CERT-SE:s veckobrev v.18

Veckobrev

Vi är många som vill bekämpa ransomware. Nu har ett sextiotal myndigheter, företag och institutioner bildat en koalition som ska störa och avbryta de cyberkriminella genom att angripa den ekonomiska verksamheten.

Nyheter i veckan

Trickbot Brief: Creds and Beacons (2 maj)
https://thedfirreport.com/2021/05/02/trickbot-brief-creds-and-beacons/

Critical 21Nails Exim bugs expose millions of servers to attacks (4 maj)
https://www.bleepingcomputer.com/news/security/critical-21nails-exim-bugs-expose-millions-of-servers-to-attacks/

Belgium’s government network goes down after massive DDoS attack (4 maj)
https://therecord.media/belgiums-government-network-goes-down-after-massive-ddos-attack/?

This malware has been rewritten in the Rust programming language to make it harder to spot (4 maj)
https://www.zdnet.com/article/this-malware-has-been-rewritten-in-the-rust-programming-language-to-make-it-harder-to-spot/

Belgium suffers major cyberattack (5 maj)
https://www.euractiv.com/section/politics/short_news/belgium-suffers-major-cyber-attack/

New Moriya rootkit used in the wild to backdoor Windows systems (6 maj)
https://www.bleepingcomputer.com/news/security/new-moriya-rootkit-used-in-the-wild-to-backdoor-windows-systems/

Operation TunnelSnake (6 maj)
https://securelist.com/operation-tunnelsnake-and-moriya-rootkit/101831/

Banker godkända i säkerhetstest (6 maj)
https://www.securityuser.com/se/Nyheter/Samhalle/banker-godkanda-i-sakerhetstest

Rysk underrättelsetjänst bakom ransomware-attacker (7 maj)
https://www.securityuser.com/se/Nyheter/Samhalle/rysk-underrattelsetjanst-bakom-ransomware-attacker .. Are The Notorious Cyber Criminals Evil Corp actually Russian Spies? (truesec.com) (5 maj)
https://blog.truesec.com/2021/05/05/are-the-notorious-cyber-criminals-evil-corp-actually-russian-spies/

Informationssäkerhet och blandat

Can the Bytecode Alliance secure the supply chain with WebAssembly? (28 apr)
https://www.scmagazine.com/home/security-news/cloud-security/can-the-bytecode-alliance-secure-the-supply-chain-with-webassembly/

Multi-Gov Task Force Plans to Take Down the Ransomware Economy (29 apr)
https://threatpost.com/gov-task-force-ransomware-economy/165715/ .. An Ambitious Plan to Tackle Ransomware Faces Long Odds (29 apr)
https://www.wired.com/story/ransomware-task-force-proposal/ .. Institute for Security and Technology (IST) » RTF Report: Combatting Ransomware (29 apr)
https://securityandtechnology.org/ransomwaretaskforce/report/

These breached “Star Wars”-themed passwords need more than the force to save them (3 maj)
https://www.techrepublic.com/article/these-breached-star-wars-themed-passwords-need-more-than-the-force-to-save-them/

Fertilitetsappar delar olovligen känsliga uppgifter från miljontals användare (umu.se) (4 maj)
https://www.umu.se/nyheter/fertilitetsappar-delar-kansliga-data-fran-miljontals-anvandare_10421192/

Anställd inom Region Gävleborg polisanmäld för dataintrång - P4 Gävleborg | Sveriges Radio (5 maj)
https://sverigesradio.se/artikel/anstalld-inom-region-gavleborg-polisanmald-for-dataintrang

World Password Day: Bitdefenders tipsar om hur du tar hand om dina lösenord - dagensinfrastruktur (6 maj)
https://www.dagensinfrastruktur.se/2021/05/06/world-password-day-bitdefenders-tipsar-om-hur-du-tar-hand-om-dina-losenord/

Vulnerability that can be used to DDoS DNS (6 maj)
https://tsuname.io/

Hur gjorde Arne Beurling för att forcera G‑skrivaren?
https://www.fra.se/omfra/frashistoria/hurgjordearnebeurlingforattforceragskrivaren.4.15d6ea201729ce403d23d4.html

Defending Against Software Supply Chain Attacks
https://www.cisa.gov/sites/default/files/publications/defending_against_software_supply_chain_attacks_508.pdf

CERT-SE i veckan

Kritiska sårbarheter i Cisco-produkter

Sårbarheter i Exim