CERT-SE:s veckobrev v.46

Vad kan vara bättre i höstmörkret än en upplysande laddning veckobrevslänkar? Kolla era Exchange-servrar.

Trevlig helg!

Nyheter i veckan

HTML smuggling surges: Highly evasive loader technique increasingly used in banking malware, targeted attacks (11 nov)
https://www.microsoft.com/security/blog/2021/11/11/html-smuggling-surges-highly-evasive-loader-technique-increasingly-used-in-banking-malware-targeted-attacks/

On the Watch for Incident Response Capabilities in the Health Sector (11 nov)
https://www.enisa.europa.eu/news/enisa-news/on-the-watch-for-incident-response-capabilities-in-the-health-sector .. Report: https://www.enisa.europa.eu/publications/csirt-capabilities-in-healthcare-sector

Cyberattack slår ut klädmärket Acne Studios (12 nov)
https://www.dn.se/sverige/cyberattack-slar-ut-kladmarket-acne-studios/

Expertblogs | Terugblik: NCSC stuit op internationaal crimineel netwerk (12 nov)
https://www.ncsc.nl/actueel/weblog/weblog/2021/terugblik-ncsc-stuit-op-internationaal-crimineel-netwerk .. Report: Investigation ‘Bonfire’: https://www.ncsc.nl/binaries/ncsc/documenten/rapporten/2021/november/12/bonfire-report-4.1/Bonfire+report+4.1+.pdf

FBI Statement on Incident Involving Fake Emails (13 nov)
https://www.fbi.gov/news/pressrel/press-releases/fbi-statement-on-incident-involving-fake-emails .. Hoax Email Blast Abused Poor Coding in FBI Website (13 nov)
https://krebsonsecurity.com/2021/11/hoax-email-blast-abused-poor-coding-in-fbi-website/

Cloudflare blocks an almost 2 Tbps multi-vector DDoS attack (13 nov)
https://blog.cloudflare.com/cloudflare-blocks-an-almost-2-tbps-multi-vector-ddos-attack/

IoT Protocol Used by NASA, Siemens and Volkswagen Can Be Exploited by Hackers (15 nov)
https://www.securityweek.com/iot-protocol-used-nasa-siemens-and-volkswagen-can-be-exploited-hackers

ProxyShell leads to domain-wide ransomware attack (15 nov)
https://www.techtarget.com/searchsecurity/news/252509511/ProxyShell-leads-to-domain-wide-ransomware-attack

Emotet botnet returns after law enforcement mass-uninstall operation (15 nov)
https://therecord.media/emotet-botnet-returns-after-law-enforcement-mass-uninstall-operation/ .. Emotet, once the world’s most dangerous malware, is back (16 nov)
https://www.zdnet.com/article/emotet-once-the-worlds-most-dangerous-malware-is-back/ .. Lock up your Office macros: Emotet botnet back from the dead with Trickbot links (16 nov) https://www.theregister.com/2021/11/16/emotet_botnet_rappears/

New banking Trojan SharkBot makes waves across Europe, US (16 nov)
https://www.zdnet.com/article/new-banking-trojan-sharkbot-makes-waves-across-europe/

New Federal Government Cybersecurity Incident and Vulnerability Response Playbooks (16 nov)
https://us-cert.cisa.gov/ncas/current-activity/2021/11/16/new-federal-government-cybersecurity-incident-and-vulnerability

The inside story of ransomware repeatedly masquerading as a popular JS library for Roblox gamers (16 nov)
https://www.theregister.com/2021/11/16/nobloxjs_typosquatting_discord/

Vaccine research among cyber attack targets (17 nov)
https://www.bbc.com/news/uk-59315232

Cyberwar’s global players—it’s not always Russia or China (18 nov)
https://www.csoonline.com/article/3640406/cyberwars-global-players-its-not-always-russia-or-china.html

Memento ransomware gang quick to retool for ‘optimum’ outcome (18 nov)
https://www.computerweekly.com/news/252509698/Memento-ransomware-gang-quick-to-retool-for-optimum-outcome

Dark web crooks are now teaching courses on how to build botnets (18 nov)
https://www.zdnet.com/article/college-for-cyber-criminals-dark-web-crooks-are-teaching-courses-on-how-to-build-botnets/

