CERT-SE:s veckobrev v.44

VECKOBREV

Den här veckan avslutas cybersäkerhetsmånaden och med det stänger vi CERT-SEs CTF-utmaning. Vi är imponerade av era lösningar och vill rikta ett stort tack till alla som skickat in sina svar!

Notera gärna vår uppdaterade artikel om FortiManager, då Fortinet uppdaterat sina råd gällande sårbarheten.

I övrigt ett mastigt veckobrev med flera fördjupningar och analyser lagom till långhelgen.

Ha en fin allhelgonahelg!

Nyheter i veckan

Four REvil members sentenced to more than four years in prison (25 okt)https://therecord.media/four-revil-ransomware-gang-members-sentenced-prison-russia

San Francisco billboards call out tech firms for not paying for open source (25 okt)https://www.theregister.com/2024/10/25/open_source_funding_ads/

Joint Statement by FBI and CISA on PRC Activity Targeting Telecommunications (25 okt)https://www.cisa.gov/news-events/news/joint-statement-fbi-and-cisa-prc-activity-targeting-telecommunications

Nordea utsatt för överbelastningsattack (25 okt)https://sverigesradio.se/artikel/nordea-utsatt-for-overbelastningsattack

Kinesiska hackare har tagit del av USA-politikers samtal (27 okt)https://www.dn.se/direkt/2024-10-27/uppgifter-kinesiska-hackare-har-tagit-del-av-usa-politikers-samtal/

Sveriges Radio: Vissa inloggningsmetoder inte så säkra som du tror (27 okt)https://sverigesradio.se/artikel/expert-vissa-inloggningsmetoder-inte-sa-sakra-som-du-tror

Lunds universitet satsar på Tiktok – ser inga hinder för IT-säkerheten (28 okt)https://www.svt.se/nyheter/lokalt/skane/lunds-universitet-satsar-pa-tiktok-ser-inga-hinder-for-it-sakerheten

Fällande dom efter överbelastningsattack mot SL (28 okt)https://www.securityuser.com/se/Nyheter/Samhalle/fallande-dom-efter-overbelastningsattack-mot-sl

‘All servers’ for Redline and Meta infostealers hacked by Dutch police and FBI (28 okt)https://therecord.media/infostealer-servers-takedown-dutch-police-fbi

Hacker claims to have data linked to 19 million French mobile and internet customers (29 okt)https://www.itpro.com/security/cyber-attacks/hacker-claims-to-have-data-linked-to-19-million-french-mobile-and-internet-customers

Många techföretag nobbar offentliga upphandlingar – ”krångligt” (29 okt)https://computersweden.se/article/3591846/manga-techforetag-nobbar-offentliga-upphandlingar-krangligt.html

Anmälda bedrägeribrott minskar (29 okt)https://polisen.se/aktuellt/nyheter/nationell/2024/oktober/bedragerierna-minskar/

Hackers Downgrading Remote Desktop Security Setting For Unauthorized Access (29 okt)https://cybersecuritynews.com/hackers-downgrading-remote-desktop-security/

Massive Midnight Blizzard Phishing Attack Via Weaponized RDP Files (30 okt)https://cybersecuritynews.com/phishing-attack-weaponized-rdp-file/..

Russia’s ‘Midnight Blizzard’ hackers target government workers in novel info-stealing campaign (30 okt)https://therecord.media/russia-midnight-blizzard-hackers-target-government-sector

Hackers Exploit Microsoft Teams In New Ransomware Scam (30 okt)https://www.forbes.com/sites/larsdaniel/2024/10/30/hackers-posing-as-it-support-on-teams-new-ransomware-scam-targeting-your-workplace/

QNAP patches second zero-day exploited at Pwn2Own to get root (30 okt)https://www.bleepingcomputer.com/news/security/qnap-patches-second-zero-day-exploited-at-pwn2own-to-get-root/

Informationssäkerhet och blandat

Fog Ransomware Targets SonicWall VPNs to Breach Corporate Networks (27 okt)https://www.bleepingcomputer.com/news/security/fog-ransomware-targets-sonicwall-vpns-to-breach-corporate-networks/

German MPs and their staff fail simple phishing attack test (27 okt)https://www.tomshardware.com/tech-industry/cyber-security/german-mps-and-their-staff-fail-simple-phishing-attack-test

A good cyber leader prioritizes the greater good (28 okt)https://www.helpnetsecurity.com/2024/10/28/good-cyber-leader-responsibility/

Sveriges Radio; Följ med till Sveriges hemligaste myndighet – FRA (28 okt)https://sverigesradio.se/artikel/folj-med-till-sveriges-hemligaste-myndighet-fra–2

Sveriges Radio: Nätverket som blivit en guldgruva för spioner (29 okt)https://sverigesradio.se/avsnitt/natverket-som-blivit-en-guldgruva-for-spioner-grans

Regeringen ger Finansinspektionen och Riksbanken nya verktyg för att stärka den digitala motståndskraften i finanssektorn (29 okt)https://www.regeringen.se/pressmeddelanden/2024/10/egeringen-ger-finansinspektionen-och-riksbanken-nya-verktyg-for-att-starka-den-digitala-motstandskraften-i-finanssektorn/

“You must do better”: Information Commissioner John Edwards calls on firms to beef up support for data breach victims (30 okt)https://www.itpro.com/security/data-protection/you-must-do-better-information-commissioner-john-edwards-calls-on-firms-to-beef-up-support-for-data-breach-victims

Report: Safer Together – Strengthening Europe’s Civilian and Military Preparedness and Readiness (30 okt)https://commission.europa.eu/topics/defence/safer-together-path-towards-fully-prepared-union_en

Understanding the NIS2 Directive: Strengthening Cybersecurity Across the EUhttps://www.enisa.europa.eu/topics/cybersecurity-education/awareness-campaigns/network-and-information-systems-directive-2-nis2

NCSC-UK: CyberFirst overviewhttps://www.ncsc.gov.uk/cyberfirst/overview

Rapporter och analyser

BPFDoor Linux Malware Detected By AhnLab EDR (10 okt)https://asec.ahnlab.com/en/83925/..

Linux Persistence Techniques Detected By AhnLab EDRhttps://asec.ahnlab.com/en/83779/

Decrypted: Mallox ransomware (22 okt)https://www.gendigital.com/blog/news/innovation/decrypted-mallox-ransomware

Doubling Down on Trusted Partnerships: Our Commitment to Researchers (22 okt)https://www.whitehouse.gov/oncd/briefing-room/2024/10/22/doubling-down-on-trusted-partnerships-our-commitment-to-researchers/

Threat Spotlight: WarmCookie/BadSpace (23 okt)https://blog.talosintelligence.com/warmcookie-analysis

Scattered Spider x RansomHub: A New Partnership (24 okt)https://www.reliaquest.com/blog/scattered-spider-x-ransomhub-a-new-partnership

Cloud Malware: A Threat Hunter’s Guide to Analysis, Techniques and Delivery (24 okt)https://www.sentinelone.com/labs/cloud-malware-a-threat-hunters-guide-to-analysis-techniques-and-delivery

AWS’s Predictable Bucket Names Make Accounts Easier to Crack (24 okt)https://www.darkreading.com/threat-intelligence/aws-cdk-default-s3-bucket-naming-pattern-lets-adversaries-waltz-into-admin-access

The Real Monsters of Street Level Surveillance (25 okt)https://www.eff.org/deeplinks/2024/10/real-monsters-street-level-surveillance

Two currently (old) exploited Ivanti vulnerabilities (27 okt)https://isc.sans.edu/diary/Two%20currently%20%28old%29%20exploited%20Ivanti%20vulnerabilities/31384

CloudScout: Evasive Panda Scouting Cloud Services (28 okt)https://www.welivesecurity.com/en/eset-research/cloudscout-evasive-panda-scouting-cloud-services/

New tool bypasses Google Chrome’s new cookie encryption system (28 okt)https://www.bleepingcomputer.com/news/security/new-tool-bypasses-google-chromes-new-cookie-encryption-system/

Anatomy of an LLM RCE (28 okt)https://www.cyberark.com/resources/threat-research-blog/anatomy-of-an-llm-rce

Self-contained HTML phishing attachment using Telegram to exfiltrate stolen credentials (28 okt)https://isc.sans.edu/diary/Self-contained%20HTML%20phishing%20attachment%20using%20Telegram%20to%20exfiltrate%20stolen%20credentials/31388

Announcing General Availability of Inbound SMTP DANE with DNSSEC for Exchange Online (28 okt)https://techcommunity.microsoft.com/t5/exchange-team-blog/announcing-general-availability-of-inbound-smtp-dane-with-dnssec/ba-p/4281292

Report: Unveiling the Persistent Risks of Connected Medical Devices (29 okt)https://www.forescout.com/resources/iomt-persistent-risk-report/

New Research Reveals Spectre Vulnerability Persists in Latest AMD and Intel Processors (29 okt)https://thehackernews.com/2024/10/new-research-reveals-spectre.html

Lumma/Amadey: fake CAPTCHAs want to know if you’re human (29 okt)https://securelist.com/fake-captcha-delivers-lumma-amadey/114312/

Jumpy Pisces Engages in Play Ransomware (30 okt)https://unit42.paloaltonetworks.com/north-korean-threat-group-play-ransomware/

Three quarters of businesses report increase in cyberattacks (30 okt)https://www.rte.ie/news/business/2024/1030/1478040-cyber-attacks-survey/

Hackers Exploit Microsoft Teams In New Ransomware Scam (30 okt)https://www.forbes.com/sites/larsdaniel/2024/10/30/this-halloween-beware-the-pig-butcher/?

