CERT-SE:s veckobrev v.33

Veckobrev

Det har varit patchtisdag och CERT-SE har uppmärksammat sårbarheter i flertalet artiklar på vår webbplats denna vecka. För många är detta första veckan tillbaka från semestern och frågar du oss är en genomgång av potentiellt sårbara system i den egna it-miljön ett bra sätt att kickstarta höstterminen.

Trevlig helg önskar vi på CERT-SE!

Nyheter i veckan

Problem för e-tidningar (10 aug) https://www.aftonbladet.se/nyheter/a/Rr77qd/aftonbladet-direkt?pinnedEntry=1283967

Hackers leak 2.7 billion data records with Social Security numbers (11 aug) https://www.bleepingcomputer.com/news/security/hackers-leak-27-billion-data-records-with-social-security-numbers/

Kivra låg nere i flera timmar (13 aug) https://www.tv4.se/artikel/4FhWsNmcz0UUoS1Ygu7UXO/tekniska-problem-foer-kivra

Dispossessor ransomware group shut down by US, European authorities (13 aug) https://www.reuters.com/technology/cybersecurity/dispossessor-ransomware-group-shut-down-by-us-european-authorities-2024-08-13/

Elon Musk claims live Trump interview on X derailed by DDoS (13 aug) https://www.theregister.com/2024/08/13/trump_musk_livestream_ddos_delay/

Ukraine Warns of New Phishing Campaign Targeting Government Computers (13 aug) https://thehackernews.com/2024/08/ukraine-warns-of-new-phishing-campaign.html

‘Prolific’ malvertising scammer arrested and extradited to US to face charges (13 aug) https://therecord.media/prolific-scammer-arrested-extradited-us

Google says Iranian efforts to hack US presidential campaigns are ongoing and wide-ranging (14 aug) https://edition.cnn.com/2024/08/14/politics/google-iran-hacking-presidential-election/index.html

Rapporter och fördjupningar

Unit42 - Ransomware Review: First Half of 2024 (9 aug) https://unit42.paloaltonetworks.com/unit-42-ransomware-leak-site-data-analysis/

New AMD SinkClose flaw helps install nearly undetectable malware (9 aug) https://www.bleepingcomputer.com/news/security/new-amd-sinkclose-flaw-helps-install-nearly-undetectable-malware/

How Phishing Attacks Adapt Quickly to Capitalize on Current Events (12 aug) https://thehackernews.com/2024/08/how-phishing-attacks-adapt-quickly-to.html

Server-Side Template Injection: Transforming Web Applications from Assets to Liabilities (12 aug) https://research.checkpoint.com/2024/server-side-template-injection-transforming-web-applications-from-assets-to-liabilities/

ArtiPACKED: Hacking Giants Through a Race Condition in GitHub Actions Artifacts (13 aug) https://unit42.paloaltonetworks.com/github-repo-artifacts-leak-tokens/

GhostWrite: New T-Head CPU Bugs Expose Devices to Unrestricted Attacks (13 aug) https://thehackernews.com/2024/08/ghostwrite-new-t-head-cpu-bugs-expose.html

Compromising Microsoft’s AI Healthcare Chatbot Service (13 aug) https://www.tenable.com/blog/compromising-microsofts-ai-healthcare-chatbot-service

DDoS Attacks Surge 46% in First Half of 2024, Gcore Report Reveals (14 aug) https://thehackernews.com/2024/08/ddos-attacks-surge-46-in-first-half-of.html

Ransomware attackers introduce new EDR killer to their arsenal (14 aug) https://news.sophos.com/en-us/2024/08/14/edr-kill-shifter/

Rivers of Phish - Sophisticated Phishing Targets Russia’s Perceived Enemies Around the Globe (14 aug) https://citizenlab.ca/2024/08/sophisticated-phishing-targets-russias-perceived-enemies-around-the-globe/

Cyclops: a likely replacement for BellaCiao (14 aug) https://harfanglab.io/insidethelab/cyclops-replacement-bellaciao/

Dragos Industrial Ransomware Analysis: Q2 2024 (14 aug) https://www.dragos.com/blog/dragos-industrial-ransomware-analysis-q2-2024/

Ransomware gangs rake in more than $450 million in first half of 2024 (15 aug) https://therecord.media/ransomware-gangs-set-record-for-money-extorted

Informationssäkerhet och blandat

As he retires after two decades at Homeland Security, Brandon Wales reflects on CISA’s future (12 aug) https://therecord.media/retires-dhs-brandon-wales-cisa-future

92 procent av alla it-jobb förändras av AI (13 aug) https://computersweden.se/article/3485997/92-procent-av-alla-it-jobb-forandras-av-ai.html

NIST Releases First 3 Finalized Post-Quantum Encryption Standards (13 aug) https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards

MIT releases comprehensive database of AI risks (14 aug) https://venturebeat.com/ai/mit-releases-comprehensive-database-of-ai-risks/https://airisk.mit.edu/

CERT-SE i veckan

Kritisk sårbarhet i Jenkins (12 aug) https://www.cert.se/2024/08/kritisk-sarbarhet-i-jenkins.html

Microsofts månatliga säkerhetsuppdateringar för augusti 2024 (14 aug) https://www.cert.se/2024/08/microsofts-manatliga-sakerhetsuppdateringar-for-augisti-2024.html

SAP:s månatliga säkerhetsuppdateringar för augusti 2024 https://www.cert.se/2024/08/saps-manatliga-sakerhetsuppdateringar-for-augusti-2024.html

Kritiska sårbarheter i produkter från Ivanti (14 aug) https://www.cert.se/2024/08/kritiska-sarbarheter-i-produkter-fran-ivanti.html

Kritisk sårbarhet i Apache HTTP Server (15 aug) https://www.cert.se/2024/08/kritisk-sarbarhet-i-apache-http-server.html

Allvarliga sårbarheter i Zimbra Collaboration Suite (15 aug) https://www.cert.se/2024/08/allvarliga-sarbarheter-i-zimbra-collaboration-suite.html

Kritisk sårbarhet i SolarWinds Web Help Desk (15 aug) https://www.cert.se/2024/08/kritisk-sarbarhet-i-solarwinds-web-help-desk.html

Adobes månatliga säkerhetsuppdateringar för augusti 2024 (15 aug) https://www.cert.se/2024/08/adobes-manatliga-sakerhetsuppdateringar-for-augisti-2024.html