CERT-SE:s veckobrev v.39

Nästa vecka inleds den årliga cybersäkerhetsmånaden och i samband med den, MSB:s kampanj Tänk säkert. CERT-SE:s bidrag för att stärka cyberkompetensen i samhället är vår årliga CTF som publiceras inom kort, håll utkik efter den! Till dess tipsar vi om våra lettiska kollegors CTF-utmaning, se länk längst ner i veckobrevet.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Criminal phishing network resulting in over 480 000 victims worldwide busted in Spain and Latin America (19 sep) https://www.europol.europa.eu/media-press/newsroom/news/criminal-phishing-network-resulting-in-over-480-000-victims-worldwide-busted-in-spain-and-latin-america

Reporting on Threathunt 2030: Navigating the future of the cybersecurity threat landscape (19 sep) https://www.enisa.europa.eu/news/reporting-on-threathunt-2030-navigating-the-future-of-the-cybersecurity-threat-landscape

Attacker tros ligga bakom teknikstrul hos storbanker (22 sep) https://www.dn.se/ekonomi/attacker-tros-ligga-bakom-teknikstrul-hos-storbanker

Polisen tar över ansvaret för statlig e-legitimation (23 sep) https://computersweden.se/article/3535289/polisen-tar-over-ansvaret-for-statlig-e-legitimation.html

FRA tar över ansvaret för Nationellt cybersäkerhetscenter (23 sep) https://regeringen.se/pressmeddelanden/2024/09/fra-tar-over-ansvaret-for-nationellt-cybersakerhetscenter ..
Nationellt cyber­säkerhets­center blir del av FRA (23 sep) https://www.ncsc.se/aktuellt/nationellt-cybersakerhetscenter-blir-del-av-fra ..
Nationellt cyber­säkerhets­center (NCSC) blir del av FRA (23 sep) https://fra.se/nyheter/nyheter/nyhetsarkiv/news/nationelltcybersakerhetscenterncscblirdelavfra.5.766e440918f572e73355e.html

Android malware ‘Necro’ infects 11 million devices via Google Play (23 sep) https://www.bleepingcomputer.com/news/security/android-malware-necro-infects-11-million-devices-via-google-play

Överbelastningsattacker har mer än fördubblats sedan 2022 (24 sep) https://sverigesradio.se/artikel/overbelastningsattacker-har-mer-an-fordubblats-sedan-2022

Hur bygger en helt ny myndighet sin it-miljö? Som en start-up. (24 sep) https://computersweden.se/article/3536758/hur-bygger-en-helt-ny-myndighet-sin-it-miljo-som-en-start-up.html

Cyberexperten om Irans specialoperation: ”Inte en avancerad hackning” (24 sep) https://www.svt.se/nyheter/inrikes/cyberexperten-om-irans-specialoperation-inte-en-avancerad-hackning

CrowdStrike Overhauls Testing and Rollout Procedures to Avoid System Crashes (24 sep) https://www.securityweek.com/crowdstrike-overhauls-testing-and-rollout-procedures-to-avoid-bsod-crashes

AI-Generated Malware Found in the Wild (24 sep) https://www.securityweek.com/ai-generated-malware-found-in-the-wild

AutoCanada says ransomware attack “may” impact employee data (24 sep) https://www.bleepingcomputer.com/news/security/autocanada-says-ransomware-attack-may-impact-employee-data

Kansas water plant cyberattack forces switch to manual operations (24 sep) https://www.bleepingcomputer.com/news/security/kansas-water-plant-cyberattack-forces-switch-to-manual-operations

MoneyGram confirms a cyberattack is behind dayslong outage (24 sep) https://www.bleepingcomputer.com/news/security/moneygram-confirms-a-cyberattack-is-behind-dayslong-outage

MFA bypass becomes a critical security issue as ransomware tactics advance (24 sep) https://www.helpnetsecurity.com/2024/09/24/ransomware-session-hijacking-tactics

Russia’s digital warfare on Ukraine shows no signs of slowing: Malware hits surge (24 sep) https://www.theregister.com/2024/09/24/russia_malware_ukraine_attacks

Svenskar sticker ut i ny internationell studie om it-säkerhet (25 sep) https://www.voister.se/artikel/2024/09/svenskar-sticker-ut-i-ny-internationell-studie-om-it-sakerhet

New Android banking trojan Octo2 targets European banks (25 sep) https://securityaffairs.com/168857/malware/octo2-android-banking-trojan.html

Transportation Companies Hit by Cyberattacks Using Lumma Stealer and NetSupport Malware (25 sep) https://thehackernews.com/2024/09/transportation-companies-hit-by.html

Crowdstrike-chef bad om ursäkt för it-avbrottet (25 sep) https://computersweden.se/article/3539476/crowdstrike-chef-bad-om-ursakt-for-it-avbrottet.html

US government agency confirms it was hit by major ransomware attack (25 sep) https://www.techradar.com/pro/security/us-government-agency-confirms-it-was-hit-by-major-ransomware-attack

Threat Actors Continue to Exploit OT/ICS through Unsophisticated Means (25 sep) https://www.cisa.gov/news-events/alerts/2024/09/25/threat-actors-continue-exploit-otics-through-unsophisticated-means

Transportation Companies Hit by Cyberattacks Using Lumma Stealer and NetSupport Malware (25 sep) https://thehackernews.com/2024/09/transportation-companies-hit-by.html

