VECKOBREV

Det har varit patchtisdag och CERT-SE har publicerat sammanfattningar av säkerhetsuppdateringar från Microsoft, Adobe och Ivanti. Se till att uppdatera dessa, och övriga sårbarheter vi skrivit om i veckan, så snart det går. Vi har även varit och lyssnat på intressanta föredrag och diskussioner på SEC-T, se länk till deras livestream längst ner i veckobrevet. Trevlig helg önskar CERT-SE!

Nyheter i veckan

Payment gateway data breach affects 1.7 million credit card owners (9 sep)https://www.bleepingcomputer.com/news/security/payment-gateway-data-breach-affects-17-million-credit-card-owners

Highline Public Schools closes schools following cyberattack (9 sep)https://www.bleepingcomputer.com/news/security/highline-public-schools-closes-schools-following-cyberattack

Avis Data Breach Impacts 300,000 Car Rental Customers (9 sep)https://www.securityweek.com/300000-impacted-by-data-breach-at-car-rental-firm-avis

New RAMBO Attack Allows Air-Gapped Data Theft via RAM Radio Signals (9 sep)https://www.securityweek.com/new-rambo-attack-allows-air-gapped-data-theft-via-ram-radio-signals

Nätfiskemejl sprider skadligt program i Googleskrud (10 sep)https://www.aktuellsakerhet.se/natfiskemejl-sprider-skadligt-program-i-googleskrud

Popular French retailers confirm hackers stole customer data (11 sep)https://therecord.media/france-retailers-hacked-confirm-cyberattack

SBOMs and the importance of inventory (11 sep)https://www.ncsc.gov.uk/blog-post/sboms-and-the-importance-of-inventory

UK designates the data center sector part of its ‘Critical National Infrastructure’ (12 sep)https://therecord.media/uk-designates-data-centers-critical-infrastructure

BT logs 2,000 signals of potential cyber attacks per second (12 sep)https://www.commsbusiness.co.uk/content/news/bt-logs-2-000-signals-of-potential-cyber-attacks-per-second

Data centres to be given massive boost and protections from cyber criminals and IT blackouts (12 sep)https://www.gov.uk/government/news/data-centres-to-be-given-massive-boost-and-protections-from-cyber-criminals-and-it-blackouts

New Android Malware ‘Ajina.Banker’ Steals Financial Data and Bypasses 2FA via Telegram (12 sep)https://thehackernews.com/2024/09/new-android-malware-ajinabanker-steals.html

Fortinet confirms data breach after hacker claims to steal 440GB of files (12 sep)https://www.bleepingcomputer.com/news/security/fortinet-confirms-data-breach-after-hacker-claims-to-steal-440gb-of-files

Transport for London confirms 5,000 users’ bank data exposed, pulls large chunks of IT infra offline (12 sep)https://www.theregister.com/2024/09/12/transport_for_londons_cyber_attack

Falska uppdateringar drabbar många svenska företag (13 sep)https://www.securityuser.com/se/Nyheter/Samhalle/falska-uppdateringar-drabbar-manga-svenska-foretag

It-expertens känga till Hofors kommun: ”På gränsen till tjänstefel” (13 sep)https://www.svt.se/nyheter/lokalt/gavleborg/it-expertens-kanga-till-hofors-kommun-pa-gransen-till-tjanstefel

Rapporter och analyser

Earth Preta Evolves its Attacks with New Malware and Strategies (9 sep)https://www.trendmicro.com/en_us/research/24/i/earth-preta-new-malware-and-strategies.html

Threat Assessment: Repellent Scorpius, Distributors of Cicada3301 Ransomware (10 sep)https://unit42.paloaltonetworks.com/repellent-scorpius-cicada3301-ransomware

H1 2024: Malware and Vulnerability Trends Report (10 sep)https://www.recordedfuture.com/research/h1-2024-malware-and-vulnerability-trends-report

Blog: Key Findings from Ontinue’s 1H 2024 Threat Intelligence Report (10 sep)https://www.ontinue.com/resource/1h-2024-threat-intelligence-report

