CERT-SE:s veckobrev v.36
Veckans nyhetsbrev innehåller artiklar om flertalet angrepp i olika delar av världen och svensk media rapporterar att angreppen mot svenska verksamheter ökar.
Sveriges minister för civilt försvar har uttalat sig om att cybersäkerheten är prioriterad. För den som vill fördjupa sig har bland annat CISA publicerat en guide för att stärka motståndskraften mot överbelastningsangrepp och universitetet FAU har undersökt tillförlitligheten i Common Vulnerability Scoring System (CVSS).
Trevlig helg önskar CERT-SE!
Nyheter i veckan
UN warns that hundreds of thousands in Southeast Asia have been roped into online scams (29 aug)
https://abcnews.go.com/Technology/wireStory/warns-hundreds-thousands-southeast-asia-roped-online-scams-102640404
Cost of a data breach 2023: Financial industry impacts (30 aug)
https://securityintelligence.com/articles/cost-of-a-data-breach-2023-financial-industry/
Cross-Tenant Impersonation: Prevention and Detection (31 aug)
https://sec.okta.com/articles/2023/08/cross-tenant-impersonation-prevention-and-detection
Se upp för bluff-sms (1 sep)
https://sakerhetskollen.se/aktuella-brott/se-upp-for-bluff-sms_generell
Pennsylvania school district to stay open despite ransomware attack (1 sep)
https://therecord.media/pennsylvania-school-district-stays-open-after-ransomware-attack
Nearly 540,000 people have SSNs leaked after cyberattack on retailer Forever 21 (1 sep)
https://therecord.media/forever-21-data-breach
Fejkade mejl från generaldirektören – miljoner stals från myndigheten (4 sep) (betalvägg)
https://www.dn.se/sverige/fejkade-mejl-fran-generaldirektoren-miljoner-stals-fran-myndigheten/
Konsumentverket polisanmäler bedrägeriförsök (4 sep)
https://www.konsumentverket.se/aktuellt/nyheter-och-pressmeddelanden/pressmeddelanden/2023/konsumentverket-polisanmaler-bedrageriforsok/
Attackers accessed UK military data through high-security fencing firm’s Windows 7 rig (4 sep)
https://www.theregister.com/2023/09/04/zaun_breach_windows_7/
Freecycle confirms massive data breach impacting 7 million users (4 sep)
https://www.bleepingcomputer.com/news/security/freecycle-confirms-massive-data-breach-impacting-7-million-users/
Cyberattacker mot Sverige ”pågår ständigt” – kraftig ökning (4 sep)
https://sverigesradio.se/artikel/cyberattacker-mot-sverige-pagar-standigt-kraftig-okning
German financial agency site disrupted by DDoS attack since Friday (4 sep)
https://www.bleepingcomputer.com/news/security/german-financial-agency-site-disrupted-by-ddos-attack-since-friday/
Efter krigets start – dubbelt så många IT-attacker mot Sverige (4 sep)
https://sverigesradio.se/artikel/efter-krigets-start-dubbelt-sa-manga-it-attacker-mot-sverige
Electoral Commission failed basic security test before hack (5 sep)
https://www.bbc.com/news/technology-66709556
FBI’s Qakbot operation opens door for more botnet takedowns (5 sep)
https://therecord.media/fbi-qakbot-operation-more-operations
Tyskland har räknat på vad cyberbrott kostar landet – och det är enorma siffror (5 sep)
https://computersweden.idg.se/2.2683/1.779905/cyberbrottslighet-slar-hart-mot-den-tyska-ekonomin
Atlas VPN zero-day vulnerability leaks users’ real IP address (5 sep)
https://www.bleepingcomputer.com/news/security/atlas-vpn-zero-day-vulnerability-leaks-users-real-ip-address/
More Schools Hit By Cyber-Attacks Before Term Begins (5 sep)
https://www.infosecurity-magazine.com/news/second-school-cyberattack-before/
CISA, MITRE shore up operational tech networks with adversary emulation platform (5 sep)
https://therecord.media/cisa-creates-adversary-emulation-platform
Norfolk Southern Says a Software Defect — Not a Hacker — Forced It to Park Its Trains This Week (5 sep)
https://www.securityweek.com/norfolk-southern-says-a-software-defect-not-a-hacker-forced-it-to-park-its-trains-this-week/
You patched yet? Years-old Microsoft security holes still hot targets for cyber-crooks (5 sep)
https://www.theregister.com/2023/09/05/qualys_top_20_vulnerabilities/
Ukraine’s CERT Thwarts APT28’s Cyberattack on Critical Energy Infrastructure (6 sep)
https://thehackernews.com/2023/09/ukraines-cert-thwarts-apt28s.html
Azure slogs ut i ett dygn – nu förklarar Microsoft varför (6 sep)
https://computersweden.idg.se/2.2683/1.779913/azure-slogs-ut-i-ett-dygn–nu-forklarar-microsoft-varfor
Ministern: Cybersäkerheten är prioriterat (6 sep)
https://sverigesradio.se/artikel/ministern-cybersakerhet-ar-prioriterat
Informationssäkerhet och blandat
Revisting BLISTER: New development of the BLISTER loader (24 aug)
https://www.elastic.co/security-labs/revisiting-blister-new-developments-of-the-blister-loader
Analysis of a Defective Phishing PDF (3 sep)
https://isc.sans.edu/diary/Analysis+of+a+Defective+Phishing+PDF/30184
New Attack Vector In The Cloud: Attackers caught exploiting Object Storage Services (4 sep)
https://www.securityjoes.com/post/new-attack-vector-in-the-cloud-attackers-caught-exploiting-object-storage-services
A review of SolarWinds attack on Orion platform using persistent threat agents and techniques for gaining unauthorized access (4 sep)
https://arxiv.org/abs/2308.10294
Chae$ 4: New Chaes Malware Variant Targeting Financial and Logistics Customers (5 sep)
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers
New Agent Tesla Variant Being Spread by Crafted Excel Document (5 sep)
https://www.fortinet.com/blog/threat-research/agent-tesla-variant-spread-by-crafted-excel-document
Common usernames submitted to honeypots (5 sep)
https://isc.sans.edu/diary/rss/30188
W3LL oiled machine: Group-IB uncovers covert BEC phishing empire targeting Microsoft 365 – report (6 sep)
https://www.group-ib.com/media-center/press-releases/w3ll-phishing-report/
Results of Major Technical Investigations for Storm-0558 Key Acquisition (6 sep)
https://msrc.microsoft.com/blog/2023/09/results-of-major-technical-investigations-for-storm-0558-key-acquisition/
CISA Releases Capacity Enhancement Guide to Strengthen Agency Resilience to DDoS Attack (6 sep)
https://www.cisa.gov/news-events/alerts/2023/09/06/cisa-releases-capacity-enhancement-guide-strengthen-agency-resilience-ddos-attack
Exposing and Addressing Security Vulnerabilities in Browser Text Input Fields
https://arxiv.org/pdf/2308.16321.pdf
Consistency of CVSSv3.1
https://www.cs1.tf.fau.de/research/human-factors-in-security-and-privacy-group/consistency-of-cvss