CERT-SE:s veckobrev v.42

Mycket ransomware i veckans nyhetsbrev. Men även ett poddtips, en genomgång hur en endpointattack går till och det senaste om hur pandemin har påverkat cyberbrottsligheten i världen. Samt några tips om hur man skapar ett bra lösenord. Trevlig helg önskar CERT-SE!

Nyheter i veckan

German tech giant Software AG down after ransomware attack (9 okt) https://www.zdnet.com/article/german-tech-giant-software-ag-down-after-ransomware-attack/Tyler Technologies paid ransomware gang for decryption key (10 okt) https://www.bleepingcomputer.com/news/security/tyler-technologies-paid-ransomware-gang-for-decryption-key/Report: U.S. Cyber Command Behind Trickbot Tricks (10 okt) https://krebsonsecurity.com/2020/10/report-u-s-cyber-command-behind-trickbot-tricks/Cyber Command has sought to disrupt the world’s largest botnet, hoping to reduce its potential impact on the election (10 okt) https://www.washingtonpost.com/national-security/cyber-command-trickbot-disrupt/2020/10/09/19587aae-0a32-11eb-a166-dc429b380d10_story.htmlThe most common malicious email attachments infecting Windows (11 okt) https://www.bleepingcomputer.com/news/security/the-most-common-malicious-email-attachments-infecting-windows/Split-Second ‘Phantom’ Images Can Fool Tesla’s Autopilot (11 okt) https://www.wired.com/story/tesla-model-x-autopilot-phantom-images/Microsoft Takes Down a Risk to the Election, and Finds the U.S. Doing the Same (12 okt) https://www.nytimes.com/2020/10/12/us/politics/election-hacking-microsoft.htmlThe anatomy of an endpoint attack (12 okt) https://www.helpnetsecurity.com/2020/10/12/anatomy-of-an-endpoint-attack/Ransomware Tops 2020 Threat Rankings (12 okt) https://www.infosecurity-magazine.com/news/ransomware-tops-2020-threatMicrosoft and Other Tech Companies Take Down TrickBot Botnet (13 okt) https://thehackernews.com/2020/10/trickbot-computer-virus.html – https://www.zdnet.com/article/trickbot-botnet-survives-takedown-attempt-but-microsoft-sets-new-legal-precedent/Fake Windows Defender Antivirus Theme Used to Spread QBot (13 okt) https://www.tripwire.com/state-of-security/security-data-protection/fake-windows-defender-antivirus-theme-used-to-spread-qbot/Säpo: Cyberspionaget kostar miljarder (13 okt) https://www.securityuser.com/se/Nyheter/Samhalle/sapo-cyberspionaget-kostar-miljarderOffice 365: A Favorite for Cyberattack Persistence (13 okt) https://threatpost.com/office-365-persistent-cyberattacks/160010/How the pandemic is changing cybercrime (14 okt) https://www.rsa.com/en-us/blog/2020-10/how-the-pandemic-is-changing-cybercrimeInternet Freedom Has Taken a Hit During the Covid-19 Pandemic (14 okt) https://www.wired.com/story/internet-freedom-covid-19-2020/Iranian hackers restart attacks on universities as the new school year begins (14 okt) https://www.zdnet.com/article/iranian-hackers-restart-attacks-on-universities-as-the-new-school-year-begins/Cybercrime increasingly converging towards ransomware, cartel models (14 okt) https://www.scmagazine.com/home/security-news/cybercrime/cybercrime-increasingly-converging-towards-ransomware-cartel-models/As attackers evolve their tactics, continuous cybersecurity education is a must (14 okt) https://www.helpnetsecurity.com/2020/10/15/continuous-cybersecurity-education/Why Do States Publicly Attribute Cyber Intrusions? (14 okt) https://www.cfr.org/blog/why-do-states-publicly-attribute-cyber-intrusionsSurvey finds that IT departments victimized by ransomware forever changed (14 okt) https://www.techrepublic.com/article/survey-finds-that-it-departments-victimized-by-ransomware-forever-changed/The rise of fearware and how to fight back (14 okt) https://www.theregister.com/2020/10/14/fearware_how_to_fight_back/Nytt arkiv låter dig läsa meddelanden från internets barndom (15 okt) https://computersweden.idg.se/2.2683/1.741147/arkiv-usenet-internet – https://usenetarchives.com/groups.php?c=utzooSelf-driving cars can be forced to brake by hijacked billboards (15 okt) https://www.zdnet.com/article/self-driving-cars-can-be-forced-to-brake-by-hijacked-billboards/Interplanetary Storm Botnet Shows Signs of Anonymization-Purpose Proxy-for-Hire Infrastructure (15 okt) https://labs.bitdefender.com/2020/10/interplanetary-storm-botnet-shows-signs-of-anonymization-purpose-proxy-for-hire-infrastructure/”Företaget blir aldrig detsamma efter en ransomewareattack” (15 okt) https://www.securityuser.com/se/Nyheter/Samhalle/foretaget-blir-aldrig-detsamma-efter-en-ransomewareattack – https://www.sophos.com/en-us/medialibrary/pdfs/whitepaper/sophos-cybersecurity-the-human-challenge-wp.pdfProlific Cybercrime Group Now Focused on Ransomware (15 okt) https://www.darkreading.com/threat-intelligence/prolific-cybercrime-group-now-focused-on-ransomware/d/d-id/1339195Iran confirms cyberattacks. Silent Librarian is back. Not spies, just crooks. Election disinformation. Content moderation. (15 okt) https://thecyberwire.com/newsletters/daily-briefing/9/200 – https://securityaffairs.co/wordpress/109554/cyber-warfare-2/iran-hit-cyber-attack.html800,000 SonicWall VPNs vulnerable to new remote code execution bug (16 okt) https://www.zdnet.com/article/800000-sonicwall-vpns-vulnerable-to-new-remote-code-execution-bug/

