CERT-SE:s veckobrev v.45
CERT-SE:s omvärldsbevakning denna novembervecka inkluderar rapporter om cyberincidenter hos allt från svenska skolor till casinon. Vi tipsar även om ett antal läsvärda rapporter samt MSB:s serie av webbinarier om olika aspekter av informationssäkerhet, bland annat incidenthantering och säkerhetsåtgärder i informationssystem.
Behöver du råd och stöd kring hur din organisation ska utforma er incidenthanteringsprocess, så har MSB även en rådgivningstjänst för systematiskt informationssäkerhetsarbete: https://www.msb.se/sv/verktyg--tjanster/radgivningstjanst-for-systematiskt-informationssakerhetsarbete
Trevlig helg önskar CERT-SE!
Nyheter i veckan
New Microsoft Exchange zero-days allow RCE, data theft attacks (3 nov) https://www.bleepingcomputer.com/news/microsoft/new-microsoft-exchange-zero-days-allow-rce-data-theft-attacks
Post Mortem on Cloudflare Control Plane and Analytics Outage (4 nov) https://blog.cloudflare.com/post-mortem-on-cloudflare-control-plane-and-analytics-outage
Apple ‘Find My’ network can be abused to steal keylogged passwords (4 nov) https://www.bleepingcomputer.com/news/apple/apple-find-my-network-can-be-abused-to-steal-keylogged-passwords
Discord will switch to temporary file links to block malware delivery (4 nov) https://www.bleepingcomputer.com/news/security/discord-will-switch-to-temporary-file-links-to-block-malware-delivery
‘Scam-in-a-box’: MyGov suspends thousands of accounts linked to dark web fraud kits (5 nov) https://www.theguardian.com/australia-news/2023/nov/06/scam-in-a-box-mygov-suspends-thousands-of-accounts-linked-to-dark-web-kits
American Airlines Pilot Union Recovering After Ransomware Attack (6 nov) https://www.securityweek.com/american-airlines-pilot-union-recovering-after-ransomware-attack
Attacker mot Sverige väntas när ryska hackare erbjuder botnet som tjänst (6 nov) https://computersweden.idg.se/2.2683/1.780345/efter-attack-mot-sverige-nu-erbjuder-ryska-hackare-botnet-som-tjanst
New Jupyter Infostealer Version Emerges with Sophisticated Stealth Tactics (6 nov) https://thehackernews.com/2023/11/new-jupyter-infostealer-version-emerges.html
Emphasizing Security by Default with Advanced Microsoft Authenticator Features (6 nov) https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/emphasizing-security-by-default-with-advanced-microsoft/ba-p/3773130
New Gootloader Malware Variant Harder to Detect, Block (6 nov) https://duo.com/decipher/new-gootloader-malware-variant-harder-to-detect-block
Cybercrime service bypasses Android security to install malware (6 nov) https://www.bleepingcomputer.com/news/security/cybercrime-service-bypasses-android-security-to-install-malware
Sveriges domstolars webbsida utsatt för attack: ”Jobbar febrilt på att lösa det här” (7 nov) https://www.nyteknik.se/it-sakerhet/sveriges-domstolars-webbsida-utsatt-for-attack-jobbar-febrilt-pa-att-losa-det-har/4206945
Umeåskola drabbad av cyberattack: ”Frustrerande” (7 nov) https://sverigesradio.se/artikel/umeaskola-drabbad-av-cyberattack
Ransomware Gang Leaks Data Allegedly Stolen From Canadian Hospitals (7 nov) https://www.securityweek.com/ransomware-gang-leaks-data-allegedly-stolen-from-canadian-hospital
What are Kerberoasting attacks and how do you stop them? (7 nov) https://www.itpro.com/security/what-are-kerberoasting-attacks-and-how-do-you-stop-them
India most targeted in cyber attacks: Report (7 nov) https://www.newindianexpress.com/business/2023/nov/07/india-most-targeted-incyber-attacks-report-2630842.html
Experts Expose Farnetwork’s Ransomware-as-a-Service Business Model (8 nov) https://thehackernews.com/2023/11/experts-expose-farnetworks-ransomware.html
Optus outage: Millions affected by Australian network failure (8 nov) https://www.bbc.com/news/world-australia-67340901
OpenAI confirms DDoS attacks behind ongoing ChatGPT outages (9 nov) https://www.bleepingcomputer.com/news/security/openai-confirms-ddos-attacks-behind-ongoing-chatgpt-outages
Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology (9 nov) https://www.mandiant.com/resources/blog/sandworm-disrupts-power-ukraine-operational-technology
Microsoft briefly restricted employee access to OpenAI’s ChatGPT, citing security concerns (9 nov) https://www.cnbc.com/2023/11/09/microsoft-restricts-employee-access-to-openais-chatgpt.html
ICBC hit by ransomware impacting global trades (10 nov) https://www.theregister.com/2023/11/10/icbc_ransomware
Rapporter och analyser
Next steps in preparing for post-quantum cryptography (3 nov) https://www.ncsc.gov.uk/whitepaper/next-steps-preparing-for-post-quantum-cryptography
Q3 2023 Threat Horizons Report (3 nov)
https://services.google.com/fh/files/blogs/gcat_threathorizons_full_oct2023.pdf
..
