CERT-SE:s veckobrev v.3

Veckobrev

Äntligen fredag. Veckobrevet fortsätter att innehålla en hel del SolarWinds-nyheter, bland annat om hur attacken kommer att påverka cybersäkerhetsarbetet i USA framgent. I övrigt lite Linux-relaterat, en påminnelse om tvåfaktorsinloggning och ett tips om en DNS-utbildning som arrangeras av Internetstiftelsen.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

How I hijacked the top-level domain of a sovereign state (15 jan) https://labs.detectify.com/2021/01/15/how-i-hijacked-the-top-level-domain-of-a-sovereign-state/

I looked at all the ways Microsoft Teams tracks users and my head is spinning (17 jan) https://www.zdnet.com/article/i-looked-at-all-the-ways-microsoft-teams-tracks-users-and-my-head-is-spinning/

The Embedded YouTube Player Told Me What You Were Watching (and more) (18 jan) https://bugs.xdavidhu.me/google/2021/01/18/the-embedded-youtube-player-told-me-what-you-were-watching-and-more/

IObit forums hacked to spread ransomware to its members (18 jan) https://www.bleepingcomputer.com/news/security/iobit-forums-hacked-to-spread-ransomware-to-its-members/

The Swedish Internet Foundation offers a unique DNS class at KTH (18 jan) https://internetstiftelsen.se/en/tech/the-swedish-internet-foundation-offers-a-unique-dns-class-at-kth/

SVT avslöjar: Avlidna kvinnans trygghetslarm fungerade – hennes åtta rop på hjälp togs inte på allvar (19 jan) https://www.svt.se/nyheter/lokalt/norrbotten/luleakvinna-larmade-atta-ganger-tunstall-gjorde-ingenting

Flaws in dnsmasq software leave millions of Linux-based devices exposed (19 jan) https://www.techcentral.ie/flaws-in-widely-used-dnsmasq-software-leave-millions-of-linux-based-devices-exposed/

In hidden message on White House website, Biden calls for coders (20 jan) https://www.reuters.com/article/us-usa-biden-digital-service/in-hidden-message-on-white-house-website-biden-calls-for-coders-idUSKBN29P2IZ

DNSpooq - Kaminsky attack is back! (20 jan) https://www.jsof-tech.com/disclosures/dnspooq/ .. DNSpooq bugs expose millions of devices to DNS cache poisoning (20 jan) https://www.welivesecurity.com/2021/01/20/dnspooq-bugs-devices-dns-cache-poisoning/

New ‘FreakOut’ Malware Ensnares Linux Devices Into Botnet (20 jan) https://www.securityweek.com/new-freakout-malware-ensnares-linux-devices-botnet

Top DNS service may be suffering from some serious security flaws (20 jan) https://www.techradar.com/news/top-dns-service-may-be-suffering-from-some-serious-security-flaws

Please Stop Encrypting with RSA Directly (20 jan) https://soatok.blog/2021/01/20/please-stop-encrypting-with-rsa-directly/

Ransomware provides the perfect cover (21 jan) https://www.helpnetsecurity.com/2021/01/21/ransomware-cover/

How to check for and stop DDoS attacks on Linux (21 jan) https://www.techrepublic.com/article/how-to-check-for-and-stop-ddos-attacks-on-linux/

The state of the dark web: Insights from the underground (21 jan) https://www.csoonline.com/article/3601686/the-state-of-the-dark-web-insights-from-the-underground.html

DDoS-Guard To Forfeit Internet Space Occupied by Parler (21 jan) https://krebsonsecurity.com/2021/01/ddos-guard-to-forfeit-internet-space-occupied-by-parler/

NSA Offers Sysadmins Guidance on Eliminating Obsolete TLS Configurations (21 jan) https://hotforsecurity.bitdefender.com/blog/nsa-offers-sysadmins-guidance-on-eliminating-obsolete-tls-configurations-25145.html

