CERT-SE:s veckobrev v.12

Veckobrev

Ännu en arbetsvecka till ända och nu stundar sommartiden. Veckans lästips omfattar ransomware, dataintrång, uppdateringar om SolarWinds- och Exchange-attackerna och säkerhetsbrister i framtidens smarta städer. Glöm nu inte att ställa fram grillen (och klockan) på söndag. Trevlig helg önskar CERT-SE!

Nyheter i veckan

Attackers are trying awfully hard to backdoor iOS developers’ Macs (18 mar) https://arstechnica.com/gadgets/2021/03/attackers-are-trying-awfully-hard-to-backdoor-ios-developers-macs/

The Peculiar Ransomware Piggybacking Off of China’s Big Hack (21 mar) https://www.wired.com/story/dearcry-ransomware-exchange-server-china-hack/

Acer reportedly targeted with $50 million ransomware attack (22 mar) https://www.zdnet.com/article/acer-reportedly-targeted-with-50-million-ransomware-attack/

Cybercriminals capitalizing on our reliance on the cloud (22 mar) https://www.helpnetsecurity.com/2021/03/22/cyberattacks-on-cloud-environments/

Microsoft Exchange Server attacks: ‘They’re being hacked faster than we can count’, says security company (22 mar) https://www.zdnet.com/article/microsoft-exchange-server-attacks-theyre-being-hacked-faster-than-we-can-count-says-security-company/

Researchers Raise Alarm for F5 BIG-IP Malware Attacks (22 mar) https://www.securityweek.com/researchers-raise-alarm-f5-big-ip-malware-attacks

Energy giant Shell discloses data breach after Accellion hack (22 mar) https://www.bleepingcomputer.com/news/security/energy-giant-shell-discloses-data-breach-after-accellion-hack/

Microsoft Exchange servers now targeted by Black Kingdom ransomware (22 mar) https://www.bleepingcomputer.com/news/security/microsoft-exchange-servers-now-targeted-by-black-kingdom-ransomware/

Ransomware gang says it targets firms who have cyber insurance (22 mar) https://grahamcluley.com/ransomware-gang-says-it-targets-firms-with-cyber-insurance/

Swiss Firm Says It Accessed SolarWinds Attackers’ Servers (22 mar) https://www.bankinfosecurity.com/swiss-firm-says-accessed-solarwinds-attackers-servers-a-16243

How to Use DNS History for Cybersecurity (22 mar) https://latesthackingnews.com/2021/03/22/how-to-use-dns-history-for-cybersecurity/

House to Confront Tech CEOs Over Online Spread of False Info (22 mar) https://news.bloomberglaw.com/tech-and-telecom-law/house-to-confront-tech-ceos-over-online-spread-of-false-info

Thousands of Exchange servers breached prior to patching, CISA boss says (22 mar) https://www.cyberscoop.com/brandon-wales-exchange-server-patch-dhs/

Lazarus Attack Activities Targeting Japan (VSingle/ValeforBeta) (22 mar) https://blogs.jpcert.or.jp/en/2021/03/Lazarus_malware3.html

Don’t Lose the Nim Game (23 mar) https://redskyalliance.org/xindustry/don-t-lose-the-nim-game

New DDoS attack vector discovered in DCCP protocol (23 mar) https://therecord.media/new-ddos-attack-vector-discovered-in-dccp-protocol/

Microsoft Exchange servers targeted by second ransomware group (23 mar) https://therecord.media/microsoft-exchange-servers-targeted-by-second-ransomware-group/

Black Kingdom ransomware begins appearing on Exchange servers (23 mar) https://news.sophos.com/en-us/2021/03/23/black-kingdom/

Mamba Ransomware Weaponizing DiskCryptor (23 mar) https://www.ic3.gov/Media/News/2021/210323.pdf

UK colleges and unis urged to prepare for ransomware before it’s too late (23 mar) https://www.theregister.com/2021/03/23/ransomware_targeting_education_ncsc_warning/ .. https://www.ic3.gov/Media/News/2021/210316.pdf

Accellion Supply Chain Hack (23 mar) https://www.schneier.com/blog/archives/2021/03/accellion-supply-chain-hack.html

Firefox 87 introduces SmartBlock for Private Browsing (23 mar) https://blog.mozilla.org/security/2021/03/23/introducing-smartblock/

Purple Fox Rootkit Now Propagates as a Worm (23 mar) https://www.guardicore.com/labs/purple-fox-rootkit-now-propagates-as-a-worm/

Purple Fox malware evolves to propagate across Windows machines (24 mar) https://www.zdnet.com/article/purple-fox-malware-evolves-to-propagate-across-windows-machines/

Nytt botnät riktar in sig på datorer med svaga lösenord (24 mar) https://computersweden.idg.se/2.2683/1.748612/nytt-botnat-riktar-in-sig-pa-datorer-med-svaga-losenord

REvil Ransomware Can Now Reboot Infected Devices (24 mar) https://www.bankinfosecurity.com/revil-ransomware-now-reboot-infected-devices-a-16259

