CERT-SE:s veckobrev v.41

Veckobrev

Patchtisdag firar 20 år denna månad! Vi hoppas att detta firas med extra mycket patchning. Titta gärna på de artiklar som vi på CERT-SE publicerat denna vecka med information om kritiska sårbarheter i produkter från flera tillverkare.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

CGenetics firm 23andMe says user data stolen in credential stuffing attack (6 okt)
https://www.bleepingcomputer.com/news/security/genetics-firm-23andme-says-user-data-stolen-in-credential-stuffing-attack/

Manufacturing services tech giant hit with cyberattack (10 okt)
https://therecord.media/manufacturing-giant-hit-with-cyberattack

Air Europa customers urged to cancel cards following hack on payment system (10 okt)
https://therecord.media/air-europa-cyberattack-payment-cards

Finnish websites hit by more cyberattacks (11 okt)
https://yle.fi/a/74-20054766

SEC is investigating MOVEit mass-hack, says Progress Software (11 okt)
https://techcrunch.com/2023/10/11/sec-is-investigating-moveit-mass-hack-says-progress-software/

Manufacturing giant dealing with ‘disruptive’ cyberattack (12 okt)
https://therecord.media/manufacturing-giant-dealing-with-disruptive-cyberattack

Microsoft Defender Thwarts Large-Scale Akira Ransomware Attack (12 okt)
https://thehackernews.com/2023/10/microsoft-defender-thwarts-akira.html

Rapporter och analyser

The Art of Concealment: A New Magecart Campaign That’s Abusing 404 Pages (9 okt)
https://www.akamai.com/blog/security-research/magecart-new-technique-404-pages-skimmer

Patch Now: Massive RCE Campaign Wrangles Routers Into Botnet (9 okt)
https://www.darkreading.com/cloud/patch-now-massive-rce-campaign-d-link-zyxel-botnet

Microsoft Digital Defense Report 2023 (10 okt)
https://www.microsoft.com/en-us/security/security-insider/microsoft-digital-defense-report-2023

StopRansomware: AvosLocker Ransomware (Update) (11 okt)
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-284a

Resurgence of LinkedIn Smart Links Identified in Sizable Credential Phishing Campaign (11 okt)
https://cofense.com/blog/linkedin-smart-links-credential-phishing-campaign/

Hackers will use AI to orchestrate worldwide cyberattacks (12 okt)
https://macleans.ca/society/technology/ai-cyberattacks/

NSA releases a repository of signatures and analytics to secure Operational Technology (12 okt)
https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3554537/nsa-releases-a-repository-of-signatures-and-analytics-to-secure-operational-tec/

Ransomware attacks now target unpatched WS_FTP servers (12 okt)
https://www.bleepingcomputer.com/news/security/ransomware-attacks-now-target-unpatched-ws-ftp-servers/

Phishing, the campaigns that are targeting Italy (12 okt)
https://securityaffairs.com/152372/cyber-crime/phishing-campaigns-targt-italy.html

DarkGate Opens Organizations for Attack via Skype, Teams (12 okt)
https://www.trendmicro.com/en_us/research/23/j/darkgate-opens-organizations-for-attack-via-skype-teams.html

Ransomware Roundup - Akira (12 okt)
https://www.fortinet.com/blog/threat-research/ransomware-roundup-akira

ToddyCat: Keep calm and check logs (12 okt)
https://securelist.com/toddycat-keep-calm-and-check-logs/110696/

Shadow PC warns of data breach as hacker tries to sell gamers’ info (12 okt)
https://www.bleepingcomputer.com/news/security/shadow-pc-warns-of-data-breach-as-hacker-tries-to-sell-gamers-info/

ShellBot Uses Hex IPs to Evade Detection in Attacks on Linux SSH Servers (12 okt)
https://thehackernews.com/2023/10/shellbot-uses-hex-ips-to-evade.html

Informationssäkerhet och blandat

Så fungerar de nya digitala id-korten – bilden förfalskades på några minuter (8 okt)
https://www.dn.se/ekonomi/sa-fungerar-de-nya-digitala-id-korten-bilden-forfalskades-pa-nagra-minuter/

Finlands andra kvantdator invigs – körs i 273 minusgrader (10 okt)
https://svenska.yle.fi/a/7-10043189

CISA, Government, and Industry Partners Publish Fact Sheet for Organizations Using Open Source Software (10 okt)
https://www.cisa.gov/news-events/news/cisa-government-and-industry-partners-publish-fact-sheet-organizations-using-open-source-software

Svenskarna och internet 2023 (10 okt)
https://svenskarnaochinternet.se/rapporter/svenskarna-och-internet-2023/

From chaos to cadence: Celebrating two decades of Microsoft’s Patch Tuesday (11 okt)
https://www.theregister.com/2023/10/11/microsoft_patch_tuesday_turns_20/

Sverige ska få fler cyberexperter – ”finns stort behov” (12 okt)
https://sverigesradio.se/artikel/sverige-ska-fa-fler-cyberexperter-finns-stort-behov

Riksrevisionens rapport om regeringens styrning av samhällets informations- och cybersäkerhet (12 okt)
https://www.regeringen.se/rattsliga-dokument/skrivelse/2023/10/skr.-20232426

Ransomlooker, a new tool to track and analyze ransomware groups’ activities (12 okt)
https://securityaffairs.com/152416/malware/ransomlooker-tool.html

CISA Releases New Resources Identifying Known Exploited Vulnerabilities and Misconfigurations Linked to Ransomware (12 okt)
https://www.cisa.gov/news-events/alerts/2023/10/12/cisa-releases-new-resources-identifying-known-exploited-vulnerabilities-and-misconfigurations-linked

CERT-SE i veckan

Allvarlig sårbarhet i Linuxkomponent (uppdaterad 2023-10-13)

Juniper Networks rättar flera allvarliga sårbarheter

F5 Networks rättar kritisk sårbarhet i BIG-IP

Adobes månatliga säkerhetsuppdateringar för oktober 2023

HTTP2 Rapid Reset: kritisk sårbarhet som kan utnyttjas för stora överbelastningsangrepp

Flera sårbarheter i Citrix Netscaler ADC och Netscaler Gateway

Allvarlig sårbarhet i curl

Microsofts månatliga säkerhetsuppdateringar för oktober 2023