VECKOBREV
Ett matigt, varierat och tankeväckande nyhetssvep denna första vecka i juli. Men innan ni förkovrar er i hängmattan, notera gärna veckans artiklar om allvarliga sårbarheter i bland annat Juniper-routrar och OpenSSH.
För fördjupad förståelse om OpenSSH-sårbarheten och rekommendationer på åtgärder, se artikel publicerad av NCSC-SE idag: https://www.ncsc.se/aktuellt/sarbarhet-i-openssh/
Trevlig helg önskar CERT-SE!
Nyheter i veckan
Multiple Finnish Water Treatment Centers Broken Into & Fake Doctor Attempts To Breach Multiple Health Centers (28 jun)https://covertaccessteam.substack.com/p/fake-doctor-attempts-to-infiltrate
A cyberattack shut down the University Hospital Centre Zagreb in Croatia (28 jun)https://securityaffairs.com/165007/hacking/cyberattack-shutdown-university-hospital-centre-zagreb.html
HubSpot says it’s investigating customer account hacks (28 jun)https://techcrunch.com/2024/06/28/hubspot-says-its-investigating-customer-account-hacks/?guccounter=2
Ticketmaster sends notifications about recent massive data breach (28 jun)https://www.bleepingcomputer.com/news/security/ticketmaster-sends-notifications-about-recent-massive-data-breach/
Dev rejects CVE severity, makes his GitHub repo read-only (30 jun)https://www.bleepingcomputer.com/news/security/dev-rejects-cve-severity-makes-his-github-repo-read-only
Nasty regreSSHion bug in OpenSSH puts roughly 700K Linux boxes at risk (1 jul)https://www.theregister.com/2024/07/01/regresshion_openssh/
Cisco warns of NX-OS zero-day exploited to deploy custom malware (1 jul)https://www.bleepingcomputer.com/news/security/cisco-warns-of-nx-os-zero-day-exploited-to-deploy-custom-malware/
Police allege ‘evil twin’ of in-flight Wi-Fi used to steal passenger’s credentials (1 jul)https://www.theregister.com/2024/07/01/australia_evil_twin_wifi_airline_attack/
Fler bedrägeriutsatta söker stöd i Örebro – vishing allt vanligare (2 jul)https://www.svt.se/nyheter/lokalt/orebro/antalet-bedragerier-fortsatter-att-oka
3 million iOS and macOS apps were exposed to potent supply-chain attacks (2 jul)https://arstechnica.com/security/2024/07/3-million-ios-and-macos-apps-were-exposed-to-potent-supply-chain-attacks/
Indonesia gov ransomware chaos may be over after hack group apologizes and says it has shared decrypt keys (3 jul)https://www.tomshardware.com/tech-industry/cyber-security/indonesia-gov-ransomware-chaos-may-be-over-after-hack-group-apologizes-and-says-it-has-shared-decrypt-keys
Europol coordinates global action against criminal abuse of Cobalt Strike (3 jul)https://www.europol.europa.eu/media-press/newsroom/news/europol-coordinates-global-action-against-criminal-abuse-of-cobalt-strike
Over 380k Hosts Still Referencing Malicious Polyfill Domain: Censys (3 jul)https://www.securityweek.com/over-380k-hosts-still-referencing-malicious-polyfill-domain-censys/
“Everything’s frozen”: Ransomware locks credit union users out of bank accounts (3 jul)https://arstechnica.com/tech-policy/2024/07/everythings-frozen-ransomware-locks-credit-union-users-out-of-bank-accounts/
OpenAI’s ChatGPT Mac app was storing conversations in plain text (3 jul)https://www.theverge.com/2024/7/3/24191636/openai-chatgpt-mac-app-conversations-plain-text
New ransomware group uses phone calls to pressure victims, researchers say (3 jul)https://therecord.media/ransomware-group-volcano-demon-lukalocker
Hackers abused API to verify millions of Authy MFA phone numbers (3 jul)https://www.bleepingcomputer.com/news/security/hackers-abused-api-to-verify-millions-of-authy-mfa-phone-numbers/
Europol says mobile roaming tech is making its job too hard (5 jul)https://www.theregister.com/2024/07/05/europol_home_routing_complaint/…https://www.europol.europa.eu/media-press/newsroom/news/home-routing-limiting-law-enforcement-evidence-gathering-warns-europol
CISA Warns Chemical Facilities of Data Theft After Hacker Breached CSAT Security Tool via Ivanti (5 jul)https://www.cpomagazine.com/cyber-security/cisa-warns-chemical-facilities-of-data-theft-after-hacker-breached-csat-security-tool-via-ivanti/
Rapporter, fördjupningar och analyser
A Deep Dive Into DarkME Rat Malware (27 jun)https://blog.sonicwall.com/en-us/2024/06/a-deep-dive-into-darkme-rat-malware
ESET Threat Report H1 2024 (27 jun)https://www.welivesecurity.com/en/eset-research/eset-threat-report-h1-2024/
IoT och säkerhet – en djupdykning i framtidens teknik (27 jun)https://www.ri.se/sv/iot-och-sakerhet-en-djupdykning-i-framtidens-teknik
Meet Brain Cipher — The new ransomware behind Indonesia’s data center attack (29 jun)https://www.bleepingcomputer.com/news/security/meet-brain-cipher-the-new-ransomware-behind-indonesia-data-center-attack/
The biggest data breaches in 2024: 1 billion stolen records and rising (29 jun)https://techcrunch.com/2024/06/29/2024-in-data-breaches-1-billion-stolen-records-and-rising/
Ny rapport: Vårdens IT-säkerhet under fortsatt hård press (1 jul)https://www.infrastrukturnyheter.se/20240701/30218/ny-rapport-vardens-it-sakerhet-under-fortsatt-hard-press..