CERT-SE i veckan

CERT-SE används i bedrägeriförsök (28 okt)https://www.cert.se/2024/10/cert-se-anvands-i-bedrageriforsok.html

Uppdaterad – Kritisk sårbarhet i Fortinet FortiManager utnyttjas aktivt (31 okt)https://www.cert.se/2024/10/bm24-005-kritisk-sarbarhet-i-fortinet-FortiManager-utnyttjas-aktivt.html

CERT-SE används i bedrägeriförsök

Just nu utnyttjas namnet CERT-SE i olika bedrägeriförsök. Ett exempel är att en e-postadress som liknar vår egen används som avsändare.

CERT-SE kommunicerar med e-postadresser från domänen cert.se. Om du känner dig tveksam om ett mejl kommer från oss kan du ringa till CERT-SE på 010-240 40 40.

Är du osäker på vem som är avsändare kan du kan kryptera meddelanden med vår publika PGP-nyckel och skicka till oss. Det innebär att det bara är vi på cert.se som kan läsa ditt meddelande eftersom vi har den privata PGP-nyckeln. Du kan läsa mer på https://www.cert.se/pgp/.

CERT-SE tar gärna emot både teknisk och generell information från drabbade. Mejla till cert@cert.se och märk tydligt upp mejlet med ämnesraden [Bedrägeri (avsändarens mejladress)]. Inkludera gärna mejlets header.

Se CERT-SE:s temasida med generella råd gällande nätfiske: https://www.cert.se/tema/natfiske

CERT-SE är tillgängliga dygnet runt alla dagar på året för att kunna agera och inom vårt uppdrag hjälpa verksamheter som har drabbats av it-säkerhetsincidenter.

CERT-SE:s veckobrev v.43

VECKOBREV

I veckan har CERT-SE skickat ut ett blixtmeddelande med anledning av en kritisk sårbarhet i Fortinet FortiManager som utnyttjas aktivt. Blixtmeddelanden skickas ut vid speciellt allvarliga sårbarheter eller hot och där det finns behov av att agera omedelbart eller skyndsamt. CERT-SE vill därför trycka extra på att snarast möjligt åtgärda enligt tillverkarens rekommendationer.

Se vidare: https://www.cert.se/2024/10/bm24-005-kritisk-sarbarhet-i-fortinet-FortiManager-utnyttjas-aktivt.html

Vi vill också påminna om att vi går in i sista veckan för att lösa CERT-SE:s CTF för 2024. Sista dagen att skicka in svar är den 31 oktober.

https://www.cert.se/2024/09/cert-se-ctf2024.html

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Kallar sina AI-modeller “öppen källkod” – nu får Meta skarp kritik (18 okt)https://computersweden.se/article/3568236/kallar-sina-ai-modeller-oppen-kallkod-nu-far-meta-skarp-kritik.html

Internet Archive breached again through stolen access tokens (20 okt)https://www.bleepingcomputer.com/news/security/internet-archive-breached-again-through-stolen-access-tokens/

Microsoft missade att samla in kritiska säkerhetsloggar (21 okt)https://computersweden.se/article/3570572/microsoft-missade-att-samla-in-kritiska-sakerhetsloggar.html..

Microsoft confirms partial loss of security log data on multiple platforms (21 okt)https://www.techcentral.ie/microsoft-confirms-partial-loss-of-security-log-data-on-multiple-platforms/

AI-Powered Attacks Flood Retail Websites (22 okt)https://www.infosecurity-magazine.com/news/aipowered-attacks-flood-retail/

Pixel perfect Ghostpulse malware loader hides inside PNG image files (22 okt)https://www.theregister.com/2024/10/22/ghostpulse_malware_loader_png/

Bumblebee and Latrodectus Malware Return with Sophisticated Phishing Strategies (22 okt)https://thehackernews.com/2024/10/bumblebee-and-latrodectus-malware.html

Exploit released for new Windows Server “WinReg” NTLM Relay attack (22 okt)https://www.bleepingcomputer.com/news/security/exploit-released-for-new-windows-server-winreg-ntlm-relay-attack/

Cyber Attackers Set Their Sights on Manufacturing (23 okt)https://informationsecuritybuzz.com/cyber-attackers-sights-manufacturing/

Hackers are stepping up ‘qishing’ attacks by hiding malicious QR codes in PDF email attachments (23 okt)https://www.itpro.com/security/hackers-are-stepping-up-qishing-attacks-by-hiding-malicious-qr-codes-in-pdf-email-attachments

Hackers exploit 52 zero-days on the first day of Pwn2Own Ireland (23 okt)https://www.bleepingcomputer.com/news/security/hackers-exploit-52-zero-days-on-the-first-day-of-pwn2own-ireland/

The Lazarus APT Strikes Again: New Zero-Day Exploit Targets Investors through DeFi Games (24 okt)https://informationsecuritybuzz.com/the-lazarus-apt-strikes-again-zero-day/

Fällande dom efter överbelastningsattack mot SL (25 okt)https://polisen.se/aktuellt/nyheter/nationell/2024/oktober/fallande-dom-efter-overlastningsattack-mot-sl/

Rapporter och analyser

Microsoft vanligast för nätbedrägerier (20 okt)https://www.mobil.se/nyheter/microsoft-fortfarande-nummer-ett/1590226..

Check Point Research Unveils Q3 2024 Brand Phishing Trends: Microsoft Remains Most Imitated Brand as Alibaba and Adobe Enter Top 10https://blog.checkpoint.com/research/check-point-research-unveils-q3-2024-brand-phishing-trends-microsoft-remains-most-imitated-brand-as-alibaba-and-adobe-enter-top-10/

Attacker blottar brister i rysk cyber­säkerhet (22 okt)https://foi.se/nyheter-och-press/nyheter/2024-10-22-attacker-blottar-brister-i-rysk-cybersakerhet.html

Informationssäkerhet och blandat

Microsoft Digital Defense Report 2024https://www.microsoft.com/en-us/security/security-insider/intelligence-reports/microsoft-digital-defense-report-2024

Akira ransomware continues to evolve (21 okt)https://blog.talosintelligence.com/akira-ransomware-continues-to-evolve/

Därför är små företag ”lågt hängande frukt” för hackare (22 okt)https://www.siljannews.se/naringsliv/darfor-ar-sma-foretag-lagt-hangande-frukt-for-hackare

Skatteverket varnar: Nya bedrägerier har tagit fart (22 okt)https://nyheter24.se/nyheter/ekonomi/privatekonomi/1357773-skatteverket-varnar-nya-bedragerier-har-tagit-fart..

Om nätbedrägerierhttps://skatteverket.se/omoss/kontaktaoss/mejlaoss/omnatbedragerier.4.8bcb26d16a5646a148128ae.html

Myndighet studerar påverkanskampanjer i USA-valet (23 okt)https://sverigesradio.se/artikel/myndighet-studerar-paverkanskampanjer-i-usa-valet

Här tränar eleverna försvar mot cyberangrepp – genom fejkad attack (24 okt)https://www.svt.se/nyheter/lokalt/stockholm/har-lar-sig-eleverna-sta-emot-cyberangrepp-genom-latsasattack

Varning för industrins svaga punkt (25 okt)https://www.di.se/nyheter/varning-for-industrins-svaga-punkt/

CERT-SE i veckan

Kritisk sårbarhet i VMware vCenter Server (uppdaterad 23 okt, publicerad 18 sep)https://www.cert.se/2024/09/kritiska-sarbarheter-i-vmware-vcenter-server.html

BM24-005 Kritisk sårbarhet i Fortinet FortiManager utnyttjas aktivt (24 okt)https://www.cert.se/2024/10/bm24-005-kritisk-sarbarhet-i-fortinet-FortiManager-utnyttjas-aktivt.html

CERT-SE:s veckobrev v.42

CERT-SE:s veckobrev v.42

VECKOBREV

Mycket information i veckobrevet denna gång. Genomförandeakten för NIS 2 har publicerats. CERT-SE har återigen observerat fall av nätfiske mot kommuner, läs gärna vår artikel på ämnet. Slutligen vill vi också påminna om vår CTF, den ligger ute till månadsskiftet så se till att ta chansen att testa era cyberfärdigheter. Trevlig helg önskar CERT-SE!

