CERT-SE:s veckobrev v.36

Veckobrev

När Century Link fick avbrott i tjänster på söndagen, drabbades flera operatörer världen över av störningar. I Sverige rapporteras dock att påverkan har varit begränsad. I Norge utsattes både Stortinget och sju kommuner för angrepp på e-postsystemen.

Nyheter i veckan

Nätfiskeattack mot Västra Götalandsregionen – mejlkonton kapade (28 aug) https://computersweden.idg.se/2.2683/1.738769/natfiskeattack-vgr-mejlkontonRussian tourist offered employee $1 million to cripple Tesla with malware (28 aug) https://arstechnica.com/information-technology/2020/08/russian-tourist-offered-employee-1-million-to-cripple-tesla-with-malware/Flera svenska myndigheter tillåter inte Tiktok på tjänstemobiler (28 aug) https://www.dn.se/kultur/flera-svenska-myndigheter-tillater-inte-tiktok-pa-tjanstemobiler/A Whopping Rise in Healthcare Cyber Incidents (30 aug) https://cyware.com/news/a-whopping-rise-in-healthcare-cyber-incidents-944b8191GCSB warns cyber-attacks could get worse, issues advisory to all NZ businesses (31 aug) https://www.nzherald.co.nz/business/news/article.cfm?c_id=3&objectid=12360876Cybercriminals Make Millions Selling Stolen Fortnite Accounts, New Research Shows (31 aug) https://hotforsecurity.bitdefender.com/blog/cybercriminals-make-millions-selling-stolen-fortnite-accounts-new-research-shows-24031.htmlIranian hackers are selling access to compromised companies on an underground forum (1 sep) https://www.zdnet.com/article/iranian-hackers-are-selling-access-to-compromised-companies-on-an-underground-forum/Oops! Apple let a piece of Mac malware run without warning (1 sep) https://thenextweb.com/security/2020/09/01/oops-apple-let-a-piece-of-mac-malware-run-without-warning/Problem att nå flera myndigheter (1 sep) https://www.svt.se/nyheter/inrikes/problem-att-na-kronofogden-och-skatteverketSpelbolaget ATG utsatt för it-attack (1 sep) https://www.aftonbladet.se/sportbladet/trav365/a/na5jWo/spelbolaget-atg-utsatt-for-it-attackCyberbrottslingar hyr ut företagsservrar på Darknet (1 sep) https://www.aktuellsakerhet.se/cyberbrottslingar-hyr-ut-foretagsservrar-pa-darknet/New Zealand enduring wave of cyberattacks (2 sep) https://www.nbcnews.com/tech/security/new-zealand-enduring-wave-cyberattacks-rcna105Dataangrepet: Kan skade korona-beredskapen (2 sep) https://www.nrk.no/innlandet/10.000-kommuneansatte-rammet-av-dataangrep-1.15143964Chinese Hackers Target Europe, Tibetans With ‘Sepulcher’ Malware (2 sep) https://www.securityweek.com/chinese-hackers-target-europe-tibetans-sepulcher-malwareTriple-Threat Cryptocurrency RAT Mines, Steals and Harvests (2 sep) https://threatpost.com/triple-threat-cryptocurrency-rat-mines-steals-harvests/158906/Sigh. Another day, another reason for WordPress users to get patching: Hackers abuse bug in popular plugin (3 sep) https://www.theregister.com/2020/09/03/wordpress_plugin_bug/India bans a further 118 Chinese apps as physical and online tensions escalate (3 sep) https://www.theregister.com/2020/09/03/india_bans_chinese_apps/European ISPs report mysterious wave of DDoS attacks (3 sep) https://www.zdnet.com/article/european-isps-report-mysterious-wave-of-ddos-attacks/Facebook to disclose bugs it finds in third-party products (3 sep) https://www.scmagazine.com/home/security-news/vulnerabilities/facebook-to-disclose-bugs-it-finds-in-third-party-products/Online marketing company exposes 38+ million US citizen records (3 sep) https://securityaffairs.co/wordpress/107879/data-breach/online-marketing-company-exposes-38-million-us-citizen-records.html

