Letter of the week
This week has been Patch Tuesday, however we have additionally seen some important vulnerabilities. Be sure that all related safety updates are accomplished as quickly as potential. With that, CERT-SE needs you a contented seventh of Could 🇳🇴 and a pleasant weekend!
Information of the week
CISA Publishing Council and Companions on Black Basta Ransomware (10 maj)
https://www.cisa.gov/news-events/alerts/2024/05/10/cisa-and-partners-release-advisory-black-basta-ransomware
..
After the Ascension ransomware assault, it points a warning in regards to the Black Basta group (11 maj)
https://therecord.media/black-basta-ransomware-alert-healthcare-fbi-cisa-hhs
Europol confirms internet portal breach, says no operational knowledge stolen (11 Could)
https://www.bleepingcomputer.com/information/safety/europol-confirms-web-portal-breach-says-no-operational-data-stolen
Metropolis of Bjurholm uncovered to IT assault – goes into workers mode (Could 13)
https://www.svt.se/nyheter/lokalt/vasterbotten/bjurholms-kommun-utsatt-for-it-attack-gar-upp-i-stabslage
Helsinki targets huge knowledge breach – as much as 80,000 college students’ private knowledge might have been leaked (Could 13)
https://svenska.yle.fi/a/7-10056725
Malicious Python bundle hides Sliver C2 framework in Pretend Utility Library emblem (13 maj)
https://thehackernews.com/2024/05/malicious-python-package-hides-sliver.html
AI pink workforce instruments helped X-Drive enter a serious tech producer ‘in 8 hours’ (13 maj)
https://www.theregister.com/2024/05/13/ai_xforce_red_penetration
MITER Releases EMB3D – A Cybersecurity Risk Mannequin for Embedded Gadgets (13 maj)
https://www.mitre.org/news-insights/news-release/mitre-releases-emb3d-cybersecurity-threat-model-embedded-devices
How did authorities establish the alleged Boss Lockbit? (13 months)
https://krebsonsecurity.com/2024/05/how-did-authorities-identify-the-alleged-lockbit-boss
Log4Shell reveals no signal of fading, seen in 30% of CVE exploits (14 maj)
https://www.helpnetsecurity.com/2024/05/14/log4j-wan-insecure-protocols
Steering for organizations contemplating cost in ransomware incidents (14 maj)
https://www.ncsc.gov.uk/steerage/organisations-considering-payment-in-ransomware-incidents
Mitigating cyber threats with restricted assets: Steering for Civil Society (14 Could)
https://www.cisa.gov/resources-tools/assets/mitigating-cyber-threats-limited-resources-guidance-civil-society
Cybersecurity spotlight of the month: impersonation assaults focusing on the provision chain (Could 14)
https://www.proofpoint.com/us/weblog/email-and-cloud-threats/impersonation-attacks-target-supply-chain
ESET Analysis: Ebury botnet alive & rising; 400k Linux servers compromised for cryptocurrency theft and monetary acquire (15 maj)
https://www.eset.com/us/about/newsroom/press-releases/eset-research-ebury-botnet-alive-growing
FBI seizes BreachForums hacking discussion board – once more (Could 15)
https://techcrunch.com/2024/05/15/fbi-seizes-hacking-forum-breachforums-again
Santander Information Breach Impacts Prospects, Workers (15 Could)
https://www.securityweek.com/santander-data-breach-impacts-customers-employees
EU’s failure to include spy ware reveals lack of political will, MP says (15 Could)
https://therecord.media/eu-failure-spyware-political-will
Danger of actors misusing Fast Help in social engineering assaults resulting in ransomware (15 maj)
https://www.microsoft.com/en-us/safety/weblog/2024/05/15/threat-actors-misusing-quick-assist-in-social-engineering-attacks-leading-to-ransomware
Addressing at this time’s human threats in cybersecurity: insights from the Verizon DBIR 2024 (Could 16)
https://www.sans.org/weblog/tackling-modern-human-risks-in-cybersecurity-insights-from-the-verizon-dbir-2024
New menace insights counsel cybercriminals are more and more focusing on the pharmacy sector (16 Could)
https://www.proofpoint.com/us/weblog/email-and-cloud-threats/cybercriminals-increasingly-targeting-pharmacy-sector
Experiences and analyses
Report: Risk evaluation for Swedish banks in 2024 (Could 13)
https://www.swedishbankers.se/fraagor-vi-arbetar-med/saekerhet/sakerhet/rapport-hotbildsbedoemning-foer-sveriges-banker-2024
..
https://www.swedishbankers.se/media/5820/hotbildsbedoemning-foer-sveriges-banker-2024.pdf
Utilizing DNS Tunneling for Discovery and Scanning (13 maj)
https://unit42.paloaltonetworks.com/three-dns-tunneling-campaigns
CISA Publishes Encrypted DNS Implementation Steering for Federal Businesses (Could 16)
https://www.cisa.gov/news-events/information/cisa-publishes-encrypted-dns-implementation-guidance-federal-agencies
..
https://www.cisa.gov/websites/default/recordsdata/2024-05/Encryptedpercent20DNSpercent20Implementationpercent20Guidance_508c.pdf
To the moon and again (doorways): Lunar touchdown in diplomatic missions (15 maj)
https://www.welivesecurity.com/en/eset-research/moon-backdoors-lunar-landing-diplomatic-missions
Payoff developments in OneNote malicious samples (Could 16)
https://unit42.paloaltonetworks.com/payloads-in-malicious-onenote-samples
Data safety and miscellaneous
Sweden builds AI for all European languages (Could 16)
https://www.dn.se/sverige/sverige-bygger-ai-for-alla-europeiska-sprak
CERT-SE this week
Essential Vulnerability in Intel Neural Compressor (Could 16)
https://www.cert.se/2024/05/kritisk-sarbarhet-i-intel-neural-compressor.html
Essential vulnerability impacts SAP merchandise (Could 15)
https://www.cert.se/2024/05/kritiska-sarbarheter-paverkar-sap-produkter.html
Adobe’s month-to-month safety updates for Could 2024 (Could 15)
https://www.cert.se/2024/05/adobes-manatliga-sakerhetsupdatelingar-for-maj-2024.html
Microsoft’s month-to-month safety updates for Could 2024 (Could 15)
https://www.cert.se/2024/05/microsofts-manatliga-sakershetsupdatelingar-for-maj-2024.html
Essential vulnerability in ARM Solarwind (Could 13)
https://www.cert.se/2024/05/kritisk-sarbarhet-i-solarwinds-arm.html
2024-05-17 11:58:57
#CERTSE #Weekly #E-newsletter #v.20 #CERTSE