CERT-SE:s veckobrev v.51
Midvinternattens köld är frånvarande. Gräsmattan grön, vi behöver den trimma. Alla önskar solen som närvarande, utan vind i dygnets varje timma. Omysiga nallar vandrar tyst i stan. Masker lyser vit på man, fru och barn. Med Orion kan du känna dig naken, bakdörr öppen, det drar om baken. Dock är CERT-SE 24/7-vaken.Nu dröjer det till den 8 januari för nästa CERT-SE Veckobrev.God Jul och Gott Nytt År!
Nyheter i veckan
Widespread malware campaign seeks to silently inject ads into search results, affects multiple browsers (10 dec) https://www.microsoft.com/security/blog/2020/12/10/widespread-malware-campaign-seeks-to-silently-inject-ads-into-search-results-affects-multiple-browsers/
‘MountLocker’ Ransomware Adds to Affiliate Extortion Racket (12 dec) https://www.bankinfosecurity.com/mountlocker-ransomware-adds-to-affiliate-extortion-racket-a-15583
Dataintrång vid Clas Ohlson i Insjön röjde personuppgifter (12 dec) https://sverigesradio.se/sida/artikel.aspx?programid=161&artikel=7620305
Västra Götalandsregionen utsatt för upprepade cyberattacker (12 dec) https://sverigesradio.se/artikel/7623186Former Cisco engineer sentenced to prison for deleting 16k Webex accounts (12 dec) https://www.zdnet.com/article/former-cisco-engineer-sentenced-to-prison-for-deleting-16k-webex-accounts/
SoReL-20M: A Huge Dataset of 20 Million Malware Samples Released Online (14 dec) https://thehackernews.com/2020/12/sorel-20m-huge-dataset-of-20-million.html
Spotify notifies customers of breach, files under CCPA (14 dec) https://www.scmagazine.com/home/security-news/data-breach/spotify-notifies-customers-of-breach-files-under-ccpa/
How scammers target PayPal users and how you can stay safe (14 dec) https://www.welivesecurity.com/2020/12/14/how-scammers-target-paypal-users-stay-safe/
PyMICROPSIA: New Information-Stealing Trojan from AridViper (14 dec) https://unit42.paloaltonetworks.com/pymicropsia/
Norwegian cruise liner Hurtigruten sustains cyberattack (14 dec)
https://uk.reuters.com/article/hurtigruten-cyberattack/norwegian-cruise-liner-hurtigruten-sustains-cyberattack-idUKKBN28O1E5
…
Norwegian Cruise Company Hurtigruten Hit by Cyberattack (14 dec)
https://www.securityweek.com/norwegian-cruise-company-hurtigruten-hit-cyberattack
FTC orders Amazon, Facebook and others to explain how they collect and use personal data (14 dec) https://www.cnbc.com/2020/12/14/ftc-orders-amazon-facebook-and-others-to-explain-how-they-use-personal-data.html
Academics turn RAM into Wi-Fi cards to steal data from air-gapped systems (15 dec) https://www.zdnet.com/article/academics-turn-ram-into-wifi-cards-to-steal-data-from-air-gapped-systems/
45 million medical scans from hospitals all over the world left exposed online for anyone to view – some servers were laced with malware (15 dec)
https://www.theregister.com/2020/12/15/dicom_45_million_medical_scans_unsecured/
…
Report: https://cybelangel.com/medical-data-breaches/
Your ship comms app is ‘secured’ with a Flash interface, doesn’t sanitise SQL inputs and leaks user data, you say? (16 dec) https://www.theregister.com/2020/12/16/dualog_communications_suite_cves/
Datainnbrudd på UiT: – Svært alvorlig (16 dec) https://www.nrk.no/tromsogfinnmark/datainnbrudd-pa-uit-_-norges-arktiske-universitet-1.15291427
Signal adds encrypted group video calls that friends can pop in and out of (16 dec) https://mashable.com/article/signal-end-to-end-encrypted-group-video-calls/?
