CERT-SE:s veckobrev v.24

VECKOBREV

Med trovärdigt utformade meddelanden skickade från till synes legitima avsändare, är nätfiske fortsatt en de mest effektiva metoderna för bedrägerier och dataintrång.

Läs och sprid gärna vår senaste artikel på temat, publicerad med anledning av en pågående nätfiskekampanj mot svenska kommuner och skolor: https://www.cert.se/2024/06/pagaende-natfiskekampanj-riktad-mot-kommuner-och-skolor.html

Trevlig helg önskar CERT-SE!

Nyheter i veckan

7,000 LockBit decryption keys now in the hands of the FBI, offering victims hope (6 jun)
https://arstechnica.com/security/2024/06/fbi-urges-lockbit-victims-to-step-forward-after-seizing-7000-decryption-keys..
FBI Cyber Assistant Director Bryan Vorndran’s Remarks at the 2024 Boston Conference on Cyber Security (5 jun)
https://www.fbi.gov/news/speeches/fbi-cyber-assistant-director-bryan-vorndran-s-remarks-at-the-2024-boston-conference-on-cyber-security

Så lätt hackas ditt barns smarta klocka (8 jun)
https://www.svt.se/nyheter/inrikes/sa-latt-hackas-ditt-barns-smarta-klocka

Cylance confirms data breach linked to ‘third-party’ platform (10 jun)
https://www.bleepingcomputer.com/news/security/cylance-confirms-data-breach-linked-to-third-party-platform

O-type blood donors needed after London cyber-attack (10 jun)
https://www.bbc.com/news/articles/c2eeg9gygyno

Two cuffed over suspected smishing campaign using ‘text message blaster’ (10 jun)
https://www.theregister.com/2024/06/10/two_arrested_in_uk_over

Region Dalarna i stabsläge på grund av störningar i journalsystem och intranätet (11 jun)
https://www.regiondalarna.se/press/nyheter-och-pressmeddelanden/region-dalarna-i-stabslage-pa-grund-av-storningar-i-journalsystem-och-intranatet

Pure Storage confirms data breach after Snowflake account hack (11 jun)
https://www.bleepingcomputer.com/news/security/pure-storage-confirms-data-breach-after-snowflake-account-hack..
Security Bulletin for Unauthorized Access to Telemetry Information (14 jun)
https://support.purestorage.com/bundle/m_security_bulletins/page/Employee_Handbooks/Technical_Services/PSIRT/topics/concept/c_support_escalation_how_to_escalate_a_case.html

It-attacken: Tusentals sjukhusfiler fortfarande på darknet (12 jun)
https://sverigesradio.se/artikel/it-attacken-tusentals-sjukhusfiler-fortfarande-pa-darknet..
Sjukhusets vd bryter tystnaden: Det stals vid it-attacken (12 jun)
https://sverigesradio.se/artikel/sjukhusets-vd-journaluppgifter-lackte-vid-it-attacken

New phishing toolkit uses PWAs to steal login credentials (12 jun)
https://www.bleepingcomputer.com/news/security/new-phishing-toolkit-uses-pwas-to-steal-login-credentials

Phone Scammers Impersonating CISA Employees (12 jun)
https://www.cisa.gov/news-events/alerts/2024/06/12/phone-scammers-impersonating-cisa-employees

Ransomware Group Exploits Critical PHP Flaw (12 jun)
https://www.darkreading.com/vulnerabilities-threats/tellyouthepass-ransomware-exploits-critical-php-flaw

Ascension hacked after employee downloaded malicious file (13 jun)
https://www.infosecurity-magazine.com/news/ascension-attack-employee/

City governments in Michigan, New York face shutdowns after ransomware attacks (13 jun)
https://therecord.media/traverse-city-michigan-newburgh-new-york-ransomware

Phishing campaign impacting organisations and New Zealanders (14 jun)
https://www.cert.govt.nz/individuals/alerts/phishing-campaign-impacting-new-zealand-organisations

MSB varnar skolor och kommuner för ny nätfiskekampanj (14 jun)
https://computersweden.se/article/2147697/msb-varnar-skolor-och-kommuner-for-ny-natfiskekampanj.html

