VECKOBREV

En händelserik vecka som fört med sig stora satsningar på informations- och cybersäkerhet i höstbudgeten och ett internationellt tillslag mot den krypterade kommunikationstjänsten Ghost.

Trevlig helg!

Nyheter i veckan

1.3 million Android-based TV boxes backdoored; researchers still don’t know how (13 sep)https://arstechnica.com/security/2024/09/researchers-still-dont-know-how-1-3-million-android-streaming-boxes-were-backdoored/

Ransomware Group Leaks Data Allegedly Stolen From Kawasaki Motors (16 sep)https://www.securityweek.com/ransomware-group-leaks-data-allegedly-stolen-from-kawasaki-motors/

Data on nearly 1 million NHS patients leaked online following ransomware attack on London hospitals (16 sep)https://therecord.media/data-on-nearly-1-million-nhs-patients-leaked-hospital-ransomware

Owner of only US platinum mine confirms data breach after ransomware claims (16 sep)https://therecord.media/stillwater-mining-company-montana-platinum-data-breach

Google Fixes GCP Composer Flaw That Could’ve Led to Remote Code Execution (16 sep)https://thehackernews.com/2024/09/google-fixes-gcp-composer-flaw-that.html

Recent WhatsUp Gold Vulnerabilities Possibly Exploited in Ransomware Attacks (17 sep)https://www.securityweek.com/recent-whatsup-gold-vulnerabilities-possibly-exploited-in-ransomware-attacks/

Krypterad kommunikationstjänst har slagits ut i en internationell polisoperation (18 sep)https://polisen.se/aktuellt/nyheter/nationell/2024/september/krypterad-kommunikationstjanst-har-slagits-ut-i-en-internationell-polisoperation/…
Global Coalition Takes Down New Criminal Communication Platform (18 sep)https://www.europol.europa.eu/media-press/newsroom/news/global-coalition-takes-down-new-criminal-communication-platform

Historisk satsning på cybersäkerhet (18 sep)https://regeringen.se/pressmeddelanden/2024/09/historisk-satsning-pa-cybersakerhet/

Chinese botnet infects 260,000 SOHO routers, IP cameras with malware (18 sep)https://www.bleepingcomputer.com/news/security/flax-typhoon-hackers-infect-260-000-routers-ip-cameras-with-botnet-malware/

Providence public schools still struggling with internet outages after ‘irregular activity’ (18 sep)https://therecord.media/providence-schools-outage-cyberattack-wifi

Germany seizes leak site of ‘Vanir’ ransomware operation (18 sep)https://therecord.media/germany-seizes-vanir-ransomware-leak

FTC exposes massive surveillance of kids, teens by social media giants (19 sep)https://www.bleepingcomputer.com/news/technology/ftc-exposes-massive-surveillance-of-kids-teens-by-social-media-giants/

Rapporter och fördjupningar

Malware locks browser in kiosk mode to steal Google credentials (14 sep)https://www.bleepingcomputer.com/news/security/malware-locks-browser-in-kiosk-mode-to-steal-google-credentials/

16th September – Threat Intelligence Report (16 sep)https://research.checkpoint.com/2024/16th-september-threat-intelligence-report/

Beware the Rising Tide: Financial Services Is Awash in Attacks (17 sep)https://www.akamai.com/blog/security/financial-services-is-awash-in-attacks

What Can We Learn From NIST Cybersecurity Framework (CSF) 2.0? (17 sep)https://techround.co.uk/tech/what-can-learn-nist-cybersecurity-framework-csf/

Storm clouds on the horizon: Resurgence of TeamTNT? (18 sep)https://www.group-ib.com/blog/teamtnt/

Exotic SambaSpy is now dancing with Italian users (18 sep)https://securelist.com/sambaspy-rat-targets-italian-users/113851/

ENISA Threat Landscape 2024 (19 sep)https://www.enisa.europa.eu/publications/enisa-threat-landscape-2024

Evilginx Gmail & Outlook Attacks Can Bypass 2FA, Security Expert Warns (19 sep)https://www.forbes.com/sites/daveywinder/2024/09/19/evilginx-gmail–outlook-attacks-can-bypass-2fa-security-expert-warns/

UNC1860 and the Temple of Oats: Iran’s Hidden Hand in Middle Eastern Networks (19 sep)https://cloud.google.com/blog/topics/threat-intelligence/unc1860-iran-middle-eastern-networks/

Informationssäkerhet och blandat

Secure by Design Alert: Eliminating Cross-Site Scripting Vulnerabilities (17 sep)https://www.cisa.gov/resources-tools/resources/secure-design-alert-eliminating-cross-site-scripting-vulnerabilities

Har du koll på dina SaaS-backuper? (18 sep)https://computersweden.se/article/3514909/har-du-koll-pa-dina-saas-backuper.html

Ready to Rumble: US Women’s Cyber Team Preps for Global CTF Contest (18 sep)https://www.darkreading.com/cybersecurity-operations/us-women-cyber-team-global-ctf-contest

Unexplained ‘Noise Storms’ flood the Internet, puzzle experts (19 sep)https://www.bleepingcomputer.com/news/security/unexplained-noise-storms-flood-the-internet-puzzle-experts/

CISA boss: Makers of insecure software are the real cyber villains (20 sep)https://www.theregister.com/2024/09/20/cisa_sloppy_vendors_cybercrime_villains/

Companies Often Pay Ransomware Attackers Multiple Times (20 sep)https://securityboulevard.com/2024/09/companies-often-pay-ransomware-attackers-multiple-times/

CERT-SE i veckan

Kritisk sårbarhet i Solarwinds Access Rights Manager (13 sep)https://www.cert.se/2024/09/kritisk-sarbarhet-i-solarwinds-access-rights-manager.html

Kritiska sårbarheter i Ivanti-produkter (Uppdaterad 16 sep)https://www.cert.se/2024/09/kritiska-sarbarheter-i-ivantiprodukter.html

Kritisk sårbarhet i VMware vCenter Server (18 sep)https://www.cert.se/2024/09/kritiska-sarbarheter-i-vmware-vcenter-server.html

Kritisk sårbarhet i GitLab (19 sep)https://www.cert.se/2024/09/kritisk-sarbarhet-i-GitLab-SAML.html

Kritiska sårbarheter i Ivanti-produkter (uppdaterad 20 sep)https://www.cert.se/2024/09/kritiska-sarbarheter-i-ivantiprodukter.html

VECKOBREV

Det har varit patchtisdag och CERT-SE har publicerat sammanfattningar av säkerhetsuppdateringar från Microsoft, Adobe och Ivanti. Se till att uppdatera dessa, och övriga sårbarheter vi skrivit om i veckan, så snart det går. Vi har även varit och lyssnat på intressanta föredrag och diskussioner på SEC-T, se länk till deras livestream längst ner i veckobrevet. Trevlig helg önskar CERT-SE!

Nyheter i veckan

Payment gateway data breach affects 1.7 million credit card owners (9 sep)https://www.bleepingcomputer.com/news/security/payment-gateway-data-breach-affects-17-million-credit-card-owners

Highline Public Schools closes schools following cyberattack (9 sep)https://www.bleepingcomputer.com/news/security/highline-public-schools-closes-schools-following-cyberattack

Avis Data Breach Impacts 300,000 Car Rental Customers (9 sep)https://www.securityweek.com/300000-impacted-by-data-breach-at-car-rental-firm-avis

New RAMBO Attack Allows Air-Gapped Data Theft via RAM Radio Signals (9 sep)https://www.securityweek.com/new-rambo-attack-allows-air-gapped-data-theft-via-ram-radio-signals

Nätfiskemejl sprider skadligt program i Googleskrud (10 sep)https://www.aktuellsakerhet.se/natfiskemejl-sprider-skadligt-program-i-googleskrud

Popular French retailers confirm hackers stole customer data (11 sep)https://therecord.media/france-retailers-hacked-confirm-cyberattack

SBOMs and the importance of inventory (11 sep)https://www.ncsc.gov.uk/blog-post/sboms-and-the-importance-of-inventory

UK designates the data center sector part of its ‘Critical National Infrastructure’ (12 sep)https://therecord.media/uk-designates-data-centers-critical-infrastructure

BT logs 2,000 signals of potential cyber attacks per second (12 sep)https://www.commsbusiness.co.uk/content/news/bt-logs-2-000-signals-of-potential-cyber-attacks-per-second

