CERT-SE:s veckobrev v.40
Cybersäkerhetsmånaden har snart pågått i en vecka. Flera bra initiativ finns för med målsättning att höja medvetenheten och kompetensen hos privatpersoner och organisationer för säker närvaro online.
Tänk Säkert! är kampanjen som genomförs i samverkan mellan svenska myndigheter och organisationer.
Antar du CERT-SE:s utmaning? eller läs om det europeiska iniitativet #BeSmarterThanAHacker.
Trevlig helg önskar CERT-SE!
Nyheter i veckan
Cloudflare DDoS protections ironically bypassed using Cloudflare (30 sep) https://www.bleepingcomputer.com/news/security/cloudflare-ddos-protections-ironically-bypassed-using-cloudflare/
Praoelevers uppgifter kan ha läckt efter stort intrång (2 okt)
https://www.dn.se/sverige/praoelevers-uppgifter-kan-ha-lackt-efter-stort-intrang/
FBI Warns of Dual Ransomware Attacks and Data Destruction Trends (2 okt)
https://www.infosecurity-magazine.com/news/fbi-warns-dual-ransomware-data/
BunnyLoader: New Malware-as-a-Service Threat Emerges in the Cybercrime Underground (2 okt) https://thehackernews.com/2023/10/bunnyloader-new-malware-as-service.html
Nederländerna varnar för solcellsanläggningar – risk även i Sverige (3 okt) https://sverigesradio.se/artikel/nederlanderna-varnar-for-solpaneler-risk-aven-i-sverige
CISA and NSA Release New Guidance on Identity and Access Management (4 okt) https://www.cisa.gov/news-events/alerts/2023/10/04/cisa-and-nsa-release-new-guidance-identity-and-access-management
Police Issue “Quishing” Email Warning (4 okt) https://www.infosecurity-magazine.com/news/police-issue-quishing-email-warning/
CERT-In issues alert against LuaDream info-stealing malware (4 okt) https://www.thehindu.com/sci-tech/technology/cert-in-alert-against-luadream-malware/article67379383.ece
Check Point discovers new phishing scam on Dropbox (4 okt) https://securitybrief.co.nz/story/check-point-discovers-new-phishing-scam-on-dropbox
Cyberattack on British telecom Lyca prevented customers from making calls, topping up (4 okt) https://therecord.media/cyberattack-on-lyca-stops-calls
NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations (5 okt) https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-278a
Bugg i datasystem – brottsoffers personnummer har läckt (5 okt) https://sverigesradio.se/artikel/bugg-i-datasystem-brottsoffers-personnummer-har-lackt
NATO Probes Cyberattack Linked to Stolen Strategic Documents (5 okt) https://www.thedefensepost.com/2023/10/05/nato-cyberattack-stolen-strategic-documents/
Curl 8.4.0 – Proactively Identifying Potential Vulnerable Assets (5 okt) https://blog.qualys.com/vulnerabilities-threat-research/2023/10/05/curl-8-4-0-proactively-identifying-potential-vulnerable-assets
Cyber criminals access hospital patient information (5 okt) https://www.canberratimes.com.au/story/8375849/cyber-criminals-access-hospital-patient-information/
Sony Confirms Data Stolen in Two Recent Hacker Attacks (5 okt) https://www.securityweek.com/sony-confirms-data-stolen-in-two-recent-hacker-attacks/
Several Finnish websites report cyber-attacks (5 okt) https://yle.fi/a/74-20053726 .. DoS attack hits Helsinki public transit app (6 okt) https://yle.fi/a/74-20053889
Rapporter
Malicious Packages Hidden in NPM (2 okt) https://www.fortinet.com/blog/threat-research/malicious-packages-hiddin-in-npm
Bitsight identifies nearly 100,000 exposed industrial control systems (2 okt) https://www.bitsight.com/blog/bitsight-identifies-nearly-100000-exposed-industrial-control-systems
Defending new vectors: Threat actors attempt SQL Server to cloud lateral movement (3 okt) https://www.microsoft.com/en-us/security/blog/2023/10/03/defending-new-vectors-threat-actors-attempt-sql-server-to-cloud-lateral-movement/
DRM Report Q2 2023 – Ransomware threat landscape (4 okt) https://securityaffairs.com/151925/reports/drm-report-q2-2023-ransomware.html
Microsoft Digital Defense Report 2023 https://www.microsoft.com/en-us/security/security-insider/microsoft-digital-defense-report-2023
Qakbot-affiliated actors distribute Ransom Knight malware despite infrastructure takedown (5 okt) https://blog.talosintelligence.com/qakbot-affiliated-actors-distribute-ransom/
Let’s dig deeper: dissecting the new Android Trojan GoldDigger with Group-IB Fraud Matrix (5 okt) https://www.group-ib.com/blog/golddigger-fraud-matrix/
Informationssäkerhet och blandat
Opinion | Nikka: Regeringen förespråkar massövervakning med Chat Control (21 sep) https://www.pcforalla.se/article/2078314/regeringen-foresprakar-massovervakning-med-chat-control.html
BLUE OLEX 2023: Getting Ready for the Next Cybersecurity Crisis in the EU (2 okt) https://www.enisa.europa.eu/news/blue-olex-2023-getting-ready-for-the-next-cybersecurity-crisis-in-the-eu
Joint Letter of Experts on CRA and Vulnerability Disclosure (3 okt) https://www.centerforcybersecuritypolicy.org/insights-and-research/joint-letter-of-experts-on-cra-and-vulnerability-disclosure
Quishing Triage 101: How to Investigate Suspicious QR Codes in Emails (4 okt) https://intezer.com/blog/alert-triage/quishing-triage-how-to-investigate-suspicious-qr-codes-in-emails/
Moderna bilar riskerar att användas för spionage (4 okt) https://sverigesradio.se/artikel/moderna-bilar-riskerar-att-anvandas-for-spionage
Could Cybersecurity Breaches Become Harmless in the Future? (5 okt) https://www.darkreading.com/vulnerabilities-threats/could-cybersecurity-breaches-become-harmless-in-the-future-
LLMs lower the barrier for entry into cybercrime (5 okt) https://www.helpnetsecurity.com/2023/10/05/traditional-perimeter-detection/
Addressing the People Problem in Cybersecurity (5 okt) https://www.securityweek.com/addressing-the-people-problem-in-cybersecurity/
###Cybersäkerhetsmånanden
CISA Kicks Off 20th Anniversary of Cybersecurity Awareness Month with New Public Awareness Campaign to Secure Our World (28 sep) https://www.cisa.gov/news-events/news/cisa-kicks-20th-anniversary-cybersecurity-awareness-month-new-public-awareness-campaign
https://www.cisa.gov/cybersecurity-awareness-month
Kampanjen “Tänk säkert!” https://www.msb.se/sv/amnesomraden/informationssakerhet-cybersakerhet-och-sakra-kommunikationer/informationssakerhetsmanaden/
European Cyber Security Month - ECSM https://cybersecuritymonth.eu/
CERT-SE i veckan
Kritisk sårbarhet i Cisco Emergency Responder
Allvarlig sårbarhet i libweb-biblioteket för WebP utnyttjas aktivt
Kritisk 0-day-sårbarhet i Confluence utnyttjas aktivt