CERT-SE:s veckobrev v.41
Det har varit patchtisdag och CERT-SE har publicerat sammanfattningar av säkerhetsuppdateringar från Microsoft, Adobe, Ivanti och SAP. Se till att uppdatera dessa, och övriga sårbarheter vi skrivit om i veckan, så snart det går.
Den här veckan informerar vi även om en kritisk sårbarhet i Fortinet-produkter som nu utnyttjas aktivt (CVE-2024-23113, CVSS-klassning på 9.8). För mer information, se Kritisk sårbarhet i Fortinet-produkter utnyttjas aktivt på www.cert.se. https://www.cert.se/2024/10/kritisk-sarbarhet-i-fortinet-produkter-utnyttjas-aktivt.html
Trevlig helg!
Nyheter i veckan
Rekordstor ddos-attack registrerad – 3,8 terabit per sekund (4 okt) https://computersweden.se/article/3546703/rekordstor-ddos-attack-registrerad-38-terabit-per-sekund.html
White House official says insurance companies must stop funding ransomware payments (4 okt) https://therecord.media/cyber-insurance-ransomware-payments-anne-neuberger-op-ed
E.U. Court Limits Meta’s Use of Personal Facebook Data for Targeted Ads (7 okt) https://thehackernews.com/2024/10/eu-court-limits-metas-use-of-personal.html
Nu finns AI som gymnasieämne – bara åtta behöriga lärare (7 okt) https://www.dn.se/sverige/nu-finns-ai-som-gymnasieamne-bara-atta-behoriga-larare/
Defending healthcare systems against ransomware attacks [Q&A] (7 okt) https://betanews.com/2024/10/07/defending-healthcare-systems-against-ransomware-attacks-qa/
New Gorilla Botnet Launches Over 300,000 DDoS Attacks Across 100 Countries (7 okt) https://thehackernews.com/2024/10/new-gorilla-botnet-launches-over-300000.html
AT&T, Verizon reportedly hacked to target US govt wiretapping platform (7 okt) https://www.bleepingcomputer.com/news/security/atandt-verizon-reportedly-hacked-to-target-us-govt-wiretapping-platform/
Headhuntad? Drömjobbet kan vara en fälla (7 okt) https://computersweden.se/article/3544937/headhuntad-dromjobbet-kan-vara-en-falla.html
American Water Confirms Hack: Customer Portal and Billing Services Suspended (7 okt) https://www.securityweek.com/american-water-confirms-hack-customer-portal-and-billing-services-suspended/
Smart TV Surveillance? How Samsung and LG’s ACR Technology Tracks What You Watch (7 okt) https://www.securityweek.com/smart-tv-surveillance-how-samsung-and-lgs-acr-technology-tracks-what-you-watch/
Qualcomm patches high-severity zero-day exploited in attacks (7 okt)
https://www.bleepingcomputer.com/news/security/qualcomm-patches-high-severity-zero-day-exploited-in-attacks/
..
October 2024 Security Bulletin
https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html
NCSC-UK: Engaging with Boards to improve the management of cyber security risk (7 okt)
https://www.ncsc.gov.uk/guidance/board-level-cyber-discussions-communicating-clearly
..
Board-CISO Mismatch on Cyber Responsibility, NCSC Research Finds (7 okt)
https://www.infosecurity-magazine.com/news/boardciso-mismatch-on-cyber/
MFA Isn’t Failing, But It’s Not Succeeding: Why a Trusted Security Tool Still Falls Short (7 okt) https://www.securityweek.com/mfa-isnt-failing-but-its-not-succeeding-why-a-trusted-security-tool-still-falls-short/
Billion-dollar cyberfraud industry expands in Southeast Asia as criminals adopt new technologies (7 okt) https://www.unodc.org/roseap/en/2024/10/cyberfraud-industry-expands-southeast-asia/story.html
Ukraine’s defense ministry launches military CERT to counter Russian cyberattacks (8 okt) https://therecord.media/ukraine-creates-military-cert
Lego Hacked by Crypto-Scammers (8 okt) https://informationsecuritybuzz.com/lego-hacked-by-crypto-scammers/
Healthcare Organizations Warned of Trinity Ransomware Attacks (8 okt) https://www.securityweek.com/healthcare-organizations-warned-of-trinity-ransomware-attacks/
MSB: ”Näringslivet måste sitta med vid bordet” (8 okt) https://www.di.se/digital/msb-naringslivet-maste-sitta-med-vid-bordet/
GoldenJackal Targets Embassies, Steals Data from Air-Gapped Systems (8 okt) https://securityboulevard.com/2024/10/goldenjackal-targets-embassies-steals-data-from-air-gapped-systems/
Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks (9 okt) https://thehackernews.com/2024/10/microsoft-detects-growing-use-of-file.html
Casio Hit by Cyberattack (9 okt) https://www.securityweek.com/casio-hit-by-cyberattack/
Scammers Hit Florida Hurricane Victims with Fake FEMA Claims, Malware Files (9 okt) https://hackread.com/scammers-florida-hurricane-victim-fake-fema-malware/
Social Media Accounts: The Weak Link in Organizational SaaS Security (9 okt) https://thehackernews.com/2024/10/social-media-accounts-weak-link-in.html