Nyheter i veckan

6 biggest healthcare security threats (11 okt)https://www.csoonline.com/article/564832/biggest-healthcare-security-threats.html

Microsoft deprecates PPTP and L2TP VPN protocols in Windows Server (12 okt)https://www.bleepingcomputer.com/news/microsoft/microsoft-deprecates-pptp-and-l2tp-vpn-protocols-in-windows-server

New Gmail Security Alert For 2.5 Billion Users As AI Hack Confirmed (13 okt)https://www.forbes.com/sites/daveywinder/2024/10/13/new-gmail-security-alert-for-billions-as-7-day-ai-hack-confirmed

Phishing tactics: The top attacks trends in 2024 (14 okt)https://www.itpro.com/security/cyber-attacks/phishing-tactics-the-top-attacks-trends-in-year

Så ser allmänhetens IT-beteende ut 2024 (14 okt)https://www.msb.se/sv/aktuellt/nyheter/2024/oktober/sa-ser-allmanhetens-it-beteende-ut-2024

Punjab Police will use an AI chatbot to solve cybercrime cases, say hello to Cyber Mittar (15 okt)https://www.businessinsider.in/india/news/punjab-police-will-use-an-ai-chatbot-to-solve-cybercrime-cases-say-hello-to-cyber-mittar/articleshow/114238170.cms

Pokémon-utvecklare utsatt för hackerattack (15 okt)https://www.svt.se/kultur/pokemon-utvecklare-utsatt-for-hackerattack

Nya nätfiskemetoder via QR-kod kringgår vanliga säkerhetslösningar (15 okt)https://www.aktuellsakerhet.se/nya-natfiskemetoder-via-qr-kod-kringgar-vanliga-sakerhetslosningar

Experten: Därför har it-attacker blivit vanligare (15 okt)https://sverigesradio.se/artikel/experten-darfor-har-it-attacker-blivit-vanligare

EDRSilencer red team tool used in attacks to bypass security (15 okt)https://www.bleepingcomputer.com/news/security/edrsilencer-red-team-tool-used-in-attacks-to-bypass-security

Tusentals bankkonton läckta i hackerattack: ”Jätteorolig” (16 okt)https://sverigesradio.se/artikel/tusentals-bankkonton-lackta-i-hackerattack-jatteorolig

UK Government Launches AI Safety Scheme to Tackle Deepfakes (16 okt)https://www.infosecurity-magazine.com/news/uk-government-launches-ai-safety

Nordea utsatt för cyberattacker – i en månad (16 okt)https://sverigesradio.se/artikel/nordea-utsatt-for-cyberattacker-i-en-manad

Firm hacked after accidentally hiring North Korean cyber criminal (16 okt)https://www.bbc.com/news/articles/ce8vedz4yk7o

‘Nationally significant’ cyberattacks are surging, warns the UK’s new cyber chief (16 okt)https://therecord.media/uk-nationally-significant-cyberattacks-ncsc-horne-warning

Är it-chefer noga med säkerheten? Nja. (17 okt)https://computersweden.se/article/3567378/ar-it-chefer-noga-med-sakerheten-nja.html..
Arctic Wolf 2024 Human Risk Behavior Snapshot Reveals Nearly Two-Thirds of Security and IT Leaders Have Fallen for Phishing Attacks (16 okt)https://arcticwolf.com/resources/press-releases/arctic-wolf-2024-human-risk-behavior-snapshot-reveals-nearly-two-thirds-of-security-and-it-leaders-have-fallen-for-phishing-attacks

Casio says ‘no prospect of recovery yet’ after ransomware attack (17 okt)https://techcrunch.com/2024/10/17/casio-says-no-prospect-of-recovery-yet-after-ransomware-attack

European companies anxious over non-implementation of EU cyber rules (17 okt)https://www.euronews.com/next/2024/10/17/european-companies-anxious-over-non-implementation-of-eu-cyber-rules

Hackerattackerna ökar kraftigt – så skyddar sig Luleåborna (17 okt)https://www.svt.se/nyheter/lokalt/norrbotten/hackerattackerna-okar-kraftigt-sa-skyddar-sig-luleaborna

Nya regler för att öka cybersäkerheten i EU:s kritiska entiteter och nätverk (17 okt)https://ec.europa.eu/commission/presscorner/detail/sv/ip_24_5342

Anonymous Sudan har stoppats – svensk polis deltog i insatsen (17 okt)https://computersweden.se/article/3567737/anonymous-sudan-har-stoppats-svensk-polis-deltog.html..
Hackergruppen Anonymous Sudan reducerad med hjälp av svensk polis (17 okt)https://polisen.se/aktuellt/nyheter/nationell/2024/oktober/hackergruppen-anonymous-sudan–reducerad-med-hjalp-av-svensk-polis

Rapporter och analyser

Cyber Signals Issue 8 | Education under siege: How cybercriminals target our schools​​ (10 okt)https://www.microsoft.com/en-us/security/blog/2024/10/10/cyber-signals-issue-8-education-under-siege-how-cybercriminals-target-our-schools

Mängden skadlig kod i öppen källkod-arkiv ökar kraftigt (14 okt)https://computersweden.se/article/3560202/mangden-skadlig-kod-i-oppen-kallkod-arkiv-okar-kraftigt.html..
State of the Software Supply Chain reporthttps://www.sonatype.com/state-of-the-software-supply-chain/Introduction

Cyberattackers Unleash Flood of Potentially Disruptive Election-Related Activity (15 okt)https://www.darkreading.com/cyberattacks-data-breaches/attackers-unleash-flood-potentially-disruptive-election-related-activity..
A Deep Dive into Cyber Threats surrounding U.S. Election 2024 (PDF)https://www.fortinet.com/content/dam/fortinet/assets/intelligence-reports/FortiGuard-Labs-2024-US-Election-Security-Report.pdf

Microsoft Digital Defense Report 2024 (15 okt)https://www.microsoft.com/en-us/security/security-insider/intelligence-reports/microsoft-digital-defense-report-2024

Ransomware: Threat Level Remains High in Third Quarter (17 okt)https://www.security.com/threat-intelligence/ransomware-threat-level-remains-high

Informationssäkerhet och blandat

Strategi för cybersäkerheten i Finland 2024–2035 (10 okt)https://julkaisut.valtioneuvosto.fi/handle/10024/165861

CERT-SE i veckan

Pågående nätfiskekampanj riktad mot kommuner och skolor (uppdaterad 17 okt)https://www.cert.se/2024/06/pagaende-natfiskekampanj-riktad-mot-kommuner-och-skolor.html

Oracles kvartalsvisa säkerhetsuppdatering för oktober 2024 (16 okt)https://www.cert.se/2024/10/oracles-kvartalsvisa-sakerhetsuppdateringar-for-oktober-2024.html

CERT-SE:s veckobrev v.41

VECKOBREV

Det har varit patchtisdag och CERT-SE har publicerat sammanfattningar av säkerhetsuppdateringar från Microsoft, Adobe, Ivanti och SAP. Se till att uppdatera dessa, och övriga sårbarheter vi skrivit om i veckan, så snart det går.

Den här veckan informerar vi även om en kritisk sårbarhet i Fortinet-produkter som nu utnyttjas aktivt (CVE-2024-23113, CVSS-klassning på 9.8). För mer information, se Kritisk sårbarhet i Fortinet-produkter utnyttjas aktivt på www.cert.se.https://www.cert.se/2024/10/kritisk-sarbarhet-i-fortinet-produkter-utnyttjas-aktivt.html

Trevlig helg!

