CERT-SE:s veckobrev v.20

Denna vecka har det varit patchtisdag, men vi har även uppmärksammat ytterligare några kritiska sårbarheter. Se till att alla relevanta säkerhetsuppdateringar är genomförda så snart det går. Med det så önskar CERT-SE en glad syttende mai 🇳🇴 och en trevlig helg!

Nyheter i veckan

CISA and Partners Release Advisory on Black Basta Ransomware (10 maj) https://www.cisa.gov/news-events/alerts/2024/05/10/cisa-and-partners-release-advisory-black-basta-ransomware ..
After Ascension ransomware attack, feds issue alert on Black Basta group (11 maj) https://therecord.media/black-basta-ransomware-alert-healthcare-fbi-cisa-hhs

Europol confirms web portal breach, says no operational data stolen (11 maj) https://www.bleepingcomputer.com/news/security/europol-confirms-web-portal-breach-says-no-operational-data-stolen

Bjurholms kommun utsatt för it-attack – går upp i stabsläge (13 maj) https://www.svt.se/nyheter/lokalt/vasterbotten/bjurholms-kommun-utsatt-for-it-attack-gar-upp-i-stabslage

Helsingfors mål för massivt dataintrång – upp till 80 000 elevers personuppgifter kan ha läckt (13 maj) https://svenska.yle.fi/a/7-10056725

Malicious Python Package Hides Sliver C2 Framework in Fake Requests Library Logo (13 maj) https://thehackernews.com/2024/05/malicious-python-package-hides-sliver.html

AI red-teaming tools helped X-Force break into a major tech manufacturer ‘in 8 hours’ (13 maj) https://www.theregister.com/2024/05/13/ai_xforce_red_penetration

MITRE Releases EMB3D – A Cybersecurity Threat Model for Embedded Devices (13 maj) https://www.mitre.org/news-insights/news-release/mitre-releases-emb3d-cybersecurity-threat-model-embedded-devices

How Did Authorities Identify the Alleged Lockbit Boss? (13 maj) https://krebsonsecurity.com/2024/05/how-did-authorities-identify-the-alleged-lockbit-boss

Log4Shell shows no sign of fading, spotted in 30% of CVE exploits (14 maj) https://www.helpnetsecurity.com/2024/05/14/log4j-wan-insecure-protocols

Guidance for organisations considering payment in ransomware incidents (14 maj) https://www.ncsc.gov.uk/guidance/organisations-considering-payment-in-ransomware-incidents

Mitigating Cyber Threats with Limited Resources: Guidance for Civil Society (14 maj) https://www.cisa.gov/resources-tools/resources/mitigating-cyber-threats-limited-resources-guidance-civil-society

Cybersecurity Stop of the Month: Impersonation Attacks that Target the Supply Chain (14 maj) https://www.proofpoint.com/us/blog/email-and-cloud-threats/impersonation-attacks-target-supply-chain

Christie’s £670m art auctions hit by cyber attack (14 maj) https://www.bbc.com/news/articles/cxwvv4ld7x9o

ESET Research: Ebury botnet alive & growing; 400k Linux servers compromised for cryptocurrency theft and financial gain (15 maj) https://www.eset.com/us/about/newsroom/press-releases/eset-research-ebury-botnet-alive-growing

FBI seizes hacking forum BreachForums — again (15 maj) https://techcrunch.com/2024/05/15/fbi-seizes-hacking-forum-breachforums-again

Santander Data Breach Impacts Customers, Employees (15 maj) https://www.securityweek.com/santander-data-breach-impacts-customers-employees

EU failure to rein in spyware reflects lack of political will, parliamentarian says (15 maj) https://therecord.media/eu-failure-spyware-political-will

Threat actors misusing Quick Assist in social engineering attacks leading to ransomware (15 maj) https://www.microsoft.com/en-us/security/blog/2024/05/15/threat-actors-misusing-quick-assist-in-social-engineering-attacks-leading-to-ransomware

Tackling Modern Human Risks in Cybersecurity: Insights from the Verizon DBIR 2024 (16 maj) https://www.sans.org/blog/tackling-modern-human-risks-in-cybersecurity-insights-from-the-verizon-dbir-2024

Skatteverket tar hem Spar-registret – ”behöver höja skyddsarbetet” (16 maj) https://computersweden.se/article/2107562/skatteverket-tar-hem-spar-registret-behover-hoja-skyddsarbetet.html

New Threat Insights Reveal That Cybercriminals Increasingly Target the Pharmacy Sector (16 maj) https://www.proofpoint.com/us/blog/email-and-cloud-threats/cybercriminals-increasingly-targeting-pharmacy-sector

Undersökning: styrelser tonar ner cyberrisker (17 maj) https://computersweden.se/article/2110795/undersokning-styrelser-tonar-ner-risker-med-cybersakerheten.html ..
Trend Micro: The CISO Credibility Gap https://www.trendmicro.com/explore/thecisocredibilitygap/2608-tl-en-rpt

Rapporter och analyser

Rapport: Hotbildsbedömning för Sveriges banker 2024 (13 maj) https://www.swedishbankers.se/fraagor-vi-arbetar-med/saekerhet/sakerhet/rapport-hotbildsbedoemning-foer-sveriges-banker-2024 ..
https://www.swedishbankers.se/media/5820/hotbildsbedoemning-foer-sveriges-banker-2024.pdf

Leveraging DNS Tunneling for Tracking and Scanning (13 maj) https://unit42.paloaltonetworks.com/three-dns-tunneling-campaigns

CISA Publishes Encrypted DNS Implementation Guidance to Federal Agencies (16 maj) https://www.cisa.gov/news-events/news/cisa-publishes-encrypted-dns-implementation-guidance-federal-agencies ..
https://www.cisa.gov/sites/default/files/2024-05/Encrypted%20DNS%20Implementation%20Guidance_508c.pdf

To the Moon and back(doors): Lunar landing in diplomatic missions (15 maj) https://www.welivesecurity.com/en/eset-research/moon-backdoors-lunar-landing-diplomatic-missions

Payload Trends in Malicious OneNote Samples (16 maj) https://unit42.paloaltonetworks.com/payloads-in-malicious-onenote-samples

Informationssäkerhet och blandat

Obsolete, but not gone: The people who won’t give up floppy disks (10 maj) https://www.bbc.com/future/article/20240510-floppy-disks-why-some-people-are-still-in-love-with-this-obsolete-computer-storage-technology

Sverige bygger AI för alla europeiska språk (16 maj) https://www.dn.se/sverige/sverige-bygger-ai-for-alla-europeiska-sprak

CERT-SE i veckan

Kritisk sårbarhet i Intel Neural Compressor (16 maj) https://www.cert.se/2024/05/kritisk-sarbarhet-i-intel-neural-compressor.html

Kritiska sårbarheter påverkar SAP-produkter (15 maj) https://www.cert.se/2024/05/kritiska-sarbarheter-paverkar-sap-produkter.html

Adobes månatliga säkerhetsuppdateringar för maj 2024 (15 maj) https://www.cert.se/2024/05/adobes-manatliga-sakerhetsuppdateringar-for-maj-2024.html

Microsofts månatliga säkerhetsuppdateringar för maj 2024 (15 maj) https://www.cert.se/2024/05/microsofts-manatliga-sakershetsuppdateringar-for-maj-2024.html

Kritisk sårbarhet i Solarwinds ARM (13 maj) https://www.cert.se/2024/05/kritisk-sarbarhet-i-solarwinds-arm.html