Rapporter och analyser

Dissecting SSLoad Malware: A Comprehensive Technical Analysis (10 jun)
https://intezer.com/blog/research/ssload-technical-malware-analysis

May 2024’s Most Wanted Malware: Phorpiex Botnet Unleashes Phishing Frenzy While LockBit3 Dominates Once Again (10 jun)
https://blog.checkpoint.com/research/may-2024s-most-wanted-malware-phorpiex-botnet-unleashes-phishing-frenzy-while-lockbit3-dominates-once-again

IcedID Brings ScreenConnect and CSharp Streamer to ALPHV Ransomware Deployment (10 jun)
https://thedfirreport.com/2024/06/10/icedid-brings-screenconnect-and-csharp-streamer-to-alphv-ransomware-deployment

A Brief History of SmokeLoader, Part 1 (11 jun)
https://www.zscaler.com/blogs/security-research/brief-history-smokeloader-part-1

Ransomware Attackers May Have Used Privilege Escalation Vulnerability as Zero-day (12 jun)
https://symantec-enterprise-blogs.security.com/threat-intelligence/black-basta-ransomware-zero-day

Dipping into Danger: The WARMCOOKIE backdoor (12 jun)
https://www.elastic.co/security-labs/dipping-into-danger

WithSecure Reveals Mass Exploitation of Edge Software and Infrastructure Appliances (12 jun)
https://www.infosecurity-magazine.com/news/withsecure-exploitation-edge/https://labs.withsecure.com/publications/mass-exploitation-the-vulnerable-edge-of-enterprise-security

Facebook, Meta, Apple, Amazon Most Impersonated in Phishing Scams (12 jun)
https://hackread.com/facebook-meta-apple-amazon-impersonate-phishing-scams/

Informationssäkerhet och blandat

Nu släpps Sveriges geologiska information som öppna data (10 jun)
https://computersweden.se/article/2140077/nu-slapps-sveriges-geologiska-information-som-oppna-data.html

New internet routing security rules proposed by FCC (10 jun)
https://www.scmagazine.com/brief/new-internet-routing-security-rules-proposed-by-fcc

Superdatorn Berzelius uppgraderas till dubbla kapaciteten (11 jun)
https://news.cision.com/se/linkopings-universitet/r/superdatorn-berzelius-uppgraderas-till-dubbla-kapaciteten,c3998165

Ny CRA-lag vänligare mot öppen källkod (11 jun)
https://etn.se/index.php/teknik/71169-ny-cra-lag-vanligare-mot-oppen-kallkod.html

The mystery of an alleged data broker’s data breach (11 jun)
https://techcrunch.com/2024/06/11/the-mystery-of-an-alleged-data-brokers-data-breach

White House report dishes deets on all 11 major government breaches from 2023 (12 jun)
https://www.theregister.com/2024/06/12/white_house_report/

Skyhög nota för it-avbrott för de största företagen (12 jun)
https://computersweden.se/article/2143164/skyhog-nota-for-it-avbrott-for-de-storsta-foretagen.html

Rockwell’s ICS Directive Comes as Critical Infrastructure Risk Peaks (13 jun)
https://www.darkreading.com/ics-ot-security/rockwell-ics-directive-critical-infrastructure-risk-peaks

Prevalence and Impact of Password Exposure Vulnerabilities in ICS/OT (13 jun)
https://www.securityweek.com/prevalence-and-impact-of-password-exposure-vulnerabilities-in-ics-ot/

CERT-SE i veckan

Microsofts månatliga säkerhetsuppdateringar för juni 2024 (12 jun)
https://www.cert.se/2024/06/microsofts-manatliga-sakerhetsuppdateringar-for-juni-2024.html

Adobes månatliga säkerhetsuppdateringar för juni 2024 (13 jun)
https://www.cert.se/2024/06/adobes-manatliga-sakerhetsuppdateringar-for-juni-2024.html

Pågående nätfiskekampanj riktad mot kommuner och skolor (13 jun)
https://www.cert.se/2024/06/pagaende-natfiskekampanj-riktad-mot-kommuner-och-skolor.html