CERT-SE:s veckobrev v.26

Veckobrev

I veckans nyhetsbrev finns nyheter om ransomware, både angrepp och återställning. Det har också rapporterats om andra typer av intrång och ett par framgångar för rättsväsendet. Dessutom har det släppts en rapport om hur mycket cyberförsäkringar egentligen hjälper.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

This Malware Generated $2 Million After Abusing 222,000 Windows Systems (27 jun)
https://www.ehackingnews.com/2021/06/this-malware-generated-2-million-after.html

WSSC Water Investigating Ransomware Attack (27 jun)
https://baltimore.cbslocal.com/2021/06/27/wssc-water-investigating-ransomware-attack/

Microsoft says new breach discovered in probe of suspected SolarWinds hackers (28 jun)
https://www.reuters.com/technology/microsoft-says-new-breach-discovered-probe-suspected-solarwinds-hackers-2021-06-25/

Microsoft support agent and some basic customer details hit by SolarWinds attackers (28 jun)
https://www.zdnet.com/article/microsoft-support-agent-and-some-basic-customer-details-hit-by-solarwinds-attackers/

EA ignored domain vulnerabilities for months despite warnings and breaches (28 jun)
https://www.zdnet.com/article/ea-ignored-domain-vulnerabilities-for-months-despite-warnings-and-breaches/

Ransomware gangs now creating websites to recruit affiliates (28 jun)
https://www.bleepingcomputer.com/news/security/ransomware-gangs-now-creating-websites-to-recruit-affiliates/

Lorenz ransomware decryptor recovers victims’ files for free (29 jun)
https://www.bleepingcomputer.com/news/security/lorenz-ransomware-decryptor-recovers-victims-files-for-free/

DoubleVPN servers, logs, and account info seized by law enforcement (29 jun)
https://www.bleepingcomputer.com/news/security/doublevpn-servers-logs-and-account-info-seized-by-law-enforcement/

LinkedIn breach leaves 700 Million users exposed [Update] (29 jun)
https://pocketnow.com/linkedin-breach-leaves-700-million-users-exposed

Hackare hade bakdörr till dansk centralbank (29 jun)
https://www.svd.se/hackare-hade-bakdorr-till-dansk-centralbank

Colombia Catches Hacker Wanted in the U.S. for ‘Gozi’ Virus (29 jun)
https://www.securityweek.com/colombia-catches-hacker-wanted-us-gozi-virus

Hackers exploited 0-day, not 2018 bug, to mass-wipe My Book Live devices [Updated] (30 jun)
https://arstechnica.com/gadgets/2021/06/hackers-exploited-0-day-not-2018-bug-to-mass-wipe-my-book-live-devices/

WizCase Report: Vulnerabilities found on WD My Book, NetGear Stora, SeaGate Home, Medion LifeCloud NAS (26 nov)
https://www.wizcase.com/blog/hack-2018/

UN official warns digital technologies open areas for attack (30 jun)
https://abcnews.go.com/Technology/wireStory/official-warns-digital-technologies-open-areas-attack-78571709

UK arm of international charity the Salvation Army hit by ransomware attack (30 jun)
https://www.theregister.com/2021/06/30/salvation_army_ransomware_attack/

Informationssäkerhet och blandat

Android FluBot enters Switzerland (19 jun)
https://securityblog.switch.ch/2021/06/19/android-flubot-enters-switzerland/

Misstänkt dataintrång på sjukhus – exanställd läste journaler (26 jun)
https://sverigesradio.se/artikel/dataintrang-pa-sjukhus

The Economic Costs of Cyber Risk (28 jun)
https://www.fdd.org/analysis/2021/06/28/the-economic-costs-of-cyber-risk/

Cyber Insurance and the Cyber Security Challenge (28 jun)
https://rusi.org/explore-our-research/publications/occasional-papers/cyber-insurance-and-cyber-security-challenge

Ransomware: Paying up won’t stop you from getting hit again, says cybersecurity chief (29 jun)
https://www.zdnet.com/article/ransomware-paying-up-wont-stop-you-from-getting-hit-again-says-cybersecurity-chief/

How a Docker footgun led to a vandal deleting NewsBlur’s MongoDB database (28 jun)
https://blog.newsblur.com/2021/06/28/story-of-a-hacking/

Cobalt Strike: Favorite Tool from APT to Crimeware (29 jun)
https://www.proofpoint.com/us/blog/threat-insight/cobalt-strike-favorite-tool-apt-crimeware

CISA Begins Cataloging Bad Practices that Increase Cyber Risk (29 jun)
https://us-cert.cisa.gov/ncas/current-activity/2021/06/29/cisa-begins-cataloging-bad-practices-increase-cyber-risk

FIRST Challenge 2021 Writeup (30 jun)
https://cert.at/en/blog/2021/6/first-challenge-2021-writeup

America tops ITU’s Global Cyber Security Index, UK in tie for second with Saudi Arabia (30 jun)
https://www.theregister.com/2021/06/30/america_global_cyber_security_index_2020/

Global Cybersecurity Index
https://www.itu.int/en/ITU-D/Cybersecurity/Pages/global-cybersecurity-index.aspx

NSA, Partners Release Cybersecurity Advisory on Brute Force Global Cyber Campaign (1 jul)
https://www.nsa.gov/news-features/press-room/Article/2677750/nsa-partners-release-cybersecurity-advisory-on-brute-force-global-cyber-campaign/

CERT-SE i veckan

Kritisk sårbarhet i Microsoft Print Spooler Service [uppdaterad 2021-07-02]