CERT-SE:s veckobrev v.26
Många läsvärda rapporter i detta veckobrev, bland annat en temafördjupning om utpressningsvirus från Nationellt cybersäkerhetscenter. Dessutom referat från såväl Cyber Europe, där medarbetare från CERT-SE övade tillsammans, som Midnight Sun CTF. Trevlig helg önskar CERT-SE!
Nyheter i veckan
MSB deltog i Europas största cybersäkerhetsövning (20 jun) https://www.msb.se/sv/aktuellt/nyheter/2024/juni/msb-deltog-i-europas-storsta-cybersakerhetsovning
NCSC statement following reports of a Synnovis data breach (21 jun) https://www.ncsc.gov.uk/news/ncsc-statement-following-reports-of-a-synnovis-data-breach
30M Potentially Affected in Tickettek Australia Cloud Breach (24 jun) https://www.darkreading.com/cloud-security/30m-affected-tickettek-australia-cloud-breach
Car dealership outages drag on after CDK cyberattacks (24 jun) https://techcrunch.com/2024/06/24/car-dealership-outages-drag-on-after-cdk-cyberattack
Levi’s caught with pants down: Hackers expose 72,000 customer account details (24 jun) https://www.scmagazine.com/news/levis-gets-stripped-of-72000-customer-account-details
‘Mirai-like’ botnet observed attacking EOL Zyxel NAS devices (24 jun) https://www.theregister.com/2024/06/24/mirailike_botnet_zyxel_nas
CISA confirms hackers may have accessed data from chemical facilities during January incident (24 jun) https://therecord.media/cisa-confirms-hackers-chemical-facilities
LockBit lied: Stolen data is from a bank, not US Federal Reserve (26 jun) https://www.bleepingcomputer.com/news/security/lockbit-lied-stolen-data-is-from-a-bank-not-us-federal-reserve
Over 110,000 Websites Affected by Hijacked Polyfill Supply Chain Attack (26 jun) https://thehackernews.com/2024/06/over-110000-websites-affected-by.html
Exploring Memory Safety in Critical Open Source Projects (26 jun) https://www.cisa.gov/resources-tools/resources/exploring-memory-safety-critical-open-source-projects
Your Phone’s 5G Connection is Vulnerable to Bypass, DoS Attacks (27 jun) https://www.darkreading.com/mobile-security/your-phone-s-5g-connection-is-exposed-to-bypass-dos-attacks
‘Poseidon’ Mac stealer distributed via Google ads (27 jun) https://www.malwarebytes.com/blog/news/2024/06/poseidon-mac-stealer-distributed-via-google-ads
The Importance of Cyber Threat Intelligence: Insights from Recent Nobelium Attacks SANS Institute (28 jun) https://www.sans.org/blog/the-importance-of-cyber-threat-intelligence-insights-from-recent-nobelium-attacks
TeamViewer IT security update (28 jun) https://www.teamviewer.com/en/resources/trust-center/statement
Rapporter och analyser
Även cyberkriminella använder AI för effektivisering (21 jun)
https://computersweden.se/article/2149610/aven-cyberkriminella-anvander-ai-for-effektivisering.html
..
Cybercriminals and AI: Not Just Better Phishing (12 jun)
https://intel471.com/blog/cybercriminals-and-ai-not-just-better-phishing
NCSC temafördjupning: Utpressningsangrepp (23 jun) https://www.ncsc.se/aktuellt/utpressningsangrepp
New SnailLoad Attack Relies on Network Latency Variations to Infer User Activity (24 jun)
https://www.securityweek.com/new-snailload-attack-relies-on-network-latency-variations-to-infer-user-activity
..
SnailLoad: Remote Network Latency Measurements Leak User Activity
https://snailload.com
Social Engineering Tactics Targeting Healthcare & Public Health Entities and Providers (24 jun) https://www.ic3.gov/Media/News/2024/240624.pdf
New Medusa malware variants target Android users in seven countries (25 jun)
https://www.bleepingcomputer.com/news/security/new-medusa-malware-variants-target-android-users-in-seven-countries
..
Medusa Reborn: A New Compact Variant Discovered (20 jun)
https://www.cleafy.com/cleafy-labs/medusa-reborn-a-new-compact-variant-discovered
The Growing Threat of Malware Concealed Behind Cloud Services (25 jun) https://www.fortinet.com/blog/threat-research/growing-threat-of-malware-concealed-behind-cloud-services
Multiple vulnerabilities in TP-Link Omada system could lead to root access (26 jun) https://blog.talosintelligence.com/multiple-vulnerabilities-in-tp-link-omada-system
Attackers Exploiting Public Cobalt Strike Profiles (26 jun) https://unit42.paloaltonetworks.com/attackers-exploit-public-cobalt-strike-profiles
Snowflake isn’t an outlier, it’s the canary in the coal mine (27 jun) https://blog.talosintelligence.com/infostealer-landscape-facilitates-breaches
Informationssäkerhet och blandat
New cyber-security taskforce begins meeting to share intelligence on threats to Jersey (25 jun) https://jerseyeveningpost.com/news/2024/06/25/new-cyber-security-taskforce-begins-meeting-to-share-intelligence-on-threats-to-jersey
Meta’s Virtual Reality Headset Vulnerable to Ransomware Attacks: Researcher (25 jun) https://www.securityweek.com/metas-virtual-reality-headset-vulnerable-to-ransomware-attacks-researcher
Konferens och hackingtävling i världsklass (26 jun) https://www.aktuellsakerhet.se/konferens-och-hackingtavling-i-varldsklass
Försäkringskassan: Så kan bedragarna lura dig (26 jun) https://sverigesradio.se/artikel/forsakringskassan-tipsar-sa-luras-bedragarna
Microsoft founder Paul Allen’s tech museum closes, sells off collection (26 jun) https://www.theregister.com/2024/06/26/paul_allen_museum_closes
CERT-SE i veckan
Kritiska sårbarheter i Gitlab (28 jun) https://www.cert.se/2024/06/kritiska-sarbarheter-i-gitlab.html
Kritisk sårbarhet i FileCatalyst Workflow (27 jun) https://www.cert.se/2024/06/kritisk-sarbarhet-i-filecatalyst-workflow.html
Kritisk sårbarhet i MOVEit Transfer (26 jun) https://www.cert.se/2024/06/kritisk-sarbarhet-i-moveit-transfer.html
Publikation från NCSC om ransomware (25 jun) https://www.cert.se/2024/06/publikation-fran-ncsc-om-ransomware.html
CERT-SE deltog vid Cyber Europe (24 jun) https://www.cert.se/2024/06/cert-se-deltog-vid-cyber-europe.html