CERT-SE:s veckobrev v.35

Veckobrev

Första veckobrevet efter sommarupphållet innehåller i vanlig ordning den senaste veckans omvärldsbevakning, men vi har även tagit med ett urval av några äldre intressanta länkar.

Trevlig läsning!

Nyheter i veckan

Cloudflare thwarts 17.2M rps DDoS attack — the largest ever reported (19 aug)
https://blog.cloudflare.com/cloudflare-thwarts-17-2m-rps-ddos-attack-the-largest-ever-reported/

White House Unveils Supply Chain, New Security Initiatives (26 aug)
https://www.govinfosecurity.com/white-house-unveils-supply-chain-new-security-initiatives-a-17372

FBI releases alert about Hive ransomware after attack on hospital system in Ohio and West Virginia (26 aug)
https://www.zdnet.com/article/fbi-releases-alert-about-hive-ransomware-after-attack-on-hospital-system/

Ragnarok ransomware releases master decryptor after shutdown (26 aug)
https://www.bleepingcomputer.com/news/security/ragnarok-ransomware-releases-master-decryptor-after-shutdown/

Coop och piraterna från öst (28 aug)
https://sverigesradio.se/avsnitt/coop-och-piraterna-fran-ost

Cobalt Strike, a Defender’s Guide (29 aug)
https://thedfirreport.com/2021/08/29/cobalt-strike-a-defenders-guide/

CISA adds single-factor authentication to list of bad practices (30 aug)
https://us-cert.cisa.gov/ncas/current-activity/2021/08/30/cisa-adds-single-factor-authentication-list-bad-practices

Ransomware Attack on Swiss City Exposed Citizens’ Data (30 aug)
https://www.bankinfosecurity.com/ransomware-attack-on-swiss-city-exposed-citizens-data-a-17401

Secure access to data in Azure Cosmos DB (30 aug)
https://docs.microsoft.com/en-us/azure/cosmos-db/secure-access-to-data

Ransomware attack in Indiana affects 49K patients (30 aug)
https://www.healthcareitnews.com/news/ransomware-attack-indiana-affects-49k-patients

Cyberattackers are now quietly selling off their victim’s internet bandwidth (31 aug)
https://www.zdnet.com/article/cyberattackers-are-now-quietly-selling-off-their-victims-internet-bandwidth/

Bangkok Airways hit by LockBit ransomware attack, loses lotsa data after refusing to pay (31 aug)
https://www.theregister.com/2021/08/31/bangkok_airways_hit_by_lockbit/

Polis lämnade ut information till bekant – åtalas för dataintrång (31 aug)
https://www.dn.se/sthlm/polis-lamnade-ut-information-till-bekant-atalas-for-dataintrang/

FBI-CISA Advisory on Ransomware Awareness for Holidays and Weekends (31 aug)
https://us-cert.cisa.gov/ncas/current-activity/2021/08/31/fbi-cisa-advisory-ransomware-awareness-holidays-and-weekends

Alert (AA21-243A): Ransomware awareness for holidays and weekends
https://us-cert.cisa.gov/ncas/alerts/aa21-243a

What IT security teams can learn from the Colonial Pipeline ransomware attack (31 sep)
https://www.itproportal.com/features/what-it-security-teams-can-learn-from-the-colonial-pipeline-ransomware-attack/

Cyber Criminal Actors Targeting the Food and Agriculture Sector with Ransomware Attacks (1 sep)
https://www.documentcloud.org/documents/21053966-fbi-bc-cyber-criminal-actors-targeting-the-food-and-agriculture-sector-with-ransomware-attacks

Zero-Click iPhone Exploits (1 sep)
https://www.schneier.com/blog/archives/2021/09/zero-click-iphone-exploits.html

Gift card gang extracts cash from 100k inboxes daily (2 sep)
https://krebsonsecurity.com/2021/09/gift-card-gang-extracts-cash-from-100k-inboxes-daily/

UK VoIP telco receives ‘colossal ransom demand’, reveals REvil cybercrooks suspected of ‘organised’ DDoS attacks on UK VoIP companies (2 sep)
https://www.theregister.com/2021/09/02/uk_voip_telcos_revil_ransom/

Uppdrag till MSB att förbereda nationellt samordningscenter för forskning och innovation inom cybersäkerhet (2 sep)
https://www.regeringen.se/pressmeddelanden/2021/09/uppdrag-till-msb-att-forbereda-nationellt-samordningscenter-for-forskning-och-innovation-inom-cybersakerhet/

Informationssäkerhet och blandat

NSA Issues Guidance on Securing Wireless Devices in Public Settings (29 jul)
https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2711968/nsa-issues-guidance-on-securing-wireless-devices-in-public-settings/

Guidence: https://media.defense.gov/2021/Jul/29/2002815141/-1/-1/0/CSI_SECURING_WIRELESS_DEVICES_IN_PUBLIC.PDF

The pandemic revealed the health risks of hospital ransomware attacks (19 aug)
https://www.theverge.com/2021/8/19/22632378/pandemic-ransomware-health-risks

ChaosDB: How we hacked thousands of Azure customers’ databases (26 aug)
https://www.wiz.io/blog/chaosdb-how-we-hacked-thousands-of-azure-customers-databases

How ransomware runs the underground economy (31 aug)
https://www.csoonline.com/article/3631534/how-ransomware-runs-the-underground-economy.html

The Scandalous History of the Last Rotor Cipher Machine (31 aug)
https://spectrum.ieee.org/the-scandalous-history-of-the-last-rotor-cipher-machine/particle-1

The postmortem password problem (1 sep)
https://hackaday.com/2021/09/01/the-postmortem-password-problem/

15-Year-Old Malware Proxy Network VIP72 Goes Dark (1 sep)
https://krebsonsecurity.com/2021/09/15-year-old-malware-proxy-network-vip72-goes-dark/

In space, no one can hear cyber security professionals scream (2 sep)
https://www.theregister.com/2021/09/02/in_space_no_security/

Bad practices
https://www.cisa.gov/BadPractices

Är du säker? Höstlovsskola i cybersäkerhet
https://ungaforskare.se/ar-du-saker/hostlovsskola/

CERT-SE i veckan

Kritisk sårbarhet i Cisco Enterprise NFVIS

Kritisk sårbarhet i samarbetsverktyget Confluence.

Kritiska sårbarheter i Cisco-produkterKritisk sårbarhet i BlackBerrys QNX (uppdaterad 2021-08-24)

Microsofts månatliga säkerhetsuppdateringar för augusti 2021

Microsoft Exchange-servrar skannas efter ProxyShell-sårbarheter (uppdaterad 2021-08-26)

Flera sårbarheter i Cisco Small Business

Flera kritiska sårbarheter påverkar NicheStack (uppdaterad 2021-08-06)

Funktion i Windows kan användas för nya angrepp.