CERT-SE:s veckobrev v.46

Ännu en patch-tisdag har passerat med säkerhetsuppdateringar från olika tillverkare. CERT-SE:s omvärldsbevakning denna vecka innehåller ytterligare publiceringar av rättade sårbarheter, en samling rapporter och annan intressant läsning.

Missa inte lördagens CTF-händelse: FOI ordnar årets uppsättning av Crate-CTF

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Gone phishing: Hackers leverage automation to launch MFA attacks and SEO poisoning (13 nov) https://www.scmagazine.com/perspective/hackers-leverage-automation-to-launch-email-and-mfa-attacks

DP World: Australia sites back online after cyber-attack (13 nov) https://www.bbc.com/news/business-67400164

CISA warns of actively exploited Juniper pre-auth RCE exploit chain (13 nov) https://www.bleepingcomputer.com/news/security/cisa-warns-of-actively-exploited-juniper-pre-auth-rce-exploit-chain/

In a first, cryptographic keys protecting SSH connections stolen in new attack (13 nov) https://arstechnica.com/security/2023/11/hackers-can-steal-ssh-cryptographic-keys-in-new-cutting-edge-attack/

Luleå måste öka takten – lägger miljoner på it-säkerhet (14 nov) https://sverigesradio.se/artikel/lulea-tvingas-oka-takten-lagger-miljoner-pa-it-sakerhet

Hackers are exploiting ‘CitrixBleed’ bug in the latest wave of mass cyberattacks (14nov) https://techcrunch.com/2023/11/14/citrix-bleed-critical-bug-ransomware-mass-cyberattacks/

After Critical Bug Disclosures, TETRA Emergency Comms Code Goes Public (15 nov) https://www.darkreading.com/ics-ot/critical-bug-tetra-emergency-comms-code-public

Official City of Long Beach Statement Regarding a Network Security Incident Targeting City Systems (15 nov) https://www.longbeach.gov/latest-news/official-city-of-long-beach-statement ..
Long Beach, California turns off IT systems after cyberattack (16 nov) https://www.bleepingcomputer.com/news/security/long-beach-california-turns-off-it-systems-after-cyberattack/

Royal Mail jeopardizes users with open redirect flaw (15 nov) https://cybernews.com/security/royal-mail-open-redirect-flaw/

Australia’s critical infrastructure under regular and rising attack from hackers, ASD warn (15 nov) https://www.theguardian.com/australia-news/2023/nov/15/cyberattack-warning-dp-world-australia-infrastructure

CISA AA23-319A | #StopRansomware: Rhysida Ransomware (15 nov) https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-319a

Google search ads abused to spread ransomware by ALPHV/BlackCat gang (15 nov) https://www.scmagazine.com/news/google-search-ads-abused-to-spread-ransomware-by-alphv-blackcat-gang

MySQL servers targeted by ‘Ddostf’ DDoS-as-a-Service botnet (16 nov) https://www.bleepingcomputer.com/news/security/mysql-servers-targeted-by-ddostf-ddos-as-a-service-botnet/

CISA AA23-320A | Scattered Spider (16 nov) https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-320a ..
FBI shares tactics of notorious Scattered Spider hacker collective (17 nov) https://www.bleepingcomputer.com/news/security/fbi-shares-tactics-of-notorious-scattered-spider-hacker-collective/

Toyota confirms breach after Medusa ransomware threatens to leak data (16 nov) https://www.bleepingcomputer.com/news/security/toyota-confirms-breach-after-medusa-ransomware-threatens-to-leak-data/

Europol and Eurojust support Czech and Ukrainian police in taking down multi-million euro voice phishing gang (16 nov) https://www.europol.europa.eu/media-press/newsroom/news/europol-and-eurojust-support-czech-and-ukrainian-police-in-taking-down-multi-million-euro-voice-phishing-gang

Rapporter och analyser

Hive Ransomware’s Offspring: Hunters International Takes the Stage (9 nov) https://www.bitdefender.com/blog/businessinsights/hive-ransomwares-offspring-hunters-international-takes-the-stage/

Bitter Pill: Third-Party Pharmaceutical Vendor Linked to Pharmacy and Health Clinic Cyberattack (9 nov) https://www.huntress.com/blog/third-party-pharmaceutical-vendor-linked-to-pharmacy-and-health-clinic-cyberattack

Same threats, different ransomware (10 nov) https://news.sophos.com/en-us/2023/11/10/vice-society-and-rhysida-ransomware/

Ransomware Attacks against the Energy Sector on the rise - Nuclear and Oil & Gas are Major Targets in 2024 (12 nov) https://www.resecurity.com/blog/article/ransomware-attacks-against-the-energy-sector-on-the-rise-nuclear-and-oil-gas-are-major-targets-2024

