Som du ser är vår webbplats inte anpassad för äldre webbläsare. Vi rekommenderar att du uppgraderar till en nyare webbläsare.
!!

Jobba på CERT-SE? Nu söker vi en förvaltningsledare IT inom cybersäkerhet med sista ansökningsdag 17 augusti, samt en administrativ stjärna med it-säkerhetskunskap till vår desk med sista ansökningsdag 23 augusti.

Publicerad - Veckobrev

CERT-SE:s veckobrev v.28

Senaste nytt från veckan som gått. Trevlig helg önskar CERT-SE!

Nyheter i veckan

ICS-Targeting Snake Ransomware Isolates Infected Systems Before Encryption (3 jul)
https://www.securityweek.com/ics-targeting-snake-ransomware-isolates-infected-systems-encryption

New ransomware targeting Apple macOS users via pirated apps (3 jul)
https://www.sify.com/finance/new-ransomware-targeting-apple-macos-users-via-pirated-apps-news-topnews-uhdmkAfidgifa.html

What is Patch Management? (3 jul)
https://heimdalsecurity.com/blog/patch-management/

Kraftig ökning av MongoDB-attacker som utnyttjar GDPR (3 jul)
https://techworld.idg.se/2.2524/1.736899/kraftig-okning-av-mongodb-attacker-som-utnyttjar-gdpr

Hackers Attacking Exchange Servers In New Warning From Microsoft (3 jul)
https://www.neorhino.com/2020/07/03/hackers-attacking-exchange-servers-in-new-warning-from-microsoft/

The Four Phases of Offensive Security Teams (5 jul)
https://securityboulevard.com/2020/07/the-four-phases-of-offensive-security-teams/

U.K. Set to Start Huawei 5G Phase-Out as Soon as This Year (5 jul)
https://www.bloomberg.com/news/articles/2020-07-05/u-k-prepares-to-start-huawei-5g-phase-out-as-soon-as-this-year

Data exfiltration: The art of distancing (6 jul)
https://www.helpnetsecurity.com/2020/07/06/data-exfiltration-the-art-of-distancing/

North Korean hackers linked to web skimming (Magecart) attacks, report says (6 jul)
https://www.zdnet.com/article/north-korean-hackers-linked-to-web-skimming-magecart-attacks-report-says/

Credit card skimmer targets ASP.NET sites (6 jul)
https://blog.malwarebytes.com/threat-analysis/2020/07/credit-card-skimmer-targets-asp-net-sites/

Phishing attack spoofs Twitter to steal account credentials (6 jul)
https://www.techrepublic.com/article/phishing-attack-spoofs-twitter-to-steal-account-credentials/

Home router warning: They're riddled with known flaws and run ancient, unpatched Linux (6 jul)
https://www.zdnet.com/article/home-router-warning-theyre-riddled-with-known-flaws-and-run-ancient-unpatched-linux/
--
https://www.fkie.fraunhofer.de/content/dam/fkie/de/documents/HomeRouter/HomeRouterSecurity_2020_Bericht.pdf

Source Code of “ArisLocker” Ransomware Appears on the Dark Web (6 jul)
https://notjustnews.org/source-code-of-arislocker-ransomware-appears-on-the-dark-web/1163/

“Keeper” Magecart Group Infects 570 Sites (7 jul)
https://geminiadvisory.io/keeper-magecart-group-infects-570-sites/

Purple Fox Malware Targets More Vulnerabilities (7 jul)
https://www.bankinfosecurity.com/purple-fox-malware-targets-more-vulnerabilities-a-14574

Configuring IPsec Virtual Private Networks (7 jul)
https://media.defense.gov/2020/Jul/02/2002355501/-1/-1/0/CONFIGURING_IPSEC_VIRTUAL_PRIVATE_NETWORKS_2020_07_01_FINAL_RELEASE.PDF

What You Don't Understand About Crypto Can Hurt You (7 jul)
https://www.govinfosecurity.com/webinars/what-you-dont-understand-about-crypto-hurt-you-w-2524

Microsoft Seizes Domains Used for COVID-19 Phishing Scam (7 jul)
https://www.bankinfosecurity.com/microsoft-seizes-domains-used-for-covid-19-phishing-scam-a-14576

F5 BigIP vulnerability exploitation followed by a backdoor implant attempt (7 jul)
https://isc.sans.edu/forums/diary/F5+BigIP+vulnerability+exploitation+followed+by+a+backdoor+implant+attempt/26322/

Configuring a Windows Domain to Dynamically Analyze an Obfuscated Lateral Movement Tool (7 jul)
https://www.fireeye.com/blog/threat-research/2020/07/configuring-windows-domain-dynamically-analyze-obfuscated-lateral-movement-tool.html

MongoDB is subject to continual attacks when exposed to the internet (8 jul)
https://www.helpnetsecurity.com/2020/07/08/mongodb-is-subject-to-continual-attacks-when-exposed-to-the-internet/

