Publicerad 2023-07-14 14:36 – Veckobrev

CERT-SE:s veckobrev v.28

Här kommer det sista veckobrevet innan sommarupphållet. Det innehåller en rejäl samling sårbarhetsartiklar, inte minst från patch-tisdag, och en massa andra nyheter. 

Veckobrevet är tillbaka vecka 32! Trevlig helg!

Nyheter i veckan

Major cyber attack at Scottish university as police and government called in (7 jul)

RomCom Threat Actor Suspected of Targeting Ukraine’s NATO Membership Talks at the NATO Summit (8 jul)

French Government Allows Remote Access to Suspects’ Devices: Privacy Concerns Arise (9 jul)

Lithuania Hit by Cyberattacks on NATO Summit Eve (10 jul)

Busy Japanese port hit by cyberattack (10 jul)

Bay Area city shuts down municipal sites following cyberattack (10 juli)

Deutsche Bank confirms provider breach exposed customer data (11 jul)

The Demoscene, Now An Irreplaceable Piece Of Cultural Heritage (11 jul)

Mitigation for China-Based Threat Actor Activity (11 jul)

Tampa Bay zoo targeted in cyberattack by apparent offshoot of Royal ransomware (12 juli)

Apple re-releases zero-day patch after fixing browsing issue (12 juli)

Ransomware Attacks on Banking Industry (12 juli)

Big Head Ransomware Found in Malvertising and Fake Windows Updates (12 juli)

Cyberattack on Norwegian Refugee Council online database (13 jul)

The last Russian hacker kick at the NATO summit: a questionable data leak (13 juli)

Hackers Target Chinese Gamers With Microsoft-Signed Rootkit (13 jul)

BlackLotus UEFI Bootkit Source Code Leaked on GitHub (13 juli)

Informationssäkerhet och blandat

Google plans to scrape everything you post online to train its AI (5 jul)

Apps with 1.5M installs on Google Play send your data to China (6 jul)

June 2023’s Most Wanted Malware: Qbot Most Prevalent Malware in First Half of 2023 and Mobile Trojan SpinOk Makes its Debut (6 jul)

Data Protection: European Commission adopts new adequacy decision for safe and trusted EU-US data flows (10 jul)

Big Head’ malware threat looms, warn researchers (10 jul)

Serious Security: Rowhammer returns to gaslight your computer (10 jul)

Storm-0978 attacks reveal financial and espionage motives

EU Council cuts down special product categories in cybersecurity law (11 jul)

The Spies Who Loved You: Infected USB Drives to Steal Secrets (11 jul)

Old certificate, new signature: Open-source tools forge signature timestamps on Windows drivers (11 juli)

Inside the Mind of the Hacker: Report Shows Speed and Efficiency of Hackers in Adopting New Technologies (12 jul)

Enhanced Monitoring to Detect APT Activity Targeting Outlook Online (12 juli)

Chinese Cyberspies Used Forged Authentication Tokens to Hack Government Emails (12 jul)

How a Cloud Flaw Gave Chinese Spies a Key to Microsoft’s Kingdom (12 juli)

Microsoft SQL password-guessing attacks rising as hackers picot from OneNote vectors

USB drive malware attacks spiking again in first half of 2023 (13 jul)

New Common Vulnerability Scoring System (CVSS) set to be cyber sector game-changer (13 jul)

CERT-SE i veckan

Kritisk sårbarhet i Ghostscript PDF-bibliotek

Kritiska sårbarheter i SonicWall-produkter

Kritisk sårbarhet Citrix Secure Access för Ubuntu

Kritisk sårbarhet i Fortinet-produkter

Flera allvarliga sårbarheter i HPE Aruba-produkter

SAP:s månatliga säkerhetsuppdateringar för juli

Adobes månatliga säkerhetsuppdateringar för juli

Microsofts månatliga säkerhetsuppdateringar för juli 2023