Essential Cybersecurity Threats and Vulnerabilities of the Week: CERT-SE Replace (Could 2024)

Letter of the week

This week has been Patch Tuesday, however we have additionally seen some important vulnerabilities. Be sure that all related safety updates are accomplished as quickly as potential. With that, CERT-SE needs you a contented seventh of Could 🇳🇴 and a pleasant weekend!

Information of the week

CISA Publishing Council and Companions on Black Basta Ransomware (10 maj)
https://www.cisa.gov/news-events/alerts/2024/05/10/cisa-and-partners-release-advisory-black-basta-ransomware
..

After the Ascension ransomware assault, it points a warning in regards to the Black Basta group (11 maj)
https://therecord.media/black-basta-ransomware-alert-healthcare-fbi-cisa-hhs

Europol confirms internet portal breach, says no operational knowledge stolen (11 Could)
https://www.bleepingcomputer.com/information/safety/europol-confirms-web-portal-breach-says-no-operational-data-stolen

Metropolis of Bjurholm uncovered to IT assault – goes into workers mode (Could 13)
https://www.svt.se/nyheter/lokalt/vasterbotten/bjurholms-kommun-utsatt-for-it-attack-gar-upp-i-stabslage

Helsinki targets huge knowledge breach – as much as 80,000 college students’ private knowledge might have been leaked (Could 13)
https://svenska.yle.fi/a/7-10056725

Malicious Python bundle hides Sliver C2 framework in Pretend Utility Library emblem (13 maj)
https://thehackernews.com/2024/05/malicious-python-package-hides-sliver.html

AI pink workforce instruments helped X-Drive enter a serious tech producer ‘in 8 hours’ (13 maj)
https://www.theregister.com/2024/05/13/ai_xforce_red_penetration

MITER Releases EMB3D – A Cybersecurity Risk Mannequin for Embedded Gadgets (13 maj)
https://www.mitre.org/news-insights/news-release/mitre-releases-emb3d-cybersecurity-threat-model-embedded-devices

How did authorities establish the alleged Boss Lockbit? (13 months)
https://krebsonsecurity.com/2024/05/how-did-authorities-identify-the-alleged-lockbit-boss

Log4Shell reveals no signal of fading, seen in 30% of CVE exploits (14 maj)
https://www.helpnetsecurity.com/2024/05/14/log4j-wan-insecure-protocols

Steering for organizations contemplating cost in ransomware incidents (14 maj)
https://www.ncsc.gov.uk/steerage/organisations-considering-payment-in-ransomware-incidents

Mitigating cyber threats with restricted assets: Steering for Civil Society (14 Could)
https://www.cisa.gov/resources-tools/assets/mitigating-cyber-threats-limited-resources-guidance-civil-society

Cybersecurity spotlight of the month: impersonation assaults focusing on the provision chain (Could 14)
https://www.proofpoint.com/us/weblog/email-and-cloud-threats/impersonation-attacks-target-supply-chain

ESET Analysis: Ebury botnet alive & rising; 400k Linux servers compromised for cryptocurrency theft and monetary acquire (15 maj)
https://www.eset.com/us/about/newsroom/press-releases/eset-research-ebury-botnet-alive-growing

FBI seizes BreachForums hacking discussion board – once more (Could 15)
https://techcrunch.com/2024/05/15/fbi-seizes-hacking-forum-breachforums-again

Santander Information Breach Impacts Prospects, Workers (15 Could)
https://www.securityweek.com/santander-data-breach-impacts-customers-employees

EU’s failure to include spy ware reveals lack of political will, MP says (15 Could)
https://therecord.media/eu-failure-spyware-political-will

Danger of actors misusing Fast Help in social engineering assaults resulting in ransomware (15 maj)
https://www.microsoft.com/en-us/safety/weblog/2024/05/15/threat-actors-misusing-quick-assist-in-social-engineering-attacks-leading-to-ransomware

Addressing at this time’s human threats in cybersecurity: insights from the Verizon DBIR 2024 (Could 16)
https://www.sans.org/weblog/tackling-modern-human-risks-in-cybersecurity-insights-from-the-verizon-dbir-2024

New menace insights counsel cybercriminals are more and more focusing on the pharmacy sector (16 Could)
https://www.proofpoint.com/us/weblog/email-and-cloud-threats/cybercriminals-increasingly-targeting-pharmacy-sector

Experiences and analyses

Report: Risk evaluation for Swedish banks in 2024 (Could 13)
https://www.swedishbankers.se/fraagor-vi-arbetar-med/saekerhet/sakerhet/rapport-hotbildsbedoemning-foer-sveriges-banker-2024
..

https://www.swedishbankers.se/media/5820/hotbildsbedoemning-foer-sveriges-banker-2024.pdf

Utilizing DNS Tunneling for Discovery and Scanning (13 maj)
https://unit42.paloaltonetworks.com/three-dns-tunneling-campaigns

CISA Publishes Encrypted DNS Implementation Steering for Federal Businesses (Could 16)
https://www.cisa.gov/news-events/information/cisa-publishes-encrypted-dns-implementation-guidance-federal-agencies
..

https://www.cisa.gov/websites/default/recordsdata/2024-05/Encryptedpercent20DNSpercent20Implementationpercent20Guidance_508c.pdf

To the moon and again (doorways): Lunar touchdown in diplomatic missions (15 maj)
https://www.welivesecurity.com/en/eset-research/moon-backdoors-lunar-landing-diplomatic-missions

Payoff developments in OneNote malicious samples (Could 16)
https://unit42.paloaltonetworks.com/payloads-in-malicious-onenote-samples

Data safety and miscellaneous

Sweden builds AI for all European languages ​​(Could 16)
https://www.dn.se/sverige/sverige-bygger-ai-for-alla-europeiska-sprak

CERT-SE this week

Essential Vulnerability in Intel Neural Compressor (Could 16)
https://www.cert.se/2024/05/kritisk-sarbarhet-i-intel-neural-compressor.html

Essential vulnerability impacts SAP merchandise (Could 15)
https://www.cert.se/2024/05/kritiska-sarbarheter-paverkar-sap-produkter.html

Adobe’s month-to-month safety updates for Could 2024 (Could 15)
https://www.cert.se/2024/05/adobes-manatliga-sakerhetsupdatelingar-for-maj-2024.html

Microsoft’s month-to-month safety updates for Could 2024 (Could 15)
https://www.cert.se/2024/05/microsofts-manatliga-sakershetsupdatelingar-for-maj-2024.html

Essential vulnerability in ARM Solarwind (Could 13)
https://www.cert.se/2024/05/kritisk-sarbarhet-i-solarwinds-arm.html