CERT-SE:s veckobrev v.42

Veckobrev

Den senaste veckan har CERT-SE publicerat och uppdaterat flera artiklar om sårbarheter som utnyttjas aktivt. Installera säkerhetsuppdateringar så snart som möjligt och följ tillverkarnas rekommendationer i övrigt. För den som har en stund över är CERT-SE:s CTF tillgänglig fram till sista oktober. Den hittar ni här.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

HTTP/2 Rapid Reset’ Zero-Day Exploited to Launch Largest DDoS Attacks in History (10 okt)
https://www.securityweek.com/rapid-reset-zero-day-exploited-to-launch-largest-ddos-attacks-in-history/

Europe mulls open sourcing TETRA emergency services’ encryption algorithms (12 okt)
https://www.theregister.com/2023/10/12/etsi_tetra_open_source/ … Rakel-systemets krypteringsalgoritm kan bli öppen källkod (16 okt)
https://computersweden.idg.se/2.2683/1.780201/europa-overvager-att-gora-raddningstjanstens-krypteringsalgoritm-till-oppen-kallkod

Void Rabisu Targets Female Political Leaders with New Slimmed-Down ROMCOM Variant (13 okt)
https://www.trendmicro.com/en_se/research/23/j/void-rabisu-targets-female-leaders-with-new-romcom-variant.html

DarkGate malware spreads through compromised Skype accounts (14 okt)
https://www.bleepingcomputer.com/news/security/darkgate-malware-spreads-through-compromised-skype-accounts/ ..
DarkGate Opens Organizations for Attack via Skype, Teams (12 okt)
https://www.trendmicro.com/en_ph/research/23/j/darkgate-opens-organizations-for-attack-via-skype-teams.html

Liberalerna segrade i Ålands lagtingsval – åländska medier utsattes för överbelastningsattack under valkvällen (15 okt)
https://svenska.yle.fi/a/7-10043585

How hackers piled onto the Israeli-Hamas conflict (15 okt)
https://www.politico.eu/article/israel-hamas-war-hackers-cyberattacks/

Steam enforces SMS verification to curb malware-ridden updates (15 okt)
https://www.bleepingcomputer.com/news/security/steam-enforces-sms-verification-to-curb-malware-ridden-updates/

Kansas Supreme Court Probes Potential Ransomware Attack (16 okt)
https://www.govinfosecurity.com/kansas-supreme-court-probes-potential-ransomware-attack-a-23320

Sveriges cybersäkerhet rankas sämst i Norden (16 okt)
https://computersweden.idg.se/2.2683/1.780204/sveriges-cybersakerhet-rankas-samst-i-norden

Hackers steal sensitive info of thousands of Sony employees (16 okt)
https://www.pandasecurity.com/en/mediacenter/mobile-news/sony-employees-hack/

Försvarsmakten: Främmande makt förbereder cyberangrepp mot Sverige (16 okt)
https://www.svt.se/nyheter/inrikes/forsvarsmakten-frammande-makt-forbereder-cyberangrepp-mot-sverige ..
Transportsektorn och Försvarsmakten i gemensam övning mot cyberhot (16 okt)
https://foi.se/nyheter-och-press/nyheter/2023-10-16-transportsektorn-och-forsvarsmakten-i-gemensam-ovning-mot-cyberhot.html

Signal says there is no evidence rumored zero-day bug is real (16 okt)
https://www.bleepingcomputer.com/news/security/signal-says-there-is-no-evidence-rumored-zero-day-bug-is-real/

CERT-UA Reports: 11 Ukrainian Telecom Providers Hit by Cyberattacks (17 okt)
https://thehackernews.com/2023/10/cert-ua-reports-11-ukrainian-telecom.html

Crackdown on nuclear firm after cyber security ‘shortfalls’ (18 okt)
https://theferret.scot/cyber-security-nuclear-security-crackdown/

Finland Charges Psychotherapy Hacker With Extortion (18 okt)
https://www.securityweek.com/finland-charges-psychotherapy-hacker-with-extortion/

D-Link confirms data breach, but downplayed the impact (18 okt)
https://securityaffairs.com/152631/hacking/d-link-confirmed-data-breach.html

