CERT-SE:s veckobrev v.24
Med trovärdigt utformade meddelanden skickade från till synes legitima avsändare, är nätfiske fortsatt en de mest effektiva metoderna för bedrägerier och dataintrång.
Läs och sprid gärna vår senaste artikel på temat, publicerad med anledning av en pågående nätfiskekampanj mot svenska kommuner och skolor: https://www.cert.se/2024/06/pagaende-natfiskekampanj-riktad-mot-kommuner-och-skolor.html
Trevlig helg önskar CERT-SE!
Nyheter i veckan
7,000 LockBit decryption keys now in the hands of the FBI, offering victims hope (6 jun)
https://arstechnica.com/security/2024/06/fbi-urges-lockbit-victims-to-step-forward-after-seizing-7000-decryption-keys
..
FBI Cyber Assistant Director Bryan Vorndran’s Remarks at the 2024 Boston Conference on Cyber Security (5 jun)
https://www.fbi.gov/news/speeches/fbi-cyber-assistant-director-bryan-vorndran-s-remarks-at-the-2024-boston-conference-on-cyber-security
Så lätt hackas ditt barns smarta klocka (8 jun)
https://www.svt.se/nyheter/inrikes/sa-latt-hackas-ditt-barns-smarta-klocka
Cylance confirms data breach linked to ‘third-party’ platform (10 jun)
https://www.bleepingcomputer.com/news/security/cylance-confirms-data-breach-linked-to-third-party-platform
O-type blood donors needed after London cyber-attack (10 jun)
https://www.bbc.com/news/articles/c2eeg9gygyno
Two cuffed over suspected smishing campaign using ‘text message blaster’ (10 jun)
https://www.theregister.com/2024/06/10/two_arrested_in_uk_over
Region Dalarna i stabsläge på grund av störningar i journalsystem och intranätet (11 jun)
https://www.regiondalarna.se/press/nyheter-och-pressmeddelanden/region-dalarna-i-stabslage-pa-grund-av-storningar-i-journalsystem-och-intranatet
Pure Storage confirms data breach after Snowflake account hack (11 jun)
https://www.bleepingcomputer.com/news/security/pure-storage-confirms-data-breach-after-snowflake-account-hack
..
Security Bulletin for Unauthorized Access to Telemetry Information (14 jun)
https://support.purestorage.com/bundle/m_security_bulletins/page/Employee_Handbooks/Technical_Services/PSIRT/topics/concept/c_support_escalation_how_to_escalate_a_case.html
It-attacken: Tusentals sjukhusfiler fortfarande på darknet (12 jun)
https://sverigesradio.se/artikel/it-attacken-tusentals-sjukhusfiler-fortfarande-pa-darknet
..
Sjukhusets vd bryter tystnaden: Det stals vid it-attacken (12 jun)
https://sverigesradio.se/artikel/sjukhusets-vd-journaluppgifter-lackte-vid-it-attacken
New phishing toolkit uses PWAs to steal login credentials (12 jun)
https://www.bleepingcomputer.com/news/security/new-phishing-toolkit-uses-pwas-to-steal-login-credentials
Phone Scammers Impersonating CISA Employees (12 jun)
https://www.cisa.gov/news-events/alerts/2024/06/12/phone-scammers-impersonating-cisa-employees
Ransomware Group Exploits Critical PHP Flaw (12 jun)
https://www.darkreading.com/vulnerabilities-threats/tellyouthepass-ransomware-exploits-critical-php-flaw
Ascension hacked after employee downloaded malicious file (13 jun)
https://www.infosecurity-magazine.com/news/ascension-attack-employee/
City governments in Michigan, New York face shutdowns after ransomware attacks (13 jun)
https://therecord.media/traverse-city-michigan-newburgh-new-york-ransomware
Phishing campaign impacting organisations and New Zealanders (14 jun)
https://www.cert.govt.nz/individuals/alerts/phishing-campaign-impacting-new-zealand-organisations
MSB varnar skolor och kommuner för ny nätfiskekampanj (14 jun)
