CERT-SE:s veckobrev v.42
Den senaste veckan har CERT-SE publicerat och uppdaterat flera artiklar om sårbarheter som utnyttjas aktivt. Installera säkerhetsuppdateringar så snart som möjligt och följ tillverkarnas rekommendationer i övrigt. För den som har en stund över är CERT-SE:s CTF tillgänglig fram till sista oktober. Den hittar ni här.
Trevlig helg önskar CERT-SE!
Nyheter i veckan
HTTP/2 Rapid Reset’ Zero-Day Exploited to Launch Largest DDoS Attacks in History (10 okt)
https://www.securityweek.com/rapid-reset-zero-day-exploited-to-launch-largest-ddos-attacks-in-history/
Europe mulls open sourcing TETRA emergency services’ encryption algorithms (12 okt)
https://www.theregister.com/2023/10/12/etsi_tetra_open_source/
…
Rakel-systemets krypteringsalgoritm kan bli öppen källkod (16 okt)
https://computersweden.idg.se/2.2683/1.780201/europa-overvager-att-gora-raddningstjanstens-krypteringsalgoritm-till-oppen-kallkod
Void Rabisu Targets Female Political Leaders with New Slimmed-Down ROMCOM Variant (13 okt)
https://www.trendmicro.com/en_se/research/23/j/void-rabisu-targets-female-leaders-with-new-romcom-variant.html
DarkGate malware spreads through compromised Skype accounts (14 okt)
https://www.bleepingcomputer.com/news/security/darkgate-malware-spreads-through-compromised-skype-accounts/
..
DarkGate Opens Organizations for Attack via Skype, Teams (12 okt)
https://www.trendmicro.com/en_ph/research/23/j/darkgate-opens-organizations-for-attack-via-skype-teams.html
Liberalerna segrade i Ålands lagtingsval – åländska medier utsattes för överbelastningsattack under valkvällen (15 okt)
https://svenska.yle.fi/a/7-10043585
How hackers piled onto the Israeli-Hamas conflict (15 okt)
https://www.politico.eu/article/israel-hamas-war-hackers-cyberattacks/
Steam enforces SMS verification to curb malware-ridden updates (15 okt)
https://www.bleepingcomputer.com/news/security/steam-enforces-sms-verification-to-curb-malware-ridden-updates/
Kansas Supreme Court Probes Potential Ransomware Attack (16 okt)
https://www.govinfosecurity.com/kansas-supreme-court-probes-potential-ransomware-attack-a-23320
Sveriges cybersäkerhet rankas sämst i Norden (16 okt)
https://computersweden.idg.se/2.2683/1.780204/sveriges-cybersakerhet-rankas-samst-i-norden
Hackers steal sensitive info of thousands of Sony employees (16 okt)
https://www.pandasecurity.com/en/mediacenter/mobile-news/sony-employees-hack/
Försvarsmakten: Främmande makt förbereder cyberangrepp mot Sverige (16 okt)
https://www.svt.se/nyheter/inrikes/forsvarsmakten-frammande-makt-forbereder-cyberangrepp-mot-sverige
..
Transportsektorn och Försvarsmakten i gemensam övning mot cyberhot (16 okt)
https://foi.se/nyheter-och-press/nyheter/2023-10-16-transportsektorn-och-forsvarsmakten-i-gemensam-ovning-mot-cyberhot.html
Signal says there is no evidence rumored zero-day bug is real (16 okt)
https://www.bleepingcomputer.com/news/security/signal-says-there-is-no-evidence-rumored-zero-day-bug-is-real/
CERT-UA Reports: 11 Ukrainian Telecom Providers Hit by Cyberattacks (17 okt)
https://thehackernews.com/2023/10/cert-ua-reports-11-ukrainian-telecom.html
Crackdown on nuclear firm after cyber security ‘shortfalls’ (18 okt)
https://theferret.scot/cyber-security-nuclear-security-crackdown/
Finland Charges Psychotherapy Hacker With Extortion (18 okt)
https://www.securityweek.com/finland-charges-psychotherapy-hacker-with-extortion/
D-Link confirms data breach, but downplayed the impact (18 okt)
https://securityaffairs.com/152631/hacking/d-link-confirmed-data-breach.html
Twitter glitch allows CIA informant channel to be hijacked (18 okt)
https://www.bbc.com/news/technology-67137773
Cybersäkerhet en allt tyngre budgetpost – mest kostar det för vården (18 okt)
https://computersweden.idg.se/2.2683/1.780221/cybersakerhet-en-allt-tyngre-budgetpost-mest-kostar-det-for-varden
..
