CERT-SE:s veckobrev v.27

Veckobrev

Ett matigt, varierat och tankeväckande nyhetssvep denna första vecka i juli. Men innan ni förkovrar er i hängmattan, notera gärna veckans artiklar om allvarliga sårbarheter i bland annat Juniper-routrar och OpenSSH.

För fördjupad förståelse om OpenSSH-sårbarheten och rekommendationer på åtgärder, se artikel publicerad av NCSC-SE idag: https://www.ncsc.se/aktuellt/sarbarhet-i-openssh/

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Multiple Finnish Water Treatment Centers Broken Into & Fake Doctor Attempts To Breach Multiple Health Centers (28 jun) https://covertaccessteam.substack.com/p/fake-doctor-attempts-to-infiltrate

A cyberattack shut down the University Hospital Centre Zagreb in Croatia (28 jun) https://securityaffairs.com/165007/hacking/cyberattack-shutdown-university-hospital-centre-zagreb.html

HubSpot says it’s investigating customer account hacks (28 jun) https://techcrunch.com/2024/06/28/hubspot-says-its-investigating-customer-account-hacks/?guccounter=2

Ticketmaster sends notifications about recent massive data breach (28 jun) https://www.bleepingcomputer.com/news/security/ticketmaster-sends-notifications-about-recent-massive-data-breach/

Dev rejects CVE severity, makes his GitHub repo read-only (30 jun) https://www.bleepingcomputer.com/news/security/dev-rejects-cve-severity-makes-his-github-repo-read-only

Nasty regreSSHion bug in OpenSSH puts roughly 700K Linux boxes at risk (1 jul) https://www.theregister.com/2024/07/01/regresshion_openssh/

Cisco warns of NX-OS zero-day exploited to deploy custom malware (1 jul) https://www.bleepingcomputer.com/news/security/cisco-warns-of-nx-os-zero-day-exploited-to-deploy-custom-malware/

Police allege ‘evil twin’ of in-flight Wi-Fi used to steal passenger’s credentials (1 jul) https://www.theregister.com/2024/07/01/australia_evil_twin_wifi_airline_attack/

Fler bedrägeriutsatta söker stöd i Örebro – vishing allt vanligare (2 jul) https://www.svt.se/nyheter/lokalt/orebro/antalet-bedragerier-fortsatter-att-oka

3 million iOS and macOS apps were exposed to potent supply-chain attacks (2 jul) https://arstechnica.com/security/2024/07/3-million-ios-and-macos-apps-were-exposed-to-potent-supply-chain-attacks/

Indonesia gov ransomware chaos may be over after hack group apologizes and says it has shared decrypt keys (3 jul) https://www.tomshardware.com/tech-industry/cyber-security/indonesia-gov-ransomware-chaos-may-be-over-after-hack-group-apologizes-and-says-it-has-shared-decrypt-keys

Europol coordinates global action against criminal abuse of Cobalt Strike (3 jul) https://www.europol.europa.eu/media-press/newsroom/news/europol-coordinates-global-action-against-criminal-abuse-of-cobalt-strike

Over 380k Hosts Still Referencing Malicious Polyfill Domain: Censys (3 jul) https://www.securityweek.com/over-380k-hosts-still-referencing-malicious-polyfill-domain-censys/

“Everything’s frozen”: Ransomware locks credit union users out of bank accounts (3 jul) https://arstechnica.com/tech-policy/2024/07/everythings-frozen-ransomware-locks-credit-union-users-out-of-bank-accounts/

OpenAI’s ChatGPT Mac app was storing conversations in plain text (3 jul) https://www.theverge.com/2024/7/3/24191636/openai-chatgpt-mac-app-conversations-plain-text

New ransomware group uses phone calls to pressure victims, researchers say (3 jul) https://therecord.media/ransomware-group-volcano-demon-lukalocker

Hackers abused API to verify millions of Authy MFA phone numbers (3 jul) https://www.bleepingcomputer.com/news/security/hackers-abused-api-to-verify-millions-of-authy-mfa-phone-numbers/

Europol says mobile roaming tech is making its job too hard (5 jul) https://www.theregister.com/2024/07/05/europol_home_routing_complaint/https://www.europol.europa.eu/media-press/newsroom/news/home-routing-limiting-law-enforcement-evidence-gathering-warns-europol

CISA Warns Chemical Facilities of Data Theft After Hacker Breached CSAT Security Tool via Ivanti (5 jul) https://www.cpomagazine.com/cyber-security/cisa-warns-chemical-facilities-of-data-theft-after-hacker-breached-csat-security-tool-via-ivanti/

Rapporter, fördjupningar och analyser

A Deep Dive Into DarkME Rat Malware (27 jun) https://blog.sonicwall.com/en-us/2024/06/a-deep-dive-into-darkme-rat-malware

ESET Threat Report H1 2024 (27 jun) https://www.welivesecurity.com/en/eset-research/eset-threat-report-h1-2024/

IoT och säkerhet - en djupdykning i framtidens teknik (27 jun) https://www.ri.se/sv/iot-och-sakerhet-en-djupdykning-i-framtidens-teknik

Meet Brain Cipher — The new ransomware behind Indonesia’s data center attack (29 jun) https://www.bleepingcomputer.com/news/security/meet-brain-cipher-the-new-ransomware-behind-indonesia-data-center-attack/