Data centres to be given massive boost and protections from cyber criminals and IT blackouts (12 sep)https://www.gov.uk/government/news/data-centres-to-be-given-massive-boost-and-protections-from-cyber-criminals-and-it-blackouts

New Android Malware ‘Ajina.Banker’ Steals Financial Data and Bypasses 2FA via Telegram (12 sep)https://thehackernews.com/2024/09/new-android-malware-ajinabanker-steals.html

Fortinet confirms data breach after hacker claims to steal 440GB of files (12 sep)https://www.bleepingcomputer.com/news/security/fortinet-confirms-data-breach-after-hacker-claims-to-steal-440gb-of-files

Transport for London confirms 5,000 users’ bank data exposed, pulls large chunks of IT infra offline (12 sep)https://www.theregister.com/2024/09/12/transport_for_londons_cyber_attack

Falska uppdateringar drabbar många svenska företag (13 sep)https://www.securityuser.com/se/Nyheter/Samhalle/falska-uppdateringar-drabbar-manga-svenska-foretag

It-expertens känga till Hofors kommun: ”På gränsen till tjänstefel” (13 sep)https://www.svt.se/nyheter/lokalt/gavleborg/it-expertens-kanga-till-hofors-kommun-pa-gransen-till-tjanstefel

Rapporter och analyser

Earth Preta Evolves its Attacks with New Malware and Strategies (9 sep)https://www.trendmicro.com/en_us/research/24/i/earth-preta-new-malware-and-strategies.html

Threat Assessment: Repellent Scorpius, Distributors of Cicada3301 Ransomware (10 sep)https://unit42.paloaltonetworks.com/repellent-scorpius-cicada3301-ransomware

H1 2024: Malware and Vulnerability Trends Report (10 sep)https://www.recordedfuture.com/research/h1-2024-malware-and-vulnerability-trends-report

Blog: Key Findings from Ontinue’s 1H 2024 Threat Intelligence Report (10 sep)https://www.ontinue.com/resource/1h-2024-threat-intelligence-report

Protecting Against RCE Attacks Abusing WhatsUp Gold Vulnerabilities (12 sep)https://www.trendmicro.com/en_us/research/24/i/whatsup-gold-rce.html

Informationssäkerhet och blandat

Recommendations on hosting sensitive information systems in the cloud (4 sep)https://cyber.gouv.fr/en/publications/recommendations-hosting-sensitive-information-systems-cloud

Commercial Spyware Use Roars Back Despite Sanctions (6 sep)https://www.darkreading.com/threat-intelligence/commercial-spyware-use-roars-back-despite-sanctions

SEC-T livestream (10-12 sep)https://www.sec-t.org/

CERT-SE i veckan

Kritisk sårbarhet i SonicWall (9 sep)https://www.cert.se/2024/09/kritisk-sarbarhet-i-SonicWall.html

Microsofts månatliga säkerhetsuppdateringar för september 2024 (11 sep)https://www.cert.se/2024/09/microsofts-manatliga-sakerhetsuppdateringar-for-september-2024.html

Adobes månatliga säkerhetsuppdateringar för september 2024 (11 sep)https://www.cert.se/2024/09/adobes-manatliga-sakerhetsuppdateringar-for-september-2024.html

Kritiska sårbarheter i Ivanti-produkter (11 sep)https://www.cert.se/2024/09/kritiska-sarbarheter-i-ivantiprodukter.html

Kritisk sårbarhet i Gitlab (12 sep)https://www.cert.se/2024/09/kritisk-sarbarhet-i-GitLab.html

VECKOBREV

Det har varit en händelserik vecka på it-säkerhetsområdet, både nationellt och internationellt. Här hittar du blandade nyheter och inlägg från veckan som gått.

Trevlig helg!

Nyheter i veckan

Toronto school board confirms students’ info stolen as LockBit claims breach (30 aug)https://therecord.media/toronto-school-district-board-ransomware

Researcher sued for sharing data stolen by ransomware with media (30 aug)https://www.bleepingcomputer.com/news/security/researcher-sued-for-sharing-data-stolen-by-ransomware-with-media/

Check your IP cameras: There’s a new Mirai botnet on the rise (31 aug)https://www.theregister.com/2024/08/31/ip_cameras_mirai_botnet/

Linux version of new Cicada ransomware targets VMware ESXi servers (1 sep)https://www.bleepingcomputer.com/news/security/cicada3301-ransomwares-linux-encryptor-targets-vmware-esxi-systems/

German air traffic control agency confirms cyberattack, says operations unaffected (2 sep)https://therecord.media/german-air-traffic-control-company-deutsche-flugsicherung-cyberattack

Få svenska företag har en genomtänkt strategi för AI (2 sep)https://computersweden.se/article/3499748/fa-svenska-foretag-har-en-genomtankt-strategi-for-ai.html

Transport for London (TfL) is dealing with an ongoing cyberattack (2 sep)https://securityaffairs.com/167946/hacking/transport-for-london-tfl-ongoing-cyberattack.html

Säkerhetskollen: Varning för kryptobedrägeri (2 sep)https://sakerhetskollen.se/aktuella-brott/varning-for-kryptobedrageri

Ransomware Gangs Pummel Southeast Asia (2 sep)https://www.darkreading.com/cyber-risk/ransomware-gangs-pummel-southeast-asia

Ex-Engineer Charged in Missouri for Failed $750,000 Bitcoin Extortion Attempt (3 sep)https://thehackernews.com/2024/09/ex-engineer-charged-in-missouri-for.html

Oil titan Halliburton confirms data was stolen in cyberattack (3 sep)https://therecord.media/halliburton-confirms-data-stolen-in-incident

The government isn’t ready for cyber chaos in the food and agriculture sector (3 sep)https://therecord.media/government-is-not-ready-for-food-agriculture-cybersecurity-usda

YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel (3 sep)https://arstechnica.com/security/2024/09/yubikeys-are-vulnerable-to-cloning-attacks-thanks-to-newly-discovered-side-channel/

Clearview AI Faces €30.5M Fine for Building Illegal Facial Recognition Database (4 sep)https://thehackernews.com/2024/09/clearview-ai-faces-305m-fine-for.html

Ängelholm kommun satsar på brottsförebyggande arbete i den digitala miljön (4 sep)https://www.aktuellsakerhet.se/angelholm-kommun-satsar-pa-brottsforebyggande-arbete-i-den-digitala-miljon/

Cyberattack confirmed by Planned Parenthood of Montana amid RansomHub claims (5 sep)https://www.scmagazine.com/brief/cyberattack-confirmed-by-planned-parenthood-of-montana-amid-ransomhub-claims

Sommar och sol – då surfar svenskarna som mest (5 sep)https://computersweden.se/article/3505465/sommar-och-sol-da-surfar-svenskarna-som-mest.html

Three Billion Packets Per Second DDoS Attack Stopped (5 sep)https://insight.scmagazineuk.com/three-billion-packets-per-second-ddos-attack-stopped

Elektroskandia hackade – centrallagret i Örebro påverkat (5 sep)https://www.svt.se/nyheter/lokalt/orebro/elektroskandia-hackade-centrallagret-i-orebro-paverkat

Pavel Durov Criticizes Outdated Laws After Arrest Over Telegram Criminal Activity (6 sep)https://thehackernews.com/2024/09/paul-durov-criticizes-outdated-laws.html

Rapporter och fördjupningar

State-backed attackers and commercial surveillance vendors repeatedly use the same exploits (29 aug)https://blog.google/threat-analysis-group/state-backed-attackers-and-commercial-surveillance-vendors-repeatedly-use-the-same-exploits/

Dissecting the Cicada (30 aug)https://www.truesec.com/hub/blog/dissecting-the-cicada

Spoofed GlobalProtect Used to Deliver Unique WikiLoader Variant (2 sep)https://unit42.paloaltonetworks.com/global-protect-vpn-spoof-distributes-wikiloader/

CERT-EU Threat Intelligence: Cyber Brief August 2024 (4 sep)https://www.cert.europa.eu/publications/threat-intelligence/cb24-09/

Getting “in tune” with an enterprise: Detecting Intune lateral movement (4 sep)https://securityintelligence.com/x-force/detecting-intune-lateral-movement/

SANS: Enrichment Data – Keeping it Fresh (5 sep)https://isc.sans.edu/diary/Enrichment%20Data%3A%20Keeping%20it%20Fresh/31236

Informationssäkerhet och blandat

Connected Communities Guidance: Zero Trust to Protect Interconnected Systems (29 aug)https://www.cisa.gov/resources-tools/resources/connected-communities-guidance-zero-trust-protect-interconnected-systems

