CERT-SE:s veckobrev v.32

Veckobrev

CERT-SE söker just nu förvaltningsledare IT inom cybersäkerhet och en medarbetare till vår desk. Sista ansökningsdag är 17 respektive 23 augusti. Länkar till annonserna återfinns på vår webb, https://www.cert.se

Nyheter i veckan

Eset threat report Q2 2020 https://www.welivesecurity.com/wp-content/uploads/2020/07/ESET_Threat_Report_Q22020.pdfZoom Security Exploit – Cracking private meeting passwords (29 jul) https://www.tomanthony.co.uk/blog/zoom-security-exploit-crack-private-meeting-passwords/Ransomware: How clicking on one email left a whole business in big trouble (30 jul) https://www.zdnet.com/article/ransomware-how-clicking-on-one-phishing-email-left-a-whole-business-in-big-trouble/OpBlueRaven: Unveiling Fin7/Carbanak - Part 1 : Tirion (31 jul) https://threatintel.blog/OPBlueRaven-Part1/ BlackBerry launches free tool for reverse engineering to fight cybersecurity attacks (3 aug) https://www.techrepublic.com/article/blackberry-launches-free-tool-for-reverse-engineering-to-fight-cybersecurity-attacks/NetWalker ransomware gang has made $25 million since March 2020 (3 aug) https://www.zdnet.com/article/netwalker-ransomware-gang-has-made-25-million-since-march-2020/Garmin ‘paid multi-million dollar ransom to criminals using Arete IR’, say sources (3 aug) https://news.sky.com/story/garmin-paid-multi-million-dollar-ransom-to-criminals-using-arete-ir-say-sources-12041468Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards (4 aug) https://msrc-blog.microsoft.com/2020/08/04/microsoft-bug-bounty-programs-year-in-review/Vulnerable perimeter devices: a huge attack surface (4 aug) https://www.bleepingcomputer.com/news/security/vulnerable-perimeter-devices-a-huge-attack-surface/Hacker leaks passwords for 900+ enterprise VPN servers (4 aug) https://www.zdnet.com/article/hacker-leaks-passwords-for-900-enterprise-vpn-servers/Porn Clip Disrupts Virtual Court Hearing for Alleged Twitter Hacker (5 aug) https://krebsonsecurity.com/2020/08/porn-clip-disrupts-virtual-court-hearing-for-alleged-twitter-hacker/Tripwire Research: IoT Smart Lock Vulnerability Spotlights Bigger Issues (5 aug) https://www.tripwire.com/state-of-security/featured/tripwire-research-iot-smart-lock-vulnerability/Researcher Demonstrates 4 New Variants of HTTP Request Smuggling Attack (5 aug) https://thehackernews.com/2020/08/http-request-smuggling.htmlCanon confirms ransomware attack in internal memo (6 aug) https://www.bleepingcomputer.com/news/security/canon-confirms-ransomware-attack-in-internal-memo/Intel leak: 20GB of source code, internal docs from alleged breach (6 aug) https://www.bleepingcomputer.com/news/security/intel-leak-20gb-of-source-code-internal-docs-from-alleged-breach/I’m Open Sourcing the Have I Been Pwned Code Base (7 aug) https://www.troyhunt.com/im-open-sourcing-the-have-i-been-pwned-code-base/

Informationssäkerhet och blandat

Virtual Conferencing Safely and Securely https://www.sans.org/security-awareness-training/resources/virtual-conferencing-safely-and-securelyInformationssäkerhet 2019 - finska cybersäkerhetscentrets årsrapport https://www.kyberturvallisuuskeskus.fi/sites/default/files/media/file/Traficom_INFORMATIONSSÄKERHET_2019_uppslag.pdfAustralia’s Cyber Security Strategy 2020 https://www.cyber.gov.au/acsc/view-all-content/news/australias-cyber-security-strategy-2020SAAB-anställd utreddes av Säpo för dataintrång https://www.svt.se/nyheter/lokalt/ost/saab-anstalld-far-bota-for-forsok-till-dataintrang4 in 10 organizations punish staff for cybersecurity errors (5 aug) https://www.helpnetsecurity.com/2020/08/05/4-in-10-organizations-punish-staff-for-cybersecurity-errors/How COVID-19 Has Changed Business Cybersecurity Priorities Forever (7 aug) https://thehackernews.com/2020/08/covid-19-cybersecurity.html

CERT-SE i veckan

Sårbarheter i Cisco Anyconnect och DNA center