Nyheter i veckan

Rekordstor ddos-attack registrerad – 3,8 terabit per sekund (4 okt)https://computersweden.se/article/3546703/rekordstor-ddos-attack-registrerad-38-terabit-per-sekund.html

White House official says insurance companies must stop funding ransomware payments (4 okt)https://therecord.media/cyber-insurance-ransomware-payments-anne-neuberger-op-ed

E.U. Court Limits Meta’s Use of Personal Facebook Data for Targeted Ads (7 okt)https://thehackernews.com/2024/10/eu-court-limits-metas-use-of-personal.html

Nu finns AI som gymnasieämne – bara åtta behöriga lärare (7 okt)https://www.dn.se/sverige/nu-finns-ai-som-gymnasieamne-bara-atta-behoriga-larare/

Defending healthcare systems against ransomware attacks [Q&A] (7 okt)https://betanews.com/2024/10/07/defending-healthcare-systems-against-ransomware-attacks-qa/

New Gorilla Botnet Launches Over 300,000 DDoS Attacks Across 100 Countries (7 okt)https://thehackernews.com/2024/10/new-gorilla-botnet-launches-over-300000.html

AT&T, Verizon reportedly hacked to target US govt wiretapping platform (7 okt)https://www.bleepingcomputer.com/news/security/atandt-verizon-reportedly-hacked-to-target-us-govt-wiretapping-platform/

Headhuntad? Drömjobbet kan vara en fälla (7 okt)https://computersweden.se/article/3544937/headhuntad-dromjobbet-kan-vara-en-falla.html

American Water Confirms Hack: Customer Portal and Billing Services Suspended (7 okt)https://www.securityweek.com/american-water-confirms-hack-customer-portal-and-billing-services-suspended/

Smart TV Surveillance? How Samsung and LG’s ACR Technology Tracks What You Watch (7 okt)https://www.securityweek.com/smart-tv-surveillance-how-samsung-and-lgs-acr-technology-tracks-what-you-watch/

Qualcomm patches high-severity zero-day exploited in attacks (7 okt)https://www.bleepingcomputer.com/news/security/qualcomm-patches-high-severity-zero-day-exploited-in-attacks/..
October 2024 Security Bulletinhttps://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html

NCSC-UK: Engaging with Boards to improve the management of cyber security risk (7 okt)https://www.ncsc.gov.uk/guidance/board-level-cyber-discussions-communicating-clearly..
Board-CISO Mismatch on Cyber Responsibility, NCSC Research Finds (7 okt)https://www.infosecurity-magazine.com/news/boardciso-mismatch-on-cyber/

MFA Isn’t Failing, But It’s Not Succeeding: Why a Trusted Security Tool Still Falls Short (7 okt)https://www.securityweek.com/mfa-isnt-failing-but-its-not-succeeding-why-a-trusted-security-tool-still-falls-short/

Billion-dollar cyberfraud industry expands in Southeast Asia as criminals adopt new technologies (7 okt)https://www.unodc.org/roseap/en/2024/10/cyberfraud-industry-expands-southeast-asia/story.html

Ukraine’s defense ministry launches military CERT to counter Russian cyberattacks (8 okt)https://therecord.media/ukraine-creates-military-cert

Lego Hacked by Crypto-Scammers (8 okt)https://informationsecuritybuzz.com/lego-hacked-by-crypto-scammers/

Healthcare Organizations Warned of Trinity Ransomware Attacks (8 okt)https://www.securityweek.com/healthcare-organizations-warned-of-trinity-ransomware-attacks/

MSB: ”Näringslivet måste sitta med vid bordet” (8 okt)https://www.di.se/digital/msb-naringslivet-maste-sitta-med-vid-bordet/

GoldenJackal Targets Embassies, Steals Data from Air-Gapped Systems (8 okt)https://securityboulevard.com/2024/10/goldenjackal-targets-embassies-steals-data-from-air-gapped-systems/

Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks (9 okt)https://thehackernews.com/2024/10/microsoft-detects-growing-use-of-file.html

Casio Hit by Cyberattack (9 okt)https://www.securityweek.com/casio-hit-by-cyberattack/

Scammers Hit Florida Hurricane Victims with Fake FEMA Claims, Malware Files (9 okt)https://hackread.com/scammers-florida-hurricane-victim-fake-fema-malware/

Social Media Accounts: The Weak Link in Organizational SaaS Security (9 okt)https://thehackernews.com/2024/10/social-media-accounts-weak-link-in.html

Hackers weaponizing VSCode for remote access (9 okt)https://cybernews.com/security/hackers-weaponizing-vscode-for-remote-access/

American Water cyberattack renews focus on protecting critical infrastructure (9 okt)https://www.dailymail.co.uk/wires/ap/article-13941881/American-Water-cyberattack-renews-focus-protecting-critical-infrastructure.html

Populära toppdomänen .io kan vara på väg att försvinna (9 okt)https://computersweden.se/article/3553638/populara-toppdomanen-io-kan-vara-pa-vag-att-forsvinna.html

US FTC says Marriott will boost security to settle data breach charges (9 okt)https://www.reuters.com/technology/cybersecurity/us-ftc-takes-action-against-marriott-starwood-over-data-breaches-2024-10-09/

Internet Archive leaks user info and succumbs to DDoS (10 okt)https://www.theregister.com/2024/10/10/internet_archive_ddos_data_leak/

Dutch cops reveal takedown of ‘world’s largest dark web market’ (10 okt)https://www.theregister.com/2024/10/10/cannabia_bohemia_darkweb_market_investigation/

The Internet Archive taken down by DDoS attacks (10 okt)https://www.engadget.com/cybersecurity/the-internet-archive-taken-down-by-ddos-attacks-222317044.html

Firefox Zero-Day Under Attack: Update Your Browser Immediately (10 okt)https://thehackernews.com/2024/10/mozilla-warns-of-active-exploitation-in.html

Så skyddar vi Sveriges digitala infrastruktur (10 okt)https://www.di.se/debatt/sa-skyddar-vi-sveriges-digitala-infrastruktur/

Svenskarna tror cyberhoten kommer öka (11 okt)https://it-kanalen.se/svenskarna-tror-cyberhoten-kommer-oka/

Rapporter och analyser

Checkpoint 7th October– Threat Intelligence Report:https://research.checkpoint.com/2024/7th-october-threat-intelligence-report/

2024 State of the Threat: A Year in Reviewhttps://www.secureworks.com/resources/rp-state-of-the-threat-2024..
2024 State of the Threat Report Reveals a Resilient and Evolving Threat Landscape (8 okt)https://www.secureworks.com/blog/2024-state-of-the-threat-report-reveals-a-resilient-and-evolving-threat-landscape

DDoS attacks are on the rise, and are increasingly politically-motivated (7 okt)https://www.techradar.com/pro/security/ddos-attacks-are-on-the-rise-and-are-increasingly-politically-motivated

Informationssäkerhet och blandat

Cybersecurity Awareness Month: Securing our world—together (1 okt)https://www.microsoft.com/en-us/security/blog/2024/10/01/cybersecurity-awareness-month-securing-our-world-together/

Expert Blog: Consumer routers targeted by multiple botnets (4 okt)https://english.ncsc.nl/latest/weblog/weblog/2024/consumer-routers-targeted-by-multiple-botnets

A Look Into Embargo Ransomware, Another Rust-Based Ransomware (4 okt)https://blog.sonicwall.com/en-us/2024/10/a-look-into-embargo-ransomware-another-rust-based-ransomware/

No Way to Hide: Uncovering New Campaigns from Daily Tunneling Detection (4 okt)https://unit42.paloaltonetworks.com/detecting-dns-tunneling-campaigns/

Sverige behöver en tydligare cybersäkerhetspolicy (7 okt)https://www.su.se/forskning/nyheter-forskning/sverige-beh%C3%B6ver-en-tydligare-cybers%C3%A4kerhetspolicy-1.769190

Så slipper du strul med bankkoder när nätbanken ligger nere (7 okt)https://svenska.yle.fi/a/7-10065114

The Disappearance of an Internet Domain (8 okt)https://every.to/p/the-disappearance-of-an-internet-domain

Cyber resilience act: Council adopts new law on security requirements for digital products (10 okt)https://www.consilium.europa.eu/en/press/press-releases/2024/10/10/cyber-resilience-act-council-adopts-new-law-on-security-requirements-for-digital-products/

Fortum: Utsatt för sabotageförsök i Finland och Sverige (10 okt)https://www.dn.se/ekonomi/fortum-utsatt-for-sabotageforsok-i-finland-och-sverige/

CERT-SE i veckan

Microsofts månatliga säkerhetsuppdateringar för oktober 2024 (9 okt)https://cert.se/2024/10/microsofts-manatliga-sakerhetsuppdateringar-for-oktober-2024.html

Kritiska sårbarheter i Ivanti Connect Secure och Policy Secure (9 okt)https://cert.se/2024/10/kritiska-sarbarheter-i-ivanti-connect-secure-och-policy-secure.html

Adobes månatliga säkerhetsuppdateringar för oktober 2024 (9 okt)https://cert.se/2024/10/adobes-manatliga-sakerhetsuppdateringar-for-oktober-2024.html

Kritisk sårbarhet i Fortinet-produkter utnyttjas aktivt (10 okt)https://www.cert.se/2024/10/kritisk-sarbarhet-i-fortinet-produkter-utnyttjas-aktivt.html

SAPs månatliga säkerhetsuppdateringar för oktober 2024 (10 okt)https://www.cert.se/2024/10/saps-manatliga-sakerhetsuppdateringar-for-oktober-2024.html

CERT-SE:s veckobrev v.40

VECKOBREV

Nästa vecka inleds den årliga cybersäkerhetsmånaden och i samband med den, MSB:s kampanj Tänk säkert. CERT-SE:s bidrag för att stärka cyberkompetensen i samhället är vår årliga CTF som publiceras inom kort, håll utkik efter den! Till dess tipsar vi om våra lettiska kollegors CTF-utmaning, se länk längst ner i veckobrevet.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Criminal phishing network resulting in over 480 000 victims worldwide busted in Spain and Latin America (19 sep)https://www.europol.europa.eu/media-press/newsroom/news/criminal-phishing-network-resulting-in-over-480-000-victims-worldwide-busted-in-spain-and-latin-america