Internationella Sudoku-dagen 9 september: No Such Puzzle – Bite-sized Sudoku (31 aug)https://www.nsa.gov/Puzzles/View/Article/3891254/no-such-puzzle-bite-sized-sudoku/

Digital twins: secure design and development (2 sep)https://www.ncsc.gov.uk/blog-post/digital-twins-secure-design-development

Här är Folkhälsomyndighetens nya rekommendationer kring barns skärmtid (2 sep)https://www.svt.se/nyheter/inrikes/ungas-skarmanvandning-kan-skada-halsan-nu-foreslas-rekommendationer

White House Office of the National Cyber Director Releases Roadmap to Enhance Internet Routing Security (3 sep)https://www.whitehouse.gov/oncd/briefing-room/2024/09/03/press-release-white-house-office-of-the-national-cyber-director-releases-roadmap-to-enhance-internet-routing-security/

Förtroendet för biometri ökar – var tredje svensk vill låsa upp allt med fingeravtryck (4 sep)https://www.aktuellsakerhet.se/fortroendet-for-biometri-okar-var-tredje-svensk-vill-lasa-upp-allt-med-fingeravtryck/

CERT-SE i veckan

Kritisk sårbarhet i Zyxel-produkter (3 sep)https://www.cert.se/2024/09/kritisk-sarbarhet-i-zyxel-produkter.html

VECKOBREV

Ett matigt veckobrev med flera händelser från Sverige och omvärlden denna sista vecka i augusti. Vi vill uppmärksamma att Informationssäkerhet.se efter lång och trogen tjänst gått i pension och att informationen nu finns samlad på msb.se. Där hittar du även MSB:s metodstöd för systematiskt informationssäkerhet.

https://www.msb.se/sv/aktuellt/nyheter/2024/augusti/informationssakerhet.se-har-gatt-i-pension-och-metodstodet-har-ny-webbplats

Trevlig helg!

Nyheter i veckan

Latvian Hacker Extradited to U.S. for Role in Karakurt Cybercrime Group (23 aug)https://thehackernews.com/2024/08/latvian-hacker-extradited-to-us-for.html

Färre cyberattacker i Sverige efter Natointrädet (23 aug)https://sverigesradio.se/artikel/farre-cyberattacker-i-sverige-efter-natointradet

Telegram Founder Pavel Durov Arrested in France for Content Moderation Failures (25 aug)https://thehackernews.com/2024/08/telegram-founder-pavel-durov-arrested.html

Seattle-Tacoma Airport In The Crosshairs Of Hackers (25 aug)https://www.forbes.com/sites/emilsayegh/2024/08/25/seattle-tacoma-airport-in-the-crosshairs-of-hackers/

Cyberattacker mot myndigheter blir mer avancerade (25 aug)https://sverigesradio.se/artikel/cyberattacker-mot-myndigheter-blir-mer-avancerade

Patelco notifies 726,000 customers of ransomware data breach (26 aug)https://www.bleepingcomputer.com/news/security/patelco-notifies-726-000-customers-of-ransomware-data-breach/

Stor driftstörning för Telenor i Göteborg (26 aug)https://www.gp.se/nyheter/goteborg/stor-driftstorning-for-telenor-i-goteborg.371848fd-dd5b-4674-955d-fbda33aa0e97

Liseberg varnar kunder – efter anställds felklick (27 aug)https://www.aftonbladet.se/nyheter/a/GyPjAV/liseberg-varnar-kunder-utsatts-for-dataintrang

Falske mails fra CFCS i omløb (27 aug)https://www.cfcs.dk/da/nyheder/2024/falske-mails-fra-cfcs/

BlackSuit ransomware stole data of 950,000 from software vendor (27 aug)https://www.bleepingcomputer.com/news/security/blacksuit-ransomware-stole-data-of-950-000-from-software-vendor/

US Marshals Service disputes ransomware gang’s breach claims (27 aug)https://www.bleepingcomputer.com/news/security/us-marshals-service-disputes-ransomware-gangs-breach-claims/

Intel officials say they anticipate more hacking attempts as US election nears (28 aug)https://therecord.media/intel-officials-anticipate-more-hacking-attempts-us-election-trump-harris

‘Malfunction’ at Dutch defense ministry datacenter causing mass disruption (28 aug)https://therecord.media/netherlands-defense-ministry-data-center-malfunction-outages

Employee arrested for locking Windows admins out of 254 servers in extortion plot (28 aug)https://www.bleepingcomputer.com/news/security/employee-arrested-for-locking-windows-admins-out-of-254-servers-in-extortion-plot/

Dataintrång hos Region Värmlands leverantör av sms-tjänster (28 aug)https://lakartidningen.se/aktuellt/nyheter/2024/08/dataintrang-hos-region-varmlands-leverantor-av-sms-tjanster/

Postnord i Jönköping i normalläge efter cyberattack (28 aug)https://www.svt.se/nyheter/lokalt/jonkoping/cyberattack-tvingade-postnord-till-isolering

NHS staff mobile numbers revealed in data breach (29 aug)https://www.bbc.com/news/articles/cly3g49pkz4o

Center for Cybersikkerhed overføres til Ministerium for Samfundssikkerhed og Beredskab (30 aug)https://www.cfcs.dk/da/nyheder/2024/center-for-cybersikkerhed-overfores/

Rapporter och fördjupningar

Bling Libra’s Tactical Evolution: The Threat Actor Group Behind ShinyHunters Ransomware (23 aug)https://unit42.paloaltonetworks.com/shinyhunters-ransomware-extortion/

PSA: These ‘Microsoft Support’ ploys may just fool you (26 aug)https://www.malwarebytes.com/blog/scams/2024/08/psa-these-microsoft-support-ploys-may-just-fool-you

Linux malware sedexp uses udev rules for persistence and evasion (26 aug)https://securityaffairs.com/167567/malware/linux-malware-sedexp.html

China’s Volt Typhoon Exploits Zero-Day in Versa’s SD-WAN Director Servers (27 aug)https://www.darkreading.com/cyberattacks-data-breaches/china-s-volt-typhoon-actively-exploiting-now-patched-0-day-in-versa-director-servers…
Taking the Crossroads: The Versa Director Zero-Day Exploitation (27 aug)https://blog.lumen.com/taking-the-crossroads-the-versa-director-zero-day-exploitation/

Windows Downdate tool lets you ‘unpatch’ Windows systems (27 aug)https://www.bleepingcomputer.com/news/microsoft/windows-downdate-tool-lets-you-unpatch-windows-systems/

Lösenord och flerfaktorsautentisering (27 aug)https://www.ncsc.se/aktuellt/losenord-och-flerfaktorsautentisering/

Attack tool update impairs Windows computers (27 aug)https://news.sophos.com/en-us/2024/08/27/burnt-cigar-2/

5 Key Takeaways: Ransomware Attacks on Healthcare, Education, and Public Sector (27 aug)https://www.zscaler.com/blogs/security-research/5-key-takeaways-ransomware-attacks-healthcare-education-and-public-sector

Microsoft Sway abused in massive QR code phishing campaign (27 aug)https://www.bleepingcomputer.com/news/security/microsoft-sway-abused-in-massive-qr-code-phishing-campaign/

Cybercriminals capitalize on travel industry’s peak season (28 aug)https://www.helpnetsecurity.com/2024/08/28/cybercriminals-capitalize-travel-season/

Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations (28 aug)https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-241a

Cisco: BlackByte ransomware gang only posting 20% to 30% of successful attacks (28 aug)https://therecord.media/blackbyte-ransomware-group-posting-fraction-of-leaks…
https://blog.talosintelligence.com/blackbyte-blends-tried-and-true-tradecraft-with-newly-disclosed-vulnerabilities-to-support-ongoing-attacks/

Peach Sandstorm deploys new custom Tickler malware in long-running intelligence gathering operations (28 aug)https://www.microsoft.com/en-us/security/blog/2024/08/28/peach-sandstorm-deploys-new-custom-tickler-malware-in-long-running-intelligence-gathering-operations/

When Get-Out-The-Vote Efforts Look Like Phishing (28 aug)https://krebsonsecurity.com/2024/08/when-get-out-the-vote-efforts-look-like-phishing/

Deep Analysis of Snake Keylogger’s New Variant (28 aug)https://www.fortinet.com/blog/threat-research/deep-analysis-of-snake-keylogger-new-variant

