CERT-SE:s veckobrev v.17

VECKOBREV

Ett lite kortare veckobrev denna vecka. Bland händelserna finns angrepp och tekniska problem som drabbat svenska verksamheter samt flera analyser av sårbarheter och tillvägagångssätt. Dessutom har Försvarsberedningen släppt sin slutrapport Stärkt försvarsförmåga.

Nyheter i veckan

MITRE Response to Cyber Attack in One of Its R&D Networks (19 apr)https://www.mitre.org/news-insights/news-release/mitre-response-cyber-attack-one-its-rd-networks

A French hospital was forced to reschedule procedures after cyberattack (20 apr)https://securityaffairs.com/162057/hacking/french-hospital-cyber-attack.html

Sveriges Radios sajt och app drabbades av tekniska problem (20 apr)https://sverigesradio.se/artikel/sveriges-radios-sajt-och-app-drabbades-av-tekniska-problem

Rural Texas Towns Report Cyberattacks That Caused One Water System to Overflow (22 apr)https://www.securityweek.com/rural-texas-towns-report-cyberattacks-that-caused-one-water-system-to-overflow/

Teliaproblem i hela landet – sjukhus drabbade (22 apr)https://www.svt.se/nyheter/inrikes/teliaproblem-i-hela-landet-sjukhus-drabbade

Russian FSB Counterintelligence Chief Gets 9 Years in Cybercrime Bribery Scheme (22 apr)https://krebsonsecurity.com/2024/04/russian-fsb-counterintelligence-chief-gets-9-years-in-cybercrime-bribery-scheme/

Leicester street lights stuck on all day due to cyber attack (22 apr)https://www.leicestermercury.co.uk/news/leicester-news/leicester-street-lights-stuck-day-9240197

UnitedHealth data leak may affect ‘substantial’ swath of US (23 apr)https://www.miamiherald.com/news/business/article287928188.html

The Battle Continues: Mandiant Report Shows Improved Detection But Persistent Adversarial Success (23 apr)https://www.securityweek.com/the-battle-continues-mandiant-report-shows-improved-detection-but-persistent-adversarial-success/

Risk för varubrist på Systemet efter it-attack (23 apr)https://www.svt.se/nyheter/inrikes/risk-for-varubrist-pa-systemet-efter-it-attack

Jätteövning i Nato ska stärka försvar mot cyberattacker (24 apr)https://sverigesradio.se/play/artikel/8644541

Åtgärder för ett säkrare digitalt privatliv (24 apr)https://www.ncsc.se/aktuellt/atgarder-for-ett-sakrare-digitalt-privatliv/

Länet delade lärdomar från de senaste IT-attackerna (24 apr)https://www.lansstyrelsen.se/jamtland/om-oss/nyheter-och-press/nyheter—jamtland/2024-04-24-lanet-delade-lardomar-fran-de-senaste-it-attackerna.html

1177 ligger nere – går inte att logga in (24 apr)https://www.expressen.se/nyheter/sverige/1177-ligger-nere-gar-inte-att-logga-in/

Norskt luftrum har stängts (25 apr)https://www.aftonbladet.se/nyheter/a/mP6gg0/norskt-luftrum-har-stangts

Rapporter och analyser

Evil XDR: Researcher Turns Palo Alto Software Into Perfect Malware (19 apr)https://www.darkreading.com/application-security/evil-xdr-researcher-turns-palo-alto-software-into-perfect-malware

Researchers claim Windows Defender can be fooled into deleting databases (22 apr)https://www.theregister.com/2024/04/22/edr_attack_remote_data_deletion/

Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials (22 apr)https://www.microsoft.com/en-us/security/blog/2024/04/22/analyzing-forest-blizzards-custom-post-compromise-tool-for-exploiting-cve-2022-38028-to-obtain-credentials/

What is a brute force attack? (24 apr)https://proton.me/blog/what-is-brute-force-attack

2023: A ‘Good’ Year for OT Cyberattacks (24 apr)https://www.darkreading.com/endpoint-security/2023-good-year-for-ot-cyberattacks

ArcaneDoor – New espionage-focused campaign found targeting perimeter network devices (24 apr)https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/

Informationssäkerhet och blandat

SANS Institute Celebrates 35 Years of Cybersecurity Leadership at RSA Conference 2024 (24 apr)https://www.prweb.com/releases/sans-institute-celebrates-35-years-of-cybersecurity-leadership-at-rsa-conference-2024-302125131.html

Försvarsberedningen släpper slutrapporten Stärkt försvarsförmåga (26 apr)https://www.regeringen.se/rattsliga-dokument/departementsserien-och-promemorior/2024/04/ds-20246/

CISA ransomware warning program will launch this year (25 apr)https://www.theverge.com/2024/4/25/24140425/cisa-ransomware-warning-program

CERT-SE i veckan

Sårbarhet i Progress Flowmon (24 apr)https://www.cert.se/2024/04/sarbarhet-i-progress-flowmon.html

Sårbarheter i Cisco-produkter utnyttjas aktivt (25 apr)https://www.cert.se/2024/04/sarbarheter-i-cisco-produkter-utnyttjas-aktivt.html