CERT-SE:s veckobrev v.14
Blandade nyheter från veckan som gått. Nästa vecka är det patchtisdag och CERT-SE rekommenderar att kontinuerligt installera säkerhetsuppdateringar så snart som möjligt när de görs tillgängliga.
Trevlig helg!
Nyheter i veckan
Oracle Health breach compromises patient data at US hospitals (28 mar) https://www.bleepingcomputer.com/news/security/oracle-health-breach-compromises-patient-data-at-us-hospitals
Cyber-crew claims it cracked American cableco, releases terrible music video to prove it (28 mar) https://www.theregister.com/2025/03/28/arkana_wow_ransomware
FBI investigating cyberattack at Oracle, Bloomberg News reports (29 mar) https://www.reuters.com/technology/fbi-investigating-cyberattack-oracle-bloomberg-news-reports-2025-03-28
Hackers Used Weaponized Zoom Installer to Gain RDP Access & Deploy BlackSuit Ransomware (31 mars) https://cybersecuritynews.com/hackers-used-weaponized-zoom-installer
EU satsar miljarder på kritisk teknik (31 mar) https://computersweden.se/article/3950438/eu-satsar-miljarder-pa-kritisk-teknik.html
Apple updates all its operating systems, brings Apple Intelligence to Vision Pro (31 mar) https://arstechnica.com/gadgets/2025/03/apple-updates-all-its-operating-systems-brings-apple-intelligence-to-vision-pro
Hackers abuse WordPress MU-Plugins to hide malicious code (31 mar) https://www.bleepingcomputer.com/news/security/hackers-abuse-wordpress-mu-plugins-to-hide-malicious-code
Phishing platform ‘Lucid’ behind wave of iOS, Android SMS attacks (31 mar) https://www.bleepingcomputer.com/news/security/phishing-platform-lucid-behind-wave-of-ios-android-sms-attacks
Hacker Leaks Samsung Customer Data (31 mar) https://www.securityweek.com/hacker-leaks-samsung-customer-data
Oracle Cloud Users Urged to Take Action (31 mar) https://www.darkreading.com/application-security/oracle-cloud-users-urged-take-action
Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp (31 mar)
https://thehackernews.com/2025/03/russian-hackers-exploit-cve-2025-26633.html
..
CVE-2025-26633: How Water Gamayun Weaponizes MUIPath using MSC EvilTwin
https://www.trendmicro.com/en_us/research/25/c/cve-2025-26633-water-gamayun.html
Check Point confirms breach, but says it was ‘old’ data and crook made ‘false’ claims (31 mar) https://www.theregister.com/2025/03/31/check_point_confirms_breach
Analyzing New HijackLoader Evasion Tactics (31 mar) https://www.zscaler.com/blogs/security-research/analyzing-new-hijackloader-evasion-tactics
Phishing platform ‘Lucid’ behind wave of iOS, Android SMS attacks (31 mar) https://www.bleepingcomputer.com/news/security/phishing-platform-lucid-behind-wave-of-ios-android-sms-attacks
Man charged over Network Rail terror message hack (1 apr) https://www.bbc.com/news/articles/cp915kp47dko
5 Companies That Have Suffered Data Breaches – And Paid the Price (1 apr) https://tech.co/news/5-companies-data-breaches-paid-price
Cybercriminals Expand Use of Lookalike Domains in Email Attacks (1 apr) https://www.infosecurity-magazine.com/news/criminals-lookalike-domains-email
Security risks found in popular Holy Stone drone models (1 apr) https://dronedj.com/2025/04/01/holy-stone-drone-security-risk
Nearly 24,000 IPs Target PAN-OS GlobalProtect in Coordinated Login Scan Campaign (1 apr) https://thehackernews.com/2025/04/nearly-24000-ips-target-pan-os.html