State-backed attackers and commercial surveillance vendors repeatedly use the same exploits (29 aug)https://blog.google/threat-analysis-group/state-backed-attackers-and-commercial-surveillance-vendors-repeatedly-use-the-same-exploits/

#StopRansomware: RansomHub Ransomware (29 aug)https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-242a

Gartner: Allt vanligare att AI används vid cyberattacker (29 aug)https://computersweden.se/article/3498239/gartner-allt-vanligare-att-ai-anvands-vid-cyberattacker.html

Silent Intrusions: Godzilla Fileless Backdoors Targeting Atlassian Confluence (30 aug)https://www.trendmicro.com/en_se/research/24/h/godzilla-fileless-backdoors.html

Informationssäkerhet och blandat

Cyberungdom – Cyberlovhttps://www.fro.se/education/cyberungdom-cyberlov/

NSA releases copy of internal lecture delivered by computing giant Rear Adm. Grace Hopper (26 aug)https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3884041/nsa-releases-copy-of-internal-lecture-delivered-by-computing-giant-rear-adm-gra/

Vad gör vi om en undervattenskabel sprängs – kan rymden rädda internet då? (26 aug)https://computersweden.se/article/3491918/vad-gor-vi-om-en-undervattenskabel-sprangs-kan-rymden-radda-internet-da.html

EU-parlamentet anmäls för brott mot GDPR (26 aug>https://computersweden.se/article/3496027/eu-parlamentet-anmals-for-brott-mot-gdpr.html

Amerikanska företag kritiska till regeringsförslag om cybersäkerhet (26 aug)https://www.securityworldmarket.com/se/Nyheter/Foretagsnyheter/amerikanska-foretag-starkt-kritiska-till-regeringsforslag-om-cybersakerhet

How a Scottish university’s £2.5 million ‘telescope’ will tackle space debris and cyberattacks (28 aug)https://www.scotsman.com/business/how-a-scottish-universitys-ps25-million-telescope-will-tackle-space-debris-and-cyberattacks-4757160

En av Europas kraftfullaste AI-datorer byggs i Falun – investering på åtta miljarder kronor (28 aug)https://www.svt.se/nyheter/lokalt/dalarna/europas-kraftfullaste-ai-dator-byggs-i-falun-investering-pa-atta-miljarder-kronor

Google Now Offering Up to $250,000 for Chrome Vulnerabilities (28 aug)https://www.securityweek.com/google-now-offering-up-to-250000-for-chrome-vulnerabilities/

Säpo: Ökad risk för ryskt sabotage på svensk mark (29 aug)https://www.svt.se/nyheter/inrikes/sapo-okad-risk-for-ryskt-sabotage-pa-svensk-mark

Informationssäkerhet.se har gått i pension och metodstödet har ny webbplats (29 aug)https://www.msb.se/sv/aktuellt/nyheter/2024/augusti/informationssakerhet.se-har-gatt-i-pension-och-metodstodet-har-ny-webbplats/

VECKOBREV

Denna vecka bjuder vi på läsning om allt från nätfiske via fildelningsverktyg till nattliga utpressningsangrepp och hur man bäst upptäcker skadlig DNS-trafik. Trevlig helg önskar CERT-SE!

Nyheter i veckan

Planning for mandatory multifactor authentication for Azure and other administration portals (15 aug)https://learn.microsoft.com/en-us/entra/identity/authentication/concept-mandatory-multifactor-authentication

Serious flaws in Microsoft apps on macOS could let hackers spy on users (19 aug)https://www.itpro.com/security/serious-flaws-in-microsoft-apps-on-macos-could-let-hackers-spy-on-users

Cybercriminals Exploit Popular Software Searches to Spread FakeBat Malware (19 aug)https://thehackernews.com/2024/08/cybercriminals-exploit-popular-software.html

National Public Data Says Breach Impacts 1.3 Million People (19 aug)https://www.securityweek.com/national-public-data-says-breach-impacts-1-3-million-people

FBI and CISA Assure Public on Election Ransomware Security (19 aug)https://www.infosecurity-magazine.com/news/cisa-assure-public-election

Microsoft har en lösning för att förhindra nästa Crowdstrike-fiasko. Men är det en bra lösning? (20 aug)https://computersweden.se/article/3488305/microsoft-har-en-losning-for-att-forhindra-nasta-crowdstrike-fiasko-men-ar-det-en-bra-losning.html

Most Ransomware Attacks Occur When Security Staff Are Asleep, Study Finds (20 aug)https://www.techrepublic.com/article/ransomware-trends-malwarebytes

Abnormal sees 350% uptick in phishing via file-sharing sites (20 aug)https://securitybrief.co.nz/story/abnormal-sees-350-uptick-in-phishing-via-file-sharing-sites

City council faces £216.5M loss over Oracle system debacle (20 aug)https://www.theregister.com/2024/08/20/birmingham_oracle_cost

Helsinki braced for elevated cyber attacks (20 aug)https://www.computerweekly.com/news/366605792/Helsinki-braced-for-elevated-cyber-attacks

Granngården kräver Tietoevry på skadestånd – förlorade 100 miljoner på it-attacken (21 aug)https://computersweden.se/article/3489598/granngarden-kraver-tietoevry-pa-skadestand-forlorade-100-miljoner-pa-it-attacken.html

Top US oilfield firm Halliburton hit by cyberattack, source says (21 aug)https://www.reuters.com/technology/cybersecurity/top-us-oilfield-firm-halliburton-hit-by-cyberattack-2024-08-21

Hackers steal banking creds from iOS, Android users via PWA apps (21 aug)https://www.bleepingcomputer.com/news/security/hackers-steal-banking-creds-from-ios-android-users-via-pwa-apps

FAA proposes new cybersecurity rules for airplanes (21 aug)https://therecord.media/faa-new-cybersecurity-rules-airplanes

Cyberattack Disrupts Microchip Technology Manufacturing Facilities (21 aug)https://www.securityweek.com/cyberattack-disrupts-microchip-technology-manufacturing-facilities

Average DDoS attack costs $6,000 per minute (21 aug)https://www.helpnetsecurity.com/2024/08/21/ddos-attacks-duration-surge

Cisco calls for United Nations to revisit cyber crime Convention (22 aug)https://www.theregister.com/2024/08/22/cisco_criticizes_un_cybercrime_convention

This uni thought it would be a good idea to do a phishing test with a fake Ebola scare (22 aug)https://www.theregister.com/2024/08/22/ucsc_phishing_test_ebola

Färre cyberattacker i Sverige efter Natointrädet (23 aug)https://sverigesradio.se/artikel/farre-cyberattacker-i-sverige-efter-natointradet

Rapporter och analyser

Don’t get Mad, get wise (13 aug)https://news.sophos.com/en-us/2024/08/13/dont-get-mad-get-wise

Leaked Environment Variables Allow Large-Scale Extortion Operation of Cloud Environments (15 aug)https://unit42.paloaltonetworks.com/large-scale-cloud-extortion-operation

Unmasking Styx Stealer: How a Hacker’s Slip Led to an Intelligence Treasure Trove (16 aug)https://research.checkpoint.com/2024/unmasking-styx-stealer-how-a-hackers-slip-led-to-an-intelligence-treasure-trove

Surge in Software Supply Chain Attacks Demands Heightened Third-Party Vigilance (20 aug)https://cyble.com/blog/surge-in-software-supply-chain-attacks-heightens-third-party-vigilance

ASD’s ACSC, CISA, FBI, and NSA, with the support of International Partners Release Best Practices for Event Logging and Threat Detection (21 aug)https://www.cisa.gov/news-events/alerts/2024/08/21/asds-acsc-cisa-fbi-and-nsa-support-international-partners-release-best-practices-event-logging-and

Threat Spotlight: How ransomware for rent rules the threat landscape (21 aug)https://blog.barracuda.com/2024/08/21/threat-spotlight-ransomware-rent-threat-landscape

Autoencoder Is All You Need: Profiling and Detecting Malicious DNS Traffic (21 aug)https://unit42.paloaltonetworks.com/profiling-detecting-malicious-dns-traffic

Ransomware Landscape H1/2024 (22 aug)https://labs.withsecure.com/publications/ransomware-landscape-h1-2024

Informationssäkerhet och blandat

Varning för nya nätfiskekampanjer (16 aug)https://sakerhetskollen.se/aktuella-brott/varning-for-nya-natfiskekampanjer

Nyt sekretariat i CFCS skal hjælpe organisationer med at overgå til kvantesikker kryptografi (19 aug)https://www.cfcs.dk/da/nyheder/2024/nyt-sekretariat-i-cfcs

Varning för bluffmejl (22 aug)https://www.skatteverket.se/omoss/pressochmedia/nyheter/2024/nyheter/varningforbluffmejl.5.5dc1d8b31903014b1bf400a.html

CERT-SE i veckan

Kritisk sårbarhet i SolarWinds Web Help Desk (15 aug)https://www.cert.se/2024/08/kritisk-sarbarhet-i-solarwinds-web-help-desk.html

Ytterligare en kritisk sårbarhet i Solarwinds Web Help Desk (22 aug)https://www.cert.se/2024/08/ytterligare-en-kritisk-sarbarhet-i-solarwinds-web-help-desk.html

VECKOBREV

Det har varit patchtisdag och CERT-SE har uppmärksammat sårbarheter i flertalet artiklar på vår webbplats denna vecka. För många är detta första veckan tillbaka från semestern och frågar du oss är en genomgång av potentiellt sårbara system i den egna it-miljön ett bra sätt att kickstarta höstterminen.

