CERT-SE startsida
Sök inom CERT-SE
Publicerad: 2020-12-11 14:12

CERT-SE:s veckobrev v.50

Veckobrev

Tredje advent är redan här, och även denna vecka rapporteras det om en hel del ransomware. Men nu kan myndigheterna tätare fokusera på säkerhetsincidenter, när vi jobbar tillsammans i ett sprillans nytt cybersäkerhetscenter. Vi delar också information om den allra sista Flash-uppdateringen, och om flera cyberattacker mot vaccinhanteringen. Trevlig adventshelg önskar CERT-SE!

Nyheter i veckan

What did DeathStalker hide between two ferns? (3 dec) https://securelist.com/what-did-deathstalker-hide-between-two-ferns/99616/

Several Unpatched Popular Android Apps Put Millions of Users at Risk of Hacking (3 dec) https://thehackernews.com/2020/12/several-unpatched-popular-android-apps.html

TrickBot Malware Gets UEFI/BIOS Bootkit Feature to Remain Undetected (3 dec) https://thehackernews.com/2020/12/trickbot-malware-gets-uefibios-bootkit.html

FBI Warns of Auto-Forwarding Email Rules Abused for BEC Scams (3 dec) https://www.securityweek.com/fbi-warns-auto-forwarding-email-rules-abused-bec-scams
https://assets.documentcloud.org/documents/20418379/fbi-pin-on-intrusions-exploiting-email-forwarding-rules.pdf

Test av MISP, threat sharing (4 dec) https://kryptera.se/misp-threat-sharing/

FS Datas kunder vittnar om fortsatt stora problem. ”Det stämmer inte”, säger vd:n (4 dec) https://computersweden.idg.se/2.2683/1.744058/fs-data-fortsatta-problem

Enigma Machine Recovered from the Baltic Sea (4 dec) https://www.schneier.com/blog/archives/2020/12/enigma-machine-recovered-from-the-baltic-sea.html

Metro Vancouver’s transit system hit by Egregor ransomware (4 dec) https://www.bleepingcomputer.com/news/security/metro-vancouvers-transit-system-hit-by-egregor-ransomware/
Human resource consulting giant Randstad hit by Egregor ransomware (5 dec) https://securityaffairs.co/wordpress/111952/cyber-crime/randstad-egregor-ransomware.html
https://www.recordedfuture.com/egregor-ransomware-attacks/

LockBit Ransomware operators hit Swiss helicopter maker Kopter (6 dec) https://securityaffairs.co/wordpress/111998/cyber-crime/lockbit-ransomware-kopter.html

Hiding Malware in Social Media Buttons (7 dec) https://www.schneier.com/blog/archives/2020/12/hiding-malware-in-social-media-buttons.html

Digital thought clones manipulate real-time online behavior (7 dec) https://www.helpnetsecurity.com/2020/12/07/digital-thought-clones/

Six cryptographic trends we’ll see next year (7 dec) https://www.helpnetsecurity.com/2020/12/07/cryptographic-trends-2021/

Techno-nationalism isn’t going to solve our cyber vulnerability problem (7 dec) https://www.helpnetsecurity.com/2020/12/07/techno-nationalism-cyber-vulnerability-problem/

Ransomware attacks target backup systems, compromising the company ‘insurance policy’ (7 dec) https://www.scmagazine.com/home/security-news/ransomware/ransomware-attacks-target-backup-systems-compromising-the-company-insurance-policy/

Greater Baltimore Medical Center Hit by Ransomware Attack (7 dec) https://www.securityweek.com/greater-baltimore-medical-center-hit-ransomware-attack

Zero-click ‘wormable’ RCE flaw uncovered in Microsoft Teams (8 dec) https://www.itpro.co.uk/security/358041/microsoft-teams-wormable-rce-flaw

Oblivious DNS-over-HTTPS (8 dec) https://www.schneier.com/blog/archives/2020/12/oblivious-dns-over-https.html

Cops raid home of ousted data scientist who created her own Florida COVID-19 dashboard (8 dec) https://www.theregister.com/2020/12/08/rebekah_jones_police_raid/

OpenSSL Security Advisory (8 dec) https://www.openssl.org/news/secadv/20201208.txt

Debricked launches Public Vulnerability Database (8 dec) https://debricked.com/blog/2020/12/08/debricked-launches-public-vulnerability-database/

Vulnerable TCP/IP stacks open millions of IoT and OT devices to attack (9 dec) https://www.helpnetsecurity.com/2020/12/09/vulnerable-tcp-ip-stacks/

Adobe just released the last Flash update ever (9 dec) https://www.theverge.com/2020/12/9/22166160/adobe-last-flash-player-update-support-ending-december
Adobe to block Flash content from running on January 12, 2021 (9 dec) https://www.zdnet.com/article/adobe-to-block-flash-content-from-running-on-january-12-2021/

China’s influence in the Nordic-Baltic region (9 dec) https://www.youtube.com/watch?v=BXJGb0-BWgk

