CERT-SE:s veckobrev v.16

Veckobrev

Denna vecka gick CERT-SE ut med årets andra blixtmeddelande, gällande en kritisk sårbarhet i Palo Alto Networks PAN-OS. Blixtmeddelande är CERT-SE:s varningsutskick när det finns kritiska hot att informera om som kräver omedelbar eller skyndsam åtgärd. Du hittar mer information på CERT-SE:s webbplats: https://www.cert.se/2024/04/kritisk-sarbarhet-i-pan-os.html

Trevlig helg!

Nyheter i veckan

Telegram fixes Windows app zero-day used to launch Python scripts (12 apr) https://www.bleepingcomputer.com/news/security/telegram-fixes-windows-app-zero-day-used-to-launch-python-scripts/

Firebird RAT creator and seller arrested in the U.S. and Australia (13 apr) https://www.bleepingcomputer.com/news/security/firebird-rat-creator-and-seller-arrested-in-the-us-and-australia/

Researchers stop ‘credible takeover attempt’ similar to XZ Utils backdoor incident (15 apr) https://therecord.media/researchers-stop-credible-takeover-xz-utilshttps://openssf.org/blog/2024/04/15/open-source-security-openssf-and-openjs-foundations-issue-alert-for-social-engineering-takeovers-of-open-source-projects/

Crickets from Chirp Systems in Smart Lock Key Leak (15 apr) https://krebsonsecurity.com/2024/04/crickets-from-chirp-systems-in-smart-lock-key-leak/

Cisco warns of large-scale brute-force attacks against VPN services (16 apr) https://www.bleepingcomputer.com/news/security/cisco-warns-of-large-scale-brute-force-attacks-against-vpn-services/https://blog.talosintelligence.com/large-scale-brute-force-activity-targeting-vpns-ssh-services-with-commonly-used-login-credentials/

Cyberangrepp mot Norrmejerier i Umeå – produktionen nere (16 apr) https://www.svt.se/nyheter/lokalt/vasterbotten/cyberangrepp-mot-norrmejerier-i-umea-produktionen-nere

Who Stole 3.6M Tax Records from South Carolina? (16 apr) https://krebsonsecurity.com/2024/04/who-stole-3-6m-tax-records-from-south-carolina/

Svenska serverhallar avslöjade som hemliga kryptofabriker (17 apr) https://sverigesradio.se/artikel/svenska-serverhallar-avslojade-som-hemliga-kryptofabriker

UN agency says data stolen in ransomware attack (17 apr) https://therecord.media/un-agency-data-stolen-ransomware-attack

MSB-chef om svensk it-säkerhet: ”Lite pinsamt att vi inte kommit längre” (17 apr) https://www.voister.se/artikel/2024/04/msb-chef-om-svensk-it-sakerhet-lite-pinsamt-att-vi-inte-kommit-langre

UK Police Lead Disruption of £1m Phishing-as-a-Service Site LabHost (18 apr) https://www.infosecurity-magazine.com/news/uk-police-disruption-1m-phaas/

Beviset: Forum med militära hemligheter utsattes för intrång (19 apr) https://sverigesradio.se/artikel/beviset-forum-med-militara-hemligheter-utsattes-for-intrang

Rapporter och analyser

Crooks manipulate GitHub’s search results to distribute malware (13 apr) https://securityaffairs.com/161792/cyber-crime/githubs-search-results-distribute-malware.htmlhttps://checkmarx.com/blog/new-technique-to-trick-developers-detected-in-an-open-source-supply-chain-attack/

Botnets Continue Exploiting CVE-2023-1389 for Wide-Scale Spread (16 apr) https://www.fortinet.com/blog/threat-research/botnets-continue-exploiting-cve-2023-1389-for-wide-scale-spread

Researchers warn updated Cerber ransomware is targeting critical Confluence vulnerability (17 apr) https://siliconangle.com/2024/04/17/researchers-warn-updated-cerber-ransomware-targeting-critical-confluence-vulnerability/

LeakyCLI Flaw Exposes AWS and Google Cloud Credentials (16 apr) https://www.infosecurity-magazine.com/news/leakycli-exposes-aws-google-cloud/

Malicious PDF File Used As Delivery Mechanism (17 apr) https://isc.sans.edu/diary/rss/30848

#StopRansomware: Akira Ransomware (18 apr) https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-109a

Informationssäkerhet och blandat

Joint Guidance on Deploying AI Systems Securely (15 apr) https://www.cisa.gov/news-events/alerts/2024/04/15/joint-guidance-deploying-ai-systems-securely

Microsoft to tackle spam by restricting Exchange Online bulk email (16 apr) https://www.theregister.com/2024/04/16/microsoft_external_recipient_limit/

It-branschen sämst i Sverige på jämställdhet (16 apr) https://computersweden.se/article/2090867/it-branschen-samst-i-sverige-pa-jamstalldhet.html

CISA, DHS S&T and OpenSSF Announce Global Launch of Software Supply Chain Open Source Project (16 apr) https://openssf.org/press-release/2024/04/16/cisa-dhs-st-and-openssf-announce-global-launch-of-software-supply-chain-open-source-project/

Otillräckliga insatser för informations­säkerhet inom vård och omsorg (18 apr) https://riksrevisionen.se/om-riksrevisionen/kommunikation-och-media/nyhetsarkiv/2024-04-18-otillrackliga-insatser-for-informationssakerhet-inom-vard-och-omsorg.html

CERT-SE i veckan

Kritisk sårbarhet i PuTTY (16 apr) https://www.cert.se/2024/04/kritisk-sarbarhet-i-putty.html

BM24-002 Kritisk sårbarhet i PAN-OS (uppdaterad 18 apr) https://www.cert.se/2024/04/kritisk-sarbarhet-i-pan-os.html

Allvarlig sårbarhet i Cisco IMC (18 apr) https://www.cert.se/2024/04/allvarlig-sarbarhet-i-cisco-imc.html

Oracles kvartalsvisa säkerhetsuppdatering för april 2024 (18 apr) https://www.cert.se/2024/04/oracles-kvartalsvisa-sakerhetsuppdatering-for-april-2024.html

Kritiska sårbarheter i Ivanti Avalanche (uppdaterad 19 apr) https://www.cert.se/2024/04/kritiska-sarbarheter-i-ivanti-avalance.html