CERT-SE:s veckobrev v.14

Veckobrev

Blandade nyheter från veckan som gått. Nästa vecka är det patchtisdag och CERT-SE rekommenderar att kontinuerligt installera säkerhetsuppdateringar så snart som möjligt när de görs tillgängliga.

Trevlig helg!

Nyheter i veckan

Oracle Health breach compromises patient data at US hospitals (28 mar) https://www.bleepingcomputer.com/news/security/oracle-health-breach-compromises-patient-data-at-us-hospitals

Cyber-crew claims it cracked American cableco, releases terrible music video to prove it (28 mar) https://www.theregister.com/2025/03/28/arkana_wow_ransomware

FBI investigating cyberattack at Oracle, Bloomberg News reports (29 mar) https://www.reuters.com/technology/fbi-investigating-cyberattack-oracle-bloomberg-news-reports-2025-03-28

Hackers Used Weaponized Zoom Installer to Gain RDP Access & Deploy BlackSuit Ransomware (31 mars) https://cybersecuritynews.com/hackers-used-weaponized-zoom-installer

EU satsar miljarder på kritisk teknik (31 mar) https://computersweden.se/article/3950438/eu-satsar-miljarder-pa-kritisk-teknik.html

Apple updates all its operating systems, brings Apple Intelligence to Vision Pro (31 mar) https://arstechnica.com/gadgets/2025/03/apple-updates-all-its-operating-systems-brings-apple-intelligence-to-vision-pro

Hackers abuse WordPress MU-Plugins to hide malicious code (31 mar) https://www.bleepingcomputer.com/news/security/hackers-abuse-wordpress-mu-plugins-to-hide-malicious-code

Phishing platform ‘Lucid’ behind wave of iOS, Android SMS attacks (31 mar) https://www.bleepingcomputer.com/news/security/phishing-platform-lucid-behind-wave-of-ios-android-sms-attacks

Hacker Leaks Samsung Customer Data (31 mar) https://www.securityweek.com/hacker-leaks-samsung-customer-data

Oracle Cloud Users Urged to Take Action (31 mar) https://www.darkreading.com/application-security/oracle-cloud-users-urged-take-action

Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp (31 mar) https://thehackernews.com/2025/03/russian-hackers-exploit-cve-2025-26633.html ..
CVE-2025-26633: How Water Gamayun Weaponizes MUIPath using MSC EvilTwin https://www.trendmicro.com/en_us/research/25/c/cve-2025-26633-water-gamayun.html

Check Point confirms breach, but says it was ‘old’ data and crook made ‘false’ claims (31 mar) https://www.theregister.com/2025/03/31/check_point_confirms_breach

Analyzing New HijackLoader Evasion Tactics (31 mar) https://www.zscaler.com/blogs/security-research/analyzing-new-hijackloader-evasion-tactics

Phishing platform ‘Lucid’ behind wave of iOS, Android SMS attacks (31 mar) https://www.bleepingcomputer.com/news/security/phishing-platform-lucid-behind-wave-of-ios-android-sms-attacks

Man charged over Network Rail terror message hack (1 apr) https://www.bbc.com/news/articles/cp915kp47dko

5 Companies That Have Suffered Data Breaches – And Paid the Price (1 apr) https://tech.co/news/5-companies-data-breaches-paid-price

Cybercriminals Expand Use of Lookalike Domains in Email Attacks (1 apr) https://www.infosecurity-magazine.com/news/criminals-lookalike-domains-email

Security risks found in popular Holy Stone drone models (1 apr) https://dronedj.com/2025/04/01/holy-stone-drone-security-risk

Nearly 24,000 IPs Target PAN-OS GlobalProtect in Coordinated Login Scan Campaign (1 apr) https://thehackernews.com/2025/04/nearly-24000-ips-target-pan-os.html

Canon Printer Flaw Enables Remote Code Execution (1 apr) https://www.govinfosecurity.com/canon-printer-flaw-enables-remote-code-execution-a-27894

