CERT-SE:s veckobrev v.30
I efterdyningarna av störningarna hos CrowdStrike har företaget publicerat en rapport om vad som hände. Det har också uppmärksammats hur angripare utnyttjat incidenten för att sprida skadlig kod och för nätfiske.
I veckan har CERT-SE publicerat artiklar om sårbarheter i produkter från HPE, SolarWinds ARM och Ivanti Endpoint Manager.
Nyheter i veckan
Greece’s Land Registry agency breached in wave of 400 cyberattacks (22 jul) https://www.bleepingcomputer.com/news/security/greeces-land-registry-agency-breached-in-wave-of-400-cyberattacks/
US sanctions Russian hacktivists who breached water facilities (22 jul) https://www.bleepingcomputer.com/news/security/us-sanctions-russian-hacktivists-who-breached-water-facilities/
Telegram Zero-Day Vulnerability Exploited Using Malicious Video Files (23 jul) https://cybersecuritynews.com/telegram-zero-day-vulnerability-exploited/
Novel ICS Malware Sabotaged Water-Heating Services in Ukraine (23 jul) https://www.darkreading.com/ics-ot-security/novel-ics-malware-sabotaged-water-heating-services-in-ukraine
Hackare hotar sprida försäkringstagares uppgifter (23 jul) https://sverigesradio.se/artikel/hackare-hotar-sprida-forsakringstagares-uppgifter
Spyware fears mount after another MEP is targeted (25 jul) https://www.politico.eu/newsletter/brussels-playbook/orban-critic-mep-targeted-with-spyware/
Störningar i CrowdStrike-plattformen
CrowdStrike IT outage affected 8.5 million Windows devices, Microsoft says (20 jul) https://www.bbc.com/news/articles/cpe3zgznwjno
Slow recovery from IT outage begins as experts warn of future risks (20 jul) https://www.theguardian.com/australia-news/article/2024/jul/19/microsoft-windows-pcs-outage-blue-screen-of-death
Cybercriminals Exploit CrowdStrike Update Mishap to Distribute Remcos RAT Malware (20 jul) https://thehackernews.com/2024/07/cybercriminals-exploit-crowdstrike.html
Threat Actor Uses Fake CrowdStrike Recovery Manual to Deliver Unidentified Stealer (22 jul) https://www.crowdstrike.com/blog/fake-recovery-manual-used-to-deliver-unidentified-stealer/
Learning from the Recent Windows/Falcon Sensor Outage - Causes and Potential Improvement Strategies in Linux with Open Source (22 jul) https://www.circl.lu/pub/learning-from-falcon-sensor-outage/
Preliminary Post Incident Review (24 jul) https://www.crowdstrike.com/blog/falcon-content-update-preliminary-post-incident-report/
Rapporter och analyser
Mandiant: North Korean Hackers Targeting Healthcare, Energy (25 jul) https://www.govinfosecurity.com/mandiant-north-korean-hackers-targeting-healthcare-energy-a-25845
IR Trends: Ransomware on the rise, while technology becomes most targeted sector (25 jul) https://blog.talosintelligence.com/ir-trends-ransomware-on-the-rise-q2-2024/
Secure Boot is completely broken on 200+ models from 5 big device makers (25 jul) https://arstechnica.com/security/2024/07/secure-boot-is-completely-compromised-on-200-models-from-5-big-device-makers/
Internet Organised Crime Threat Assessment (IOCTA) 2024 (26 jul) https://www.europol.europa.eu/publication-events/main-reports/internet-organised-crime-threat-assessment-iocta-2024
Informationssäkerhet och blandat
NCA infiltrates DDoS-for-hire site as suspected controller arrested in Northern Ireland (22 jul) https://therecord.media/ddos-for-hire-site-digitalstress-takedown-arrest-uk-nca
Kommuner drabbas när Lantmäteriet stängt sina digitala tjänster efter misstänkta försvarsläckan (23 jul) https://www.svt.se/nyheter/lokalt/sormland/kommuner-drabbas-nar-lantmateriet-stangt-sina-digitala-tjanster-efter-misstankta-forsvarslackan
Women in IT Security Lack Opportunities, Not Talent (23 jul) https://www.itprotoday.com/it-security/women-in-it-security-lack-opportunities-not-talent
How a North Korean Fake IT Worker Tried to Infiltrate Us (23 jul) https://blog.knowbe4.com/how-a-north-korean-fake-it-worker-tried-to-infiltrate-us
FYI: Data from deleted GitHub repos may not actually be deleted (25 jul) https://www.theregister.com/2024/07/25/data_from_deleted_github_repos/
CERT-SE i veckan
Kritisk sårbarhet i Ivanti Endpoint Manager for Mobile (22 jul) https://www.cert.se/2024/07/kritisk-sarbarhet-i-ivanti-endpoint-manager-for-mobile.html
Kritiska sårbarheter i Solarwinds ARM (22 jul) https://www.cert.se/2024/07/kritiska-sarbarheter-i-solarwinds-arm.html
Kritisk sårbarhet i Citrix Netscaler ADC och Netscaler Gateway (uppdaterad) (23 jul) https://www.cert.se/2024/01/kritisk-sarbarhet-i-citrix-netscaler-adc-och-netscaler-gateway.html
Kritisk sårbarhet drabbar flera produkter från HPE (24 jul) https://www.cert.se/2024/07/kritisk-sarbarhet-drabbar-flera-produkter-fran-hpe.html
Allvarliga störningar i CrowdStrike påverkar många organisationers it-miljöer (uppdaterad) (25 jul) https://www.cert.se/2024/07/allvarliga-storningar-i-crowdstrike-paverkar-manga-organisationers-it-miljoer.html