CERT-SE:s veckobrev v.39
Idag inleds årets cybersäkerhetsmånad. Det firar vi med att lansera årets upplaga av CERT-SE:s CTF-utmaning, välkommen att dyka in och leta flaggor!
Lycka till och trevlig helg önskar CERT-SE!
Nyheter i veckan
This ransomware-dropping malware has swapped phishing for a sneaky new attack route (24 sept)
https://www.zdnet.com/article/this-ransomware-dropping-malware-has-swapped-phishing-for-a-sneaky-new-attack-route/
The Proliferation of Zero-days (24 sept)
https://www.schneier.com/blog/archives/2021/09/the-proliferation-of-zero-days.html
Björn lär företag att skydda sig mot cyberattacker: Kan bli jobbigt (24 sept)
https://sverigesradio.se/artikel/bjorn-lar-foretag-att-skydda-sig-mot-cyberattacker-kan-bli-jobbigt
EU larmar om ryska cyberattacker (25 sept)
https://www.svd.se/eu-larmar-om-ryska-cyberattacker
–
EU: Russia Behind ‘Ghostwriter’ Campaign Targeting Germany (27 sept)
https://threatpost.com/eu-russia-ghostwriter-germany/175025/
Port of Houston was hit by an alleged state-sponsored attack (26 sept)
https://securityaffairs.co/wordpress/122599/hacking/port-of-houston-cyberattack.html
The August cyber attacks targeted a dozen Russian banks (27 sept)
https://www.ehackingnews.com/2021/09/the-august-cyber-attacks-targeted-dozen.html
Threat Actor Targets Indian Government With Commercial RATs (27 sept)
https://www.securityweek.com/threat-actor-targets-indian-government-commercial-rats
FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor (27 sept)
https://www.microsoft.com/security/blog/2021/09/27/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/
Russian Turla APT Group Deploying New Backdoor on Targeted Systems (27 sept)
https://thehackernews.com/2021/09/russian-turla-apt-group-deploying-new.html
New malware steals Steam, Epic Games Store, and EA Origin accounts (27 sept)
https://www.bleepingcomputer.com/news/security/new-malware-steals-steam-epic-games-store-and-ea-origin-accounts/
Attackers Moving Faster Inside Target Networks (28 sept)
https://www.darkreading.com/threat-intelligence/attackers-moving-faster-inside-target-networks-report
FinSpy Surveillance Spyware Fitted With UEFI Bootkit (28 sept)
https://www.securityweek.com/finspy-surveillance-spyware-fitted-uefi-bootkit
Winter Vivern – all Summer (28 sept)
https://lab52.io/blog/winter-vivern-all-summer/
AirTag vulnerability turns tracker into Trojan horse, fix incoming (28 sept)
https://appleinsider.com/articles/21/09/28/airtag-vulnerability-turns-tracker-into-trojan-horse-fix-incoming
It-attack mot aktietjänst – krävs på pengar (28 sept)
https://www.dn.se/ekonomi/it-attack-mot-aktietjanst-kravs-pa-pengar/
NSA, CISA Release Guidance on Selecting and Hardening Remote Access VPNs (28 sept)
https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/2791320/nsa-cisa-release-guidance-on-selecting-and-hardening-remote-access-vpns/
Hotbilden mot dricksvatten-och livsmedelsområdet (28 sept)
https://www.livsmedelsverket.se/globalassets/publikationsdatabas/broschyrer-foldrar/slv-hotbilden-mot-dricksvatten-och-livsmedelsomradet-utskrift-2021..pdf
Cybercrime - The Other Pandemic (28 sept)
https://www.bankinfosecurity.com/blogs/cybercrime-other-pandemic-p-3120
How nation-state attackers like NOBELIUM are changing cybersecurity (28 sept)
https://www.microsoft.com/security/blog/2021/09/28/how-nation-state-attackers-like-nobelium-are-changing-cybersecurity/
Gopher, The Competing Standard To WWW In The ’90s Is Still Worth Checking Out (28 sept)
https://hackaday.com/2021/09/28/gopher-the-competing-standard-to-www-in-the-90s-is-still-worth-checking-out/
Around the world with the NSA’s cyber chief (29 sept)
