CERT-SE:s veckobrev v.7

Veckobrev

Blandade nyheter från veckan som gått. Bland nyheterna finns information som gäller både nya och tidigare uppmärksammade angrepp mot samhällsviktig verksamhet. Det har även varit patchtisdag där vi uppmärksammat säkerhetsuppdateringar från Microsoft, Adobe och SAP.

Trevlig helg!

Nyheter i veckan

Fortifikationsverket överklagar Solnas beslut om staket (9 feb) https://www.mitti.se/nyheter/forsvar-overklagar-solnas-beslut-om-staket-6.3.201679.33c55f1a80

Inga personuppgifter uppges ha läckt i hackerattacken (9 feb) https://www.publikt.se/nyhet/inga-personuppgifter-uppges-ha-lackt-i-hackerattacken-25938

Juniper Support Portal Exposed Customer Device Info (9 feb) https://krebsonsecurity.com/2024/02/juniper-support-portal-exposed-customer-device-info/

20 års diarier krypterade för myndigheten – detta händer nu (11 feb) https://sverigesradio.se/artikel/20-ars-diarier-krypterade-for-myndigheten-det-har-hander-nu

Sjukhus utsätts för 1 000 it-attacker – varje vecka: ”Försvårar livet” (12 feb) https://www.tv4.se/artikel/fpbSsEDiInrPQfqju9pBM/sjukhus-utsaetts-foer-naera-100-it-attacker-varje-vecka-foersvarar-livet

Ransomware attack forces 100 Romanian hospitals to go offline (12 feb) https://www.bleepingcomputer.com/news/security/ransomware-attack-forces-100-romanian-hospitals-to-go-offline/

Warzone RAT Shut Down by Law Enforcement, Two Arrested (12 feb) https://www.securityweek.com/warzone-rat-shut-down-by-law-enforcement-two-arrested/

IT-problem i Växjö – akuten nådde inte patienters journaler (12 feb) https://sverigesradio.se/artikel/it-problem-i-vaxjo-akuten-nar-inte-patienters-journaler

Bumblebee Buzzes Back in Black (13 feb) https://www.proofpoint.com/us/blog/threat-insight/bumblebee-buzzes-back-black

Cyberattack lamslår batteritillverkaren Varta (14 feb) https://computersweden.se/article/1307869/cyberattack-lamslar-batteritillverkaren-varta.html

Nätverksproblem på Transportstyrelsen och 1177 lösta (14 feb) https://www.svt.se/nyheter/inrikes/stora-natverksproblem-pa-transportstyrelsen

U.S. Internet Crop. Leaked Years of Internal, Customer Emails (14 feb) https://krebsonsecurity.com/2024/02/u-s-internet-leaked-years-of-internal-customer-emails/

Bank of America wasn’t directly targeted in a recent cyber attack, it was just “hit in the crossfire” (15 feb) https://www.itpro.com/security/bank-of-america-wasnt-directly-targeted-in-a-recent-cyber-attack-it-was-just-hit-in-the-crossfire-and-that-should-serve-as-a-warning-over-supply-chain-risks

FBI Dismantles Ubiquiti Router Botnet Controlled by Russian Cyberspies (15 feb) https://www.securityweek.com/fbi-dismantles-ubiquiti-router-botnet-controlled-by-russian-cyberspies/https://www.justice.gov/opa/pr/justice-department-conducts-court-authorized-disruption-botnet-controlled-russian

OpenAI blocks state-sponsored hackers from using ChatGPT (15 feb) https://www.bleepingcomputer.com/news/security/openai-blocks-state-sponsored-hackers-from-using-chatgpt/

Tekniska problem med bokningssystemet för färdtjänst i Stockholm (16 feb) https://sverigesradio.se/artikel/fardtjanstbokningen-i-stockholm-ligger-nere

Rapporter och analyser

Munich Security Report: Perceived threat of cyberattacks reaches all-time high (12 feb) https://www.euractiv.com/section/cybersecurity/news/munich-security-report-perceived-threat-of-cyberattacks-reaches-all-time-high/

4 Ways Hackers use Social Engineering to Bypass MFA (12 feb) https://thehackernews.com/2024/02/4-ways-hackers-use-social-engineering.html

Hunter-Killer Malware Tactic Growing: Stealthy, Persistent and Aggressive (13 feb) https://www.securityweek.com/hunter-killer-malware-tactic-growing-stealthy-persistent-and-aggressive/

Just one bad packet can bring down a vulnerable DNS server thanks to DNSSEC (13 feb) https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/

How are attackers using QR codes in phishing emails and lure documents? (14 feb) https://blog.talosintelligence.com/how-are-attackers-using-qr-codes-in-phishing-emails-and-lure-documents/

Snap Trap: The Hidden Dangers within Ubuntu’s Package Suggestion System (14 feb) https://www.aquasec.com/blog/snap-trap-the-hidden-dangers-within-ubuntus-package-suggestion-system/

CERT-EU: Threat Landscape Report 2023 (15 feb) https://cert.europa.eu/publications/threat-intelligence/tlr2023/

Over 13,000 Ivanti gateways vulnerable to actively exploited bugs (15 feb) https://www.bleepingcomputer.com/news/security/over-13-000-ivanti-gateways-vulnerable-to-actively-exploited-bugs/

New Qbot malware variant uses fake Adobe installer popup for evasion (15 feb) https://www.bleepingcomputer.com/news/security/new-qbot-malware-variant-uses-fake-adobe-installer-popup-for-evasion/

TinyTurla Next Generation - Turla APT spies on Polish NGOs (15 feb) https://blog.talosintelligence.com/tinyturla-next-generation/

Flatlined: Analyzing Pulse Secure Firmware and Bypassing Integrity Checking (15 feb) https://eclypsium.com/blog/flatlined-analyzing-pulse-secure-firmware-and-bypassing-integrity-checking/

Informationssäkerhet och blandat

Extending the Breadth and Depth of our Partnerships - JCDC 2024 Priorities (12 feb) https://www.cisa.gov/news-events/news/extending-breadth-and-depth-our-partnerships-jcdc-2024-priorities

FCC Requires Telecom & VoIP Providers to Report PII Breaches (13 feb) https://www.darkreading.com/cybersecurity-operations/fcc-requires-telecom-voip-providers-to-report-pii-breaches

Bedömning av terrorhotet 2024 (13 feb) https://sakerhetspolisen.se/ovriga-sidor/nyheter/nyheter/2024-02-13-bedomning-av-terrorhotet-2024.html

Jubileumsbok om dataskyddet 50 år (15 feb) https://www.su.se/juridiska-institutionen/nyheter/jubileumsbok-om-dataskyddet-50-%C3%A5r-1.714646

European Court of Human Rights declares backdoored encryption is illegal (15 feb) https://www.theregister.com/2024/02/15/echr_backdoor_encryption/

CERT-SE i veckan

Allvarlig sårbarhet i SonicOS (13 feb) https://www.cert.se/2024/02/allvarlig-sarbarhet-i-sonicos.html

Adobes månatliga säkerhetsuppdateringar för februari 2024 (14 feb) https://www.cert.se/2024/02/adobes-manatliga-sakerhetsuppdateringar-for-februari-2024.html

Microsofts månatliga säkerhetsuppdateringar för februari 2024 (14 feb) https://www.cert.se/2024/02/microsofts-manatliga-sakerhetsuppdateringar-for-februari-2024.html

SAP:s månatliga säkerhetsuppdateringar för februari 2024 (14 feb) https://www.cert.se/2024/02/saps-manatliga-sakerhetsuppdateringar-for-februari-2024.html