CERT-SE:s veckobrev v.9

Här hittar du blandade nyheter, rapporter och inlägg från veckan som gått.

Vi vill tipsa om FRA:s årsrapport för 2024: Utmanande och komplex hotbild

Trevlig helg önskar CERT-SE!

CertCTF

Testa dina kunskaper inom digital forensik och incidentrespons under CertCTF, en tävling där du får utreda en IT-attack som skett mot en fiktiv tandvårdsklinik.

Tävlingen är skapad av två studenter i samarbete med CERT-SE och pågår 22-23 mars. Syftet är att undersöka om tävlingsformatet CTF kan användas vid rekryteringsprocesser för att mäta teknisk kompetens.

https://certctf.se

Nyheter i veckan

US authorities warn Ghost ransomware leverages older CVEs (20 feb) https://www.cybersecuritydive.com/news/CISA-FBI-ghost-ransomware-cve/740505/

Apple pulls iCloud end-to-end encryption feature for UK users after government demanded backdoor (21 feb) https://techcrunch.com/2025/02/21/apple-pulls-icloud-end-to-end-encryption-feature-for-uk-users-after-government-demanded-backdoor/

Crypto exchange Bybit says it was hacked and lost around $1.4B (21 feb) https://techcrunch.com/2025/02/21/crypto-exchange-bybit-says-it-was-hacked-and-lost-around-1-4-billion/

Leaked Files Tie Chinese Cybersecurity Firm to Government Censorship (21 feb) https://hackread.com/leaked-files-chinese-cybersecurity-firm-govt-censorship/

Vasaloppets vd hackad – varnar för utskickade mejl (21 feb) https://www.expressen.se/sport/langdskidor/vasaloppets-vd-hackad-varnar-for-utskickade-mejl/

Experts race to extract intel from Black Basta internal chat leaks (21 feb) https://www.theregister.com/2025/02/21/experts_race_to_extract_intel/

Hackergrupp säljer skyddade personuppgifter på auktion (22 feb) https://www.sverigesradio.se/artikel/hackergrupp-saljer-skyddade-personuppgifter-pa-auktion

Fake CS2 tournament streams used to steal crypto, Steam accounts (22 feb) https://www.bleepingcomputer.com/news/security/fake-cs2-tournament-streams-used-to-steal-crypto-steam-accounts/

Trump 2.0 Brings Cuts to Cyber, Consumer Protections (23 feb) https://krebsonsecurity.com/2025/02/trump-2-0-brings-cuts-to-cyber-consumer-protections

Australien förbjuder myndigheter att använda Kaspersky-produkter (24 feb) https://computersweden.se/article/3831203/australien-forbjuder-myndigheter-att-anvanda-kaspersky-produkter.html

Thailand Targets Cyber Sweatshops to Free 1,000s of Captives (24 feb) https://www.darkreading.com/cyber-risk/thailand-cyber-sweatshops-free-captives

Tearing Down (Sonic)Walls: Decrypting SonicOSX Firmware (24 feb) https://bishopfox.com/blog/sonicwall-decrypting-sonicosx-firmware

Signal lämnar Sverige om regeringens förslag på datalagring klubbas (25 feb) https://www.svt.se/nyheter/inrikes/signal-lamnar-sverige-om-regeringens-forslag-pa-datalagring-klubbas

..

Swedish authorities seek backdoor to encrypted messaging apps (25 feb) https://therecord.media/sweden-seeks-backdoor-access-to-messaging-apps

Orange Group confirms breach after hacker leaks company documents (25 feb) https://www.bleepingcomputer.com/news/security/orange-group-confirms-breach-after-hacker-leaks-company-documents/

Silver Fox APT Hides ValleyRAT in Trojanized Medical Imaging Software (25 feb) https://hackread.com/silver-fox-apt-valleyrat-trojanized-medical-imaging-software/

​​2025 Unit 42 Incident Response Report — Attacks Shift to Disruption (25 feb) https://www.paloaltonetworks.com/blog/2025/02/incident-response-report-attacks-shift-disruption/

Commission launches new cybersecurity blueprint to enhance EU cyber crisis co-ordination (26 feb) https://www.eureporter.co/defence/cyber-security/2025/02/26/commission-launches-new-cybersecurity-blueprint-to-enhance-eu-cyber-crisis-co-ordination/

Australian IVF giant Genea breached by Termite ransomware gang (26 feb) https://www.bleepingcomputer.com/news/security/australian-ivf-giant-genea-breached-by-termite-ransomware-gang/

3.3 Million People Impacted by DISA Data Breach (26 feb) https://www.securityweek.com/3-3-million-people-impacted-by-disa-data-breach/

