CERT-SE:s veckobrev v.37

VECKOBREV

Det har varit patchtisdag och CERT-SE har publicerat sammanfattningar av säkerhetsuppdateringar från Microsoft, Adobe och Ivanti. Se till att uppdatera dessa, och övriga sårbarheter vi skrivit om i veckan, så snart det går. Vi har även varit och lyssnat på intressanta föredrag och diskussioner på SEC-T, se länk till deras livestream längst ner i veckobrevet. Trevlig helg önskar CERT-SE!

Nyheter i veckan

Payment gateway data breach affects 1.7 million credit card owners (9 sep)https://www.bleepingcomputer.com/news/security/payment-gateway-data-breach-affects-17-million-credit-card-owners

Highline Public Schools closes schools following cyberattack (9 sep)https://www.bleepingcomputer.com/news/security/highline-public-schools-closes-schools-following-cyberattack

Avis Data Breach Impacts 300,000 Car Rental Customers (9 sep)https://www.securityweek.com/300000-impacted-by-data-breach-at-car-rental-firm-avis

New RAMBO Attack Allows Air-Gapped Data Theft via RAM Radio Signals (9 sep)https://www.securityweek.com/new-rambo-attack-allows-air-gapped-data-theft-via-ram-radio-signals

Nätfiskemejl sprider skadligt program i Googleskrud (10 sep)https://www.aktuellsakerhet.se/natfiskemejl-sprider-skadligt-program-i-googleskrud

Popular French retailers confirm hackers stole customer data (11 sep)https://therecord.media/france-retailers-hacked-confirm-cyberattack

SBOMs and the importance of inventory (11 sep)https://www.ncsc.gov.uk/blog-post/sboms-and-the-importance-of-inventory

UK designates the data center sector part of its ‘Critical National Infrastructure’ (12 sep)https://therecord.media/uk-designates-data-centers-critical-infrastructure

BT logs 2,000 signals of potential cyber attacks per second (12 sep)https://www.commsbusiness.co.uk/content/news/bt-logs-2-000-signals-of-potential-cyber-attacks-per-second

Data centres to be given massive boost and protections from cyber criminals and IT blackouts (12 sep)https://www.gov.uk/government/news/data-centres-to-be-given-massive-boost-and-protections-from-cyber-criminals-and-it-blackouts

New Android Malware ‘Ajina.Banker’ Steals Financial Data and Bypasses 2FA via Telegram (12 sep)https://thehackernews.com/2024/09/new-android-malware-ajinabanker-steals.html

Fortinet confirms data breach after hacker claims to steal 440GB of files (12 sep)https://www.bleepingcomputer.com/news/security/fortinet-confirms-data-breach-after-hacker-claims-to-steal-440gb-of-files

Transport for London confirms 5,000 users’ bank data exposed, pulls large chunks of IT infra offline (12 sep)https://www.theregister.com/2024/09/12/transport_for_londons_cyber_attack

Falska uppdateringar drabbar många svenska företag (13 sep)https://www.securityuser.com/se/Nyheter/Samhalle/falska-uppdateringar-drabbar-manga-svenska-foretag

It-expertens känga till Hofors kommun: ”På gränsen till tjänstefel” (13 sep)https://www.svt.se/nyheter/lokalt/gavleborg/it-expertens-kanga-till-hofors-kommun-pa-gransen-till-tjanstefel

Rapporter och analyser

Earth Preta Evolves its Attacks with New Malware and Strategies (9 sep)https://www.trendmicro.com/en_us/research/24/i/earth-preta-new-malware-and-strategies.html

Threat Assessment: Repellent Scorpius, Distributors of Cicada3301 Ransomware (10 sep)https://unit42.paloaltonetworks.com/repellent-scorpius-cicada3301-ransomware

H1 2024: Malware and Vulnerability Trends Report (10 sep)https://www.recordedfuture.com/research/h1-2024-malware-and-vulnerability-trends-report

Blog: Key Findings from Ontinue’s 1H 2024 Threat Intelligence Report (10 sep)https://www.ontinue.com/resource/1h-2024-threat-intelligence-report

Protecting Against RCE Attacks Abusing WhatsUp Gold Vulnerabilities (12 sep)https://www.trendmicro.com/en_us/research/24/i/whatsup-gold-rce.html

Informationssäkerhet och blandat

Recommendations on hosting sensitive information systems in the cloud (4 sep)https://cyber.gouv.fr/en/publications/recommendations-hosting-sensitive-information-systems-cloud

Commercial Spyware Use Roars Back Despite Sanctions (6 sep)https://www.darkreading.com/threat-intelligence/commercial-spyware-use-roars-back-despite-sanctions

SEC-T livestream (10-12 sep)https://www.sec-t.org/

CERT-SE i veckan

Kritisk sårbarhet i SonicWall (9 sep)https://www.cert.se/2024/09/kritisk-sarbarhet-i-SonicWall.html

Microsofts månatliga säkerhetsuppdateringar för september 2024 (11 sep)https://www.cert.se/2024/09/microsofts-manatliga-sakerhetsuppdateringar-for-september-2024.html

Adobes månatliga säkerhetsuppdateringar för september 2024 (11 sep)https://www.cert.se/2024/09/adobes-manatliga-sakerhetsuppdateringar-for-september-2024.html

Kritiska sårbarheter i Ivanti-produkter (11 sep)https://www.cert.se/2024/09/kritiska-sarbarheter-i-ivantiprodukter.html

Kritisk sårbarhet i Gitlab (12 sep)https://www.cert.se/2024/09/kritisk-sarbarhet-i-GitLab.html