Public Wi-Fi operator investigating cyberattack at UK’s busiest train stations (26 sep) https://www.theregister.com/2024/09/26/public_wifi_operator_investigating_cyberattack

Robustare it-system i Storstockholm (26 sep) https://www.tjugofyra7.se/amnesomraden/cybersakerhet/2024/robustare-it-system-i-storstockholm

NIST proposes barring some of the most nonsensical password rules (26 sep) https://arstechnica.com/security/2024/09/nist-proposes-barring-some-of-the-most-nonsensical-password-rules

Hackers Could Have Remotely Controlled Kia Cars Using Only License Plates (26 sep) https://thehackernews.com/2024/09/hackers-could-have-remotely-controlled.html

Se cyberattacker i realtid – Norrbotten lär sig försvar (26 sep) https://www.svt.se/nyheter/lokalt/norrbotten/se-cyberattacker-i-realtid-norrbotten-lar-sig-forsvara-sig

Rapporter och analyser

Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors (18 sep) https://unit42.paloaltonetworks.com/gleaming-pisces-applejeus-poolrat-and-pondrat

The Correlation Between Dark Web Exposure and Cybersecurity Risk (23 sep) https://slcyber.io/whitepapers-reports/the-correlation-between-dark-web-exposure-and-cybersecurity-risk

Inside SnipBot: The Latest RomCom Malware Variant (23 sep) https://unit42.paloaltonetworks.com/snipbot-romcom-malware-variant

Microsoft redogör för sina säkerhetssatsningar i ny rapport (24 sep) https://computersweden.se/article/1272196/microsoft-tar-nytt-grepp-om-sin-egen-sakerhet.html ..
Secure Future Initiative - September 2024 progress report (PDF) https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/final/en-us/microsoft-brand/documents/SFI_September_2024_progress_report.pdf

10 Years of DLL Hijacking, and What We Can Do to Prevent 10 More (25 sep) https://research.checkpoint.com/2024/10-years-of-dll-hijacking-and-what-we-can-do-to-prevent-10-more

ANALYS: Tre av fyra svenska myndigheter och kommuner utsätter allmänheten för ökad risk för e-postbedrägerier (25 sep) https://www.aktuellsakerhet.se/analys-tre-av-fyra-svenska-myndigheter-och-kommuner-utsatter-allmanheten-for-okad-risk-for-e-postbedragerier

NSA Jointly Releases Guidance for Mitigating Active Directory Compromises (26 sep) https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3917556/nsa-jointly-releases-guidance-for-mitigating-active-directory-compromises ..
Detecting and Mitigating Active Directory Compromises (PDF) https://media.defense.gov/2024/Sep/25/2003553985/-1/-1/0/CTR-DETECTING-AND-MITIGATING-AD-COMPROMISES.PDF

2024 SonicWall Threat Brief: Healthcare’s Escalating Cybersecurity Challenge (26 sep) https://blog.sonicwall.com/en-us/2024/09/2024-sonicwall-threat-brief-healthcares-escalating-cybersecurity-challenge ..
2024 SonicWall Threat Brief: Healthcare (PDF) https://www.sonicwall.com/medialibrary/en/brief/2024-threat-brief-healthcare.pdf

2023 RTF Global Ransomware Incident Map: Attacks Increase by 73%, Big Game Hunting Appears to Surge (26 sep) https://securityandtechnology.org/blog/2023-rtf-global-ransomware-incident-map

Storm-0501: Ransomware attacks expanding to hybrid cloud environments (26 sep) https://www.microsoft.com/en-us/security/blog/2024/09/26/storm-0501-ransomware-attacks-expanding-to-hybrid-cloud-environments

Informationssäkerhet och blandat

We’re losing our digital history. Can the Internet Archive save it? (16 sep) https://www.bbc.com/future/article/20240912-the-archivists-battling-to-save-the-internet

How cyber compliance helps minimize the risk of ransomware infections (24 sep) https://www.helpnetsecurity.com/2024/09/24/cyber-compliance-minimize-risk

Gamla dialekter ska vässa AI:s förståelse för svenska (25 sep) https://computersweden.se/article/3538102/gamla-dialekter-ska-vassa-ais-forstaelse-for-svenska.html

Kampanjen Tänk säkert 2024 https://www.msb.se/sv/amnesomraden/informationssakerhet-cybersakerhet-och-sakra-kommunikationer/arbeta-systematiskt-informationssakerhet-och-cybersakerhet/informationssakerhetsmanaden/tank-sakert

CyberChess/#CaptureTheFlag (CTF) https://cyberchess.lv

CERT-SE i veckan

Flera allvarliga sårbarheter påverkar Cisco-programvara (27 sep) https://www.cert.se/2024/09/flera-allvarliga-sarbarheter-paverkar-cisco-programvara.html

Flera kritiska sårbarheter i accesspunkter från Aruba (27 sep) https://www.cert.se/2024/09/flera-kritiska-sarbarheter-i-accesspunkter-fran-aruba.html

Kritiska sårbarheter i produkter från Ivanti (uppdaterad 26 sep) https://www.cert.se/2024/08/kritiska-sarbarheter-i-produkter-fran-ivanti.html

Allvarlig sårbarhet i Keycloak (26 sep) https://www.cert.se/2024/09/allvarlig-sarbarhet-i-keycloak.html

Kritisk sårbarhet i Traefik (25 sep) https://www.cert.se/2024/09/kritisk-sarbarhet-i-traefik.html