CERT-SE:s veckobrev v.28

Veckobrev

Oavsett om du läser detta på kontoret eller i hängmattan har vi samlat ihop ett urval av läsvärda artiklar och rapporter denna vecka. På sårbarhetsfronten är det dock inga semestertider, så se till att uppdatera system där så krävs. Trevlig helg önskar CERT-SE!

Nyheter i veckan

RockYou2024: 10 billion passwords leaked in the largest compilation of all time (4 jul) https://cybernews.com/security/rockyou2024-largest-password-compilation-leak

UK election day 2024: traffic trends and attacks on political parties (5 jul) https://blog.cloudflare.com/uk-election-day-2024-traffic-trends-and-attacks-on-political-parties

UK government advises best practices for embedded device security (5 jul) https://www.scmagazine.com/news/uk-government-advises-best-practices-for-embedded-device-security ..
Guidance: Considerations for Cyber Incident Response Planning within Industrial Control Systems/Operational Technology (5 jul) https://ritics.org/wp-content/uploads/2024/06/ICS-COI-Considerations-for-Cyber-Incident-Response-Planning-within-ICS-and-OT.pdf

‘Serious hacker attack’ forces Frankfurt university to shut down IT systems (8 jul) https://therecord.media/serious-hacker-attack-shutdown-frankfurt

Home Affairs boss orders government-wide sweep for foreign cyber threats inside vulnerable technology (8 jul) https://www.abc.net.au/news/2024-07-09/home-affairs-boss-orders-sweep-for-foreign-cyber-threats/104072418

Attack Activities by Kimsuky Targeting Japanese Organizations (8 jul) https://blogs.jpcert.or.jp/en/2024/07/attack-activities-by-kimsuky-targeting-japanese-organizations.html

Hackers leak 39,000 print-at-home Ticketmaster tickets for 154 events (8 jul) https://www.bleepingcomputer.com/news/security/hackers-leak-39-000-print-at-home-ticketmaster-tickets-for-154-events

OpenAI Secrets Stolen in 2023 After Internal Forum Was Hacked (8 jul) https://www.techrepublic.com/article/openai-hacked-internal-communications

Kunai: Keep an Eye on your Linux Hosts Activity (8 jul) https://isc.sans.edu/diary/31054

NCSC-FI: Cybersäkerhetscentrets veckoöversikt – 27/2024 (9 jul) https://www.kyberturvallisuuskeskus.fi/sv/aktuellt/cybersakerhetscentrets-veckooversikt-272024

Ransomware attack on blood-testing service puts lives in danger in South Africa (9 jul) https://www.bitdefender.com/blog/hotforsecurity/ransomware-attack-on-blood-testing-service-puts-lives-in-danger-in-south-africa

Google Advanced Protection Program gets passkeys for high-risk users (10 jul) https://www.bleepingcomputer.com/news/security/google-advanced-protection-program-gets-passkeys-for-high-risk-users

Secure by Design Alert: Eliminating OS Command Injection Vulnerabilities (10 jul) https://www.cisa.gov/resources-tools/resources/secure-design-alert-eliminating-os-command-injection-vulnerabilities

Vattenfall och fyra ledande energiföretag bildar Sveriges EnergiCert (10 jul) https://group.vattenfall.com/se/nyheter-och-press/pressmeddelanden/2024/vattenfall-och-fyra-ledande-energiforetag-bildar-sveriges-energicert

Malware that is ‘not ransomware’ wormed its way through Fujitsu Japan’s systems (10 jul) https://www.theregister.com/2024/07/10/fujitsu_malware_attack

CISA Red Team’s Operations Against a Federal Civilian Executive Branch Organization Highlights the Necessity of Defense-in-Depth (11 jul) https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-193a

Second Factor SMS: Worse Than Its Reputation (11 jul) https://www.ccc.de/en/updates/2024/2fa-sms

Data breach exposes millions of mSpy spyware customers (11 jul) https://techcrunch.com/2024/07/11/mspy-spyware-millions-customers-data-breach

Checking in on the state of cybersecurity and the Olympics (11 jul) https://blog.talosintelligence.com/threat-source-newsletter-july-12-2024

