CERT-SE:s veckobrev v.1

Veckobrev

Årets första veckobrev innehåller en härlig samling nyheter från CERT-SE:s omvärldsbevakning och minst lika härliga önskningar om en god fortsättning på 2020!

Nyheter i veckan

U.S. Navy bans TikTok from government-issued mobile devices (21 dec)
https://www.reuters.com/article/us-usa-tiktok-navy/u-s-navy-bans-tiktok-from-government-issued-mobile-devices-idUSKBN1YO2HU

Facebook stänger hundratals konton - spred Trump-propaganda (22 dec)
https://www.svt.se/nyheter/utrikes/facebook-stanger-hundratals-konton-for-trump-propaganda

Ransomware Hits Maastricht University, All Systems Taken Down (27 dec)
https://www.bleepingcomputer.com/news/security/ransomware-hits-maastricht-university-all-systems-taken-down/

Ryssland föreslår konvention mot cyberbrottslighet (28 dec)
https://sverigesradio.se/sida/artikel.aspx?programid=83&artikel=7375530

IoT vendor Wyze confirms server leak (29 dec)
https://www.zdnet.com/article/iot-vendor-wyze-confirms-server-leak/

Microsoft says North Korea-based hackers were stealing sensitive information (30 dec)
https://www.cnbc.com/2019/12/31/microsoft-says-north-korea-based-hackers-stealing-sensitive-information.html

Allvarligt dataavbrott drabbade sjukhusen i Satakunta (30 dec)
https://svenska.yle.fi/artikel/2019/12/30/allvarligt-dataavbrott-drabbade-sjukhusen-i-satakunta

Brazil fines Facebook $1.6 million for improper sharing of user data (30 dec)
https://www.reuters.com/article/us-facebook-brazil-fine-idUSKBN1YY0VK

US Coast Guard discloses Ryuk ransomware infection at maritime facility (30 dec)
https://www.zdnet.com/article/us-coast-guard-discloses-ryuk-ransomware-infection-at-maritime-facility/

Go read this ‘Cloud Hopper’ hacking investigation by the WSJ (31 dec)
https://www.theverge.com/2019/12/31/21044173/cloud-hopper-apt10-china-hackers

Stort IT-haveri hos polisen - stopp vid passkontroller (30 dec)
https://www.tv4.se/nyheterna/klipp/stort-it-haveri-hos-polisen-stopp-vid-passkontroller-12517669

IT-chefens tips: Lär känna fienden (31 dec)
https://www.bohuslaningen.se/ekonomi/it-chefens-tips-lär-känna-fienden-1.22094935

Här är de sämsta lösenorden 2019 (31 dec)
https://global.techradar.com/sv-se/news/har-ar-de-samsta-losenorden-2019

Webcast: Some Thoughts About the Critical Citrix ADC/Gateway Vulnerability (31 dec)
https://isc.sans.edu/diary/rss/25660

Nonprofit organization Special Olympics New York hacked and its server used to send phishing emails (31 dec)
https://securityaffairs.co/wordpress/95796/data-breach/special-olympics-new-york-hacked.html

Expert finds Starbucks API Key exposed online (1 jan)
https://securityaffairs.co/wordpress/95826/security/starbucks-api-key-exposed-online.html

Oddly specific ‘cyber attack’ hits Alaskan airline RavnAir and one plane type (2 jan)
https://www.theregister.co.uk/2020/01/02/ravnair_ransomware_dhc_dash_8/

Stabsläge på Karolinska hävt efter it-störningar (2 jan)
https://sverigesradio.se/sida/artikel.aspx?programid=103&artikel=7377513

Remote Command Execution Vulnerability Affects Many D-Link Routers (2 jan)
https://www.securityweek.com/remote-command-execution-vulnerability-affects-many-d-link-routers

CERT-SE i veckan

Uppdatering angående felaktiga utskick

Kritiska sårbarheter i Cisco Data Center Network Manager