CERT-SE:s veckobrev v.14

Veckobrev

Blandade nyheter från veckan som gått. Denna förkortade arbetsvecka har präglats i hög grad av den uppmärksammade bakdörren i XZ Utils.

Vi vill också tipsa om MSB:s kommande Forum för samhällsviktiga kommunikationstjänster där CERT-SE medverkar på temat incidenthantering. Läs mer på MSB:s webbplats: https://www.msb.se/sv/aktuellt/kalender/2024/april/forum-for-samhallsviktiga-kommunikationstjanster/

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Ivanti-linked breach of CISA potentially affected more than 100,000 individuals (29 mar) https://cyberscoop.com/ivanti-linked-breach-of-cisa-potentially-affected-more-than-100000-individuals/

AT&T confirms data for 73 million customers leaked on hacker forum (30 mar) https://www.bleepingcomputer.com/news/security/atandt-confirms-data-for-73-million-customers-leaked-on-hacker-forum/
https://about.att.com/story/2024/addressing-data-set-released-on-dark-web.html

Känsliga svenska internetkablar ligger oskyddade på havsbotten (30 mar) https://www.svt.se/nyheter/inrikes/kansliga-svenska-internetkablar-ligger-oskyddade-pa-havsbotten

Svenska politiker utsatta för kinesisk hackerattack (31 mar) https://www.svt.se/nyheter/utrikes/svenska-politiker-utsatta-for-kinesisk-hackerattack

Svenskars routrar utnyttjade av kinesisk hackergrupp (1 apr) https://www.svt.se/nyheter/inrikes/svenskars-routrar-har-utnyttjats-av-kinesisk-hackergrupp

Prudential Insurance says data of 36,000 exposed during February cyberattack (2 apr) https://therecord.media/prudential-discloses-new-information-from-february-incident

Microsoft warns Gmail blocks some Outlook email as spam, shares fix (2 apr) https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-gmail-blocks-some-outlook-email-as-spam-shares-fix/

US State Department investigates alleged theft of government data (3 apr) https://www.bleepingcomputer.com/news/security/us-state-department-investigates-alleged-theft-of-government-data/

Cyber Safety Review Board Report Slams Microsoft Security Failures in Government Email Breach (3 apr) https://www.infosecurity-magazine.com/news/microsoft-security-failures/

XZ Utils Backdoor Attack Brings Another Similar Incident to Light (3 apr) https://www.securityweek.com/xz-utils-backdoor-attack-brings-another-similar-incident-to-light/

Cyberattack Causes Disruptions at Omni Hotels (4 apr) https://www.securityweek.com/cyberattack-causes-disruptions-at-omni-hotels/

SEXi Ransomware Desires VMware Hypervisors in Ongoing Campaign (5 apr) https://www.darkreading.com/threat-intelligence/sexi-ransomware-desires-vmware-hypervisors

Rapporter och analyser

Earth Freybug Uses UNAPIMON for Unhooking Critical APIs (2 apr) https://www.trendmicro.com/en_us/research/24/d/earth-freybug.html

New Red Ransomware Group (Red CryptoApp) Exposes Victims on Wall of Shame (4 apr) https://www.hackread.com/red-ransomware-group-red-cryptoapp-wall-of-shame/

Latrodectus: This Spider Bytes Like Ice (4 apr) https://www.proofpoint.com/us/blog/threat-insight/latrodectus-spider-bytes-ice

LockBit Ransomware Takedown Strikes Deep Into Brand’s Viability (4 apr) https://www.darkreading.com/threat-intelligence/lockbit-ransomware-takedown-strikes-brand-viability

Informationssäkerhet och blandat

‘Many-shot jailbreak’: lab reveals how AI safety features can be easily bypassed (3 apr) https://www.theguardian.com/technology/2024/apr/03/many-shot-jailbreaking-ai-artificial-intelligence-safety-features-bypass

NIST Wants Help Digging Out of Its NVD Backlog (2 apr) https://www.darkreading.com/vulnerabilities-threats/nist-needs-help-digging-out-of-its-vulnerability-backloghttps://nvd.nist.gov/general/news/nvd-program-transition-announcement

EU skrotar kritiserat säkerhetskrav för molnjättar (4 apr) https://computersweden.se/article/2080548/eu-skrotar-kritiserat-sakerhetskrav-for-molnjattar.html

Cybersäkerhetskollen 2024 lanserad (3 apr) https://www.msb.se/sv/aktuellt/nyheter/2024/april/cybersakerhetskollen-2024-lanserad/

CERT-SE i veckan

Kritisk sårbarhet i XZ Utils (xz/liblzma) (30 mar) https://www.cert.se/2024/03/kritisk-sarbarhet-i-xz-utils.html

Allvarliga sårbarheter i Ivanti Connect Secure och Ivanti Policy Secure (4 apr) https://www.cert.se/2024/04/allvarliga-sarbarheter-i-ivanti-connect-secure-och-ivanti-policy-secure.html

Allvarlig sårbarhet i Cisco Nexus Dashboard Fabric Controller (5 apr) https://www.cert.se/2024/04/allvarlig-sarbarhet-i-cisco-nexus-dashboard-fabric-controller.html