Protecting Against RCE Attacks Abusing WhatsUp Gold Vulnerabilities (12 sep)https://www.trendmicro.com/en_us/research/24/i/whatsup-gold-rce.html

Informationssäkerhet och blandat

Recommendations on hosting sensitive information systems in the cloud (4 sep)https://cyber.gouv.fr/en/publications/recommendations-hosting-sensitive-information-systems-cloud

Commercial Spyware Use Roars Back Despite Sanctions (6 sep)https://www.darkreading.com/threat-intelligence/commercial-spyware-use-roars-back-despite-sanctions

SEC-T livestream (10-12 sep)https://www.sec-t.org/

CERT-SE i veckan

Kritisk sårbarhet i SonicWall (9 sep)https://www.cert.se/2024/09/kritisk-sarbarhet-i-SonicWall.html

Microsofts månatliga säkerhetsuppdateringar för september 2024 (11 sep)https://www.cert.se/2024/09/microsofts-manatliga-sakerhetsuppdateringar-for-september-2024.html

Adobes månatliga säkerhetsuppdateringar för september 2024 (11 sep)https://www.cert.se/2024/09/adobes-manatliga-sakerhetsuppdateringar-for-september-2024.html

Kritiska sårbarheter i Ivanti-produkter (11 sep)https://www.cert.se/2024/09/kritiska-sarbarheter-i-ivantiprodukter.html

Kritisk sårbarhet i Gitlab (12 sep)https://www.cert.se/2024/09/kritisk-sarbarhet-i-GitLab.html

VECKOBREV

Det har varit en händelserik vecka på it-säkerhetsområdet, både nationellt och internationellt. Här hittar du blandade nyheter och inlägg från veckan som gått.

Trevlig helg!

Nyheter i veckan

Toronto school board confirms students’ info stolen as LockBit claims breach (30 aug)https://therecord.media/toronto-school-district-board-ransomware

Researcher sued for sharing data stolen by ransomware with media (30 aug)https://www.bleepingcomputer.com/news/security/researcher-sued-for-sharing-data-stolen-by-ransomware-with-media/

Check your IP cameras: There’s a new Mirai botnet on the rise (31 aug)https://www.theregister.com/2024/08/31/ip_cameras_mirai_botnet/

Linux version of new Cicada ransomware targets VMware ESXi servers (1 sep)https://www.bleepingcomputer.com/news/security/cicada3301-ransomwares-linux-encryptor-targets-vmware-esxi-systems/

German air traffic control agency confirms cyberattack, says operations unaffected (2 sep)https://therecord.media/german-air-traffic-control-company-deutsche-flugsicherung-cyberattack

Få svenska företag har en genomtänkt strategi för AI (2 sep)https://computersweden.se/article/3499748/fa-svenska-foretag-har-en-genomtankt-strategi-for-ai.html

Transport for London (TfL) is dealing with an ongoing cyberattack (2 sep)https://securityaffairs.com/167946/hacking/transport-for-london-tfl-ongoing-cyberattack.html

Säkerhetskollen: Varning för kryptobedrägeri (2 sep)https://sakerhetskollen.se/aktuella-brott/varning-for-kryptobedrageri

Ransomware Gangs Pummel Southeast Asia (2 sep)https://www.darkreading.com/cyber-risk/ransomware-gangs-pummel-southeast-asia

Ex-Engineer Charged in Missouri for Failed $750,000 Bitcoin Extortion Attempt (3 sep)https://thehackernews.com/2024/09/ex-engineer-charged-in-missouri-for.html

Oil titan Halliburton confirms data was stolen in cyberattack (3 sep)https://therecord.media/halliburton-confirms-data-stolen-in-incident

The government isn’t ready for cyber chaos in the food and agriculture sector (3 sep)https://therecord.media/government-is-not-ready-for-food-agriculture-cybersecurity-usda

YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel (3 sep)https://arstechnica.com/security/2024/09/yubikeys-are-vulnerable-to-cloning-attacks-thanks-to-newly-discovered-side-channel/

