CERT-SE:s veckobrev v.44

Veckobrev

Den här veckan avslutas cybersäkerhetsmånaden och med det stänger vi CERT-SEs CTF-utmaning. Vi är imponerade av era lösningar och vill rikta ett stort tack till alla som skickat in sina svar!

Notera gärna vår uppdaterade artikel om FortiManager, då Fortinet uppdaterat sina råd gällande sårbarheten.

I övrigt ett mastigt veckobrev med flera fördjupningar och analyser lagom till långhelgen.

Ha en fin allhelgonahelg!

Nyheter i veckan

Four REvil members sentenced to more than four years in prison (25 okt) https://therecord.media/four-revil-ransomware-gang-members-sentenced-prison-russia

San Francisco billboards call out tech firms for not paying for open source (25 okt) https://www.theregister.com/2024/10/25/open_source_funding_ads/

Joint Statement by FBI and CISA on PRC Activity Targeting Telecommunications (25 okt) https://www.cisa.gov/news-events/news/joint-statement-fbi-and-cisa-prc-activity-targeting-telecommunications

Nordea utsatt för överbelastningsattack (25 okt) https://sverigesradio.se/artikel/nordea-utsatt-for-overbelastningsattack

Kinesiska hackare har tagit del av USA-politikers samtal (27 okt) https://www.dn.se/direkt/2024-10-27/uppgifter-kinesiska-hackare-har-tagit-del-av-usa-politikers-samtal/

Sveriges Radio: Vissa inloggningsmetoder inte så säkra som du tror (27 okt) https://sverigesradio.se/artikel/expert-vissa-inloggningsmetoder-inte-sa-sakra-som-du-tror

Lunds universitet satsar på Tiktok – ser inga hinder för IT-säkerheten (28 okt) https://www.svt.se/nyheter/lokalt/skane/lunds-universitet-satsar-pa-tiktok-ser-inga-hinder-for-it-sakerheten

Fällande dom efter överbelastningsattack mot SL (28 okt) https://www.securityuser.com/se/Nyheter/Samhalle/fallande-dom-efter-overbelastningsattack-mot-sl

‘All servers’ for Redline and Meta infostealers hacked by Dutch police and FBI (28 okt) https://therecord.media/infostealer-servers-takedown-dutch-police-fbi

Hacker claims to have data linked to 19 million French mobile and internet customers (29 okt) https://www.itpro.com/security/cyber-attacks/hacker-claims-to-have-data-linked-to-19-million-french-mobile-and-internet-customers

Många techföretag nobbar offentliga upphandlingar – ”krångligt” (29 okt) https://computersweden.se/article/3591846/manga-techforetag-nobbar-offentliga-upphandlingar-krangligt.html

Anmälda bedrägeribrott minskar (29 okt) https://polisen.se/aktuellt/nyheter/nationell/2024/oktober/bedragerierna-minskar/

Hackers Downgrading Remote Desktop Security Setting For Unauthorized Access (29 okt) https://cybersecuritynews.com/hackers-downgrading-remote-desktop-security/

Massive Midnight Blizzard Phishing Attack Via Weaponized RDP Files (30 okt) https://cybersecuritynews.com/phishing-attack-weaponized-rdp-file/ ..

Russia’s ‘Midnight Blizzard’ hackers target government workers in novel info-stealing campaign (30 okt) https://therecord.media/russia-midnight-blizzard-hackers-target-government-sector

Hackers Exploit Microsoft Teams In New Ransomware Scam (30 okt) https://www.forbes.com/sites/larsdaniel/2024/10/30/hackers-posing-as-it-support-on-teams-new-ransomware-scam-targeting-your-workplace/

QNAP patches second zero-day exploited at Pwn2Own to get root (30 okt) https://www.bleepingcomputer.com/news/security/qnap-patches-second-zero-day-exploited-at-pwn2own-to-get-root/

Informationssäkerhet och blandat

Fog Ransomware Targets SonicWall VPNs to Breach Corporate Networks (27 okt) https://www.bleepingcomputer.com/news/security/fog-ransomware-targets-sonicwall-vpns-to-breach-corporate-networks/

German MPs and their staff fail simple phishing attack test (27 okt) https://www.tomshardware.com/tech-industry/cyber-security/german-mps-and-their-staff-fail-simple-phishing-attack-test

A good cyber leader prioritizes the greater good (28 okt) https://www.helpnetsecurity.com/2024/10/28/good-cyber-leader-responsibility/

Sveriges Radio; Följ med till Sveriges hemligaste myndighet – FRA (28 okt) https://sverigesradio.se/artikel/folj-med-till-sveriges-hemligaste-myndighet-fra--2

Sveriges Radio: Nätverket som blivit en guldgruva för spioner (29 okt) https://sverigesradio.se/avsnitt/natverket-som-blivit-en-guldgruva-for-spioner-grans

Regeringen ger Finansinspektionen och Riksbanken nya verktyg för att stärka den digitala motståndskraften i finanssektorn (29 okt) https://www.regeringen.se/pressmeddelanden/2024/10/egeringen-ger-finansinspektionen-och-riksbanken-nya-verktyg-for-att-starka-den-digitala-motstandskraften-i-finanssektorn/

