CERT-SE:s veckobrev v.31

VECKOBREV

Vi kliver in i augusti med ett matigt och varierat nyhetssvep med djupdykningar i skadlig kod och angreppsmetoder, kritiska säkerhetshål och cybersäkerhetshändelser från världen över.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Acronis warns of Cyber Infrastructure default password abused in attacks (26 jul)https://www.bleepingcomputer.com/news/security/acronis-warns-of-cyber-infrastructure-default-password-abused-in-attacks/

French Internet Lines Cut in Latest Attack During Olympics (28 jul)https://www.bnnbloomberg.ca/business/company-news/2024/07/29/french-internet-cables-severed-in-latest-attack-during-olympics/

French authorities launch disinfection operation to eradicate PlugX malware from infected hosts (28 jul)https://securityaffairs.com/166213/cyber-crime/plugx-malware-disinfection-operation.html

ServiceNow Critical RCE Bugs Under Active Exploit (29 jul)https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit

Transportstyrelsen varnar för falska mejl (29 jul)https://sakerhetskollen.se/aktuella-brott/transportstyrelsen-varnar-for-falska-mejl

Intruders at HealthEquity rifled through storage, stole 4.3M people’s data (29 jul)https://www.theregister.com/2024/07/29/healthequity_says_data_breach_affects/

Proofpoint Email Routing Flaw Exploited to Send Millions of Spoofed Phishing Emails (29 jul)https://thehackernews.com/2024/07/proofpoint-email-routing-flaw-exploited.html..https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6

New Jersey City University hacked by ransomware group demanding $700K (29 jul)https://www.nj.com/hudson/2024/07/new-jersey-city-university-hacked-by-ransomware-group-demanding-700k.html

Microsoft 365 users targeted by phishers abusing Microsoft Forms (29 jul)https://www.helpnetsecurity.com/2024/07/29/microsoft-365-phishing-forms/

Attackers (Crowd)Strike with Infostealer Malware (29 jul)https://perception-point.io/blog/attackers-crowdstrike-with-infostealer-malware/

Dark Angels ransomware receives record-breaking $75 million ransom (30 jul)https://www.bleepingcomputer.com/news/security/dark-angels-ransomware-receives-record-breaking-75-million-ransom/

Microsoft: Latest outage was sparked by cyber attack on Azure platform (30 jul)https://www.standard.co.uk/business/business-news/microsoft-latest-outage-was-sparked-by-cyber-attack-on-azure-platform-b1173933.html..https://www.bleepingcomputer.com/news/microsoft/microsoft-365-and-azure-outage-takes-down-multiple-services/

New SideWinder Cyber Attacks Target Maritime Facilities in Multiple Countries (30 jul)https://thehackernews.com/2024/07/new-sidewinder-cyber-attacks-target.html

Ransomware attack on major US blood center prompts hundreds of hospitals to implement shortage protocols (31 jul)https://therecord.media/ransomware-attack-blood-center-shortage-protocols-hospitals..https://www.securityweek.com/ransomware-attack-hits-oneblood-blood-bank-disrupts-medical-operations/

Exploited Vulnerability Could Impact 20k Internet-Exposed VMware ESXi Instances (1 aug)https://www.securityweek.com/exploited-vulnerability-could-impact-20k-internet-exposed-vmware-esxi-instances/..https://thehackernews.com/2024/07/vmware-esxi-flaw-exploited-by.html

Over 1 Million Domains at Risk of ‘Sitting Ducks’ Domain Hijacking Technique (1 aug)https://thehackernews.com/2024/08/over-1-million-domains-at-risk-of.html?m=1

StackExchange abused to spread malicious PyPi packages as answers (1 aug)https://www.bleepingcomputer.com/news/security/stackexchange-abused-to-spread-malicious-pypi-packages-as-answers/

FBI warns of scammers posing as crypto exchange employees (1 aug)https://www.bleepingcomputer.com/news/security/fbi-warns-of-scammers-posing-as-crypto-exchange-employees/

ICO reprimands UK Electoral Commission over cyberattack that left voter data exposed (1 aug)https://www.techradar.com/pro/ico-reprimands-uk-electoral-commission-over-cyberattack-that-left-voter-data-exposed

Columbus investigating potential data leak after ransomware attack (1 aug)https://therecord.media/columbus-investigating-data-leak-ransomware-attack

Over 300 Indian banks suffer payment disruption from ransomware attack (1 aug)https://www.csoonline.com/article/3480250/over-300-indian-banks-suffer-payment-disruption-from-ransomware-attack.html

Acadian Ambulance Services Leaks Protected Health Information After Cyber Attack (1 aug)https://www.cpomagazine.com/cyber-security/acadian-ambulance-services-leaks-protected-health-information-after-cyber-attack/

NCA shuts down major fraud platform responsible for 1.8 million scam calls (1 aug)https://www.nationalcrimeagency.gov.uk/news/nca-shuts-down-major-fraud-platform-responsible-for-1-8-million-scam-calls