Trevlig helg önskar vi på CERT-SE!

Nyheter i veckan

Problem för e-tidningar (10 aug)https://www.aftonbladet.se/nyheter/a/Rr77qd/aftonbladet-direkt?pinnedEntry=1283967

Hackers leak 2.7 billion data records with Social Security numbers (11 aug)https://www.bleepingcomputer.com/news/security/hackers-leak-27-billion-data-records-with-social-security-numbers/

Kivra låg nere i flera timmar (13 aug)https://www.tv4.se/artikel/4FhWsNmcz0UUoS1Ygu7UXO/tekniska-problem-foer-kivra

Dispossessor ransomware group shut down by US, European authorities (13 aug)https://www.reuters.com/technology/cybersecurity/dispossessor-ransomware-group-shut-down-by-us-european-authorities-2024-08-13/

Elon Musk claims live Trump interview on X derailed by DDoS (13 aug)https://www.theregister.com/2024/08/13/trump_musk_livestream_ddos_delay/

Ukraine Warns of New Phishing Campaign Targeting Government Computers (13 aug)https://thehackernews.com/2024/08/ukraine-warns-of-new-phishing-campaign.html

‘Prolific’ malvertising scammer arrested and extradited to US to face charges (13 aug)https://therecord.media/prolific-scammer-arrested-extradited-us

Google says Iranian efforts to hack US presidential campaigns are ongoing and wide-ranging (14 aug)https://edition.cnn.com/2024/08/14/politics/google-iran-hacking-presidential-election/index.html

Rapporter och fördjupningar

Unit42 – Ransomware Review: First Half of 2024 (9 aug)https://unit42.paloaltonetworks.com/unit-42-ransomware-leak-site-data-analysis/

New AMD SinkClose flaw helps install nearly undetectable malware (9 aug)https://www.bleepingcomputer.com/news/security/new-amd-sinkclose-flaw-helps-install-nearly-undetectable-malware/

How Phishing Attacks Adapt Quickly to Capitalize on Current Events (12 aug)https://thehackernews.com/2024/08/how-phishing-attacks-adapt-quickly-to.html

Server-Side Template Injection: Transforming Web Applications from Assets to Liabilities (12 aug)https://research.checkpoint.com/2024/server-side-template-injection-transforming-web-applications-from-assets-to-liabilities/

ArtiPACKED: Hacking Giants Through a Race Condition in GitHub Actions Artifacts (13 aug)https://unit42.paloaltonetworks.com/github-repo-artifacts-leak-tokens/

GhostWrite: New T-Head CPU Bugs Expose Devices to Unrestricted Attacks (13 aug)https://thehackernews.com/2024/08/ghostwrite-new-t-head-cpu-bugs-expose.html

Compromising Microsoft’s AI Healthcare Chatbot Service (13 aug)https://www.tenable.com/blog/compromising-microsofts-ai-healthcare-chatbot-service

DDoS Attacks Surge 46% in First Half of 2024, Gcore Report Reveals (14 aug)https://thehackernews.com/2024/08/ddos-attacks-surge-46-in-first-half-of.html

Ransomware attackers introduce new EDR killer to their arsenal (14 aug)https://news.sophos.com/en-us/2024/08/14/edr-kill-shifter/

Rivers of Phish – Sophisticated Phishing Targets Russia’s Perceived Enemies Around the Globe (14 aug)https://citizenlab.ca/2024/08/sophisticated-phishing-targets-russias-perceived-enemies-around-the-globe/

Cyclops: a likely replacement for BellaCiao (14 aug)https://harfanglab.io/insidethelab/cyclops-replacement-bellaciao/

Dragos Industrial Ransomware Analysis: Q2 2024 (14 aug)https://www.dragos.com/blog/dragos-industrial-ransomware-analysis-q2-2024/

Ransomware gangs rake in more than $450 million in first half of 2024 (15 aug)https://therecord.media/ransomware-gangs-set-record-for-money-extorted

Informationssäkerhet och blandat

As he retires after two decades at Homeland Security, Brandon Wales reflects on CISA’s future (12 aug)https://therecord.media/retires-dhs-brandon-wales-cisa-future

92 procent av alla it-jobb förändras av AI (13 aug)https://computersweden.se/article/3485997/92-procent-av-alla-it-jobb-forandras-av-ai.html

NIST Releases First 3 Finalized Post-Quantum Encryption Standards (13 aug)https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards

MIT releases comprehensive database of AI risks (14 aug)https://venturebeat.com/ai/mit-releases-comprehensive-database-of-ai-risks/…https://airisk.mit.edu/

CERT-SE i veckan

Kritisk sårbarhet i Jenkins (12 aug)https://www.cert.se/2024/08/kritisk-sarbarhet-i-jenkins.html

Microsofts månatliga säkerhetsuppdateringar för augusti 2024 (14 aug)https://www.cert.se/2024/08/microsofts-manatliga-sakerhetsuppdateringar-for-augisti-2024.html

SAP:s månatliga säkerhetsuppdateringar för augusti 2024https://www.cert.se/2024/08/saps-manatliga-sakerhetsuppdateringar-for-augusti-2024.html

Kritiska sårbarheter i produkter från Ivanti (14 aug)https://www.cert.se/2024/08/kritiska-sarbarheter-i-produkter-fran-ivanti.html

Kritisk sårbarhet i Apache HTTP Server (15 aug)https://www.cert.se/2024/08/kritisk-sarbarhet-i-apache-http-server.html

Allvarliga sårbarheter i Zimbra Collaboration Suite (15 aug)https://www.cert.se/2024/08/allvarliga-sarbarheter-i-zimbra-collaboration-suite.html

Kritisk sårbarhet i SolarWinds Web Help Desk (15 aug)https://www.cert.se/2024/08/kritisk-sarbarhet-i-solarwinds-web-help-desk.html

Adobes månatliga säkerhetsuppdateringar för augusti 2024 (15 aug)https://www.cert.se/2024/08/adobes-manatliga-sakerhetsuppdateringar-for-augisti-2024.html

VECKOBREV

I Las Vegas har denna vecka Black Hat gått av stapeln, men vi vill också pusha för att i Linköping anordnar Frivilliga Radioorganisaitonen den 20-22 september en tjejhelg med cybersäkerhetstema. Mer information och länk för anmälan finns nedan. I övrigt blandade nyheter för veckan. Trevlig helg!