Reporting on Threathunt 2030: Navigating the future of the cybersecurity threat landscape (19 sep)https://www.enisa.europa.eu/news/reporting-on-threathunt-2030-navigating-the-future-of-the-cybersecurity-threat-landscape

Attacker tros ligga bakom teknikstrul hos storbanker (22 sep)https://www.dn.se/ekonomi/attacker-tros-ligga-bakom-teknikstrul-hos-storbanker

Polisen tar över ansvaret för statlig e-legitimation (23 sep)https://computersweden.se/article/3535289/polisen-tar-over-ansvaret-for-statlig-e-legitimation.html

FRA tar över ansvaret för Nationellt cybersäkerhetscenter (23 sep)https://regeringen.se/pressmeddelanden/2024/09/fra-tar-over-ansvaret-for-nationellt-cybersakerhetscenter..
Nationellt cyber­säkerhets­center blir del av FRA (23 sep)https://www.ncsc.se/aktuellt/nationellt-cybersakerhetscenter-blir-del-av-fra..
Nationellt cyber­säkerhets­center (NCSC) blir del av FRA (23 sep)https://fra.se/nyheter/nyheter/nyhetsarkiv/news/nationelltcybersakerhetscenterncscblirdelavfra.5.766e440918f572e73355e.html

Android malware ‘Necro’ infects 11 million devices via Google Play (23 sep)https://www.bleepingcomputer.com/news/security/android-malware-necro-infects-11-million-devices-via-google-play

Överbelastningsattacker har mer än fördubblats sedan 2022 (24 sep)https://sverigesradio.se/artikel/overbelastningsattacker-har-mer-an-fordubblats-sedan-2022

Hur bygger en helt ny myndighet sin it-miljö? Som en start-up. (24 sep)https://computersweden.se/article/3536758/hur-bygger-en-helt-ny-myndighet-sin-it-miljo-som-en-start-up.html

Cyberexperten om Irans specialoperation: ”Inte en avancerad hackning” (24 sep)https://www.svt.se/nyheter/inrikes/cyberexperten-om-irans-specialoperation-inte-en-avancerad-hackning

CrowdStrike Overhauls Testing and Rollout Procedures to Avoid System Crashes (24 sep)https://www.securityweek.com/crowdstrike-overhauls-testing-and-rollout-procedures-to-avoid-bsod-crashes

AI-Generated Malware Found in the Wild (24 sep)https://www.securityweek.com/ai-generated-malware-found-in-the-wild

AutoCanada says ransomware attack “may” impact employee data (24 sep)https://www.bleepingcomputer.com/news/security/autocanada-says-ransomware-attack-may-impact-employee-data

Kansas water plant cyberattack forces switch to manual operations (24 sep)https://www.bleepingcomputer.com/news/security/kansas-water-plant-cyberattack-forces-switch-to-manual-operations

MoneyGram confirms a cyberattack is behind dayslong outage (24 sep)https://www.bleepingcomputer.com/news/security/moneygram-confirms-a-cyberattack-is-behind-dayslong-outage

MFA bypass becomes a critical security issue as ransomware tactics advance (24 sep)https://www.helpnetsecurity.com/2024/09/24/ransomware-session-hijacking-tactics

Russia’s digital warfare on Ukraine shows no signs of slowing: Malware hits surge (24 sep)https://www.theregister.com/2024/09/24/russia_malware_ukraine_attacks

Svenskar sticker ut i ny internationell studie om it-säkerhet (25 sep)https://www.voister.se/artikel/2024/09/svenskar-sticker-ut-i-ny-internationell-studie-om-it-sakerhet

New Android banking trojan Octo2 targets European banks (25 sep)https://securityaffairs.com/168857/malware/octo2-android-banking-trojan.html

Transportation Companies Hit by Cyberattacks Using Lumma Stealer and NetSupport Malware (25 sep)https://thehackernews.com/2024/09/transportation-companies-hit-by.html

Crowdstrike-chef bad om ursäkt för it-avbrottet (25 sep)https://computersweden.se/article/3539476/crowdstrike-chef-bad-om-ursakt-for-it-avbrottet.html

US government agency confirms it was hit by major ransomware attack (25 sep)https://www.techradar.com/pro/security/us-government-agency-confirms-it-was-hit-by-major-ransomware-attack

Threat Actors Continue to Exploit OT/ICS through Unsophisticated Means (25 sep)https://www.cisa.gov/news-events/alerts/2024/09/25/threat-actors-continue-exploit-otics-through-unsophisticated-means

Transportation Companies Hit by Cyberattacks Using Lumma Stealer and NetSupport Malware (25 sep)https://thehackernews.com/2024/09/transportation-companies-hit-by.html

Public Wi-Fi operator investigating cyberattack at UK’s busiest train stations (26 sep)https://www.theregister.com/2024/09/26/public_wifi_operator_investigating_cyberattack

Robustare it-system i Storstockholm (26 sep)https://www.tjugofyra7.se/amnesomraden/cybersakerhet/2024/robustare-it-system-i-storstockholm

NIST proposes barring some of the most nonsensical password rules (26 sep)https://arstechnica.com/security/2024/09/nist-proposes-barring-some-of-the-most-nonsensical-password-rules

Hackers Could Have Remotely Controlled Kia Cars Using Only License Plates (26 sep)https://thehackernews.com/2024/09/hackers-could-have-remotely-controlled.html

Se cyberattacker i realtid – Norrbotten lär sig försvar (26 sep)https://www.svt.se/nyheter/lokalt/norrbotten/se-cyberattacker-i-realtid-norrbotten-lar-sig-forsvara-sig

Rapporter och analyser

Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors (18 sep)https://unit42.paloaltonetworks.com/gleaming-pisces-applejeus-poolrat-and-pondrat

The Correlation Between Dark Web Exposure and Cybersecurity Risk (23 sep)https://slcyber.io/whitepapers-reports/the-correlation-between-dark-web-exposure-and-cybersecurity-risk

Inside SnipBot: The Latest RomCom Malware Variant (23 sep)https://unit42.paloaltonetworks.com/snipbot-romcom-malware-variant

Microsoft redogör för sina säkerhetssatsningar i ny rapport (24 sep)https://computersweden.se/article/1272196/microsoft-tar-nytt-grepp-om-sin-egen-sakerhet.html..
Secure Future Initiative – September 2024 progress report (PDF)https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/final/en-us/microsoft-brand/documents/SFI_September_2024_progress_report.pdf

10 Years of DLL Hijacking, and What We Can Do to Prevent 10 More (25 sep)https://research.checkpoint.com/2024/10-years-of-dll-hijacking-and-what-we-can-do-to-prevent-10-more

ANALYS: Tre av fyra svenska myndigheter och kommuner utsätter allmänheten för ökad risk för e-postbedrägerier (25 sep)https://www.aktuellsakerhet.se/analys-tre-av-fyra-svenska-myndigheter-och-kommuner-utsatter-allmanheten-for-okad-risk-for-e-postbedragerier

NSA Jointly Releases Guidance for Mitigating Active Directory Compromises (26 sep)https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3917556/nsa-jointly-releases-guidance-for-mitigating-active-directory-compromises..
Detecting and Mitigating Active Directory Compromises (PDF)https://media.defense.gov/2024/Sep/25/2003553985/-1/-1/0/CTR-DETECTING-AND-MITIGATING-AD-COMPROMISES.PDF

2024 SonicWall Threat Brief: Healthcare’s Escalating Cybersecurity Challenge (26 sep)https://blog.sonicwall.com/en-us/2024/09/2024-sonicwall-threat-brief-healthcares-escalating-cybersecurity-challenge..
2024 SonicWall Threat Brief: Healthcare (PDF)https://www.sonicwall.com/medialibrary/en/brief/2024-threat-brief-healthcare.pdf

2023 RTF Global Ransomware Incident Map: Attacks Increase by 73%, Big Game Hunting Appears to Surge (26 sep)https://securityandtechnology.org/blog/2023-rtf-global-ransomware-incident-map

Storm-0501: Ransomware attacks expanding to hybrid cloud environments (26 sep)https://www.microsoft.com/en-us/security/blog/2024/09/26/storm-0501-ransomware-attacks-expanding-to-hybrid-cloud-environments

Informationssäkerhet och blandat

We’re losing our digital history. Can the Internet Archive save it? (16 sep)https://www.bbc.com/future/article/20240912-the-archivists-battling-to-save-the-internet

How cyber compliance helps minimize the risk of ransomware infections (24 sep)https://www.helpnetsecurity.com/2024/09/24/cyber-compliance-minimize-risk

Gamla dialekter ska vässa AI:s förståelse för svenska (25 sep)https://computersweden.se/article/3538102/gamla-dialekter-ska-vassa-ais-forstaelse-for-svenska.html

