CERT-SE:s veckobrev v.39
Nästa vecka inleds den årliga cybersäkerhetsmånaden och i samband med den, MSB:s kampanj Tänk säkert. CERT-SE:s bidrag för att stärka cyberkompetensen i samhället är vår årliga CTF som publiceras inom kort, håll utkik efter den! Till dess tipsar vi om våra lettiska kollegors CTF-utmaning, se länk längst ner i veckobrevet.
Trevlig helg önskar CERT-SE!
Nyheter i veckan
Criminal phishing network resulting in over 480 000 victims worldwide busted in Spain and Latin America (19 sep) https://www.europol.europa.eu/media-press/newsroom/news/criminal-phishing-network-resulting-in-over-480-000-victims-worldwide-busted-in-spain-and-latin-america
Reporting on Threathunt 2030: Navigating the future of the cybersecurity threat landscape (19 sep) https://www.enisa.europa.eu/news/reporting-on-threathunt-2030-navigating-the-future-of-the-cybersecurity-threat-landscape
Attacker tros ligga bakom teknikstrul hos storbanker (22 sep) https://www.dn.se/ekonomi/attacker-tros-ligga-bakom-teknikstrul-hos-storbanker
Polisen tar över ansvaret för statlig e-legitimation (23 sep) https://computersweden.se/article/3535289/polisen-tar-over-ansvaret-for-statlig-e-legitimation.html
FRA tar över ansvaret för Nationellt cybersäkerhetscenter (23 sep)
https://regeringen.se/pressmeddelanden/2024/09/fra-tar-over-ansvaret-for-nationellt-cybersakerhetscenter
..
Nationellt cybersäkerhetscenter blir del av FRA (23 sep)
https://www.ncsc.se/aktuellt/nationellt-cybersakerhetscenter-blir-del-av-fra
..
Nationellt cybersäkerhetscenter (NCSC) blir del av FRA (23 sep)
https://fra.se/nyheter/nyheter/nyhetsarkiv/news/nationelltcybersakerhetscenterncscblirdelavfra.5.766e440918f572e73355e.html
Android malware ‘Necro’ infects 11 million devices via Google Play (23 sep) https://www.bleepingcomputer.com/news/security/android-malware-necro-infects-11-million-devices-via-google-play
Överbelastningsattacker har mer än fördubblats sedan 2022 (24 sep) https://sverigesradio.se/artikel/overbelastningsattacker-har-mer-an-fordubblats-sedan-2022
Hur bygger en helt ny myndighet sin it-miljö? Som en start-up. (24 sep) https://computersweden.se/article/3536758/hur-bygger-en-helt-ny-myndighet-sin-it-miljo-som-en-start-up.html
Cyberexperten om Irans specialoperation: ”Inte en avancerad hackning” (24 sep) https://www.svt.se/nyheter/inrikes/cyberexperten-om-irans-specialoperation-inte-en-avancerad-hackning
CrowdStrike Overhauls Testing and Rollout Procedures to Avoid System Crashes (24 sep) https://www.securityweek.com/crowdstrike-overhauls-testing-and-rollout-procedures-to-avoid-bsod-crashes
AI-Generated Malware Found in the Wild (24 sep) https://www.securityweek.com/ai-generated-malware-found-in-the-wild
AutoCanada says ransomware attack “may” impact employee data (24 sep) https://www.bleepingcomputer.com/news/security/autocanada-says-ransomware-attack-may-impact-employee-data
Kansas water plant cyberattack forces switch to manual operations (24 sep) https://www.bleepingcomputer.com/news/security/kansas-water-plant-cyberattack-forces-switch-to-manual-operations
MoneyGram confirms a cyberattack is behind dayslong outage (24 sep) https://www.bleepingcomputer.com/news/security/moneygram-confirms-a-cyberattack-is-behind-dayslong-outage
MFA bypass becomes a critical security issue as ransomware tactics advance (24 sep) https://www.helpnetsecurity.com/2024/09/24/ransomware-session-hijacking-tactics
Russia’s digital warfare on Ukraine shows no signs of slowing: Malware hits surge (24 sep) https://www.theregister.com/2024/09/24/russia_malware_ukraine_attacks
Svenskar sticker ut i ny internationell studie om it-säkerhet (25 sep) https://www.voister.se/artikel/2024/09/svenskar-sticker-ut-i-ny-internationell-studie-om-it-sakerhet
New Android banking trojan Octo2 targets European banks (25 sep) https://securityaffairs.com/168857/malware/octo2-android-banking-trojan.html
Transportation Companies Hit by Cyberattacks Using Lumma Stealer and NetSupport Malware (25 sep) https://thehackernews.com/2024/09/transportation-companies-hit-by.html
Crowdstrike-chef bad om ursäkt för it-avbrottet (25 sep) https://computersweden.se/article/3539476/crowdstrike-chef-bad-om-ursakt-for-it-avbrottet.html
US government agency confirms it was hit by major ransomware attack (25 sep) https://www.techradar.com/pro/security/us-government-agency-confirms-it-was-hit-by-major-ransomware-attack
Threat Actors Continue to Exploit OT/ICS through Unsophisticated Means (25 sep) https://www.cisa.gov/news-events/alerts/2024/09/25/threat-actors-continue-exploit-otics-through-unsophisticated-means
Transportation Companies Hit by Cyberattacks Using Lumma Stealer and NetSupport Malware (25 sep) https://thehackernews.com/2024/09/transportation-companies-hit-by.html