Up to 3 million devices infected by malware-laced Chrome and Edge add-ons (16 dec) https://arstechnica.com/information-technology/2020/12/up-to-3-million-devices-infected-by-malware-laced-chrome-and-edge-add-ons/
Israeli spy firm suspected of accessing global telecoms via Channel Islands (16 dec) https://www.theguardian.com/world/2020/dec/16/israeli-spy-firm-suspected-accessing-global-telecoms-channel-islands
Volume of malicious files detected daily saw dramatic rise in 2020 (16 dec) https://www.itproportal.com/news/volume-of-malicious-files-detected-daily-saw-dramatic-rise-in-2020/
Microsoft unleashes ‘Death Star’ on SolarWinds hackers in extraordinary response to breach (16 dec) https://www.geekwire.com/2020/microsoft-unleashes-death-star-solarwinds-hackers-extraordinary-response-breach/
Researchers find 45 million medical images exposed online (17 dec) https://www.itpro.co.uk/security/cyber-security/358174/researchers-find-45-million-medical-images-exposed-online
FBI Warns of DoppelPaymer Ransomware Targeting Critical Infrastructure (17 dec) https://www.securityweek.com/fbi-warns-doppelpaymer-ransomware-targeting-critical-infrastructure
SolarWinds Orion
CISA Issues Emergency Directive to Mitigate the Compromise of Solarwinds Orion Network Management Products (13 dec) https://www.cisa.gov/news/2020/12/13/cisa-issues-emergency-directive-mitigate-compromise-solarwinds-orion-network
US Government Confirms Cyberattack (13 dec) https://www.securityweek.com/us-government-confirms-cyberattack
Hackers Break Into U.S. Treasury and Commerce Departments (13 dec) https://time.com/5921218/russia-hackers-treasury-commerce/
Suspected Russian hackers spied on U.S. Treasury emails - sources (13 dec) https://www.reuters.com/article/us-usa-cyber-amazon-com-exclsuive/exclusive-u-s-treasury-breached-by-hackers-backed-by-foreign-government-sources-idUSKBN28N0PG
Microsoft, FireEye confirm SolarWinds supply chain attack (14 dec) https://www.zdnet.com/article/microsoft-fireeye-confirm-solarwinds-supply-chain-attack/
SolarWinds Says 18,000 Customers May Have Used Compromised Orion Product (14 dec) https://www.securityweek.com/solarwinds-says-18000-customers-may-have-used-compromised-product
SANS Emergency Webcast: What you need to know about the SolarWinds Supply-Chain Attack (14 dec) https://www.sans.org/webcasts/emergency-webcast-about-solarwinds-supply-chain-attack-118015
SolarWinds Hack Could Affect 18K Customers (15 dec) https://krebsonsecurity.com/2020/12/solarwinds-hack-could-affect-18k-customers/
How the SolarWinds Hackers Bypassed Duo’s Multi-Factor Authentication (15 dec) https://www.schneier.com/blog/archives/2020/12/how-the-solarwinds-hackers-bypassed-duo-multi-factor-authentication.html
Cyberattack ‘Leaves U.K. Infrastructure Exposed for Month’ (15 dec) https://www.newsweek.com/cybersecurity-crime-nhs-home-office-u-k-police-1554913
CISA Alert (AA20-352A) | Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations (17 dec) https://us-cert.cisa.gov/ncas/alerts/aa20-352a
Exclusive: Microsoft breached in suspected Russian hack using SolarWinds - sources (17 dec)
https://www.reuters.com/article/global-cyber-microsoft-idUSL1N2IX33C
…
Microsoft says it found malicious software in its systems (17 dec)
https://www.reuters.com/article/us-usa-cyber-breach/microsoft-says-it-found-malicious-software-in-its-systems-idUSKBN28R2ZJ
…
Microsoft unleashes ‘Death Star’ on SolarWinds hackers in extraordinary response to breach (16 dec)
https://www.geekwire.com/2020/microsoft-unleashes-death-star-solarwinds-hackers-extraordinary-response-breach/
…
Ensuring customers are protected from Solorigate (15 dec)
https://www.microsoft.com/security/blog/2020/12/15/ensuring-customers-are-protected-from-solorigate/
A moment of reckoning: the need for a strong and global cybersecurity response (17 dec) https://blogs.microsoft.com/on-the-issues/2020/12/17/cyberattacks-cybersecurity-solarwinds-fireeye/
Informationssäkerhet och blandat
DDoS Attack Preparation Workbook https://www.senki.org/ddos-attack-preparation-workbook/Signalskydd – en introduktion (webbkurs) (11 dec)
https://www.msb.se/sv/utbildning–ovning/alla-utbildningar/signalskydd–en-introduktion-webbkurs/
Västra Götaland skyddar patientjournalerna – Skåne tog annan väg (12 dec) https://www.svt.se/nyheter/lokalt/skane/vgr-ett-strategiskt-vagval
Cyberattacker skrämmer banksfären: ”Det finns en ökad oro” (14 dec) https://www.di.se/nyheter/cyberattacker-skrammer-banksfaren-det-finns-en-okad-oro/
Julpyssel 2020 (17 dec) https://www.fra.se/nyheter/nyheter/nyhetsarkiv/news/julpyssel2020.5.15d6ea201729ce403d22db.html
[CRACKED BY FLT] Featured in Swedish Contingencies Agency - En Svensk Tiger (18 dec) http://www.danko.se/articles/110/featured-in-swedish-contingencies-agency-en-svensk-tiger
Unpatched, Unprepared, Unprotected: How Critical Device Vulnerabilities Remain Unaddressed https://www.armis.com/resources/iot-security-blog/unpatched-unprepared-unprotected-how-critical-device-vulnerabilities-remain-unaddressed/
Finding APTX - Attributing Attacks via MITRE TTPs https://documents.trendmicro.com/assets/white_papers/wp-finding-APTX-attributing-attacks-via-MITRE-TTPs.pdf
How to use Jitsi Meet, an open source Zoom alternative https://mashable.com/article/how-to-use-jitsi-meet-zoom-alternative/?
A National Cybersecurity Agenda for Resilient Digital Infrastructure https://www.aspeninstitute.org/longform/a-national-cybersecurity-agenda-for-resilient-digital-infrastructure/
CERT-SE i veckan
Kritiskt zero-day-sårbarhet i HPE Insight Manager Sårbarhet i SolarWinds Orion utnyttjas aktivt - uppdatera snarast möjligt (uppdaterad 2020-12-16)