CERT-SE:s veckobrev v.26

Veckobrev

Den här veckan tipsar vi om en sammanställning av de 25 mest kritiska mjukvarusårbarheterna samt ett antal rapporter om bland annat threat hunting. Vi har också uppdaterat vår artikel om DDoS, där finns råd och rekommendationer att läsa. Under sommaren publiceras CERT-SE:s veckobrev som vanligt till och med vecka 28, sedan tar vi sommaruppehåll och är tillbaka vecka 32.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

FBI seizes BreachForums after arresting its owner Pompompurin in March (23 jun)
https://www.bleepingcomputer.com/news/security/fbi-seizes-breachforums-after-arresting-its-owner-pompompurin-in-march

ChatGPT’s phishing ‘problem’ may not be overstated (26 jun)
https://www.computerweekly.com/opinion/ChatGPTs-phishing-problem-may-not-be-overstated

New PindOS JavaScript dropper deploys Bumblebee, IcedID malware (26 jun)
https://www.bleepingcomputer.com/news/security/new-pindos-javascript-dropper-deploys-bumblebee-icedid-malware

All About PowerShell Attacks: The No. 1 ATT&CK Technique (26 jun)
https://securityintelligence.com/articles/all-about-powershell-attacks

Uncovering attacker tactics through cloud honeypots (26 jun)
https://www.helpnetsecurity.com/2023/06/26/cloud-environments-honeypots

Microsoft Teams Flaw Sends Malware to Employees’ Inboxes (26 jun)
https://www.hackread.com/microsoft-teams-flaw-malware-employees-inbox

New techniques added to the NCSC’s ‘risk management toolbox’ (26 jun)
https://www.ncsc.gov.uk/blog-post/new-techniques-added-to-the-ncsc-risk-management-toolbox

Threat hunting converting SIGMA to YARA (26 jun)
https://blog.virustotal.com/2023/06/threat-hunting-converting-sigma-to-yara.html

New Ongoing Campaign Targets npm Ecosystem with Unique Execution Chain (27 jun)
https://thehackernews.com/2023/06/new-ongoing-campaign-targets-npm.html

How Application Allowlisting Combats Ransomware Attacks (27 jun)
https://securityintelligence.com/posts/how-allowlisting-combats-ransomware-attacks

New Mockingjay process injection technique evades EDR detection (27 jun)
https://www.bleepingcomputer.com/news/security/new-mockingjay-process-injection-technique-evades-edr-detection

Widespread BEC attacks threaten European organizations (27 jun)
https://www.helpnetsecurity.com/2023/06/27/bec-attacks-frequency

CWE Top 25 Most Dangerous Software Weaknesses (27 jun)
https://cwe.mitre.org/top25

The Importance of Malware Triage (27 jun)
https://isc.sans.edu/diary/The+Importance+of+Malware+Triage/29984

Överbelastningsattack mot SJ:s hemsida (28 jun)
https://www.aftonbladet.se/nyheter/a/Rr77qd/aftonbladet-direkt?pinnedEntry=1141145

What is Black Basta Ransomware? (28 jun)
https://www.pentestpartners.com/security-blog/black-basta-ransomware

CISA and NSA Release Joint Guidance on Defending Continuous Integration/Continuous Delivery (CI/CD) Environments (28 jun)
https://www.cisa.gov/news-events/alerts/2023/06/28/cisa-and-nsa-release-joint-guidance-defending-continuous-integrationcontinuous-delivery-cicd

Linux version of Akira ransomware targets VMware ESXi servers (28 jun)
https://www.bleepingcomputer.com/news/security/linux-version-of-akira-ransomware-targets-vmware-esxi-servers/

Global rise in DDoS attacks threatens digital infrastructure (29 jun)
https://www.helpnetsecurity.com/2023/06/29/ddos-attacks-worldwide-number

CyberSentry Program Launches Webpage (29 jun)
https://www.cisa.gov/news-events/news/cybersentry-program-launches-webpage

Rapporter

Threat Spotlight: Attackers use 15-year-old tactics to target security flaws (26 jun)
https://blog.barracuda.com/2023/06/26/threat-spotlight-attackers-old-tactics-target-security-flaws

The Trickbot/Conti Crypters: Where Are They Now? (27 jun)
https://securityintelligence.com/posts/trickbot-conti-crypters-where-are-they-now

New Fast-Developing ThirdEye Infostealer Pries Open System Information (27 jun)
https://www.fortinet.com/blog/threat-research/new-fast-developing-thirdeye-infostealer-pries-open-system-information

API Security: Navigating the Threat Landscape (28 jun)
https://www.tripwire.com/state-of-security/api-security-navigating-threat-landscape

Informationssäkerhet och blandat

Nationella cybersäkerhetscentret rapporterar till regeringen om stärkt samverkan med näringslivet (27 jun)
https://www.ncsc.se/aktuellt/delredovisning

Alert: New Electromagnetic Attacks on Drones Could Let Attackers Take Control (28 jun)
https://thehackernews.com/2023/06/alert-new-electromagnetic-attacks-on.html

Tekniske minimumskrav for statslige myndigheder 2024 (29 jun)
https://sikkerdigital.dk/myndighed/tekniske-tiltag/tekniske-minimumskrav/tekniske-minimumskrav-2024

CERT-SE i veckan

Sårbarhet i ArcServe UDP

Allvarliga sårbarheter i VMware vCenter server och VMware Cloud Foundation

Kritisk sårbarhet i FortiNAC