Public Wi-Fi operator investigating cyberattack at UK’s busiest train stations (26 sep) https://www.theregister.com/2024/09/26/public_wifi_operator_investigating_cyberattack
Robustare it-system i Storstockholm (26 sep) https://www.tjugofyra7.se/amnesomraden/cybersakerhet/2024/robustare-it-system-i-storstockholm
NIST proposes barring some of the most nonsensical password rules (26 sep) https://arstechnica.com/security/2024/09/nist-proposes-barring-some-of-the-most-nonsensical-password-rules
Hackers Could Have Remotely Controlled Kia Cars Using Only License Plates (26 sep) https://thehackernews.com/2024/09/hackers-could-have-remotely-controlled.html
Se cyberattacker i realtid – Norrbotten lär sig försvar (26 sep) https://www.svt.se/nyheter/lokalt/norrbotten/se-cyberattacker-i-realtid-norrbotten-lar-sig-forsvara-sig
Rapporter och analyser
Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors (18 sep) https://unit42.paloaltonetworks.com/gleaming-pisces-applejeus-poolrat-and-pondrat
The Correlation Between Dark Web Exposure and Cybersecurity Risk (23 sep) https://slcyber.io/whitepapers-reports/the-correlation-between-dark-web-exposure-and-cybersecurity-risk
Inside SnipBot: The Latest RomCom Malware Variant (23 sep) https://unit42.paloaltonetworks.com/snipbot-romcom-malware-variant
Microsoft redogör för sina säkerhetssatsningar i ny rapport (24 sep)
https://computersweden.se/article/1272196/microsoft-tar-nytt-grepp-om-sin-egen-sakerhet.html
..
Secure Future Initiative - September 2024 progress report (PDF)
https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/final/en-us/microsoft-brand/documents/SFI_September_2024_progress_report.pdf
10 Years of DLL Hijacking, and What We Can Do to Prevent 10 More (25 sep) https://research.checkpoint.com/2024/10-years-of-dll-hijacking-and-what-we-can-do-to-prevent-10-more
ANALYS: Tre av fyra svenska myndigheter och kommuner utsätter allmänheten för ökad risk för e-postbedrägerier (25 sep) https://www.aktuellsakerhet.se/analys-tre-av-fyra-svenska-myndigheter-och-kommuner-utsatter-allmanheten-for-okad-risk-for-e-postbedragerier
NSA Jointly Releases Guidance for Mitigating Active Directory Compromises (26 sep)
https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3917556/nsa-jointly-releases-guidance-for-mitigating-active-directory-compromises
..
Detecting and Mitigating Active Directory Compromises (PDF)
https://media.defense.gov/2024/Sep/25/2003553985/-1/-1/0/CTR-DETECTING-AND-MITIGATING-AD-COMPROMISES.PDF
2024 SonicWall Threat Brief: Healthcare’s Escalating Cybersecurity Challenge (26 sep)
https://blog.sonicwall.com/en-us/2024/09/2024-sonicwall-threat-brief-healthcares-escalating-cybersecurity-challenge
..
2024 SonicWall Threat Brief: Healthcare (PDF)
https://www.sonicwall.com/medialibrary/en/brief/2024-threat-brief-healthcare.pdf
2023 RTF Global Ransomware Incident Map: Attacks Increase by 73%, Big Game Hunting Appears to Surge (26 sep) https://securityandtechnology.org/blog/2023-rtf-global-ransomware-incident-map
Storm-0501: Ransomware attacks expanding to hybrid cloud environments (26 sep) https://www.microsoft.com/en-us/security/blog/2024/09/26/storm-0501-ransomware-attacks-expanding-to-hybrid-cloud-environments
Informationssäkerhet och blandat
We’re losing our digital history. Can the Internet Archive save it? (16 sep) https://www.bbc.com/future/article/20240912-the-archivists-battling-to-save-the-internet
How cyber compliance helps minimize the risk of ransomware infections (24 sep) https://www.helpnetsecurity.com/2024/09/24/cyber-compliance-minimize-risk
Gamla dialekter ska vässa AI:s förståelse för svenska (25 sep) https://computersweden.se/article/3538102/gamla-dialekter-ska-vassa-ais-forstaelse-for-svenska.html
Kampanjen Tänk säkert 2024 https://www.msb.se/sv/amnesomraden/informationssakerhet-cybersakerhet-och-sakra-kommunikationer/arbeta-systematiskt-informationssakerhet-och-cybersakerhet/informationssakerhetsmanaden/tank-sakert
CyberChess/#CaptureTheFlag (CTF) https://cyberchess.lv
CERT-SE i veckan
Flera allvarliga sårbarheter påverkar Cisco-programvara (27 sep) https://www.cert.se/2024/09/flera-allvarliga-sarbarheter-paverkar-cisco-programvara.html
Flera kritiska sårbarheter i accesspunkter från Aruba (27 sep) https://www.cert.se/2024/09/flera-kritiska-sarbarheter-i-accesspunkter-fran-aruba.html
Kritiska sårbarheter i produkter från Ivanti (uppdaterad 26 sep) https://www.cert.se/2024/08/kritiska-sarbarheter-i-produkter-fran-ivanti.html
Allvarlig sårbarhet i Keycloak (26 sep) https://www.cert.se/2024/09/allvarlig-sarbarhet-i-keycloak.html
Kritisk sårbarhet i Traefik (25 sep) https://www.cert.se/2024/09/kritisk-sarbarhet-i-traefik.html