Informationssäkerhet och blandat

Podd #89: Tänk säkert med MSB (9 okt) https://nikkasystems.com/2020/10/09/podd-89-tank-sakert-med-msb/DHS: Unknown Hackers Targeted The US Census Bureau Network (10 okt) https://www.privacy.com.sg/cybersecurity/dhs-unknown-hackers-targeted-the-us-census-bureau-network/Säkerhetsexperten: Bristande säkerhetsrutiner bakom Twitterintrång på SR (12 okt) https://www.dn.se/kultur/sakerhetsexperten-bristande-sakerhetsrutiner-bakom-twitterintrang-pa-sr/Hacking Apple for Profit (12 okt) https://www.schneier.com/blog/archives/2020/10/hacking-apple-for-profit.htmlExposing covert surveillance backdoors in children’s smartwatches (12 okt) https://www.mnemonic.no/blog/exposing-backdoor-consumer-products – https://www.bankinfosecurity.com/backdoor-discovered-in-xplora-childrens-smartwatch-a-15160Home security cams hacked in Singapore, and stolen footage sold on adult websites (12 okt) https://www.bitdefender.com/box/blog/iot-news/home-security-cams-hacked-singapore-stolen-footage-sold-adult-websites/Half of all virtual appliances have outdated software and serious vulnerabilities (13 okt) https://www.csoonline.com/article/3584767/half-of-all-virtual-appliances-have-outdated-software-and-serious-vulnerabilities.htmlNorge: Ryssland bakom dataintrång mot Stortinget (13 okt) https://www.svt.se/nyheter/snabbkollen/norge-ryssland-bakom-dataintrang-mot-stortinget – https://www.govinfosecurity.com/norway-alleges-russia-orchestrated-parliament-email-hack-a-15175 – https://www.aei.org/society-and-culture/regarding-the-aftermath-of-the-norwegian-parliament-hack/Säkerhetsexperten: Så får du till ett bra lösenord (13 okt) https://sverigesradio.se/sida/artikel.aspx?programid=128&artikel=7574130 – Säkerhetsexperten tipsar om snuskiga lösenord (13 okt) https://sverigesradio.se/sida/artikel.aspx?programid=97&artikel=7573708 – https://blog.zonealarm.com/2020/10/how-to-choose-a-good-password/Major vulnerabilities found in top virtual appliances (14 okt) https://www.hackread.com/vulnerabilities-found-in-top-virtual-appliances/Dokument bekräftar: Synsam blev hackat av utpressare (14 okt) https://www.dn.se/ekonomi/dokument-bekraftar-synsam-blev-hackat-av-utpressare/The G7 expresses its concern over ransomware attacks (14 okt) https://securityaffairs.co/wordpress/109471/security/g7-concern-ransomware-attacks.htmlCOVID-19 security tips: Ensure you sack your staff without leaving their IT access enabled, says Secureworks (15 okt) https://www.theregister.com/2020/10/15/secureworks_report/ – https://www.secureworks.com/resources/rp-effect-covid19-incident-responseBeware COVID-19 Charity Fraudsters, Warns the FBI (15 okt) https://hotforsecurity.bitdefender.com/blog/beware-covid-19-charity-fraudsters-warns-the-fbi-24328.html

CERT-SE i veckan

Kritisk sårbarhet påverkar SAP-produkterSårbarhet från Microsofts patchtisdag utnyttjas aktivt (Bad Neighbor)Microsofts och Adobes månatliga säkerhetsuppdateringar för oktoberAllvarlig sårbarhet i Cisco Webex Teams för Windows-klienter