EU Commission to propose expanding the role of pan-European police agency Europol (1 apr) https://www.reuters.com/world/europe/eu-commission-propose-expanding-role-pan-european-police-agency-europol-2025-04-01

UK sets out new cyber reporting requirements for critical infrastructure (1 apr) https://therecord.media/uk-sets-out-cyber-reporting-requirements-critical-infrastructure

As CISA Downsizes, Where Can Enterprises Get Support? (1 apr) https://www.darkreading.com/cybersecurity-operations/roundtable-cisa-downsizes-where-can-enterprises-look-support

Hackers Could Unleash Chaos Through Backdoor in China-Made Robot Dogs (1 apr) https://www.securityweek.com/undocumented-remote-access-backdoor-found-in-unitree-go1-robot-dog

Explosion av ”deepfake”-försök mot finansbolag (1 apr) https://www.di.se/digital/explosion-av-deepfake-forsok-mot-finansbolag

Hackers Leverage Microsoft Teams Message to Drop Malicious Payload (2 apr) https://cybersecuritynews.com/hackers-leverage-microsoft-teams

X Breach: Here’s what hackers can do with the leaked information (2 apr) https://mashable.com/article/x-breach-data-leak-what-can-hackers-do

NETSCOUT Reports DDoS Attacks Targeting Critical Infrastructure Play a Dominant Role in Geopolitical Conflicts (2 apr) https://www.businesswire.com/news/home/20250402344938/en/NETSCOUT-Reports-DDoS-Attacks-Targeting-Critical-Infrastructure-Play-a-Dominant-Role-in-Geopolitical-Conflicts

Royal Mail investigates data leak claims, no impact on operations (2 apr) https://www.bleepingcomputer.com/news/security/royal-mail-investigates-data-leak-claims-no-impact-on-operations

Prince Ransomware – An Open Source Ransomware Builder That Automatically Build Ransomware Freely Available in GitHub (3 apr) https://cybersecuritynews.com/prince-ransomware-an-open-source-ransomware-builder

Forskare: Skolan dålig på att lära ut digital kompetens (3 apr) https://computersweden.se/article/3953279/forskare-skolan-dalig-pa-att-lara-ut-digital-kompetens.html

Triada Malware Preloaded on Counterfeit Android Phones Infects 2,600+ Devices (3 apr) https://thehackernews.com/2025/04/triada-malware-preloaded-on-counterfeit.html

Github upptäckte 39 miljoner läckta uppgifter under förra året (3 apr) https://computersweden.se/article/3953390/github-upptackte-39-miljoner-lackta-uppgifter-under-forra-aret.html ..
GitHub found 39M secret leaks in 2024. Here’s what we’re doing to help https://github.blog/security/application-security/next-evolution-github-advanced-security

Oracle erkänner att hackare kommit över inloggningsuppgifter (3 apr) https://computersweden.se/article/3953359/oracle-erkanner-att-hackare-kommit-over-inloggningsuppgifter.html

EU-støtte til cybersikkerhet i Norge (3 apr) https://nsm.no/aktuelt/eu-stotte-til-cybersikkerhet-i-norge

Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457) (3 apr) https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-exploiting-critical-ivanti-vulnerability

Lansering av Sveriges nationella strategi för cybersäkerhet 2025–2029 (3 apr) https://www.ncsc.se/sv/aktuellt/nationell-cybersakerhetsstrategi ..
En ny era av cybersäkerhet - Nationell strategi för cybersäkerhet 2025-2029 (20 mars) https://www.regeringen.se/informationsmaterial/2025/03/nationell-strategi-for-cybersakerhet-2025-2029

Rapporter och analyser

CISA Releases Malware Analysis Report on RESURGE Malware Associated with Ivanti Connect Secure (28 mar) https://www.cisa.gov/news-events/alerts/2025/03/28/cisa-releases-malware-analysis-report-resurge-malware-associated-ivanti-connect-secure