Analysis of CenturyLink/Level(3) Outage (30 aug) https://blog.cloudflare.com/analysis-of-todays-centurylink-level-3-outage/Fel som orsakade globalt internetstrul löst (30 aug) https://www.dn.se/ekonomi/fel-som-orsakade-globalt-internetstrul-lost/Globalt internetstrul kan ha påverkat en miljard (31 aug) https://www.svt.se/nyheter/inrikes/tekniska-problem-pa-svt-se-4

It-attack mot Stortinget

Norska riksdagen utsatt för it-attack (1 sep) https://www.dn.se/varlden/norska-riksdagen-utsatt-for-it-attack/Norwegian Parliament discloses cyber-attack on internal email system (1 sep) https://www.zdnet.com/article/norwegian-parliament-discloses-cyber-attack-on-internal-email-system/Hackers breached Norwegian Parliament emails to steal data (1 sep) https://www.bleepingcomputer.com/news/security/hackers-breached-norwegian-parliament-emails-to-steal-data/

Informationssäkerhet och blandat

The Big Tesla Hack: A hacker gained control over the entire fleet, but fortunately he’s a good guy (27 aug) https://electrek.co/2020/08/27/tesla-hack-control-over-entire-fleet/ .. Han har tillåtelse att hacka storföretagen: ”Tjänade 50 000 dollar på en dag” (2 sep) https://www.tv4.se/nyhetsmorgon/klipp/han-har-till%C3%A5telse-att-hacka-storf%C3%B6retagen-tj%C3%A4nade-50-000-dollar-p%C3%A5-en-dag-13289280Här är de 100 sajter som får mest trafik från Google i Sverige (28 aug) https://computersweden.idg.se/2.2683/1.738698/sverige-mest-trafik-googleDebatt | Stor risk för missbruk om ansiktsigenkänning tas i bruk (30 aug) https://www.gp.se/debatt/stor-risk-f%C3%B6r-missbruk-om-ansiktsigenk%C3%A4nning-tas-i-bruk-1.33281049Five tips for managing information security in the post-COVID world (31 aug) https://www.scmagazine.com/perspectives/five-tips-for-managing-information-security-in-the-post-covid-world/Seny Kamara on “Crypto for the People” (31 aug) https://www.schneier.com/blog/archives/2020/08/seny_kamara_on_.htmlFinland lanserar ny smittspårningsapp (31 aug) https://sverigesradio.se/sida/artikel.aspx?programid=83&artikel=7543554Cybersquatting: Attackers Mimicking Domains of Major Brands Including Facebook, Apple, Amazon and Netflix to Scam Consumers (1 sep) https://unit42.paloaltonetworks.com/cybersquatting/Forskning: Informationssäkerhet på ett mer strukturerat sätt (1 sep) https://www.his.se/nyheter/2020/september/forskning-informationssakerhet-pa-ett-mer-strukturerat-satt/Facebook och Twitter raderar konton – kopplas till påverkansoperation av ryska staten (2 sep) https://www.svt.se/nyheter/utrikes/facebook-och-twitter-stanger-konton-kopplade-till-ryska-statenImproving Vulnerability Disclosure Together (Officially) (2 sep) https://www.cisa.gov/blog/2020/09/02/improving-vulnerability-disclosure-together-officially .. Binding Operational Directive 20-01 | Develop and Publish a Vulnerability Disclosure Policy (2 sep) https://cyber.dhs.gov/bod/20-01/Microsoft Defender can ironically be used to download malware (2 sep) https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-can-ironically-be-used-to-download-malware/Cyberattacks and how they work (3 sep) https://betanews.com/2020/09/03/cyberattacks-and-how-they-work/Helping companies prioritize their cybersecurity investments (3 sep) https://news.mit.edu/2020/helping-companies-prioritize-cybersecurity-investments-0903Australian government releases voluntary IoT cybersecurity code of practice (3 sep) https://www.zdnet.com/article/australian-government-releases-voluntary-iot-cybersecurity-code-of-practice/ .. Code of Practice: Securing the Internet of Things for Consumers https://www.homeaffairs.gov.au/reports-and-pubs/files/code-of-practice.pdf

CERT-SE i veckan

Kritisk sårbarhet i Cisco Jabber för WindowsAllvarlig sårbarhet i Cisco IOS XR (uppdaterad 2020-09-01)