CERT-SE:s veckobrev v.14
Blandade nyheter från veckan som gått. Denna förkortade arbetsvecka har präglats i hög grad av den uppmärksammade bakdörren i XZ Utils.
Vi vill också tipsa om MSB:s kommande Forum för samhällsviktiga kommunikationstjänster där CERT-SE medverkar på temat incidenthantering. Läs mer på MSB:s webbplats: https://www.msb.se/sv/aktuellt/kalender/2024/april/forum-for-samhallsviktiga-kommunikationstjanster/
Trevlig helg önskar CERT-SE!
Nyheter i veckan
Ivanti-linked breach of CISA potentially affected more than 100,000 individuals (29 mar) https://cyberscoop.com/ivanti-linked-breach-of-cisa-potentially-affected-more-than-100000-individuals/
AT&T confirms data for 73 million customers leaked on hacker forum (30 mar)
https://www.bleepingcomputer.com/news/security/atandt-confirms-data-for-73-million-customers-leaked-on-hacker-forum/
…
https://about.att.com/story/2024/addressing-data-set-released-on-dark-web.html
Känsliga svenska internetkablar ligger oskyddade på havsbotten (30 mar) https://www.svt.se/nyheter/inrikes/kansliga-svenska-internetkablar-ligger-oskyddade-pa-havsbotten
Svenska politiker utsatta för kinesisk hackerattack (31 mar) https://www.svt.se/nyheter/utrikes/svenska-politiker-utsatta-for-kinesisk-hackerattack
Svenskars routrar utnyttjade av kinesisk hackergrupp (1 apr) https://www.svt.se/nyheter/inrikes/svenskars-routrar-har-utnyttjats-av-kinesisk-hackergrupp
Prudential Insurance says data of 36,000 exposed during February cyberattack (2 apr) https://therecord.media/prudential-discloses-new-information-from-february-incident
Microsoft warns Gmail blocks some Outlook email as spam, shares fix (2 apr) https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-gmail-blocks-some-outlook-email-as-spam-shares-fix/
US State Department investigates alleged theft of government data (3 apr) https://www.bleepingcomputer.com/news/security/us-state-department-investigates-alleged-theft-of-government-data/
Cyber Safety Review Board Report Slams Microsoft Security Failures in Government Email Breach (3 apr) https://www.infosecurity-magazine.com/news/microsoft-security-failures/
XZ Utils Backdoor Attack Brings Another Similar Incident to Light (3 apr) https://www.securityweek.com/xz-utils-backdoor-attack-brings-another-similar-incident-to-light/
Cyberattack Causes Disruptions at Omni Hotels (4 apr) https://www.securityweek.com/cyberattack-causes-disruptions-at-omni-hotels/
SEXi Ransomware Desires VMware Hypervisors in Ongoing Campaign (5 apr) https://www.darkreading.com/threat-intelligence/sexi-ransomware-desires-vmware-hypervisors
Rapporter och analyser
Earth Freybug Uses UNAPIMON for Unhooking Critical APIs (2 apr) https://www.trendmicro.com/en_us/research/24/d/earth-freybug.html
New Red Ransomware Group (Red CryptoApp) Exposes Victims on Wall of Shame (4 apr) https://www.hackread.com/red-ransomware-group-red-cryptoapp-wall-of-shame/
Latrodectus: This Spider Bytes Like Ice (4 apr) https://www.proofpoint.com/us/blog/threat-insight/latrodectus-spider-bytes-ice
LockBit Ransomware Takedown Strikes Deep Into Brand’s Viability (4 apr) https://www.darkreading.com/threat-intelligence/lockbit-ransomware-takedown-strikes-brand-viability
Informationssäkerhet och blandat
‘Many-shot jailbreak’: lab reveals how AI safety features can be easily bypassed (3 apr) https://www.theguardian.com/technology/2024/apr/03/many-shot-jailbreaking-ai-artificial-intelligence-safety-features-bypass
NIST Wants Help Digging Out of Its NVD Backlog (2 apr) https://www.darkreading.com/vulnerabilities-threats/nist-needs-help-digging-out-of-its-vulnerability-backlog … https://nvd.nist.gov/general/news/nvd-program-transition-announcement
EU skrotar kritiserat säkerhetskrav för molnjättar (4 apr) https://computersweden.se/article/2080548/eu-skrotar-kritiserat-sakerhetskrav-for-molnjattar.html
Cybersäkerhetskollen 2024 lanserad (3 apr) https://www.msb.se/sv/aktuellt/nyheter/2024/april/cybersakerhetskollen-2024-lanserad/
CERT-SE i veckan
Kritisk sårbarhet i XZ Utils (xz/liblzma) (30 mar) https://www.cert.se/2024/03/kritisk-sarbarhet-i-xz-utils.html
Allvarliga sårbarheter i Ivanti Connect Secure och Ivanti Policy Secure (4 apr) https://www.cert.se/2024/04/allvarliga-sarbarheter-i-ivanti-connect-secure-och-ivanti-policy-secure.html
Allvarlig sårbarhet i Cisco Nexus Dashboard Fabric Controller (5 apr) https://www.cert.se/2024/04/allvarlig-sarbarhet-i-cisco-nexus-dashboard-fabric-controller.html