2020 to reach vulnerability disclosure levels similar to those in 2019 (10 dec) https://www.helpnetsecurity.com/2020/12/10/2020-vulnerability-disclosure-levels/

Attack Activities by Quasar Family (10 dec) https://blogs.jpcert.or.jp/en/2020/12/quasar-family.html

Proof-of-concept exploit code published for new Kerberos Bronze Bit attack (10 dec) https://www.zdnet.com/article/proof-of-concept-exploit-code-published-for-new-kerberos-bronze-bit-attack/

The story of the year: remote work (10 dec) https://securelist.com/the-story-of-the-year-remote-work/99720/

Informationssäkerhet och blandat

North Korean hackers targeted six COVID-19 drug and vaccine makers (2 dec) https://nypost.com/2020/12/02/north-korean-hackers-allegedly-targeted-six-covid-drugmakers/

Think-Tanks Under Attack by Foreign APTs, CISA Warns (2 dec) https://threatpost.com/think-tanks-attack-apts-cisa/161807/
https://us-cert.cisa.gov/ncas/alerts/aa20-336a

Mysterious phishing campaign targets organizations in COVID-19 vaccine cold chain (3 dec) https://www.zdnet.com/article/mysterious-phishing-campaign-targets-organizations-in-covid-19-vaccine-cold-chain/
IBM Uncovers Global Phishing Campaign Targeting the COVID-19 Vaccine Cold Chain (4 dec) https://securityintelligence.com/posts/ibm-uncovers-global-phishing-covid-19-vaccine-cold-chain/
Hackare siktar in sig på covidvaccinens svaga punkt – kylkedjan (4 dec) https://computersweden.idg.se/2.2683/1.744042/hackare-covid-vaccin

Defense Bill Would Restore White House Cybersecurity Post (4 dec) https://www.govinfosecurity.com/defense-bill-would-restore-white-house-cybersecurity-post-a-15523

COVID-19 – Johnson & Johnson saw a 30% uptick in cyber-attacks (5 dec) https://securityaffairs.co/wordpress/111960/hacking/covid-19-johnson-johnson-cyber-attacks.html

Iranian Hackers Attack Israel Water Facility, Gain Access To HMI Systems (6 dec) https://www.ehackingnews.com/2020/12/iranian-hackers-attack-israel-water.html
Hackers Breached Israeli Water Reservoir HMI System (7 dec) https://www.bankinfosecurity.com/hackers-breached-israeli-water-reservoir-hmi-system-a-15537
What We’ve Learned from the December 1st Attack on an Israeli Water Reservoir (3 dec) https://www.otorio.com/blog/what-we-ve-learned-from-the-december-1st-attack-on-an-israeli-water-reservoir/

Police arrest two people over stealing sensitive data from defense giant (6 dec) https://securityaffairs.co/wordpress/111965/cyber-crime/leonardo-data-theft.html

COVID-19 themed attacks October 1 – December 5, 2020 (6 dec) https://securityaffairs.co/wordpress/111973/cyber-crime/covid-19-themed-attacks-oct-1-dec-5.html?utm_source=rss&utm_medium=rss&utm_campaign=covid-19-themed-attacks-oct-1-dec-5

Thoughts from the NCSC 2020 Annual Review (6 dec) https://www.tripwire.com/state-of-security/security-data-protection/thoughts-from-ncsc-2020-annual-review/

NSA Releases Advisory on Russian State-Sponsored Malicious Cyber Actors Exploiting CVE-2020-4006 (7 dec) https://us-cert.cisa.gov/ncas/current-activity/2020/12/07/nsa-releases-advisory-russian-state-sponsored-malicious-cyber

Travel agent leaked customer data by – this is embarrassing – giving it away in a hackathon (7 dec) https://www.theregister.com/2020/12/07/data_breach_in_hackathon_data/

Hacker opens 2,732 PickPoint package lockers across Moscow (7 dec) https://www.zdnet.com/article/hacker-opens-2732-pickpoint-package-lockers-across-moscow/

Hackers leak data from Embraer, world’s third-largest airplane maker (7 dec) https://www.zdnet.com/article/hackers-leak-data-from-embraer-worlds-third-largest-airplane-maker/

Israel shaken by data leak after ransomware attack at Shirbit insurance company (7 dec) https://hotforsecurity.bitdefender.com/blog/israel-shaken-by-data-leak-after-ransomware-attack-at-shirbit-insurance-company-24786.html

$1 trillion lost to cybercrime in 2020, yet companies remain ill-prepared (7 dec) https://www.scmagazine.com/home/security-news/cybercrime/1-trillion-lost-to-cybercrime-in-2020-yet-companies-remain-ill-prepared/

Datainnbruddet mot Stortinget er ferdig etterforsket (8 dec) https://pst.no/alle-artikler/pressemeldinger/datainnbruddet-mot-stortinget-er-ferdig-etterforsket/
Rysk hackergrupp misstänks ligga bakom hackerattacken mot Stortinget (8 dec) https://www.dn.se/varlden/rysk-hackergrupp-misstanks-ligga-bakom-hackerattacken-mot-stortinget/
Russian embassy responds to Norwegian allegations of cyberattack (10 dec) https://www.ehackingnews.com/2020/12/russian-embassy-responds-to-norwegian.html

