CERT-SE:s veckobrev v.28
Oavsett om du läser detta på kontoret eller i hängmattan har vi samlat ihop ett urval av läsvärda artiklar och rapporter denna vecka. På sårbarhetsfronten är det dock inga semestertider, så se till att uppdatera system där så krävs. Trevlig helg önskar CERT-SE!
Nyheter i veckan
RockYou2024: 10 billion passwords leaked in the largest compilation of all time (4 jul) https://cybernews.com/security/rockyou2024-largest-password-compilation-leak
UK election day 2024: traffic trends and attacks on political parties (5 jul) https://blog.cloudflare.com/uk-election-day-2024-traffic-trends-and-attacks-on-political-parties
UK government advises best practices for embedded device security (5 jul)
https://www.scmagazine.com/news/uk-government-advises-best-practices-for-embedded-device-security
..
Guidance: Considerations for Cyber Incident Response Planning within Industrial Control Systems/Operational Technology (5 jul)
https://ritics.org/wp-content/uploads/2024/06/ICS-COI-Considerations-for-Cyber-Incident-Response-Planning-within-ICS-and-OT.pdf
‘Serious hacker attack’ forces Frankfurt university to shut down IT systems (8 jul) https://therecord.media/serious-hacker-attack-shutdown-frankfurt
Home Affairs boss orders government-wide sweep for foreign cyber threats inside vulnerable technology (8 jul) https://www.abc.net.au/news/2024-07-09/home-affairs-boss-orders-sweep-for-foreign-cyber-threats/104072418
Attack Activities by Kimsuky Targeting Japanese Organizations (8 jul) https://blogs.jpcert.or.jp/en/2024/07/attack-activities-by-kimsuky-targeting-japanese-organizations.html
Hackers leak 39,000 print-at-home Ticketmaster tickets for 154 events (8 jul) https://www.bleepingcomputer.com/news/security/hackers-leak-39-000-print-at-home-ticketmaster-tickets-for-154-events
OpenAI Secrets Stolen in 2023 After Internal Forum Was Hacked (8 jul) https://www.techrepublic.com/article/openai-hacked-internal-communications
Kunai: Keep an Eye on your Linux Hosts Activity (8 jul) https://isc.sans.edu/diary/31054
NCSC-FI: Cybersäkerhetscentrets veckoöversikt – 27/2024 (9 jul) https://www.kyberturvallisuuskeskus.fi/sv/aktuellt/cybersakerhetscentrets-veckooversikt-272024
Ransomware attack on blood-testing service puts lives in danger in South Africa (9 jul) https://www.bitdefender.com/blog/hotforsecurity/ransomware-attack-on-blood-testing-service-puts-lives-in-danger-in-south-africa
Google Advanced Protection Program gets passkeys for high-risk users (10 jul) https://www.bleepingcomputer.com/news/security/google-advanced-protection-program-gets-passkeys-for-high-risk-users
Secure by Design Alert: Eliminating OS Command Injection Vulnerabilities (10 jul) https://www.cisa.gov/resources-tools/resources/secure-design-alert-eliminating-os-command-injection-vulnerabilities
Vattenfall och fyra ledande energiföretag bildar Sveriges EnergiCert (10 jul) https://group.vattenfall.com/se/nyheter-och-press/pressmeddelanden/2024/vattenfall-och-fyra-ledande-energiforetag-bildar-sveriges-energicert
Malware that is ‘not ransomware’ wormed its way through Fujitsu Japan’s systems (10 jul) https://www.theregister.com/2024/07/10/fujitsu_malware_attack
CISA Red Team’s Operations Against a Federal Civilian Executive Branch Organization Highlights the Necessity of Defense-in-Depth (11 jul) https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-193a
Second Factor SMS: Worse Than Its Reputation (11 jul) https://www.ccc.de/en/updates/2024/2fa-sms
Data breach exposes millions of mSpy spyware customers (11 jul) https://techcrunch.com/2024/07/11/mspy-spyware-millions-customers-data-breach
Checking in on the state of cybersecurity and the Olympics (11 jul) https://blog.talosintelligence.com/threat-source-newsletter-july-12-2024
Berättigad kritik mot Signals skrivbordsapp (11 jul)
https://nikkasystems.com/2024/07/11/berattigad-kritik-mot-signals-skrivbordsapp
..
