CERT-SE:s veckobrev v.21

VECKOBREV

Blandade nyheter från veckan.

Nyheter i veckan

First LockBit, now BreachForums: Are cops winning the war or just a few battles? (17 maj)https://www.theregister.com/2024/05/17/cops_crime_winning

New Threat Insights Reveal That Cybercriminals Increasingly Target the Pharmacy Sector (17 maj)https://www.proofpoint.com/us/blog/email-and-cloud-threats/cybercriminals-increasingly-targeting-pharmacy-sector

Australia Investigates Data Breach at National Electronic Prescriptions Provider; Health Data Potentially Compromised (17 maj)https://www.bitdefender.com/blog/hotforsecurity/australia-investigates-data-breach-at-national-electronic-prescriptions-provider-health-data-potentially-compromised

American Radio Relay League cyberattack takes Logbook of the World offline (19 maj)https://www.bleepingcomputer.com/news/security/arrl-cyberattack-takes-logbook-of-the-world-offline

Allt fler cyberattacker i Norden sker via PDF-filer (20 maj)https://computersweden.se/article/2112439/allt-fler-cyberattacker-i-norden-sker-via-pdf-filer.html

British Library’s candid ransomware comms driven by ‘emotional intelligence’ (20 maj)https://www.theregister.com/2024/05/20/the_british_library_owes_lauded

Finanssektorn spurtar – snart skärps EU:s regler för cybersäkerhet (20 maj)https://computersweden.se/article/2109630/finanssektorn-spurtar-snart-skarps-eus-regler-for-cybersakerhet.html

Keylogger in Microsoft Exchange Server Steals Login Credentials From Login Page (21 maj)https://cybersecuritynews.com/keylogger-embedded-microsoft-exchange-server/

Små kommuner särskilt utsatta för it-attacker (21 maj)https://sverigesradio.se/artikel/fortsatt-stora-problem-for-bjurholms-kommun-efter-it-attack

Data från Svenska kyrkan publicerades på darknet – tusentals berörda (21 maj)https://sverigesradio.se/artikel/data-fran-svenska-kyrkan-publicerades-pa-darknet-tusentals-berorda

Malware Delivery via Cloud Services Exploits Unicode Trick to Deceive Users (21 maj)https://thehackernews.com/2024/05/malware-delivery-via-cloud-services.html

Chinese hackers hide on military and govt networks for 6 years (22 maj)https://www.bleepingcomputer.com/news/security/unfading-sea-haze-hackers-hide-on-military-and-govt-networks-for-6-years/

State hackers turn to massive ORB proxy networks to evade detection (22 maj)https://www.bleepingcomputer.com/news/security/state-hackers-turn-to-massive-orb-proxy-networks-to-evade-detection/

Rapporter och analyser

QNAPping At The Wheel (17 maj)https://labs.watchtowr.com/qnap-qts-qnapping-at-the-wheel-cve-2024-27130-and-friends

Tiny BackDoor Goes Undetected – Suspected Turla leveraging MSBuild to Evade detection (20 maj)https://cyble.com/blog/tiny-backdoor-goes-undetected-suspected-turla-leveraging-msbuild-to-evade-detection

CISA: Software Transparency in SaaS Environments (21 maj)https://www.cisa.gov/sites/default/files/2024-05/Software%20Transparency%20in%20SaaS%20Environments.pdf

Rapid7 Releases the 2024 Attack Intelligence Report (21 maj)https://www.rapid7.com/blog/post/2024/05/21/rapid7-releases-the-2024-attack-intelligence-report/

Informationssäkerhet och blandat

Fördjupat samarbete med USA inom totalförsvar och cybersäkerhet i fokus när Carl-Oskar Bohlin besökte Washington (17 maj)https://www.regeringen.se/artiklar/2024/05/fordjupat-samarbete-med-usa-inom-totalforsvar-och-cybersakerhet-i-fokus-nar-carl-oskar-bohlin-besokte-washington

Why Your Wi-Fi Router Doubles as an Apple AirTag (21 maj)https://krebsonsecurity.com/2024/05/why-your-wi-fi-router-doubles-as-an-apple-airtag/#more-67551

NIST quantum-resistant algorithms to be published within weeks, top White House advisor says (22 maj)https://therecord.media/nist-post-quantum-cryptography-standards-publishing-soon

Business email compromise: new guidance to protect your organisationhttps://www.ncsc.gov.uk/blog-post/business-email-compromise-guidance-protect-organisation

CERT-SE i veckan

Allvarlig sårbarhet i Cisco FMC (23 maj)https://www.cert.se/2024/05/allvarlig-sarbarhet-i-cisco-fmc.html

Allvarlig sårbarhet i Confluence-produkter (23 maj)https://www.cert.se/2024/05/allvarlig-sarbarhet-i-confluence-produkter.html

Kritiska sårbarheter i produkter från Ivanti (23 maj)https://www.cert.se/2024/05/kritiska-sarbarheter-i-produkter-fran-ivanti.html

Kritisk sårbarhet i GitHub Enterprise Server (22 maj)https://www.cert.se/2024/05/kritisk-sarbarhet-i-github-enterprise-server.html

Kritisk sårbarhet i Fluent Bit (21 maj)https://www.cert.se/2024/05/kritisk-sarbarhet-i-fluent-bit.html