CERT-SE:s veckobrev v.4

I veckan har många rapporterat att överbelastningsattacker i utpressningssyfte verkar bli vanligare. Även rapporteringen om SolarWinds fortsätter och det skrivs om diverse angrepp, bristande tillgänglighet och läckor.

En nyhet lyser däremot upp i vintermörkret, ett internationellt koordinerat tillslag mot Emotet har tagit kontroll över botnätets infrastruktur.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Länsstyrelsen varnar för nätfiskeattack (22 jan) https://sverigesradio.se/artikel/lansstyrelsen-varnar-for-natfiskeattack

Fraudsters Are Using Google Forms to Evade Email Filters (23 jan) https://www.govinfosecurity.com/fraudsters-are-using-google-forms-to-evade-email-filters-a-15833

Cybersecurity firm identifies third SolarWinds hack malware strain (23 jan) https://fntalk.com/tech/cybersecurity-firm-identifies-third-solarwinds-hack-malware-strain/

Flash Is Dead—but Not Gone (24 jan) https://www.wired.com/story/zombie-flash-security-problems/

Chipmaker Intel reveals that an internal error caused a data leak (24 jan) https://securityaffairs.co/wordpress/113794/data-breach/intel-data-leak-2.html

New campaign targeting security researchers (25 jan) https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/

Cryptomining DreamBus botnet targets Linux servers (25 jan) https://securityaffairs.co/wordpress/113832/malware/dreambus-botnet-linux-servers.html

Anställd misstänks för dataintrång (25 jan) https://sverigesradio.se/artikel/anstalld-misstanks-for-dataintrang

Leading crane maker Palfinger hit in global cyberattack (25 jan) https://www.bleepingcomputer.com/news/security/leading-crane-maker-palfinger-hit-in-global-cyberattack/

TikTok fixes privacy issue discovered by Check Point Research (26 jan) https://blog.checkpoint.com/2021/01/26/tiktok-fixes-privacy-issue-discovered-by-check-point-research/

Nefilim Ransomware Attack Uses “Ghost” Credentials (26 jan) https://news.sophos.com/en-us/2021/01/26/nefilim-ransomware-attack-uses-ghost-credentials/

SolarWinds: Issues due to revoked code-signing certificates (26 jan) https://support.solarwinds.com/SuccessCenter/s/article/SolarWinds-Issues-due-to-revoked-code-signing-certificates

Cybersecurity investments will increase up to 10% in 2021 (26 jan) https://www.helpnetsecurity.com/2021/01/26/cybersecurity-investments-2021/

PART I: Retrospective 2020: DDoS Was Back – Bigger and Badder Than Ever Before (26 jan) https://blogs.akamai.com/2021/01/part-i-retrospective-2020-ddos-was-back-bigger-and-badder-than-ever-before.html .. DDoS attacks: Big rise in threats to overload business networks (28 jan) https://www.zdnet.com/article/ddos-attacks-big-rise-in-threats-to-overload-business-networks/ .. Ransom-related DDoS attacks see major increase (29 jan) https://www.techradar.com/news/ransom-related-ddos-attacks-see-major-increase

Fidelis, Mimecast, Palo Alto Networks, Qualys also impacted by SolarWinds hack (26 jan) https://securityaffairs.co/wordpress/113893/security/solarwinds-hack-security-providers.html

Efter två dagars teknikstrul - fortfarande problem med Swedbanks tjänster (27 jan) https://www.svt.se/nyheter/inrikes/swedbanks-tjanster-fungerar-igen-hade-problem-i-tva-dygn

World’s most dangerous malware EMOTET disrupted through global action (27 jan) https://www.europol.europa.eu/newsroom/news/world%E2%80%99s-most-dangerous-malware-emotet-disrupted-through-global-action

Obehöriga tog sig in i digitalt klassrum – visade porr (27 jan) https://www.svt.se/nyheter/lokalt/vastmanland/obehoriga-tog-sig-in-i-klassrummet-i-koping-visade-porr

‘Lebanese Cedar’ APT (28 jan) https://www.clearskysec.com/cedar/

Swish fungerar igen (29 jan) https://www.svt.se/nyheter/inrikes/swish-ligger-nere-2

Informationssäkerhet och blandat

The SolarWinds Hack March to June (22 jan) https://newsessentials.wordpress.com/2021/01/22/the-solarwinds-hack-march-to-june/

Vd:n om utpressningsattacken: Trodde vi var säkra (25 jan) https://www.gp.se/ekonomi/vd-n-om-utpressningsattacken-trodde-vi-var-s%C3%A4kra-1.40169529

Ghidra 101: Decoding Stack Strings (26 jan) https://www.tripwire.com/state-of-security/security-data-protection/ghidra-101-decoding-stack-strings/

How vulnerable is your IP telephony? (26 jan) https://www.archynewsy.com/how-vulnerable-is-your-ip-telephony/

CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit) (26 jan) https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit

Hur angeläget är dataskyddsarbetet år 2021? (28 jan) https://www.mynewsdesk.com/se/mum-consulting/news/hur-angelaeget-aer-dataskyddsarbetet-aar-2021-419929

Update your Privacy Settings https://staysafeonline.org/stay-safe-online/managing-your-privacy/manage-privacy-settings/

CERT-SE i veckan

Sårbarhet i sudo

Januari 2021: Ökning av bedrägliga mejl som utnyttjar Covid-19

Zero day-sårbarhet påverkar Sonicwall-produkter