Nyheter i veckan

Linux kernel impacted by new SLUBStick cross-cache attack (3 aug)https://www.bleepingcomputer.com/news/security/linux-kernel-impacted-by-new-slubstick-cross-cache-attack/

Surge in Magniber ransomware attacks impact home users worldwide (4 aug)https://www.bleepingcomputer.com/news/security/surge-in-magniber-ransomware-attacks-impact-home-users-worldwide/amp/

Olympic venue among 40 museums hit by ransomware attack: French police source (5 aug)https://www.digitaljournal.com/world/olympic-venue-among-40-museums-hit-by-ransomware-attack-french-police-source/article

Microsoft Azure outage takes down services across North America (5 aug)https://www.bleepingcomputer.com/news/microsoft/microsoft-azure-outage-takes-down-services-across-north-america/

Ransomware gang targets IT workers with new SharpRhino malware (5 aug)https://www.bleepingcomputer.com/news/security/hunters-international-ransomware-gang-targets-it-workers-with-new-sharprhino-malware/

New LianSpy malware hides by blocking Android security feature (5 aug)https://www.bleepingcomputer.com/news/security/new-lianspy-malware-hides-by-blocking-android-security-feature/

Cyberattack Wipes 13,000 School Devices in Mobile Guardian Breach (6 aug)https://hackread.com/cyberattack-wipes-school-devices-mobile-guardian-breach/

Microsoft 365 anti-phishing feature can be bypassed with CSS (7 aug)https://www.bleepingcomputer.com/news/security/microsoft-365-anti-phishing-feature-can-be-bypassed-with-css/

Number of incidents affecting GitHub, Bitbucket, GitLab, and Jira continues to rise (7 aug)https://www.helpnetsecurity.com/2024/08/07/github-bitbucket-gitlab-jira-incidents/

Windows Update downgrade attack “unpatches” fully-updated systems (7 aug)https://www.bleepingcomputer.com/news/microsoft/windows-update-downgrade-attack-unpatches-fully-updated-systems/

Las Vegas police issues cyber advisory with cybersecurity, hacker conventions in town (8 aug)https://www.fox5vegas.com/2024/08/08/las-vegas-police-issues-cyber-advisory-with-cybersecurity-hacker-conventions-town/

0.0.0.0 Day: 18-Year-Old Browser Vulnerability Impacts MacOS and Linux Devices (8 aug)https://thehackernews.com/2024/08/0000-day-18-year-old-browser.html

Exclusive: Russian spies hacked UK government systems earlier this year, stole data and emails (8 aug)https://therecord.media/russia-hack-uk-government-home-office-microsoft

Rapporter och fördjupningar

Email attacks skyrocket 293% (6 aug)https://www.helpnetsecurity.com/2024/08/06/email-attacks-h1-2024/

External Technical Root Cause Analysis — Channel File 291 (6 aug)https://www.crowdstrike.com/wp-content/uploads/2024/08/Channel-File-291-Incident-Root-Cause-Analysis-08.06.2024.pdf

Dismantling Smart App Control (6 aug)https://www.elastic.co/security-labs/dismantling-smart-app-control

#StopRansomware: Blacksuit (Royal) Ransomware (7 aug)https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-061a

Malware-as-a-Service and Ransomware-as-a-Service lower barriers for cybercriminals (9 aug)https://www.helpnetsecurity.com/2024/08/09/maas-threat-landscape/

Informationssäkerhet och blandat

Sam Altman accused of being shady about OpenAI’s safety efforts (2 aug)https://arstechnica.com/tech-policy/2024/08/sam-altman-accused-of-being-shady-about-openais-safety-efforts/

Introducing Active Cyber Defence 2.0 (2 aug)https://www.ncsc.gov.uk/blog-post/introducing-active-cyber-defence-2

Windows Smart App Control, SmartScreen bypass exploited since 2018 (5 aug)https://www.bleepingcomputer.com/news/microsoft/windows-smart-app-control-smartscreen-bypass-exploited-since-2018/

INTERPOL Recovers $41 Million in Largest Ever BEC Scam in Singapore (6 aug)https://thehackernews.com/2024/08/interpol-recovers-41-million-in-largest.html

CISA Releases Secure by Demand Guidance (6 aug)https://www.cisa.gov/news-events/alerts/2024/08/06/cisa-releases-secure-demand-guidance

Royal ransomware successor BlackSuit has demanded more than $500 million (7 aug)https://therecord.media/royal-ransomware-blacksuit-half-billion

Best Practices for Cisco Device Configuration (8 aug)https://www.cisa.gov/news-events/alerts/2024/08/08/best-practices-cisco-device-configuration

Secure by Demand Guide: How Software Customers Can Drive a Secure Technology Ecosystemhttps://www.cisa.gov/resources-tools/resources/secure-demand-guide

Tjejhelg med FRO – Upptäck cybersäkerhethttps://linkopingsciencepark.se/event/tjejhelg-med-fro-upptack-cybersakerhet/

CERT-SE i veckan

Sårbarheter i Roundcube (6 aug)https://www.cert.se/2024/08/sarbarheter-i-roundcube.html

VECKOBREV

Vi kliver in i augusti med ett matigt och varierat nyhetssvep med djupdykningar i skadlig kod och angreppsmetoder, kritiska säkerhetshål och cybersäkerhetshändelser från världen över.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Acronis warns of Cyber Infrastructure default password abused in attacks (26 jul)https://www.bleepingcomputer.com/news/security/acronis-warns-of-cyber-infrastructure-default-password-abused-in-attacks/

French Internet Lines Cut in Latest Attack During Olympics (28 jul)https://www.bnnbloomberg.ca/business/company-news/2024/07/29/french-internet-cables-severed-in-latest-attack-during-olympics/

French authorities launch disinfection operation to eradicate PlugX malware from infected hosts (28 jul)https://securityaffairs.com/166213/cyber-crime/plugx-malware-disinfection-operation.html

ServiceNow Critical RCE Bugs Under Active Exploit (29 jul)https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit

Transportstyrelsen varnar för falska mejl (29 jul)https://sakerhetskollen.se/aktuella-brott/transportstyrelsen-varnar-for-falska-mejl

Intruders at HealthEquity rifled through storage, stole 4.3M people’s data (29 jul)https://www.theregister.com/2024/07/29/healthequity_says_data_breach_affects/

Proofpoint Email Routing Flaw Exploited to Send Millions of Spoofed Phishing Emails (29 jul)https://thehackernews.com/2024/07/proofpoint-email-routing-flaw-exploited.html..https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6

New Jersey City University hacked by ransomware group demanding $700K (29 jul)https://www.nj.com/hudson/2024/07/new-jersey-city-university-hacked-by-ransomware-group-demanding-700k.html

Microsoft 365 users targeted by phishers abusing Microsoft Forms (29 jul)https://www.helpnetsecurity.com/2024/07/29/microsoft-365-phishing-forms/

Attackers (Crowd)Strike with Infostealer Malware (29 jul)https://perception-point.io/blog/attackers-crowdstrike-with-infostealer-malware/

Dark Angels ransomware receives record-breaking $75 million ransom (30 jul)https://www.bleepingcomputer.com/news/security/dark-angels-ransomware-receives-record-breaking-75-million-ransom/

Microsoft: Latest outage was sparked by cyber attack on Azure platform (30 jul)https://www.standard.co.uk/business/business-news/microsoft-latest-outage-was-sparked-by-cyber-attack-on-azure-platform-b1173933.html..https://www.bleepingcomputer.com/news/microsoft/microsoft-365-and-azure-outage-takes-down-multiple-services/

New SideWinder Cyber Attacks Target Maritime Facilities in Multiple Countries (30 jul)https://thehackernews.com/2024/07/new-sidewinder-cyber-attacks-target.html

Ransomware attack on major US blood center prompts hundreds of hospitals to implement shortage protocols (31 jul)https://therecord.media/ransomware-attack-blood-center-shortage-protocols-hospitals..https://www.securityweek.com/ransomware-attack-hits-oneblood-blood-bank-disrupts-medical-operations/

Exploited Vulnerability Could Impact 20k Internet-Exposed VMware ESXi Instances (1 aug)https://www.securityweek.com/exploited-vulnerability-could-impact-20k-internet-exposed-vmware-esxi-instances/..https://thehackernews.com/2024/07/vmware-esxi-flaw-exploited-by.html

Over 1 Million Domains at Risk of ‘Sitting Ducks’ Domain Hijacking Technique (1 aug)https://thehackernews.com/2024/08/over-1-million-domains-at-risk-of.html?m=1

StackExchange abused to spread malicious PyPi packages as answers (1 aug)https://www.bleepingcomputer.com/news/security/stackexchange-abused-to-spread-malicious-pypi-packages-as-answers/

FBI warns of scammers posing as crypto exchange employees (1 aug)https://www.bleepingcomputer.com/news/security/fbi-warns-of-scammers-posing-as-crypto-exchange-employees/

ICO reprimands UK Electoral Commission over cyberattack that left voter data exposed (1 aug)https://www.techradar.com/pro/ico-reprimands-uk-electoral-commission-over-cyberattack-that-left-voter-data-exposed

Columbus investigating potential data leak after ransomware attack (1 aug)https://therecord.media/columbus-investigating-data-leak-ransomware-attack

Over 300 Indian banks suffer payment disruption from ransomware attack (1 aug)https://www.csoonline.com/article/3480250/over-300-indian-banks-suffer-payment-disruption-from-ransomware-attack.html

