CERT-SE:s veckobrev v.50
Tredje advent är redan här, och även denna vecka rapporteras det om en hel del ransomware. Men nu kan myndigheterna tätare fokusera på säkerhetsincidenter, när vi jobbar tillsammans i ett sprillans nytt cybersäkerhetscenter. Vi delar också information om den allra sista Flash-uppdateringen, och om flera cyberattacker mot vaccinhanteringen. Trevlig adventshelg önskar CERT-SE!
Nyheter i veckan
What did DeathStalker hide between two ferns? (3 dec) https://securelist.com/what-did-deathstalker-hide-between-two-ferns/99616/
Several Unpatched Popular Android Apps Put Millions of Users at Risk of Hacking (3 dec) https://thehackernews.com/2020/12/several-unpatched-popular-android-apps.html
TrickBot Malware Gets UEFI/BIOS Bootkit Feature to Remain Undetected (3 dec) https://thehackernews.com/2020/12/trickbot-malware-gets-uefibios-bootkit.html
FBI Warns of Auto-Forwarding Email Rules Abused for BEC Scams (3 dec)
https://www.securityweek.com/fbi-warns-auto-forwarding-email-rules-abused-bec-scams
…
https://assets.documentcloud.org/documents/20418379/fbi-pin-on-intrusions-exploiting-email-forwarding-rules.pdf
Test av MISP, threat sharing (4 dec) https://kryptera.se/misp-threat-sharing/
FS Datas kunder vittnar om fortsatt stora problem. ”Det stämmer inte”, säger vd:n (4 dec) https://computersweden.idg.se/2.2683/1.744058/fs-data-fortsatta-problem
Enigma Machine Recovered from the Baltic Sea (4 dec) https://www.schneier.com/blog/archives/2020/12/enigma-machine-recovered-from-the-baltic-sea.html
Metro Vancouver’s transit system hit by Egregor ransomware (4 dec)
https://www.bleepingcomputer.com/news/security/metro-vancouvers-transit-system-hit-by-egregor-ransomware/
…
Human resource consulting giant Randstad hit by Egregor ransomware (5 dec)
https://securityaffairs.co/wordpress/111952/cyber-crime/randstad-egregor-ransomware.html
…
https://www.recordedfuture.com/egregor-ransomware-attacks/
LockBit Ransomware operators hit Swiss helicopter maker Kopter (6 dec) https://securityaffairs.co/wordpress/111998/cyber-crime/lockbit-ransomware-kopter.html
Hiding Malware in Social Media Buttons (7 dec) https://www.schneier.com/blog/archives/2020/12/hiding-malware-in-social-media-buttons.html
Digital thought clones manipulate real-time online behavior (7 dec) https://www.helpnetsecurity.com/2020/12/07/digital-thought-clones/
Six cryptographic trends we’ll see next year (7 dec) https://www.helpnetsecurity.com/2020/12/07/cryptographic-trends-2021/
Techno-nationalism isn’t going to solve our cyber vulnerability problem (7 dec) https://www.helpnetsecurity.com/2020/12/07/techno-nationalism-cyber-vulnerability-problem/
Ransomware attacks target backup systems, compromising the company ‘insurance policy’ (7 dec) https://www.scmagazine.com/home/security-news/ransomware/ransomware-attacks-target-backup-systems-compromising-the-company-insurance-policy/
Greater Baltimore Medical Center Hit by Ransomware Attack (7 dec) https://www.securityweek.com/greater-baltimore-medical-center-hit-ransomware-attack
Zero-click ‘wormable’ RCE flaw uncovered in Microsoft Teams (8 dec) https://www.itpro.co.uk/security/358041/microsoft-teams-wormable-rce-flaw
Oblivious DNS-over-HTTPS (8 dec) https://www.schneier.com/blog/archives/2020/12/oblivious-dns-over-https.html
Cops raid home of ousted data scientist who created her own Florida COVID-19 dashboard (8 dec) https://www.theregister.com/2020/12/08/rebekah_jones_police_raid/
OpenSSL Security Advisory (8 dec) https://www.openssl.org/news/secadv/20201208.txt
Debricked launches Public Vulnerability Database (8 dec) https://debricked.com/blog/2020/12/08/debricked-launches-public-vulnerability-database/
Vulnerable TCP/IP stacks open millions of IoT and OT devices to attack (9 dec) https://www.helpnetsecurity.com/2020/12/09/vulnerable-tcp-ip-stacks/
Adobe just released the last Flash update ever (9 dec)
https://www.theverge.com/2020/12/9/22166160/adobe-last-flash-player-update-support-ending-december
…
Adobe to block Flash content from running on January 12, 2021 (9 dec)
https://www.zdnet.com/article/adobe-to-block-flash-content-from-running-on-january-12-2021/
China’s influence in the Nordic-Baltic region (9 dec) https://www.youtube.com/watch?v=BXJGb0-BWgk
