CERT-SE:s veckobrev v.11
På supporterns dag vill CERT-SE, som varje fredag, dela med sig av intressanta nyheter från veckan som gått. Vi hoppas att det kan vara ett stöd för er och tackar så mycket för allt stöd vi får från er. Veckans nyheter bjuder bland annat på angrepp och analyser, årsrapporter från SÄPO och FBI, samt några tips på hur man skyddar sig. Rafflande läsning! Sårbarheterna i Microsoft Exchange är fortfarande i höggrad aktuella och CERT-SE:s artikel har uppdaterats med bland annat verktyg som kan vara till användning vid hanteringen av dessa.
Trevlig helg önskar CERT-SE!
Nyheter i veckan
Magento 2 PHP Credit Card Skimmer Saves to JPG (10 mar) https://blog.sucuri.net/2021/03/magento-2-php-credit-card-skimmer-saves-to-jpg.html
Phishing sites now detect virtual machines to bypass detection (15 mar) https://www.bleepingcomputer.com/news/security/phishing-sites-now-detect-virtual-machines-to-bypass-detection/
UK Set to Boost Cybersecurity Operation (15 mar) https://www.bankinfosecurity.com/uk-set-to-boost-cybersecurity-operations-a-16181
Over 400 Cyberattacks at US Public Schools in 2020 (15 mar) https://www.govinfosecurity.com/over-400-cyberattacks-at-us-public-schools-in-2020-a-16183
Security ratings could raise the bar on cyber hygiene, but won’t stop the next SolarWinds (15 mar) https://www.scmagazine.com/home/government/security-labeling-could-raise-the-bar-on-cyber-hygiene-but-wont-stop-the-next-solarwinds/
WeLeakInfo Leaked Customer Payment Info (15 mar) https://krebsonsecurity.com/2021/03/weleakinfo-leaked-customer-payment-info/
Operation Diànxùn: Cyberespionage Campaign Targeting Telecommunication Companies (16 mar) https://www.mcafee.com/blogs/other-blogs/mcafee-labs/operation-dianxun-cyberespionage-campaign-targeting-telecommunication-companies
Latest Mirai Variant Targets SonicWall, D-Link and IoT Devices (16 mar) https://threatpost.com/mirai-variant-sonicwall-d-link-iot/164811/
Apple’s app transparency rules: Google’s privacy labels for Chrome and Search on iOS highlighted by DuckDuckGo (16 mar) https://www.theregister.com/2021/03/16/keep_scrolling_googles_privacy_labels/
Can We Stop Pretending SMS Is Secure Now? (16 mar) https://krebsonsecurity.com/2021/03/can-we-stop-pretending-sms-is-secure-now/
More than $4 billion in cybercrime losses reported to FBI in 2020 (17 mar) https://www.cyberscoop.com/fbi-ic3-cybercrime-4-billion-fraud/ .. Rapport: Internet Crime Report 2020 https://www.ic3.gov/Media/PDF/AnnualReport/2020_IC3Report.pdf
~4,300 publicly reachable servers are posing a new DDoS hazard to the Internet (17 mar) https://arstechnica.com/gadgets/2021/03/mainstream-ddosers-are-abusing-d-tls-servers-to-up-the-potency-of-attacks/
Mimecast Says SolarWinds Hackers Stole Source Code (17 mar) https://www.securityweek.com/mimecast-says-solarwinds-hackers-stole-source-code .. Incident Report (16 mar) https://www.mimecast.com/incident-report/
Polis sökte på släktingar i polisregister – straffas (17 mar) https://sverigesradio.se/artikel/polis-sokte-pa-slaktingar-i-polisens-datasystem-straffas
Polish State Websites Hacked and Used to Spread False Info (18 mar) https://www.securityweek.com/polish-state-websites-hacked-and-used-spread-false-info
Cyberangrepp mot kommunernas hemsidor (18 mar) https://www.expressen.se/gt/cyberangrepp-mot-kommunernas-hemsidor/
Telenors röstbrevlådor avlyssnade efter datorintrång (18 mar) https://feber.se/mobil/telenors-rostbrevlador-avlyssnade-efter-datorintrang/422719/ .. Bakom betalvägg: https://www.dn.se/ekonomi/attack-mot-telenor-rostbrevlador-har-avlyssnats/ https://www.dn.se/ekonomi/attack-mot-telenor-rostbrevlador-har-avlyssnats/
Chinese nation state hackers linked to Finnish Parliament hack (18 mar) https://www.bleepingcomputer.com/news/security/chinese-nation-state-hackers-linked-to-finnish-parliament-hack/
“Expert” hackers used 11 0-days to infect Windows, iOS, and Android users (18 mar) https://arstechnica.com/information-technology/2021/03/expert-hackers-used-11-zerodays-to-infect-windows-ios-and-android-users/
Facebook expands support for security keys to iOS and Android (18 mar) https://www.zdnet.com/article/facebook-expands-support-for-security-keys-to-ios-and-android/
Mejlaffären växer – pekas ut som säkerhetshot (19 mar) https://www.aftonbladet.se/nyheter/a/rg5L6R/mejlaffaren-vaxer–pekas-ut-som-sakerhetshot
Informationssäkerhet och blandat
A Spectre proof-of-concept for a Spectre-proof web (12 mar) https://security.googleblog.com/2021/03/a-spectre-proof-of-concept-for-spectre.html
Security Analysis of Apple’s “Find My…” Protocol (15 mar) https://www.schneier.com/blog/archives/2021/03/security-analysis-of-apples-find-my-protocol.html
Datagram Transport Layer Security (D/TLS) Reflection/Amplification DDoS Attack Mitigation Recommendations (16 mar) https://www.netscout.com/blog/asert/datagram-transport-layer-security-dtls-reflectionamplification
Ransomware: How to make sure backups are ready for a real attack (16 mar) https://www.networkworld.com/article/3611808/ransomware-how-to-make-sure-backups-are-ready-for-a-real-attack.html
Strukturera hotinformation i cyberdomänen med OpenCTI (18 mar) https://www.cstromblad.com/2021/03/strukturera-hotinformation-i-cyberdomanen-med-opencti/
Säkerhetspolisen 2020 https://www.sakerhetspolisen.se/publikationer/om-sakerhetspolisen/sakerhetspolisen-2020.html
CERT-SE i veckan
BM21-001, BM21-002: Sårbara Microsoft Exchange-servrar (uppdat. …, 2021-03-18, 2021-03-19)