https://computersweden.se/article/2147697/msb-varnar-skolor-och-kommuner-for-ny-natfiskekampanj.html
Rapporter och analyser
Dissecting SSLoad Malware: A Comprehensive Technical Analysis (10 jun)
https://intezer.com/blog/research/ssload-technical-malware-analysis
May 2024’s Most Wanted Malware: Phorpiex Botnet Unleashes Phishing Frenzy While LockBit3 Dominates Once Again (10 jun)
https://blog.checkpoint.com/research/may-2024s-most-wanted-malware-phorpiex-botnet-unleashes-phishing-frenzy-while-lockbit3-dominates-once-again
IcedID Brings ScreenConnect and CSharp Streamer to ALPHV Ransomware Deployment (10 jun)
https://thedfirreport.com/2024/06/10/icedid-brings-screenconnect-and-csharp-streamer-to-alphv-ransomware-deployment
A Brief History of SmokeLoader, Part 1 (11 jun)
https://www.zscaler.com/blogs/security-research/brief-history-smokeloader-part-1
Ransomware Attackers May Have Used Privilege Escalation Vulnerability as Zero-day (12 jun)
https://symantec-enterprise-blogs.security.com/threat-intelligence/black-basta-ransomware-zero-day
Dipping into Danger: The WARMCOOKIE backdoor (12 jun)
https://www.elastic.co/security-labs/dipping-into-danger
WithSecure Reveals Mass Exploitation of Edge Software and Infrastructure Appliances (12 jun)
https://www.infosecurity-magazine.com/news/withsecure-exploitation-edge/
…
https://labs.withsecure.com/publications/mass-exploitation-the-vulnerable-edge-of-enterprise-security
Facebook, Meta, Apple, Amazon Most Impersonated in Phishing Scams (12 jun)
https://hackread.com/facebook-meta-apple-amazon-impersonate-phishing-scams/
Informationssäkerhet och blandat
Nu släpps Sveriges geologiska information som öppna data (10 jun)
https://computersweden.se/article/2140077/nu-slapps-sveriges-geologiska-information-som-oppna-data.html
New internet routing security rules proposed by FCC (10 jun)
https://www.scmagazine.com/brief/new-internet-routing-security-rules-proposed-by-fcc
Superdatorn Berzelius uppgraderas till dubbla kapaciteten (11 jun)
https://news.cision.com/se/linkopings-universitet/r/superdatorn-berzelius-uppgraderas-till-dubbla-kapaciteten,c3998165
Ny CRA-lag vänligare mot öppen källkod (11 jun)
https://etn.se/index.php/teknik/71169-ny-cra-lag-vanligare-mot-oppen-kallkod.html
The mystery of an alleged data broker’s data breach (11 jun)
https://techcrunch.com/2024/06/11/the-mystery-of-an-alleged-data-brokers-data-breach
White House report dishes deets on all 11 major government breaches from 2023 (12 jun)
https://www.theregister.com/2024/06/12/white_house_report/
Skyhög nota för it-avbrott för de största företagen (12 jun)
https://computersweden.se/article/2143164/skyhog-nota-for-it-avbrott-for-de-storsta-foretagen.html
Rockwell’s ICS Directive Comes as Critical Infrastructure Risk Peaks (13 jun)
https://www.darkreading.com/ics-ot-security/rockwell-ics-directive-critical-infrastructure-risk-peaks
Prevalence and Impact of Password Exposure Vulnerabilities in ICS/OT (13 jun)
https://www.securityweek.com/prevalence-and-impact-of-password-exposure-vulnerabilities-in-ics-ot/
CERT-SE i veckan
Microsofts månatliga säkerhetsuppdateringar för juni 2024 (12 jun)
https://www.cert.se/2024/06/microsofts-manatliga-sakerhetsuppdateringar-for-juni-2024.html
Adobes månatliga säkerhetsuppdateringar för juni 2024 (13 jun)
https://www.cert.se/2024/06/adobes-manatliga-sakerhetsuppdateringar-for-juni-2024.html
Pågående nätfiskekampanj riktad mot kommuner och skolor (13 jun)
https://www.cert.se/2024/06/pagaende-natfiskekampanj-riktad-mot-kommuner-och-skolor.html