CERT-SE:s veckobrev v.2

Veckobrev

Äntligen fredag och äntligen dags för ett nytt veckobrev. Under veckan som gått har rapporteringen om SolarWinds fortsatt. Dessutom några nyheter från Folk och Försvars digitala rikskonferens i början av veckan, samt lite annat smått och gott.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Attacks targeting healthcare organizations spike globally as COVID-19 cases rise again (5 jan)
https://blog.checkpoint.com/2021/01/05/attacks-targeting-healthcare-organizations-spike-globally-as-covid-19-cases-rise-again/

Egregor Ransomware Targets Businesses Worldwide, Attempting to Extort Businesses by Publicly Releasing Exfiltrated Data (6 jan)
https://dd80b675424c132b90b3-e48385e382d2e5d17821a5e1d8e4c86b.ssl.cf1.rackcdn.com/external/pin20210106-001.pdf

Months after this ‘serious’ cyberattack, stolen data has been leaked online by hackers (7 jan)
https://www.zdnet.com/article/months-after-this-serious-cyber-attack-stolen-data-has-been-leaked-online-by-hackers/

Bugs in Firefox, Chrome, Edge Allow Remote System Hijacking (8 jan)
https://threatpost.com/firefox-chrome-edge-bugs-system-hijacking/

New Zealand central bank hit by a cyber attack (10 jan)
https://securityaffairs.co/wordpress/113242/data-breach/new-zealand-central-bank-hacked.html

Networking giant Ubiquiti alerts customers of potential data breach (11 jan)
https://www.bleepingcomputer.com/news/security/networking-giant-ubiquiti-alerts-customers-of-potential-data-breach/

Ubiquiti: Change Your Password, Enable 2FA (11 jan)
https://krebsonsecurity.com/2021/01/ubiquiti-change-your-password-enable-2fa/

Free decrypter released for victims of Darkside ransomware (11 jan)
https://www.zdnet.com/article/free-decrypter-released-for-victims-of-darkside-ransomware/

Säpochefen: ”Vi angrips hela tiden av främmande makt” (11 jan)
https://www.gp.se/nyheter/s%C3%A4pochefen-vi-angrips-hela-tiden-av-fr%C3%A4mmande-makt-1.39759811

Mac malware uses ‘run-only’ AppleScripts to evade analysis (11 jan)
https://www.bleepingcomputer.com/news/security/mac-malware-uses-run-only-applescripts-to-evade-analysis/

United Nations data breach exposed over 100k UNEP staff records (11 jan)
https://www.bleepingcomputer.com/news/security/united-nations-data-breach-exposed-over-100k-unep-staff-records/

Russia-linked postcard was “sent to FireEye’s CEO after cybersecurity firm uncovered hack” (11 jan)
https://grahamcluley.com/russia-linked-postcard-was-sent-to-fireeyes-ceo-after-cybersecurity-firm-uncovered-hack/

Over 200 Million Facebook, Instagram and LinkedIn Profiles Exposed Through Unsecured Database Held by Chinese Startup (12 jan)
https://hotforsecurity.bitdefender.com/blog/over-200-million-facebook-instagram-and-linkedin-profiles-exposed-through-unsecured-database-held-by-chinese-startup-25067.html

This Android malware claims to give hackers full control of your smartphone (12 jan)
https://www.zdnet.com/article/this-android-malware-claims-to-give-hackers-full-control-of-your-smartphone/

Hackers have leaked the COVID-19 vaccine data they stole in a cyberattack (13 jan)
https://www.zdnet.com/article/hackers-have-leaked-the-covid-19-vaccine-data-they-stole-in-a-cyberattack/

A record 2 million phishing sites reported in 2020, highest in a decade (13 jan)
https://atlasvpn.com/blog/a-record-2-million-phishing-sites-reported-in-2020-highest-in-a-decade

Phishing warning: These are the brands most likely to be impersonated by crooks, so stay alert (14 jan)
https://www.zdnet.com/article/phishing-warning-these-are-the-brands-most-likely-to-be-impersonated-by-crooks-so-stay-alert/

