Som du ser är vår webbplats inte anpassad för äldre webbläsare. Vi rekommenderar att du uppgraderar till en nyare webbläsare.
!!

Vi söker junior IT-säkerhetsspecialist och deskmedarbetare hos CERT-SE, centrala roller i arbetet med att utveckla Sveriges förmåga att hantera it-incidenter. Sista ansökningsdag är den 8 augusti.

Publicerad - Veckobrev

CERT-SE:s veckobrev v.16

Lite gott och blandat nyhetssvep denna vecka ... lite giga-läckage av personuppgifter möts upp med en artikel på informationssakerhet.se med goda råd om känslig information i sociala medier. Läs om både malware som skräpar ner och om dåligheter som städas bort.

Trevlig helg!

Nyheter i veckan

Cyber-attackers hold PN to ransom with major data leak threat (20 apr)
https://timesofmalta.com/articles/view/cyber-attackers-hold-pn-to-ransom-with-major-data-leak-threat.865968

Lazarus hacking group now hides payloads in BMP image files (20 apr)
https://www.zdnet.com/article/lazarus-state-hacking-group-now-hides-payloads-in-bmp-image-files/

Malware authors are creating fake Microsoft Store pages (20 apr)
https://mspoweruser.com/malware-authors-are-creating-fake-microsoft-stores/

REvil gang tries to extort Apple, threatens to sell stolen blueprints (20 apr)
https://www.bleepingcomputer.com/news/security/revil-gang-tries-to-extort-apple-threatens-to-sell-stolen-blueprints/

US Takes Steps to Protect Electric System From Cyberattacks (20 apr)
https://www.securityweek.com/us-takes-steps-protect-electric-system-cyberattacks

Time is running out to probe networks for Emotet (21 apr)
https://www.computerweekly.com/news/252499624/Time-is-running-out-to-probe-networks-for-Emotet

China-linked hackers used VPN flaw to target U.S. defense industry -researchers (21 apr)
https://www.reuters.com/technology/china-linked-hackers-used-pulse-secure-flaw-target-us-defense-industry-2021-04-20/

Exploiting vulnerabilities in Cellebrite UFED and Physical Analyzer from an app's perspective (21 apr)
https://signal.org/blog/cellebrite-vulnerabilities/

Nearly half of malware now use TLS to conceal communications (21 apr)
https://news.sophos.com/en-us/2021/04/21/nearly-half-of-malware-now-use-tls-to-conceal-communications/

University duo thought it would be cool to sneak bad code into Linux as an experiment. Of course, it absolutely backfired (21 apr)
https://www.theregister.com/2021/04/21/minnesota_linux_kernel_flaws_update/?

Brace yourselves. Facebook has a new mega-leak on its hands (21 apr)
https://arstechnica.com/gadgets/2021/04/tool-links-email-addresses-to-facebook-accounts-at-scale/

PTS om Huawei: En latent säkerhetsrisk (21 apr)
https://tt.omni.se/pts-om-huawei-en-latent-sakerhetsrisk/a/2d7X9r

Malware and ransomware gangs have found this new way to cover their tracks (22 apr)
https://www.zdnet.com/article/malware-and-ransomware-gangs-have-found-this-new-way-to-cover-their-tracks/

Now this botnet is hunting for unpatched Microsoft Exchange servers (22 apr)
https://www.zdnet.com/article/now-this-botnet-is-hunting-for-unpatched-microsoft-exchange-servers/

Informationssäkerhet och blandat

Stora mängder personlig information är på vift (14 apr)
https://www.informationssakerhet.se/nyheter/stora-mangder-personlig-information-ar-pa-vift/

Sverige vinnare i världens största cyberförsvarsövning (19 apr)
https://www.msb.se/sv/aktuellt/nyheter/2021/april/sverige-vinnare-i-varldens-storsta-cyberforsvarsovning/

FIDO Alliance Creates New Onboarding Standard To Secure Internet of Things (IoT) (20 apr)
https://fidoalliance.org/fido-alliance-creates-new-onboarding-standard-to-secure-internet-of-things-iot/

And the Award for Most Popular Movie Used in Passwords Goes to… (20 apr)
https://specopssoft.com/blog/most-popular-movie-used-in-passwords/

We need to talk about criminal adversaries who want you to eat undercooked onion rings (20 apr)
https://www.theregister.com/2021/04/20/cisco_talos_corosi_fryer_flaws/
..
Vulnerability Spotlight: Remote code execution vulnerabilities in Cosori smart air fryer (19 apr)
https://blog.talosintelligence.com/2021/04/vuln-spotlight-co.html

Konspirationsteorier i fokus i ny studie från MSB (21 apr)
https://www.msb.se/sv/aktuellt/nyheter/2021/april/konspirationsteorier-i-fokus-i-ny-studie-fran-msb/

Gymnasieelev i Lund fuskade på prov – döms för dataintrång (22 apr)
https://www.svt.se/nyheter/lokalt/skane/gymnasieelev-i-lund-doms-efter-att

MI5 warns of thousands of attempts to spy on civil servants via ‘malicious’ online profiles (22 apr)
https://www.publictechnology.net/articles/news/mi5-warns-thousands-attempts-spy-civil-servants-%E2%80%98malicious%E2%80%99-online-profiles

Issue 6: Findings from 2H 2020 | Netscout Threat Intelligence Report | DDoS in a Time of Pandemic
https://www.netscout.com/threatreport

The World’s Largest Hacking Conferences Are Back IRL This Summer
https://www.vice.com/en/article/n7bwbb/def-con-black-hat-hacking-conferences-las-vegas-2021

CERT-SE i veckan

Tre zero day-sårbarheter i Sonicwall Email Security

Oracles kvartalsvisa säkerhetsuppdatering för april 2021

Kritisk sårbarhet i Pulse Connect Secure