Publicerad: 2022-06-17 15:51

CERT-SE:s veckobrev v.24

Patch-tisdag, phishing och Panchan … lite från ännu en händelserik veckan. Flera versioner av Internet Explorer har gått i graven och fortfarande finns det anledning att uppmana till extra vaksamhet gällande phishing. Trevlig helg!

Nyheter i veckan

MIT Researchers Discover New Flaw in Apple M1 CPUs That Can’t Be Patched (11 jun)
https://thehackernews.com/2022/06/mit-researchers-discover-new-flaw-in.html

PyPI package ‘keep’ mistakenly included a password stealer (12 jun)
https://www.bleepingcomputer.com/news/security/pypi-package-keep-mistakenly-included-a-password-stealer/

Kaiser Permanente data breach exposes health data of 69K people (13 jun)
https://www.bleepingcomputer.com/news/security/kaiser-permanente-data-breach-exposes-health-data-of-69k-people/

Cloudflare Saw Record-Breaking DDoS Attack Peaking at 26 Million Request Per Second (14 jun)
https://thehackernews.com/2022/06/cloudflare-saw-record-breaking-ddos.html

Firefox rolls out Total Cookie Protection by default to all users worldwide (14 jun)
https://blog.mozilla.org/en/products/firefox/firefox-rolls-out-total-cookie-protection-by-default-to-all-users-worldwide/

Svenska storföretag dåligt skyddade mot mejl-spoofing – ”nonchalant och allvarligt” (15 jun)
https://computersweden.idg.se/2.2683/1.767533/svenska-storforetag-daligt-skyddade-mot-mejl-spoofing–nonchalant-och-allvarligt

Hertzbleed Side-Channel Attack allows to remotely steal encryption keys from AMD and Intel chips (15 jun)
https://securityaffairs.co/wordpress/132316/hacking/hertzbleed-side-channel-attack-allows-to-remotely-steal-encryption-keys-from-amd-and-intel-chips.html

Hertzbleed Attack
https://www.hertzbleed.com/

Heineken says there’s no free beer, warns of phishing scam (15 jun)
https://www.theregister.com/2022/06/15/heineken_phishing_scam/

Cybercriminals Capitalizing on Resurgence in Travel (15 jun)
https://www.darkreading.com/attacks-breaches/cybercriminals-capitalizing-on-resurgence-in-travel

New Linux Rootkit Malware ‘Syslogk’ Triggers Backdoors With Magic Packets (15 jun)
https://gbhackers.com/linux-rootkit-malware/

Sophisticated Android Spyware ‘Hermit’ Used by Governments (16 jun)
https://www.securityweek.com/sophisticated-android-spyware-hermit-used-governments

Proofpoint Discovers Potentially Dangerous Microsoft Office 365 Functionality that can Ransom Files Stored on SharePoint and OneDrive (16 jun)
https://www.proofpoint.com/us/blog/cloud-security/proofpoint-discovers-potentially-dangerous-microsoft-office-365-functionality

BlackCat ransomware

The many lives of BlackCat ransomware (13 jun)
https://www.microsoft.com/security/blog/2022/06/13/the-many-lives-of-blackcat-ransomware/

Microsoft: Exchange servers hacked to deploy BlackCat ransomware (13 jun)
https://www.bleepingcomputer.com/news/security/microsoft-exchange-servers-hacked-to-deploy-blackcat-ransomware/

Unpatched Exchange server, stolen RDP logins… How miscreants get BlackCat ransomware on your network (15 jun)
https://www.theregister.com/2022/06/15/blackcat-ransomware-microsoft/

Internet Explorer

Lifecycle FAQ - Internet Explorer and Microsoft Edge
https://docs.microsoft.com/en-us/lifecycle/faq/internet-explorer-microsoft-edge#what-is-the-lifecycle-policy-for-internet-explorer-

June 15: It’s the end of the Internet Explorer era (13 jun)
https://www.zdnet.com/article/june-15-its-the-end-of-the-internet-explorer-era/

Internet Explorer Now Retired but Still an Attacker Target (17 jun)
https://www.darkreading.com/vulnerabilities-threats/internet-explorer-will-likely-remain-an-attacker-target-for-some-time

Informationssäkerhet och blandat

Using Google Takeout to reclaim your data (11 jun)
https://www.itpro.co.uk/security/privacy/368243/using-google-takeout-to-reclaim-your-data

Your Computer Secretly Stores All Your Wi-Fi Passwords. Here’s How to Find Them (11 jun)
https://www.cnet.com/tech/computing/your-computer-secretly-stores-all-your-wi-fi-passwords-heres-how-to-find-them/

