CERT-SE:s veckobrev v.38

Denna fredag, som råkar vara surkålens och e-bokens dag, tipsar vi bland annat om MSB:s nya föreskrifter om informationssäkerhet, FOI:s cyberutmaning, ett nytt index över vilka länder som är mest motståndskraftiga gällande cybersäkerhet samt bidrar med ett hett tips till den som kanske har råkat dubbelboka sig och har två videokonferenser samtidigt (se nyhet från den 14/9). Trevlig helg önskar CERT-SE!

Nyheter i veckan

Chilean bank shuts down all branches following ransomware attack (7 sep) https://www.zdnet.com/article/chilean-bank-shuts-down-all-branches-following-ransomware-attack/Baka credit card skimmer bundles stealth, anti-detection capabilities, warns Visa (7 sep) https://portswigger.net/daily-swig/baka-credit-card-skimmer-bundles-stealth-anti-detection-capabilities-warns-visaVishing: Voice phone scams are the latest trend in phishing attacks (8 sep) https://www.avira.com/en/blog/what-is-vishing-voice-phishing-explainedAmazon, Apple, and Google’s open-source smart home standard is on track for a 2021 launch (8 sep) https://www.theverge.com/2020/9/8/21427139/amazon-apple-google-zigbee-alliance-open-source-smart-home-standard-2021-launchNetwalker ransomware hits Pakistan’s largest private power utility (8 sep) https://www.bleepingcomputer.com/news/security/netwalker-ransomware-hits-pakistans-largest-private-power-utility/Microsoft: State-backed hackers are targeting the 2020 US elections (10 sep) https://www.bleepingcomputer.com/news/security/microsoft-state-backed-hackers-are-targeting-the-2020-us-elections/Linux servers and workstations are hackers’ next target, security researchers warn (10 sep) https://www.techrepublic.com/article/linux-servers-and-workstations-are-hackers-next-target-security-researchers-warn/Ranking National Cyber Power (11 sep) https://www.schneier.com/blog/archives/2020/09/ranking-national-cyber-power.html – https://www.belfercenter.org/sites/default/files/2020-09/NCPI_2020.pdfHistory shows, transparency can ease the fallout from a cyberattack (11 sep) https://www.scmagazine.com/home/security-news/ransomware/attacks-on-cyber-firms-are-embarrassing-but-transparency-can-ease-the-fallout/Annonsnätverk sprider skadligt innehåll (12 sep) https://www.securityuser.com/se/Nyheter/Samhalle/annonsnatverk-sprider-skadligt-innehallEquinix breach: 7 things to know about netwalker ransomware attacks (14 sep) https://www.crn.com.au/news/equinix-breach-7-things-to-know-about-netwalker-ransomware-attacks-553216TF-CSIRT is turning 20! (14 sep) https://tf-csirt.org/2020/09/14/baiba/Vikten av jakt på cyberhot under covid-19-eran (14 sep) https://www.aktuellsakerhet.se/vikten-av-jakt-pa-cyberhot-under-covid-19-eran/NAB flags cyber attacks during the pandemic have intensified (14 sep) https://www.news.com.au/finance/nab-flags-cyber-attacks-during-the-pandemic-have-intensified/news-story/8cedc744da49f4bf4c766cfd1410dfa7Linux systems also vulnerable to attack (14 sep) https://it-online.co.za/2020/09/14/linux-systems-also-vulnerable-to-attack/New BlindSide attack uses speculative execution to bypass ASLR (14 sep) https://www.zdnet.com/article/new-blindside-attack-uses-speculative-execution-to-bypass-aslr/Hfinger - fingerprinting HTTP requests (14 sep) https://github.com/CERT-Polska/hfingerVast majority of cyber-attacks on cloud servers aim to mine cryptocurrency (14 sep) https://www.zdnet.com/article/vast-majority-of-cyber-attacks-on-cloud-servers-aim-to-mine-cryptocurrency/Cyber losses are increasing in frequency and severity (14 sep) https://www.helpnetsecurity.com/2020/09/14/cyber-losses-are-increasing-in-frequency-and-severity/How to Report a Cybercrime (14 sep) https://www.pandasecurity.com/mediacenter/mobile-news/report-cybercrime/How I prerecorded myself in video meetings for a week (14 sep) https://www.cnet.com/how-to/how-i-pre-recorded-myself-in-video-meetings-for-a-week/Säpo: Ryssland och Kina bakom spionage (15 sep) https://www.svd.se/sapo-cyberspionaget-arpa-industriell-niva – https://sverigesradio.se/artikel/7554640How to protect your organization from DDoS attacks (15 sep) https://www.techrepublic.com/videos/how-to-protect-your-organization-from-ddos-attacks/UK NCSC releases the Vulnerability Disclosure Toolkit (15 