Acadian Ambulance Services Leaks Protected Health Information After Cyber Attack (1 aug)https://www.cpomagazine.com/cyber-security/acadian-ambulance-services-leaks-protected-health-information-after-cyber-attack/

NCA shuts down major fraud platform responsible for 1.8 million scam calls (1 aug)https://www.nationalcrimeagency.gov.uk/news/nca-shuts-down-major-fraud-platform-responsible-for-1-8-million-scam-calls

Rapporter och fördjupningar

Årsrapport 2023: Latvian Cybersecurity and CERT.LV Technical Activities (26 jul)https://cert.lv/en/2024/07/latvian-cybersecurity-and-cert-lv-technical-activities-annual-report-2023

Vägledning: CIS Critical Security Controls 8.1 (27 jul)https://cstromblad.com/posts/cis81-vagledning-introduktion/

WhatsApp for Windows lets Python, PHP scripts execute with no warning (27 jul)https://www.bleepingcomputer.com/news/security/whatsapp-for-windows-lets-python-php-scripts-execute-with-no-warning/

“Cyber weather” juni månad från finska cybersäkerhetscentret (29 jul)https://www.kyberturvallisuuskeskus.fi/en/ajankohtaista/kybersaa_06/2024

UNC4393 Goes Gently into the SILENTNIGHT (29 jul)https://cloud.google.com/blog/topics/threat-intelligence/unc4393-goes-gently-into-silentnight

Over 1 Million websites are at risk of sensitive information leakage – XSS is dead. Long live XSS (29 jul)https://salt.security/blog/over-1-million-websites-are-at-risk-of-sensitive-information-leakage—xss-is-dead-long-live-xss..https://hackread.com/xss-oauth-threatens-millions-hotjar-flaw/

Phishing targeting Polish SMBs continues via ModiLoader (30 jul)https://www.welivesecurity.com/en/eset-research/phishing-targeting-polish-smbs-continues-modiloader/

OneDrive Phishing Scam Tricks Users into Running Malicious PowerShell Script (30 jul)https://thehackernews.com/2024/07/onedrive-phishing-scam-tricks-users.html

Five months after takedown, LockBit is a shadow of its former self (31 jul)https://www.theregister.com/2024/07/31/five_months_after_lockbit/

New PyPI Package Zlibxjson Steals Discord, Browser Data (31 jul)https://www.infosecurity-magazine.com/news/pypi-package-steals-discord/

Research update: Threat Actors Behind the DEV#POPPER Campaign Have Retooled and are Continuing to Target Software Developers via Social Engineering (31 jul)https://www.securonix.com/blog/research-update-threat-actors-behind-the-devpopper-campaign-have-retooled-and-are-continuing-to-target-software-developers-via-social-engineering/

There is no real fix to the security issues recently found in GitHub and other similar software (1 aug)https://blog.talosintelligence.com/threat-source-newsletter-aug-1-2024/

IBM: Data breaches are costing UK companies millions every time (1 aug)https://www.techradar.com/pro/data-breaches-are-costing-uk-companies-millions-every-time..https://computersweden.se/article/3479480/kostnaden-for-dataintrang-bara-stiger-storsta-okningen-sedan-pandemin.html

BfV CYBER INSIGHT – The i-Soon-Leaks: Industrialization of Cyber Espionagehttps://www.verfassungsschutz.de/SharedDocs/kurzmeldungen/EN/2024/2024-08-01-bfv-cybersecurity-insight-part-1.html

Informationssäkerhet och blandat

Google apologizes for breaking password manager for millions of Windows users with iffy Chrome update (29 jul)https://www.theregister.com/2024/07/29/google_password_manager_outage/

Tech Orgs Feel ‘Abandoned’ as UN Finalizes Cybercrime Treaty (29 jul)https://www.govinfosecurity.com/tech-orgs-feel-abandoned-as-un-finalizes-cybercrime-treaty-a-25875

United Nations: Hundreds of thousands forced to scam in Southeast Asia (30 aug)https://www.bbc.com/news/world-asia-66655047

CISA and FBI: DDoS attacks won’t impact US election integrity (31 jul)https://www.bleepingcomputer.com/news/security/cisa-and-fbi-ddos-attacks-wont-impact-us-election-integrity/

Argentina will use AI to ‘predict future crimes’ but experts worry for citizens’ rights (2 aug)https://www.theguardian.com/world/article/2024/aug/01/argentina-ai-predicting-future-crimes-citizen-rights

50 years ago, CP/M started the microcomputer revolution (2 aug)https://www.theregister.com/2024/08/02/cpm_50th_anniversary/..https://computerhistory.org/blog/fifty-years-of-the-personal-computer-operating-system/

CERT-SE i veckan

Kritiska sårbarheter i IBM-produkter (2 aug)https://www.cert.se/2024/08/kritiska-sarbarheter-i-ibm-produkter.html

Dell åtgärdar kritisk sårbarhet (31 jul)https://www.cert.se/2024/07/dell-atgardar-en-kritisk-sarbarhet.html

Kritisk sårbarhet i GeoServer (30 juli)https://www.cert.se/2024/07/kritisk-sarbarhet-i-geoserver.html

Sårbarhet i VMware ESXi hypervisor utnyttjas aktivt (30 juli)https://www.cert.se/2024/07/sarbarhet-i-vmware-esxi-utnyttjas-aktivt.html

Kritiska sårbarheter i ServiceNow (30 juli)https://www.cert.se/2024/07/kritiska-sarbarheter-i-servicenow.html

VECKOBREV

I efterdyningarna av störningarna hos CrowdStrike har företaget publicerat en rapport om vad som hände. Det har också uppmärksammats hur angripare utnyttjat incidenten för att sprida skadlig kod och för nätfiske.

I veckan har CERT-SE publicerat artiklar om sårbarheter i produkter från HPE, SolarWinds ARM och Ivanti Endpoint Manager.

Nyheter i veckan

Greece’s Land Registry agency breached in wave of 400 cyberattacks (22 jul)https://www.bleepingcomputer.com/news/security/greeces-land-registry-agency-breached-in-wave-of-400-cyberattacks/

US sanctions Russian hacktivists who breached water facilities (22 jul)https://www.bleepingcomputer.com/news/security/us-sanctions-russian-hacktivists-who-breached-water-facilities/

Telegram Zero-Day Vulnerability Exploited Using Malicious Video Files (23 jul)https://cybersecuritynews.com/telegram-zero-day-vulnerability-exploited/

Novel ICS Malware Sabotaged Water-Heating Services in Ukraine (23 jul)https://www.darkreading.com/ics-ot-security/novel-ics-malware-sabotaged-water-heating-services-in-ukraine

Hackare hotar sprida försäkringstagares uppgifter (23 jul)https://sverigesradio.se/artikel/hackare-hotar-sprida-forsakringstagares-uppgifter

Spyware fears mount after another MEP is targeted (25 jul)https://www.politico.eu/newsletter/brussels-playbook/orban-critic-mep-targeted-with-spyware/

Störningar i CrowdStrike-plattformen

CrowdStrike IT outage affected 8.5 million Windows devices, Microsoft says (20 jul)https://www.bbc.com/news/articles/cpe3zgznwjno

Slow recovery from IT outage begins as experts warn of future risks (20 jul)https://www.theguardian.com/australia-news/article/2024/jul/19/microsoft-windows-pcs-outage-blue-screen-of-death

Cybercriminals Exploit CrowdStrike Update Mishap to Distribute Remcos RAT Malware (20 jul)https://thehackernews.com/2024/07/cybercriminals-exploit-crowdstrike.html

Threat Actor Uses Fake CrowdStrike Recovery Manual to Deliver Unidentified Stealer (22 jul)https://www.crowdstrike.com/blog/fake-recovery-manual-used-to-deliver-unidentified-stealer/

Learning from the Recent Windows/Falcon Sensor Outage – Causes and Potential Improvement Strategies in Linux with Open Source (22 jul)https://www.circl.lu/pub/learning-from-falcon-sensor-outage/

Preliminary Post Incident Review (24 jul)https://www.crowdstrike.com/blog/falcon-content-update-preliminary-post-incident-report/

Rapporter och analyser

Mandiant: North Korean Hackers Targeting Healthcare, Energy (25 jul)https://www.govinfosecurity.com/mandiant-north-korean-hackers-targeting-healthcare-energy-a-25845

