CERT-SE:s veckobrev v.29
En händelserik vecka på it-säkerhetsområdet. Den 18 juli skickade CERT-SE ut ett blixtmeddelande med anledning av kritiska sårbarheter i Cisco Secure Email Gateway och den 19 juli orsakade ett tekniskt fel i CrowdStrike Falcon Sensor omfattande driftstörningar i flera delar av världen. Du hittar CERT-SE:s artiklar om dessa händelser här:
- https://www.cert.se/2024/07/bm24-003-kritisk-sarbarhet-i-cisco-secure-email-gateway.html
- https://www.cert.se/2024/07/allvarliga-storningar-i-crowdstrike-paverkar-manga-organisationers-it-miljoer.html
Båda dessa kan komma att uppdateras med ytterligare information.
Med det vill CERT-SE önska en trevlig helg!
Nyheter i veckan
iPhone users in 98 countries warned about spyware by Apple (12 jul) https://www.malwarebytes.com/blog/news/2024/07/iphone-users-in-98-countries-warned-about-spyware-by-apple
Hacktivist Groups “People’s Cyber Army” And “HackNeT” Launch Trial DDoS Attacks on French Websites; prior to the Onslaught during Paris Olympics (15 jul)
https://cyble.com/blog/hacktivist-groups-peoples-cyber-army-and-hacknet-launch-trial-ddos-attacks-on-french-websites-prior-to-the-onslaught-during-paris-olympics/
…
Paris 2024 Olympics to face complex cyber threats (16 jul)
https://www.helpnetsecurity.com/2024/07/16/france-olympic-games-2024-cybersecurity-services-spending/
Email addresses of 15 million Trello users leaked on hacking forum (16 jul) https://www.bleepingcomputer.com/news/security/email-addresses-of-15-million-trello-users-leaked-on-hacking-forum/
Major Microsoft 365 outage caused by Azure configuration change (19 jul) https://www.bleepingcomputer.com/news/microsoft/major-microsoft-365-outage-caused-by-azure-configuration-change/
Globala it-störningar – flyg ställs in över hela världen (19 jul)
https://www.svt.se/nyheter/utrikes/it-storningar-varlden-over
…
Larm om it-strul världen över (19 jul)
https://www.aftonbladet.se/nyheter/a/MnnWWm/larm-om-it-strul-varlden-over
Rapporter och analyser
Fake AWS Packages Ship Command and Control Malware In JPEG Files (14 jul) https://blog.phylum.io/fake-aws-packages-ship-command-and-control-malware-in-jpeg-files/
HardBit ransomware version 4.0 supports new obfuscation techniques (15 jul) https://securityaffairs.com/165735/malware/hardbit-ransomware-version-4-0.html
Threat Spotlight: Attackers abuse URL protection services to mask phishing links (15 jul) https://blog.barracuda.com/2024/07/15/threat-spotlight-attackers-abuse-url-protection-services
SEXi ransomware rebrands to APT INC, continues VMware ESXi attacks (15 jul) https://www.bleepingcomputer.com/news/security/sexi-ransomware-rebrands-to-apt-inc-continues-vmware-esxi-attacks/
The Importance of Data Security in Hospitality (15 jul) https://www.devx.com/technology/the-importance-of-data-security-in-hospitality/
DarkGate, the Swiss Army knife of malware, sees boom after rival Qbot crushed (16 jul) https://www.theregister.com/2024/07/16/darkgate_malware/
Defending Against APTs: A Learning Exercise with Kimsuky (16 jul) https://www.rapid7.com/blog/post/2024/07/16/defending-against-apts-a-learning-exercise-with-kimsuky/
Container Breakouts: Escape Techniques in Cloud Environments (18 jul) https://unit42.paloaltonetworks.com/container-escape-techniques/
Informationssäkerhet och blandat
Improving cyber resilience of frontline forces in Europe (15 jul) https://www.gov.uk/government/news/improving-cyber-resilience-of-frontline-forces-in-europe
Cybersecurity crisis communication: What to do (15 jul) https://securityintelligence.com/articles/cybersecurity-crisis-communication-what-to-do/
Discover the growing threats to data security (15 jul) https://www.helpnetsecurity.com/2024/07/15/pranava-adduri-bedrock-security-data-security-risks/
Punch Card Hacking – Exploring a Mainframe Attack Vector (16 jul) https://blog.nviso.eu/2024/07/16/punch-card-hacking-exploring-a-mainframe-attack-vector/
Forget Brexit – EU cybersecurity upgrade means UK too (16 jul) https://northwestbylines.co.uk/politics/brexit/forget-brexit-eu-cybersecurity-upgrade-means-uk-too/
UK Government Set to Introduce New Cyber Security and Resilience Bill (18 jul) https://www.infosecurity-magazine.com/news/government-cyber-security-bill-2024/
CERT-SE i veckan
Kritiska sårbarheter i flera produkter från IBM (16 jul) https://www.cert.se/2024/07/kritiska-sarbarheter-i-flera-produkter-fran-ibm.html
Oracles kvartalsvisa säkerhetsuppdatering för juli 2024 (17 jul) https://www.cert.se/2024/07/oracles-kvartalsvisa-sakerhetsuppdateringar-for-juli-2024.html
Kritiska sårbarheter i produkter från Cisco (18 jul) https://www.cert.se/2024/07/kritiska-sarbarheter-i-produkter-fran-cisco.html
BM24-004 Kritisk sårbarhet i Cisco Secure Email Gateway (18 jul) https://www.cert.se/2024/07/bm24-003-kritisk-sarbarhet-i-cisco-secure-email-gateway.html
Allvarliga störningar i CrowdStrike påverkar många organisationers it-miljöer (19 jul) https://www.cert.se/2024/07/allvarliga-storningar-i-crowdstrike-paverkar-manga-organisationers-it-miljoer.html