Google Warns How Hackers Could Abuse Calendar Service as a Covert C2 Channel (6 nov)
https://thehackernews.com/2023/11/google-warns-of-hackers-absing-calendar.html
CERT-EU Cyber Security Brief 23-11 - October 2023 (6 nov) https://cert.europa.eu/publications/threat-intelligence/cb23-11/
FEMA and CISA Release Joint Guidance on Planning Considerations for Cyber Incidents (7 nov) https://www.cisa.gov/news-events/alerts/2023/11/07/fema-and-cisa-release-joint-guidance-planning-considerations-cyber-incidents
FBI Highlights Emerging Initial Access Methods Used by Ransomware Groups (8 nov)
https://www.securityweek.com/fbi-highlights-emerging-initial-access-methods-used-by-ransomware-groups
..
Ransomware Actors Continue to Gain Access through Third Parties and Legitimate System Tools (7 nov)
https://www.aha.org/system/files/media/file/2023/11/bi-tlp-clear-pin-ransomware-actors-continue-to-gain-access-through-third-parties-and-legitimate-system-tools-11-7-23.pdf
Informationssäkerhet och blandat
Transit App Shows Rat Activity on the NYC Subway (6 nov) https://laughingsquid.com/transit-app-nyc-subway-rat-detector
Nu går ”småföretagens fluortant” på offensiv mot cyberbrott (6 nov) https://computersweden.idg.se/2.2683/1.780327/stoldskyddsforeningen-pa-offensiv-mot-cyberbrott--en-fluortant-for-smaforetag
Företagens stora skräck – att bli kapad (6 nov) https://www.dagensps.se/foretag/foretagens-stora-skrack-att-bli-kapad/
Larmet: Risk för IT-attack i kommunen (6 nov) https://www.mitti.se/nyheter/larmet-risk-for-itattack-i-kommunen-6.3.182635.cb934f18fa
Offensive and Defensive AI: Let’s Chat(GPT) About It (7 nov) https://thehackernews.com/2023/11/offensive-and-defensive-ai-lets-chatgpt.html
7 free cyber threat maps showing attack intensity and frequency (7 nov) https://www.helpnetsecurity.com/2023/11/07/free-cyber-threat-maps
What the QWAC?! (7 nov) https://scotthelme.co.uk/what-the-qwac
Offensive and Defensive AI: Let’s Chat(GPT) About It (7 nov) https://thehackernews.com/2023/11/offensive-and-defensive-ai-lets-chatgpt.html
85% of people worry about online disinformation, global survey finds (7 nov) https://www.theguardian.com/technology/2023/nov/07/85-of-people-worry-about-online-disinformation-global-survey-finds
Marina Bay Sands in Singapore suffers a data breach (8 nov) https://cybersafe.news/marina-bay-sands-in-singapore-suffers-a-data-breach
Webbinarieserien ”Informationssäkerhet i fokus” https://www.msb.se/sv/amnesomraden/informationssakerhet-cybersakerhet-och-sakra-kommunikationer/systematiskt-informationssakerhetsarbete/webbinarier
CERT-SE i veckan
Kritisk sårbarhet i Atlassian Confluence (uppdaterad)
Flera sårbarheter i Citrix Netscaler ADC och Netscaler Gateway (uppdaterad)