Publicerad
CERT-SE:s veckobrev v.38
Denna fredag, som råkar vara surkålens och e-bokens dag, tipsar vi bland annat om MSB:s nya föreskrifter om informationssäkerhet, FOI:s cyberutmaning, ett nytt index över vilka länder som är mest motståndskraftiga gällande cybersäkerhet samt bidrar med ett hett tips till den som kanske har råkat dubbelboka sig och har två videokonferenser samtidigt (se nyhet från den 14/9). Trevlig helg önskar CERT-SE!
Nyheter i veckan
Chilean bank shuts down all branches following ransomware attack (7 sep)
https://www.zdnet.com/article/chilean-bank-shuts-down-all-branches-following-ransomware-attack/
Baka credit card skimmer bundles stealth, anti-detection capabilities, warns Visa (7 sep)
https://portswigger.net/daily-swig/baka-credit-card-skimmer-bundles-stealth-anti-detection-capabilities-warns-visa
Vishing: Voice phone scams are the latest trend in phishing attacks (8 sep)
https://www.avira.com/en/blog/what-is-vishing-voice-phishing-explained
Amazon, Apple, and Google’s open-source smart home standard is on track for a 2021 launch (8 sep)
https://www.theverge.com/2020/9/8/21427139/amazon-apple-google-zigbee-alliance-open-source-smart-home-standard-2021-launch
Netwalker ransomware hits Pakistan's largest private power utility (8 sep)
https://www.bleepingcomputer.com/news/security/netwalker-ransomware-hits-pakistans-largest-private-power-utility/
Microsoft: State-backed hackers are targeting the 2020 US elections (10 sep)
https://www.bleepingcomputer.com/news/security/microsoft-state-backed-hackers-are-targeting-the-2020-us-elections/
Linux servers and workstations are hackers' next target, security researchers warn (10 sep)
https://www.techrepublic.com/article/linux-servers-and-workstations-are-hackers-next-target-security-researchers-warn/
Ranking National Cyber Power (11 sep)
https://www.schneier.com/blog/archives/2020/09/ranking-national-cyber-power.html
--
https://www.belfercenter.org/sites/default/files/2020-09/NCPI_2020.pdf
History shows, transparency can ease the fallout from a cyberattack (11 sep)
https://www.scmagazine.com/home/security-news/ransomware/attacks-on-cyber-firms-are-embarrassing-but-transparency-can-ease-the-fallout/
Annonsnätverk sprider skadligt innehåll (12 sep)
https://www.securityuser.com/se/Nyheter/Samhalle/annonsnatverk-sprider-skadligt-innehall
Equinix breach: 7 things to know about netwalker ransomware attacks (14 sep)
https://www.crn.com.au/news/equinix-breach-7-things-to-know-about-netwalker-ransomware-attacks-553216
TF-CSIRT is turning 20! (14 sep)
https://tf-csirt.org/2020/09/14/baiba/
Vikten av jakt på cyberhot under covid-19-eran (14 sep)
https://www.aktuellsakerhet.se/vikten-av-jakt-pa-cyberhot-under-covid-19-eran/
NAB flags cyber attacks during the pandemic have intensified (14 sep)
https://www.news.com.au/finance/nab-flags-cyber-attacks-during-the-pandemic-have-intensified/news-story/8cedc744da49f4bf4c766cfd1410dfa7
Linux systems also vulnerable to attack (14 sep)
https://it-online.co.za/2020/09/14/linux-systems-also-vulnerable-to-attack/
New BlindSide attack uses speculative execution to bypass ASLR (14 sep)
https://www.zdnet.com/article/new-blindside-attack-uses-speculative-execution-to-bypass-aslr/
Hfinger - fingerprinting HTTP requests (14 sep)
https://github.com/CERT-Polska/hfinger
Vast majority of cyber-attacks on cloud servers aim to mine cryptocurrency (14 sep)
https://www.zdnet.com/article/vast-majority-of-cyber-attacks-on-cloud-servers-aim-to-mine-cryptocurrency/
Cyber losses are increasing in frequency and severity (14 sep)
https://www.helpnetsecurity.com/2020/09/14/cyber-losses-are-increasing-in-frequency-and-severity/
How to Report a Cybercrime (14 sep)
https://www.pandasecurity.com/mediacenter/mobile-news/report-cybercrime/
How I prerecorded myself in video meetings for a week (14 sep)
https://www.cnet.com/how-to/how-i-pre-recorded-myself-in-video-meetings-for-a-week/
Säpo: Ryssland och Kina bakom spionage (15 sep)
https://www.svd.se/sapo-cyberspionaget-arpa-industriell-niva
--
https://sverigesradio.se/artikel/7554640
How to protect your organization from DDoS attacks (15 sep)
https://www.techrepublic.com/videos/how-to-protect-your-organization-from-ddos-attacks/
UK NCSC releases the Vulnerability Disclosure Toolkit (15 sep)
