CERT-SE:s veckobrev v.7
Blandade nyheter från veckan som gått. Bland nyheterna finns information som gäller både nya och tidigare uppmärksammade angrepp mot samhällsviktig verksamhet. Det har även varit patchtisdag där vi uppmärksammat säkerhetsuppdateringar från Microsoft, Adobe och SAP.
Trevlig helg!
Nyheter i veckan
Fortifikationsverket överklagar Solnas beslut om staket (9 feb) https://www.mitti.se/nyheter/forsvar-overklagar-solnas-beslut-om-staket-6.3.201679.33c55f1a80
Inga personuppgifter uppges ha läckt i hackerattacken (9 feb) https://www.publikt.se/nyhet/inga-personuppgifter-uppges-ha-lackt-i-hackerattacken-25938
Juniper Support Portal Exposed Customer Device Info (9 feb) https://krebsonsecurity.com/2024/02/juniper-support-portal-exposed-customer-device-info/
20 års diarier krypterade för myndigheten – detta händer nu (11 feb) https://sverigesradio.se/artikel/20-ars-diarier-krypterade-for-myndigheten-det-har-hander-nu
Sjukhus utsätts för 1 000 it-attacker – varje vecka: ”Försvårar livet” (12 feb) https://www.tv4.se/artikel/fpbSsEDiInrPQfqju9pBM/sjukhus-utsaetts-foer-naera-100-it-attacker-varje-vecka-foersvarar-livet
Ransomware attack forces 100 Romanian hospitals to go offline (12 feb) https://www.bleepingcomputer.com/news/security/ransomware-attack-forces-100-romanian-hospitals-to-go-offline/
Warzone RAT Shut Down by Law Enforcement, Two Arrested (12 feb) https://www.securityweek.com/warzone-rat-shut-down-by-law-enforcement-two-arrested/
IT-problem i Växjö – akuten nådde inte patienters journaler (12 feb) https://sverigesradio.se/artikel/it-problem-i-vaxjo-akuten-nar-inte-patienters-journaler
Bumblebee Buzzes Back in Black (13 feb) https://www.proofpoint.com/us/blog/threat-insight/bumblebee-buzzes-back-black
Cyberattack lamslår batteritillverkaren Varta (14 feb) https://computersweden.se/article/1307869/cyberattack-lamslar-batteritillverkaren-varta.html
Nätverksproblem på Transportstyrelsen och 1177 lösta (14 feb) https://www.svt.se/nyheter/inrikes/stora-natverksproblem-pa-transportstyrelsen
U.S. Internet Crop. Leaked Years of Internal, Customer Emails (14 feb) https://krebsonsecurity.com/2024/02/u-s-internet-leaked-years-of-internal-customer-emails/
Bank of America wasn’t directly targeted in a recent cyber attack, it was just “hit in the crossfire” (15 feb) https://www.itpro.com/security/bank-of-america-wasnt-directly-targeted-in-a-recent-cyber-attack-it-was-just-hit-in-the-crossfire-and-that-should-serve-as-a-warning-over-supply-chain-risks
FBI Dismantles Ubiquiti Router Botnet Controlled by Russian Cyberspies (15 feb) https://www.securityweek.com/fbi-dismantles-ubiquiti-router-botnet-controlled-by-russian-cyberspies/ … https://www.justice.gov/opa/pr/justice-department-conducts-court-authorized-disruption-botnet-controlled-russian
OpenAI blocks state-sponsored hackers from using ChatGPT (15 feb) https://www.bleepingcomputer.com/news/security/openai-blocks-state-sponsored-hackers-from-using-chatgpt/
Tekniska problem med bokningssystemet för färdtjänst i Stockholm (16 feb) https://sverigesradio.se/artikel/fardtjanstbokningen-i-stockholm-ligger-nere
Rapporter och analyser
Munich Security Report: Perceived threat of cyberattacks reaches all-time high (12 feb) https://www.euractiv.com/section/cybersecurity/news/munich-security-report-perceived-threat-of-cyberattacks-reaches-all-time-high/
4 Ways Hackers use Social Engineering to Bypass MFA (12 feb) https://thehackernews.com/2024/02/4-ways-hackers-use-social-engineering.html
Hunter-Killer Malware Tactic Growing: Stealthy, Persistent and Aggressive (13 feb) https://www.securityweek.com/hunter-killer-malware-tactic-growing-stealthy-persistent-and-aggressive/
Just one bad packet can bring down a vulnerable DNS server thanks to DNSSEC (13 feb) https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/
How are attackers using QR codes in phishing emails and lure documents? (14 feb) https://blog.talosintelligence.com/how-are-attackers-using-qr-codes-in-phishing-emails-and-lure-documents/
Snap Trap: The Hidden Dangers within Ubuntu’s Package Suggestion System (14 feb) https://www.aquasec.com/blog/snap-trap-the-hidden-dangers-within-ubuntus-package-suggestion-system/
CERT-EU: Threat Landscape Report 2023 (15 feb) https://cert.europa.eu/publications/threat-intelligence/tlr2023/
Over 13,000 Ivanti gateways vulnerable to actively exploited bugs (15 feb) https://www.bleepingcomputer.com/news/security/over-13-000-ivanti-gateways-vulnerable-to-actively-exploited-bugs/
New Qbot malware variant uses fake Adobe installer popup for evasion (15 feb) https://www.bleepingcomputer.com/news/security/new-qbot-malware-variant-uses-fake-adobe-installer-popup-for-evasion/
TinyTurla Next Generation - Turla APT spies on Polish NGOs (15 feb) https://blog.talosintelligence.com/tinyturla-next-generation/
Flatlined: Analyzing Pulse Secure Firmware and Bypassing Integrity Checking (15 feb) https://eclypsium.com/blog/flatlined-analyzing-pulse-secure-firmware-and-bypassing-integrity-checking/
Informationssäkerhet och blandat
Extending the Breadth and Depth of our Partnerships - JCDC 2024 Priorities (12 feb) https://www.cisa.gov/news-events/news/extending-breadth-and-depth-our-partnerships-jcdc-2024-priorities
FCC Requires Telecom & VoIP Providers to Report PII Breaches (13 feb) https://www.darkreading.com/cybersecurity-operations/fcc-requires-telecom-voip-providers-to-report-pii-breaches
Bedömning av terrorhotet 2024 (13 feb) https://sakerhetspolisen.se/ovriga-sidor/nyheter/nyheter/2024-02-13-bedomning-av-terrorhotet-2024.html
Jubileumsbok om dataskyddet 50 år (15 feb) https://www.su.se/juridiska-institutionen/nyheter/jubileumsbok-om-dataskyddet-50-%C3%A5r-1.714646
European Court of Human Rights declares backdoored encryption is illegal (15 feb) https://www.theregister.com/2024/02/15/echr_backdoor_encryption/
CERT-SE i veckan
Allvarlig sårbarhet i SonicOS (13 feb) https://www.cert.se/2024/02/allvarlig-sarbarhet-i-sonicos.html
Adobes månatliga säkerhetsuppdateringar för februari 2024 (14 feb) https://www.cert.se/2024/02/adobes-manatliga-sakerhetsuppdateringar-for-februari-2024.html
Microsofts månatliga säkerhetsuppdateringar för februari 2024 (14 feb) https://www.cert.se/2024/02/microsofts-manatliga-sakerhetsuppdateringar-for-februari-2024.html
SAP:s månatliga säkerhetsuppdateringar för februari 2024 (14 feb) https://www.cert.se/2024/02/saps-manatliga-sakerhetsuppdateringar-for-februari-2024.html