scammers (8 okt)https://informationsecuritybuzz.com/lego-hacked-by-crypto-scammers/

Healthcare Organizations Warned of Trinity Ransomware Attacks (8 okt)https://www.securityweek.com/healthcare-organizations-warned-of-trinity-ransomware-attacks/

MSB: ”Näringslivet måste sitta med vid bordet” (8 okt)https://www.di.se/digital/msb-naringslivet-maste-sitta-med-vid-bordet/

GoldenJackal Targets Embassies, Steals Data from Air-Gapped Systems (8 okt)https://securityboulevard.com/2024/10/goldenjackal-targets-embassies-steals-data-from-air-gapped-systems/

Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks (9 okt)https://thehackernews.com/2024/10/microsoft-detects-growing-use-of-file.html

Casio Hit by Cyberattack (9 okt)https://www.securityweek.com/casio-hit-by-cyberattack/

Scammers Hit Florida Hurricane Victims with Fake FEMA Claims, Malware Files (9 okt)https://hackread.com/scammers-florida-hurricane-victim-fake-fema-malware/

Social Media Accounts: The Weak Link in Organizational SaaS Security (9 okt)https://thehackernews.com/2024/10/social-media-accounts-weak-link-in.html

Hackers weaponizing VSCode for remote access (9 okt)https://cybernews.com/security/hackers-weaponizing-vscode-for-remote-access/

American Water cyberattack renews focus on protecting critical infrastructure (9 okt)https://www.dailymail.co.uk/wires/ap/article-13941881/American-Water-cyberattack-renews-focus-protecting-critical-infrastructure.html

Populära toppdomänen .io kan vara på väg att försvinna (9 okt)https://computersweden.se/article/3553638/populara-toppdomanen-io-kan-vara-pa-vag-att-forsvinna.html

US FTC says Marriott will boost security to settle data breach charges (9 okt)https://www.reuters.com/technology/cybersecurity/us-ftc-takes-action-against-marriott-starwood-over-data-breaches-2024-10-09/

Internet Archive leaks user info and succumbs to DDoS (10 okt)https://www.theregister.com/2024/10/10/internet_archive_ddos_data_leak/

Dutch cops reveal takedown of ‘world’s largest dark web market’ (10 okt)https://www.theregister.com/2024/10/10/cannabia_bohemia_darkweb_market_investigation/

The Internet Archive taken down by DDoS attacks (10 okt)https://www.engadget.com/cybersecurity/the-internet-archive-taken-down-by-ddos-attacks-222317044.html

Firefox Zero-Day Under Attack: Update Your Browser Immediately (10 okt)https://thehackernews.com/2024/10/mozilla-warns-of-active-exploitation-in.html

Så skyddar vi Sveriges digitala infrastruktur (10 okt)https://www.di.se/debatt/sa-skyddar-vi-sveriges-digitala-infrastruktur/

Svenskarna tror cyberhoten kommer öka (11 okt)https://it-kanalen.se/svenskarna-tror-cyberhoten-kommer-oka/

Rapporter och analyser

Checkpoint 7th October– Threat Intelligence Report:https://research.checkpoint.com/2024/7th-october-threat-intelligence-report/

2024 State of the Threat: A Year in Reviewhttps://www.secureworks.com/resources/rp-state-of-the-threat-2024..
2024 State of the Threat Report Reveals a Resilient and Evolving Threat Landscape (8 okt)https://www.secureworks.com/blog/2024-state-of-the-threat-report-reveals-a-resilient-and-evolving-threat-landscape

DDoS attacks are on the rise, and are increasingly politically-motivated (7 okt)https://www.techradar.com/pro/security/ddos-attacks-are-on-the-rise-and-are-increasingly-politically-motivated

Informationssäkerhet och blandat

Cybersecurity Awareness Month: Securing our world—together (1 okt)https://www.microsoft.com/en-us/security/blog/2024/10/01/cybersecurity-awareness-month-securing-our-world-together/

Expert Blog: Consumer routers targeted by multiple botnets (4 okt)https://english.ncsc.nl/latest/weblog/weblog/2024/consumer-routers-targeted-by-multiple-botnets

A Look Into Embargo Ransomware, Another Rust-Based Ransomware (4 okt)https://blog.sonicwall.com/en-us/2024/10/a-look-into-embargo-ransomware-another-rust-based-ransomware/

No Way to Hide: Uncovering New Campaigns from Daily Tunneling Detection (4 okt)https://unit42.paloaltonetworks.com/detecting-dns-tunneling-campaigns/

Sverige behöver en tydligare cybersäkerhetspolicy (7 okt)https://www.su.se/forskning/nyheter-forskning/sverige-beh%C3%B6ver-en-tydligare-cybers%C3%A4kerhetspolicy-1.769190

Så slipper du strul med bankkoder när nätbanken ligger nere (7 okt)https://svenska.yle.fi/a/7-10065114

The Disappearance of an Internet Domain (8 okt)https://every.to/p/the-disappearance-of-an-internet-domain

Cyber resilience act: Council adopts new law on security requirements for digital products (10 okt)https://www.consilium.europa.eu/en/press/press-releases/2024/10/10/cyber-resilience-act-council-adopts-new-law-on-security-requirements-for-digital-products/

Fortum: Utsatt för sabotageförsök i Finland och Sverige (10 okt)https://www.dn.se/ekonomi/fortum-utsatt-for-sabotageforsok-i-finland-och-sverige/

CERT-SE i veckan

Microsofts månatliga säkerhetsuppdateringar för oktober 2024 (9 okt)https://cert.se/2024/10/microsofts-manatliga-sakerhetsuppdateringar-for-oktober-2024.html

Kritiska sårbarheter i Ivanti Connect Secure och Policy Secure (9 okt)https://cert.se/2024/10/kritiska-sarbarheter-i-ivanti-connect-secure-och-policy-secure.html

Adobes månatliga säkerhetsuppdateringar för oktober 2024 (9 okt)https://cert.se/2024/10/adobes-manatliga-sakerhetsuppdateringar-for-oktober-2024.html

Kritisk sårbarhet i Fortinet-produkter utnyttjas aktivt (10 okt)https://www.cert.se/2024/10/kritisk-sarbarhet-i-fortinet-produkter-utnyttjas-aktivt.html

SAPs månatliga säkerhetsuppdateringar för oktober 2024 (10 okt)https://www.cert.se/2024/10/saps-manatliga-sakerhetsuppdateringar-for-oktober-2024.html