https://therecord.media/around-the-world-with-the-nsas-cyber-chief/
Cyberespionage Implant Delivered via Targeted Government DNS Hijacking (29 sept)
https://www.securityweek.com/cyberespionage-implant-delivered-targeted-government-dns-hijacking
This dangerous mobile Trojan has stolen a fortune from over 10 million victims (29 sept)
https://www.zdnet.com/article/this-dangerous-mobile-trojan-has-stolen-a-fortune-from-over-10-million-victims-worldwide/
Kraken Security Labs Identifies Vulnerabilities In Commonly Used Bitcoin ATM (29 sept)
https://blog.kraken.com/post/11263/kraken-security-labs-identifies-vulnerabilities-in-commonly-used-bitcoin-atm/
Russia detains cyber-security tycoon Ilya Sachkov in treason case (29 sept)
https://www.bbc.com/news/world-europe-58738952
Hackare är missnöjda med hackargruppen Revil (29 sept)
https://computersweden.idg.se/2.2683/1.756518/hackare-ar-missnojda-med-hackargruppen-revil
Opportunities for Women in Cybersecurity (29 sept)
https://www.csoonline.com/article/3635132/opportunities-for-women-in-cybersecurity.html
Ransomware attack disrupts hundreds of bookstores across France, Belgium, and the Netherlands (30 sept)
https://therecord.media/ransomware-attack-disrupts-hundreds-of-bookstores-across-france-belgium-and-the-netherlands/
Revealed: How to steal money from victims’ contactless Apple Pay wallets (30 sept)
https://www.theregister.com/2021/09/30/apple_pay_contactless_visa_fraud/
RansomEXX, Fixing Corrupted Ransom (30 sept)
https://medium.com/proferosec-osm/ransomexx-fixing-corrupted-ransom-8e379bcaf701
Why the cybersecurity industry should treat civil society as critical infrastructure (30 sept)
https://therecord.media/why-the-cybersecurity-industry-should-treat-civil-society-as-critical-infrastructure/
Google startar buggjägarprogram för Tsunami Security Scanner (30 sept)
https://computersweden.idg.se/2.2683/1.756548/google-startar-buggjaktsprogram-for-tsunami-security-scanner
Congress demands briefing from FBI on decision not to share Kaseya decryption keys (30 sept)
https://www.zdnet.com/article/congress-demands-briefing-from-fbi-on-decision-not-to-share-kaseya-decryption-keys/
ESET Threat Report T2 2021 (30 sept)
https://www.welivesecurity.com/2021/09/30/eset-threat-report-t22021/
Kaspersky research shows top targets of cyber criminals in Africa (30 sept)
https://www.itweb.co.za/content/mQwkoq6Pd2Y73r9A/pXnWJadMba7bjO1e
Baby’s Death Alleged to Be Linked to Ransomware (30 sept)
https://threatpost.com/babys-death-linked-ransomware/175232/
Join us in October for #CyberSecMonth 2021 (1 okt)
https://cybersecuritymonth.eu/
More Than 90% of Q2 Malware Was Hidden in Encrypted Traffic (1 okt)
https://www.darkreading.com/perimeter/more-than-90-of-q2-malware-was-hidden-in-encrypted-traffic
This malware pretends to be Amnesty International protection from Pegasus (1 okt)
https://www.techradar.com/news/this-malware-pretends-to-be-amnesty-international-protection-from-pegasus
Informationssäkerhet och blandat
Polis döms för flera fall av dataintrång (26 sept)
https://sverigesradio.se/artikel/polis-doms-for-flera-fall-av-dataintrang
Portpass app may have exposed hundreds of thousands of users’ personal data (28 sept)
https://www.cbc.ca/news/canada/calgary/portpass-privacy-breach-1.6191749
Check What Information Your Browser Leaks (28 sept)
https://www.schneier.com/blog/archives/2021/09/check-what-information-your-browser-leaks.html
5 Personal Cyber Security Tips (29 sept)
https://www.hackread.com/5-personal-cyber-security-tips/
The Rise of One-Time Password Interception Bots (29 sept)
https://krebsonsecurity.com/2021/09/the-rise-of-one-time-password-interception-bots/