CERT-SE:s veckobrev v.36

Veckobrev

Veckans nyhetsbrev innehåller artiklar om flertalet angrepp i olika delar av världen och svensk media rapporterar att angreppen mot svenska verksamheter ökar.

Sveriges minister för civilt försvar har uttalat sig om att cybersäkerheten är prioriterad. För den som vill fördjupa sig har bland annat CISA publicerat en guide för att stärka motståndskraften mot överbelastningsangrepp och universitetet FAU har undersökt tillförlitligheten i Common Vulnerability Scoring System (CVSS).

Trevlig helg önskar CERT-SE!

Nyheter i veckan

UN warns that hundreds of thousands in Southeast Asia have been roped into online scams (29 aug)
https://abcnews.go.com/Technology/wireStory/warns-hundreds-thousands-southeast-asia-roped-online-scams-102640404

Cost of a data breach 2023: Financial industry impacts (30 aug)
https://securityintelligence.com/articles/cost-of-a-data-breach-2023-financial-industry/

Cross-Tenant Impersonation: Prevention and Detection (31 aug)
https://sec.okta.com/articles/2023/08/cross-tenant-impersonation-prevention-and-detection

Se upp för bluff-sms (1 sep)
https://sakerhetskollen.se/aktuella-brott/se-upp-for-bluff-sms_generell

Pennsylvania school district to stay open despite ransomware attack (1 sep)
https://therecord.media/pennsylvania-school-district-stays-open-after-ransomware-attack

Nearly 540,000 people have SSNs leaked after cyberattack on retailer Forever 21 (1 sep)
https://therecord.media/forever-21-data-breach

Fejkade mejl från generaldirektören – miljoner stals från myndigheten (4 sep) (betalvägg)
https://www.dn.se/sverige/fejkade-mejl-fran-generaldirektoren-miljoner-stals-fran-myndigheten/

Konsumentverket polisanmäler bedrägeriförsök (4 sep)
https://www.konsumentverket.se/aktuellt/nyheter-och-pressmeddelanden/pressmeddelanden/2023/konsumentverket-polisanmaler-bedrageriforsok/

Attackers accessed UK military data through high-security fencing firm’s Windows 7 rig (4 sep)
https://www.theregister.com/2023/09/04/zaun_breach_windows_7/

Freecycle confirms massive data breach impacting 7 million users (4 sep)
https://www.bleepingcomputer.com/news/security/freecycle-confirms-massive-data-breach-impacting-7-million-users/

Cyberattacker mot Sverige ”pågår ständigt” – kraftig ökning (4 sep)
https://sverigesradio.se/artikel/cyberattacker-mot-sverige-pagar-standigt-kraftig-okning

German financial agency site disrupted by DDoS attack since Friday (4 sep)
https://www.bleepingcomputer.com/news/security/german-financial-agency-site-disrupted-by-ddos-attack-since-friday/

Efter krigets start – dubbelt så många IT-attacker mot Sverige (4 sep)
https://sverigesradio.se/artikel/efter-krigets-start-dubbelt-sa-manga-it-attacker-mot-sverige

Electoral Commission failed basic security test before hack (5 sep)
https://www.bbc.com/news/technology-66709556

FBI’s Qakbot operation opens door for more botnet takedowns (5 sep)
https://therecord.media/fbi-qakbot-operation-more-operations

Tyskland har räknat på vad cyberbrott kostar landet – och det är enorma siffror (5 sep)
https://computersweden.idg.se/2.2683/1.779905/cyberbrottslighet-slar-hart-mot-den-tyska-ekonomin

Atlas VPN zero-day vulnerability leaks users’ real IP address (5 sep)
https://www.bleepingcomputer.com/news/security/atlas-vpn-zero-day-vulnerability-leaks-users-real-ip-address/

More Schools Hit By Cyber-Attacks Before Term Begins (5 sep)
https://www.infosecurity-magazine.com/news/second-school-cyberattack-before/

CISA, MITRE shore up operational tech networks with adversary emulation platform (5 sep)
https://therecord.media/cisa-creates-adversary-emulation-platform

Norfolk Southern Says a Software Defect — Not a Hacker — Forced It to Park Its Trains This Week (5 sep)
https://www.securityweek.com/norfolk-southern-says-a-software-defect-not-a-hacker-forced-it-to-park-its-trains-this-week/

You patched yet? Years-old Microsoft security holes still hot targets for cyber-crooks (5 sep)
https://www.theregister.com/2023/09/05/qualys_top_20_vulnerabilities/

Ukraine’s CERT Thwarts APT28’s Cyberattack on Critical Energy Infrastructure (6 sep)
https://thehackernews.com/2023/09/ukraines-cert-thwarts-apt28s.html

Azure slogs ut i ett dygn – nu förklarar Microsoft varför (6 sep)
https://computersweden.idg.se/2.2683/1.779913/azure-slogs-ut-i-ett-dygn–nu-forklarar-microsoft-varfor

Ministern: Cybersäkerheten är prioriterat (6 sep)
https://sverigesradio.se/artikel/ministern-cybersakerhet-ar-prioriterat

Informationssäkerhet och blandat

Revisting BLISTER: New development of the BLISTER loader (24 aug)
https://www.elastic.co/security-labs/revisiting-blister-new-developments-of-the-blister-loader

Analysis of a Defective Phishing PDF (3 sep)
https://isc.sans.edu/diary/Analysis+of+a+Defective+Phishing+PDF/30184

New Attack Vector In The Cloud: Attackers caught exploiting Object Storage Services (4 sep)
https://www.securityjoes.com/post/new-attack-vector-in-the-cloud-attackers-caught-exploiting-object-storage-services

A review of SolarWinds attack on Orion platform using persistent threat agents and techniques for gaining unauthorized access (4 sep)
https://arxiv.org/abs/2308.10294

Chae$ 4: New Chaes Malware Variant Targeting Financial and Logistics Customers (5 sep)
https://blog.morphisec.com/chaes4-new-chaes-malware-variant-targeting-financial-and-logistics-customers

New Agent Tesla Variant Being Spread by Crafted Excel Document (5 sep)
https://www.fortinet.com/blog/threat-research/agent-tesla-variant-spread-by-crafted-excel-document

Common usernames submitted to honeypots (5 sep)
https://isc.sans.edu/diary/rss/30188

W3LL oiled machine: Group-IB uncovers covert BEC phishing empire targeting Microsoft 365 – report (6 sep)
https://www.group-ib.com/media-center/press-releases/w3ll-phishing-report/

Results of Major Technical Investigations for Storm-0558 Key Acquisition (6 sep)
https://msrc.microsoft.com/blog/2023/09/results-of-major-technical-investigations-for-storm-0558-key-acquisition/

CISA Releases Capacity Enhancement Guide to Strengthen Agency Resilience to DDoS Attack (6 sep)
https://www.cisa.gov/news-events/alerts/2023/09/06/cisa-releases-capacity-enhancement-guide-strengthen-agency-resilience-ddos-attack

Exposing and Addressing Security Vulnerabilities in Browser Text Input Fields
https://arxiv.org/pdf/2308.16321.pdf

Consistency of CVSSv3.1
https://www.cs1.tf.fau.de/research/human-factors-in-security-and-privacy-group/consistency-of-cvss

CERT-SE i veckan

Kritisk sårbarhet i Cisco-produkter

Öka motståndskraften mot bedräglig e-post