CERT-SE:s veckobrev v.45

VECKOBREV

CERT-SE:s omvärldsbevakning denna novembervecka inkluderar rapporter om cyberincidenter hos allt från svenska skolor till casinon. Vi tipsar även om ett antal läsvärda rapporter samt MSB:s serie av webbinarier om olika aspekter av informationssäkerhet, bland annat incidenthantering och säkerhetsåtgärder i informationssystem.

Behöver du råd och stöd kring hur din organisation ska utforma er incidenthanteringsprocess, så har MSB även en rådgivningstjänst för systematiskt informationssäkerhetsarbete: https://www.msb.se/sv/verktyg–tjanster/radgivningstjanst-for-systematiskt-informationssakerhetsarbete

Nyheter i veckan

New Microsoft Exchange zero-days allow RCE, data theft attacks (3 nov)https://www.bleepingcomputer.com/news/microsoft/new-microsoft-exchange-zero-days-allow-rce-data-theft-attacks

Post Mortem on Cloudflare Control Plane and Analytics Outage (4 nov)https://blog.cloudflare.com/post-mortem-on-cloudflare-control-plane-and-analytics-outage

Apple ‘Find My’ network can be abused to steal keylogged passwords (4 nov)https://www.bleepingcomputer.com/news/apple/apple-find-my-network-can-be-abused-to-steal-keylogged-passwords

Discord will switch to temporary file links to block malware delivery (4 nov)https://www.bleepingcomputer.com/news/security/discord-will-switch-to-temporary-file-links-to-block-malware-delivery

‘Scam-in-a-box’: MyGov suspends thousands of accounts linked to dark web fraud kits (5 nov)https://www.theguardian.com/australia-news/2023/nov/06/scam-in-a-box-mygov-suspends-thousands-of-accounts-linked-to-dark-web-kits

American Airlines Pilot Union Recovering After Ransomware Attack (6 nov)https://www.securityweek.com/american-airlines-pilot-union-recovering-after-ransomware-attack

Attacker mot Sverige väntas när ryska hackare erbjuder botnet som tjänst (6 nov)https://computersweden.idg.se/2.2683/1.780345/efter-attack-mot-sverige-nu-erbjuder-ryska-hackare-botnet-som-tjanst

New Jupyter Infostealer Version Emerges with Sophisticated Stealth Tactics (6 nov)https://thehackernews.com/2023/11/new-jupyter-infostealer-version-emerges.html

Emphasizing Security by Default with Advanced Microsoft Authenticator Features (6 nov)https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/emphasizing-security-by-default-with-advanced-microsoft/ba-p/3773130

New Gootloader Malware Variant Harder to Detect, Block (6 nov)https://duo.com/decipher/new-gootloader-malware-variant-harder-to-detect-block

Cybercrime service bypasses Android security to install malware (6 nov)https://www.bleepingcomputer.com/news/security/cybercrime-service-bypasses-android-security-to-install-malware

Sveriges domstolars webbsida utsatt för attack: ”Jobbar febrilt på att lösa det här” (7 nov)https://www.nyteknik.se/it-sakerhet/sveriges-domstolars-webbsida-utsatt-for-attack-jobbar-febrilt-pa-att-losa-det-har/4206945

Umeåskola drabbad av cyberattack: ”Frustrerande” (7 nov)https://sverigesradio.se/artikel/umeaskola-drabbad-av-cyberattack

Ransomware Gang Leaks Data Allegedly Stolen From Canadian Hospitals (7 nov)https://www.securityweek.com/ransomware-gang-leaks-data-allegedly-stolen-from-canadian-hospital

What are Kerberoasting attacks and how do you stop them? (7 nov)https://www.itpro.com/security/what-are-kerberoasting-attacks-and-how-do-you-stop-them

India most targeted in cyber attacks: Report (7 nov)https://www.newindianexpress.com/business/2023/nov/07/india-most-targeted-incyber-attacks-report-2630842.html

Experts Expose Farnetwork’s Ransomware-as-a-Service Business Model (8 nov)https://thehackernews.com/2023/11/experts-expose-farnetworks-ransomware.html

Optus outage: Millions affected by Australian network failure (8 nov)https://www.bbc.com/news/world-australia-67340901