The Espionage Toolkit of Earth Alux: A Closer Look at its Advanced Techniques (31 mar) https://www.trendmicro.com/en_us/research/25/c/the-espionage-toolkit-of-earth-alux.html

Analyzing open-source bootloaders: Finding vulnerabilities faster with AI (31 mar) https://www.microsoft.com/en-us/security/blog/2025/03/31/analyzing-open-source-bootloaders-finding-vulnerabilities-faster-with-ai

Evolution of Sophisticated Phishing Tactics: The QR Code Phenomenon (1 apr) https://unit42.paloaltonetworks.com/qr-code-phishing

ANALYS: Cyberattacker mer svårupptäckta och riktar sig mot utvecklare (1 apr) https://www.aktuellsakerhet.se/analys-cyberattacker-mer-svarupptackta-och-riktar-sig-mot-utvecklare

Fast Flux: A National Security Threat (3 apr) https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-093a

Informationssäkerhet och blandat

A Tale of Two Phishing Sites (28 mar) https://isc.sans.edu/diary/31810

KnowBe4 Report Finds Polymorphic Phishing Features Present in 76.4% of Campaigns (31 mar) https://informationsecuritybuzz.com/knowbe4-report-fi-polymorphic-phishing

Surge in Palo Alto Networks Scanner Activity Indicates Possible Upcoming Threats (31 mar) https://www.greynoise.io/blog/surge-palo-alto-networks-scanner-activity

Weekly Recap: Chrome 0-Day, IngressNightmare, Solar Bugs, DNS Tactics, and More (31 mar) https://thehackernews.com/2025/03/weekly-recap-chrome-0-day.html

Analyzing New HijackLoader Evasion Tactics (31 mar) https://www.zscaler.com/blogs/security-research/analyzing-new-hijackloader-evasion-tactics

Säkerhetskollen: Varning för bedrägerier i deklarationstider (1 apr) https://sakerhetskollen.se/aktuella-brott/varning-for-bedragerier-i-deklarationstider-2

Cyber Security and Resilience Policy Statement to strengthen regulation of critical sectors (1 apr) https://www.ncsc.gov.uk/blog-post/cyber-security-resilience-bill-policy-statement

How to defend against a password spraying attack? (2 apr) https://securityboulevard.com/2025/04/how-to-defend-against-a-password-spraying-attack

iPhones Aren’t Breach-Proof: Debunking the Myth of iOS Security (2 apr) https://solcyber.com/iphones-arent-breach-proof-debunking-the-myth-of-ios-security

Hacking the Call Records of Millions of Americans (2 apr) https://evanconnelly.github.io/post/hacking-call-records

Celebrate 50 years of Microsoft with the company’s original source code (2 apr) https://www.gatesnotes.com/meet-bill/source-code/reader/microsoft-original-source-code

Cybercriminals exfiltrate data in just three days (3 apr) https://www.helpnetsecurity.com/2025/04/03/breach-median-time

CERT-SE i veckan

Kritisk sårbarhet i Ivanti-produkter utnyttjas aktivt (4 apr) https://www.cert.se/2025/04/kritisk-sarbarhet-i-ivanti-produkter-utnyttjas-aktivt.html

Kritisk sårbarhet i CrushFTP (2 apr) https://www.cert.se/2025/03/kritisk-sarbarhet-i-crushftp.html

Kritisk sårbarhet i Ivanti Connect Secure, Policy Secure och ZTA Gateways (publicerad 9 jan, uppdaterad 1 apr) https://www.cert.se/2025/01/kritisk-sarbarhet-ivanti-connect-secure-policy-secure-och-zta-gateways.html

Kritisk sårbarhet i Cisco Smart Licensing Utility (1 apr) https://www.cert.se/2025/04/kritisk-sarbarhet-i-cisco-smart-licensing-utility.html