CERT-SE:s veckobrev v.26
I veckans nyhetsbrev finns nyheter om ransomware, både angrepp och återställning. Det har också rapporterats om andra typer av intrång och ett par framgångar för rättsväsendet. Dessutom har det släppts en rapport om hur mycket cyberförsäkringar egentligen hjälper.
Trevlig helg önskar CERT-SE!
Nyheter i veckan
This Malware Generated $2 Million After Abusing 222,000 Windows Systems (27 jun)
https://www.ehackingnews.com/2021/06/this-malware-generated-2-million-after.html
WSSC Water Investigating Ransomware Attack (27 jun)
https://baltimore.cbslocal.com/2021/06/27/wssc-water-investigating-ransomware-attack/
Microsoft says new breach discovered in probe of suspected SolarWinds hackers (28 jun)
https://www.reuters.com/technology/microsoft-says-new-breach-discovered-probe-suspected-solarwinds-hackers-2021-06-25/
Microsoft support agent and some basic customer details hit by SolarWinds attackers (28 jun)
https://www.zdnet.com/article/microsoft-support-agent-and-some-basic-customer-details-hit-by-solarwinds-attackers/
EA ignored domain vulnerabilities for months despite warnings and breaches (28 jun)
https://www.zdnet.com/article/ea-ignored-domain-vulnerabilities-for-months-despite-warnings-and-breaches/
Ransomware gangs now creating websites to recruit affiliates (28 jun)
https://www.bleepingcomputer.com/news/security/ransomware-gangs-now-creating-websites-to-recruit-affiliates/
Lorenz ransomware decryptor recovers victims’ files for free (29 jun)
https://www.bleepingcomputer.com/news/security/lorenz-ransomware-decryptor-recovers-victims-files-for-free/
DoubleVPN servers, logs, and account info seized by law enforcement (29 jun)
https://www.bleepingcomputer.com/news/security/doublevpn-servers-logs-and-account-info-seized-by-law-enforcement/
LinkedIn breach leaves 700 Million users exposed [Update] (29 jun)
https://pocketnow.com/linkedin-breach-leaves-700-million-users-exposed
Hackare hade bakdörr till dansk centralbank (29 jun)
https://www.svd.se/hackare-hade-bakdorr-till-dansk-centralbank
Colombia Catches Hacker Wanted in the U.S. for ‘Gozi’ Virus (29 jun)
https://www.securityweek.com/colombia-catches-hacker-wanted-us-gozi-virus
Hackers exploited 0-day, not 2018 bug, to mass-wipe My Book Live devices [Updated] (30 jun)
https://arstechnica.com/gadgets/2021/06/hackers-exploited-0-day-not-2018-bug-to-mass-wipe-my-book-live-devices/
WizCase Report: Vulnerabilities found on WD My Book, NetGear Stora, SeaGate Home, Medion LifeCloud NAS (26 nov)
https://www.wizcase.com/blog/hack-2018/
UN official warns digital technologies open areas for attack (30 jun)
https://abcnews.go.com/Technology/wireStory/official-warns-digital-technologies-open-areas-attack-78571709
UK arm of international charity the Salvation Army hit by ransomware attack (30 jun)
https://www.theregister.com/2021/06/30/salvation_army_ransomware_attack/
Informationssäkerhet och blandat
Android FluBot enters Switzerland (19 jun)
https://securityblog.switch.ch/2021/06/19/android-flubot-enters-switzerland/
Misstänkt dataintrång på sjukhus – exanställd läste journaler (26 jun)
https://sverigesradio.se/artikel/dataintrang-pa-sjukhus
The Economic Costs of Cyber Risk (28 jun)
https://www.fdd.org/analysis/2021/06/28/the-economic-costs-of-cyber-risk/
Cyber Insurance and the Cyber Security Challenge (28 jun)
https://rusi.org/explore-our-research/publications/occasional-papers/cyber-insurance-and-cyber-security-challenge
Ransomware: Paying up won’t stop you from getting hit again, says cybersecurity chief (29 jun)
https://www.zdnet.com/article/ransomware-paying-up-wont-stop-you-from-getting-hit-again-says-cybersecurity-chief/
How a Docker footgun led to a vandal deleting NewsBlur’s MongoDB database (28 jun)
https://blog.newsblur.com/2021/06/28/story-of-a-hacking/
Cobalt Strike: Favorite Tool from APT to Crimeware (29 jun)
https://www.proofpoint.com/us/blog/threat-insight/cobalt-strike-favorite-tool-apt-crimeware
CISA Begins Cataloging Bad Practices that Increase Cyber Risk (29 jun)
https://us-cert.cisa.gov/ncas/current-activity/2021/06/29/cisa-begins-cataloging-bad-practices-increase-cyber-risk
FIRST Challenge 2021 Writeup (30 jun)
https://cert.at/en/blog/2021/6/first-challenge-2021-writeup
America tops ITU’s Global Cyber Security Index, UK in tie for second with Saudi Arabia (30 jun)
https://www.theregister.com/2021/06/30/america_global_cyber_security_index_2020/
Global Cybersecurity Index
https://www.itu.int/en/ITU-D/Cybersecurity/Pages/global-cybersecurity-index.aspx
NSA, Partners Release Cybersecurity Advisory on Brute Force Global Cyber Campaign (1 jul)
https://www.nsa.gov/news-features/press-room/Article/2677750/nsa-partners-release-cybersecurity-advisory-on-brute-force-global-cyber-campaign/
CERT-SE i veckan
Kritisk sårbarhet i Microsoft Print Spooler Service [uppdaterad 2021-07-02]