Ny global rapport om cybersäkerhet: Dataintrången alltmer kostsamma
https://www.pwc.se/sv/cyber-security/digital-trust-insights.html
23andMe Users’ Info Leaked Again, Millions of Records Found on Dark Web (19 okt)
https://gizmodo.com/23andme-users-info-leaked-again-records-found-dark-web-1850942298
Dataintrång sprids från en organisation till en annan – sätt stopp för nätfiske (20 okt)
https://www.kyberturvallisuuskeskus.fi/sv/dataintrang-sprids-fran-en-organisation-till-en-annan-satt-stopp-natfiske
Informationssäkerhet och blandat
Understanding DNS Tunneling Traffic in the Wild (13 okt)
https://unit42.paloaltonetworks.com/dns-tunneling-in-the-wild/
“EtherHiding” — Hiding Web2 Malicious Code in Web3 Smart Contracts (13 okt)
https://labs.guard.io/etherhiding-hiding-web2-malicious-code-in-web3-smart-contracts-65ea78efad16
Threat Actors Exploit Atlassian Confluence CVE-2023-22515 for Initial Access to Networks (16 okt)
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-289a
The forgotten malvertising campaign (16 okt)
https://www.malwarebytes.com/blog/threat-intelligence/2023/10/the-forgotten-malvertising-campaign
Are typos still relevant as an indicator of phishing? (16 okt)
https://isc.sans.edu/diary/Are+typos+still+relevant+as+an+indicator+of+phishing/30316/
Discord, I Want to Play a Game (16 okt)
https://www.trellix.com/about/newsroom/stories/research/discord-i-want-to-play-a-game/
IT admins are just as culpable for weak password use (17 okt)
https://outpost24.com/blog/it-admins-weak-password-use/
Are You Sure Your Browser is Up to Date? The Current Landscape of Fake Browser Updates (17 okt)
https://www.proofpoint.com/us/blog/threat-insight/are-you-sure-your-browser-date-current-landscape-fake-browser-updates
..
The Fake Browser Update Scam Gets a Makeover (18 okt)
https://krebsonsecurity.com/2023/10/the-fake-browser-update-scam-gets-a-makeover/
Clever malvertising attack uses Punycode to look like KeePass’s official website (18 okt)
https://www.malwarebytes.com/blog/threat-intelligence/2023/10/clever-malvertising-attack-uses-punycode-to-look-like-legitimate-website
BlackCat Climbs the Summit With a New Tactic (18 okt)
https://unit42.paloaltonetworks.com/blackcat-ransomware-releases-new-utility-munchkin/
Government-backed actors exploiting WinRAR vulnerability (18 okt)
https://blog.google/threat-analysis-group/government-backed-actors-exploiting-winrar-vulnerability/
Multiple North Korean threat actors exploiting the TeamCity CVE-2023-42793 vulnerability (18 okt)
https://www.microsoft.com/en-us/security/blog/2023/10/18/multiple-north-korean-threat-actors-exploiting-the-teamcity-cve-2023-42793-vulnerability/
Unraveling Real-Life Attack Paths – Key Lessons Learned (18 okt)
https://thehackernews.com/2023/10/unraveling-real-life-attack-paths-key.html
There’s a new way to flip bits in DRAM, and it works against the latest defenses (19 okt)
https://arstechnica.com/security/2023/10/theres-a-new-way-to-flip-bits-in-dram-and-it-works-against-the-latest-defenses/
CERT-SE i veckan
Kritisk 0-day-sårbarhet i Confluence utnyttjas aktivt (uppdaterad 2023-10-17)
Oracles kvartalsvisa säkerhetsuppdatering för oktober 2023
Kritisk sårbarhet i Cisco IOS XE Software Web UI (Uppdaterad 2023-10-19)
Flera sårbarheter i Citrix Netscaler ADC och Netscaler Gateway (Uppdaterad 2023-10-19)