CERT-SE:s veckobrev v.26

Många läsvärda rapporter i detta veckobrev, bland annat en temafördjupning om utpressningsvirus från Nationellt cybersäkerhetscenter. Dessutom referat från såväl Cyber Europe, där medarbetare från CERT-SE övade tillsammans, som Midnight Sun CTF. Trevlig helg önskar CERT-SE!

Nyheter i veckan

MSB deltog i Europas största cybersäkerhetsövning (20 jun) https://www.msb.se/sv/aktuellt/nyheter/2024/juni/msb-deltog-i-europas-storsta-cybersakerhetsovning

NCSC statement following reports of a Synnovis data breach (21 jun) https://www.ncsc.gov.uk/news/ncsc-statement-following-reports-of-a-synnovis-data-breach

30M Potentially Affected in Tickettek Australia Cloud Breach (24 jun) https://www.darkreading.com/cloud-security/30m-affected-tickettek-australia-cloud-breach

Car dealership outages drag on after CDK cyberattacks (24 jun) https://techcrunch.com/2024/06/24/car-dealership-outages-drag-on-after-cdk-cyberattack

Levi’s caught with pants down: Hackers expose 72,000 customer account details (24 jun) https://www.scmagazine.com/news/levis-gets-stripped-of-72000-customer-account-details

‘Mirai-like’ botnet observed attacking EOL Zyxel NAS devices (24 jun) https://www.theregister.com/2024/06/24/mirailike_botnet_zyxel_nas

CISA confirms hackers may have accessed data from chemical facilities during January incident (24 jun) https://therecord.media/cisa-confirms-hackers-chemical-facilities

LockBit lied: Stolen data is from a bank, not US Federal Reserve (26 jun) https://www.bleepingcomputer.com/news/security/lockbit-lied-stolen-data-is-from-a-bank-not-us-federal-reserve

Over 110,000 Websites Affected by Hijacked Polyfill Supply Chain Attack (26 jun) https://thehackernews.com/2024/06/over-110000-websites-affected-by.html

Exploring Memory Safety in Critical Open Source Projects (26 jun) https://www.cisa.gov/resources-tools/resources/exploring-memory-safety-critical-open-source-projects

Your Phone’s 5G Connection is Vulnerable to Bypass, DoS Attacks (27 jun) https://www.darkreading.com/mobile-security/your-phone-s-5g-connection-is-exposed-to-bypass-dos-attacks

‘Poseidon’ Mac stealer distributed via Google ads (27 jun) https://www.malwarebytes.com/blog/news/2024/06/poseidon-mac-stealer-distributed-via-google-ads

The Importance of Cyber Threat Intelligence: Insights from Recent Nobelium Attacks SANS Institute (28 jun) https://www.sans.org/blog/the-importance-of-cyber-threat-intelligence-insights-from-recent-nobelium-attacks

TeamViewer IT security update (28 jun) https://www.teamviewer.com/en/resources/trust-center/statement

Rapporter och analyser

Även cyberkriminella använder AI för effektivisering (21 jun) https://computersweden.se/article/2149610/aven-cyberkriminella-anvander-ai-for-effektivisering.html ..
Cybercriminals and AI: Not Just Better Phishing (12 jun) https://intel471.com/blog/cybercriminals-and-ai-not-just-better-phishing

NCSC temafördjupning: Utpressningsangrepp (23 jun) https://www.ncsc.se/aktuellt/utpressningsangrepp

New SnailLoad Attack Relies on Network Latency Variations to Infer User Activity (24 jun) https://www.securityweek.com/new-snailload-attack-relies-on-network-latency-variations-to-infer-user-activity ..
SnailLoad: Remote Network Latency Measurements Leak User Activity https://snailload.com

Social Engineering Tactics Targeting Healthcare & Public Health Entities and Providers (24 jun) https://www.ic3.gov/Media/News/2024/240624.pdf

New Medusa malware variants target Android users in seven countries (25 jun) https://www.bleepingcomputer.com/news/security/new-medusa-malware-variants-target-android-users-in-seven-countries ..
Medusa Reborn: A New Compact Variant Discovered (20 jun) https://www.cleafy.com/cleafy-labs/medusa-reborn-a-new-compact-variant-discovered

The Growing Threat of Malware Concealed Behind Cloud Services (25 jun) https://www.fortinet.com/blog/threat-research/growing-threat-of-malware-concealed-behind-cloud-services

Multiple vulnerabilities in TP-Link Omada system could lead to root access (26 jun) https://blog.talosintelligence.com/multiple-vulnerabilities-in-tp-link-omada-system

Attackers Exploiting Public Cobalt Strike Profiles (26 jun) https://unit42.paloaltonetworks.com/attackers-exploit-public-cobalt-strike-profiles

Snowflake isn’t an outlier, it’s the canary in the coal mine (27 jun) https://blog.talosintelligence.com/infostealer-landscape-facilitates-breaches

Informationssäkerhet och blandat

New cyber-security taskforce begins meeting to share intelligence on threats to Jersey (25 jun) https://jerseyeveningpost.com/news/2024/06/25/new-cyber-security-taskforce-begins-meeting-to-share-intelligence-on-threats-to-jersey

Meta’s Virtual Reality Headset Vulnerable to Ransomware Attacks: Researcher (25 jun) https://www.securityweek.com/metas-virtual-reality-headset-vulnerable-to-ransomware-attacks-researcher

Konferens och hackingtävling i världsklass (26 jun) https://www.aktuellsakerhet.se/konferens-och-hackingtavling-i-varldsklass

Försäkringskassan: Så kan bedragarna lura dig (26 jun) https://sverigesradio.se/artikel/forsakringskassan-tipsar-sa-luras-bedragarna

Microsoft founder Paul Allen’s tech museum closes, sells off collection (26 jun) https://www.theregister.com/2024/06/26/paul_allen_museum_closes

CERT-SE i veckan

Kritiska sårbarheter i Gitlab (28 jun) https://www.cert.se/2024/06/kritiska-sarbarheter-i-gitlab.html

Kritisk sårbarhet i FileCatalyst Workflow (27 jun) https://www.cert.se/2024/06/kritisk-sarbarhet-i-filecatalyst-workflow.html

Kritisk sårbarhet i MOVEit Transfer (26 jun) https://www.cert.se/2024/06/kritisk-sarbarhet-i-moveit-transfer.html

Publikation från NCSC om ransomware (25 jun) https://www.cert.se/2024/06/publikation-fran-ncsc-om-ransomware.html

CERT-SE deltog vid Cyber Europe (24 jun) https://www.cert.se/2024/06/cert-se-deltog-vid-cyber-europe.html