CERT-SE:s veckobrev v.10
Följderna av sårbarheten i Microsoft Exchange Server är fortsatt mycket allvarliga, se till att uppdatera och undersöka era system omgående. Vi har en hel del information om sårbarheten bland veckans länkar, så se till att ta del av den informationen, plus allt annat som rapporteras om den här veckan. Trevlig helg önskar CERT-SE!
Nyheter i veckan
Google’s FLoC Is a Terrible Idea (3 mar) https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea
Three Top Russian Cybercrime Forums Hacked (4 mar) https://krebsonsecurity.com/2021/03/three-top-russian-cybercrime-forums-hacked/
Ransomware har blivit en mångmiljardindustri visar ny analys (5 mar) https://computersweden.idg.se/2.2683/1.747864/ransomware-ar-nu-en-mangmiljardindustri
SolarWinds: “IT’s Pearl Harbor.” (5 mar) https://www.idginsiderpro.com/article/3609889/solarwinds-its-pearl-harbor.html
A new type of supply-chain attack with serious consequences is flourishing (6 mar) https://arstechnica.com/gadgets/2021/03/more-top-tier-companies-targeted-by-new-type-of-potentially-serious-attack/
Ransomware Gang Threatens To Launch DDoS Attacks, Call Reporters and Business Partners (7 mar) https://therecord.media/ransomware-gang-threatens-to-launch-ddos-attacks-call-reporters-and-business-partners/
Hacking Digitally Signed PDF Files (8 mar) https://www.schneier.com/blog/archives/2021/03/hacking-digitally-signed-pdf-files.html
Intel, DoD start sprint to make homomorphic encryption ready for real (8 mar) https://www.scmagazine.com/home/security-news/encryption-data-security/intel-dod-start-sprint-to-make-homomorphic-encryption-ready-for-real/
Introducing ThreatFox (8 mar) https://abuse.ch/blog/introducing-threatfox/
Bazar Drops the Anchor (8 mar) https://thedfirreport.com/2021/03/08/bazar-drops-the-anchor/
Chinese hackers targeted SolarWinds customers in parallel with Russian op (9 mar) https://arstechnica.com/gadgets/2021/03/chinese-hackers-targeted-solarwinds-customers-in-parallel-with-russian-op/
Only 12% of enterprises have fully embraced SASE (9 mar) https://www.helpnetsecurity.com/2021/03/09/sase-adoption/
Linux Foundation Debuts Sigstore Project for Software Signing (9 mar) https://www.darkreading.com/application-security/linux-foundation-debuts-sigstore-project-for-software-signing/d/d-id/1340360
Spanish government falls victim to Ryuk ransomware attack (10 mar) https://therecord.media/spanish-government-falls-victim-to-ryuk-ransomware-attack/
New Linux Backdoor RedXOR Likely Operated by Chinese Nation-State Actor (10 mar) https://www.intezer.com/blog/malware-analysis/new-linux-backdoor-redxor-likely-operated-by-chinese-nation-state-actor/
SharpRDP - PSExec without PSExec, PSRemoting without PowerShell (10 mar) https://isc.sans.edu/forums/diary/SharpRDP+PSExec+without+PSExec+PSRemoting+without+PowerShell/27188/
European Police Pounce After Cracking Crime Chat Network (10 mar) https://www.securityweek.com/european-police-pounce-after-cracking-crime-chat-network
3.6 million websites taken offline after fire at OVH datacenters (10 mar) https://news.netcraft.com/archives/2021/03/10/ovh-fire.html .. Giant Datacenter Fire Takes Down Government Hacking Infrastructure (10 mar) https://www.vice.com/en/article/3an9wb/ovh-datacenter-fire-takes-down-government-hacking-infrastructure .. Brand i datacenter slog ut delar av hackares infrastruktur (12 mar) https://computersweden.idg.se/2.2683/1.748135/brand-i-datacenter-ovhcloud
After Emotet takedown, Trickbot roars up threat charts (11 mar) https://www.computerweekly.com/news/252497657/After-Emotet-takedown-Trickbot-roars-up-threat-charts
Över 700 myndighetskontor i Spanien nedtagna av ransomware (11 mar) https://techworld.idg.se/2.2524/1.748066/myndighetskontor-i-spanien-ransomware-ryuk
Fast Random Bit Generation (11 mar) https://www.schneier.com/blog/archives/2021/03/fast-random-bit-generation.html
