CERT-SE:s veckobrev v.48

Veckobrev

När första ljuset brinner och servrar står på glänt, CERT-SE hoppas alla patchar så alla fira få advent.Trevlig helg!

Nyheter i veckan

Ransomware attack forces web hosting provider Managed.com to take servers offline (17 nov) https://www.zdnet.com/article/web-hosting-provider-managed-shuts-down-after-ransomware-attack/Multiple Industrial Control System Vendors Warn of Critical Bugs (17 nov) https://threatpost.com/ics-vendors-warn-critical-bugs/161333/National Cyber Force Transforms country’s cyber capabilities to protect UK (19 nov) https://www.gov.uk/government/news/national-cyber-force-transforms-countrys-cyber-capabilities-to-protect-uk .. UK reveals new National Cyber Force to improve offensive cyber capabilities (21 nov) https://securityaffairs.co/wordpress/111223/cyber-warfare-2/uk-establishes-national-cyber-force.htmlArtificial intelligence could be used to hack connected cars, drones warn security experts (20 nov) https://www.zdnet.com/article/artificial-intelligence-could-be-used-to-hack-connected-cars-drones-warn-security-experts/Facebook Messenger bug allowed callers to listen unattended calls (20 nov) https://www.hackread.com/facebook-messenger-bug-call-listen-calls/Manchester United hit by ‘sophisticated’ cyber attack but say fan data is safe (20 nov) https://www.theguardian.com/football/2020/nov/20/manchester-united-confirm-cyber-attack-but-confident-match-can-go-ahead .. Manchester United football club discloses security breach (21 nov) https://www.zdnet.com/article/manchester-united-football-club-discloses-security-breach/Dutch tech reporter gatecrashes EU defence secret video conference (21 nov) https://securityaffairs.co/wordpress/111250/security/reporter-gatecrashes-eu-defence-conference.htmlGoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services (21 nov) https://krebsonsecurity.com/2020/11/godaddy-employees-used-in-attacks-on-multiple-cryptocurrency-services/Hacker posts exploits for over 49,000 vulnerable Fortinet VPNs (22 nov) https://www.bleepingcomputer.com/news/security/hacker-posts-exploits-for-over-49-000-vulnerable-fortinet-vpns/Brazilian government recovers from “worst-ever” cyberattack (23 nov) https://www.zdnet.com/article/brazilian-government-recovers-from-worst-ever-cyberattack/Så hanterar du dina lösenord smart och enkelt (23 nov) https://www.dn.se/ekonomi/sa-hanterar-du-dina-losenord-smart-och-enkelt/Hackers accidentally expose Spotify user data they stole (23 nov) https://www.cnet.com/news/hoard-of-spotify-user-data-exposed-by-hackers-careless-security-practices/DDoS attacks surge, becoming more sophisticated (23 nov) https://securitybrief.eu/story/ddos-attacks-surge-becoming-more-sophisticatedWalmart-exclusive router and others sold on Amazon & eBay contain hidden backdoors to control devices (23 nov) https://cybernews.com/security/walmart-exclusive-routers-others-made-in-china-contain-backdoors-to-control-devices/Tesla Model X hacked and stolen in minutes using new key fob hack (23 nov) https://www.zdnet.com/article/tesla-model-x-hacked-and-stolen-in-minutes-using-new-key-fob-hack/On That Dusseldorf Hospital Ransomware Attack and the Resultant Death (24 nov) https://www.schneier.com/blog/archives/2020/11/on-that-dusseldorf-hospital-ransomware-attack-and-the-resultant-death.htmlIs Cybersecurity Smart Enough to Protect Automated Buildings? (24 nov) https://www.tripwire.com/state-of-security/featured/cybersecurity-smart-enough-to-protect-automated-buildings/XDR: Unifying incident detection, response and remediation (24 nov) https://www.helpnetsecurity.com/2020/11/24/xdr-extended-detection-and-response/TrickBot Gets Updated to Survive Takedown Attempts (24 nov) https://www.securityweek.com/trickbot-gets-updated-survive-takedown-attemptsNew WAPDropper malware stealthily subscribes you to premium services (24 nov) https://www.bleepingcomputer.com/news/security/new-wapdropper-malware-stealthily-subscribes-you-to-premium-services/Värnpliktiga rycker in som cybersoldater (25 nov) https://sverigesradio.se/sida/artikel.aspx?programid=1650&artikel=7607410Hackad nyhetsbyrå vägrar betala (25 nov) https://www.ttela.se/nyheter/v%C3%A4rlden/dansk-nyhetsbyr%C3%A5-utsatt-f%C3%B6r-hackerattack-1.37556414 .. Ritzau ramt af hackerangreb (24 nov) https://jyllands-posten.dk/indland/ECE12582696/ritzau-ramt-af-hackerangreb/Sophos notifies customers of data exposure after database misconfiguration (26 nov) https://www.zdnet.com/article/sophos-notifies-customers-of-data-exposure-after-database-misconfiguration/

Informationssäkerhet och blandat

Recipe for a successful phishing campaign (part 1/2) (13 okt) https://medium.com/bugbountywriteup/recipe-for-a-successful-phishing-campaign-part-1-2-dc23d927ec55Recipe for a successful phishing campaign (part 2/2) (15 okt) https://medium.com/bugbountywriteup/recipe-for-a-successful-phishing-campaign-part-2-2-68552806dcbaBooting from a vinyl record (19 nov) http://boginjr.com/it/sw/dev/vinyl-boot/Introducing another free CA as an alternative to Let’s Encrypt (20 nov) https://scotthelme.co.uk/introducing-another-free-ca-as-an-alternative-to-lets-encrypt/Bluffakturor med avsändare billpay (25 nov) https://sakerhetskollen.se/aktuella-brott/bluffakturor-med-avsandare-billpayArchitecture of a ransomware (1/2) (25 nov) https://securityshenaningans.medium.com/architecture-of-a-ransomware-1-2-1b9fee757fcbArchitecture of a ransomware (2/2) (26 nov) https://securityshenaningans.medium.com/architecture-of-a-ransomware-2-2-e22d8eb11cee

CERT-SE i veckan

Ny sårbarhet i VMware-produkter