Kampanjen Tänk säkert 2024https://www.msb.se/sv/amnesomraden/informationssakerhet-cybersakerhet-och-sakra-kommunikationer/arbeta-systematiskt-informationssakerhet-och-cybersakerhet/informationssakerhetsmanaden/tank-sakert

CyberChess/#CaptureTheFlag (CTF)https://cyberchess.lv

CERT-SE i veckan

Flera allvarliga sårbarheter påverkar Cisco-programvara (27 sep)https://www.cert.se/2024/09/flera-allvarliga-sarbarheter-paverkar-cisco-programvara.html

Flera kritiska sårbarheter i accesspunkter från Aruba (27 sep)https://www.cert.se/2024/09/flera-kritiska-sarbarheter-i-accesspunkter-fran-aruba.html

Kritiska sårbarheter i produkter från Ivanti (uppdaterad 26 sep)https://www.cert.se/2024/08/kritiska-sarbarheter-i-produkter-fran-ivanti.html

Allvarlig sårbarhet i Keycloak (26 sep)https://www.cert.se/2024/09/allvarlig-sarbarhet-i-keycloak.html

Kritisk sårbarhet i Traefik (25 sep)https://www.cert.se/2024/09/kritisk-sarbarhet-i-traefik.html

CERT-SE:s veckobrev v.39

VECKOBREV

Nästa vecka inleds den årliga cybersäkerhetsmånaden och i samband med den, MSB:s kampanj Tänk säkert. CERT-SE:s bidrag för att stärka cyberkompetensen i samhället är vår årliga CTF som publiceras inom kort, håll utkik efter den! Till dess tipsar vi om våra lettiska kollegors CTF-utmaning, se länk längst ner i veckobrevet.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Criminal phishing network resulting in over 480 000 victims worldwide busted in Spain and Latin America (19 sep)https://www.europol.europa.eu/media-press/newsroom/news/criminal-phishing-network-resulting-in-over-480-000-victims-worldwide-busted-in-spain-and-latin-america

Reporting on Threathunt 2030: Navigating the future of the cybersecurity threat landscape (19 sep)https://www.enisa.europa.eu/news/reporting-on-threathunt-2030-navigating-the-future-of-the-cybersecurity-threat-landscape

Attacker tros ligga bakom teknikstrul hos storbanker (22 sep)https://www.dn.se/ekonomi/attacker-tros-ligga-bakom-teknikstrul-hos-storbanker

Polisen tar över ansvaret för statlig e-legitimation (23 sep)https://computersweden.se/article/3535289/polisen-tar-over-ansvaret-for-statlig-e-legitimation.html

FRA tar över ansvaret för Nationellt cybersäkerhetscenter (23 sep)https://regeringen.se/pressmeddelanden/2024/09/fra-tar-over-ansvaret-for-nationellt-cybersakerhetscenter..
Nationellt cyber­säkerhets­center blir del av FRA (23 sep)https://www.ncsc.se/aktuellt/nationellt-cybersakerhetscenter-blir-del-av-fra..
Nationellt cyber­säkerhets­center (NCSC) blir del av FRA (23 sep)https://fra.se/nyheter/nyheter/nyhetsarkiv/news/nationelltcybersakerhetscenterncscblirdelavfra.5.766e440918f572e73355e.html

Android malware ‘Necro’ infects 11 million devices via Google Play (23 sep)https://www.bleepingcomputer.com/news/security/android-malware-necro-infects-11-million-devices-via-google-play

Överbelastningsattacker har mer än fördubblats sedan 2022 (24 sep)https://sverigesradio.se/artikel/overbelastningsattacker-har-mer-an-fordubblats-sedan-2022

Hur bygger en helt ny myndighet sin it-miljö? Som en start-up. (24 sep)https://computersweden.se/article/3536758/hur-bygger-en-helt-ny-myndighet-sin-it-miljo-som-en-start-up.html

Cyberexperten om Irans specialoperation: ”Inte en avancerad hackning” (24 sep)https://www.svt.se/nyheter/inrikes/cyberexperten-om-irans-specialoperation-inte-en-avancerad-hackning

CrowdStrike Overhauls Testing and Rollout Procedures to Avoid System Crashes (24 sep)https://www.securityweek.com/crowdstrike-overhauls-testing-and-rollout-procedures-to-avoid-bsod-crashes

AI-Generated Malware Found in the Wild (24 sep)https://www.securityweek.com/ai-generated-malware-found-in-the-wild

AutoCanada says ransomware attack “may” impact employee data (24 sep)https://www.bleepingcomputer.com/news/security/autocanada-says-ransomware-attack-may-impact-employee-data

Kansas water plant cyberattack forces switch to manual operations (24 sep)https://www.bleepingcomputer.com/news/security/kansas-water-plant-cyberattack-forces-switch-to-manual-operations

MoneyGram confirms a cyberattack is behind dayslong outage (24 sep)https://www.bleepingcomputer.com/news/security/moneygram-confirms-a-cyberattack-is-behind-dayslong-outage

MFA bypass becomes a critical security issue as ransomware tactics advance (24 sep)https://www.helpnetsecurity.com/2024/09/24/ransomware-session-hijacking-tactics

Russia’s digital warfare on Ukraine shows no signs of slowing: Malware hits surge (24 sep)https://www.theregister.com/2024/09/24/russia_malware_ukraine_attacks

Svenskar sticker ut i ny internationell studie om it-säkerhet (25 sep)https://www.voister.se/artikel/2024/09/svenskar-sticker-ut-i-ny-internationell-studie-om-it-sakerhet

New Android banking trojan Octo2 targets European banks (25 sep)https://securityaffairs.com/168857/malware/octo2-android-banking-trojan.html

Transportation Companies Hit by Cyberattacks Using Lumma Stealer and NetSupport Malware (25 sep)https://thehackernews.com/2024/09/transportation-companies-hit-by.html

Crowdstrike-chef bad om ursäkt för it-avbrottet (25 sep)https://computersweden.se/article/3539476/crowdstrike-chef-bad-om-ursakt-for-it-avbrottet.html

US government agency confirms it was hit by major ransomware attack (25 sep)https://www.techradar.com/pro/security/us-government-agency-confirms-it-was-hit-by-major-ransomware-attack

Threat Actors Continue to Exploit OT/ICS through Unsophisticated Means (25 sep)https://www.cisa.gov/news-events/alerts/2024/09/25/threat-actors-continue-exploit-otics-through-unsophisticated-means

Transportation Companies Hit by Cyberattacks Using Lumma Stealer and NetSupport Malware (25 sep)https://thehackernews.com/2024/09/transportation-companies-hit-by.html

Public Wi-Fi operator investigating cyberattack at UK’s busiest train stations (26 sep)https://www.theregister.com/2024/09/26/public_wifi_operator_investigating_cyberattack

Robustare it-system i Storstockholm (26 sep)https://www.tjugofyra7.se/amnesomraden/cybersakerhet/2024/robustare-it-system-i-storstockholm

NIST proposes barring some of the most nonsensical password rules (26 sep)https://arstechnica.com/security/2024/09/nist-proposes-barring-some-of-the-most-nonsensical-password-rules

Hackers Could Have Remotely Controlled Kia Cars Using Only License Plates (26 sep)https://thehackernews.com/2024/09/hackers-could-have-remotely-controlled.html

Se cyberattacker i realtid – Norrbotten lär sig försvar (26 sep)https://www.svt.se/nyheter/lokalt/norrbotten/se-cyberattacker-i-realtid-norrbotten-lar-sig-forsvara-sig

Rapporter och analyser

Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors (18 sep)https://unit42.paloaltonetworks.com/gleaming-pisces-applejeus-poolrat-and-pondrat

The Correlation Between Dark Web Exposure and Cybersecurity Risk (23 sep)https://slcyber.io/whitepapers-reports/the-correlation-between-dark-web-exposure-and-cybersecurity-risk

Inside SnipBot: The Latest RomCom Malware Variant (23 sep)https://unit42.paloaltonetworks.com/snipbot-romcom-malware-variant

Microsoft redogör för sina säkerhetssatsningar i ny rapport (24 sep)https://computersweden.se/article/1272196/microsoft-tar-nytt-grepp-om-sin-egen-sakerhet.html..
Secure Future Initiative – September 2024 progress report (PDF)https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/final/en-us/microsoft-brand/documents/SFI_September_2024_progress_report.pdf

10 Years of DLL Hijacking, and What We Can Do to Prevent 10 More (25 sep)https://research.checkpoint.com/2024/10-years-of-dll-hijacking-and-what-we-can-do-to-prevent-10-more

ANALYS: Tre av fyra svenska myndigheter och kommuner utsätter allmänheten för ökad risk för e-postbedrägerier (25 sep)https://www.aktuellsakerhet.se/analys-tre-av-fyra-svenska-myndigheter-och-kommuner-utsatter-allmanheten-for-okad-risk-for-e-postbedragerier