Signal downplays encryption key flaw, fixes it after X drama (11 jul)
https://www.bleepingcomputer.com/news/security/signal-downplays-encryption-key-flaw-fixes-it-after-x-drama
Rapporter och analyser
New Eldorado ransomware targets Windows, VMware ESXi VMs (5 jul)
https://www.bleepingcomputer.com/news/security/new-eldorado-ransomware-targets-windows-vmware-esxi-vms
..
Eldorado Ransomware: The New Golden Empire of Cybercrime? (3 jul)
https://www.group-ib.com/blog/eldorado-ransomware
Cyberkriminella lurar MFA genom att utmatta användare (8 jul)
https://www.voister.se/artikel/2024/07/cyberkriminella-lurar-mfa-genom-att-utmatta-anvandare
..
How are attackers trying to bypass MFA? (18 jun)
https://blog.talosintelligence.com/how-are-attackers-trying-to-bypass-mfa
Decrypted: DoNex Ransomware and its Predecessors (8 jul) https://decoded.avast.io/threatresearch/decrypted-donex-ransomware-and-its-predecessors
Critical vulnerability in the RADIUS protocol leaves networking equipment open to attack (9 jul)
https://www.helpnetsecurity.com/2024/07/09/blastradius-radius-protocol-vulnerability
..
RADIUS protocol susceptible to forgery attacks (9 jul)
https://kb.cert.org/vuls/id/456537
..
Rapport: Blast-RADIUS
https://www.blastradius.fail
Inside the ransomware playbook: Analyzing attack chains and mapping common TTPs (10 jul) https://blog.talosintelligence.com/common-ransomware-actor-ttps-playbooks
DarkGate: Dancing the Samba With Alluring Excel Files (10 jul) https://unit42.paloaltonetworks.com/darkgate-malware-uses-excel-files
Distribution of AsyncRAT Disguised as Ebook (10 jul) https://asec.ahnlab.com/en/67861
FIN7: Silent Push unearths the largest group of FIN7 domains ever discovered. 4000+ IOFA domains and IPs found. Louvre, Meta, and Reuters targeted in massive global phishing and malware campaigns (10 jul) https://www.silentpush.com/blog/fin7
Hidden between the tags: Insights into spammers’ evasion techniques in HTML Smuggling (10 jul) https://blog.talosintelligence.com/hidden-between-the-tags-insights-into-evasion-techniques-in-html-smuggling
Informationssäkerhet och blandat
Högt tryck på nya utbildningen: ”Finns ett akut behov” (8 jul) https://sverigesradio.se/artikel/hogt-tryck-pa-nya-utbildningen-finns-ett-akut-behov
Hemliga försvarsuppgifter kan ha spridits från Lantmäteriet (9 jul) https://sverigesradio.se/artikel/hemliga-forsvarsuppgifter-kan-ha-spridits-fran-lantmateriet
CERT-SE i veckan
Kritisk sårbarhet i Palo Alto Networks Expedition (12 jul) https://www.cert.se/2024/07/kritisk-sarbarhet-i-palo-alto-networks-expedition.html
Kritiska sårbarheter i ServiceNow (12 jul) https://www.cert.se/2024/07/kritiska-sarbarheter-i-servicenow.html
Ny kritisk sårbarhet i Gitlab (11 jul) https://www.cert.se/2024/07/ny-kritisk-sarbarhet-i-gitlab.html
Kritiska sårbarheter i Citrix NetScaler (10 jul) https://www.cert.se/2024/07/kritiska-sarbarheter-i-citrix-netscaler.html
Microsofts månatliga säkerhetsuppdateringar för juli 2024 (10 jul) https://www.cert.se/2024/07/microsofts-manatliga-sakerhetsuppdateringar-for-juli-2024.html
Allvarliga sårbarheter i Splunk (9 jul) https://www.cert.se/2024/07/allvarliga-sarbarheter-i-splunk.html
Kritisk sårbarhet i MongoDB (9 jul) https://www.cert.se/2024/07/kritisk-sarbarhet-i-mongodb.html