US Background Check Firm Data Breach Exposes 3.3M Records (26 feb) https://hackread.com/us-background-check-firm-data-breach-exposes-records/

25 Years On, Active Directory Is Still a Prime Attack Target (24 feb) https://www.darkreading.com/identity-access-management-security/25-years-active-directory-prime-attack-target

A sober look at the recent DOGE cuts at CISA (26 feb) https://www.scworld.com/perspective/a-sober-look-at-the-recent-cuts-at-cisa

Water Utility Co. Still Paying the Breach Price a Year Later (26 feb) https://www.darkreading.com/cyberattacks-data-breaches/water-utility-paying-breach-price-year-later

Is your email or password among the 240+ million compromised by infostealers? (26 feb) https://www.helpnetsecurity.com/2025/02/26/240-million-login-credentials-passwords-compromised-by-infostealers/

..

Have I Been Pwned Added 284 Million Accounts Stolen by Information Stealer Malware (26 feb) https://cybersecuritynews.com/have-i-been-pwned-added-284-million-accounts-stolen/

FBI: Nordkorea stal kryptovaluta för miljarder (27 feb) https://www.sverigesradio.se/artikel/fbi-nordkorea-stal-kryptovaluta-for-miljarder

..

FBI confirms Lazarus hackers were behind $1.5B Bybit crypto heist (27 feb) https://www.bleepingcomputer.com/news/security/fbi-confirms-lazarus-hackers-were-behind-15b-bybit-crypto-heist/

Authorities Arrested Hackers Behind 90 Data Leaks Worldwide (27 feb) https://cybersecuritynews.com/hackers-behind-90-data-leaks-worldwide/

Fortnox varnar för bluff-sms (28 feb) https://sakerhetskollen.se/aktuella-brott/fortnox-varnar-for-bluff-sms

FRA: Fler hot riktas mot Sverige (28 feb) https://www.sydsvenskan.se/2025-02-28/fra-fler-hot-riktas-mot-sverige/

Rapporter och analyser

Weathering the storm: In the midst of a Typhoon (20 feb) https://blog.talosintelligence.com/salt-typhoon-analysis

Updated Shadowpad Malware Leads to Ransomware Deployment (20 feb) https://www.trendmicro.com/en_sg/research/25/b/updated-shadowpad-malware-leads-to-ransomware-deployment.html

Cyber Criminals Using URL Tricks to Deceive Users (21 feb) https://blog.checkpoint.com/cyber-criminals-using-url-tricks-to-deceive-users/

Investigating LLM Jailbreaking of Popular Generative AI Web Products (21 feb) https://unit42.paloaltonetworks.com/jailbreaking-generative-ai-web-products/

Proofpoint Research: 2024 Account Takeover Statistics (21 feb) https://www.proofpoint.com/us/blog/threat-insight/account-takeover-statistics

How cybercriminals weaponize artificial intelligence (23 feb) https://cybernews.com/security/ai-malware-pioneers/

Exposing CVEs from Black Bastas’ Chats (23 feb) https://vulncheck.com/blog/black-basta-chats

Silent Killers: Unmasking a Large-Scale Legacy Driver Exploitation Campaign (24 feb) https://research.checkpoint.com/2025/large-scale-exploitation-of-legacy-driver/

Hackers Exploited Confluence Server Vulnerability To Deploy LockBit Ransomware (24 feb) https://cybersecuritynews.com/hackers-exploited-confluence-server-to-deploy-lockbit/

New Malware Campaign Uses Cracked Software to Spread Lumma and ACR Stealer (24 feb) https://thehackernews.com/2025/02/new-malware-campaign-uses-cracked.html

Check point research 24th February – Threat Intelligence Report (24 feb) https://research.checkpoint.com/2025/24th-february-threat-intelligence-report/

GitVenom Malware Steals $456K in Bitcoin Using Fake GitHub Projects to Hijack Wallets (25 feb) https://thehackernews.com/2025/02/gitvenom-malware-steals-456k-in-bitcoin.html

CERT-EU - Threat Landscape Report 2024 (25 feb) https://cert.europa.eu/publications/threat-intelligence/tlr2024/pdf

CrowdStrike 2025 - Global Threat Report https://www.crowdstrike.com/en-us/global-threat-report/

FRA årsrapport 2024: Utmanande och komplex hotbild (28 feb) https://fra.se/nyheter/nyheter/nyhetsarkiv/news/arsrapportenfor2024publicerad.5.766e440918f572e7335197.html

