CERT-SE:s veckobrev v.6

Denna vecka har CERT-SE publicerat ett flertal artiklar om olika kritiska sårbarheter. Säkerhetsuppdatera snarast för att undvika angrepp.

Trevlig helg!

Nyheter i veckan

Lurie Children’s Hospital took systems offline after cyberattack (2 feb) https://www.bleepingcomputer.com/news/security/lurie-childrens-hospital-took-systems-offline-after-cyberattack/

AnyDesk says hackers breached its production servers, reset passwords (2 feb) https://www.bleepingcomputer.com/news/security/anydesk-says-hackers-breached-its-production-servers-reset-passwords/

Ransomware Retrospective 2024: Unit 42 Leak Site Analysis (5 feb) https://unit42.paloaltonetworks.com/unit-42-ransomware-leak-site-data-analysis/

Dead-end job (6 feb) https://www.group-ib.com/blog/resumelooters/

Beware: Fake Facebook Job Ads Spreading ‘Ov3r_Stealer’ to Steal Crypto and Credentials (6 feb) https://thehackernews.com/2024/02/beware-fake-facebook-job-ads-spreading.html

Data breach at French healthcare services firm puts millions at risk (6 feb) https://www.bleepingcomputer.com/news/security/data-breach-at-french-healthcare-services-firm-puts-millions-at-risk/

Warning: Fraudulent App Impersonating LastPass Currently Available in Apple App Store (7 feb) https://blog.lastpass.com/2024/02/warning-fraudulent-app-impersonating-lastpass-currently-available-in-apple-app-store/

Hyundai Motor Europe hit by Black Basta ransomware attack (8 feb) https://www.bleepingcomputer.com/news/security/hyundai-motor-europe-hit-by-black-basta-ransomware-attack/

Informationssäkerhet och blandat

INTERPOL-led operation targets growing cyber threats (1 feb) https://www.interpol.int/en/News-and-Events/News/2024/INTERPOL-led-operation-targets-growing-cyber-threats

Fortfarande stora problem hos TLV efter hackerattack (1 feb) https://www.lakemedelsvarlden.se/fortfarande-stora-problem-hos-tlv-efter-hackerattack/

Finance worker pays out $25 million after video call with deepfake ‘chief financial officer’ (4 feb) https://edition.cnn.com/2024/02/04/asia/deepfake-cfo-scam-hong-kong-intl-hnk/

New Cybersecurity Performance Goals From HHS For Healthcare (5 feb) https://www.forbes.com/sites/davidchou/2024/02/05/new-cybersecurity-performance-goals-from-hhs-for-healthcare/

New kids on the ransomware block in 2023: Akira and 8Base lead dozens of newbies (6 feb) https://www.theregister.com/2024/02/06/akira_and_8base_new_ransomware_research/

Joint Statement on Ivanti Connect Secure and Ivanti Policy Secure Vulnerabilities (6feb) https://www.enisa.europa.eu/news/joint-statement-on-ivanti

Ransomware Payments Exceed $1 Billion in 2023, Hitting Record High After 2022 Decline (7 feb) https://www.chainalysis.com/blog/ransomware-2024/

KV-Botnet: Don’t call it a Comeback (7 feb) https://blog.lumen.com/kv-botnet-dont-call-it-a-comeback/

Identifying and Mitigating Living Off the Land Techniques (7 feb) https://www.cisa.gov/resources-tools/resources/identifying-and-mitigating-living-land-techniques

Cybersecurity Stop of the Month: Preventing Supply Chain Compromise (7 feb) https://www.proofpoint.com/us/blog/email-and-cloud-threats/cybersecurity-stop-month-preventing-supply-chain-compromise

The Importance of Patching: An Analysis of the Exploitation of N-Day Vulnerabilities (7feb) https://www.fortinet.com/blog/psirt-blogs/importance-of-patching-an-analysis-of-the-exploitation-of-n-day-vulnerabilities

How Hospitals Can Help Improve Medical Device Data Security (8 feb) https://www.darkreading.com/vulnerabilities-threats/how-hospitals-can-help-improve-medical-device-data-security

Spoofing Temu for Credential Harvesting (8 feb) https://blog.checkpoint.com/harmony-email/spoofing-temu-for-credential-harvesting/

CISA Partners With OpenSSF Securing Software Repositories Working Group to Release Principles for Package Repository Security (8 feb) https://www.cisa.gov/news-events/alerts/2024/02/08/cisa-partners-openssf-securing-software-repositories-working-group-release-principles-package

Patterns and Targets for Ransomware Exploitation of Vulnerabilities: 2017–2023 (8feb) https://www.recordedfuture.com/patterns-targets-ransomware-exploitation-vulnerabilities-2017-2023

Maldocs ­of Word and Excel: Vigor of the Ages (8 feb) https://research.checkpoint.com/2024/maldocs-of-word-and-excel-vigor-of-the-ages/

CERT-SE i veckan

Kritiska sårbarheter i FortiSIEM (8 feb) https://www.cert.se/2024/02/kritiska-sarbarheter-i-fortisiem

Kritiska sårbarheter i Cisco Expressway (8 feb) https://www.cert.se/2024/02/kritiska-sarbarheter-i-cisco-expressway

Kritiska RCE-sårbarheter i FortiOS (9 feb) https://www.cert.se/2024/02/kritiska-rce-sarbarheter-i-fortios

Allvarlig sårbarhet i Ivanti Connect Secure, Ivanti Policy Secure samt ZTA-gateways (9feb) https://www.cert.se/2024/02/allvarlig-sarbarhet-i-ivanti