Canon Printer Flaw Enables Remote Code Execution (1 apr) https://www.govinfosecurity.com/canon-printer-flaw-enables-remote-code-execution-a-27894
EU Commission to propose expanding the role of pan-European police agency Europol (1 apr) https://www.reuters.com/world/europe/eu-commission-propose-expanding-role-pan-european-police-agency-europol-2025-04-01
UK sets out new cyber reporting requirements for critical infrastructure (1 apr) https://therecord.media/uk-sets-out-cyber-reporting-requirements-critical-infrastructure
As CISA Downsizes, Where Can Enterprises Get Support? (1 apr) https://www.darkreading.com/cybersecurity-operations/roundtable-cisa-downsizes-where-can-enterprises-look-support
Hackers Could Unleash Chaos Through Backdoor in China-Made Robot Dogs (1 apr) https://www.securityweek.com/undocumented-remote-access-backdoor-found-in-unitree-go1-robot-dog
Explosion av ”deepfake”-försök mot finansbolag (1 apr) https://www.di.se/digital/explosion-av-deepfake-forsok-mot-finansbolag
Hackers Leverage Microsoft Teams Message to Drop Malicious Payload (2 apr) https://cybersecuritynews.com/hackers-leverage-microsoft-teams
X Breach: Here’s what hackers can do with the leaked information (2 apr) https://mashable.com/article/x-breach-data-leak-what-can-hackers-do
NETSCOUT Reports DDoS Attacks Targeting Critical Infrastructure Play a Dominant Role in Geopolitical Conflicts (2 apr) https://www.businesswire.com/news/home/20250402344938/en/NETSCOUT-Reports-DDoS-Attacks-Targeting-Critical-Infrastructure-Play-a-Dominant-Role-in-Geopolitical-Conflicts
Royal Mail investigates data leak claims, no impact on operations (2 apr) https://www.bleepingcomputer.com/news/security/royal-mail-investigates-data-leak-claims-no-impact-on-operations
Prince Ransomware – An Open Source Ransomware Builder That Automatically Build Ransomware Freely Available in GitHub (3 apr) https://cybersecuritynews.com/prince-ransomware-an-open-source-ransomware-builder
Forskare: Skolan dålig på att lära ut digital kompetens (3 apr) https://computersweden.se/article/3953279/forskare-skolan-dalig-pa-att-lara-ut-digital-kompetens.html
Triada Malware Preloaded on Counterfeit Android Phones Infects 2,600+ Devices (3 apr) https://thehackernews.com/2025/04/triada-malware-preloaded-on-counterfeit.html
Github upptäckte 39 miljoner läckta uppgifter under förra året (3 apr)
https://computersweden.se/article/3953390/github-upptackte-39-miljoner-lackta-uppgifter-under-forra-aret.html
..
GitHub found 39M secret leaks in 2024. Here’s what we’re doing to help
https://github.blog/security/application-security/next-evolution-github-advanced-security
Oracle erkänner att hackare kommit över inloggningsuppgifter (3 apr) https://computersweden.se/article/3953359/oracle-erkanner-att-hackare-kommit-over-inloggningsuppgifter.html
EU-støtte til cybersikkerhet i Norge (3 apr) https://nsm.no/aktuelt/eu-stotte-til-cybersikkerhet-i-norge
Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457) (3 apr) https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-exploiting-critical-ivanti-vulnerability
Lansering av Sveriges nationella strategi för cybersäkerhet 2025–2029 (3 apr)
https://www.ncsc.se/sv/aktuellt/nationell-cybersakerhetsstrategi
..
