CERT-SE:s veckobrev v.44
Den här veckan avslutas cybersäkerhetsmånaden och med det stänger vi CERT-SEs CTF-utmaning. Vi är imponerade av era lösningar och vill rikta ett stort tack till alla som skickat in sina svar!
Notera gärna vår uppdaterade artikel om FortiManager, då Fortinet uppdaterat sina råd gällande sårbarheten.
I övrigt ett mastigt veckobrev med flera fördjupningar och analyser lagom till långhelgen.
Ha en fin allhelgonahelg!
Nyheter i veckan
Four REvil members sentenced to more than four years in prison (25 okt) https://therecord.media/four-revil-ransomware-gang-members-sentenced-prison-russia
San Francisco billboards call out tech firms for not paying for open source (25 okt) https://www.theregister.com/2024/10/25/open_source_funding_ads/
Joint Statement by FBI and CISA on PRC Activity Targeting Telecommunications (25 okt) https://www.cisa.gov/news-events/news/joint-statement-fbi-and-cisa-prc-activity-targeting-telecommunications
Nordea utsatt för överbelastningsattack (25 okt) https://sverigesradio.se/artikel/nordea-utsatt-for-overbelastningsattack
Kinesiska hackare har tagit del av USA-politikers samtal (27 okt) https://www.dn.se/direkt/2024-10-27/uppgifter-kinesiska-hackare-har-tagit-del-av-usa-politikers-samtal/
Sveriges Radio: Vissa inloggningsmetoder inte så säkra som du tror (27 okt) https://sverigesradio.se/artikel/expert-vissa-inloggningsmetoder-inte-sa-sakra-som-du-tror
Lunds universitet satsar på Tiktok – ser inga hinder för IT-säkerheten (28 okt) https://www.svt.se/nyheter/lokalt/skane/lunds-universitet-satsar-pa-tiktok-ser-inga-hinder-for-it-sakerheten
Fällande dom efter överbelastningsattack mot SL (28 okt) https://www.securityuser.com/se/Nyheter/Samhalle/fallande-dom-efter-overbelastningsattack-mot-sl
‘All servers’ for Redline and Meta infostealers hacked by Dutch police and FBI (28 okt) https://therecord.media/infostealer-servers-takedown-dutch-police-fbi
Hacker claims to have data linked to 19 million French mobile and internet customers (29 okt) https://www.itpro.com/security/cyber-attacks/hacker-claims-to-have-data-linked-to-19-million-french-mobile-and-internet-customers
Många techföretag nobbar offentliga upphandlingar – ”krångligt” (29 okt) https://computersweden.se/article/3591846/manga-techforetag-nobbar-offentliga-upphandlingar-krangligt.html
Anmälda bedrägeribrott minskar (29 okt) https://polisen.se/aktuellt/nyheter/nationell/2024/oktober/bedragerierna-minskar/
Hackers Downgrading Remote Desktop Security Setting For Unauthorized Access (29 okt) https://cybersecuritynews.com/hackers-downgrading-remote-desktop-security/
Massive Midnight Blizzard Phishing Attack Via Weaponized RDP Files (30 okt) https://cybersecuritynews.com/phishing-attack-weaponized-rdp-file/ ..
Russia’s ‘Midnight Blizzard’ hackers target government workers in novel info-stealing campaign (30 okt) https://therecord.media/russia-midnight-blizzard-hackers-target-government-sector
Hackers Exploit Microsoft Teams In New Ransomware Scam (30 okt) https://www.forbes.com/sites/larsdaniel/2024/10/30/hackers-posing-as-it-support-on-teams-new-ransomware-scam-targeting-your-workplace/
QNAP patches second zero-day exploited at Pwn2Own to get root (30 okt) https://www.bleepingcomputer.com/news/security/qnap-patches-second-zero-day-exploited-at-pwn2own-to-get-root/
Informationssäkerhet och blandat
Fog Ransomware Targets SonicWall VPNs to Breach Corporate Networks (27 okt) https://www.bleepingcomputer.com/news/security/fog-ransomware-targets-sonicwall-vpns-to-breach-corporate-networks/
German MPs and their staff fail simple phishing attack test (27 okt) https://www.tomshardware.com/tech-industry/cyber-security/german-mps-and-their-staff-fail-simple-phishing-attack-test
A good cyber leader prioritizes the greater good (28 okt) https://www.helpnetsecurity.com/2024/10/28/good-cyber-leader-responsibility/
Sveriges Radio; Följ med till Sveriges hemligaste myndighet – FRA (28 okt) https://sverigesradio.se/artikel/folj-med-till-sveriges-hemligaste-myndighet-fra--2
Sveriges Radio: Nätverket som blivit en guldgruva för spioner (29 okt) https://sverigesradio.se/avsnitt/natverket-som-blivit-en-guldgruva-for-spioner-grans
Regeringen ger Finansinspektionen och Riksbanken nya verktyg för att stärka den digitala motståndskraften i finanssektorn (29 okt) https://www.regeringen.se/pressmeddelanden/2024/10/egeringen-ger-finansinspektionen-och-riksbanken-nya-verktyg-for-att-starka-den-digitala-motstandskraften-i-finanssektorn/
“You must do better”: Information Commissioner John Edwards calls on firms to beef up support for data breach victims (30 okt) https://www.itpro.com/security/data-protection/you-must-do-better-information-commissioner-john-edwards-calls-on-firms-to-beef-up-support-for-data-breach-victims
Report: Safer Together – Strengthening Europe’s Civilian and Military Preparedness and Readiness (30 okt) https://commission.europa.eu/topics/defence/safer-together-path-towards-fully-prepared-union_en
Understanding the NIS2 Directive: Strengthening Cybersecurity Across the EU https://www.enisa.europa.eu/topics/cybersecurity-education/awareness-campaigns/network-and-information-systems-directive-2-nis2
NCSC-UK: CyberFirst overview https://www.ncsc.gov.uk/cyberfirst/overview
Rapporter och analyser
BPFDoor Linux Malware Detected By AhnLab EDR (10 okt) https://asec.ahnlab.com/en/83925/ ..