Ransomware on the Rise: How to Keep You & Your Company Safe (24 mar) https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/ransomware-on-the-rise-how-to-keep-your-company-safe/

Microsoft: 92% of vulnerable Exchange servers are now patched, mitigated (24 mar) https://www.zdnet.com/article/microsoft-92-of-vulnerable-exchange-servers-are-now-patched-mitigated/

Ransomware gang leaks data from US military contractor the PDI Group (25 mar) https://therecord.media/ransomware-gang-leaks-data-from-us-military-contractor-the-pdi-group/

NSA director says U.S. has a ‘blind spot’ for detecting attacks like SolarWinds, Microsoft Exchange (25 mar) https://therecord.media/nsa-director-says-u-s-has-a-blind-spot-for-detecting-attacks-like-solarwinds-microsoft-exchange/

University of Northampton ‘severely impacted’ by cyber attack (25 mar) https://www.computing.co.uk/news/4028997/university-northampton-severely-impacted-cyber-attack

Insurance giant CNA hit by new Phoenix CryptoLocker ransomware (25 mar) https://www.bleepingcomputer.com/news/security/insurance-giant-cna-hit-by-new-phoenix-cryptolocker-ransomware/

Informationssäkerhet och blandat

Survey finds alert systems and video surveillance are riskiest ‘smart city’ technologies (18 mar) https://statescoop.com/survey-finds-alert-systems-and-video-surveillance-are-riskiest-smart-city-technologies/ .. https://cltc.berkeley.edu/wp-content/uploads/2021/03/Smart_City_Cybersecurity.pdf

One Year Later: Overcoming the Cybersecurity Challenges of a Remote Workforce (19 mar) https://www.eweek.com/news/one-year-later-overcoming-the-cybersecurity-challenges-of-a-remote-workforce/

When & How to Report Security Incidents (22 mar) https://www.enisa.europa.eu/news/enisa-news/when-how-to-report-security-incidents

Cybersecurity researcher reveals Lazarus hacking technique (22 mar) https://www.neowin.net/news/cybersecurity-researcher-reveals-lazarus-hacking-technique/

Energy giant Shell discloses data breach after Accellion hack (22 mar) https://www.bleepingcomputer.com/news/security/energy-giant-shell-discloses-data-breach-after-accellion-hack/ .. Oil giant Shell discloses data breach linked to Accellion FTA vulnerability (23 mar) https://www.zdnet.com/article/oil-giant-shell-discloses-data-breach-linked-to-accellion-fta-vulnerability/ .. Shell drabbat av dataintrång – hackare tog sig in i filöverföringstjänst (23 mar) https://techworld.idg.se/2.2524/1.748564/shell-drabbat-av-dataintrang

Does Integrating Physical Security and Information Security Make Sense? (23 mar) https://www.sans.org/blog/newsbites-drilldown-for-the-week-ending-19-march-2021/

Polis döms för dataintrång (23 mar) https://norrahalland.se/polis-gjorde-forbjuden-it-kontroll-fick-sparken/

Data of 6.5 million Israeli citizens online (23 mar) https://therecord.media/data-of-6-5-million-israeli-citizens-leaks-online/

150,000 Security Cameras Hacked Because of One Password (24 mar) https://www.crn.in/work-from-anywhere/150000-security-cameras-hacked-because-of-one-password/

Cybersecurity awareness is too often a part-time effort (24 mar) https://www.helpnetsecurity.com/2021/03/24/cybersecurity-awareness-effort/

Lurar till sig inloggningsuppgifter – flera äldre drabbade (24 mar) https://sverigesradio.se/artikel/lurar-till-sig-aldres-inloggningsuppgifter-flera-fall-i-sormland

How to combat the security challenges of a remote workforce (24 mar) https://www.techrepublic.com/article/how-to-combat-the-security-challenges-of-a-remote-workforce/

You’ve learned a lot over the past year – and so have the cyber-criminals hiding in your systems (24 mar) https://www.theregister.com/2021/03/24/youve_learned_a_lot_over/

Data for 7.3 million Dutch car owners sold on hacking forum (25 mar) https://therecord.media/data-for-7-3-million-dutch-car-owners-sold-on-hacking-forum/

Knivsta kommun hackad – spåren leder till Kina (25 mar) https://www.svt.se/nyheter/lokalt/uppsala/knivsta-kommun-hackad-information-om-alla-anstallda-har-lackt-sparen-leder-till-kina

Sjuksköterska i Kiruna döms för dataintrång – tittade i sex patientjournaler (25 mar) https://sverigesradio.se/artikel/sjukskoterska-i-kiruna-doms-for-dataintrang-tittade-i-sex-patientjournaler

CERT-SE i veckan

BM21-001, BM21-002: Sårbara Microsoft Exchange-servrar (uppdat. …, 2021-03-19, 2021-03-26)

Flera sårbarheter i Cisco Jabber