Chinese Hackers Attack Indian Vaccine Makers (11 mar) https://visiontimes.com/2021/03/11/chinese-hackers-attack-indian-vaccine-makers.html
5 common VPN myths busted (11 mar) https://blog.malwarebytes.com/awareness/2021/03/5-common-vpn-myths-busted/
This malware was written in an unusual programming language to stop it from being detected (11 mar) https://www.zdnet.com/article/this-malware-was-written-in-an-unusual-programming-language-to-stop-it-from-being-detected/
Microsoft Exchange
Hackers Exploit Exchange Flaws to Target Local Governments (5 mar) https://www.bankinfosecurity.com/hackers-exploit-exchange-flaws-to-target-local-governments-a-16125
At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software (5 mar) https://krebsonsecurity.com/2021/03/at-least-30000-u-s-organizations-newly-hacked-via-holes-in-microsofts-email-software/
Tiotusentals drabbade av ny hackerattack (6 mar) https://sverigesradio.se/artikel/tiotusentals-drabbade-av-ny-hackerattack
Tens of thousands of US organizations hit in ongoing Microsoft Exchange hack (6 mar) https://arstechnica.com/gadgets/2021/03/tens-of-thousands-of-us-organizations-hit-in-ongoing-microsoft-exchange-hack/
Microsoft’s MSERT tool now finds web shells from Exchange Server attacks (7 mar) https://www.bleepingcomputer.com/news/security/microsofts-msert-tool-now-finds-web-shells-from-exchange-server-attacks/
A Basic Timeline of the Exchange Mass-Hack (8 mar) https://krebsonsecurity.com/2021/03/a-basic-timeline-of-the-exchange-mass-hack/Microsoft släpper verktyg som kollar om Exchange-servrar är hackade (8 mar) https://techworld.idg.se/2.2524/1.747946/microsoft-powershell-test-proxylogon
European Banking Authority hit by Microsoft Exchange hack (9 mar) https://www.bbc.com/news/technology-56321567 .. https://www.eba.europa.eu/cyber-attack-european-banking-authority
Criminal hacking groups piling on to escalating Microsoft Exchange crisis (9 mar) https://appleinsider.com/articles/21/03/09/criminal-hacking-groups-piling-on-to-escalating-microsoft-exchange-crisis
Microsoft Exchange server exploitation: how to detect, mitigate, and stay calm (9 mar) https://redcanary.com/blog/microsoft-exchange-attacks/
Reproducing the Microsoft Exchange Proxylogon Exploit Chain (9 mar) https://www.praetorian.com/blog/reproducing-proxylogon-exploit/
Warning the World of a Ticking Time Bomb (9 mar) https://krebsonsecurity.com/2021/03/warning-the-world-of-a-ticking-time-bomb/
The Microsoft Exchange Server mega-hack – what you need to know (9 mar) https://hotforsecurity.bitdefender.com/blog/the-microsoft-exchange-server-mega-hack-what-you-need-to-know-25442.html
Bollnäs och Ovanåkers kommuner har utsatts för dataintrång (9 mar) https://sverigesradio.se/artikel/bollnas-kommun-har-utsatts-for-dataintrang .. Ingen upptäckte dataintrång i kommunservrar innan Microsoft larmade (10 mar) https://sverigesradio.se/artikel/ingen-upptackte-dataintrang-i-kommunservrar-innan-microsoft-larmade
Stortinget utsatt for IT-angrep (10 mar) https://www.stortinget.no/no/Hva-skjer-pa-Stortinget/Nyhetsarkiv/Pressemeldingsarkiv/2020-2021/stortinget-utsatt-for-it-angrep/ .. Norges riksdag utsatt för it-angrepp – igen (10 mar) https://www.dn.se/varlden/norges-riksdag-utsatt-for-it-angrepp-igen/ .. Norway parliament data stolen in Microsoft Exchange attack (10 mar) https://www.bleepingcomputer.com/news/security/norway-parliament-data-stolen-in-microsoft-exchange-attack/
More hacking groups join Microsoft Exchange attack frenzy (10 mar) https://www.bleepingcomputer.com/news/security/more-hacking-groups-join-microsoft-exchange-attack-frenzy/
PoC released for Microsoft Exchange ProxyLogon vulnerabilities (10 mar) https://therecord.media/poc-released-for-microsoft-exchange-proxylogon-vulnerabilities/
There’s a vexing mystery surrounding the 0-day attacks on Exchange servers (11 mar) https://arstechnica.com/gadgets/2021/03/security-unicorn-exchange-server-0-days-were-exploited-by-6-apts/
