CERT-SE:s veckobrev v.38
En händelserik vecka som fört med sig stora satsningar på informations- och cybersäkerhet i höstbudgeten och ett internationellt tillslag mot den krypterade kommunikationstjänsten Ghost.
Trevlig helg!
Nyheter i veckan
1.3 million Android-based TV boxes backdoored; researchers still don’t know how (13 sep) https://arstechnica.com/security/2024/09/researchers-still-dont-know-how-1-3-million-android-streaming-boxes-were-backdoored/
Ransomware Group Leaks Data Allegedly Stolen From Kawasaki Motors (16 sep) https://www.securityweek.com/ransomware-group-leaks-data-allegedly-stolen-from-kawasaki-motors/
Data on nearly 1 million NHS patients leaked online following ransomware attack on London hospitals (16 sep) https://therecord.media/data-on-nearly-1-million-nhs-patients-leaked-hospital-ransomware
Owner of only US platinum mine confirms data breach after ransomware claims (16 sep) https://therecord.media/stillwater-mining-company-montana-platinum-data-breach
Google Fixes GCP Composer Flaw That Could’ve Led to Remote Code Execution (16 sep) https://thehackernews.com/2024/09/google-fixes-gcp-composer-flaw-that.html
Recent WhatsUp Gold Vulnerabilities Possibly Exploited in Ransomware Attacks (17 sep) https://www.securityweek.com/recent-whatsup-gold-vulnerabilities-possibly-exploited-in-ransomware-attacks/
Krypterad kommunikationstjänst har slagits ut i en internationell polisoperation (18 sep)
https://polisen.se/aktuellt/nyheter/nationell/2024/september/krypterad-kommunikationstjanst-har-slagits-ut-i-en-internationell-polisoperation/
…
Global Coalition Takes Down New Criminal Communication Platform (18 sep)
https://www.europol.europa.eu/media-press/newsroom/news/global-coalition-takes-down-new-criminal-communication-platform
Historisk satsning på cybersäkerhet (18 sep) https://regeringen.se/pressmeddelanden/2024/09/historisk-satsning-pa-cybersakerhet/
Chinese botnet infects 260,000 SOHO routers, IP cameras with malware (18 sep) https://www.bleepingcomputer.com/news/security/flax-typhoon-hackers-infect-260-000-routers-ip-cameras-with-botnet-malware/
Providence public schools still struggling with internet outages after ‘irregular activity’ (18 sep) https://therecord.media/providence-schools-outage-cyberattack-wifi
Germany seizes leak site of ‘Vanir’ ransomware operation (18 sep) https://therecord.media/germany-seizes-vanir-ransomware-leak
FTC exposes massive surveillance of kids, teens by social media giants (19 sep) https://www.bleepingcomputer.com/news/technology/ftc-exposes-massive-surveillance-of-kids-teens-by-social-media-giants/
Rapporter och fördjupningar
Malware locks browser in kiosk mode to steal Google credentials (14 sep) https://www.bleepingcomputer.com/news/security/malware-locks-browser-in-kiosk-mode-to-steal-google-credentials/
16th September – Threat Intelligence Report (16 sep) https://research.checkpoint.com/2024/16th-september-threat-intelligence-report/
Beware the Rising Tide: Financial Services Is Awash in Attacks (17 sep) https://www.akamai.com/blog/security/financial-services-is-awash-in-attacks
What Can We Learn From NIST Cybersecurity Framework (CSF) 2.0? (17 sep) https://techround.co.uk/tech/what-can-learn-nist-cybersecurity-framework-csf/
Storm clouds on the horizon: Resurgence of TeamTNT? (18 sep) https://www.group-ib.com/blog/teamtnt/
Exotic SambaSpy is now dancing with Italian users (18 sep) https://securelist.com/sambaspy-rat-targets-italian-users/113851/
ENISA Threat Landscape 2024 (19 sep) https://www.enisa.europa.eu/publications/enisa-threat-landscape-2024
Evilginx Gmail & Outlook Attacks Can Bypass 2FA, Security Expert Warns (19 sep) https://www.forbes.com/sites/daveywinder/2024/09/19/evilginx-gmail--outlook-attacks-can-bypass-2fa-security-expert-warns/
UNC1860 and the Temple of Oats: Iran’s Hidden Hand in Middle Eastern Networks (19 sep) https://cloud.google.com/blog/topics/threat-intelligence/unc1860-iran-middle-eastern-networks/
Informationssäkerhet och blandat
Secure by Design Alert: Eliminating Cross-Site Scripting Vulnerabilities (17 sep) https://www.cisa.gov/resources-tools/resources/secure-design-alert-eliminating-cross-site-scripting-vulnerabilities
Har du koll på dina SaaS-backuper? (18 sep) https://computersweden.se/article/3514909/har-du-koll-pa-dina-saas-backuper.html
Ready to Rumble: US Women’s Cyber Team Preps for Global CTF Contest (18 sep) https://www.darkreading.com/cybersecurity-operations/us-women-cyber-team-global-ctf-contest
Unexplained ‘Noise Storms’ flood the Internet, puzzle experts (19 sep) https://www.bleepingcomputer.com/news/security/unexplained-noise-storms-flood-the-internet-puzzle-experts/
CISA boss: Makers of insecure software are the real cyber villains (20 sep) https://www.theregister.com/2024/09/20/cisa_sloppy_vendors_cybercrime_villains/
Companies Often Pay Ransomware Attackers Multiple Times (20 sep) https://securityboulevard.com/2024/09/companies-often-pay-ransomware-attackers-multiple-times/
CERT-SE i veckan
Kritisk sårbarhet i Solarwinds Access Rights Manager (13 sep) https://www.cert.se/2024/09/kritisk-sarbarhet-i-solarwinds-access-rights-manager.html
Kritiska sårbarheter i Ivanti-produkter (Uppdaterad 16 sep) https://www.cert.se/2024/09/kritiska-sarbarheter-i-ivantiprodukter.html
Kritisk sårbarhet i VMware vCenter Server (18 sep) https://www.cert.se/2024/09/kritiska-sarbarheter-i-vmware-vcenter-server.html
Kritisk sårbarhet i GitLab (19 sep) https://www.cert.se/2024/09/kritisk-sarbarhet-i-GitLab-SAML.html
Kritiska sårbarheter i Ivanti-produkter (uppdaterad 20 sep) https://www.cert.se/2024/09/kritiska-sarbarheter-i-ivantiprodukter.html