https://soti.se/media/d20achvn/soti-industry-report-code-digital-will-healthcare-thrive-or-survive-swedish.pdf
Caught in the Net: Using Infostealer Logs to Unmask CSAM Consumers (2 jul)https://www.recordedfuture.com/caught-in-the-net-using-infostealer-logs-to-unmask-csam-consumers
The Rise of Packet Rate Attacks: When Core Routers Turn Evil (2 jul)https://blog.ovhcloud.com/the-rise-of-packet-rate-attacks-when-core-routers-turn-evil/
Modern Cryptographic Attacks: A Guide for the Perplexed (2 jul)https://research.checkpoint.com/2024/modern-cryptographic-attacks-a-guide-for-the-perplexed/
Half of Employees Fear Punishment for Reporting Security Mistakes (3 jul)https://www.infosecurity-magazine.com/news/employees-fear-punishment-reporting/
The Not-So-Secret Network Access Broker x999xx (3 jul)https://krebsonsecurity.com/2024/07/the-not-so-secret-network-access-broker-x999xx/
Microsoft: “Skeleton Key” Attacks Consistently Jailbreak AI Models, Allows Users to Directly Ask Forbidden Questions (4 jul)https://www.cpomagazine.com/cyber-security/microsoft-skeleton-key-attacks-consistently-jailbreak-ai-models-allows-users-to-directly-ask-forbidden-questions/
99% of IoT exploitation attempts rely on previously known CVEs (5 jul)https://www.helpnetsecurity.com/2024/07/05/iot-security-privacy-challenges/
GootLoader Malware Still Active, Deploys New Versions for Enhanced Attacks (5 jul)https://thehackernews.com/2024/07/gootloader-malware-delivers-new.html
Forescout Research: What are the riskiest connected devices right now?https://www.forescout.com/resources/2024-riskiest-connected-devices/
Informationssäkerhet och blandat
Why the DORA Regulation Matters Beyond the EU (25 jun)https://www.forescout.com/blog/why-the-dora-regulation-matters-beyond-the-eu%e2%80%af/
Sustaining Digital Certificate Security – Entrust Certificate Distrust (27 jun)https://security.googleblog.com/2024/06/sustaining-digital-certificate-security.html
Under the Borealis: OT Cyber Threat Intelligence Tailored for Nordic Countries (28 jun)https://www.dragos.com/blog/ot-cyber-threat-intelligence-nordic-renewable-energy/
Hijacked: How hacked YouTube channels spread scams and malware (1 jul)https://www.securityweek.com/prudential-financial-data-breach-impacts-2-5-million
Strengthening Cybersecurity in The Gambia: An Interview with Sanusi Drammeh (2 jul)https://www.telecomreviewafrica.com/en/articles/exclusive-interviews/4337-strengthening-cybersecurity-in-the-gambia-an-interview-with-sanusi-drammeh
Farewell floppy: Japan wins 2-year “war on floppy disks,” kills regulations requiring old tech (2 jul)https://arstechnica.com/gadgets/2024/07/japans-government-finally-exits-90s-ends-floppy-disk-use/
The End of Passwords? Embrace the Future with Passkeys (2 jul)https://blog.nviso.eu/2024/07/02/the-end-of-passwords-embrace-the-future-with-passkeys/
How people are key to tackling the threat of phishing (3 jul)https://www.intelligentciso.com/2024/07/03/how-people-are-key-to-tackling-the-threat-of-phishing-2/
To guard against cyberattacks in space, researchers ask ‘what if?’ (3 jul)https://theconversation.com/to-guard-against-cyberattacks-in-space-researchers-ask-what-if-232365
CERT-SE i veckan
Kritisk sårbarhet påverkar Juniper-routrar (1 jul)https://www.cert.se/2024/07/kritisk-sarbarhet-paverkar-juniper-routrar.html
Kritisk sårbarhet i MOVEit Transfer (1 jul)https://www.cert.se/2024/06/kritisk-sarbarhet-i-moveit-transfer.html
Allvarlig RCE-sårbarhet i OpenSSH (2 jul)https://www.cert.se/2024/07/kritisk-rce-sarbarhet-i-openssh.html
Kritisk sårbarhet i GeoServer (2 jul)https://www.cert.se/2024/07/kritisk-sarbarhet-i-geoserver.html
Aktuellt från Nationellt Cybersäkerhetscenter (NCSC-SE)
Sårbarhet i OpenSSH (5 jul)https://www.ncsc.se/aktuellt/sarbarhet-i-openssh/
Temafördjupning utpressningsangrepp (23 jun)https://www.ncsc.se/aktuellt/utpressningsangrepp/
Boka datumet – NCSC-konferensen 2024 (4 jun)https://www.ncsc.se/aktuellt/ncsc-konferensen-2024/