https://securityaffairs.co/wordpress/108308/laws-and-regulations/vulnerability-disclosure-toolkit.html
--
https://www.ncsc.gov.uk/files/NCSC_Vulnerability_Toolkit.pdf
Hackers are getting more hands-on with their attacks. That's not a good sign (15 sep)
https://www.zdnet.com/article/hackers-are-getting-more-hands-on-with-their-attacks-thats-not-a-good-sign/
What are the most vulnerable departments and sectors to phishing attacks? (16 sep)
https://www.helpnetsecurity.com/2020/09/16/vulnerable-departments-sectors-phishing-attacks/
Defeating Macro Document Static Analysis with Pictures of My Cat (16 sep)
https://billdemirkapi.me/Defeating-Macro-Document-Static-Analysis-with-Pictures-of-My-Cat/
Ransom from Home – How to close the cyber front door to remote working ransomware attacks (16 sep)
https://blog.trendmicro.com/ransom-from-home-how-to-close-the-cyber-front-door-to-remote-working-ransomware-attacks/
Microsoft SQL Hit by Crypto Mining Malware Perpetrated by New Hacking Group (16 sep)
https://nationalcybersecuritynews.today/microsoft-sql-hit-by-crypto-mining-malware-perpetrated-by-new-hacking-group-computertips-securitytips/
Penguin caught in the crosshairs: advanced persistent threat groups actively target Linux-based workstations and servers (16 sep)
https://www.pinoybisnes.com/news-release/penguin-caught-in-the-crosshairs-advanced-persistent-threat-groups-actively-target-linux-based-workstations-and-servers/
Chrome now lets high-risk APP users scan suspicious files on demand (16 sep)
https://www.zdnet.com/article/chrome-now-lets-high-risk-app-users-scan-suspicious-files-on-demand/
DDoS attacks rose significantly this year (16 sep)
https://www.itproportal.com/news/ddos-attacks-rose-hugely-this-year/
”Regeringen – utred Sveriges behov av kryptosystem” (debattartikel) (16 sep)
https://www.nyteknik.se/opinion/regeringen-utred-sveriges-behov-av-kryptosystem-7001284
Microsoft 365 will let users browse their blocked phishing emails (17 sep)
https://www.techradar.com/news/microsoft-365-will-let-users-browse-their-blocked-phishing-emails
Ransomware attack at German hospital leads to death of patient (17 sep)
https://www.bleepingcomputer.com/news/security/ransomware-attack-at-german-hospital-leads-to-death-of-patient/
--
https://www.zdnet.com/article/first-death-reported-following-a-ransomware-attack-on-a-german-hospital/
--
https://www.govinfosecurity.com/ransomware-attack-at-hospital-leads-to-patients-death-a-15010
CS3STHLM Newsletter September (17 sep)
https://cs3sthlm.se/news/2020/09/17/cs3sthlm-newsletter-septepmber.html
FBI Releases Cybersecurity Advisory on Previously Undisclosed Iranian Malware Used to Monitor Dissidents and Travel and Telecommunications Companies (17 sep)
https://www.fbi.gov/contact-us/field-offices/boston/news/press-releases/fbi-releases-cybersecurity-advisory-on-previously-undisclosed-iranian-malware-used-to-monitor-dissidents-and-travel-and-telecommunications-companies
--
https://home.treasury.gov/news/press-releases/sm1127
Joint Statement on Internet Shutdowns in Belarus (17 sep)
https://ge.usembassy.gov/joint-statement-on-internet-shutdowns-in-belarus/
Emotet strikes Quebec’s Department of Justice (17 sep)
https://cyware.com/news/emotet-strikes-quebecs-department-of-justice-2b837645
IT teams 'too busy' to provide proper training for remote workers (17 sep)
https://www.itproportal.com/news/it-teams-too-busy-to-provide-proper-training-for-remote-workers/
How ransomware operators are joining forces to carry out attacks (17 sep)
https://www.techrepublic.com/article/how-ransomware-operators-are-joining-forces-to-carry-out-attacks/
This ransomware has borrowed a sneaky trick for delivering malware to its victims (17 sep)
https://www.zdnet.com/article/this-ransomware-has-borrowed-a-sneaky-trick-for-delivering-malware-to-its-victims/
FBI opens China-related counterintelligence case every 10 hours (17 sep)
https://www.scmagazine.com/home/security-news/fbi-opens-china-related-counterintelligence-case-every-10-hours/
New Bluetooth Vulnerability (17 sep)
https://www.schneier.com/blog/archives/2020/09/new-bluetooth-vulnerability.html
Trump to block U.S. downloads of TikTok, WeChat on Sunday - officials (18 sep)
