Som du ser är vår webbplats inte anpassad för äldre webbläsare. Vi rekommenderar att du uppgraderar till en nyare webbläsare.
!!

Jobba på CERT-SE? Sök junior systemadministratör inom IT-säkerhet. Sista ansökningsdag 3 juni.

Publicerad - Veckobrev

CERT-SE:s veckobrev v.13

Veckans samling av nyheter i CERT-SE Veckobrev v. 13 fortsätter att präglas av Corona-situationen, men vi fångar som vanligt upp annat viktigt. Exempelvis kan du eller din verksamhet beröras av att ett par versioner av Windows 10 slutar supportas i år.

Trevlig läsning och trevlig helg!

Nyheter i veckan

New Mirai Variant Targets Zyxel Network-Attached Storage Devices (19 mar)
https://unit42.paloaltonetworks.com/new-mirai-variant-mukashi/

Tech Giant GE Discloses Data Breach After Service Provider Hack (23 mar)
https://www.bleepingcomputer.com/news/security/tech-giant-ge-discloses-data-breach-after-service-provider-hack/

Increasing number of false positives causing risk of alert fatigue (24 mar)
https://www.helpnetsecurity.com/2020/03/24/alert-fatigue/

'Azure appears to be full': UK punters complain of capacity issues on Microsoft's cloud (24 mar)
https://www.theregister.co.uk/2020/03/24/azure_seems_to_be_full/

HPE Warns of New Bug That Kills SSD Drives After 40,000 Hours (24 mar)
https://www.bleepingcomputer.com/news/hardware/hpe-warns-of-new-bug-that-kills-ssd-drives-after-40-000-hours/

TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany (24 mar)
https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/

HPE says firmware bug will brick some SSDs starting in October this year (24 mar)
https://www.zdnet.com/article/hpe-says-firmware-bug-will-brick-some-ssds-starting-october-this-year/

Evasive malware grows to record highs (25 mar)
https://www.itproportal.com/news/evasive-malware-grows-to-record-highs/

Dark web hosting provider hacked again -- 7,600 sites down (25 mar)
https://www.zdnet.com/article/dark-web-hosting-provider-hacked-again-7600-sites-down/

Threat Research| This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits (25 mar)
https://www.fireeye.com/blog/threat-research/2020/03/apt41-initiates-global-intrusion-campaign-using-multiple-exploits.html

Default exploited by ‘Zoom bombers’ could by used by cybercrooks (26 mar)
https://www.scmagazine.com/home/security-news/default-exploited-by-zoom-bombers-could-by-used-by-cybercrooks/

Across-the-board increase in DDoS attacks of all sizes (27 mar)
https://www.helpnetsecurity.com/2020/03/27/ddos-attacks-increase-2020/

End of service Windows 10

Revised end of service date for Windows 10, version 1709: October 13, 2020 (19 mar)
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/revised-end-of-service-date-for-windows-10-version-1709-october/ba-p/1239043#
..
Windows 10, version 1809 end of servicing on May 12, 2020 (12 feb)
https://support.microsoft.com/en-hk/help/4541558/windows-10-version-1809-end-of-servicing

Corona-relaterat

Hackers Hijack Routers’ DNS to Spread Malicious COVID-19 Apps (23 mar)
https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/

Don’t Panic: COVID-19 Cyber Threats (24 mar)
https://unit42.paloaltonetworks.com/covid19-cyber-threats/

WHO Targeted in Espionage Attempt, COVID-19 Cyberattacks Spike (24 mar)
https://threatpost.com/who-attacked-possible-apt-covid-19-cyberattacks-double/154083/

Free cybersecurity tools coming online to protect WFH staffers (24 mar)
https://www.scmagazine.com/home/security-news/news-archive/coronavirus/free-cybersecurity-tools-coming-online-to-protect-wfh-staffers/

Microsoft goes into Windows lockdown for builds from May, citing 'public health situation' (yes, the coronavirus spread) (25 mar)
https://www.theregister.co.uk/2020/03/25/microsoft_stops_windows_preview/

VPN bypass vulnerability in Apple iOS (25 mar)
https://protonvpn.com/blog/apple-ios-vulnerability-disclosure/

Cybersecurity experts come together to fight coronavirus-related hacking (26 mar)
https://www.reuters.com/article/us-coronavirus-cyber/cybersecurity-experts-come-together-to-fight-coronavirus-related-hacking-idUSKBN21D049

How hospitals can be proactive to prevent ransomware attacks (26 mar)
https://www.techrepublic.com/article/how-hospitals-can-be-proactive-to-prevent-ransomware-attacks/

Coronaviruset och digital smittspårning (27 mar)
https://www.datainspektionen.se/nyheter/coronaviruset-och-digital-smittsparning/
..
Vodafone, Deutsche Telekom, 6 other telcos to help EU track virus (25 mar)
https://www.reuters.com/article/us-health-coronavirus-telecoms-eu/vodafone-deutsche-telekom-6-other-telcos-to-help-eu-track-virus-idUSKBN21C36G

Informationskampanj| Stoppa tjuven
https://www.stoldskyddsforeningen.se/privat/stoppa-tjuven/

Keep Calm. Don’t Click.
https://cofense.com/solutions/topic/coronavirus-infocenter/
..
Infografik: https://cofense.com/wp-content/uploads/2020/03/Coronavirus-Scams_Infographic.pdf

Informationssäkerhet och blandat

Locked-Down Lawyers Warned Alexa Is Hearing Confidential Calls (20 mar)
https://www.bloomberg.com/news/articles/2020-03-20/locked-down-lawyers-warned-alexa-is-hearing-confidential-calls

Ny funktionalitet stoppar intrång i flervägsnätverk (25 mar)
https://www.kau.se/nyheter/ny-funktionalitet-stoppar-intrang-i-flervagsnatverk

Demokratin hotas från flera håll (26 mar)
https://www.sakerhetspolisen.se/ovrigt/pressrum/aktuellt/aktuellt/2020-03-26-demokratin-hotas-fran-flera-hall.html
..
Säkerhetspolisen 2019: https://www.sakerhetspolisen.se/publikationer/om-sakerhetspolisen/sakerhetspolisen-2019.html

Säkerhet i en framtid för IoT baserad på 5G (26 mar)
https://it-kanalen.se/sakerhet-i-en-framtid-for-iot-baserad-pa-5g/

CERT-SE i veckan

Kritiska sårbarheter i Windows