CERT-SE:s veckobrev v.37
På internationella patiensäkerhetsdagen kommer CERT-SE bland annat med tips på hur man skyddar patienternas data. Det har också rapporterats om den nya spionprogramvaran Pegasus och ett antal olika incidenter. Mer positivt är att det nu finns en gratis nyckel för att avkryptera REvils ransomware från före 13:e juli.
Trevlig helg önskar CERT-SE!
Nyheter i veckan
Expert: Cyberhot blir största utmaningen för luftfarten (10 sep)
https://www.nyteknik.se/samhalle/expert-cyberhot-blir-storsta-utmaningen-for-luftfarten-7020608
Technology giant Olympus hit by BlackMatter ransomware (13 sep)
https://techcrunch.com/2021/09/12/technology-giant-olympus-hit-by-blackmatter-ransomware/
Investigating potential cybersecurity incident affecting limited areas of our EMEA IT system (11 sep)
https://www.olympus-europa.com/company/en/news/press-releases/2021-09-11t03-00-00/investigating-potential-cybersecurity-incident-affecting-limited-areas-of-our-emea-it-system.html
How a glitch in the Matrix led to apps potentially exposing encrypted chats (13 sep)
https://www.theregister.com/2021/09/13/matrix_foundation_implementation_bug/
Hackers port Cobalt Strike attack tool to Linux (13 sep)
https://searchsecurity.techtarget.com/news/252506642/Hackers-port-Cobalt-Strike-attack-tool-to-Linux
Vermilion Strike: Linux and Windows Re-implementation of Cobalt Strike (13 sep)
https://www.intezer.com/blog/malware-analysis/vermilionstrike-reimplementation-cobaltstrike/
BazarLoader to Conti Ransomware in 32 Hours (13 sep)
https://thedfirreport.com/2021/09/13/bazarloader-to-conti-ransomware-in-32-hours/
SEC charges App Annie with securities fraud in $10 million settlement (14 sep)
https://www.protocol.com/bulletins/app-annie-sec-fraud
Kungsbacka kommuns hemsida utsattes för it-attack: ”En allvarlig händelse” (14 sep)
https://www.kungsbackaposten.se/nyheter/kungsbacka-kommuns-hemsida-utsattes-f%C3%B6r-it-attack-en-allvarlig-h%C3%A4ndelse-1.54801408
Krita art app users targeted by ransomware posing as paid ‘collaboration’ opportunities (14 sep)
https://www.theregister.com/2021/09/14/krita_users_targeted_by_ransomware/
“Secret” Agent Exposes Azure Customers To Unauthorized Code Execution (14 sep)
https://www.wiz.io/blog/secret-agent-exposes-azure-customers-to-unauthorized-code-execution
Ransomware accounted for a quarter of all cyber insurance claims in Europe between 2016 and 2020 (15 sep)
https://therecord.media/ransomware-accounted-for-a-quarter-of-all-cyber-insurance-claims-in-europe-between-2016-and-2020/
Ransomware encrypts South Africa’s entire Dept of Justice network (15 sep)
https://www.bleepingcomputer.com/news/security/ransomware-encrypts-south-africas-entire-dept-of-justice-network/
DfE launches cyber security scorecard for schools (15 sep)
https://schoolsweek.co.uk/dfe-launches-cyber-security-scorecard-for-schools/
FTC rules that health apps must notify consumers affected by data breaches (16 sep)
https://www.engadget.com/ftc-rules-that-health-apps-must-notify-consumers-if-their-data-is-breached-114043312.html
There Is No Evidence Russia-based Ransomware Is Slowing Down (16 sep)
https://mytechdecisions.com/network-security/there-is-no-evidence-russia-based-ransomware-is-slowing-down/
Bitdefender Offers Free Universal Decryptor for REvil/Sodinokibi Ransomware (16 sep)
https://www.bitdefender.com/blog/labs/bitdefender-offers-free-universal-decryptor-for-revil-sodinokibi-ransomware/
Flera lokaltidningars sajter låg nere efter IT-problem (17 sep)
https://www.svt.se/nyheter/lokalt/jonkoping/jonkopings-posten-sajt-ligger-nere-tekniska-problem
Utländska myndigheter kan få direktåtkomst till uppgifter hos FRA (17 sep)
https://sverigesradio.se/artikel/utlandska-myndigheter-far-direktatkomst-till-uppgifter-hos-fra
Internet Society introduces MANRS initiative to improve the resilience and security of the routing infrastructure (17 sep)
https://www.helpnetsecurity.com/2021/09/17/internet-society-manrs-initiative/
Spionprogramvaran Pegasus
Apple rushes to block ‘zero-click’ iPhone spyware (14 sep)
https://www.bbc.com/news/business-58540936
FORCEDENTRY - NSO Group iMessage Zero-Click Exploit Captured in the Wild (13 sep)
https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Nytt spionprogram riktat mot Apples produkter (13 sep)
https://www.dn.se/ekonomi/nytt-spionprogram-riktat-mot-apples-produkter/
Apple Security Flaw: How do ‘Zero-Click’ Attacks Work? (14 sep)
https://www.securityweek.com/apple-security-flaw-how-do-zero-click-attacks-work
Så identifierar du spionprogramvaran Pegasus från NSO Group (17 sep)
https://kryptera.se/sa-identifierar-du-spionprogramvaran-pegasus-fran-nso-group/
Informationssäkerhet och blandat
How to Detect Cobalt Strike: An Inside Look at the Popular Commercial Post-Exploitation Tool (14 sep)
https://www.recordedfuture.com/detect-cobalt-strike-inside-look/
OSI Layer 1: The soft underbelly of cybersecurity (14 sep)
https://www.helpnetsecurity.com/2021/09/14/osi-layer-1/
Healthcare cybersecurity: How to prevent the compromise of patient records? (14 sep)
https://www.helpnetsecurity.com/2021/09/14/compromise-healthcare-records/
Understanding DDoS cyber attacks – Expert Reaction (15 sep)
https://www.scoop.co.nz/stories/SC2109/S00035/understanding-ddos-cyber-attacks-expert-reaction.htm
Microsoft accounts can now go fully passwordless (15 sep)
https://www.theverge.com/2021/9/15/22675175/microsoft-account-passwordless-no-password-security-feature
RIP Sir Clive Sinclair: British home computer trailblazer dies aged 81 (16 sep)
https://www.theregister.com/2021/09/16/sir_clive_sinclair/
Pointer: Hunting Cobalt Strike globally (16 sep)
https://medium.com/@shabarkin/pointer-hunting-cobalt-strike-globally-a334ac50619a
APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus (16 sep)
https://us-cert.cisa.gov/ncas/alerts/aa21-259a
CERT-SE i veckan
Kritiska sårbarheter i OMI kan påverka Linux-maskinerAdobes månatliga säkerhetsuppdateringar för september
Microsofts månatliga säkerhetsuppdateringar för september 2021