CERT-SE:s veckobrev v.22

61% svarade rätt på frågan “What is phishing?” i Proofpoints “2020 State of the Phish”*. Med det sagt vill CERT-SE vill göra er uppmärksamma på National Phish & Chip Day som äger rum den 7 juni. Ett ypperligt tillfälle att öka medvetenheten om phishing.

Trevlig helg!

Nyheter i veckan

US nuclear weapon bunker security secrets spill from online flashcards since 2013 (28 maj) https://www.theregister.com/2021/05/28/flashcards_military_nuclear/

Amazon devices will soon automatically share your Internet with neighbors (29 maj) https://arstechnica.com/gadgets/2021/05/amazon-devices-will-soon-automatically-share-your-internet-with-neighbors/

Biden vill satsa miljarder mot hackerattacker (29 maj) https://www.di.se/nyheter/biden-vill-satsa-miljarder-mot-hackerattacker/

Interpol intercepts $83 million fighting financial cyber crime (30 maj) https://www.bleepingcomputer.com/news/security/interpol-intercepts-83-million-fighting-financial-cyber-crime/

Detecting Cobalt Strike and Hancitor traffic in PCAP (31 maj) https://www.netresec.com/?page=Blog&month=2021-05&post=Detecting-Cobalt-Strike-and-Hancitor-traffic-in-PCAP

Säpo: Underrättelsehoten mot lärosäten ökar (31 maj) https://www.dn.se/sverige/sapo-underrattelsehoten-mot-larosaten-okar/

Revisiting the NSIS-based crypter (31 maj) https://blog.malwarebytes.com/threat-analysis/2021/05/revisiting-the-nsis-based-crypter/

Swedish Health Agency discloses hacking attempts (31 maj) https://securityaffairs.co/wordpress/118440/hacking/swedish-health-agency-cyberattacks.html

Global meat processor JBS shuts part of operation to blunt cyberattack fallout (31 maj) https://www.scmagazine.com/home/security-news/data-breach/jbs-hit-by-cyberattack-warns-suppliers-and-customers-of-potential-impact/ .. FBI: JBS ransomware attack was carried out by REvil (2 jun) https://therecord.media/fbi-jbs-ransomware-attack-was-carried-out-by-revil/

Hacking continues to cause major issues across health service (1 jun) https://www.independent.ie/irish-news/health/hacking-continues-to-cause-major-issues-across-health-service-40489613.html

This new ransomware is targeting unpatched Microsoft Exchange servers (1 jun) https://www.techradar.com/news/a-new-ransomware-is-targeting-unpatched-microsoft-exchange-servers

US seizes domains used by APT29 in recent USAID phishing attacks (1 jun) https://www.bleepingcomputer.com/news/security/us-seizes-domains-used-by-apt29-in-recent-usaid-phishing-attacks/

SolarWinds Attacker Novellium Attacks Over 150 Companies with Latest Mass Email Campaign (1 jun) https://tekdeeps.com/solarwinds-attacker-novellium-attacks-over-150-companies-with-latest-mass-email-campaign/

This scary security flaw could let hackers change contracts you already signed (1 jun) https://bgr.com/tech/security-flaw-in-pdf-could-let-hackers-change-documents-5928865/

There’s a lesson here for us all: A third of healthcare orgs in Sophos survey ‘hit with ransomware in 2020’ (1 jun) https://www.theregister.com/2021/06/01/healthcare_orgs_ransomware_sophos/

Colonial Pipeline led to a cyber order for sector operators. Will JBS lead to more? (1 jun) https://www.scmagazine.com/home/government/colonial-pipeline-led-to-a-cyber-order-will-jbs-lead-to-more/

Are Ransomware Attacks Impeding Criminal Prosecutions? (1 jun) https://www.bankinfosecurity.com/are-ransomware-attacks-impeding-criminal-prosecutions-a-16781

Privateers: A New Type of Ransomware Syndicate (1 jun) https://cyware.com/news/privateers-a-new-type-of-ransomware-syndicate-e4693626

How ransomware actors are adding DDoS attacks to their arsenals (2 jun) https://www.techrepublic.com/article/how-ransomware-actors-are-adding-ddos-attacks-to-their-arsenals/

