CERT-SE:s veckobrev v.15

Veckobrev

Denna vecka har det varit patchtisdag, men vi har även uppmärksammat ytterligare några kritiska sårbarheter. Se till att alla relevanta säkerhetsuppdateringar är genomförda. Vi tipsar även om ett antal läsvärda analyser och rapporter. Trevlig helg önskar CERT-SE!

Nyheter i veckan

Heartbleed is 10 Years Old – Farewell Heartbleed, Hello QuantumBleed! (2 apr) https://www.securityweek.com/heartbleed-is-10-years-old-farewell-heartbleed-hello-quantumbleed/ ..
The Heartbleed Bug https://heartbleed.com/

Ivanti CEO pledges to “fundamentally transform” its hard-hit security model (5 apr) https://arstechnica.com/security/2024/04/ivanti-following-years-of-critical-vpn-exploits-pledges-new-era-of-security/

Cyberkatastrofen avvärjdes – av en slump (5 apr) https://computersweden.se/article/2083427/cyberkatastrofen-avvarjdes-av-en-slump.html

New Wave of JSOutProx Malware Targeting Financial Firms in APAC and MENA (5 apr) https://thehackernews.com/2024/04/new-wave-of-jsoutprox-malware-targeting.html

Over 92,000 exposed D-Link NAS devices have a backdoor account (6 apr) https://www.bleepingcomputer.com/news/security/over-92-000-exposed-d-link-nas-devices-have-a-backdoor-account/

Hackers Exploit Magento Bug to Steal Payment Data from E-commerce Websites (6 apr) https://thehackernews.com/2024/04/hackers-exploit-magento-bug-to-steal.html

Puppies, kittens, data at risk after ‘cyber incident’ at veterinary giant (8 apr) https://www.theregister.com/2024/04/08/cyber_incident_strikes_veterinary_services/

Change Healthcare faces second ransomware dilemma weeks after ALPHV attack (8 apr) https://www.theregister.com/2024/04/08/change_healthcare_ransomware/

The Drop in Ransomware Attacks in 2024 and What it Means (8 apr) https://thehackernews.com/2024/04/the-drop-in-ransomware-attacks-in-2024.html

Toward greater transparency: Adopting the CWE standard for Microsoft CVEs (8 apr) https://msrc.microsoft.com/blog/2024/04/toward-greater-transparency-adopting-the-cwe-standard-for-microsoft-cves/

DoD Moves Towards Zero-Trust Cybersecurity Framework (9 apr) https://news.clearancejobs.com/2024/04/09/zero-trust-cybersecurity-framework-in-the-dod/

CISA Announces Malware Next-Gen Analysis (10 apr) https://www.cisa.gov/news-events/news/cisa-announces-malware-next-gen-analysis

Raspberry Robin Returns: New Malware Campaign Spreading Through WSF Files (10 apr) https://thehackernews.com/2024/04/raspberry-robin-returns-new-malware.html

Fallout from XZ/SSH supply chain attack continues (10 apr) https://pducklin.com/2024/04/10/fallout-from-xz-ssh-supply-chain-attack-continues/

Apple: Mercenary spyware attacks target iPhone users in 92 countries (11 apr) https://www.bleepingcomputer.com/news/security/apple-mercenary-spyware-attacks-target-iphone-users-in-92-countries/

US Cyber Force Assisted Foreign Governments 22 Times in 2023 (11 apr) https://www.securityweek.com/us-cyber-force-assisted-foreign-governments-22-times-in-2023/

French issue alerte rouge after local governments knocked offline by cyber attack (12 apr) https://www.theregister.com/2024/04/12/french_municipalities_cyberattack/

Rapporter och analyser

ScrubCrypt Deploys VenomRAT with an Arsenal of Plugins (8 apr) https://www.fortinet.com/blog/threat-research/scrubcrypt-deploys-venomrat-with-arsenal-of-plugins

Linux kernel on Intel systems is susceptible to Spectre v2 attacks (9 apr) https://kb.cert.org/vuls/id/155143

Top MITRE ATT&CK Techniques and How to Defend Against Them (10 apr) https://www.darkreading.com/cyberattacks-data-breaches/top-mitre-attack-techniques-how-to-defend-against

Security Brief: TA547 Targets German Organizations with Rhadamanthys Stealer (10 apr) https://www.proofpoint.com/us/blog/threat-insight/security-brief-ta547-targets-german-organizations-rhadamanthys-stealer

Metasploit Meterpreter Installed via Redis Server (11 apr) https://asec.ahnlab.com/en/64034/

Cyberespionage Group Earth Hundun’s Continuous Refinement of Waterbear and Deuterbear (11 apr) https://www.trendmicro.com/en_us/research/24/d/earth-hundun-waterbear-deuterbear.html

Informationssäkerhet och blandat

Hacker Leaks 8.5M U.S. Environmental Protection Agency (EPA) Contact Data (7 apr) https://www.hackread.com/us-environmental-protection-agency-hacked-data-leaked/

How Engineers at Digital Equipment Corp. Saved Ethernet (7 apr) https://spectrum.ieee.org/how-dec-engineers-saved-ethernet

IMF: Finanssektorn kraftigt exponerad mot cyberattacker – nu krävs ökad beredskap (10 apr) https://www.voister.se/artikel/2024/04/imf-finanssektorn-kraftigt-exponerad-mot-cyberattacker-nu-kravs-okad-beredskap ..
Rising Cyber Threats Pose Serious Concerns for Financial Stability (9 apr) https://www.imf.org/en/Blogs/Articles/2024/04/09/rising-cyber-threats-pose-serious-concerns-for-financial-stability

385 miljoner kronor till satsningar på civilt försvar och cybersäkerhet (11 apr) https://www.regeringen.se/pressmeddelanden/2024/04/385-miljoner-kronor-till-satsningar-pa-civilt-forsvar-och-cybersakerhet/

Global taxi software vendor exposes details of nearly 300K across UK and Ireland (11 apr) https://www.theregister.com/2024/04/11/icabbi_database_exposure/

Why women struggle in the cybersecurity industry (12 apr) https://www.helpnetsecurity.com/2024/04/12/women-cybersecurity-workplace-experiences/

LastPass Employee Targeted With Deepfake Calls (12 apr) https://www.securityweek.com/lastpass-employee-targeted-with-deepfake-calls/

CERT-SE i veckan

Kritisk sårbarhet i IBM Personal Communications https://www.cert.se/2024/04/kritisk-sarbarhet-i-ibm-personal-communications.html

SAP:s månatliga säkerhetsuppdateringar för april 2024 https://www.cert.se/2024/04/saps-manatliga-sakerhetsuppdateringar-for-april-2024.html

Adobes månatliga säkerhetsuppdateringar för april 2024 https://www.cert.se/2024/04/adobes-manatliga-sakerhetsuppdateringar-for-april-2024.html

Microsofts månatliga säkerhetsuppdateringar för april 2024 https://www.cert.se/2024/04/microsofts-manatliga-sakerhetsuppdateringar-for-april-2024.html

Flera sårbarheter i Fortinet-produkter https://www.cert.se/2024/04/flera-sarbarheter-i-fortinet-produkter.html

Kritisk sårbarhet i PAN-OS https://www.cert.se/2024/04/kritisk-sarbarhet-i-pan-os.html