OpenAI confirms DDoS attacks behind ongoing ChatGPT outages (9 nov)https://www.bleepingcomputer.com/news/security/openai-confirms-ddos-attacks-behind-ongoing-chatgpt-outages

Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology (9 nov)https://www.mandiant.com/resources/blog/sandworm-disrupts-power-ukraine-operational-technology

Microsoft briefly restricted employee access to OpenAI’s ChatGPT, citing security concerns (9 nov)https://www.cnbc.com/2023/11/09/microsoft-restricts-employee-access-to-openais-chatgpt.html

ICBC hit by ransomware impacting global trades (10 nov)https://www.theregister.com/2023/11/10/icbc_ransomware

Rapporter och analyser

Next steps in preparing for post-quantum cryptography (3 nov)https://www.ncsc.gov.uk/whitepaper/next-steps-preparing-for-post-quantum-cryptography

Q3 2023 Threat Horizons Report (3 nov)https://services.google.com/fh/files/blogs/gcat_threathorizons_full_oct2023.pdf..
Google Warns How Hackers Could Abuse Calendar Service as a Covert C2 Channel (6 nov)https://thehackernews.com/2023/11/google-warns-of-hackers-absing-calendar.html

CERT-EU Cyber Security Brief 23-11 – October 2023 (6 nov)https://cert.europa.eu/publications/threat-intelligence/cb23-11/

FEMA and CISA Release Joint Guidance on Planning Considerations for Cyber Incidents (7 nov)https://www.cisa.gov/news-events/alerts/2023/11/07/fema-and-cisa-release-joint-guidance-planning-considerations-cyber-incidents

FBI Highlights Emerging Initial Access Methods Used by Ransomware Groups (8 nov)https://www.securityweek.com/fbi-highlights-emerging-initial-access-methods-used-by-ransomware-groups..
Ransomware Actors Continue to Gain Access through Third Parties and Legitimate System Tools (7 nov)https://www.aha.org/system/files/media/file/2023/11/bi-tlp-clear-pin-ransomware-actors-continue-to-gain-access-through-third-parties-and-legitimate-system-tools-11-7-23.pdf

Informationssäkerhet och blandat

Transit App Shows Rat Activity on the NYC Subway (6 nov)https://laughingsquid.com/transit-app-nyc-subway-rat-detector

Nu går ”småföretagens fluortant” på offensiv mot cyberbrott (6 nov)https://computersweden.idg.se/2.2683/1.780327/stoldskyddsforeningen-pa-offensiv-mot-cyberbrott–en-fluortant-for-smaforetag

Företagens stora skräck – att bli kapad (6 nov)https://www.dagensps.se/foretag/foretagens-stora-skrack-att-bli-kapad/

Larmet: Risk för IT-attack i kommunen (6 nov)https://www.mitti.se/nyheter/larmet-risk-for-itattack-i-kommunen-6.3.182635.cb934f18fa

Offensive and Defensive AI: Let’s Chat(GPT) About It (7 nov)https://thehackernews.com/2023/11/offensive-and-defensive-ai-lets-chatgpt.html

7 free cyber threat maps showing attack intensity and frequency (7 nov)https://www.helpnetsecurity.com/2023/11/07/free-cyber-threat-maps

What the QWAC?! (7 nov)https://scotthelme.co.uk/what-the-qwac

Offensive and Defensive AI: Let’s Chat(GPT) About It (7 nov)https://thehackernews.com/2023/11/offensive-and-defensive-ai-lets-chatgpt.html

85% of people worry about online disinformation, global survey finds (7 nov)https://www.theguardian.com/technology/2023/nov/07/85-of-people-worry-about-online-disinformation-global-survey-finds

Marina Bay Sands in Singapore suffers a data breach (8 nov)https://cybersafe.news/marina-bay-sands-in-singapore-suffers-a-data-breach

Webbinarieserien ”Informationssäkerhet i fokus”https://www.msb.se/sv/amnesomraden/informationssakerhet-cybersakerhet-och-sakra-kommunikationer/systematiskt-informationssakerhetsarbete/webbinarier

CERT-SE i veckan

Kritisk sårbarhet i Atlassian Confluence (uppdaterad)

Flera sårbarheter i Citrix Netscaler ADC och Netscaler Gateway (uppdaterad)

M	T	O	T	F	L	S
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30	31