CERT-SE:s veckobrev v.34

Denna vecka bjuder vi på läsning om allt från nätfiske via fildelningsverktyg till nattliga utpressningsangrepp och hur man bäst upptäcker skadlig DNS-trafik. Trevlig helg önskar CERT-SE!

Nyheter i veckan

Planning for mandatory multifactor authentication for Azure and other administration portals (15 aug) https://learn.microsoft.com/en-us/entra/identity/authentication/concept-mandatory-multifactor-authentication

Serious flaws in Microsoft apps on macOS could let hackers spy on users (19 aug) https://www.itpro.com/security/serious-flaws-in-microsoft-apps-on-macos-could-let-hackers-spy-on-users

Cybercriminals Exploit Popular Software Searches to Spread FakeBat Malware (19 aug) https://thehackernews.com/2024/08/cybercriminals-exploit-popular-software.html

National Public Data Says Breach Impacts 1.3 Million People (19 aug) https://www.securityweek.com/national-public-data-says-breach-impacts-1-3-million-people

FBI and CISA Assure Public on Election Ransomware Security (19 aug) https://www.infosecurity-magazine.com/news/cisa-assure-public-election

Microsoft har en lösning för att förhindra nästa Crowdstrike-fiasko. Men är det en bra lösning? (20 aug) https://computersweden.se/article/3488305/microsoft-har-en-losning-for-att-forhindra-nasta-crowdstrike-fiasko-men-ar-det-en-bra-losning.html

Most Ransomware Attacks Occur When Security Staff Are Asleep, Study Finds (20 aug) https://www.techrepublic.com/article/ransomware-trends-malwarebytes

Abnormal sees 350% uptick in phishing via file-sharing sites (20 aug) https://securitybrief.co.nz/story/abnormal-sees-350-uptick-in-phishing-via-file-sharing-sites

City council faces £216.5M loss over Oracle system debacle (20 aug) https://www.theregister.com/2024/08/20/birmingham_oracle_cost

Helsinki braced for elevated cyber attacks (20 aug) https://www.computerweekly.com/news/366605792/Helsinki-braced-for-elevated-cyber-attacks

Granngården kräver Tietoevry på skadestånd – förlorade 100 miljoner på it-attacken (21 aug) https://computersweden.se/article/3489598/granngarden-kraver-tietoevry-pa-skadestand-forlorade-100-miljoner-pa-it-attacken.html

Top US oilfield firm Halliburton hit by cyberattack, source says (21 aug) https://www.reuters.com/technology/cybersecurity/top-us-oilfield-firm-halliburton-hit-by-cyberattack-2024-08-21

Hackers steal banking creds from iOS, Android users via PWA apps (21 aug) https://www.bleepingcomputer.com/news/security/hackers-steal-banking-creds-from-ios-android-users-via-pwa-apps

FAA proposes new cybersecurity rules for airplanes (21 aug) https://therecord.media/faa-new-cybersecurity-rules-airplanes

Cyberattack Disrupts Microchip Technology Manufacturing Facilities (21 aug) https://www.securityweek.com/cyberattack-disrupts-microchip-technology-manufacturing-facilities

Average DDoS attack costs $6,000 per minute (21 aug) https://www.helpnetsecurity.com/2024/08/21/ddos-attacks-duration-surge

Cisco calls for United Nations to revisit cyber crime Convention (22 aug) https://www.theregister.com/2024/08/22/cisco_criticizes_un_cybercrime_convention

This uni thought it would be a good idea to do a phishing test with a fake Ebola scare (22 aug) https://www.theregister.com/2024/08/22/ucsc_phishing_test_ebola

Färre cyberattacker i Sverige efter Natointrädet (23 aug) https://sverigesradio.se/artikel/farre-cyberattacker-i-sverige-efter-natointradet

Rapporter och analyser

Don’t get Mad, get wise (13 aug) https://news.sophos.com/en-us/2024/08/13/dont-get-mad-get-wise

Leaked Environment Variables Allow Large-Scale Extortion Operation of Cloud Environments (15 aug) https://unit42.paloaltonetworks.com/large-scale-cloud-extortion-operation

Unmasking Styx Stealer: How a Hacker’s Slip Led to an Intelligence Treasure Trove (16 aug) https://research.checkpoint.com/2024/unmasking-styx-stealer-how-a-hackers-slip-led-to-an-intelligence-treasure-trove

Surge in Software Supply Chain Attacks Demands Heightened Third-Party Vigilance (20 aug) https://cyble.com/blog/surge-in-software-supply-chain-attacks-heightens-third-party-vigilance

ASD’s ACSC, CISA, FBI, and NSA, with the support of International Partners Release Best Practices for Event Logging and Threat Detection (21 aug) https://www.cisa.gov/news-events/alerts/2024/08/21/asds-acsc-cisa-fbi-and-nsa-support-international-partners-release-best-practices-event-logging-and

Threat Spotlight: How ransomware for rent rules the threat landscape (21 aug) https://blog.barracuda.com/2024/08/21/threat-spotlight-ransomware-rent-threat-landscape

Autoencoder Is All You Need: Profiling and Detecting Malicious DNS Traffic (21 aug) https://unit42.paloaltonetworks.com/profiling-detecting-malicious-dns-traffic

Ransomware Landscape H1/2024 (22 aug) https://labs.withsecure.com/publications/ransomware-landscape-h1-2024

Informationssäkerhet och blandat

Varning för nya nätfiskekampanjer (16 aug) https://sakerhetskollen.se/aktuella-brott/varning-for-nya-natfiskekampanjer

Nyt sekretariat i CFCS skal hjælpe organisationer med at overgå til kvantesikker kryptografi (19 aug) https://www.cfcs.dk/da/nyheder/2024/nyt-sekretariat-i-cfcs

Varning för bluffmejl (22 aug) https://www.skatteverket.se/omoss/pressochmedia/nyheter/2024/nyheter/varningforbluffmejl.5.5dc1d8b31903014b1bf400a.html

CERT-SE i veckan

Kritisk sårbarhet i SolarWinds Web Help Desk (15 aug) https://www.cert.se/2024/08/kritisk-sarbarhet-i-solarwinds-web-help-desk.html

Ytterligare en kritisk sårbarhet i Solarwinds Web Help Desk (22 aug) https://www.cert.se/2024/08/ytterligare-en-kritisk-sarbarhet-i-solarwinds-web-help-desk.html