CERT-SE:s veckobrev v.44
Veckans nyhetssvep bjuder på blandad läsning. Vi vill passa på att tipsa om ett rykande färskt poddavsnitt, där vi gästar Bli säker-podden och berättar om arbetet på CERT-SE och NCSC-SE: https://nikkasystems.com/2023/11/03/podd-222-vad-gor-cert-se-och-ncsc-se/
Årets CTF är nu avslutad och vi återkommer som vanligt med resultat och genomgång på vår hemsida. Tills dess, vill vi dela en fin video skapad av en av årets deltagare: https://www.youtube.com/watch?v=oFdY9hnn6KM
Trevlig Allhelgonahelg önskar CERT-SE!
Nyheter i veckan
Over a million Windows and Linux systems infected by this tricky new malware (27 okt)
https://www.techradar.com/pro/security/over-a-million-windows-and-linux-systems-infected-by-this-tricky-new-malware
CISA Announces Launch of Logging Made Easy (27 okt)
https://www.cisa.gov/news-events/alerts/2023/10/27/cisa-announces-launch-logging-made-easy
Simulerad cyberattack - En övning för att stärka länets samverkansförmåga (27 okt)
https://www.lansstyrelsen.se/ostergotland/om-oss/nyheter-och-press/nyheter---ostergotland/2023-10-27-en-ovning-for-att-starka-lanets-samverkansformaga.html
F5 Labs Report Reveals Rise in Malicious Automation (29 okt)
https://thefintechtimes.com/f5-labs-mitigating-the-menace-strategies-for-defending-digital-identities/
Hackers could track you across the globe due to this worrying smartphone security flaw (29 okt)
https://www.techradar.com/pro/security/hackers-could-track-you-across-the-globe-due-to-this-worrying-smartphone-security-flaw
Störningar hos Tele2 - trygghetslarm påverkas (30 okt)
https://www.svt.se/nyheter/inrikes/storningar-hos-tele2-1
Stanford Investigating Cyber Incident, Ransomware Threat (30 okt)
https://www.govtech.com/education/higher-ed/stanford-investigating-cyber-incident-ransomware-threat
20 scary cybersecurity facts and figures for a haunting Halloween (30 okt)
https://www.welivesecurity.com/en/cybersecurity/20-scary-cybersecurity-facts-figures-haunting-halloween/
Nätfiskarna använder sig allt oftare av QR-koder (31 okt)
https://www.aktuellsakerhet.se/natfiskarna-anvander-sig-allt-oftare-av-qr-koder/
Alliance of 40 countries to vow not to pay ransom to cybercriminals, US says (31 okt)
https://www.reuters.com/technology/alliance-40-countries-vow-not-pay-ransom-cybercriminals-us-says-2023-10-31/
British Library suffering major technology outage after cyber-attack (31 okt)
https://www.theguardian.com/books/2023/oct/31/british-library-suffering-major-technology-outage-after-cyber-attack
‘Mass exploitation’ of Citrix Bleed underway as ransomware crews pile in (31 okt)
https://www.theregister.com/2023/10/31/mass_exploitation_citrix_bleed/
Mandiant Investigation of Session Hijacking via Citrix NetScaler ADC and Gateway Vulnerability (31 okt)
https://www.mandiant.com/resources/blog/session-hijacking-citrix-cve-2023-4966
Toronto Public Library outages caused by Black Basta ransomware attack (1 nov)
https://www.bleepingcomputer.com/news/security/toronto-public-library-outages-caused-by-black-basta-ransomware-attack/
Major Mexican airport confirms experts are working to address cyberattack (1 nov)
https://therecord.media/queretaro-international-airport-mexico-cyberattack
A ‘kill switch’ deliberately shut down notorious Mozi botnet, researchers say (1 nov)
https://therecord.media/mozi-botnet-killswitch-shut-down
3,000 Apache ActiveMQ servers vulnerable to RCE attacks exposed online (1 nov)
https://www.bleepingcomputer.com/news/security/3-000-apache-activemq-servers-vulnerable-to-rce-attacks-exposed-online/
Hackers use Citrix Bleed flaw in attacks on govt networks worldwide (1 nov)