“You must do better”: Information Commissioner John Edwards calls on firms to beef up support for data breach victims (30 okt) https://www.itpro.com/security/data-protection/you-must-do-better-information-commissioner-john-edwards-calls-on-firms-to-beef-up-support-for-data-breach-victims

Report: Safer Together – Strengthening Europe’s Civilian and Military Preparedness and Readiness (30 okt) https://commission.europa.eu/topics/defence/safer-together-path-towards-fully-prepared-union_en

Understanding the NIS2 Directive: Strengthening Cybersecurity Across the EU https://www.enisa.europa.eu/topics/cybersecurity-education/awareness-campaigns/network-and-information-systems-directive-2-nis2

NCSC-UK: CyberFirst overview https://www.ncsc.gov.uk/cyberfirst/overview

Rapporter och analyser

BPFDoor Linux Malware Detected By AhnLab EDR (10 okt) https://asec.ahnlab.com/en/83925/ ..

Linux Persistence Techniques Detected By AhnLab EDR https://asec.ahnlab.com/en/83779/

Decrypted: Mallox ransomware (22 okt) https://www.gendigital.com/blog/news/innovation/decrypted-mallox-ransomware

Doubling Down on Trusted Partnerships: Our Commitment to Researchers (22 okt) https://www.whitehouse.gov/oncd/briefing-room/2024/10/22/doubling-down-on-trusted-partnerships-our-commitment-to-researchers/

Threat Spotlight: WarmCookie/BadSpace (23 okt) https://blog.talosintelligence.com/warmcookie-analysis

Scattered Spider x RansomHub: A New Partnership (24 okt) https://www.reliaquest.com/blog/scattered-spider-x-ransomhub-a-new-partnership

Cloud Malware: A Threat Hunter’s Guide to Analysis, Techniques and Delivery (24 okt) https://www.sentinelone.com/labs/cloud-malware-a-threat-hunters-guide-to-analysis-techniques-and-delivery

AWS’s Predictable Bucket Names Make Accounts Easier to Crack (24 okt) https://www.darkreading.com/threat-intelligence/aws-cdk-default-s3-bucket-naming-pattern-lets-adversaries-waltz-into-admin-access

The Real Monsters of Street Level Surveillance (25 okt) https://www.eff.org/deeplinks/2024/10/real-monsters-street-level-surveillance

Two currently (old) exploited Ivanti vulnerabilities (27 okt) https://isc.sans.edu/diary/Two%20currently%20%28old%29%20exploited%20Ivanti%20vulnerabilities/31384

CloudScout: Evasive Panda Scouting Cloud Services (28 okt) https://www.welivesecurity.com/en/eset-research/cloudscout-evasive-panda-scouting-cloud-services/

New tool bypasses Google Chrome’s new cookie encryption system (28 okt) https://www.bleepingcomputer.com/news/security/new-tool-bypasses-google-chromes-new-cookie-encryption-system/

Anatomy of an LLM RCE (28 okt) https://www.cyberark.com/resources/threat-research-blog/anatomy-of-an-llm-rce

Self-contained HTML phishing attachment using Telegram to exfiltrate stolen credentials (28 okt) https://isc.sans.edu/diary/Self-contained%20HTML%20phishing%20attachment%20using%20Telegram%20to%20exfiltrate%20stolen%20credentials/31388

Announcing General Availability of Inbound SMTP DANE with DNSSEC for Exchange Online (28 okt) https://techcommunity.microsoft.com/t5/exchange-team-blog/announcing-general-availability-of-inbound-smtp-dane-with-dnssec/ba-p/4281292

Report: Unveiling the Persistent Risks of Connected Medical Devices (29 okt) https://www.forescout.com/resources/iomt-persistent-risk-report/

New Research Reveals Spectre Vulnerability Persists in Latest AMD and Intel Processors (29 okt) https://thehackernews.com/2024/10/new-research-reveals-spectre.html

Lumma/Amadey: fake CAPTCHAs want to know if you’re human (29 okt) https://securelist.com/fake-captcha-delivers-lumma-amadey/114312/

Jumpy Pisces Engages in Play Ransomware (30 okt) https://unit42.paloaltonetworks.com/north-korean-threat-group-play-ransomware/

Three quarters of businesses report increase in cyberattacks (30 okt) https://www.rte.ie/news/business/2024/1030/1478040-cyber-attacks-survey/

Hackers Exploit Microsoft Teams In New Ransomware Scam (30 okt) https://www.forbes.com/sites/larsdaniel/2024/10/30/this-halloween-beware-the-pig-butcher/?

CERT-SE i veckan

CERT-SE används i bedrägeriförsök (28 okt) https://www.cert.se/2024/10/cert-se-anvands-i-bedrageriforsok.html

Uppdaterad - Kritisk sårbarhet i Fortinet FortiManager utnyttjas aktivt (31 okt) https://www.cert.se/2024/10/bm24-005-kritisk-sarbarhet-i-fortinet-FortiManager-utnyttjas-aktivt.html