CERT-SE:s veckobrev v.40

Cybersäkerhetsmånaden och Tänk säkert-kampanjen har inletts. Teman för året är nätfiske och skadlig kod, digital identitet samt säkrare på nätet. Trevlig helg önskar CERT-SE!

Nyheter i veckan

Hackergrupp hotar läcka data från Idre Fjäll: ”Allvarligt” (27 sep) https://sverigesradio.se/artikel/hackergrupp-hotar-lacka-data-fran-idre-fjall-allvarligt

A UK man allegedly used genealogy sites to hack execs’ email accounts and make millions on stock trades (28 sep) https://fortune.com/2024/09/28/uk-man-genealogy-hack-exec-email-stock-market/

Så övar Nato på att stoppa attacker mot förnybar energi (29 sep) https://www.svt.se/nyheter/inrikes/sa-ovar-nato-pa-att-stoppa-attacker-mot-fornybar-energi

Session Hijacking 2.0 — The Latest Way That Attackers are Bypassing (30 sep) https://thehackernews.com/2024/09/session-hijacking-20-latest-way-that.html

Ransomware forces hospital to turn away ambulances https://www.theregister.com/2024/09/30/texan_hospital_ransomware

Media giant AFP hit by cyberattack impacting news delivery services (30 sep) https://www.bleepingcomputer.com/news/security/media-giant-afp-hit-by-cyberattack-impacting-news-delivery-services/

Facial DNA provider leaks biometric data via WordPress folder (30 sep) https://hackread.com/facial-dna-provider-leak-biometric-data-wordpress-folder/

Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials (1 okt) https://thehackernews.com/2024/10/free-sniper-dz-phishing-tools-fuel.html

UK reveals father and son at heart of Evil Corp hackers (1 okt) https://www.bbc.com/news/articles/cwy98824lk4o

Rapporter och analyser

Detecting and Mitigating Active Directory Compromises https://www.cyber.gov.au/sites/default/files/2024-09/PROTECT-Detecting-and-Mitigating-Active-Directory-Compromises.pdf

Storm-0501: Ransomware attacks expanding to hybrid cloud environments (26 sep) https://www.microsoft.com/en-us/security/blog/2024/09/26/storm-0501-ransomware-attacks-expanding-to-hybrid-cloud-environments/

Event Log Talks a Lot: Identifying Human-operated Ransomware through Windows Event Logs (30 sep) https://blogs.jpcert.or.jp/en/2024/09/windows.html

Svenskarna och internet 2024 (30 sep) https://svenskarnaochinternet.se/rapporter/svenskarna-och-internet-2024/

After Code Execution, Researchers Show How CUPS Can Be Abused for DDoS Attacks (2 okt) https://www.securityweek.com/after-code-execution-researchers-show-how-cups-can-be-abused-for-ddos-attacks/

Undersökning: 90 procent av företag i Europa utsattes för cybersäkerhetsincidenter som NIS2 kunde ha förhindrat https://www.aktuellsakerhet.se/undersokning-90-procent-av-foretag-i-europa-utsattes-for-cybersakerhetsincidenter-som-nis2-kunde-ha-forhindrat/ (3 okt)

Email Phishing Attacks Surge as Attackers Bypass Security Controls (3 okt) https://www.infosecurity-magazine.com/news/email-phishing-surge-bypass/

Informationssäkerhet och blandat

Övning och vikten av att öva https://www.ncsc.se/aktuellt/ovning-och-vikten-av-att-ova/

Insecurity through Censorship: Vulnerabilities Caused by The Great Firewall (27 sep) https://www.assetnote.io/resources/research/insecurity-through-censorship-vulnerabilities-caused-by-the-great-firewall

Securing Space in the Age of Advanced Cyberthreats (30 sep) https://www.eetimes.eu/securing-space-in-the-age-of-advanced-cyberthreats/

I oktober Tänker vi säkert – och agerar smart (30 sep) https://www.msb.se/sv/aktuellt/nyheter/2024/september/i-oktober-tanker-vi-sakert--och-agerar-smart/

Here’s what to expect from the Counter Ransomware Initiative meeting this week (30 sep) https://therecord.media/counter-ransomware-initiative-washington-meeting-2024

Experten: Cyberattackerna har lugnat ner sig i hela Europa (1 okt) https://computersweden.se/article/3541614/experten-cyberattackerna-har-lugnat-ner-sig-i-hela-europa.html

Escaperoom testar dina cybersäkerhetskunskaper (1 okt) https://www.svt.se/nyheter/lokalt/varmland/escaperoom-testar-dina-cybersakerhetskunskaper

ASD’s ACSC, CISA, FBI, NSA, and International Partners Release Guidance on Principles of OT Cybersecurity for Critical Infrastructure Organizations (1 okt) https://www.cisa.gov/news-events/alerts/2024/10/01/asds-acsc-cisa-fbi-nsa-and-international-partners-release-guidance-principles-ot-cybersecurity

Fortsatt stort intresse för Försvarsmaktens IT-utbildning (2 okt) https://magazin24.se/vastmanland/vastra-malardalen/arboga/fortsatt-stort-intresse-for-forsvarsmaktens-it-utbildning/

CERT-SE i veckan

Kritisk sårbarhet i GitLab (uppdaterad 30 sep) https://www.cert.se/2024/09/kritisk-sarbarhet-i-GitLab-SAML.html

Kritiska sårbarheter i WhatsUp Gold (1 okt) https://www.cert.se/2024/10/kritiska-sarbarheter-i-whatsup-gold.html

Kritiska sårbarheter i produkter från Ivanti (uppdaterad 3 okt) https://www.cert.se/2024/05/kritiska-sarbarheter-i-produkter-fran-ivanti.html

Kritisk sårbarhet i Cisco NDFC (3 okt) https://www.cert.se/2024/10/kritisk-sarbarhet-i-cisco-ndfc.html

Kritiska sårbarheter i routrar från Draytek (4 okt) https://www.cert.se/2024/10/kritiska-sarbarheter-i-routrar-fran-draytek.html