CERT-SE:s veckobrev v.20VeckobrevDenna vecka har det varit patchtisdag, men vi har Ă€ven uppmĂ€rksammat ytterligare nĂ„gra kritiska sĂ„rbarheter. Se till att alla relevanta sĂ€kerhetsuppdateringar Ă€r genomförda sĂ„ snart det gĂ„r. Med det sĂ„ önskar CERT-SE en glad syttende mai đłđŽ och en trevlig helg! Nyheter i veckanCISA and Partners Release Advisory on Black Basta Ransomware (10 maj) https://www.cisa.gov/news-events/alerts/2024/05/10/cisa-and-partners-release-advisory-black-basta-ransomware ..After Ascension ransomware attack, feds issue alert on Black Basta group (11 maj) https://therecord.media/black-basta-ransomware-alert-healthcare-fbi-cisa-hhsEuropol confirms web portal breach, says no operational data stolen (11 maj) https://www.bleepingcomputer.com/news/security/europol-confirms-web-portal-breach-says-no-operational-data-stolenBjurholms kommun utsatt för it-attack â gĂ„r upp i stabslĂ€ge (13 maj) https://www.svt.se/nyheter/lokalt/vasterbotten/bjurholms-kommun-utsatt-for-it-attack-gar-upp-i-stabslageHelsingfors mĂ„l för massivt dataintrĂ„ng â upp till 80 000 elevers personuppgifter kan ha lĂ€ckt (13 maj) https://svenska.yle.fi/a/7-10056725Malicious Python Package Hides Sliver C2 Framework in Fake Requests Library Logo (13 maj) https://thehackernews.com/2024/05/malicious-python-package-hides-sliver.htmlAI red-teaming tools helped X-Force break into a major tech manufacturer âin 8 hoursâ (13 maj) https://www.theregister.com/2024/05/13/ai_xforce_red_penetrationMITRE Releases EMB3D â A Cybersecurity Threat Model for Embedded Devices (13 maj) https://www.mitre.org/news-insights/news-release/mitre-releases-emb3d-cybersecurity-threat-model-embedded-devicesHow Did Authorities Identify the Alleged Lockbit Boss? Trend Micro: The CISO Credibility Gap https://www.trendmicro.com/explore/thecisocredibilitygap/2608-tl-en-rptRapporter och analyserRapport: Hotbildsbedömning för Sveriges banker 2024 (13 maj) https://www.swedishbankers.se/fraagor-vi-arbetar-med/saekerhet/sakerhet/rapport-hotbildsbedoemning-foer-sveriges-banker-2024 ..https://www.swedishbankers.se/media/5820/hotbildsbedoemning-foer-sveriges-banker-2024.pdfLeveraging DNS Tunneling for Tracking and Scanning (13 maj) https://unit42.paloaltonetworks.com/three-dns-tunneling-campaignsCISA Publishes Encrypted DNS Implementation Guidance to Federal Agencies (16 maj) https://www.cisa.gov/news-events/news/cisa-publishes-encrypted-dns-implementation-guidance-federal-agencies ..https://www.cisa.gov/sites/default/files/2024-05/Encrypted%20DNS%20Implementation%20Guidance_508c.pdfTo the Moon and back(doors): Lunar landing in diplomatic missions (15 maj) https://www.welivesecurity.com/en/eset-research/moon-backdoors-lunar-landing-diplomatic-missionsPayload Trends in Malicious OneNote Samples (16 maj) https://unit42.paloaltonetworks.com/payloads-in-malicious-onenote-samplesInformationssĂ€kerhet och blandatObsolete, but not gone: The people who wonât give up floppy disks (10 maj) https://www.bbc.com/future/article/20240510-floppy-disks-why-some-people-are-still-in-love-with-this-obsolete-computer-storage-technologySverige bygger AI för alla europeiska sprĂ„k (16 maj) https://www.dn.se/sverige/sverige-bygger-ai-for-alla-europeiska-sprakCERT-SE i veckanKritisk sĂ„rbarhet i Intel Neural Compressor (16 maj) https://www.cert.se/2024/05/kritisk-sarbarhet-i-intel-neural-compressor.htmlKritiska sĂ„rbarheter pĂ„verkar SAP-produkter (15 maj) https://www.cert.se/2024/05/kritiska-sarbarheter-paverkar-sap-produkter.htmlAdobes mĂ„natliga sĂ€kerhetsuppdateringar för maj 2024 (15 maj) https://www.cert.se/2024/05/adobes-manatliga-sakerhetsuppdateringar-for-maj-2024.htmlMicrosofts mĂ„natliga sĂ€kerhetsuppdateringar för maj 2024 (15 maj) https://www.cert.se/2024/05/microsofts-manatliga-sakershetsuppdateringar-for-maj-2024.htmlKritisk sĂ„rbarhet i Solarwinds ARM (13 maj) https://www.cert.se/2024/05/kritisk-sarbarhet-i-solarwinds-arm.html
Source: Dagens Nyheter May 17, 2024 11:59 UTC