CERT-SE:s veckobrev v.21
Blandade nyheter från veckan. Trevlig helg!
Nyheter i veckan
First LockBit, now BreachForums: Are cops winning the war or just a few battles? (17 maj) https://www.theregister.com/2024/05/17/cops_crime_winning
New Threat Insights Reveal That Cybercriminals Increasingly Target the Pharmacy Sector (17 maj) https://www.proofpoint.com/us/blog/email-and-cloud-threats/cybercriminals-increasingly-targeting-pharmacy-sector
Australia Investigates Data Breach at National Electronic Prescriptions Provider; Health Data Potentially Compromised (17 maj) https://www.bitdefender.com/blog/hotforsecurity/australia-investigates-data-breach-at-national-electronic-prescriptions-provider-health-data-potentially-compromised
American Radio Relay League cyberattack takes Logbook of the World offline (19 maj) https://www.bleepingcomputer.com/news/security/arrl-cyberattack-takes-logbook-of-the-world-offline
Allt fler cyberattacker i Norden sker via PDF-filer (20 maj) https://computersweden.se/article/2112439/allt-fler-cyberattacker-i-norden-sker-via-pdf-filer.html
British Library’s candid ransomware comms driven by ‘emotional intelligence’ (20 maj) https://www.theregister.com/2024/05/20/the_british_library_owes_lauded
Finanssektorn spurtar – snart skärps EU:s regler för cybersäkerhet (20 maj) https://computersweden.se/article/2109630/finanssektorn-spurtar-snart-skarps-eus-regler-for-cybersakerhet.html
Keylogger in Microsoft Exchange Server Steals Login Credentials From Login Page (21 maj) https://cybersecuritynews.com/keylogger-embedded-microsoft-exchange-server/
Små kommuner särskilt utsatta för it-attacker (21 maj) https://sverigesradio.se/artikel/fortsatt-stora-problem-for-bjurholms-kommun-efter-it-attack
Data från Svenska kyrkan publicerades på darknet – tusentals berörda (21 maj) https://sverigesradio.se/artikel/data-fran-svenska-kyrkan-publicerades-pa-darknet-tusentals-berorda
Malware Delivery via Cloud Services Exploits Unicode Trick to Deceive Users (21 maj) https://thehackernews.com/2024/05/malware-delivery-via-cloud-services.html
Chinese hackers hide on military and govt networks for 6 years (22 maj) https://www.bleepingcomputer.com/news/security/unfading-sea-haze-hackers-hide-on-military-and-govt-networks-for-6-years/
State hackers turn to massive ORB proxy networks to evade detection (22 maj) https://www.bleepingcomputer.com/news/security/state-hackers-turn-to-massive-orb-proxy-networks-to-evade-detection/
Rapporter och analyser
QNAPping At The Wheel (17 maj) https://labs.watchtowr.com/qnap-qts-qnapping-at-the-wheel-cve-2024-27130-and-friends
Tiny BackDoor Goes Undetected – Suspected Turla leveraging MSBuild to Evade detection (20 maj) https://cyble.com/blog/tiny-backdoor-goes-undetected-suspected-turla-leveraging-msbuild-to-evade-detection
CISA: Software Transparency in SaaS Environments (21 maj) https://www.cisa.gov/sites/default/files/2024-05/Software%20Transparency%20in%20SaaS%20Environments.pdf
Rapid7 Releases the 2024 Attack Intelligence Report (21 maj) https://www.rapid7.com/blog/post/2024/05/21/rapid7-releases-the-2024-attack-intelligence-report/
Informationssäkerhet och blandat
Fördjupat samarbete med USA inom totalförsvar och cybersäkerhet i fokus när Carl-Oskar Bohlin besökte Washington (17 maj) https://www.regeringen.se/artiklar/2024/05/fordjupat-samarbete-med-usa-inom-totalforsvar-och-cybersakerhet-i-fokus-nar-carl-oskar-bohlin-besokte-washington
Why Your Wi-Fi Router Doubles as an Apple AirTag (21 maj) https://krebsonsecurity.com/2024/05/why-your-wi-fi-router-doubles-as-an-apple-airtag/#more-67551
NIST quantum-resistant algorithms to be published within weeks, top White House advisor says (22 maj) https://therecord.media/nist-post-quantum-cryptography-standards-publishing-soon
Business email compromise: new guidance to protect your organisation https://www.ncsc.gov.uk/blog-post/business-email-compromise-guidance-protect-organisation
CERT-SE i veckan
Allvarlig sårbarhet i Cisco FMC (23 maj) https://www.cert.se/2024/05/allvarlig-sarbarhet-i-cisco-fmc.html
Allvarlig sårbarhet i Confluence-produkter (23 maj) https://www.cert.se/2024/05/allvarlig-sarbarhet-i-confluence-produkter.html
Kritiska sårbarheter i produkter från Ivanti (23 maj) https://www.cert.se/2024/05/kritiska-sarbarheter-i-produkter-fran-ivanti.html
Kritisk sårbarhet i GitHub Enterprise Server (22 maj) https://www.cert.se/2024/05/kritisk-sarbarhet-i-github-enterprise-server.html
Kritisk sårbarhet i Fluent Bit (21 maj) https://www.cert.se/2024/05/kritisk-sarbarhet-i-fluent-bit.html