NSA Jointly Releases Guidance for Mitigating Active Directory Compromises (26 sep)https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3917556/nsa-jointly-releases-guidance-for-mitigating-active-directory-compromises..
Detecting and Mitigating Active Directory Compromises (PDF)https://media.defense.gov/2024/Sep/25/2003553985/-1/-1/0/CTR-DETECTING-AND-MITIGATING-AD-COMPROMISES.PDF

2024 SonicWall Threat Brief: Healthcare’s Escalating Cybersecurity Challenge (26 sep)https://blog.sonicwall.com/en-us/2024/09/2024-sonicwall-threat-brief-healthcares-escalating-cybersecurity-challenge..
2024 SonicWall Threat Brief: Healthcare (PDF)https://www.sonicwall.com/medialibrary/en/brief/2024-threat-brief-healthcare.pdf

2023 RTF Global Ransomware Incident Map: Attacks Increase by 73%, Big Game Hunting Appears to Surge (26 sep)https://securityandtechnology.org/blog/2023-rtf-global-ransomware-incident-map

Storm-0501: Ransomware attacks expanding to hybrid cloud environments (26 sep)https://www.microsoft.com/en-us/security/blog/2024/09/26/storm-0501-ransomware-attacks-expanding-to-hybrid-cloud-environments

Informationssäkerhet och blandat

We’re losing our digital history. Can the Internet Archive save it? (16 sep)https://www.bbc.com/future/article/20240912-the-archivists-battling-to-save-the-internet

How cyber compliance helps minimize the risk of ransomware infections (24 sep)https://www.helpnetsecurity.com/2024/09/24/cyber-compliance-minimize-risk

Gamla dialekter ska vässa AI:s förståelse för svenska (25 sep)https://computersweden.se/article/3538102/gamla-dialekter-ska-vassa-ais-forstaelse-for-svenska.html

Kampanjen Tänk säkert 2024https://www.msb.se/sv/amnesomraden/informationssakerhet-cybersakerhet-och-sakra-kommunikationer/arbeta-systematiskt-informationssakerhet-och-cybersakerhet/informationssakerhetsmanaden/tank-sakert

CyberChess/#CaptureTheFlag (CTF)https://cyberchess.lv

CERT-SE i veckan

Flera allvarliga sårbarheter påverkar Cisco-programvara (27 sep)https://www.cert.se/2024/09/flera-allvarliga-sarbarheter-paverkar-cisco-programvara.html

Flera kritiska sårbarheter i accesspunkter från Aruba (27 sep)https://www.cert.se/2024/09/flera-kritiska-sarbarheter-i-accesspunkter-fran-aruba.html

Kritiska sårbarheter i produkter från Ivanti (uppdaterad 26 sep)https://www.cert.se/2024/08/kritiska-sarbarheter-i-produkter-fran-ivanti.html

Allvarlig sårbarhet i Keycloak (26 sep)https://www.cert.se/2024/09/allvarlig-sarbarhet-i-keycloak.html

Kritisk sårbarhet i Traefik (25 sep)https://www.cert.se/2024/09/kritisk-sarbarhet-i-traefik.html

Fortsatt oförändrad sitation: fartyg med potentiellt explosiv last kvar på internationellt vatten

Uppdaterad: 2024-09-22; 18.53

Skapad: 2024-09.22; 23.23

Ett skadat rysktägt fartyg med ca 20 000 ton ammoniumnitrat i lasten övervakas noga sedan några dagar av bl a norska, svenska och danska myndigheter.

Fartyget skadades i samband med lastningen i en hamn vid Kola-halvön. Enligt uppgift ska är bl a roder och andra anordningar för att navigera fartyget skadade. Just nu ligger lastfartyget i sällskap med ett borgseringsfartyg för ankar utanför Norges kust på internationellt vatten.

Oro för potentiellt explosiv last

Det finns i nuläget ingen överhängande risk för att fartygets last ska läcka eller sprängas genom yttre påverkan. Fartyget är godkänt för den typ av last man har ombord. Även om risken är mycket liten skulle en explosion genom yttre åverkan på fartyget vara förödande i tättbefolkade regioner. Lasten motsvarar 10 megaton och har potentiellt samma sprängkraft som Little Boy, en av atombomberna som fälldes över Japan i slutet av andra världskriget. Fartyget utgör också en miljörisk om det går på grund så att tankarna med diesel börjar läcka. En sådant haveri skulle potentiellt också kunna få stora miljökonsekvenser.

En yttre avsiktlig påverkan på fartyget skulle alltså kunna få katastrofala konsekvenser för t ex Öresundsregionen. Fartygets last skulle också kunna användas som påtryckningsmedel för at uppnå politiska, militära eller ekonomiska fördelar. Det man m a oroar sig för är att fartyget skulle kunna vara en ”trojansk häst”. Man ska dock ha klart för sig att det inte är så lätt att åstadkomma en sådan skadlig åverkan. Blotta risken gör dock att de nordeuropeiska myndigheterna vill göra allt för att undvika att få in det i det redan mycket trafikerade Östersjön för vidare destination till Klaipeda i Litauen.

Västra Götalands län i stabsberedskap

Svenska myndigheter har som en följd av att fartyget kan komma att gå nära svenska vatten ökat bevakningen av fartyget. Västra Götalands län har gått upp i stabsberedskap, vilket är det lägsta nivån av tre i beredskapstrappan.

MSB tog under fredagen intitiativ till samverkanskonferenser med bland andra Länsstyrelserna i Västra Götaland, Kalmar län, Skåne län och Blekinge län samt Kustbevakningen och Transportstyrelsen. Det är oklart om och i så fall vilka regioner och kommuner som också är aktörer i den myndighetsgemensamma övervakningen som nu pågår.

Källor:

CERT-SE:s veckobrev v.38

VECKOBREV

En händelserik vecka som fört med sig stora satsningar på informations- och cybersäkerhet i höstbudgeten och ett internationellt tillslag mot den krypterade kommunikationstjänsten Ghost.

Trevlig helg!

Nyheter i veckan

1.3 million Android-based TV boxes backdoored; researchers still don’t know how (13 sep)https://arstechnica.com/security/2024/09/researchers-still-dont-know-how-1-3-million-android-streaming-boxes-were-backdoored/

Ransomware Group Leaks Data Allegedly Stolen From Kawasaki Motors (16 sep)https://www.securityweek.com/ransomware-group-leaks-data-allegedly-stolen-from-kawasaki-motors/

Data on nearly 1 million NHS patients leaked online following ransomware attack on London hospitals (16 sep)https://therecord.media/data-on-nearly-1-million-nhs-patients-leaked-hospital-ransomware

Owner of only US platinum mine confirms data breach after ransomware claims (16 sep)https://therecord.media/stillwater-mining-company-montana-platinum-data-breach

Google Fixes GCP Composer Flaw That Could’ve Led to Remote Code Execution (16 sep)https://thehackernews.com/2024/09/google-fixes-gcp-composer-flaw-that.html

Recent WhatsUp Gold Vulnerabilities Possibly Exploited in Ransomware Attacks (17 sep)https://www.securityweek.com/recent-whatsup-gold-vulnerabilities-possibly-exploited-in-ransomware-attacks/

Krypterad kommunikationstjänst har slagits ut i en internationell polisoperation (18 sep)https://polisen.se/aktuellt/nyheter/nationell/2024/september/krypterad-kommunikationstjanst-har-slagits-ut-i-en-internationell-polisoperation/
Global Coalition Takes Down New Criminal Communication Platform (18 sep)https://www.europol.europa.eu/media-press/newsroom/news/global-coalition-takes-down-new-criminal-communication-platform

Historisk satsning på cybersäkerhet (18 sep)https://regeringen.se/pressmeddelanden/2024/09/historisk-satsning-pa-cybersakerhet/

Chinese botnet infects 260,000 SOHO routers, IP cameras with malware (18 sep)https://www.bleepingcomputer.com/news/security/flax-typhoon-hackers-infect-260-000-routers-ip-cameras-with-botnet-malware/

Providence public schools still struggling with internet outages after ‘irregular activity’ (18 sep)https://therecord.media/providence-schools-outage-cyberattack-wifi

Germany seizes leak site of ‘Vanir’ ransomware operation (18 sep)https://therecord.media/germany-seizes-vanir-ransomware-leak

FTC exposes massive surveillance of kids, teens by social media giants (19 sep)https://www.bleepingcomputer.com/news/technology/ftc-exposes-massive-surveillance-of-kids-teens-by-social-media-giants/

Rapporter och fördjupningar

Malware locks browser in kiosk mode to steal Google credentials (14 sep)https://www.bleepingcomputer.com/news/security/malware-locks-browser-in-kiosk-mode-to-steal-google-credentials/

