CERT-SE:s veckobrev v.41
Patchtisdag firar 20 år denna månad! Vi hoppas att detta firas med extra mycket patchning. Titta gärna på de artiklar som vi på CERT-SE publicerat denna vecka med information om kritiska sårbarheter i produkter från flera tillverkare.
Trevlig helg önskar CERT-SE!
Nyheter i veckan
CGenetics firm 23andMe says user data stolen in credential stuffing attack (6 okt)
https://www.bleepingcomputer.com/news/security/genetics-firm-23andme-says-user-data-stolen-in-credential-stuffing-attack/
Manufacturing services tech giant hit with cyberattack (10 okt)
https://therecord.media/manufacturing-giant-hit-with-cyberattack
Air Europa customers urged to cancel cards following hack on payment system (10 okt)
https://therecord.media/air-europa-cyberattack-payment-cards
Finnish websites hit by more cyberattacks (11 okt)
https://yle.fi/a/74-20054766
SEC is investigating MOVEit mass-hack, says Progress Software (11 okt)
https://techcrunch.com/2023/10/11/sec-is-investigating-moveit-mass-hack-says-progress-software/
Manufacturing giant dealing with ‘disruptive’ cyberattack (12 okt)
https://therecord.media/manufacturing-giant-dealing-with-disruptive-cyberattack
Microsoft Defender Thwarts Large-Scale Akira Ransomware Attack (12 okt)
https://thehackernews.com/2023/10/microsoft-defender-thwarts-akira.html
Rapporter och analyser
The Art of Concealment: A New Magecart Campaign That’s Abusing 404 Pages (9 okt)
https://www.akamai.com/blog/security-research/magecart-new-technique-404-pages-skimmer
Patch Now: Massive RCE Campaign Wrangles Routers Into Botnet (9 okt)
https://www.darkreading.com/cloud/patch-now-massive-rce-campaign-d-link-zyxel-botnet
Microsoft Digital Defense Report 2023 (10 okt)
https://www.microsoft.com/en-us/security/security-insider/microsoft-digital-defense-report-2023
StopRansomware: AvosLocker Ransomware (Update) (11 okt)
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-284a
Resurgence of LinkedIn Smart Links Identified in Sizable Credential Phishing Campaign (11 okt)
https://cofense.com/blog/linkedin-smart-links-credential-phishing-campaign/
Hackers will use AI to orchestrate worldwide cyberattacks (12 okt)
https://macleans.ca/society/technology/ai-cyberattacks/
NSA releases a repository of signatures and analytics to secure Operational Technology (12 okt)
https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3554537/nsa-releases-a-repository-of-signatures-and-analytics-to-secure-operational-tec/
Ransomware attacks now target unpatched WS_FTP servers (12 okt)
https://www.bleepingcomputer.com/news/security/ransomware-attacks-now-target-unpatched-ws-ftp-servers/
Phishing, the campaigns that are targeting Italy (12 okt)
https://securityaffairs.com/152372/cyber-crime/phishing-campaigns-targt-italy.html
DarkGate Opens Organizations for Attack via Skype, Teams (12 okt)
https://www.trendmicro.com/en_us/research/23/j/darkgate-opens-organizations-for-attack-via-skype-teams.html
Ransomware Roundup - Akira (12 okt)
https://www.fortinet.com/blog/threat-research/ransomware-roundup-akira
ToddyCat: Keep calm and check logs (12 okt)
https://securelist.com/toddycat-keep-calm-and-check-logs/110696/
Shadow PC warns of data breach as hacker tries to sell gamers’ info (12 okt)
https://www.bleepingcomputer.com/news/security/shadow-pc-warns-of-data-breach-as-hacker-tries-to-sell-gamers-info/
ShellBot Uses Hex IPs to Evade Detection in Attacks on Linux SSH Servers (12 okt)
https://thehackernews.com/2023/10/shellbot-uses-hex-ips-to-evade.html
Informationssäkerhet och blandat
Så fungerar de nya digitala id-korten – bilden förfalskades på några minuter (8 okt)
https://www.dn.se/ekonomi/sa-fungerar-de-nya-digitala-id-korten-bilden-forfalskades-pa-nagra-minuter/
Finlands andra kvantdator invigs – körs i 273 minusgrader (10 okt)
https://svenska.yle.fi/a/7-10043189
CISA, Government, and Industry Partners Publish Fact Sheet for Organizations Using Open Source Software (10 okt)
https://www.cisa.gov/news-events/news/cisa-government-and-industry-partners-publish-fact-sheet-organizations-using-open-source-software
Svenskarna och internet 2023 (10 okt)
https://svenskarnaochinternet.se/rapporter/svenskarna-och-internet-2023/
From chaos to cadence: Celebrating two decades of Microsoft’s Patch Tuesday (11 okt)
https://www.theregister.com/2023/10/11/microsoft_patch_tuesday_turns_20/
Sverige ska få fler cyberexperter – ”finns stort behov” (12 okt)
https://sverigesradio.se/artikel/sverige-ska-fa-fler-cyberexperter-finns-stort-behov
Riksrevisionens rapport om regeringens styrning av samhällets informations- och cybersäkerhet (12 okt)
https://www.regeringen.se/rattsliga-dokument/skrivelse/2023/10/skr.-20232426
Ransomlooker, a new tool to track and analyze ransomware groups’ activities (12 okt)
https://securityaffairs.com/152416/malware/ransomlooker-tool.html
CISA Releases New Resources Identifying Known Exploited Vulnerabilities and Misconfigurations Linked to Ransomware (12 okt)
https://www.cisa.gov/news-events/alerts/2023/10/12/cisa-releases-new-resources-identifying-known-exploited-vulnerabilities-and-misconfigurations-linked
CERT-SE i veckan
Allvarlig sårbarhet i Linuxkomponent (uppdaterad 2023-10-13)
Juniper Networks rättar flera allvarliga sårbarheter
F5 Networks rättar kritisk sårbarhet i BIG-IP
Adobes månatliga säkerhetsuppdateringar för oktober 2023
HTTP2 Rapid Reset: kritisk sårbarhet som kan utnyttjas för stora överbelastningsangrepp
Flera sårbarheter i Citrix Netscaler ADC och Netscaler Gateway
Microsofts månatliga säkerhetsuppdateringar för oktober 2023