U.S. cybersecurity firm FireEye discloses breach, theft of internal hacking tools (8 dec) https://www.reuters.com/article/fireeye-cyber/u-s-cybersecurity-firm-fireeye-discloses-breach-theft-of-internal-hacking-tools-idUSL1N2IO2EI
FireEye Says Nation-State Attackers Stole Pen Test Tools (8 dec) https://www.govinfosecurity.com/fireeye-says-nation-state-attackers-stole-pen-test-tools-a-15555
FireEye hacked. “State-sponsored attackers” blamed as Red Team tools stolen. Here’s what you need to know (9 dec) https://grahamcluley.com/fireeye-hacked-what-you-need-to-know/
FireEye Hacked (9 dec) https://www.schneier.com/blog/archives/2020/12/fireeye-hacked.html
Russia’s FireEye Hack Is a Statement—but Not a Catastrophe (9 dec) https://www.wired.com/story/russia-fireeye-hack-statement-not-catastrophe/
FireEye Shares Details of Recent Cyber Attack, Actions to Protect Community (8 dec) https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html
FireEye Breach Detection Guidance (9 dec) https://blog.talosintelligence.com/2020/12/fireeye-breach-guidance.html
Following FireEye Hack, Ensure These 16 Bugs Are Patched (10 dec) https://www.bankinfosecurity.com/blogs/following-fireeye-hack-ensure-these-16-bugs-are-patched-p-2977

GE puts default password in radiology devices, leaving healthcare networks exposed (8 dec) https://arstechnica.com/information-technology/2020/12/default-password-in-radiology-devices-leaves-healthcare-networks-open-to-attack/

Key cybersecurity problems expected to mark 2021 (8 dec) https://www.helpnetsecurity.com/2020/12/08/cybersecurity-problems-2021/

De röda korsen på sjukhusen ingen garanti mot hackerattacker (8 dec) https://www.sjukhuslakaren.se/kronika/de-roda-korsen-pa-sjukhusen-ingen-garanti-mot-hackerattacker/

Han utbildar Sveriges första cybersoldater (8 dec) https://www.sjukhuslakaren.se/han-utbildar-sveriges-forsta-cybersoldater/

EU Vaccine Approval Agency Investigating Cyberattack (9 dec) https://www.govinfosecurity.com/eu-vaccine-approval-agency-investigating-cyberattack-a-15558
Vaccinuppgifter har stulits i en cyberattack (9 dec) https://sverigesradio.se/artikel/7621032
Pfizer/BioNTech vaccine docs hacked from European Medicines Agency (10 dec) https://www.bbc.com/news/technology-55249353

Nytt center ska stärka Sveriges cybersäkerhet (9 dec) https://www.dn.se/debatt/nytt-center-ska-starka-sveriges-cybersakerhet/
Regeringen inrättar ett nationellt cyber­säkerhets­center (10 dec) https://www.regeringen.se/pressmeddelanden/2020/12/regeringen-inrattar-ett-nationellt-cybersakerhetscenter/
Nytt cybersäkerhetscenter ska skydda mot ökande IT-hot (10 dec) https://sverigesradio.se/artikel/7621258
Så ska Sverige cybersäkras: ”Handlar om att kraftsamla” (10 dec) https://www.nyteknik.se/sakerhet/sa-ska-sverige-cybersakras-handlar-om-att-kraftsamla-7006613
Nu är det officiellt – nationellt cybersäkerhetscenter är igång (10 dec) https://computersweden.idg.se/2.2683/1.744390/nationellt-cybersakerhetscenter
Bolag behöver skala upp sin cybersäkerhet (10 dec) https://www.di.se/ledare/bolag-behover-skala-upp-sin-cybersakerhet/

Krishantering inom cybersäkerhet (10 dec) https://www.tjugofyra7.se/artiklar/Nyhet/cybersakerhet/

State-sponsored actors ‘very likely’ looking to attack electricity supply, says intelligence agency (10 dec) https://www.electricityforum.com/news/canada-grid-security

Improve your cyber security this festive period (10 dec) https://www.ncsc.gov.uk/cyberaware/home

The new European Cybersecurity Competence Centre to be located in Bucharest, Romania (10 dec) https://www.consilium.europa.eu/en/press/press-releases/2020/12/10/the-new-european-cybersecurity-competence-centre-to-be-located-in-bucharest-romania/

Australian intelligence community seeking to build a top-secret cloud (11 dec) https://www.zdnet.com/article/australian-intelligence-community-seeking-to-build-a-top-secret-cloud/

2021 predictions: The rise of cyber resilience (11 dec) https://www.helpnetsecurity.com/2020/12/11/2021-cyber-resilience-predictions/

CERT-SE i veckan

Kritisk sårbarhet i Cisco Jabber Microsofts och Adobes månatliga säkerhetsuppdateringar för december Sårbarheter i mjukvara för implementering av TCP/IP