CERT-SE:s veckobrev v.35

Ett matigt veckobrev med flera händelser från Sverige och omvärlden denna sista vecka i augusti. Vi vill uppmärksamma att Informationssäkerhet.se efter lång och trogen tjänst gått i pension och att informationen nu finns samlad på msb.se. Där hittar du även MSB:s metodstöd för systematiskt informationssäkerhet.

https://www.msb.se/sv/aktuellt/nyheter/2024/augusti/informationssakerhet.se-har-gatt-i-pension-och-metodstodet-har-ny-webbplats/

Trevlig helg!

Nyheter i veckan

Latvian Hacker Extradited to U.S. for Role in Karakurt Cybercrime Group (23 aug) https://thehackernews.com/2024/08/latvian-hacker-extradited-to-us-for.html

Färre cyberattacker i Sverige efter Natointrädet (23 aug) https://sverigesradio.se/artikel/farre-cyberattacker-i-sverige-efter-natointradet

Telegram Founder Pavel Durov Arrested in France for Content Moderation Failures (25 aug) https://thehackernews.com/2024/08/telegram-founder-pavel-durov-arrested.html

Seattle-Tacoma Airport In The Crosshairs Of Hackers (25 aug) https://www.forbes.com/sites/emilsayegh/2024/08/25/seattle-tacoma-airport-in-the-crosshairs-of-hackers/

Cyberattacker mot myndigheter blir mer avancerade (25 aug) https://sverigesradio.se/artikel/cyberattacker-mot-myndigheter-blir-mer-avancerade

Patelco notifies 726,000 customers of ransomware data breach (26 aug) https://www.bleepingcomputer.com/news/security/patelco-notifies-726-000-customers-of-ransomware-data-breach/

Stor driftstörning för Telenor i Göteborg (26 aug) https://www.gp.se/nyheter/goteborg/stor-driftstorning-for-telenor-i-goteborg.371848fd-dd5b-4674-955d-fbda33aa0e97

Liseberg varnar kunder – efter anställds felklick (27 aug) https://www.aftonbladet.se/nyheter/a/GyPjAV/liseberg-varnar-kunder-utsatts-for-dataintrang

Falske mails fra CFCS i omløb (27 aug) https://www.cfcs.dk/da/nyheder/2024/falske-mails-fra-cfcs/

BlackSuit ransomware stole data of 950,000 from software vendor (27 aug) https://www.bleepingcomputer.com/news/security/blacksuit-ransomware-stole-data-of-950-000-from-software-vendor/

US Marshals Service disputes ransomware gang’s breach claims (27 aug) https://www.bleepingcomputer.com/news/security/us-marshals-service-disputes-ransomware-gangs-breach-claims/

Intel officials say they anticipate more hacking attempts as US election nears (28 aug) https://therecord.media/intel-officials-anticipate-more-hacking-attempts-us-election-trump-harris

‘Malfunction’ at Dutch defense ministry datacenter causing mass disruption (28 aug) https://therecord.media/netherlands-defense-ministry-data-center-malfunction-outages

Employee arrested for locking Windows admins out of 254 servers in extortion plot (28 aug) https://www.bleepingcomputer.com/news/security/employee-arrested-for-locking-windows-admins-out-of-254-servers-in-extortion-plot/

Dataintrång hos Region Värmlands leverantör av sms-tjänster (28 aug) https://lakartidningen.se/aktuellt/nyheter/2024/08/dataintrang-hos-region-varmlands-leverantor-av-sms-tjanster/

Postnord i Jönköping i normalläge efter cyberattack (28 aug) https://www.svt.se/nyheter/lokalt/jonkoping/cyberattack-tvingade-postnord-till-isolering

NHS staff mobile numbers revealed in data breach (29 aug) https://www.bbc.com/news/articles/cly3g49pkz4o

Center for Cybersikkerhed overføres til Ministerium for Samfundssikkerhed og Beredskab (30 aug) https://www.cfcs.dk/da/nyheder/2024/center-for-cybersikkerhed-overfores/

Rapporter och fördjupningar

Bling Libra’s Tactical Evolution: The Threat Actor Group Behind ShinyHunters Ransomware (23 aug) https://unit42.paloaltonetworks.com/shinyhunters-ransomware-extortion/

PSA: These ‘Microsoft Support’ ploys may just fool you (26 aug) https://www.malwarebytes.com/blog/scams/2024/08/psa-these-microsoft-support-ploys-may-just-fool-you

Linux malware sedexp uses udev rules for persistence and evasion (26 aug) https://securityaffairs.com/167567/malware/linux-malware-sedexp.html

China’s Volt Typhoon Exploits Zero-Day in Versa’s SD-WAN Director Servers (27 aug) https://www.darkreading.com/cyberattacks-data-breaches/china-s-volt-typhoon-actively-exploiting-now-patched-0-day-in-versa-director-servers …
Taking the Crossroads: The Versa Director Zero-Day Exploitation (27 aug) https://blog.lumen.com/taking-the-crossroads-the-versa-director-zero-day-exploitation/