Google open-sources Tsunami vulnerability scanner (8 jul)
https://www.zdnet.com/article/google-open-sources-tsunami-vulnerability-scanner/

Mozilla suspends Firefox Send service while it addresses malware abuse (7 jul)
https://www.zdnet.com/article/mozilla-suspends-firefox-send-service-while-it-addresses-malware-abuse/
--
https://nakedsecurity.sophos.com/2020/07/08/mozilla-turns-off-firefox-send-following-malware-abuse-reports/

Microsoft Launches Free Linux Forensics and Rootkit Malware Detection Service (7 jul)
https://thehackernews.com/2020/07/microsoft-linux-forensics-rootkit.html

Redirect auction (8 jul)
https://securelist.com/redirect-auction/96944/

More pre-installed malware has been found in budget US smartphones (9 jul)
https://www.zdnet.com/article/more-pre-installed-malware-has-been-found-in-budget-us-smartphones/

APT Group Targets Fintech Companies (9 jul)
https://www.bankinfosecurity.com/apt-group-targets-fintech-companies-a-14590

Digicert will shovel some 50,000 EV HTTPS certificates into the furnace this Saturday after audit bungle (10 jul)
https://www.theregister.com/2020/07/10/digicert_pulls_certs/

Informationssäkerhet och blandat

Customer data from fitness firm V Shred exposed on misconfigured cloud storage (2 jul)
https://siliconangle.com/2020/07/02/customer-data-fitness-company-v-shred-exposed-misconfigured-cloud-storage/

CISA warns organizations of cyberattacks from the Tor network (5 jul)
https://securityaffairs.co/wordpress/105537/hacking/cisa-cyberattacks-from-tor-network.html

Review: Cybersecurity Threats, Malware Trends, and Strategies (6 jul)
https://www.helpnetsecurity.com/2020/07/06/review-cybersecurity-threats-malware-trends-and-strategies/

Ju längre desto bättre - Så här skapar du ett bra lösenord (6 jul)
https://www.kyberturvallisuuskeskus.fi/sv/aktuellt/anvisningar-och-guider/ju-langre-desto-battre-sa-har-skapar-du-ett-bra-losenord

False Flags in Cyber Threat Intelligence Operations (6 jul)
https://medium.com/datadriveninvestor/false-flags-in-cyber-threat-intelligence-operations-6893af697080

Better cybersecurity hinges on understanding actual risks and addressing the right problems (7 jul)
https://www.helpnetsecurity.com/2020/07/07/better-cybersecurity/

Exposing the privacy risks of home security cameras (7 jul)
https://www.helpnetsecurity.com/2020/07/08/privacy-risks-home-security-cameras/
--
http://www.eecs.qmul.ac.uk/~tysong/files/INFOCOM20.pdf

COVID-19 Cybercrime Capitalizing on Brazil’s Government Assistance Program (7 jul)
https://securityintelligence.com/posts/covid-19-cybercrime-capitalizing-on-brazils-government-assistance-program/

Ali Baba and the forty cyberthreats (9 jul)
https://www.kaspersky.com/blog/fairy-tales-ali-baba/36284/

70% of organizations experienced a public cloud security incident in the last year (9 jul)
https://www.helpnetsecurity.com/2020/07/09/public-cloud-security-incident/

BYOD adoption is growing rapidly, but security is lagging (9 jul)
https://www.helpnetsecurity.com/2020/07/09/byod-adoption-is-growing-rapidly-but-security-is-lagging/

Svenska företag drabbas hårt i molnet (9 jul)
https://aktuellsakerhet.se/svenska-foretag-drabbas-hart-i-molnet/

Moody's - Banks’ cyber risks rise as coronavirus accelerates digital trends and remote working (8 jul)
https://markets.businessinsider.com/news/bonds/moody-s-banks-cyber-risks-rise-as-coronavirus-accelerates-digital-trends-and-remote-working-1029375217

While in Lock Down, Here’s What Fraudsters Did in Q1 2020 (9 jul)
https://www.rsa.com/en-us/blog/2020-07/WhileInLockDownHeresWhatFraudstersDidInQ12020

15 billion credentials from 100,000 data breaches sold on dark web (9 jul)
https://www.hackread.com/dark-web-15-billion-credentials-100000-data-breaches/

Are your fleet’s vehicles leaking your data secrets? (9 jul)
https://www.scmagazine.com/home/security-news/privacy-compliance/are-your-fleets-vehicles-leaking-your-data-secrets/

Gartner warns on significant cloud security issues on the horizon (9 jul)
https://www.itproportal.com/news/gartner-warns-on-major-cloud-security-issues/

CERT-SE i veckan

Ny sårbarhet i Palo Alto/PAN-OS

Flera kritiska sårbarheter i Citrix

Flera kritiska sårbarheter i VMware-produkter