Report: The attack against Danish, critical infrastructure (12 nov) https://sektorcert.dk/wp-content/uploads/2023/11/SektorCERT-The-attack-against-Danish-critical-infrastructure-TLP-CLEAR.pdf

NCSC warns of enduring and significant threat to UK’s critical infrastructure (14 nov) https://www.ncsc.gov.uk/news/ncsc-warns-enduring-significant-threat-to-uks-critical-infrastructure ..
NCSC Annual Review 2023: https://www.ncsc.gov.uk/collection/annual-review-2023

ASD Cyber Threat Report 2022-2023 (14 nov) https://www.cyber.gov.au/about-us/reports-and-statistics/asd-cyber-threat-report-july-2022-june-2023

Center for Cybersikkerhed udgiver årsberetning for 2022 (15 nov) https://www.cfcs.dk/da/nyheder/2023/center-for-cybersikkerhed-udgiver-arsberetning-for-2022/

Lockbit Overview November 2023 : Access, Encryption, Exfiltration & Mitigation https://www.fsisac.com/knowledge ..
Report: https://www.fsisac.com/hubfs/Knowledge/LockBit-AccessEncryptionExfiltrationMitigation.pdf

LockBit ransomware group assemble strike team to breach banks, law firms and governments (14 nov) https://doublepulsar.com/lockbit-ransomware-group-assemble-strike-team-to-breach-banks-law-firms-and-governments-4220580bfcee

Cybersecurity Investment: Spotlight on Vulnerability Management (16 nov) https://www.enisa.europa.eu/news/cybersecurity-investment-spotlight-on-vulnerability-management ..
NIS Investments Report 2023: https://www.enisa.europa.eu/publications/nis-investments-2023

Zimbra 0-day used to target international government organizations (16 nov) https://blog.google/threat-analysis-group/zimbra-0-day-used-to-target-international-government-organizations/

Informationssäkerhet och blandat

International Counter Ransomware Initiative 2023 Joint Statement (1 nov) https://www.whitehouse.gov/briefing-room/statements-releases/2023/11/01/international-counter-ransomware-initiative-2023-joint-statement/

Enhanced EU-Ukraine cooperation in Cybersecurity (13 nov) https://www.enisa.europa.eu/news/enhanced-eu-ukraine-cooperation-in-cybersecurity

Business Continuity in a Box (13 nov) https://www.cisa.gov/resources-tools/resources/business-continuity-box

Telenor-sjefen ber om Nato-hjelp mot trusler (13 nov) https://www.tv2.no/nyheter/utenriks/telenor-sjefen-ber-om-nato-hjelp-mot-trusler/16198449/

Credit card skimming on the rise for the holiday shopping season (14 nov) https://www.malwarebytes.com/blog/threat-intelligence/2023/11/credit-card-skimming-on-the-rise-for-the-holiday-shopping-season

EU Commission pitches double reporting of open security loopholes in cybersecurity law (15 nov) https://www.euractiv.com/section/cybersecurity/news/eu-commission-pitches-double-reporting-of-open-security-loopholes-in-cybersecurity-law/

2023 Holiday Scam Predictions—Here’s What You Should Know (15 nov) https://www.proofpoint.com/us/blog/security-awareness-training/holiday-scam-predictions

Varning för “Svarta månaden”: Så skyddar du dig (16 nov) https://sakerhetskollen.se/aktuella-brott/varning-for-svarta-manaden-sa-skyddar-du-dig

How DDoS attacks are taking down even the largest tech companies (16 nov) https://www.bleepingcomputer.com/news/security/how-ddos-attacks-are-taking-down-even-the-largest-tech-companies/

Ukraine Tracks a Record Number of Cyber Incidents During War (16 nov) https://www.bankinfosecurity.com/ukraine-tracks-record-number-cyber-incidents-during-war-a-23606

7 common mistakes companies make when creating an incident response plan and how to avoid them (16 nov) https://blog.talosintelligence.com/seven-common-mistakes-companies-make-when-creating-an-incident-response-plan-and-how-to-avoid-them/

3 Ways Behavioral Economics Obstructs Cybersecurity (16 nov) https://www.darkreading.com/vulnerabilities-threats/3-ways-behavioral-economics-obstructs-cybersecurity

Threat Intel: To Share or Not to Share is Not the Question (16 nov) https://www.securityweek.com/threat-intel-to-share-or-not-to-share-is-not-the-question/

CERT-SE i veckan

Flera kritiska sårbarheter i produkter från Aruba Networks

Kritisk sårbarhet i VMware Cloud Director Appliance

Adobes månatliga säkerhetsuppdateringar för november 2023

Microsofts månatliga säkerhetsuppdateringar för november 2023