CERT-SE:s veckobrev v.40

Cybersäkerhetsmånaden har snart pågått i en vecka. Flera bra initiativ finns med målsättning att höja medvetenheten och kompetensen hos privatpersoner och organisationer för säker närvaro online. 

Tänk Säkert! är kampanjen som genomförs i samverkan mellan svenska myndigheter och organisationer.

Antar du CERT-SE:s utmaning? eller läs om det europeiska iniitativet #BeSmarterThanAHacker.

Nyheter i veckan

Cloudflare DDoS protections ironically bypassed using Cloudflare (30 sep)
https://www.bleepingcomputer.com/news/security/cloudflare-ddos-protections-ironically-bypassed-using-cloudflare/

Praoelevers uppgifter kan ha läckt efter stort intrång (2 okt)
https://www.dn.se/sverige/praoelevers-uppgifter-kan-ha-lackt-efter-stort-intrang/

FBI Warns of Dual Ransomware Attacks and Data Destruction Trends (2 okt)
https://www.infosecurity-magazine.com/news/fbi-warns-dual-ransomware-data/

BunnyLoader: New Malware-as-a-Service Threat Emerges in the Cybercrime Underground (2 okt)
https://thehackernews.com/2023/10/bunnyloader-new-malware-as-service.html

Nederländerna varnar för solcellsanläggningar – risk även i Sverige (3 okt)
https://sverigesradio.se/artikel/nederlanderna-varnar-for-solpaneler-risk-aven-i-sverige

CISA and NSA Release New Guidance on Identity and Access Management (4 okt)
https://www.cisa.gov/news-events/alerts/2023/10/04/cisa-and-nsa-release-new-guidance-identity-and-access-management

Police Issue “Quishing” Email Warning (4 okt)
https://www.infosecurity-magazine.com/news/police-issue-quishing-email-warning/

CERT-In issues alert against LuaDream info-stealing malware (4 okt)
https://www.thehindu.com/sci-tech/technology/cert-in-alert-against-luadream-malware/article67379383.ece

Check Point discovers new phishing scam on Dropbox (4 okt)
https://securitybrief.co.nz/story/check-point-discovers-new-phishing-scam-on-dropbox

Cyberattack on British telecom Lyca prevented customers from making calls, topping up (4 okt)
https://therecord.media/cyberattack-on-lyca-stops-calls

NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations (5 okt)
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-278a

Bugg i datasystem – brottsoffers personnummer har läckt (5 okt)
https://sverigesradio.se/artikel/bugg-i-datasystem-brottsoffers-personnummer-har-lackt

NATO Probes Cyberattack Linked to Stolen Strategic Documents (5 okt)
https://www.thedefensepost.com/2023/10/05/nato-cyberattack-stolen-strategic-documents/

Curl 8.4.0 – Proactively Identifying Potential Vulnerable Assets (5 okt)
https://blog.qualys.com/vulnerabilities-threat-research/2023/10/05/curl-8-4-0-proactively-identifying-potential-vulnerable-assets

Cyber criminals access hospital patient information (5 okt)
https://www.canberratimes.com.au/story/8375849/cyber-criminals-access-hospital-patient-information/

Sony Confirms Data Stolen in Two Recent Hacker Attacks (5 okt)
https://www.securityweek.com/sony-confirms-data-stolen-in-two-recent-hacker-attacks/

Several Finnish websites report cyber-attacks (5 okt)
https://yle.fi/a/74-20053726
..
DoS attack hits Helsinki public transit app (6 okt)
https://yle.fi/a/74-20053889

Rapporter

Malicious Packages Hidden in NPM (2 okt)
https://www.fortinet.com/blog/threat-research/malicious-packages-hiddin-in-npm

Bitsight identifies nearly 100,000 exposed industrial control systems (2 okt)
https://www.bitsight.com/blog/bitsight-identifies-nearly-100000-exposed-industrial-control-systems

Defending new vectors: Threat actors attempt SQL Server to cloud lateral movement (3 okt)
https://www.microsoft.com/en-us/security/blog/2023/10/03/defending-new-vectors-threat-actors-attempt-sql-server-to-cloud-lateral-movement/

DRM Report Q2 2023 – Ransomware threat landscape (4 okt)
https://securityaffairs.com/151925/reports/drm-report-q2-2023-ransomware.html

Microsoft Digital Defense Report 2023 
https://www.microsoft.com/en-us/security/security-insider/microsoft-digital-defense-report-2023

Qakbot-affiliated actors distribute Ransom Knight malware despite infrastructure takedown (5 okt)
https://blog.talosintelligence.com/qakbot-affiliated-actors-distribute-ransom/

Let’s dig deeper: dissecting the new Android Trojan GoldDigger with Group-IB Fraud Matrix (5 okt)
https://www.group-ib.com/blog/golddigger-fraud-matrix/

Informationssäkerhet och blandat

Opinion | Nikka: Regeringen förespråkar mass­övervakning med Chat Control (21 sep) 
https://www.pcforalla.se/article/2078314/regeringen-foresprakar-massovervakning-med-chat-control.html

BLUE OLEX 2023: Getting Ready for the Next Cybersecurity Crisis in the EU (2 okt)
https://www.enisa.europa.eu/news/blue-olex-2023-getting-ready-for-the-next-cybersecurity-crisis-in-the-eu

Joint Letter of Experts on CRA and Vulnerability Disclosure (3 okt)
https://www.centerforcybersecuritypolicy.org/insights-and-research/joint-letter-of-experts-on-cra-and-vulnerability-disclosure

Quishing Triage 101: How to Investigate Suspicious QR Codes in Emails (4 okt)
https://intezer.com/blog/alert-triage/quishing-triage-how-to-investigate-suspicious-qr-codes-in-emails/

Moderna bilar riskerar att användas för spionage (4 okt)
https://sverigesradio.se/artikel/moderna-bilar-riskerar-att-anvandas-for-spionage

Could Cybersecurity Breaches Become Harmless in the Future? (5 okt)
https://www.darkreading.com/vulnerabilities-threats/could-cybersecurity-breaches-become-harmless-in-the-future-

LLMs lower the barrier for entry into cybercrime (5 okt)
https://www.helpnetsecurity.com/2023/10/05/traditional-perimeter-detection/

Addressing the People Problem in Cybersecurity (5 okt)
https://www.securityweek.com/addressing-the-people-problem-in-cybersecurity/

Cybersäkerhetsmånanden

CISA Kicks Off 20th Anniversary of Cybersecurity Awareness Month with New Public Awareness Campaign to Secure Our World (28 sep)
https://www.cisa.gov/news-events/news/cisa-kicks-20th-anniversary-cybersecurity-awareness-month-new-public-awareness-campaign
..
https://www.cisa.gov/cybersecurity-awareness-month

Kampanjen ”Tänk säkert!”
https://www.msb.se/sv/amnesomraden/informationssakerhet-cybersakerhet-och-sakra-kommunikationer/informationssakerhetsmanaden/

European Cyber Security Month – ECSM
https://cybersecuritymonth.eu/

CERT-SE i veckan

Kritisk sårbarhet i Cisco Emergency Responder

Allvarlig sårbarhet i libweb-biblioteket för WebP utnyttjas aktivt

Kritisk 0-day-sårbarhet i Confluence utnyttjas aktivt

Allvarlig sårbarhet i Linuxkomponent

Nolldagssårbarhet i Exim (uppdaterad 2023-10-03)