CERT-SE:s veckobrev v.12

VECKOBREV

Veckans svep bjuder på en blandning av händelser, fördjupningar och rekommendationer. Bland annat en vägledning från NCSC-UK för chefer och ledning i både privat och offentlig sektor, om vad man bör tänka på i händelse av en cybersäkerhetsincident.

Nyheter i veckan

International Monetary Fund email accounts hacked in cyberattack (15 mars)https://www.bleepingcomputer.com/news/security/international-monetary-fund-email-accounts-hacked-in-cyberattack/

Stora datorproblem hos Jordbruksverket (16 mars)https://www.svt.se/nyheter/lokalt/jonkoping/stora-datorproblem-hos-jordbruksverket

NIST NVD Halt Leaves Thousands of Vulnerabilities Untagged (18 mars)https://www.hackread.com/nist-nvd-halt-leaves-vulnerabilities-untagged/

CISA hit by hackers, key systems taken offline (18 mars)https://securityintelligence.com/news/cisa-hackers-key-systems-offline/

New Zealand media company: Hackers directly targeting individuals after alleged data breach (18 mars)https://therecord.media/mediaworks-new-zealand-data-breach-extortion

Finland, Germany, Ireland, Japan, Poland, South Korea added to US-led spyware agreement (18 mars)https://therecord.media/international-spyware-agreement-new-members

Commercial Bank of Ethiopia glitch lets customers withdraw millions (18 mars)https://www.bbc.com/news/world-68599027

Fujitsu found malware on IT systems, confirms data breach (18 mars)https://www.bleepingcomputer.com/news/security/fujitsu-found-malware-on-it-systems-confirms-data-breach/

New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT (19 mars)https://thehackernews.com/2024/03/new-phishing-attack-uses-clever.html

Försäkringskassan varnar för bluffmejl (19 mars)https://sakerhetskollen.se/aktuella-brott/forsakringskassan-varnar-for-bluffmejl

Strul hos Skatteverket när deklarationen öppnade (19 mars)https://tt.omni.se/strul-hos-skatteverket-nar-deklarationen-oppnade/a/4o6r5V

Hackare avslöjade nätverk – misstänks ha lurat äldre (20 mars)https://sverigesradio.se/artikel/hackare-avslojade-natverk-misstanks-ha-lurat-aldre

SVT Uppdrag Granskning: hackaren (20 mars)https://www.svtplay.se/video/e6dEVLw/uppdrag-granskning/hackaren

300,000 Systems Vulnerable to New Loop DoS Attack (20 mars)https://www.securityweek.com/300000-systems-vulnerable-to-new-loop-dos-attack/… 
Advisory on Application-layer Loop DoS Attacks (19 mars)https://cispa.saarland/group/rossow/Loop-DoS

Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks (18 mars)https://www.trendmicro.com/en_us/research/24/c/earth-krahang.htmlhttps://www.bleepingcomputer.com/news/security/chinese-earth-krahang-hackers-breach-70-orgs-in-23-countries/

“Disabling cyberattacks” are hitting critical US water systems, White House warns (20 mars)https://arstechnica.com/security/2024/03/critical-us-water-systems-face-disabling-cyberattacks-white-house-warns/
https://www.bleepingcomputer.com/news/security/white-house-and-epa-warn-of-hackers-breaching-water-systems/

Danmark blev ramt af GPS-jamming i nyt angreb på kritisk infrastruktur (20 mars)https://jyllands-posten.dk/indland/ECE16955137/danmark-blev-ramt-af-gpsjamming-i-nyt-angreb-paa-kritisk-infrastruktur/

Exploit released for Fortinet RCE bug used in attacks, patch now (21 mars)https://www.bleepingcomputer.com/news/security/exploit-released-for-fortinet-rce-bug-used-in-attacks-patch-now/

New StrelaStealer Phishing Attacks Hit Over 100 Organizations in E.U. and U.S. (22 mars)https://thehackernews.com/2024/03/new-strelastealer-phishing-attacks-hit.html

Informationssäkerhet och blandat

Inside the Rabbit Hole: BunnyLoader 3.0 Unveiled (15 mars)https://unit42.paloaltonetworks.com/analysis-of-bunnyloader-malware/

Department of Homeland Security lays out AI plans in new roadmap (18 mars)https://fedscoop.com/dhs-ai-roadmap/

New Attack Shows Risks of Browsers Giving Websites Access to GPU (18 mars)https://www.securityweek.com/new-attack-shows-risks-of-browsers-giving-websites-access-to-gpu/

We’re one step closer to a global cybersecurity standard for smart home devices (19 mars)https://www.theverge.com/2024/3/18/24104906/csa-iot-device-security-specification-product-security-verification-mark

A prescription for privacy protection: Exercise caution when using a mobile health app (19 mars)https://www.welivesecurity.com/en/privacy/prescription-privacy-protection-exercise-caution-mobile-health-app/

PRC state-sponsored cyber activity: Actions for critical infrastructure leaders (19 mars)https://www.cisa.gov/resources-tools/resources/prc-state-sponsored-cyber-activity-actions-critical-infrastructure-leaders

Abusing the DHCP Administrators Group to Escalate Privileges in Windows Domains (20 mars)https://www.akamai.com/blog/security-research/abusing-dhcp-administrators-group-for-privilege-escalation-in-windows-domains

Making Sense of Operational Technology Attacks: The Past, Present, and Future (21 mars)https://thehackernews.com/2024/03/making-sense-of-operational-technology.html

Responding to a cyber incident – a guide for CEOs (21 mars)https://www.ncsc.gov.uk/guidance/ceos-responding-cyber-incidents

Årsrapport: Recorded Future 2023 Annual Report (21 mars)https://www.recordedfuture.com/2023-annual-report

Målet: Nya Cybercampus Sverige ska stärka hela landets it-säkerhet (22 mars)https://www.nyteknik.se/tech/malet-nya-cybercampus-sverige-ska-starka-hela-landets-it-sakerhet/4246479

Opening Pandora’s box – Supply Chain Insider Threats in Open Source projectshttps://boostsecurity.io/blog/opening-pandora-box-supply-chain-insider-threats-in-oss-projects

CERT-SE i veckan

Uppdaterad artikel – Kritiska RCE-sårbarheter i Forti-produkter (21 mars)https://www.cert.se/2024/02/kritiska-rce-sarbarheter-i-fortios.html

Kritiska sårbarheter i Ivanti Neurons för ITSM och Standalone Sentry (21 mars)https://www.cert.se/2024/03/kritiska-sarbarheter-i-ivanti-neurons-och-standalone-sentry.html