The biggest data breaches in 2024: 1 billion stolen records and rising (29 jun) https://techcrunch.com/2024/06/29/2024-in-data-breaches-1-billion-stolen-records-and-rising/

Ny rapport: Vårdens IT-säkerhet under fortsatt hård press (1 jul) https://www.infrastrukturnyheter.se/20240701/30218/ny-rapport-vardens-it-sakerhet-under-fortsatt-hard-press ..
https://soti.se/media/d20achvn/soti-industry-report-code-digital-will-healthcare-thrive-or-survive-swedish.pdf

Caught in the Net: Using Infostealer Logs to Unmask CSAM Consumers (2 jul) https://www.recordedfuture.com/caught-in-the-net-using-infostealer-logs-to-unmask-csam-consumers

The Rise of Packet Rate Attacks: When Core Routers Turn Evil (2 jul) https://blog.ovhcloud.com/the-rise-of-packet-rate-attacks-when-core-routers-turn-evil/

Modern Cryptographic Attacks: A Guide for the Perplexed (2 jul) https://research.checkpoint.com/2024/modern-cryptographic-attacks-a-guide-for-the-perplexed/

Half of Employees Fear Punishment for Reporting Security Mistakes (3 jul) https://www.infosecurity-magazine.com/news/employees-fear-punishment-reporting/

The Not-So-Secret Network Access Broker x999xx (3 jul) https://krebsonsecurity.com/2024/07/the-not-so-secret-network-access-broker-x999xx/

Microsoft: “Skeleton Key” Attacks Consistently Jailbreak AI Models, Allows Users to Directly Ask Forbidden Questions (4 jul) https://www.cpomagazine.com/cyber-security/microsoft-skeleton-key-attacks-consistently-jailbreak-ai-models-allows-users-to-directly-ask-forbidden-questions/

99% of IoT exploitation attempts rely on previously known CVEs (5 jul) https://www.helpnetsecurity.com/2024/07/05/iot-security-privacy-challenges/

GootLoader Malware Still Active, Deploys New Versions for Enhanced Attacks (5 jul) https://thehackernews.com/2024/07/gootloader-malware-delivers-new.html

Forescout Research: What are the riskiest connected devices right now? https://www.forescout.com/resources/2024-riskiest-connected-devices/

Informationssäkerhet och blandat

Why the DORA Regulation Matters Beyond the EU (25 jun) https://www.forescout.com/blog/why-the-dora-regulation-matters-beyond-the-eu%e2%80%af/

Sustaining Digital Certificate Security - Entrust Certificate Distrust (27 jun) https://security.googleblog.com/2024/06/sustaining-digital-certificate-security.html

Under the Borealis: OT Cyber Threat Intelligence Tailored for Nordic Countries (28 jun) https://www.dragos.com/blog/ot-cyber-threat-intelligence-nordic-renewable-energy/

Hijacked: How hacked YouTube channels spread scams and malware (1 jul) https://www.securityweek.com/prudential-financial-data-breach-impacts-2-5-million

Strengthening Cybersecurity in The Gambia: An Interview with Sanusi Drammeh (2 jul) https://www.telecomreviewafrica.com/en/articles/exclusive-interviews/4337-strengthening-cybersecurity-in-the-gambia-an-interview-with-sanusi-drammeh

Farewell floppy: Japan wins 2-year “war on floppy disks,” kills regulations requiring old tech (2 jul) https://arstechnica.com/gadgets/2024/07/japans-government-finally-exits-90s-ends-floppy-disk-use/

The End of Passwords? Embrace the Future with Passkeys (2 jul) https://blog.nviso.eu/2024/07/02/the-end-of-passwords-embrace-the-future-with-passkeys/

How people are key to tackling the threat of phishing (3 jul) https://www.intelligentciso.com/2024/07/03/how-people-are-key-to-tackling-the-threat-of-phishing-2/

To guard against cyberattacks in space, researchers ask ‘what if?’ (3 jul) https://theconversation.com/to-guard-against-cyberattacks-in-space-researchers-ask-what-if-232365

CERT-SE i veckan

Kritisk sårbarhet påverkar Juniper-routrar (1 jul) https://www.cert.se/2024/07/kritisk-sarbarhet-paverkar-juniper-routrar.html

Kritisk sårbarhet i MOVEit Transfer (1 jul) https://www.cert.se/2024/06/kritisk-sarbarhet-i-moveit-transfer.html

Allvarlig RCE-sårbarhet i OpenSSH (2 jul) https://www.cert.se/2024/07/kritisk-rce-sarbarhet-i-openssh.html

Kritisk sårbarhet i GeoServer (2 jul) https://www.cert.se/2024/07/kritisk-sarbarhet-i-geoserver.html

Aktuellt från Nationellt Cybersäkerhetscenter (NCSC-SE)

Sårbarhet i OpenSSH (5 jul) https://www.ncsc.se/aktuellt/sarbarhet-i-openssh/

Temafördjupning utpressningsangrepp (23 jun) https://www.ncsc.se/aktuellt/utpressningsangrepp/

Boka datumet - NCSC-konferensen 2024 (4 jun) https://www.ncsc.se/aktuellt/ncsc-konferensen-2024/