2020 to reach vulnerability disclosure levels similar to those in 2019 (10 dec) https://www.helpnetsecurity.com/2020/12/10/2020-vulnerability-disclosure-levels/
Attack Activities by Quasar Family (10 dec) https://blogs.jpcert.or.jp/en/2020/12/quasar-family.html
Proof-of-concept exploit code published for new Kerberos Bronze Bit attack (10 dec) https://www.zdnet.com/article/proof-of-concept-exploit-code-published-for-new-kerberos-bronze-bit-attack/
The story of the year: remote work (10 dec) https://securelist.com/the-story-of-the-year-remote-work/99720/
Informationssäkerhet och blandat
North Korean hackers targeted six COVID-19 drug and vaccine makers (2 dec) https://nypost.com/2020/12/02/north-korean-hackers-allegedly-targeted-six-covid-drugmakers/
Think-Tanks Under Attack by Foreign APTs, CISA Warns (2 dec)
https://threatpost.com/think-tanks-attack-apts-cisa/161807/
…
https://us-cert.cisa.gov/ncas/alerts/aa20-336a
Mysterious phishing campaign targets organizations in COVID-19 vaccine cold chain (3 dec)
https://www.zdnet.com/article/mysterious-phishing-campaign-targets-organizations-in-covid-19-vaccine-cold-chain/
…
IBM Uncovers Global Phishing Campaign Targeting the COVID-19 Vaccine Cold Chain (4 dec)
https://securityintelligence.com/posts/ibm-uncovers-global-phishing-covid-19-vaccine-cold-chain/
…
Hackare siktar in sig på covidvaccinens svaga punkt – kylkedjan (4 dec)
https://computersweden.idg.se/2.2683/1.744042/hackare-covid-vaccin
Defense Bill Would Restore White House Cybersecurity Post (4 dec) https://www.govinfosecurity.com/defense-bill-would-restore-white-house-cybersecurity-post-a-15523
COVID-19 – Johnson & Johnson saw a 30% uptick in cyber-attacks (5 dec) https://securityaffairs.co/wordpress/111960/hacking/covid-19-johnson-johnson-cyber-attacks.html
Iranian Hackers Attack Israel Water Facility, Gain Access To HMI Systems (6 dec)
https://www.ehackingnews.com/2020/12/iranian-hackers-attack-israel-water.html
…
Hackers Breached Israeli Water Reservoir HMI System (7 dec)
https://www.bankinfosecurity.com/hackers-breached-israeli-water-reservoir-hmi-system-a-15537
…
What We’ve Learned from the December 1st Attack on an Israeli Water Reservoir (3 dec)
https://www.otorio.com/blog/what-we-ve-learned-from-the-december-1st-attack-on-an-israeli-water-reservoir/
Police arrest two people over stealing sensitive data from defense giant (6 dec) https://securityaffairs.co/wordpress/111965/cyber-crime/leonardo-data-theft.html
COVID-19 themed attacks October 1 – December 5, 2020 (6 dec) https://securityaffairs.co/wordpress/111973/cyber-crime/covid-19-themed-attacks-oct-1-dec-5.html?utm_source=rss&utm_medium=rss&utm_campaign=covid-19-themed-attacks-oct-1-dec-5
Thoughts from the NCSC 2020 Annual Review (6 dec) https://www.tripwire.com/state-of-security/security-data-protection/thoughts-from-ncsc-2020-annual-review/
NSA Releases Advisory on Russian State-Sponsored Malicious Cyber Actors Exploiting CVE-2020-4006 (7 dec) https://us-cert.cisa.gov/ncas/current-activity/2020/12/07/nsa-releases-advisory-russian-state-sponsored-malicious-cyber
Travel agent leaked customer data by – this is embarrassing – giving it away in a hackathon (7 dec) https://www.theregister.com/2020/12/07/data_breach_in_hackathon_data/
Hacker opens 2,732 PickPoint package lockers across Moscow (7 dec) https://www.zdnet.com/article/hacker-opens-2732-pickpoint-package-lockers-across-moscow/
Hackers leak data from Embraer, world’s third-largest airplane maker (7 dec) https://www.zdnet.com/article/hackers-leak-data-from-embraer-worlds-third-largest-airplane-maker/
Israel shaken by data leak after ransomware attack at Shirbit insurance company (7 dec) https://hotforsecurity.bitdefender.com/blog/israel-shaken-by-data-leak-after-ransomware-attack-at-shirbit-insurance-company-24786.html
$1 trillion lost to cybercrime in 2020, yet companies remain ill-prepared (7 dec) https://www.scmagazine.com/home/security-news/cybercrime/1-trillion-lost-to-cybercrime-in-2020-yet-companies-remain-ill-prepared/
Datainnbruddet mot Stortinget er ferdig etterforsket (8 dec)
https://pst.no/alle-artikler/pressemeldinger/datainnbruddet-mot-stortinget-er-ferdig-etterforsket/
…
Rysk hackergrupp misstänks ligga bakom hackerattacken mot Stortinget (8 dec)
https://www.dn.se/varlden/rysk-hackergrupp-misstanks-ligga-bakom-hackerattacken-mot-stortinget/
…
Russian embassy responds to Norwegian allegations of cyberattack (10 dec)