sep) https://securityaffairs.co/wordpress/108308/laws-and-regulations/vulnerability-disclosure-toolkit.html – https://www.ncsc.gov.uk/files/NCSC_Vulnerability_Toolkit.pdfHackers are getting more hands-on with their attacks. That’s not a good sign (15 sep) https://www.zdnet.com/article/hackers-are-getting-more-hands-on-with-their-attacks-thats-not-a-good-sign/What are the most vulnerable departments and sectors to phishing attacks? (16 sep) https://www.helpnetsecurity.com/2020/09/16/vulnerable-departments-sectors-phishing-attacks/Defeating Macro Document Static Analysis with Pictures of My Cat (16 sep) https://billdemirkapi.me/Defeating-Macro-Document-Static-Analysis-with-Pictures-of-My-Cat/Ransom from Home – How to close the cyber front door to remote working ransomware attacks (16 sep) https://blog.trendmicro.com/ransom-from-home-how-to-close-the-cyber-front-door-to-remote-working-ransomware-attacks/Microsoft SQL Hit by Crypto Mining Malware Perpetrated by New Hacking Group (16 sep) https://nationalcybersecuritynews.today/microsoft-sql-hit-by-crypto-mining-malware-perpetrated-by-new-hacking-group-computertips-securitytips/Penguin caught in the crosshairs: advanced persistent threat groups actively target Linux-based workstations and servers (16 sep) https://www.pinoybisnes.com/news-release/penguin-caught-in-the-crosshairs-advanced-persistent-threat-groups-actively-target-linux-based-workstations-and-servers/Chrome now lets high-risk APP users scan suspicious files on demand (16 sep) https://www.zdnet.com/article/chrome-now-lets-high-risk-app-users-scan-suspicious-files-on-demand/DDoS attacks rose significantly this year (16 sep) https://www.itproportal.com/news/ddos-attacks-rose-hugely-this-year/”Regeringen – utred Sveriges behov av kryptosystem” (debattartikel) (16 sep) https://www.nyteknik.se/opinion/regeringen-utred-sveriges-behov-av-kryptosystem-7001284Microsoft 365 will let users browse their blocked phishing emails (17 sep) https://www.techradar.com/news/microsoft-365-will-let-users-browse-their-blocked-phishing-emailsRansomware attack at German hospital leads to death of patient (17 sep) https://www.bleepingcomputer.com/news/security/ransomware-attack-at-german-hospital-leads-to-death-of-patient/ – https://www.zdnet.com/article/first-death-reported-following-a-ransomware-attack-on-a-german-hospital/ – https://www.govinfosecurity.com/ransomware-attack-at-hospital-leads-to-patients-death-a-15010CS3STHLM Newsletter September (17 sep) https://cs3sthlm.se/news/2020/09/17/cs3sthlm-newsletter-septepmber.htmlFBI Releases Cybersecurity Advisory on Previously Undisclosed Iranian Malware Used to Monitor Dissidents and Travel and Telecommunications Companies (17 sep) https://www.fbi.gov/contact-us/field-offices/boston/news/press-releases/fbi-releases-cybersecurity-advisory-on-previously-undisclosed-iranian-malware-used-to-monitor-dissidents-and-travel-and-telecommunications-companies – https://home.treasury.gov/news/press-releases/sm1127Joint Statement on Internet Shutdowns in Belarus (17 sep) https://ge.usembassy.gov/joint-statement-on-internet-shutdowns-in-belarus/Emotet strikes Quebec’s Department of Justice (17 sep) https://cyware.com/news/emotet-strikes-quebecs-department-of-justice-2b837645IT teams ‘too busy’ to provide proper training for remote workers (17 sep) https://www.itproportal.com/news/it-teams-too-busy-to-provide-proper-training-for-remote-workers/How ransomware operators are joining forces to carry out attacks (17 sep) https://www.techrepublic.com/article/how-ransomware-operators-are-joining-forces-to-carry-out-attacks/This ransomware has borrowed a sneaky trick for delivering malware to its victims (17 sep) https://www.zdnet.com/article/this-ransomware-has-borrowed-a-sneaky-trick-for-delivering-malware-to-its-victims/FBI opens China-related counterintelligence case every 10 hours (17 sep) https://www.scmagazine.com/home/security-news/fbi-opens-china-related-counterintelligence-case-every-10-hours/New Bluetooth Vulnerability (17 sep) https://www.schneier.com/blog/archives/2020/09/new-bluetooth-vulnerability.htmlTrump to block U.S. downloads of TikTok, WeChat on Sunday - officials (18 sep) https://www.reuters.com/article/us-usa-tiktok-ban-exclusive/trump-to-block-u-s-downloads-of-tiktok-wechat-on-sunday-officials-idUSKBN2691QO