CheckPoint Brand Phishing Report – Q4 2020 (14 jan)
https://blog.checkpoint.com/2021/01/14/brand-phishing-report-q4-2020/

Pentagon pauses $2 billion cyber security project (14 jan)
https://www.itpro.co.uk/business/policy-legislation/358332/pentagon-pauses-2-billion-cyber-security-project

SolarWinds

Sealed U.S. Court Records Exposed in SolarWinds Breach (7 jan)
https://krebsonsecurity.com/2021/01/sealed-u-s-court-records-exposed-in-solarwinds-breach/

SolarWinds Hires Chris Krebs, Alex Stamos in Wake of Hack (8 jan)
https://threatpost.com/solarwinds-chris-krebs-alex-stamos-hack/162889/

Industry urges agencies to accelerate zero trust adoption after SolarWinds hack (9 jan)
https://www.fedscoop.com/agencies-zero-trust-solarwinds/

SolarWinds hackers also used common hacker techniques, CISA revealed (9 jan)
https://securityaffairs.co/wordpress/113210/cyber-warfare-2/solarwinds-hacker-techniques-cisa.html

New Findings From Our Investigation of SUNBURST (11 jan)
https://orangematter.solarwinds.com/2021/01/11/new-findings-from-our-investigation-of-sunburst/

SUNSPOT: An Implant in the Build Process (11 jan)
https://www.crowdstrike.com/blog/sunspot-malware-technical-analysis/

SolarWinds: What Hit Us Could Hit Others (12 jan)
https://krebsonsecurity.com/2021/01/solarwinds-what-hit-us-could-hit-others/

SolarLeaks: Files Allegedly Obtained in SolarWinds Hack Offered for Sale (13 jan)
https://www.securityweek.com/solarleaks-files-allegedly-obtained-solarwinds-hack-offered-sale

Informationssäkerhet och blandat

2020 - NSA Cybersecurity Year in Review (8 jan)
https://media.defense.gov/2021/Jan/08/2002561651/-1/-1/0/NSA%20CYBERSECURITY%202020%20YEAR%20IN%20REVIEW.PDF/NSA%20CYBERSECURITY%202020%20YEAR%20IN%20REVIEW.PDF

Maldoc Strings Analysis (9 jan)
https://isc.sans.edu/diary/rss/26966

Maldoc Analysis With CyberChef (10 jan)
https://isc.sans.edu/forums/diary/Maldoc+Analysis+With+CyberChef/26968/

Strike a chord: What cybersecurity can learn from music (11 jan)
https://www.helpnetsecurity.com/2021/01/11/what-cybersecurity-can-learn-from-music/

Folk och Försvar: Rikskonferensen 2021 - måndag (11 jan)
https://www.youtube.com/watch?v=QdDh-MP_Kuw

Folk och Försvar: Rikskonferensen 2021 - tisdag (12 jan)
https://www.youtube.com/watch?v=Xj_8yHAiu98

Cloning Google Titan 2FA keys (12 jan)
https://www.schneier.com/blog/archives/2021/01/cloning-google-titan-2fa-keys.html

AMAZON ECHO FLEX: MICROPHONE MUTE, REAL OR FAKE? (12 jan)
https://electronupdate.blogspot.com/2021/01/amazon-echo-flex-microphone-mute-real.html

Svenska IT-ansvariga har dåligt självförtroende (13 jan)
https://www.aktuellsakerhet.se/svenska-it-ansvariga-har-daligt-sjalvfortroende/

Understanding TCP/IP Stack Vulnerabilities in the IoT (13 jan)
https://www.darkreading.com/edge/theedge/understanding-tcp-ip-stack-vulnerabilities-in-the-iot/b/d-id/1339888?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Strengthening Security Configurations to Defend Against Attackers Targeting Cloud Services (13 jan)
https://us-cert.cisa.gov/ncas/analysis-reports/ar21-013a

CERT-SE i veckan

Microsofts månatliga säkerhetsuppdateringar för januari 2021

Varningar om ransomware mot kommuner i Norge, Frankrike och Storbritannien (“Mespinoza/Pysa”)