IR Trends: Ransomware on the rise, while technology becomes most targeted sector (25 jul)https://blog.talosintelligence.com/ir-trends-ransomware-on-the-rise-q2-2024/

Secure Boot is completely broken on 200+ models from 5 big device makers (25 jul)https://arstechnica.com/security/2024/07/secure-boot-is-completely-compromised-on-200-models-from-5-big-device-makers/

Internet Organised Crime Threat Assessment (IOCTA) 2024 (26 jul)https://www.europol.europa.eu/publication-events/main-reports/internet-organised-crime-threat-assessment-iocta-2024

Informationssäkerhet och blandat

NCA infiltrates DDoS-for-hire site as suspected controller arrested in Northern Ireland (22 jul)https://therecord.media/ddos-for-hire-site-digitalstress-takedown-arrest-uk-nca

Kommuner drabbas när Lantmäteriet stängt sina digitala tjänster efter misstänkta försvarsläckan (23 jul)https://www.svt.se/nyheter/lokalt/sormland/kommuner-drabbas-nar-lantmateriet-stangt-sina-digitala-tjanster-efter-misstankta-forsvarslackan

Women in IT Security Lack Opportunities, Not Talent (23 jul)https://www.itprotoday.com/it-security/women-in-it-security-lack-opportunities-not-talent

How a North Korean Fake IT Worker Tried to Infiltrate Us (23 jul)https://blog.knowbe4.com/how-a-north-korean-fake-it-worker-tried-to-infiltrate-us

FYI: Data from deleted GitHub repos may not actually be deleted (25 jul)https://www.theregister.com/2024/07/25/data_from_deleted_github_repos/

CERT-SE i veckan

Kritisk sårbarhet i Ivanti Endpoint Manager for Mobile (22 jul)https://www.cert.se/2024/07/kritisk-sarbarhet-i-ivanti-endpoint-manager-for-mobile.html

Kritiska sårbarheter i Solarwinds ARM (22 jul)https://www.cert.se/2024/07/kritiska-sarbarheter-i-solarwinds-arm.html

Kritisk sårbarhet i Citrix Netscaler ADC och Netscaler Gateway (uppdaterad) (23 jul)https://www.cert.se/2024/01/kritisk-sarbarhet-i-citrix-netscaler-adc-och-netscaler-gateway.html

Kritisk sårbarhet drabbar flera produkter från HPE (24 jul)https://www.cert.se/2024/07/kritisk-sarbarhet-drabbar-flera-produkter-fran-hpe.html

Allvarliga störningar i CrowdStrike påverkar många organisationers it-miljöer (uppdaterad) (25 jul)https://www.cert.se/2024/07/allvarliga-storningar-i-crowdstrike-paverkar-manga-organisationers-it-miljoer.html

VECKOBREV

En händelserik vecka på it-säkerhetsområdet. Den 18 juli skickade CERT-SE ut ett blixtmeddelande med anledning av kritiska sårbarheter i Cisco Secure Email Gateway och den 19 juli orsakade ett tekniskt fel i CrowdStrike Falcon Sensor omfattande driftstörningar i flera delar av världen. Du hittar CERT-SE:s artiklar om dessa händelser här:

• https://www.cert.se/2024/07/bm24-003-kritisk-sarbarhet-i-cisco-secure-email-gateway.html
• https://www.cert.se/2024/07/allvarliga-storningar-i-crowdstrike-paverkar-manga-organisationers-it-miljoer.html

Båda dessa kan komma att uppdateras med ytterligare information.

Med det vill CERT-SE önska en trevlig helg!

Nyheter i veckan

iPhone users in 98 countries warned about spyware by Apple (12 jul)https://www.malwarebytes.com/blog/news/2024/07/iphone-users-in-98-countries-warned-about-spyware-by-apple

Hacktivist Groups “People’s Cyber Army” And “HackNeT” Launch Trial DDoS Attacks on French Websites; prior to the Onslaught during Paris Olympics (15 jul)https://cyble.com/blog/hacktivist-groups-peoples-cyber-army-and-hacknet-launch-trial-ddos-attacks-on-french-websites-prior-to-the-onslaught-during-paris-olympics/…
Paris 2024 Olympics to face complex cyber threats (16 jul)https://www.helpnetsecurity.com/2024/07/16/france-olympic-games-2024-cybersecurity-services-spending/

Email addresses of 15 million Trello users leaked on hacking forum (16 jul)https://www.bleepingcomputer.com/news/security/email-addresses-of-15-million-trello-users-leaked-on-hacking-forum/

Major Microsoft 365 outage caused by Azure configuration change (19 jul)https://www.bleepingcomputer.com/news/microsoft/major-microsoft-365-outage-caused-by-azure-configuration-change/

Globala it-störningar – flyg ställs in över hela världen (19 jul)https://www.svt.se/nyheter/utrikes/it-storningar-varlden-over…
Larm om it-strul världen över (19 jul)https://www.aftonbladet.se/nyheter/a/MnnWWm/larm-om-it-strul-varlden-over

Rapporter och analyser

Fake AWS Packages Ship Command and Control Malware In JPEG Files (14 jul)https://blog.phylum.io/fake-aws-packages-ship-command-and-control-malware-in-jpeg-files/

HardBit ransomware version 4.0 supports new obfuscation techniques (15 jul)https://securityaffairs.com/165735/malware/hardbit-ransomware-version-4-0.html

Threat Spotlight: Attackers abuse URL protection services to mask phishing links (15 jul)https://blog.barracuda.com/2024/07/15/threat-spotlight-attackers-abuse-url-protection-services

SEXi ransomware rebrands to APT INC, continues VMware ESXi attacks (15 jul)https://www.bleepingcomputer.com/news/security/sexi-ransomware-rebrands-to-apt-inc-continues-vmware-esxi-attacks/

The Importance of Data Security in Hospitality (15 jul)https://www.devx.com/technology/the-importance-of-data-security-in-hospitality/

DarkGate, the Swiss Army knife of malware, sees boom after rival Qbot crushed (16 jul)https://www.theregister.com/2024/07/16/darkgate_malware/

Defending Against APTs: A Learning Exercise with Kimsuky (16 jul)https://www.rapid7.com/blog/post/2024/07/16/defending-against-apts-a-learning-exercise-with-kimsuky/

Container Breakouts: Escape Techniques in Cloud Environments (18 jul)https://unit42.paloaltonetworks.com/container-escape-techniques/

Informationssäkerhet och blandat

Improving cyber resilience of frontline forces in Europe (15 jul)https://www.gov.uk/government/news/improving-cyber-resilience-of-frontline-forces-in-europe

Cybersecurity crisis communication: What to do (15 jul)https://securityintelligence.com/articles/cybersecurity-crisis-communication-what-to-do/

Discover the growing threats to data security (15 jul)https://www.helpnetsecurity.com/2024/07/15/pranava-adduri-bedrock-security-data-security-risks/

Punch Card Hacking – Exploring a Mainframe Attack Vector (16 jul)https://blog.nviso.eu/2024/07/16/punch-card-hacking-exploring-a-mainframe-attack-vector/

Forget Brexit – EU cybersecurity upgrade means UK too (16 jul)https://northwestbylines.co.uk/politics/brexit/forget-brexit-eu-cybersecurity-upgrade-means-uk-too/

UK Government Set to Introduce New Cyber Security and Resilience Bill (18 jul)https://www.infosecurity-magazine.com/news/government-cyber-security-bill-2024/

CERT-SE i veckan

Kritiska sårbarheter i flera produkter från IBM (16 jul)https://www.cert.se/2024/07/kritiska-sarbarheter-i-flera-produkter-fran-ibm.html

Oracles kvartalsvisa säkerhetsuppdatering för juli 2024 (17 jul)https://www.cert.se/2024/07/oracles-kvartalsvisa-sakerhetsuppdateringar-for-juli-2024.html

Kritiska sårbarheter i produkter från Cisco (18 jul)https://www.cert.se/2024/07/kritiska-sarbarheter-i-produkter-fran-cisco.html

BM24-004 Kritisk sårbarhet i Cisco Secure Email Gateway (18 jul)https://www.cert.se/2024/07/bm24-003-kritisk-sarbarhet-i-cisco-secure-email-gateway.html

Allvarliga störningar i CrowdStrike påverkar många organisationers it-miljöer (19 jul)https://www.cert.se/2024/07/allvarliga-storningar-i-crowdstrike-paverkar-manga-organisationers-it-miljoer.html