CERT-SE:s veckobrev v.17
Denna veckan har det skrivits mycket om ransomware, men även deepfake, Emotet, intrång och en del annat. Var uppmärksamma på sms om leveranser ni inte förväntat er. Mer information finns i CERT-SE:s publicering Paketleverans-SMS sprider ‘FluBot’.
Trevlig valborg!
Nyheter i veckan
Argentine version of Google falls into “wrong” hands leading to search engine’s temporary collapse (22 apr) https://en.mercopress.com/2021/04/22/argentine-version-of-google-falls-into-wrong-hands-leading-to-search-engine-s-temporary-collapse
Turning Telegram toxic: ‘ToxicEye’ RAT is the latest to use Telegram for command & control (22 apr) https://blog.checkpoint.com/2021/04/22/turning-telegram-toxic-new-toxiceye-rat-is-the-latest-to-use-telegram-for-command-control/
Ransomware’s perfect target: Why one industry needs to improve cybersecurity, before it’s too late (23 apr) https://www.zdnet.com/article/ransomwares-perfect-target-why-one-industry-needs-to-improve-cybersecurity-before-its-too-late/
Dutch MPs in video conference with deep fake imitation of Navalny’s Chief of Staff (24 apr) https://nltimes.nl/2021/04/24/dutch-mps-video-conference-deep-fake-imitation-navalnys-chief-staff .. ”Deepfake” lurade tunga politiker i videosamtal (28 apr) https://www.svd.se/politiker-blev-lurade-med-deepfake-i-videosamtal
Passwordstate breach pushes malicious update to password manager (25 apr) https://www.slashgear.com/passwordstate-breach-pushes-malicious-update-to-password-manager-25670346/
Emotet malware self-destructs after cops deliver time-bomb DLL to infected Windows PCs (26 apr) https://www.theregister.com/2021/04/26/emotet_sunday_25_april_killswitch_date/
Ransomwarekostnader i världen skenar – men inte i Sverige (26 apr) https://computersweden.idg.se/2.2683/1.750118/ransomwarekostnader-i-varlden-skenar–men-inte-i-sverige .. Rapport:A Sophos Whitepaper. April 2021The State of Ransomware 2021 https://secure2.sophos.com/en-us/medialibrary/pdfs/whitepaper/sophos-state-of-ransomware-2021-wp.pdf
This password-stealing Android malware is spreading quickly: Here’s what to watch out for (26 apr) https://www.zdnet.com/article/this-password-stealing-android-malware-is-spreading-quickly-heres-watch-to-watch-out-for/ .. Despite arrests in Spain, FluBot operations explode across Europe and Japan (26 apr) https://therecord.media/despite-arrests-in-spain-flubot-operations-explode-across-europe-and-japan/
Apple AirDrop security flaw exposes phone numbers and email address to nearby strangers (26 apr) https://www.pocket-lint.com/apps/news/apple/156663-apple-airdrop-security-flaw-phone-number-email-address
Ransomware Attack Vectors Shift as New Software Vulnerability Exploits Abound (26 apr) https://www.coveware.com/blog/ransomware-attack-vectors-shift-as-new-software-vulnerability-exploits-abound
Cyber-attack hackers threaten to share US police informant data (28 apr) https://www.bbc.com/news/world-us-canada-56898711
UK rail network Merseyrail likely hit by Lockbit ransomware (28 apr) https://www.bleepingcomputer.com/news/security/uk-rail-network-merseyrail-likely-hit-by-lockbit-ransomware/
Emotet botnet harvested 4.3 million email addresses. Now the FBI is using Have I Been Pwned to alert the victims (28 apr) https://www.zdnet.com/article/emotet-botnet-harvested-4-3-million-email-addresses-now-the-fbi-is-using-have-i-been-pwned-to-alert-the-victims/
Scammers imitate Windows logo with HTML tables to slip through email gateways (28 apr) https://www.scmagazine.com/home/security-news/phishing/scammers-imitate-windows-logo-with-html-tables-to-slip-through-email-gateways/
Task Force Seeks to Disrupt Ransomware Payments (29 apr) https://krebsonsecurity.com/2021/04/task-force-seeks-to-disrupt-ransomware-payments/ .. Rapport: Combatting Ransomware https://securityandtechnology.org/ransomwaretaskforce/report/
Brazil’s Rio Grande do Sul court system hit by REvil ransomware (29 apr) https://www.bleepingcomputer.com/news/security/brazils-rio-grande-do-sul-court-system-hit-by-revil-ransomware/
Omfattande dataintrång har drabbat Malmö stad – personuppgifter kan läckt ut (29 apr) https://www.svt.se/nyheter/lokalt/skane/malmo-stads-personalsystem-utsatt-for-dataintrang
Informationssäkerhet och blandat
Defending Against Software Supply Chain Attacks https://www.cisa.gov/sites/default/files/publications/defending_against_software_supply_chain_attacks_508.pdf
The Winds of Change – What SolarWinds Teaches Us (25 apr) https://www.tripwire.com/state-of-security/security-data-protection/winds-of-change-what-solarwinds-teaches-us/
When AIs Start Hacking (26 apr) https://www.schneier.com/blog/archives/2021/04/when-ais-start-hacking.html
Säkerhetsbrister placerade i Linux-kerneln (28 apr) https://kryptera.se/sakerhetsbrister-placerade-i-linux-kerneln/ .. Forskningsartikel: On the Feasibility of Stealthily Introducing Vulnerabilities in Open-Source Software via Hypocrite Commits https://github.com/QiushiWu/QiushiWu.github.io/blob/main/papers/OpenSourceInsecurity.pdf
Don’t Ignore Ransomware. It’s Bad. (29 apr) https://www.nytimes.com/2021/04/29/technology/ransomware-attacks-prevention.html