Informationssäkerhet och blandat

Guard your Codebase: Practical Steps and Tools to Prevent Malicious Code (19 feb) https://apiiro.com/blog/guard-your-codebase-practical-steps-and-tools-to-prevent-malicious-code/

ENISA Threat Landscape: Finance Sector (21 feb) https://www.enisa.europa.eu/publications/enisa-threat-landscape-finance-sector

PayPal “New Address” feature abused to send phishing emails (22 feb) https://www.bleepingcomputer.com/news/security/beware-paypal-new-address-feature-abused-to-send-phishing-emails/

Google Confirms Gmail To Ditch SMS Code Authentication (23 feb) https://www.forbes.com/sites/daveywinder/2025/02/23/google-confirms-gmail-to-ditch-sms-code-authentication/

Humanoida robotar kliver allt närmare arbetsplatserna (24 feb) https://computersweden.se/article/3830303/ai-humanoida-robotar-narmar-sig-arbetsstyrkan.html

Stablecoin Bank Hacked – Hackers Stolen $49.5M in Attack (24 feb) https://cybersecuritynews.com/hackers-stolen-49-5m-in-attack/

Massive botnet hits Microsoft 365 accounts (24 feb) https://www.helpnetsecurity.com/2025/02/24/botnet-hits-microsoft-365-accounts

Svårt för svenska chefer att hantera cyberhotet (24 feb) https://computersweden.se/article/3831183/svart-for-svenska-chefer-att-hantera-cyberhotet.html

Hur får man tillbaka förtroendet efter en cyberincident? (25 feb) https://computersweden.se/article/3831374/hur-cisoer-kan-ateruppbygga-fortroendet-efter-en-sakerhetsincident.html

Tusen artister släpper tyst album i protest mot AI-skapad musik (25 feb) https://computersweden.se/article/3832458/tusen-artister-slapper-tyst-album-i-protest-mot-ai-skapad-musik.html

Firefox continues Manifest V2 support as Chrome disables MV2 ad-blockers (25 feb) https://www.bleepingcomputer.com/news/security/firefox-continues-manifest-v2-support-as-chrome-disables-mv2-ad-blockers/

New Auto-Color Linux backdoor targets North American govts, universities (25 feb) https://www.bleepingcomputer.com/news/security/new-auto-color-linux-backdoor-targets-north-american-govts-universities/

Geopolitical Tension Fuels APT and Hacktivism Surge (26 feb) https://www.infosecurity-magazine.com/news/geopolitical-tension-fuels-apt/

Commission launches new cybersecurity blueprint to enhance EU cyber crisis co-ordination (26 feb) https://www.eureporter.co/defence/cyber-security/2025/02/26/commission-launches-new-cybersecurity-blueprint-to-enhance-eu-cyber-crisis-co-ordination/

Healthcare Malware Hunt, Part 1: Silver Fox APT Targets Philips DICOM Viewers (25 feb) https://www.forescout.com/blog/healthcare-malware-hunt-part-1-silver-fox-apt-targets-philips-dicom-viewers/

The Burn Notice, Part 1/5 — Revealing Shadow Copilots (25 feb) https://medium.com/@attias.dor/the-burn-notice-part-1-5-revealing-shadow-copilots-812def588a7a

Only a Fifth of Ransomware Attacks Now Encrypt Data (25 feb) https://www.infosecurity-magazine.com/news/only-fifth-ransomware-attacks/

NCC Group tracks alarming ransomware surge in January (26 feb) https://www.techtarget.com/searchsecurity/news/366619510/NCC-Group-tracks-alarming-ransomware-surge-in-January

How nice that state-of-the-art LLMs reveal their reasoning … for miscreants to exploit (25 feb) https://www.theregister.com/2025/02/25/chain_of_thought_jailbreaking/?td=rt-3a

Siberia’s largest dairy plant reportedly disrupted with LockBit variant (25 feb) https://therecord.media/siberia-dairy-plant-cyberattack-lockbit-variant

Malware variants that target operational tech systems are very rare – but 2 were found last year (25 feb) https://www.theregister.com/2025/02/25/new_ics_malware_dragos/?td=keepreading

CERT-SE i veckan

Säkerhetsbrister rättas i Unix/Linux-verktyget rsync (uppdaterad 27 feb) https://www.cert.se/2025/01/sarbarheter-rattas-i-rsync.html

Kritisk sårbarhet i F5 Networks-produkter (24 feb) https://www.cert.se/2025/02/kritisk-sarbarhet-i-f5-networks-produkter.html

Flera kritiska sårbarheter i Atlassian-produkter (24 feb) https://www.cert.se/2025/02/flera-kritiska-sarbarheter-i-atlassian-produkter.html