Informationssäkerhet och blandat

Ireland to Order Facebook to Stop Sending User Data to U.S. (9 sep) https://www.wsj.com/articles/ireland-to-order-facebook-to-stop-sending-user-data-to-u-s-11599671980Polis erkänner dataintrång – kan få behålla jobbet (11 sep) https://www.svt.se/nyheter/lokalt/varmland/polis-7Sverige hårt drabbat av banktrojanen Trickbot (11 sep) https://it-finans.se/sverige-hart-drabbat-av-banktrojanen-trickbot/Gratis guide om hur du skyddar dig mot ID-kapningar lanserad (11 sep) https://www.aktuellsakerhet.se/gratis-guide-om-hur-du-skyddar-dig-mot-id-kapningar-lanserad/Informationssäkerhet – en rättighet (11 sep) https://www.offentligaaffarer.se/2020/09/11/informationssakerhet-en-rattighet/Don’t pay the ransom, mate. Don’t even fix a price, say Australia’s cyber security bods (12 sep) https://www.theregister.com/2020/09/12/follow_security_basics_and_you/Researcher kept a major Bitcoin vulnerability secret for two years (13 sep) https://reviewscenter.net/researcher-kept-a-major-bitcoin-vulnerability-secret-for-two-years/Föreskrifter om informationssäkerhet för statliga myndigheter (MSBFS 2020:6) (14 sep) https://www.msb.se/sv/regler/gallande-regler/krisberedskap-och-informationssakerhet/msbfs-20206/Föreskrifter om säkerhetsåtgärder i informationssystem för statliga myndigheter (MSBFS 2020:7) (14 sep) https://www.msb.se/sv/regler/gallande-regler/krisberedskap-och-informationssakerhet/msbfs-20207/Föreskrifter om rapportering av it-incidenter för statliga myndigheter (MSBFS 2020:8) (14 sep) https://www.msb.se/sv/regler/gallande-regler/krisberedskap-och-informationssakerhet/foreskrifter-om-rapportering-av-it-incidenter-for-statliga-myndigheter-msbfs-20208/Kinesisk databas med miljoner personers uppgifter läckt (14 sep) https://www.dn.se/varlden/kinesisk-databas-med-miljoner-personers-uppgifter-lackt/ – https://www.dn.se/ekonomi/over-tusen-kanda-svenskar-i-kinesisk-datalacka/ – https://www.dn.se/ekonomi/linus-larsson-en-brokig-skara-manniskor-som-har-blivit-kartlagda/Misconfigured Database Leaks 370 Million Dating Site Records (14 sep) https://www.infosecurity-magazine.com/news/misconfigured-database-leaks-370/ – https://threatpost.com/cloud-leak-320m-dating-site-records/159225/Undersökning: Distansarbetare utsätter företag för stora säkerhetsrisker (14 sep) https://www.securityuser.com/se/Nyheter/Samhalle/undersokning-distansarbetare-utsatter-foretag-for-stora-sakerhetsriskerMagento online stores hacked in largest campaign to date (14 sep) https://www.zdnet.com/article/magento-online-stores-hacked-in-largest-campaign-to-date/Personal information of roughly 46,000 veterans exposed in VA hack (14 sep) https://edition.cnn.com/2020/09/14/politics/veterans-affairs-data-breach/index.html – https://www.va.gov/opa/pressrel/pressrelease.cfm?id=5519Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity (14 sep) https://us-cert.cisa.gov/ncas/alerts/aa20-258aZhenhua Data leak: personal details of millions around world gathered by China tech company (14 sep) https://www.theguardian.com/world/2020/sep/14/zhenhua-data-full-list-leak-database-personal-details-millions-china-tech-companyTelehealth is healthcare industry’s biggest cybersecurity risk (14 sep) https://www.helpnetsecurity.com/2020/09/14/telehealth-is-healthcare-industrys-biggest-cybersecurity-risk/ – https://aspe.hhs.gov/pdf-report/medicare-beneficiary-use-telehealthBack to Basics: Creating a Culture of Cybersecurity at Work (16 sep) https://securityintelligence.com/articles/creating-culture-cybersecurity-at-work/Så hackade polisen kriminellas telefoner (16 sep) https://www.svt.se/nyheter/inrikes/sa-hackade-polisen-kriminellas-telefonerFOI anordnar tävling i cybersäkerhet (16 sep) https://www.aktuellsakerhet.se/foi-anordnar-tavling-i-cybersakerhet/Cyber security alert issued following rising attacks on UK academia (17 sep) https://www.ncsc.gov.uk/news/alert-issued-following-rising-attacks-on-uk-academiaExpremiärministern hackad – bad om it-tips (18 sep) https://www.svd.se/expremiarministern-hackad–bad-om-it-tips

CERT-SE i veckan

Kritisk sårbarhet i Windows Server Emotet riktas mot svenska organisationer