Ransomware now attacks Microsoft Exchange servers with ProxyLogon exploits (11 mar) https://www.bleepingcomputer.com/news/security/ransomware-now-attacks-microsoft-exchange-servers-with-proxylogon-exploits/
Minst 30 organisationer i Finland har råkat ut för dataintrång – ovanligt allvarligt säkerhetshål i Microsofts e-postserver (12 mar) https://svenska.yle.fi/artikel/2021/03/12/minst-30-organisationer-i-finland-har-rakat-ut-for-dataintrang-ovanligt
Microsoft’s GitHub under fire after disappearing proof-of-concept exploit for critical Microsoft Exchange vulnerabilities (12 mar) https://www.theregister.com/2021/03/12/github_disappears_exploit/
Informationssäkerhet och blandat
Hackers Just Looted Passenger Data From Some of the World’s Biggest Airlines (5 mar) https://gizmodo.com/hackers-just-looted-passenger-data-from-some-of-the-wor-1846417692
Cyberattack shuts down online learning at 15 UK schools (5 mar) https://www.zdnet.com/article/cyberattack-shuts-down-online-learning-at-15-uk-schools/
The Humanity and Evolution of Cyber (7 mar) https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/humanity-and-evolution-of-cyber/
Allt vanligare att privatpersoner utpressas med stulna uppgifter (8 mar) https://www.tv4.se/artikel/4X9UbYNQRQ324PYv16X6O0/allt-vanligare-att-privatpersoner-utpressas-med-stulna-uppgifter
Cybersecurity in 2021: Stopping the madness (8 mar) https://www.csoonline.com/article/3610369/cybersecurity-in-2021-stopping-the-madness.html
Airline passenger data breached following “highly sophisticated attack” (8 mar) https://grahamcluley.com/airline-passenger-data-breached-following-highly-sophisticated-attack/
We can attract more women by busting the ‘hoodie’ stereotype (8 mar) https://www.scmagazine.com/perspectives/we-can-attract-more-women-by-busting-the-hoodie-stereotype/
Disruptions at Pan-American Life Likely Caused by Ransomware Attack (8 mar) https://www.securityweek.com/disruptions-pan-american-life-likely-caused-ransomware-attack
University of the Highlands and Islands shuts down campuses as it deals with ‘ongoing cyber incident’ (8 mar) https://www.theregister.com/2021/03/08/uni_highlands_islands_cyber_incident/
49% of female cybersecurity pros say the pandemic had a positive impact on their career (9 mar) https://www.helpnetsecurity.com/2021/03/09/female-cybersecurity-pros-career-impact/
Serious Security: Webshells explained in the aftermath of HAFNIUM attacks (9 mar) https://nakedsecurity.sophos.com/2021/03/09/serious-security-webshells-explained-in-the-aftermath-of-hafnium-attacks/
Falska AIS-spår som utger sig för att vara Försvarsmaktens fartyg (9 mar) https://www.forsvarsmakten.se/sv/organisation/hogkvarteret/#!/notice/falska-ais-spar-som-utger-sig-for-att-vara-forsvarsmaktens-fartyg
Vårdcentral anmäld – patientuppgifter publicerades på Tiktok (9 mar) https://www.dn.se/sthlm/vardcentral-anmald-patientuppgifter-publicerades-pa-tiktok/
On Not Fixing Old Vulnerabilities (9 mar) https://www.schneier.com/blog/archives/2021/03/on-not-fixing-old-vulnerabilities.html
Hackers breach thousands of security cameras, exposing Tesla, jails, hospitals (10 mar) https://www.bnnbloomberg.ca/hackers-break-into-thousands-of-security-cameras-exposing-tesla-jails-hospitals-1.1574681
Nu har Joe Biden utsett en cio för hela USA (10 mar) https://computersweden.idg.se/2.2683/1.748033/clare-martorana-usa-cio
The Impact of COVID-19 on Cybersecurity Strategies (10 mar) https://www.bankinfosecurity.com/impact-covid-19-on-cybersecurity-strategies-a-16160
Molson Coors Beer Operations Halted by Hack (11 mar) https://www.darkreading.com/attacks-breaches/molson-coors-beer-operations-halted-by-hack/d/d-id/1340382
Metadata Left in Security Agency PDFs (12 mar) https://www.schneier.com/blog/archives/2021/03/metadata-left-in-security-agency-pdfs.html
CERT-SE i veckan
Kritiska sårbarheter i F5 Networks BIG-IP