Linux Persistence Techniques Detected By AhnLab EDR https://asec.ahnlab.com/en/83779/
Decrypted: Mallox ransomware (22 okt) https://www.gendigital.com/blog/news/innovation/decrypted-mallox-ransomware
Doubling Down on Trusted Partnerships: Our Commitment to Researchers (22 okt) https://www.whitehouse.gov/oncd/briefing-room/2024/10/22/doubling-down-on-trusted-partnerships-our-commitment-to-researchers/
Threat Spotlight: WarmCookie/BadSpace (23 okt) https://blog.talosintelligence.com/warmcookie-analysis
Scattered Spider x RansomHub: A New Partnership (24 okt) https://www.reliaquest.com/blog/scattered-spider-x-ransomhub-a-new-partnership
Cloud Malware: A Threat Hunter’s Guide to Analysis, Techniques and Delivery (24 okt) https://www.sentinelone.com/labs/cloud-malware-a-threat-hunters-guide-to-analysis-techniques-and-delivery
AWS’s Predictable Bucket Names Make Accounts Easier to Crack (24 okt) https://www.darkreading.com/threat-intelligence/aws-cdk-default-s3-bucket-naming-pattern-lets-adversaries-waltz-into-admin-access
The Real Monsters of Street Level Surveillance (25 okt) https://www.eff.org/deeplinks/2024/10/real-monsters-street-level-surveillance
Two currently (old) exploited Ivanti vulnerabilities (27 okt) https://isc.sans.edu/diary/Two%20currently%20%28old%29%20exploited%20Ivanti%20vulnerabilities/31384
CloudScout: Evasive Panda Scouting Cloud Services (28 okt) https://www.welivesecurity.com/en/eset-research/cloudscout-evasive-panda-scouting-cloud-services/
New tool bypasses Google Chrome’s new cookie encryption system (28 okt) https://www.bleepingcomputer.com/news/security/new-tool-bypasses-google-chromes-new-cookie-encryption-system/
Anatomy of an LLM RCE (28 okt) https://www.cyberark.com/resources/threat-research-blog/anatomy-of-an-llm-rce
Self-contained HTML phishing attachment using Telegram to exfiltrate stolen credentials (28 okt) https://isc.sans.edu/diary/Self-contained%20HTML%20phishing%20attachment%20using%20Telegram%20to%20exfiltrate%20stolen%20credentials/31388
Announcing General Availability of Inbound SMTP DANE with DNSSEC for Exchange Online (28 okt) https://techcommunity.microsoft.com/t5/exchange-team-blog/announcing-general-availability-of-inbound-smtp-dane-with-dnssec/ba-p/4281292
Report: Unveiling the Persistent Risks of Connected Medical Devices (29 okt) https://www.forescout.com/resources/iomt-persistent-risk-report/
New Research Reveals Spectre Vulnerability Persists in Latest AMD and Intel Processors (29 okt) https://thehackernews.com/2024/10/new-research-reveals-spectre.html
Lumma/Amadey: fake CAPTCHAs want to know if you’re human (29 okt) https://securelist.com/fake-captcha-delivers-lumma-amadey/114312/
Jumpy Pisces Engages in Play Ransomware (30 okt) https://unit42.paloaltonetworks.com/north-korean-threat-group-play-ransomware/
Three quarters of businesses report increase in cyberattacks (30 okt) https://www.rte.ie/news/business/2024/1030/1478040-cyber-attacks-survey/
Hackers Exploit Microsoft Teams In New Ransomware Scam (30 okt) https://www.forbes.com/sites/larsdaniel/2024/10/30/this-halloween-beware-the-pig-butcher/?
CERT-SE i veckan
CERT-SE används i bedrägeriförsök (28 okt) https://www.cert.se/2024/10/cert-se-anvands-i-bedrageriforsok.html
Uppdaterad - Kritisk sårbarhet i Fortinet FortiManager utnyttjas aktivt (31 okt) https://www.cert.se/2024/10/bm24-005-kritisk-sarbarhet-i-fortinet-FortiManager-utnyttjas-aktivt.html