Omfattande IT-haveri för sjukhus, taxi och domstolar (19 nov)
https://www.expressen.se/nyheter/it-haveri-hos-sveriges-domstolar/

Informationssäkerhet och blandat

The United States Supports the Paris Call for Trust and Security in Cyberspace (10 nov)
https://www.state.gov/the-united-states-supports-the-paris-call-for-trust-and-security-in-cyberspace/

30 000 hemliga nummer läckte från Telia (11 nov)
https://www.svt.se/nyheter/inrikes/teknikstrul-hos-telia-hemliga-nummer-har-varit-sokbara

How to Hire — and Retain — Effective Threat Hunters (12 nov)
https://www.darkreading.com/careers-and-people/how-to-hire-and-retain-effective-threat-hunters

GAO says confusion over responsibilities has left schools vulnerable to cyber attacks (12 nov)
https://therecord.media/gao-says-confusion-over-responsibilities-has-left-schools-vulnerable-to-cyber-attacks/CISA warns of equipment vulnerabilities from multiple vendors (12 nov) https://www.zdnet.com/article/cisa-warns-of-vulnerabilities-in-multiple-industrial-control-products/ .. CISA Releases Advisory on Vulnerabilities in Multiple Data Distribution Service Implementations (12 nov) https://us-cert.cisa.gov/ncas/current-activity/2021/11/12/cisa-releases-advisory-vulnerabilities-multiple-data-distributionIT-spionerade på bekanta – polis får sparken (15 nov) https://norrahalland.se/nyheter/it-spionerade-paa-bekanta-polis-faar-sparken/27415The US government just launched a big push to fill cybersecurity jobs, with salaries to match (16 nov) https://www.zdnet.com/article/the-us-government-just-launched-a-big-push-to-fill-cybersecurity-jobs-with-salaries-to-match/Why I Hate Password Rules (16 nov) https://www.schneier.com/blog/archives/2021/11/why-i-hate-password-rules.htmlPrivacy Report: What Android Does In The Background (18 nov) https://hackaday.com/2021/11/18/privacy-report-what-android-does-in-the-background/These are the worst passwords of 2021, so stop using them ASAP (18 nov) https://bgr.com/tech/these-are-the-worst-passwords-of-2021-so-stop-using-them-asap/Cyber Defenders Should Prepare for Holiday Ransomware Attacks (18 nov) https://www.securityweek.com/cyber-defenders-should-prepare-holiday-ransomware-attacksDigital samarbetsplattform - det finns lämpliga och lagliga alternativ för offentlig sektor (18 nov) https://www.esamverka.se/aktuellt/nyheter/nyheter/2021-11-18-digital-samarbetsplattform—det-finns-lampliga-och-lagliga-alternativ-for-offentlig-sektor.html .. Rapport: https://www.esamverka.se/download/18.a9fb3aa17ce4b6615c5e891/1637154585411/Digital%20samarbetsplattform%20f%C3%B6r%20offentlig%20sektor.pdf?fbclid=IwAR1uLmyKgz4f3X8LeN5cHCJvJDvFBDsyLXxdTcAzKAaoTwsorDSJpj8E9NUNew Federal Government Cybersecurity Incident and Vulnerability Response Playbooks (16 nov) https://us-cert.cisa.gov/ncas/current-activity/2021/11/16/new-federal-government-cybersecurity-incident-and-vulnerability .. Playbook: https://www.cisa.gov/sites/default/files/publications/Federal_Government_Cybersecurity_Incident_and_Vulnerability_Response_Playbooks_508C.pdfDina dåliga lösenord kan leda till fullskaligt krig (17 nov) https://www.svd.se/darfor-kan-dina-daliga-losenord-leda-till-fullskaligt-krigNCSC Annual Review 2021 https://www.ncsc.gov.uk/collection/ncsc-annual-review-2021 .. Report: https://www.ncsc.gov.uk/files/NCSC%20Annual%20Review%202021.pdf

CERT-SE i veckan

BM21-003: Ny attackmetod i MS Exchange kan leda till ransomware (uppdaterad 2021-11-16)