https://www.ehackingnews.com/2020/12/russian-embassy-responds-to-norwegian.html
U.S. cybersecurity firm FireEye discloses breach, theft of internal hacking tools (8 dec)
https://www.reuters.com/article/fireeye-cyber/u-s-cybersecurity-firm-fireeye-discloses-breach-theft-of-internal-hacking-tools-idUSL1N2IO2EI
…
FireEye Says Nation-State Attackers Stole Pen Test Tools (8 dec)
https://www.govinfosecurity.com/fireeye-says-nation-state-attackers-stole-pen-test-tools-a-15555
…
FireEye hacked. “State-sponsored attackers” blamed as Red Team tools stolen. Here’s what you need to know (9 dec)
https://grahamcluley.com/fireeye-hacked-what-you-need-to-know/
…
FireEye Hacked (9 dec)
https://www.schneier.com/blog/archives/2020/12/fireeye-hacked.html
…
Russia’s FireEye Hack Is a Statement—but Not a Catastrophe (9 dec)
https://www.wired.com/story/russia-fireeye-hack-statement-not-catastrophe/
…
FireEye Shares Details of Recent Cyber Attack, Actions to Protect Community (8 dec)
https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html
…
FireEye Breach Detection Guidance (9 dec)
https://blog.talosintelligence.com/2020/12/fireeye-breach-guidance.html
…
Following FireEye Hack, Ensure These 16 Bugs Are Patched (10 dec)
https://www.bankinfosecurity.com/blogs/following-fireeye-hack-ensure-these-16-bugs-are-patched-p-2977
GE puts default password in radiology devices, leaving healthcare networks exposed (8 dec) https://arstechnica.com/information-technology/2020/12/default-password-in-radiology-devices-leaves-healthcare-networks-open-to-attack/
Key cybersecurity problems expected to mark 2021 (8 dec) https://www.helpnetsecurity.com/2020/12/08/cybersecurity-problems-2021/
De röda korsen på sjukhusen ingen garanti mot hackerattacker (8 dec) https://www.sjukhuslakaren.se/kronika/de-roda-korsen-pa-sjukhusen-ingen-garanti-mot-hackerattacker/
Han utbildar Sveriges första cybersoldater (8 dec) https://www.sjukhuslakaren.se/han-utbildar-sveriges-forsta-cybersoldater/
EU Vaccine Approval Agency Investigating Cyberattack (9 dec)
https://www.govinfosecurity.com/eu-vaccine-approval-agency-investigating-cyberattack-a-15558
…
Vaccinuppgifter har stulits i en cyberattack (9 dec)
https://sverigesradio.se/artikel/7621032
…
Pfizer/BioNTech vaccine docs hacked from European Medicines Agency (10 dec)
https://www.bbc.com/news/technology-55249353
Nytt center ska stärka Sveriges cybersäkerhet (9 dec)
https://www.dn.se/debatt/nytt-center-ska-starka-sveriges-cybersakerhet/
…
Regeringen inrättar ett nationellt cybersäkerhetscenter (10 dec)
https://www.regeringen.se/pressmeddelanden/2020/12/regeringen-inrattar-ett-nationellt-cybersakerhetscenter/
…
Nytt cybersäkerhetscenter ska skydda mot ökande IT-hot (10 dec)
https://sverigesradio.se/artikel/7621258
…
Så ska Sverige cybersäkras: ”Handlar om att kraftsamla” (10 dec)
https://www.nyteknik.se/sakerhet/sa-ska-sverige-cybersakras-handlar-om-att-kraftsamla-7006613
…
Nu är det officiellt – nationellt cybersäkerhetscenter är igång (10 dec)
https://computersweden.idg.se/2.2683/1.744390/nationellt-cybersakerhetscenter
…
Bolag behöver skala upp sin cybersäkerhet (10 dec)
https://www.di.se/ledare/bolag-behover-skala-upp-sin-cybersakerhet/
Krishantering inom cybersäkerhet (10 dec) https://www.tjugofyra7.se/artiklar/Nyhet/cybersakerhet/
State-sponsored actors ‘very likely’ looking to attack electricity supply, says intelligence agency (10 dec) https://www.electricityforum.com/news/canada-grid-security
Improve your cyber security this festive period (10 dec) https://www.ncsc.gov.uk/cyberaware/home
The new European Cybersecurity Competence Centre to be located in Bucharest, Romania (10 dec) https://www.consilium.europa.eu/en/press/press-releases/2020/12/10/the-new-european-cybersecurity-competence-centre-to-be-located-in-bucharest-romania/
Australian intelligence community seeking to build a top-secret cloud (11 dec) https://www.zdnet.com/article/australian-intelligence-community-seeking-to-build-a-top-secret-cloud/
2021 predictions: The rise of cyber resilience (11 dec) https://www.helpnetsecurity.com/2020/12/11/2021-cyber-resilience-predictions/
CERT-SE i veckan
Kritisk sårbarhet i Cisco Jabber Microsofts och Adobes månatliga säkerhetsuppdateringar för december Sårbarheter i mjukvara för implementering av TCP/IP