Rapporter och fördjupningar

Årsrapport 2023: Latvian Cybersecurity and CERT.LV Technical Activities (26 jul)https://cert.lv/en/2024/07/latvian-cybersecurity-and-cert-lv-technical-activities-annual-report-2023

Vägledning: CIS Critical Security Controls 8.1 (27 jul)https://cstromblad.com/posts/cis81-vagledning-introduktion/

WhatsApp for Windows lets Python, PHP scripts execute with no warning (27 jul)https://www.bleepingcomputer.com/news/security/whatsapp-for-windows-lets-python-php-scripts-execute-with-no-warning/

“Cyber weather” juni månad från finska cybersäkerhetscentret (29 jul)https://www.kyberturvallisuuskeskus.fi/en/ajankohtaista/kybersaa_06/2024

UNC4393 Goes Gently into the SILENTNIGHT (29 jul)https://cloud.google.com/blog/topics/threat-intelligence/unc4393-goes-gently-into-silentnight

Over 1 Million websites are at risk of sensitive information leakage – XSS is dead. Long live XSS (29 jul)https://salt.security/blog/over-1-million-websites-are-at-risk-of-sensitive-information-leakage—xss-is-dead-long-live-xss..https://hackread.com/xss-oauth-threatens-millions-hotjar-flaw/

Phishing targeting Polish SMBs continues via ModiLoader (30 jul)https://www.welivesecurity.com/en/eset-research/phishing-targeting-polish-smbs-continues-modiloader/

OneDrive Phishing Scam Tricks Users into Running Malicious PowerShell Script (30 jul)https://thehackernews.com/2024/07/onedrive-phishing-scam-tricks-users.html

Five months after takedown, LockBit is a shadow of its former self (31 jul)https://www.theregister.com/2024/07/31/five_months_after_lockbit/

New PyPI Package Zlibxjson Steals Discord, Browser Data (31 jul)https://www.infosecurity-magazine.com/news/pypi-package-steals-discord/

Research update: Threat Actors Behind the DEV#POPPER Campaign Have Retooled and are Continuing to Target Software Developers via Social Engineering (31 jul)https://www.securonix.com/blog/research-update-threat-actors-behind-the-devpopper-campaign-have-retooled-and-are-continuing-to-target-software-developers-via-social-engineering/

There is no real fix to the security issues recently found in GitHub and other similar software (1 aug)https://blog.talosintelligence.com/threat-source-newsletter-aug-1-2024/

IBM: Data breaches are costing UK companies millions every time (1 aug)https://www.techradar.com/pro/data-breaches-are-costing-uk-companies-millions-every-time..https://computersweden.se/article/3479480/kostnaden-for-dataintrang-bara-stiger-storsta-okningen-sedan-pandemin.html

BfV CYBER INSIGHT – The i-Soon-Leaks: Industrialization of Cyber Espionagehttps://www.verfassungsschutz.de/SharedDocs/kurzmeldungen/EN/2024/2024-08-01-bfv-cybersecurity-insight-part-1.html

Informationssäkerhet och blandat

Google apologizes for breaking password manager for millions of Windows users with iffy Chrome update (29 jul)https://www.theregister.com/2024/07/29/google_password_manager_outage/

Tech Orgs Feel ‘Abandoned’ as UN Finalizes Cybercrime Treaty (29 jul)https://www.govinfosecurity.com/tech-orgs-feel-abandoned-as-un-finalizes-cybercrime-treaty-a-25875

United Nations: Hundreds of thousands forced to scam in Southeast Asia (30 aug)https://www.bbc.com/news/world-asia-66655047

CISA and FBI: DDoS attacks won’t impact US election integrity (31 jul)https://www.bleepingcomputer.com/news/security/cisa-and-fbi-ddos-attacks-wont-impact-us-election-integrity/

Argentina will use AI to ‘predict future crimes’ but experts worry for citizens’ rights (2 aug)https://www.theguardian.com/world/article/2024/aug/01/argentina-ai-predicting-future-crimes-citizen-rights

50 years ago, CP/M started the microcomputer revolution (2 aug)https://www.theregister.com/2024/08/02/cpm_50th_anniversary/..https://computerhistory.org/blog/fifty-years-of-the-personal-computer-operating-system/

CERT-SE i veckan

Kritiska sårbarheter i IBM-produkter (2 aug)https://www.cert.se/2024/08/kritiska-sarbarheter-i-ibm-produkter.html

Dell åtgärdar kritisk sårbarhet (31 jul)https://www.cert.se/2024/07/dell-atgardar-en-kritisk-sarbarhet.html

Kritisk sårbarhet i GeoServer (30 juli)https://www.cert.se/2024/07/kritisk-sarbarhet-i-geoserver.html

Sårbarhet i VMware ESXi hypervisor utnyttjas aktivt (30 juli)https://www.cert.se/2024/07/sarbarhet-i-vmware-esxi-utnyttjas-aktivt.html

Kritiska sårbarheter i ServiceNow (30 juli)https://www.cert.se/2024/07/kritiska-sarbarheter-i-servicenow.html