https://www.reuters.com/article/us-usa-tiktok-ban-exclusive/trump-to-block-u-s-downloads-of-tiktok-wechat-on-sunday-officials-idUSKBN2691QO
Informationssäkerhet och blandat
Ireland to Order Facebook to Stop Sending User Data to U.S. (9 sep)
https://www.wsj.com/articles/ireland-to-order-facebook-to-stop-sending-user-data-to-u-s-11599671980
Polis erkänner dataintrång – kan få behålla jobbet (11 sep)
https://www.svt.se/nyheter/lokalt/varmland/polis-7
Sverige hårt drabbat av banktrojanen Trickbot (11 sep)
https://it-finans.se/sverige-hart-drabbat-av-banktrojanen-trickbot/
Gratis guide om hur du skyddar dig mot ID-kapningar lanserad (11 sep)
https://www.aktuellsakerhet.se/gratis-guide-om-hur-du-skyddar-dig-mot-id-kapningar-lanserad/
Informationssäkerhet – en rättighet (11 sep)
https://www.offentligaaffarer.se/2020/09/11/informationssakerhet-en-rattighet/
Don't pay the ransom, mate. Don't even fix a price, say Australia's cyber security bods (12 sep)
https://www.theregister.com/2020/09/12/follow_security_basics_and_you/
Researcher kept a major Bitcoin vulnerability secret for two years (13 sep)
https://reviewscenter.net/researcher-kept-a-major-bitcoin-vulnerability-secret-for-two-years/
Föreskrifter om informationssäkerhet för statliga myndigheter (MSBFS 2020:6) (14 sep)
https://www.msb.se/sv/regler/gallande-regler/krisberedskap-och-informationssakerhet/msbfs-20206/
Föreskrifter om säkerhetsåtgärder i informationssystem för statliga myndigheter (MSBFS 2020:7) (14 sep)
https://www.msb.se/sv/regler/gallande-regler/krisberedskap-och-informationssakerhet/msbfs-20207/
Föreskrifter om rapportering av it-incidenter för statliga myndigheter (MSBFS 2020:8) (14 sep)
https://www.msb.se/sv/regler/gallande-regler/krisberedskap-och-informationssakerhet/foreskrifter-om-rapportering-av-it-incidenter-for-statliga-myndigheter-msbfs-20208/
Kinesisk databas med miljoner personers uppgifter läckt (14 sep)
https://www.dn.se/varlden/kinesisk-databas-med-miljoner-personers-uppgifter-lackt/
--
https://www.dn.se/ekonomi/over-tusen-kanda-svenskar-i-kinesisk-datalacka/
--
https://www.dn.se/ekonomi/linus-larsson-en-brokig-skara-manniskor-som-har-blivit-kartlagda/
Misconfigured Database Leaks 370 Million Dating Site Records (14 sep)
https://www.infosecurity-magazine.com/news/misconfigured-database-leaks-370/
--
https://threatpost.com/cloud-leak-320m-dating-site-records/159225/
Undersökning: Distansarbetare utsätter företag för stora säkerhetsrisker (14 sep)
https://www.securityuser.com/se/Nyheter/Samhalle/undersokning-distansarbetare-utsatter-foretag-for-stora-sakerhetsrisker
Magento online stores hacked in largest campaign to date (14 sep)
https://www.zdnet.com/article/magento-online-stores-hacked-in-largest-campaign-to-date/
Personal information of roughly 46,000 veterans exposed in VA hack (14 sep)
https://edition.cnn.com/2020/09/14/politics/veterans-affairs-data-breach/index.html
--
https://www.va.gov/opa/pressrel/pressrelease.cfm?id=5519
Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity (14 sep)
https://us-cert.cisa.gov/ncas/alerts/aa20-258a
Zhenhua Data leak: personal details of millions around world gathered by China tech company (14 sep)
https://www.theguardian.com/world/2020/sep/14/zhenhua-data-full-list-leak-database-personal-details-millions-china-tech-company
Telehealth is healthcare industry’s biggest cybersecurity risk (14 sep)
https://www.helpnetsecurity.com/2020/09/14/telehealth-is-healthcare-industrys-biggest-cybersecurity-risk/
--
https://aspe.hhs.gov/pdf-report/medicare-beneficiary-use-telehealth
Back to Basics: Creating a Culture of Cybersecurity at Work (16 sep)
https://securityintelligence.com/articles/creating-culture-cybersecurity-at-work/
Så hackade polisen kriminellas telefoner (16 sep)
https://www.svt.se/nyheter/inrikes/sa-hackade-polisen-kriminellas-telefoner
FOI anordnar tävling i cybersäkerhet (16 sep)
https://www.aktuellsakerhet.se/foi-anordnar-tavling-i-cybersakerhet/
Cyber security alert issued following rising attacks on UK academia (17 sep)
https://www.ncsc.gov.uk/news/alert-issued-following-rising-attacks-on-uk-academia
Expremiärministern hackad – bad om it-tips (18 sep)
https://www.svd.se/expremiarministern-hackad--bad-om-it-tips
CERT-SE i veckan
Kritisk sårbarhet i Windows Server
Emotet riktas mot svenska organisationer