Berättigad kritik mot Signals skrivbords­app (11 jul) https://nikkasystems.com/2024/07/11/berattigad-kritik-mot-signals-skrivbordsapp ..
Signal downplays encryption key flaw, fixes it after X drama (11 jul) https://www.bleepingcomputer.com/news/security/signal-downplays-encryption-key-flaw-fixes-it-after-x-drama

Rapporter och analyser

New Eldorado ransomware targets Windows, VMware ESXi VMs (5 jul) https://www.bleepingcomputer.com/news/security/new-eldorado-ransomware-targets-windows-vmware-esxi-vms ..
Eldorado Ransomware: The New Golden Empire of Cybercrime? (3 jul) https://www.group-ib.com/blog/eldorado-ransomware

Cyberkriminella lurar MFA genom att utmatta användare (8 jul) https://www.voister.se/artikel/2024/07/cyberkriminella-lurar-mfa-genom-att-utmatta-anvandare ..
How are attackers trying to bypass MFA? (18 jun) https://blog.talosintelligence.com/how-are-attackers-trying-to-bypass-mfa

Decrypted: DoNex Ransomware and its Predecessors (8 jul) https://decoded.avast.io/threatresearch/decrypted-donex-ransomware-and-its-predecessors

Critical vulnerability in the RADIUS protocol leaves networking equipment open to attack (9 jul) https://www.helpnetsecurity.com/2024/07/09/blastradius-radius-protocol-vulnerability ..
RADIUS protocol susceptible to forgery attacks (9 jul) https://kb.cert.org/vuls/id/456537 ..
Rapport: Blast-RADIUS https://www.blastradius.fail

Inside the ransomware playbook: Analyzing attack chains and mapping common TTPs (10 jul) https://blog.talosintelligence.com/common-ransomware-actor-ttps-playbooks

DarkGate: Dancing the Samba With Alluring Excel Files (10 jul) https://unit42.paloaltonetworks.com/darkgate-malware-uses-excel-files

Distribution of AsyncRAT Disguised as Ebook (10 jul) https://asec.ahnlab.com/en/67861

FIN7: Silent Push unearths the largest group of FIN7 domains ever discovered. 4000+ IOFA domains and IPs found. Louvre, Meta, and Reuters targeted in massive global phishing and malware campaigns (10 jul) https://www.silentpush.com/blog/fin7

Hidden between the tags: Insights into spammers’ evasion techniques in HTML Smuggling (10 jul) https://blog.talosintelligence.com/hidden-between-the-tags-insights-into-evasion-techniques-in-html-smuggling

Informationssäkerhet och blandat

Högt tryck på nya utbildningen: ”Finns ett akut behov” (8 jul) https://sverigesradio.se/artikel/hogt-tryck-pa-nya-utbildningen-finns-ett-akut-behov

Hemliga försvarsuppgifter kan ha spridits från Lantmäteriet (9 jul) https://sverigesradio.se/artikel/hemliga-forsvarsuppgifter-kan-ha-spridits-fran-lantmateriet

CERT-SE i veckan

Kritisk sårbarhet i Palo Alto Networks Expedition (12 jul) https://www.cert.se/2024/07/kritisk-sarbarhet-i-palo-alto-networks-expedition.html

Kritiska sårbarheter i ServiceNow (12 jul) https://www.cert.se/2024/07/kritiska-sarbarheter-i-servicenow.html

Ny kritisk sårbarhet i Gitlab (11 jul) https://www.cert.se/2024/07/ny-kritisk-sarbarhet-i-gitlab.html

Kritiska sårbarheter i Citrix NetScaler (10 jul) https://www.cert.se/2024/07/kritiska-sarbarheter-i-citrix-netscaler.html

Microsofts månatliga säkerhetsuppdateringar för juli 2024 (10 jul) https://www.cert.se/2024/07/microsofts-manatliga-sakerhetsuppdateringar-for-juli-2024.html

Allvarliga sårbarheter i Splunk (9 jul) https://www.cert.se/2024/07/allvarliga-sarbarheter-i-splunk.html

Kritisk sårbarhet i MongoDB (9 jul) https://www.cert.se/2024/07/kritisk-sarbarhet-i-mongodb.html