CERT-SE:s veckobrev v.26
Den här veckan tipsar vi om en sammanställning av de 25 mest kritiska mjukvarusårbarheterna samt ett antal rapporter om bland annat threat hunting. Vi har också uppdaterat vår artikel om DDoS, där finns råd och rekommendationer att läsa. Under sommaren publiceras CERT-SE:s veckobrev som vanligt till och med vecka 28, sedan tar vi sommaruppehåll och är tillbaka vecka 32.
Trevlig helg önskar CERT-SE!
Nyheter i veckan
FBI seizes BreachForums after arresting its owner Pompompurin in March (23 jun)
https://www.bleepingcomputer.com/news/security/fbi-seizes-breachforums-after-arresting-its-owner-pompompurin-in-march
ChatGPT’s phishing ‘problem’ may not be overstated (26 jun)
https://www.computerweekly.com/opinion/ChatGPTs-phishing-problem-may-not-be-overstated
New PindOS JavaScript dropper deploys Bumblebee, IcedID malware (26 jun)
https://www.bleepingcomputer.com/news/security/new-pindos-javascript-dropper-deploys-bumblebee-icedid-malware
All About PowerShell Attacks: The No. 1 ATT&CK Technique (26 jun)
https://securityintelligence.com/articles/all-about-powershell-attacks
Uncovering attacker tactics through cloud honeypots (26 jun)
https://www.helpnetsecurity.com/2023/06/26/cloud-environments-honeypots
Microsoft Teams Flaw Sends Malware to Employees’ Inboxes (26 jun)
https://www.hackread.com/microsoft-teams-flaw-malware-employees-inbox
New techniques added to the NCSC’s ‘risk management toolbox’ (26 jun)
https://www.ncsc.gov.uk/blog-post/new-techniques-added-to-the-ncsc-risk-management-toolbox
Threat hunting converting SIGMA to YARA (26 jun)
https://blog.virustotal.com/2023/06/threat-hunting-converting-sigma-to-yara.html
New Ongoing Campaign Targets npm Ecosystem with Unique Execution Chain (27 jun)
https://thehackernews.com/2023/06/new-ongoing-campaign-targets-npm.html
How Application Allowlisting Combats Ransomware Attacks (27 jun)
https://securityintelligence.com/posts/how-allowlisting-combats-ransomware-attacks
New Mockingjay process injection technique evades EDR detection (27 jun)
https://www.bleepingcomputer.com/news/security/new-mockingjay-process-injection-technique-evades-edr-detection
Widespread BEC attacks threaten European organizations (27 jun)
https://www.helpnetsecurity.com/2023/06/27/bec-attacks-frequency
CWE Top 25 Most Dangerous Software Weaknesses (27 jun)
https://cwe.mitre.org/top25
The Importance of Malware Triage (27 jun)
https://isc.sans.edu/diary/The+Importance+of+Malware+Triage/29984
Överbelastningsattack mot SJ:s hemsida (28 jun)
https://www.aftonbladet.se/nyheter/a/Rr77qd/aftonbladet-direkt?pinnedEntry=1141145
What is Black Basta Ransomware? (28 jun)
https://www.pentestpartners.com/security-blog/black-basta-ransomware
CISA and NSA Release Joint Guidance on Defending Continuous Integration/Continuous Delivery (CI/CD) Environments (28 jun)
https://www.cisa.gov/news-events/alerts/2023/06/28/cisa-and-nsa-release-joint-guidance-defending-continuous-integrationcontinuous-delivery-cicd
Linux version of Akira ransomware targets VMware ESXi servers (28 jun)
https://www.bleepingcomputer.com/news/security/linux-version-of-akira-ransomware-targets-vmware-esxi-servers/
Global rise in DDoS attacks threatens digital infrastructure (29 jun)
https://www.helpnetsecurity.com/2023/06/29/ddos-attacks-worldwide-number
CyberSentry Program Launches Webpage (29 jun)
https://www.cisa.gov/news-events/news/cybersentry-program-launches-webpage
Rapporter
Threat Spotlight: Attackers use 15-year-old tactics to target security flaws (26 jun)
https://blog.barracuda.com/2023/06/26/threat-spotlight-attackers-old-tactics-target-security-flaws
The Trickbot/Conti Crypters: Where Are They Now? (27 jun)
https://securityintelligence.com/posts/trickbot-conti-crypters-where-are-they-now
New Fast-Developing ThirdEye Infostealer Pries Open System Information (27 jun)
https://www.fortinet.com/blog/threat-research/new-fast-developing-thirdeye-infostealer-pries-open-system-information
API Security: Navigating the Threat Landscape (28 jun)
https://www.tripwire.com/state-of-security/api-security-navigating-threat-landscape
Informationssäkerhet och blandat
Nationella cybersäkerhetscentret rapporterar till regeringen om stärkt samverkan med näringslivet (27 jun)
https://www.ncsc.se/aktuellt/delredovisning
Alert: New Electromagnetic Attacks on Drones Could Let Attackers Take Control (28 jun)
https://thehackernews.com/2023/06/alert-new-electromagnetic-attacks-on.html
Tekniske minimumskrav for statslige myndigheder 2024 (29 jun)
https://sikkerdigital.dk/myndighed/tekniske-tiltag/tekniske-minimumskrav/tekniske-minimumskrav-2024
CERT-SE i veckan
Allvarliga sårbarheter i VMware vCenter server och VMware Cloud Foundation