Windows Downdate tool lets you ‘unpatch’ Windows systems (27 aug) https://www.bleepingcomputer.com/news/microsoft/windows-downdate-tool-lets-you-unpatch-windows-systems/

Lösenord och flerfaktorsautentisering (27 aug) https://www.ncsc.se/aktuellt/losenord-och-flerfaktorsautentisering/

Attack tool update impairs Windows computers (27 aug) https://news.sophos.com/en-us/2024/08/27/burnt-cigar-2/

5 Key Takeaways: Ransomware Attacks on Healthcare, Education, and Public Sector (27 aug) https://www.zscaler.com/blogs/security-research/5-key-takeaways-ransomware-attacks-healthcare-education-and-public-sector

Microsoft Sway abused in massive QR code phishing campaign (27 aug) https://www.bleepingcomputer.com/news/security/microsoft-sway-abused-in-massive-qr-code-phishing-campaign/

Cybercriminals capitalize on travel industry’s peak season (28 aug) https://www.helpnetsecurity.com/2024/08/28/cybercriminals-capitalize-travel-season/

Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations (28 aug) https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-241a

Cisco: BlackByte ransomware gang only posting 20% to 30% of successful attacks (28 aug) https://therecord.media/blackbyte-ransomware-group-posting-fraction-of-leaks …
https://blog.talosintelligence.com/blackbyte-blends-tried-and-true-tradecraft-with-newly-disclosed-vulnerabilities-to-support-ongoing-attacks/

Peach Sandstorm deploys new custom Tickler malware in long-running intelligence gathering operations (28 aug) https://www.microsoft.com/en-us/security/blog/2024/08/28/peach-sandstorm-deploys-new-custom-tickler-malware-in-long-running-intelligence-gathering-operations/

When Get-Out-The-Vote Efforts Look Like Phishing (28 aug) https://krebsonsecurity.com/2024/08/when-get-out-the-vote-efforts-look-like-phishing/

Deep Analysis of Snake Keylogger’s New Variant (28 aug) https://www.fortinet.com/blog/threat-research/deep-analysis-of-snake-keylogger-new-variant

State-backed attackers and commercial surveillance vendors repeatedly use the same exploits (29 aug) https://blog.google/threat-analysis-group/state-backed-attackers-and-commercial-surveillance-vendors-repeatedly-use-the-same-exploits/

#StopRansomware: RansomHub Ransomware (29 aug) https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-242a

Gartner: Allt vanligare att AI används vid cyberattacker (29 aug) https://computersweden.se/article/3498239/gartner-allt-vanligare-att-ai-anvands-vid-cyberattacker.html

Silent Intrusions: Godzilla Fileless Backdoors Targeting Atlassian Confluence (30 aug) https://www.trendmicro.com/en_se/research/24/h/godzilla-fileless-backdoors.html

Informationssäkerhet och blandat

Cyberungdom - Cyberlov https://www.fro.se/education/cyberungdom-cyberlov/

NSA releases copy of internal lecture delivered by computing giant Rear Adm. Grace Hopper (26 aug) https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3884041/nsa-releases-copy-of-internal-lecture-delivered-by-computing-giant-rear-adm-gra/

Vad gör vi om en undervattenskabel sprängs – kan rymden rädda internet då? (26 aug) https://computersweden.se/article/3491918/vad-gor-vi-om-en-undervattenskabel-sprangs-kan-rymden-radda-internet-da.html

EU-parlamentet anmäls för brott mot GDPR (26 aug> https://computersweden.se/article/3496027/eu-parlamentet-anmals-for-brott-mot-gdpr.html

Amerikanska företag kritiska till regeringsförslag om cybersäkerhet (26 aug) https://www.securityworldmarket.com/se/Nyheter/Foretagsnyheter/amerikanska-foretag-starkt-kritiska-till-regeringsforslag-om-cybersakerhet

How a Scottish university’s £2.5 million ‘telescope’ will tackle space debris and cyberattacks (28 aug) https://www.scotsman.com/business/how-a-scottish-universitys-ps25-million-telescope-will-tackle-space-debris-and-cyberattacks-4757160

En av Europas kraftfullaste AI-datorer byggs i Falun – investering på åtta miljarder kronor (28 aug) https://www.svt.se/nyheter/lokalt/dalarna/europas-kraftfullaste-ai-dator-byggs-i-falun-investering-pa-atta-miljarder-kronor

Google Now Offering Up to $250,000 for Chrome Vulnerabilities (28 aug) https://www.securityweek.com/google-now-offering-up-to-250000-for-chrome-vulnerabilities/

Säpo: Ökad risk för ryskt sabotage på svensk mark (29 aug) https://www.svt.se/nyheter/inrikes/sapo-okad-risk-for-ryskt-sabotage-pa-svensk-mark

Informationssäkerhet.se har gått i pension och metodstödet har ny webbplats (29 aug) https://www.msb.se/sv/aktuellt/nyheter/2024/augusti/informationssakerhet.se-har-gatt-i-pension-och-metodstodet-har-ny-webbplats/