CERT-SE:s veckobrev v.17
Ett lite kortare veckobrev denna vecka. Bland händelserna finns angrepp och tekniska problem som drabbat svenska verksamheter samt flera analyser av sårbarheter och tillvägagångssätt. Dessutom har Försvarsberedningen släppt sin slutrapport Stärkt försvarsförmåga.
Trevlig helg!
Nyheter i veckan
MITRE Response to Cyber Attack in One of Its R&D Networks (19 apr) https://www.mitre.org/news-insights/news-release/mitre-response-cyber-attack-one-its-rd-networks
A French hospital was forced to reschedule procedures after cyberattack (20 apr) https://securityaffairs.com/162057/hacking/french-hospital-cyber-attack.html
Sveriges Radios sajt och app drabbades av tekniska problem (20 apr) https://sverigesradio.se/artikel/sveriges-radios-sajt-och-app-drabbades-av-tekniska-problem
Rural Texas Towns Report Cyberattacks That Caused One Water System to Overflow (22 apr) https://www.securityweek.com/rural-texas-towns-report-cyberattacks-that-caused-one-water-system-to-overflow/
Teliaproblem i hela landet – sjukhus drabbade (22 apr) https://www.svt.se/nyheter/inrikes/teliaproblem-i-hela-landet-sjukhus-drabbade
Russian FSB Counterintelligence Chief Gets 9 Years in Cybercrime Bribery Scheme (22 apr) https://krebsonsecurity.com/2024/04/russian-fsb-counterintelligence-chief-gets-9-years-in-cybercrime-bribery-scheme/
Leicester street lights stuck on all day due to cyber attack (22 apr) https://www.leicestermercury.co.uk/news/leicester-news/leicester-street-lights-stuck-day-9240197
UnitedHealth data leak may affect ‘substantial’ swath of US (23 apr) https://www.miamiherald.com/news/business/article287928188.html
The Battle Continues: Mandiant Report Shows Improved Detection But Persistent Adversarial Success (23 apr) https://www.securityweek.com/the-battle-continues-mandiant-report-shows-improved-detection-but-persistent-adversarial-success/
Risk för varubrist på Systemet efter it-attack (23 apr) https://www.svt.se/nyheter/inrikes/risk-for-varubrist-pa-systemet-efter-it-attack
Jätteövning i Nato ska stärka försvar mot cyberattacker (24 apr) https://sverigesradio.se/play/artikel/8644541
Åtgärder för ett säkrare digitalt privatliv (24 apr) https://www.ncsc.se/aktuellt/atgarder-for-ett-sakrare-digitalt-privatliv/
Länet delade lärdomar från de senaste IT-attackerna (24 apr) https://www.lansstyrelsen.se/jamtland/om-oss/nyheter-och-press/nyheter---jamtland/2024-04-24-lanet-delade-lardomar-fran-de-senaste-it-attackerna.html
1177 ligger nere – går inte att logga in (24 apr) https://www.expressen.se/nyheter/sverige/1177-ligger-nere-gar-inte-att-logga-in/
Norskt luftrum har stängts (25 apr) https://www.aftonbladet.se/nyheter/a/mP6gg0/norskt-luftrum-har-stangts
Rapporter och analyser
Evil XDR: Researcher Turns Palo Alto Software Into Perfect Malware (19 apr) https://www.darkreading.com/application-security/evil-xdr-researcher-turns-palo-alto-software-into-perfect-malware
Researchers claim Windows Defender can be fooled into deleting databases (22 apr) https://www.theregister.com/2024/04/22/edr_attack_remote_data_deletion/
Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials (22 apr) https://www.microsoft.com/en-us/security/blog/2024/04/22/analyzing-forest-blizzards-custom-post-compromise-tool-for-exploiting-cve-2022-38028-to-obtain-credentials/
What is a brute force attack? (24 apr) https://proton.me/blog/what-is-brute-force-attack
2023: A ‘Good’ Year for OT Cyberattacks (24 apr) https://www.darkreading.com/endpoint-security/2023-good-year-for-ot-cyberattacks
ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices (24 apr) https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/
Informationssäkerhet och blandat
SANS Institute Celebrates 35 Years of Cybersecurity Leadership at RSA Conference 2024 (24 apr) https://www.prweb.com/releases/sans-institute-celebrates-35-years-of-cybersecurity-leadership-at-rsa-conference-2024-302125131.html
Försvarsberedningen släpper slutrapporten Stärkt försvarsförmåga (26 apr) https://www.regeringen.se/rattsliga-dokument/departementsserien-och-promemorior/2024/04/ds-20246/
CISA ransomware warning program will launch this year (25 apr) https://www.theverge.com/2024/4/25/24140425/cisa-ransomware-warning-program
CERT-SE i veckan
Sårbarhet i Progress Flowmon (24 apr) https://www.cert.se/2024/04/sarbarhet-i-progress-flowmon.html
Sårbarheter i Cisco-produkter utnyttjas aktivt (25 apr) https://www.cert.se/2024/04/sarbarheter-i-cisco-produkter-utnyttjas-aktivt.html