CERT-SE:s veckobrev v.5
I veckan gjorde det kanadensiska cybersäkerhetscentret en publicering gällande en sårbarhet för fjärrexekvering av kod (RCE) som påverkar e-postserverprogramvaran OpenSMTPD. Mer information i nyheten nedan. Oron för Coronaviruset utnyttjas av cyberkriminella för att sprida malware.
Nyheter i veckan
New Ryuk Info Stealer Targets Government and Military Secrets (24 jan)
https://www.bleepingcomputer.com/news/security/new-ryuk-info-stealer-targets-government-and-military-secrets/
Webex flaw allowed anyone to join private online meetings – no password required (26 jan)
https://www.grahamcluley.com/webex-flaw-allowed-anyone-to-join-private-online-meetings-no-password-required/
InfoSec Handlers Diary Blog: Emotet epoch 1 infection with Trickbot gtag mor84 (28 jan)
https://isc.sans.edu/diary/rss/25752
OpenSMTPD Security Advisory (29 jan)
https://cyber.gc.ca/en/alerts/opensmtpd-security-advisory
United Nations Data Breach Started with Microsoft SharePoint Bug (30 jan)
https://www.darkreading.com/threat-intelligence/united-nations-data-breach-started-with-microsoft-sharepoint-bug/d/d-id/1336926
EXCLUSIVE: The cyber attack the UN tried to keep under wraps (29 jan)
https://www.thenewhumanitarian.org/investigation/2020/01/29/united-nations-cyber-attack
Uppdrag ska säkerställa rätt kompetens i Polismyndigheten mot it-relaterad brottslighet (30 jan)
https://www.regeringen.se/pressmeddelanden/2020/01/uppdrag-ska-sakerstalla-ratt-kompetens-i-polismyndigheten-mot-it-relaterad-brottslighet/
Coronavirus malware infects thousands of devices worldwide (30 jan) https://www.techradar.com/news/coronavirus-malware-detected-online
Check Point detailed two flaws in Microsoft Azure that could have allowed taking over cloud servers (30 jan)
https://securityaffairs.co/wordpress/97054/hacking/azure-cloud-infrastructure-flaws.html
Construction giant Bouygues Construction affected by a vast cyber attack (31 jan)
https://www.tellerreport.com/news/2020-01-31—construction-giant-bouygues-construction-affected-by-a-vast-cyber-attack—france-24-.Byg7-JuWGU.html
Windows Remote Desktop Gateway vulnerability
RDP to RCE: When Fragmentation Goes Wrong (18 jan)
https://www.kryptoslogic.com/blog/2020/01/rdp-to-rce-when-fragmentation-goes-wrong/
Hacker demonstrates Remote Code Execution exploit for Windows Remote Desktop Gateway (27 jan)
https://betanews.com/2020/01/27/windows-remote-desktop-gateway-rce-exploit/
Rapporter
CacheOut: Leaking Data on Intel CPUs via Cache Evictions
http://cacheoutattack.com/
Threat Report: 2020 State of the Phish Report
https://www.proofpoint.com/sites/default/files/gtd-pfpt-uk-tr-state-of-the-phish-2020-a4_final.pdf
Check Points säkerhetsrapport 2020 (22 jan)
http://www.mynewsdesk.com/se/checkpoint/documents/check-points-saekerhetsrapport-2020-93055
Informationssäkerhet och blandat
Buchbinder Car Renter Exposes Info of Over 3 Million Customers (23 jan)
https://www.bleepingcomputer.com/news/security/buchbinder-car-renter-exposes-info-of-over-3-million-customers/
Nio av tio anställda en säkerhetsrisk – kan kosta företag miljoner (24 jan)
http://press.telenor.se/pressreleases/nio-av-tio-anstaellda-en-saekerhetsrisk-kan-kosta-foeretag-miljoner-2963991
Tjuvläste kollegornas journaler på Karolinska – 266 gånger (27 jan)
https://mitti.se/nyheter/tjuvlaste-kollegornas-karolinska/
Datainspektionen publicerar rapport om klagomål som rör personsöktjänster (28 jan)
https://www.datainspektionen.se/nyheter/datainspektionen-publicerar-rapport-om-klagomal-som-ror-personsoktjanster/
Många frågetecken om Bezos ”hackade” mobil (28 jan)
https://www.dn.se/ekonomi/manga-fragetecken-om-bezos-hackade-mobil/
Läkare gjorde hundratals journalsökningar på nära anhöriga – åtalas (28 jan)
https://www.sydsvenskan.se/2020-01-27/lakare-gjorde-hundratals-journalsokningar-pa-nara-anhoriga
Huawei släpps in i brittiskt telenät (28 jan)
https://www.dn.se/ekonomi/huawei-slapps-in-i-brittiskt-telenat/
EU stoppar inte Huawei – men varnar för risker (29 jan)
https://sverigesradio.se/sida/artikel.aspx?programid=83&artikel=7394790
Svenskar vill kartlägga kunder i butiker anonymt – plockar in miljoner (29 jan)
https://digital.di.se/artikel/vill-kartlagga-kunder-i-butiker-anonymt-plockar-in-miljoner
Oklart vad som orsakade IT-haveri (29 jan)
https://sverigesradio.se/sida/artikel.aspx?programid=96&artikel=7395345
Google open-sources the firmware needed to build hardware security keys (30 jan)
https://www.zdnet.com/article/google-open-sources-the-firmware-needed-to-build-hardware-security-keys/
Trello exposed! Search turns up huge trove of private data (30 jan)
https://nakedsecurity.sophos.com/2020/01/30/trello-exposed-search-turns-up-huge-trove-of-private-data/
Apple wants to standardize the format of SMS OTPs (one-time passcodes) (30 jan)
https://www.zdnet.com/article/apple-wants-to-standardize-the-format-of-sms-otps-one-time-passcodes/
Höj säkerheten med dubbla lösenordshanterare (30 jan)
https://macworld.idg.se/2.1038/1.729816/losenordshanterare