Hackers weaponizing VSCode for remote access (9 okt) https://cybernews.com/security/hackers-weaponizing-vscode-for-remote-access/
American Water cyberattack renews focus on protecting critical infrastructure (9 okt) https://www.dailymail.co.uk/wires/ap/article-13941881/American-Water-cyberattack-renews-focus-protecting-critical-infrastructure.html
Populära toppdomänen .io kan vara på väg att försvinna (9 okt) https://computersweden.se/article/3553638/populara-toppdomanen-io-kan-vara-pa-vag-att-forsvinna.html
US FTC says Marriott will boost security to settle data breach charges (9 okt) https://www.reuters.com/technology/cybersecurity/us-ftc-takes-action-against-marriott-starwood-over-data-breaches-2024-10-09/
Internet Archive leaks user info and succumbs to DDoS (10 okt) https://www.theregister.com/2024/10/10/internet_archive_ddos_data_leak/
Dutch cops reveal takedown of ‘world’s largest dark web market’ (10 okt) https://www.theregister.com/2024/10/10/cannabia_bohemia_darkweb_market_investigation/
The Internet Archive taken down by DDoS attacks (10 okt) https://www.engadget.com/cybersecurity/the-internet-archive-taken-down-by-ddos-attacks-222317044.html
Firefox Zero-Day Under Attack: Update Your Browser Immediately (10 okt) https://thehackernews.com/2024/10/mozilla-warns-of-active-exploitation-in.html
Så skyddar vi Sveriges digitala infrastruktur (10 okt) https://www.di.se/debatt/sa-skyddar-vi-sveriges-digitala-infrastruktur/
Svenskarna tror cyberhoten kommer öka (11 okt) https://it-kanalen.se/svenskarna-tror-cyberhoten-kommer-oka/
Rapporter och analyser
Checkpoint 7th October– Threat Intelligence Report: https://research.checkpoint.com/2024/7th-october-threat-intelligence-report/
2024 State of the Threat: A Year in Review
https://www.secureworks.com/resources/rp-state-of-the-threat-2024
..
2024 State of the Threat Report Reveals a Resilient and Evolving Threat Landscape (8 okt)
https://www.secureworks.com/blog/2024-state-of-the-threat-report-reveals-a-resilient-and-evolving-threat-landscape
DDoS attacks are on the rise, and are increasingly politically-motivated (7 okt) https://www.techradar.com/pro/security/ddos-attacks-are-on-the-rise-and-are-increasingly-politically-motivated
Informationssäkerhet och blandat
Cybersecurity Awareness Month: Securing our world—together (1 okt) https://www.microsoft.com/en-us/security/blog/2024/10/01/cybersecurity-awareness-month-securing-our-world-together/
Expert Blog: Consumer routers targeted by multiple botnets (4 okt) https://english.ncsc.nl/latest/weblog/weblog/2024/consumer-routers-targeted-by-multiple-botnets
A Look Into Embargo Ransomware, Another Rust-Based Ransomware (4 okt) https://blog.sonicwall.com/en-us/2024/10/a-look-into-embargo-ransomware-another-rust-based-ransomware/
No Way to Hide: Uncovering New Campaigns from Daily Tunneling Detection (4 okt) https://unit42.paloaltonetworks.com/detecting-dns-tunneling-campaigns/
Sverige behöver en tydligare cybersäkerhetspolicy (7 okt) https://www.su.se/forskning/nyheter-forskning/sverige-beh%C3%B6ver-en-tydligare-cybers%C3%A4kerhetspolicy-1.769190
Så slipper du strul med bankkoder när nätbanken ligger nere (7 okt) https://svenska.yle.fi/a/7-10065114
The Disappearance of an Internet Domain (8 okt) https://every.to/p/the-disappearance-of-an-internet-domain
Cyber resilience act: Council adopts new law on security requirements for digital products (10 okt) https://www.consilium.europa.eu/en/press/press-releases/2024/10/10/cyber-resilience-act-council-adopts-new-law-on-security-requirements-for-digital-products/
Fortum: Utsatt för sabotageförsök i Finland och Sverige (10 okt) https://www.dn.se/ekonomi/fortum-utsatt-for-sabotageforsok-i-finland-och-sverige/
CERT-SE i veckan
Microsofts månatliga säkerhetsuppdateringar för oktober 2024 (9 okt) https://cert.se/2024/10/microsofts-manatliga-sakerhetsuppdateringar-for-oktober-2024.html
Kritiska sårbarheter i Ivanti Connect Secure och Policy Secure (9 okt) https://cert.se/2024/10/kritiska-sarbarheter-i-ivanti-connect-secure-och-policy-secure.html
Adobes månatliga säkerhetsuppdateringar för oktober 2024 (9 okt) https://cert.se/2024/10/adobes-manatliga-sakerhetsuppdateringar-for-oktober-2024.html
Kritisk sårbarhet i Fortinet-produkter utnyttjas aktivt (10 okt) https://www.cert.se/2024/10/kritisk-sarbarhet-i-fortinet-produkter-utnyttjas-aktivt.html
SAPs månatliga säkerhetsuppdateringar för oktober 2024 (10 okt) https://www.cert.se/2024/10/saps-manatliga-sakerhetsuppdateringar-for-oktober-2024.html