How DMaaS eliminates data silos and 4 tips for choosing a provider (21 jan) https://www.cio.com/article/3603109/how-dmaas-eliminates-data-silos-and-4-tips-for-choosing-a-provider.html

Powershell Dropping a REvil Ransomware (21 jan) https://blog.rootshell.be/2021/01/21/sans-isc-powershell-dropping-a-revil-ransomware/

SolarWinds

Malwarebytes targeted by Nation State Actor implicated in SolarWinds breach. Evidence suggests abuse of privileged access to Microsoft Office 365 and Azure environments (18 jan) https://blog.malwarebytes.com/malwarebytes-news/2021/01/malwarebytes-targeted-by-nation-state-actor-implicated-in-solarwinds-breach-evidence-suggests-abuse-of-privileged-access-to-microsoft-office-365-and-azure-environments/

SolarWinds hack is quickly reshaping Congress’s cybersecurity agenda (18 jan) https://www.csoonline.com/article/3603519/solarwinds-hack-is-quickly-reshaping-congress-s-cybersecurity-agenda.html

Fourth malware strain discovered in SolarWinds incident (19 jan) https://www.zdnet.com/article/fourth-malware-strain-discovered-in-solarwinds-incident/

FireEye Releases New Open Source Tool in Response to SolarWinds Hack (19 jan) https://www.securityweek.com/fireeye-releases-new-open-source-tool-response-solarwinds-hack

Cybersecurity firm Malwarebytes was hacked by ‘Dark Halo,’ the same group that breached SolarWinds last year (19 jan) https://www.businessinsider.com/cybersecurity-firm-malwarebytes-was-breached-by-solarwinds-hackers-2021-1

Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop (20 jan) https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/

Microsoft Describes How SolarWinds Hackers Avoided Detection (21 jan) https://www.bankinfosecurity.com/microsoft-describes-how-solarwinds-hackers-avoided-detection-a-15824

Informationssäkerhet och blandat

Final call for girls to enter UK contest to find top codebreakers (18 jan) https://www.ncsc.gov.uk/news/cyberfirst-girls-competition-2021-registration .. https://www.ncsc.gov.uk/cyberfirst/girls-competition

Russian-speaking scammers tricking European shoppers using scam sites (20 jan) https://www.teiss.co.uk/russian-speaking-scammers-tricking-european-shoppers-using-scam-sites/

A Chinese hacking group is stealing airline passenger details (20 jan) https://www.zdnet.com/article/a-chinese-hacking-group-is-stealing-airline-passenger-details/

Cyberattack fears raise the alarm in Eastern European countries (20 jan) https://www.zdnet.com/article/cyberattack-fears-raise-the-alarm-in-eastern-european-countries/

Så funkar tvåfaktorsinloggning – slå på det genast (20 jan) https://techworld.idg.se/2.2524/1.693779/tvafaktorsinloggning

Altered Vaccine Data Exposes Critical Cyber Risks (21 jan) https://www.wsj.com/articles/altered-vaccine-data-exposes-critical-cyber-risks-11611225002

Företagsmail kapades – kunder uppmanades betala till utländskt konto (21 jan) https://sverigesradio.se/artikel/foretagsmail-kapades-kunder-uppmandes-betala-till-utlandskt-konto

Passwords stolen via phishing campaign available through Google search (21 jan) https://securityaffairs.co/wordpress/113705/hacking/phishing-stolen-pwd-google-search.html

Post-ransomware attack, Hackney Council wants to change its cybersecurity culture (21 jan) https://grahamcluley.com/post-ransomware-attack-hackney-council-wants-to-change-its-cybersecurity-culture/

Våg av cyberattacker mot sjukvården – uråldriga Windowsmaskiner en av orsakerna (22 jan) https://computersweden.idg.se/2.2683/1.745888/windows-attacker-varden

CERT-SE i veckan

Kritiska sårbarheter i Cisco-produkter

Kritiska sårbarheter i Oracle Weblogic utnyttjas aktivt

Genomgång av CERT-SE CTF2020