En ny era av cybersäkerhet - Nationell strategi för cybersäkerhet 2025-2029 (20 mars)
https://www.regeringen.se/informationsmaterial/2025/03/nationell-strategi-for-cybersakerhet-2025-2029
Rapporter och analyser
CISA Releases Malware Analysis Report on RESURGE Malware Associated with Ivanti Connect Secure (28 mar) https://www.cisa.gov/news-events/alerts/2025/03/28/cisa-releases-malware-analysis-report-resurge-malware-associated-ivanti-connect-secure
The Espionage Toolkit of Earth Alux: A Closer Look at its Advanced Techniques (31 mar) https://www.trendmicro.com/en_us/research/25/c/the-espionage-toolkit-of-earth-alux.html
Analyzing open-source bootloaders: Finding vulnerabilities faster with AI (31 mar) https://www.microsoft.com/en-us/security/blog/2025/03/31/analyzing-open-source-bootloaders-finding-vulnerabilities-faster-with-ai
Evolution of Sophisticated Phishing Tactics: The QR Code Phenomenon (1 apr) https://unit42.paloaltonetworks.com/qr-code-phishing
ANALYS: Cyberattacker mer svårupptäckta och riktar sig mot utvecklare (1 apr) https://www.aktuellsakerhet.se/analys-cyberattacker-mer-svarupptackta-och-riktar-sig-mot-utvecklare
Fast Flux: A National Security Threat (3 apr) https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-093a
Informationssäkerhet och blandat
A Tale of Two Phishing Sites (28 mar) https://isc.sans.edu/diary/31810
KnowBe4 Report Finds Polymorphic Phishing Features Present in 76.4% of Campaigns (31 mar) https://informationsecuritybuzz.com/knowbe4-report-fi-polymorphic-phishing
Surge in Palo Alto Networks Scanner Activity Indicates Possible Upcoming Threats (31 mar) https://www.greynoise.io/blog/surge-palo-alto-networks-scanner-activity
Weekly Recap: Chrome 0-Day, IngressNightmare, Solar Bugs, DNS Tactics, and More (31 mar) https://thehackernews.com/2025/03/weekly-recap-chrome-0-day.html
Analyzing New HijackLoader Evasion Tactics (31 mar) https://www.zscaler.com/blogs/security-research/analyzing-new-hijackloader-evasion-tactics
Säkerhetskollen: Varning för bedrägerier i deklarationstider (1 apr) https://sakerhetskollen.se/aktuella-brott/varning-for-bedragerier-i-deklarationstider-2
Cyber Security and Resilience Policy Statement to strengthen regulation of critical sectors (1 apr) https://www.ncsc.gov.uk/blog-post/cyber-security-resilience-bill-policy-statement
How to defend against a password spraying attack? (2 apr) https://securityboulevard.com/2025/04/how-to-defend-against-a-password-spraying-attack
iPhones Aren’t Breach-Proof: Debunking the Myth of iOS Security (2 apr) https://solcyber.com/iphones-arent-breach-proof-debunking-the-myth-of-ios-security
Hacking the Call Records of Millions of Americans (2 apr) https://evanconnelly.github.io/post/hacking-call-records
Celebrate 50 years of Microsoft with the company’s original source code (2 apr) https://www.gatesnotes.com/meet-bill/source-code/reader/microsoft-original-source-code
Cybercriminals exfiltrate data in just three days (3 apr) https://www.helpnetsecurity.com/2025/04/03/breach-median-time
CERT-SE i veckan
Kritisk sårbarhet i Ivanti-produkter utnyttjas aktivt (4 apr) https://www.cert.se/2025/04/kritisk-sarbarhet-i-ivanti-produkter-utnyttjas-aktivt.html
Kritisk sårbarhet i CrushFTP (2 apr) https://www.cert.se/2025/03/kritisk-sarbarhet-i-crushftp.html
Kritisk sårbarhet i Ivanti Connect Secure, Policy Secure och ZTA Gateways (publicerad 9 jan, uppdaterad 1 apr) https://www.cert.se/2025/01/kritisk-sarbarhet-ivanti-connect-secure-policy-secure-och-zta-gateways.html
Kritisk sårbarhet i Cisco Smart Licensing Utility (1 apr) https://www.cert.se/2025/04/kritisk-sarbarhet-i-cisco-smart-licensing-utility.html