16th September – Threat Intelligence Report (16 sep)https://research.checkpoint.com/2024/16th-september-threat-intelligence-report/

Beware the Rising Tide: Financial Services Is Awash in Attacks (17 sep)https://www.akamai.com/blog/security/financial-services-is-awash-in-attacks

What Can We Learn From NIST Cybersecurity Framework (CSF) 2.0? (17 sep)https://techround.co.uk/tech/what-can-learn-nist-cybersecurity-framework-csf/

Storm clouds on the horizon: Resurgence of TeamTNT? (18 sep)https://www.group-ib.com/blog/teamtnt/

Exotic SambaSpy is now dancing with Italian users (18 sep)https://securelist.com/sambaspy-rat-targets-italian-users/113851/

ENISA Threat Landscape 2024 (19 sep)https://www.enisa.europa.eu/publications/enisa-threat-landscape-2024

Evilginx Gmail & Outlook Attacks Can Bypass 2FA, Security Expert Warns (19 sep)https://www.forbes.com/sites/daveywinder/2024/09/19/evilginx-gmail–outlook-attacks-can-bypass-2fa-security-expert-warns/

UNC1860 and the Temple of Oats: Iran’s Hidden Hand in Middle Eastern Networks (19 sep)https://cloud.google.com/blog/topics/threat-intelligence/unc1860-iran-middle-eastern-networks/

Informationssäkerhet och blandat

Secure by Design Alert: Eliminating Cross-Site Scripting Vulnerabilities (17 sep)https://www.cisa.gov/resources-tools/resources/secure-design-alert-eliminating-cross-site-scripting-vulnerabilities

Har du koll på dina SaaS-backuper? (18 sep)https://computersweden.se/article/3514909/har-du-koll-pa-dina-saas-backuper.html

Ready to Rumble: US Women’s Cyber Team Preps for Global CTF Contest (18 sep)https://www.darkreading.com/cybersecurity-operations/us-women-cyber-team-global-ctf-contest

Unexplained ‘Noise Storms’ flood the Internet, puzzle experts (19 sep)https://www.bleepingcomputer.com/news/security/unexplained-noise-storms-flood-the-internet-puzzle-experts/

CISA boss: Makers of insecure software are the real cyber villains (20 sep)https://www.theregister.com/2024/09/20/cisa_sloppy_vendors_cybercrime_villains/

Companies Often Pay Ransomware Attackers Multiple Times (20 sep)https://securityboulevard.com/2024/09/companies-often-pay-ransomware-attackers-multiple-times/

CERT-SE i veckan

Kritisk sårbarhet i Solarwinds Access Rights Manager (13 sep)https://www.cert.se/2024/09/kritisk-sarbarhet-i-solarwinds-access-rights-manager.html

Kritiska sårbarheter i Ivanti-produkter (Uppdaterad 16 sep)https://www.cert.se/2024/09/kritiska-sarbarheter-i-ivantiprodukter.html

Kritisk sårbarhet i VMware vCenter Server (18 sep)https://www.cert.se/2024/09/kritiska-sarbarheter-i-vmware-vcenter-server.html

Kritisk sårbarhet i GitLab (19 sep)https://www.cert.se/2024/09/kritisk-sarbarhet-i-GitLab-SAML.html

Kritiska sårbarheter i Ivanti-produkter (uppdaterad 20 sep)https://www.cert.se/2024/09/kritiska-sarbarheter-i-ivantiprodukter.html

CERT-SE:s veckobrev v.37

VECKOBREV

Det har varit patchtisdag och CERT-SE har publicerat sammanfattningar av säkerhetsuppdateringar från Microsoft, Adobe och Ivanti. Se till att uppdatera dessa, och övriga sårbarheter vi skrivit om i veckan, så snart det går. Vi har även varit och lyssnat på intressanta föredrag och diskussioner på SEC-T, se länk till deras livestream längst ner i veckobrevet. Trevlig helg önskar CERT-SE!

Nyheter i veckan

Payment gateway data breach affects 1.7 million credit card owners (9 sep)https://www.bleepingcomputer.com/news/security/payment-gateway-data-breach-affects-17-million-credit-card-owners

Highline Public Schools closes schools following cyberattack (9 sep)https://www.bleepingcomputer.com/news/security/highline-public-schools-closes-schools-following-cyberattack

Avis Data Breach Impacts 300,000 Car Rental Customers (9 sep)https://www.securityweek.com/300000-impacted-by-data-breach-at-car-rental-firm-avis

New RAMBO Attack Allows Air-Gapped Data Theft via RAM Radio Signals (9 sep)https://www.securityweek.com/new-rambo-attack-allows-air-gapped-data-theft-via-ram-radio-signals

Nätfiskemejl sprider skadligt program i Googleskrud (10 sep)https://www.aktuellsakerhet.se/natfiskemejl-sprider-skadligt-program-i-googleskrud

Popular French retailers confirm hackers stole customer data (11 sep)https://therecord.media/france-retailers-hacked-confirm-cyberattack

SBOMs and the importance of inventory (11 sep)https://www.ncsc.gov.uk/blog-post/sboms-and-the-importance-of-inventory

UK designates the data center sector part of its ‘Critical National Infrastructure’ (12 sep)https://therecord.media/uk-designates-data-centers-critical-infrastructure

BT logs 2,000 signals of potential cyber attacks per second (12 sep)https://www.commsbusiness.co.uk/content/news/bt-logs-2-000-signals-of-potential-cyber-attacks-per-second

Data centres to be given massive boost and protections from cyber criminals and IT blackouts (12 sep)https://www.gov.uk/government/news/data-centres-to-be-given-massive-boost-and-protections-from-cyber-criminals-and-it-blackouts

New Android Malware ‘Ajina.Banker’ Steals Financial Data and Bypasses 2FA via Telegram (12 sep)https://thehackernews.com/2024/09/new-android-malware-ajinabanker-steals.html

Fortinet confirms data breach after hacker claims to steal 440GB of files (12 sep)https://www.bleepingcomputer.com/news/security/fortinet-confirms-data-breach-after-hacker-claims-to-steal-440gb-of-files

Transport for London confirms 5,000 users’ bank data exposed, pulls large chunks of IT infra offline (12 sep)https://www.theregister.com/2024/09/12/transport_for_londons_cyber_attack

Falska uppdateringar drabbar många svenska företag (13 sep)https://www.securityuser.com/se/Nyheter/Samhalle/falska-uppdateringar-drabbar-manga-svenska-foretag

It-expertens känga till Hofors kommun: ”På gränsen till tjänstefel” (13 sep)https://www.svt.se/nyheter/lokalt/gavleborg/it-expertens-kanga-till-hofors-kommun-pa-gransen-till-tjanstefel

Rapporter och analyser

Earth Preta Evolves its Attacks with New Malware and Strategies (9 sep)https://www.trendmicro.com/en_us/research/24/i/earth-preta-new-malware-and-strategies.html

Threat Assessment: Repellent Scorpius, Distributors of Cicada3301 Ransomware (10 sep)https://unit42.paloaltonetworks.com/repellent-scorpius-cicada3301-ransomware

H1 2024: Malware and Vulnerability Trends Report (10 sep)https://www.recordedfuture.com/research/h1-2024-malware-and-vulnerability-trends-report

Blog: Key Findings from Ontinue’s 1H 2024 Threat Intelligence Report (10 sep)https://www.ontinue.com/resource/1h-2024-threat-intelligence-report

Protecting Against RCE Attacks Abusing WhatsUp Gold Vulnerabilities (12 sep)https://www.trendmicro.com/en_us/research/24/i/whatsup-gold-rce.html

Informationssäkerhet och blandat

Recommendations on hosting sensitive information systems in the cloud (4 sep)https://cyber.gouv.fr/en/publications/recommendations-hosting-sensitive-information-systems-cloud

Commercial Spyware Use Roars Back Despite Sanctions (6 sep)https://www.darkreading.com/threat-intelligence/commercial-spyware-use-roars-back-despite-sanctions

SEC-T livestream (10-12 sep)https://www.sec-t.org/

CERT-SE i veckan

Kritisk sårbarhet i SonicWall (9 sep)https://www.cert.se/2024/09/kritisk-sarbarhet-i-SonicWall.html

Microsofts månatliga säkerhetsuppdateringar för september 2024 (11 sep)https://www.cert.se/2024/09/microsofts-manatliga-sakerhetsuppdateringar-for-september-2024.html

Adobes månatliga säkerhetsuppdateringar för september 2024 (11 sep)https://www.cert.se/2024/09/adobes-manatliga-sakerhetsuppdateringar-for-september-2024.html

Kritiska sårbarheter i Ivanti-produkter (11 sep)https://www.cert.se/2024/09/kritiska-sarbarheter-i-ivantiprodukter.html

Kritisk sårbarhet i Gitlab (12 sep)https://www.cert.se/2024/09/kritisk-sarbarhet-i-GitLab.html