CERT-SE:s veckobrev v.33
Det har varit patchtisdag och CERT-SE har uppmärksammat sårbarheter i flertalet artiklar på vår webbplats denna vecka. För många är detta första veckan tillbaka från semestern och frågar du oss är en genomgång av potentiellt sårbara system i den egna it-miljön ett bra sätt att kickstarta höstterminen.
Trevlig helg önskar vi på CERT-SE!
Nyheter i veckan
Problem för e-tidningar (10 aug) https://www.aftonbladet.se/nyheter/a/Rr77qd/aftonbladet-direkt?pinnedEntry=1283967
Hackers leak 2.7 billion data records with Social Security numbers (11 aug) https://www.bleepingcomputer.com/news/security/hackers-leak-27-billion-data-records-with-social-security-numbers/
Kivra låg nere i flera timmar (13 aug) https://www.tv4.se/artikel/4FhWsNmcz0UUoS1Ygu7UXO/tekniska-problem-foer-kivra
Dispossessor ransomware group shut down by US, European authorities (13 aug) https://www.reuters.com/technology/cybersecurity/dispossessor-ransomware-group-shut-down-by-us-european-authorities-2024-08-13/
Elon Musk claims live Trump interview on X derailed by DDoS (13 aug) https://www.theregister.com/2024/08/13/trump_musk_livestream_ddos_delay/
Ukraine Warns of New Phishing Campaign Targeting Government Computers (13 aug) https://thehackernews.com/2024/08/ukraine-warns-of-new-phishing-campaign.html
‘Prolific’ malvertising scammer arrested and extradited to US to face charges (13 aug) https://therecord.media/prolific-scammer-arrested-extradited-us
Google says Iranian efforts to hack US presidential campaigns are ongoing and wide-ranging (14 aug) https://edition.cnn.com/2024/08/14/politics/google-iran-hacking-presidential-election/index.html
Rapporter och fördjupningar
Unit42 - Ransomware Review: First Half of 2024 (9 aug) https://unit42.paloaltonetworks.com/unit-42-ransomware-leak-site-data-analysis/
New AMD SinkClose flaw helps install nearly undetectable malware (9 aug) https://www.bleepingcomputer.com/news/security/new-amd-sinkclose-flaw-helps-install-nearly-undetectable-malware/
How Phishing Attacks Adapt Quickly to Capitalize on Current Events (12 aug) https://thehackernews.com/2024/08/how-phishing-attacks-adapt-quickly-to.html
Server-Side Template Injection: Transforming Web Applications from Assets to Liabilities (12 aug) https://research.checkpoint.com/2024/server-side-template-injection-transforming-web-applications-from-assets-to-liabilities/
ArtiPACKED: Hacking Giants Through a Race Condition in GitHub Actions Artifacts (13 aug) https://unit42.paloaltonetworks.com/github-repo-artifacts-leak-tokens/
GhostWrite: New T-Head CPU Bugs Expose Devices to Unrestricted Attacks (13 aug) https://thehackernews.com/2024/08/ghostwrite-new-t-head-cpu-bugs-expose.html
Compromising Microsoft’s AI Healthcare Chatbot Service (13 aug) https://www.tenable.com/blog/compromising-microsofts-ai-healthcare-chatbot-service
DDoS Attacks Surge 46% in First Half of 2024, Gcore Report Reveals (14 aug) https://thehackernews.com/2024/08/ddos-attacks-surge-46-in-first-half-of.html
Ransomware attackers introduce new EDR killer to their arsenal (14 aug) https://news.sophos.com/en-us/2024/08/14/edr-kill-shifter/
Rivers of Phish - Sophisticated Phishing Targets Russia’s Perceived Enemies Around the Globe (14 aug) https://citizenlab.ca/2024/08/sophisticated-phishing-targets-russias-perceived-enemies-around-the-globe/
Cyclops: a likely replacement for BellaCiao (14 aug) https://harfanglab.io/insidethelab/cyclops-replacement-bellaciao/
Dragos Industrial Ransomware Analysis: Q2 2024 (14 aug) https://www.dragos.com/blog/dragos-industrial-ransomware-analysis-q2-2024/
Ransomware gangs rake in more than $450 million in first half of 2024 (15 aug) https://therecord.media/ransomware-gangs-set-record-for-money-extorted
Informationssäkerhet och blandat
As he retires after two decades at Homeland Security, Brandon Wales reflects on CISA’s future (12 aug) https://therecord.media/retires-dhs-brandon-wales-cisa-future
92 procent av alla it-jobb förändras av AI (13 aug) https://computersweden.se/article/3485997/92-procent-av-alla-it-jobb-forandras-av-ai.html
NIST Releases First 3 Finalized Post-Quantum Encryption Standards (13 aug) https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards
MIT releases comprehensive database of AI risks (14 aug) https://venturebeat.com/ai/mit-releases-comprehensive-database-of-ai-risks/ … https://airisk.mit.edu/
CERT-SE i veckan
Kritisk sårbarhet i Jenkins (12 aug) https://www.cert.se/2024/08/kritisk-sarbarhet-i-jenkins.html
Microsofts månatliga säkerhetsuppdateringar för augusti 2024 (14 aug) https://www.cert.se/2024/08/microsofts-manatliga-sakerhetsuppdateringar-for-augisti-2024.html
SAP:s månatliga säkerhetsuppdateringar för augusti 2024 https://www.cert.se/2024/08/saps-manatliga-sakerhetsuppdateringar-for-augusti-2024.html
Kritiska sårbarheter i produkter från Ivanti (14 aug) https://www.cert.se/2024/08/kritiska-sarbarheter-i-produkter-fran-ivanti.html
Kritisk sårbarhet i Apache HTTP Server (15 aug) https://www.cert.se/2024/08/kritisk-sarbarhet-i-apache-http-server.html
Allvarliga sårbarheter i Zimbra Collaboration Suite (15 aug) https://www.cert.se/2024/08/allvarliga-sarbarheter-i-zimbra-collaboration-suite.html
Kritisk sårbarhet i SolarWinds Web Help Desk (15 aug) https://www.cert.se/2024/08/kritisk-sarbarhet-i-solarwinds-web-help-desk.html
Adobes månatliga säkerhetsuppdateringar för augusti 2024 (15 aug) https://www.cert.se/2024/08/adobes-manatliga-sakerhetsuppdateringar-for-augisti-2024.html