Clearview AI Faces €30.5M Fine for Building Illegal Facial Recognition Database (4 sep)https://thehackernews.com/2024/09/clearview-ai-faces-305m-fine-for.html

Ängelholm kommun satsar på brottsförebyggande arbete i den digitala miljön (4 sep)https://www.aktuellsakerhet.se/angelholm-kommun-satsar-pa-brottsforebyggande-arbete-i-den-digitala-miljon/

Cyberattack confirmed by Planned Parenthood of Montana amid RansomHub claims (5 sep)https://www.scmagazine.com/brief/cyberattack-confirmed-by-planned-parenthood-of-montana-amid-ransomhub-claims

Sommar och sol – då surfar svenskarna som mest (5 sep)https://computersweden.se/article/3505465/sommar-och-sol-da-surfar-svenskarna-som-mest.html

Three Billion Packets Per Second DDoS Attack Stopped (5 sep)https://insight.scmagazineuk.com/three-billion-packets-per-second-ddos-attack-stopped

Elektroskandia hackade – centrallagret i Örebro påverkat (5 sep)https://www.svt.se/nyheter/lokalt/orebro/elektroskandia-hackade-centrallagret-i-orebro-paverkat

Pavel Durov Criticizes Outdated Laws After Arrest Over Telegram Criminal Activity (6 sep)https://thehackernews.com/2024/09/paul-durov-criticizes-outdated-laws.html

Rapporter och fördjupningar

State-backed attackers and commercial surveillance vendors repeatedly use the same exploits (29 aug)https://blog.google/threat-analysis-group/state-backed-attackers-and-commercial-surveillance-vendors-repeatedly-use-the-same-exploits/

Dissecting the Cicada (30 aug)https://www.truesec.com/hub/blog/dissecting-the-cicada

Spoofed GlobalProtect Used to Deliver Unique WikiLoader Variant (2 sep)https://unit42.paloaltonetworks.com/global-protect-vpn-spoof-distributes-wikiloader/

CERT-EU Threat Intelligence: Cyber Brief August 2024 (4 sep)https://www.cert.europa.eu/publications/threat-intelligence/cb24-09/

Getting “in tune” with an enterprise: Detecting Intune lateral movement (4 sep)https://securityintelligence.com/x-force/detecting-intune-lateral-movement/

SANS: Enrichment Data – Keeping it Fresh (5 sep)https://isc.sans.edu/diary/Enrichment%20Data%3A%20Keeping%20it%20Fresh/31236

Informationssäkerhet och blandat

Connected Communities Guidance: Zero Trust to Protect Interconnected Systems (29 aug)https://www.cisa.gov/resources-tools/resources/connected-communities-guidance-zero-trust-protect-interconnected-systems

Internationella Sudoku-dagen 9 september: No Such Puzzle – Bite-sized Sudoku (31 aug)https://www.nsa.gov/Puzzles/View/Article/3891254/no-such-puzzle-bite-sized-sudoku/

Digital twins: secure design and development (2 sep)https://www.ncsc.gov.uk/blog-post/digital-twins-secure-design-development

Här är Folkhälsomyndighetens nya rekommendationer kring barns skärmtid (2 sep)https://www.svt.se/nyheter/inrikes/ungas-skarmanvandning-kan-skada-halsan-nu-foreslas-rekommendationer

White House Office of the National Cyber Director Releases Roadmap to Enhance Internet Routing Security (3 sep)https://www.whitehouse.gov/oncd/briefing-room/2024/09/03/press-release-white-house-office-of-the-national-cyber-director-releases-roadmap-to-enhance-internet-routing-security/

Förtroendet för biometri ökar – var tredje svensk vill låsa upp allt med fingeravtryck (4 sep)https://www.aktuellsakerhet.se/fortroendet-for-biometri-okar-var-tredje-svensk-vill-lasa-upp-allt-med-fingeravtryck/

CERT-SE i veckan

Kritisk sårbarhet i Zyxel-produkter (3 sep)https://www.cert.se/2024/09/kritisk-sarbarhet-i-zyxel-produkter.html