WebLogic RCE Leads to XMRig (3 jun) https://thedfirreport.com/2021/06/03/weblogic-rce-leads-to-xmrig/

SharpPanda: Chinese APT Group Targets Southeast Asian Government With Previously Unknown Backdoor (3 jun) https://research.checkpoint.com/2021/chinese-apt-group-targets-southeast-asian-government-with-previously-unknown-backdoor/

Australia’s cybersecurity agency says it averted more attacks by hackers who crippled Nine (3 jun) https://www.theguardian.com/australia-news/2021/jun/03/australias-cybersecurity-agency-says-it-averted-more-attacks-by-hackers-who-crippled-nine

Så knäcktes EncroChat av polisen (3 jun) https://kryptera.se/sa-knacktes-encrochat-av-polisen/

Exclusive-U.S. to give ransomware hacks similar priority as terrorism, official says (3 jun) https://www.reuters.com/article/cyber-usa-ransomware-idUSL2N2NC1SD

Barn låg bakom it-attack mot Region Gotland (3 jun) https://www.svd.se/barn-lag-bakom-it-attack-mot-region-gotland

The most destructive cybersecurity threats in 2021 (3 jun) https://betanews.com/2021/06/03/cybersecurity-threats-2021/

Chinese hackers used Pulse Secure zero day vulnerability to infiltrate MTA systems (3 jun) https://www.scmagazine.com/home/security-news/data-breach/chinese-hackers-used-pulse-secure-zero-day-vulnerability-to-infiltrate-mta-systems/

Informationssäkerhet och blandat

I quit my job to focus on SerenityOS full time (28 maj) https://awesomekling.github.io/I-quit-my-job-to-focus-on-SerenityOS-full-time/

Försök till dataintrång orsak till uteblivna uppdateringar (31 maj) https://sverigesradio.se/artikel/forsok-till-dataintrang-orsak-till-uteblivna-uppdateringar

The site that tells you if you were hacked has partnered with the FBI (31 maj) https://bgr.com/tech/have-i-been-pwned-service-fbi-integration-5928603/

The human cost of understaffed SOCs (1 jun) https://www.helpnetsecurity.com/2021/06/01/human-cost-understaffed-socs/

EU Digital COVID Certificate: EU Gateway goes live with seven countries one month ahead of deadline (1 jun) https://ec.europa.eu/commission/presscorner/detail/en/IP_21_2721

Polis avskedas efter dataintrång (1 jun) https://sverigesradio.se/artikel/polis-avskedas-efter-dataintrang

The most important point in a cyberattack is before it happens (2 jun) https://www.helpnetsecurity.com/2021/06/02/cyberattack-moment/

Säpo-agenten och hackaren jobbar tillsammans mot cyberhoten (2 jun) https://www.dn.se/ekonomi/sapo-agenten-och-hackaren-jobbar-tillsammans-mot-cyberhoten/

Remiss av delrapport om utlämnande av mikrodata till Luxembourg Income Study (LIS) (31 maj) https://www.regeringen.se/remisser/2021/05/remiss-av-delrapport-om-utlamnande-av-mikrodata-till-luxembourg-income-study-lis-fran-utredningen-om-hushallens-tillgangar-och-skulder/ .. Utlämnande av mikrodata till Luxembourg Income Study (LIS) (29 apr) https://www.regeringen.se/rapporter/2021/04/utlamnande-av-mikrodata-till-luxembourg-income-study-lis/ .. Delrapport: https://www.regeringen.se/4994fe/contentassets/3de3e1fb2ba54fd69efc63d3da89b916/utlamnande-av-mikrodata-till-luxembourg-income-study-lis.pdf

National Phish & Chip Day – raising awareness of scams https://www.herts.police.uk/news-and-appeals/national-phish-chip-day-raising-awareness-of-scams-0319all

CERT-SE i veckan

Allvarlig sårbarhet i Lasso påverkar flera single-sign-on-produkter

Sårbarhet i Sonicwall Network Security Manager

[*] 2020 State of the Phish: https://www.proofpoint.com/sites/default/files/gtd-pfpt-us-tr-state-of-the-phish-2020.pdf