CERT-SE:s veckobrev v.28

Veckobrev

Solarwinds har drabbats av en ny sårbarhet, REvil är försvunna efter Kaseya-incidenten och Irland satsar på sitt cybersäkerhetscenter. Dessutom ett par rapporter om säkerhetsprioriteringar för det hybrida kontoret och hur man kan minska riskerna för phishing och ransomware. CERT-SE:s veckobrev kommer ut som vanligt nästa vecka, men efter det tar vi sommaruppehåll och är tillbaka vecka 35.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Serv-U Remote Memory Escape Vulnerability (9 jul)
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35211

Solarwindskunder drabbade av hackare – igen (13 jul)
https://tt.omni.se/solarwindskunder-drabbade-av-hackare-igen/a/O3oj6q

SolarWinds 0-day gave Chinese hackers privileged access to customer servers (14 jul)
https://arstechnica.com/gadgets/2021/07/microsoft-says-hackers-in-china-exploited-critical-solarwinds-0-day/

Svensk Handel: Anmäl alltid it-brott – betala aldrig (12 maj)
https://www.dn.se/ekonomi/svensk-handel-anmal-alltid-it-brott-betala-aldrig/

Government doubles cyber security director salary and promises 45 more staff (13 jul)
https://www.irishtimes.com/news/crime-and-law/government-doubles-cyber-security-director-salary-and-promises-45-more-staff-1.4619575

CISA says multiple threat actors are exploiting the Windows ‘PrintNightmare’ vulnerability (14 jul)
https://www.securityweek.com/cisa-says-multiple-threat-actors-exploiting-windows-printnightmare-vulnerability

Mitigate Windows Print Spooler Service Vulnerability (13 jul)
https://cyber.dhs.gov/ed/21-04/Russian gang blamed for global ransomware attack vanishes from web (13 jul) https://www.politico.com/news/2021/07/13/revil-ransomware-vanishes-499487

REvil ransomware gang’s websites vanish soon after Kaseya fiasco, Uncle Sam threatens retaliation (13 jul)
https://www.theregister.com/2021/07/13/revil_ransomware_shuts/

China tightens control over cybersecurity in data crackdown (14 jul)
https://abcnews.go.com/Technology/wireStory/china-tightens-control-cybersecurity-data-crackdown-78815845

What follows Patch Tuesday? Exploit Wednesday. Grab this bumper batch of security updates from Microsoft (14 jul)
https://www.theregister.com/2021/07/14/patch_tuesday/

Gmail update will go some way to eliminating phishing once and for all (14 jul)
https://www.techradar.com/news/gmail-update-will-go-some-way-to-eliminating-phishing-once-and-for-all

Zero-day exploit allowed SolarWinds hackers to extract login information from iOS devices (14 jul)
https://9to5mac.com/2021/07/14/zero-day-exploit-allowed-solarwinds-hackers-to-extract-login-information-from-ios-devices/

Myndigheter saknar skydd mot it-bedrägeri (15 juli)
https://sverigesradio.se/artikel/myndigheter-saknar-skydd-mot-it-bedrageri

SonicWall suggests people unplug their end-of-life gateways under ‘active attack’ by ransomware crims (15 jul)
https://www.theregister.com/2021/07/15/sonicwall_secure_access/

Tulsa Says Network Hack Gained Some Social Security Numbers (15 jul)
https://www.securityweek.com/tulsa-says-network-hack-gained-some-social-security-numbers

For years, a backdoor in popular KiwiSDR product gave root to project developer (15 jul)
https://arstechnica.com/gadgets/2021/07/for-years-a-backdoor-in-popular-kiwisdr-product-gave-root-to-project-developer/

Informationssäkerhet och blandat

The Aviation Industry Needs to Move Towards Cyber Resilience (5 jul)
https://www.tripwire.com/state-of-security/featured/aviation-industry-needs-to-move-towards-cyber-resilience/

Här är säkerhetsprioriteringarna för det hybrida kontoret (13 jul)
https://www.mynewsdesk.com/se/checkpoint/pressreleases/haer-aer-saekerhetsprioriteringarna-foer-det-hybrida-kontoret-3116557

Remote and Hybrid Work Security Report
https://pages.checkpoint.com/remote-and-hybrid-work-security-report.html

Digitala brevlådan E-boks åtgärdar slarv med säkra anslutningar (14 jul)
https://nikkasystems.com/2021/07/14/digitala-brevladan-e-boks-atgardar-slarv-med-sakra-anslutningar/

What Can Government Do as Cyber Insurance Costs Increase? (14 jul)
https://www.govtech.com/security/what-can-government-do-as-cyber-insurance-costs-increase

OCR Urges Private Sector to Beef Up Ransomware Protections (14 jul)
https://www.natlawreview.com/article/ocr-urges-private-sector-to-beef-ransomware-protections

Signs of Triviality (15 jul)
https://www.netmeister.org/blog/dns-rrs.html

The Tower of Babel: How Public Interest Internet is Trying to Save Messaging and Banish Big Social Media (15 jul)
https://www.eff.org/deeplinks/2021/07/tower-babel-how-public-interest-internet-trying-save-messaging-and-banish-big

How to Reduce the Risk of Phishing and Ransomware
https://resources.trendmicro.com/Osterman-Email-Security-WP.html

CISA: Stop Ransomware
https://www.cisa.gov/stopransomware

A Fresh Look at Trickbot’s Ever-Improving VNC Module
https://www.bitdefender.com/files/News/CaseStudies/study/399/Bitdefender-PR-Whitepaper-Trickbot-creat5515-en-EN.pdf

CERT-SE i veckan

Månatliga säkerhetsuppdateringar för juli 2021

Kritiska sårbarheter i Kaseya VSA [uppdaterad 2021-07-15]