Change This Privacy Setting to Reduce Tracking on Roku, Apple TV, Fire TV and Chromecast (11 jun)
https://www.cnet.com/tech/home-entertainment/change-this-privacy-setting-to-reduce-tracking-on-roku-apple-tv-fire-tv-and-chromecast/

Conti’s Attack Against Costa Rica Sparks a New Ransomware Era (12 jun)
https://www.wired.com/story/costa-rica-ransomware-conti/

Your browser stores passwords and sensitive data in clear text in memory (12 jun)
https://www.ghacks.net/2022/06/12/your-browser-stores-passwords-and-sensitive-data-in-clear-text-in-memory/

“Downthem” DDoS-for-Hire Boss Gets 2 Years in Prison (13 jun)
https://krebsonsecurity.com/2022/06/downthem-ddos-for-hire-boss-gets-2-years-in-prison/

Ukraine Has Begun Moving Sensitive Data Outside Its Borders (14 jun)
https://nationalcybersecurity.com/ukraine-has-begun-moving-sensitive-data-outside-its-borders-cybersecurity-cyberattack-cybersecurity-infosecurity-hacker/

What is the Essential Eight (And Why Non-Aussies Should Care) (14 jun)
https://thehackernews.com/2022/06/what-is-essential-eight-and-why-non.html

Stora it-störningar påverkade akutsjukhus i Stockholm och Gotland (14 juni)
https://www.dn.se/sverige/stora-it-storningar-pa-akutsjukhus-i-stockholm/

In Case You Missed RSA Conference 2022: A News Digest (15 jun)
https://www.darkreading.com/threat-intelligence/in-case-you-missed-it-what-went-down-at-rsa-conference-2022

Why We Need Security Knowledge and Not Just Threat Intel (15 jun)
https://www.darkreading.com/threat-intelligence/why-we-need-security-knowledge-and-not-just-threat-intel

State of OT Security in 2022: Big Survey Key Insights (15 jun)
https://www.trendmicro.com/en_us/research/22/f/state-of-ot-security-2022.html

Attacks on Blockchain (15 jun)
https://securityboulevard.com/2022/06/attacks-on-blockchain-2/

Panchan’s Mining Rig: New Golang Peer-to-Peer Botnet Says “Hi!” (15 jun)
https://www.akamai.com/blog/security/new-p2p-botnet-panchan

CISOs Gain False Confidence in the Calm After the Storm of the Pandemic (16 jun)
https://www.darkreading.com/attacks-breaches/cisos-gain-false-confidence-in-the-calm-after-the-storm-of-the-pandemic

CERT-SE i veckan

Kritisk sårbarhet i Citrix ADM

Kritiska sårbarheter i Cisco-produkter

Kritisk sårbarhet påverkar SAP Business Client

Adobes månatliga säkerhetsuppdateringar för juni

Microsofts månatliga säkerhetsuppdateringar för juni 2022

Kontakta oss - dygnet runt

CERT-SE är tillgängliga dygnet runt alla dagar på året för att kunna agera och inom vårt uppdrag hjälpa verksamheter som har drabbats av it-säkerhetsincidenter.

telefon

010-240 40 40

e-post

cert@cert.se

Fler nyheter

2024-04-19 14:07

CERT-SE:s veckobrev v.16

Denna vecka gick CERT-SE ut med årets andra blixtmeddelande, gällande en kritisk sårbarhet i Palo Alto...

Veckobrev
2024-04-19 13:06 Uppdaterad

Kritiska sårbarheter i Ivanti Avalanche

Ivanti har rättat flera sårbarheter i Avalanche, varav två bedöms som kritiska. De kan kan orsaka...

Sårbarhet Ivanti Avalanche
2024-04-18 16:25

Oracles kvartalsvisa säkerhetsuppdatering för april 2024

Oracle har publicerat sina kvartalsvisa säkerhetsuppdateringar för april. Säkerhetsuppdateringarna berör ett stort antal produkter. Totalt publiceras...

Sårbarhet Oracle
2024-04-18 15:16

Allvarlig sårbarhet i Cisco IMC

En sårbarhet i CLI (command line interface) i Cisco IMC möjliggör för en autentiserad användare att...

Sårbarhet Cisco
2024-04-18 14:00 Uppdaterad Blixtmeddelande

BM24-002 Kritisk sårbarhet i PAN-OS

Palo Alto varnar om en kritisk sårbarhet i PAN-OS. Sårbarheten har fått maximal CVSS-klassning, 10 av...

Blixtmeddelande PAN-OS Palo Alto

Nyheter