CERT-SE:s veckobrev v.23

Summering av veckans nyheter mellan nationaldagsfirande och valdagen för EU-valet 2024. I vanlig ordning både nationella och internationella händelser samt ett antal läsvärda analyser. Bland övriga nyheter noterar vi att NCSC-SE publicerat save the date för sin årliga konferens till den 19 november 2024.

Trevlig helg!

Nyheter i veckan

Spanish police investigate whether hackers stole millions of drivers’ data (31 maj) https://www.reuters.com/technology/cybersecurity/spanish-police-investigate-whether-hackers-stole-millions-drivers-data-2024-05-31/

Ticketmaster hit by data hack that may affect 560m customers (1 jun) https://www.theguardian.com/technology/article/2024/jun/01/live-nation-investigating-data-breach-of-its-us-ticketmaster-unit

Germany’s Christian Democratic party hit by ‘serious’ cyberattack (1 jun) https://www.reuters.com/technology/cybersecurity/germanys-christian-democratic-party-hit-by-serious-cyberattack-2024-06-01/

Identities of Cybercriminals Linked to Malware Loaders Revealed (3 jun) https://www.securityweek.com/identities-of-cybercriminals-linked-to-malware-loaders-revealed/

Nationella cybersäkerhetscentret i Danmark (CFCS) höjer hotnivån för destruktiva cyberangrepp (4 jun) https://www.cfcs.dk/da/nyheder/2024/center-for-cybersikkerhed-haver-trusselsniveauet-for-destruktive-cyberangreb/

Major cyberattack sees NHS London hospitals declare critical incident with operations cancelled (4 jun) https://www.bbc.com/news/articles/c288n8rkpvno

Cyberattack mot Trafikverket – hemsidan nere (4 jun) https://www.svt.se/nyheter/inrikes/cyberattack-mot-trafikverket-hemsidan-nere

361 million account credentials leaked on Telegram: Are yours among them? (4 jun) https://www.helpnetsecurity.com/2024/06/04/check-account-credentials-compromised/

CISA Warns of Attacks Exploiting Old Oracle WebLogic Vulnerability (4 jun) https://www.securityweek.com/cisa-warns-of-attacks-exploiting-old-oracle-weblogic-vulnerability/

Cyberattack disrupts operations of supermarkets across Russia (4 jun) https://therecord.media/cyberattack-disrupts-supermarket-operations-russia

Four arrested for allegedly attempting to sabotage Interpol criminal search system (5 jun) https://therecord.media/interpol-red-alert-system-corruption-moldova-arrests

TikTok warns of exploit aimed at ‘high-profile accounts’ (4 jun) https://therecord.media/tiktok-exploit-high-profile-accounts

Hackerattack mot Sveriges domstolar – sajter har problem (5 jun) https://sverigesradio.se/artikel/hackerattack-mot-sveriges-domstolar-sajter-har-problem

Rapporter och analyser

Ransomware Rebounds: Extortion Threat Surges in 2023, Attackers Rely on Publicly Available and Legitimate Tools (3 jun) https://cloud.google.com/blog/topics/threat-intelligence/ransomware-attacks-surge-rely-on-public-legitimate-tools

A SANS’s 2024 Threat-Hunting Survey Review (4 jun) https://www.trendmicro.com/en_no/research/24/f/sans-2024-threat-hunting-survey-review.html … https://www.sans.org/white-papers/sans-2024-threat-hunting-survey-hunting-normal-within-chaos/

#Infosec2024: Conflicts Drive DDoS Attack Surge in EMEA (4 jun) https://www.infosecurity-magazine.com/news/conflicts-drive-ddos-attacks-emea/

TargetCompany’s Linux Variant Targets ESXi Environments (5 jun) https://www.trendmicro.com/en_us/research/24/f/targetcompany-s-linux-variant-targets-esxi-environments.html

RansomHub: New Ransomware has Origins in Older Knight (5 jun) https://symantec-enterprise-blogs.security.com/threat-intelligence/ransomhub-knight-ransomware

Commando Cat: A Novel Cryptojacking Attack Abusing Docker Remote API Servers (6 jun) https://www.trendmicro.com/en_us/research/24/f/commando-cat-a-novel-cryptojacking-attack-.html

Informationssäkerhet och blandat

Böndernas oro – cyberattacker kan slå ut jordbruket (31 maj) https://www.svt.se/nyheter/lokalt/orebro/bondernas-oro-cyberattacker-kan-sla-ut-jordbruket

Hurdling Over Hazards: Multifaceted Threats to the Paris Olympics (4 jun) https://www.recordedfuture.com/hurdling-over-hazards-multifaceted-threats-to-the-2024-paris-olympics

NIST is finally getting help with the National Vulnerability Database backlog (4 jun) https://www.csoonline.com/article/2138449/nist-is-finally-getting-help-with-the-national-vulnerability-database-backlog.html

Save the date: NCSC-konferensen 2024 https://www.ncsc.se/aktuellt/ncsc-konferensen-2024/

Poland to invest $760 million in cyberdefense as Russian pressure mounts (5 jun) https://therecord.media/poland-cyberdefense-spending-russian-attacks

IBM blog: 5 takeaways from the White House cybersecurity workforce discussion (5 jun) https://securityintelligence.com/news/5-takeaways-white-house-cybersecurity-workforce-oncd/

FBI Cyber Lead Urges Potential LockBit Victims to Contact Internet Crime Complaint Center (5 jun) https://www.fbi.gov/news/stories/fbi-cyber-lead-urges-potential-lockbit-victims-to-contact-internet-crime-complaint-center

How to watch the European election like a Pro (6 jun) https://www.politico.eu/article/european-parliament-election-pro/

CERT-SE i veckan

Nolldagssårbarhet i VPN-produkter från Check Point (uppdaterad 3 jun) https://www.cert.se/2024/05/nolldagssarbarhet-i-vpn-produkter-fran-check-point.html