https://www.bleepingcomputer.com/news/security/hackers-use-citrix-bleed-flaw-in-attacks-on-govt-networks-worldwide/
A Ukrainian Company Shares Lessons in Wartime Resilience (1 nov)
https://www.darkreading.com/edge/ukraine-company-lessons-wartime-resilience
FIRST Announces CVSS 4.0 - New Vulnerability Scoring System (2 nov)
https://thehackernews.com/2023/11/first-announces-cvss-40-new.html
…
https://www.first.org/cvss/v4-0/index.html
HelloKitty ransomware deployed via critical Apache ActiveMQ flaw (2 nov)
https://www.csoonline.com/article/657956/hellokitty-ransomware-deployed-via-critical-apache-activemq-flaw.html
Boeing says ‘cyber incident’ hit parts business after ransom threat (nov 2)
https://www.reuters.com/business/aerospace-defense/boeing-investigating-cyber-incident-affecting-parts-business-2023-11-01/
Nearly 5,000 Okta employees affected by third-party data breach (2 nov)
https://therecord.media/okta-employees-impacted-by-third-party-breach
Researchers Find 34 Windows Drivers Vulnerable to Full Device Takeover (2 nov)
https://thehackernews.com/2023/11/researchers-find-34-windows-drivers.html
Ace Hardware says 1,202 devices were hit during cyberattack (2 nov)
https://www.bleepingcomputer.com/news/security/ace-hardware-says-1-202-devices-were-hit-during-cyberattack/
“Take immediate action” to patch your Confluence Data Center and Server instances (2 nov)
https://www.malwarebytes.com/blog/news/2023/11/atlassian-take-immediate-action-to-patch-your-confluence-data-center-and-server-instances
Akamai - Ransomware on the Move - Evolving Exploitation Techniques and the Active Pursuit of Zero-Days
https://www.akamai.com/resources/state-of-the-internet/ransomware-on-the-move
Informationssäkerhet och blandat
G7-länderna överens om uppförandekod för AI (30 okt)
https://computersweden.idg.se/2.2683/1.780302/g7-landerna-overens-om-uppforandekod-for-ai
Natointrädet ställer nya krav på informationsdelning – ”det kommer en lavin” (30 okt)
https://computersweden.idg.se/2.2683/1.780296/natointradet-paverkar-hela-samhallet--en-lavin-av-ny-information
IMY yttrar sig över förslag till förändrad datalagring (30 okt)
https://www.imy.se/nyheter/imy-yttrar-sig-over-forslag-till-forandrad-datalagring/
The cyber workforce gap is growing (31 okt)
https://www.nextgov.com/cybersecurity/2023/10/cyber-workforce-gap-growing/391618/
Carl Bildt får uppdraget att göra en översyn av Sveriges underrättelseverksamhet (31 okt)
https://www.aktuellsakerhet.se/carl-bildt-far-uppdraget-att-gora-en-oversyn-av-sveriges-underrattelseverksamhet/
Sluta inte att tänka säkert! (1 nov)
https://www.imy.se/blogg/sluta-inte-att-tanka-sakert/
UK’s National Crime Agency Establishes Crypto Investigation Team (2 nov)
https://mpost.io/uks-national-crime-agency-establishes-crypto-investigation-team/
EU digital ID reforms should be ‘actively resisted’, say experts (2 nov)
https://www.computerweekly.com/news/366557952/EU-eIDAS-reforms-should-be-actively-resisted-say-experts
The State of IT Security in Germany in 2023 (2 nov)
https://www.bsi.bund.de/EN/Service-Navi/Publikationen/Lagebericht/lagebericht_node.html
Mitre Att&CK V14 Released (2 nov)
https://www.helpnetsecurity.com/2023/11/02/mitre-attck-v14/
FIRST Common Vulnerability Scoring System 4.0
https://first.org/cvss
Utbildning i FIRST CVSS 4.0
https://learn.first.org/
Crate-CTF - En tävling i cybersäkerhet den 18 november
https://foi.se/forskning/informationssakerhet/crate---sveriges-nationella-cyberanlaggning-for-totalforsvaret/crate-ctf---en-tavling-i-cybersakerhet.html?openExpanderWith=CTF%3Aen%2CCTF
CERT-SE i veckan
Kritisk sårbarhet i Apache ActiveMQ (uppdaterad)
Kritisk sårbarhet i Cisco IOS XE Software Web UI (uppdaterad)