Twitter glitch allows CIA informant channel to be hijacked (18 okt)
https://www.bbc.com/news/technology-67137773

Cybersäkerhet en allt tyngre budgetpost – mest kostar det för vården (18 okt)
https://computersweden.idg.se/2.2683/1.780221/cybersakerhet-en-allt-tyngre-budgetpost-mest-kostar-det-for-varden ..
Ny global rapport om cybersäkerhet: Dataintrången alltmer kostsamma
https://www.pwc.se/sv/cyber-security/digital-trust-insights.html

23andMe Users’ Info Leaked Again, Millions of Records Found on Dark Web (19 okt)
https://gizmodo.com/23andme-users-info-leaked-again-records-found-dark-web-1850942298

Dataintrång sprids från en organisation till en annan – sätt stopp för nätfiske (20 okt)
https://www.kyberturvallisuuskeskus.fi/sv/dataintrang-sprids-fran-en-organisation-till-en-annan-satt-stopp-natfiske

Informationssäkerhet och blandat

Understanding DNS Tunneling Traffic in the Wild (13 okt)
https://unit42.paloaltonetworks.com/dns-tunneling-in-the-wild/

“EtherHiding” — Hiding Web2 Malicious Code in Web3 Smart Contracts (13 okt)
https://labs.guard.io/etherhiding-hiding-web2-malicious-code-in-web3-smart-contracts-65ea78efad16

Threat Actors Exploit Atlassian Confluence CVE-2023-22515 for Initial Access to Networks (16 okt)
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-289a

The forgotten malvertising campaign (16 okt)
https://www.malwarebytes.com/blog/threat-intelligence/2023/10/the-forgotten-malvertising-campaign

Are typos still relevant as an indicator of phishing? (16 okt)
https://isc.sans.edu/diary/Are+typos+still+relevant+as+an+indicator+of+phishing/30316/

Discord, I Want to Play a Game (16 okt)
https://www.trellix.com/about/newsroom/stories/research/discord-i-want-to-play-a-game/

IT admins are just as culpable for weak password use (17 okt)
https://outpost24.com/blog/it-admins-weak-password-use/

Are You Sure Your Browser is Up to Date? The Current Landscape of Fake Browser Updates (17 okt)
https://www.proofpoint.com/us/blog/threat-insight/are-you-sure-your-browser-date-current-landscape-fake-browser-updates ..
The Fake Browser Update Scam Gets a Makeover (18 okt)
https://krebsonsecurity.com/2023/10/the-fake-browser-update-scam-gets-a-makeover/

Clever malvertising attack uses Punycode to look like KeePass’s official website (18 okt)
https://www.malwarebytes.com/blog/threat-intelligence/2023/10/clever-malvertising-attack-uses-punycode-to-look-like-legitimate-website

BlackCat Climbs the Summit With a New Tactic (18 okt)
https://unit42.paloaltonetworks.com/blackcat-ransomware-releases-new-utility-munchkin/

Government-backed actors exploiting WinRAR vulnerability (18 okt)
https://blog.google/threat-analysis-group/government-backed-actors-exploiting-winrar-vulnerability/

Multiple North Korean threat actors exploiting the TeamCity CVE-2023-42793 vulnerability (18 okt)
https://www.microsoft.com/en-us/security/blog/2023/10/18/multiple-north-korean-threat-actors-exploiting-the-teamcity-cve-2023-42793-vulnerability/

Unraveling Real-Life Attack Paths – Key Lessons Learned (18 okt)
https://thehackernews.com/2023/10/unraveling-real-life-attack-paths-key.html

There’s a new way to flip bits in DRAM, and it works against the latest defenses (19 okt)
https://arstechnica.com/security/2023/10/theres-a-new-way-to-flip-bits-in-dram-and-it-works-against-the-latest-defenses/

CERT-SE i veckan

Kritisk 0-day-sårbarhet i Confluence utnyttjas aktivt (uppdaterad 2023-10-17)

Oracles kvartalsvisa säkerhetsuppdatering för oktober 2023

Kritisk sårbarhet i Cisco IOS XE Software Web UI (Uppdaterad 2023-10-19)

Flera sårbarheter i Citrix Netscaler ADC och Netscaler Gateway (Uppdaterad 2023-10-19)