CERT-SE:s veckobrev v.18
Nedan listar vi det viktigaste som hänt i veckan. Nyhetsflödet gällande Covid-19 är inte lika dominerande jämfört med tidigare veckor. I och med kommande långhelg bjuder CERT-SE även på lite roande läsning i form av “Software Folklore”, https://beza1e1.tuxen.de/lore/index.html
Glad Valborgshelg!
Nyheter i veckan
Defending the power grid against supply chain attacks: Part 3 – Risk management strategies for the utilities industry (22 apr) https://www.microsoft.com/security/blog/2020/04/22/defending-power-grid-against-supply-chain-attacks-3-risk-management-strategies-utilities-industry/
Web shell malware continues to evade many security tools (23 apr) https://www.helpnetsecurity.com/2020/04/23/web-shell-malware/
Domänskojaren DNS SWEDEN (25 apr) https://www.internetsweden.se/domanskojaren-dns-sweden/
“Asnarök” Trojan targets firewalls (26 apr) https://news.sophos.com/en-us/2020/04/26/asnarok/
Building a WireGuard Jail with the FreeBSD’s Standard Tools (26 apr) https://genneko.github.io/playing-with-bsd/networking/freebsd-wireguard-jail/
Shade Ransomware shuts down, releases 750K decryption keys (27 apr)
https://www.bleepingcomputer.com/news/security/shade-ransomware-shuts-down-releases-750k-decryption-keys/
..
https://github.com/shade-team/keys
How does a TCP Reset Attack work? (27 apr) https://robertheaton.com/2020/04/27/how-does-a-tcp-reset-attack-work/
Delvägledning om avlyssningsskyddade utrymmen (27 apr) https://www.sakerhetspolisen.se/ovrigt/pressrum/aktuellt/aktuellt/2020-04-27-delvagledning-om-avlyssningsskyddade-utrymmen.html
Sysmon 11 — DNS improvements and FileDelete events (28 apr) https://medium.com/falconforce/sysmon-11-dns-improvements-and-filedelete-events-7a74f17ca842
Skellefteå krafts stadsnät utsatt för “attack” – fler kan vara drabbade (29 apr) https://sverigesradio.se/sida/artikel.aspx?programid=109&artikel=7463565
Curl 7.70.0 with JSON and MQTT (29 apr) https://daniel.haxx.se/blog/2020/04/29/curl-7-77-0-with-json-and-mqtt/
SSH Tips & Tricks (29 apr) https://smallstep.com/blog/ssh-tricks-and-tips/
Corona-relaterat
Sårbarheter i samhället ökar till följd av corona (28 apr) https://www.sakerhetspolisen.se/ovrigt/pressrum/aktuellt/aktuellt/2020-04-28-sarbarheter-i-samhallet-okar-till-foljd-av-corona.html
Academics demand answers from NHS over potential data timebomb ticking inside new UK contact-tracing app (29 apr) https://www.theregister.co.uk/2020/04/29/academics_open_letter_nhs_coronavirus_app/
Informationssäkerhet och blandat
For CISOs Trying to Reduce Risk, New Research Reveals the Value of Focusing on Assets (21 apr) https://www.kennasecurity.com/blog/research-reveals-cisos-reduce-risk-with-asset-focus/
Forget Zoom: Use these private video-chatting tools, instead (21 apr) https://mashable.com/article/private-zoom-video-chat-alternatives
MITRE releases results of evaluations of 21 cybersecurity products (21 apr) https://www.mitre.org/news/press-releases/mitre-releases-results-of-evaluations-of-21-cybersecurity-products
A look at the ATM/PoS malware landscape from 2017-2019 (23 apr) https://securelist.com/atm-pos-malware-landscape-2017-2019/96750/
The Evolving Threat of Credential Stuffing (23 apr) https://www.darkreading.com/attacks-breaches/the-evolving-threat-of-credential-stuffing/a/d-id/1337567
Hackers remember the vulnerabilities we forget (24 apr) https://fe-ddis.dk/cfcs/publikationer/Documents/Investigation-report_Hackers-remember-the-vulnerabilities-we-forget.pdf
Beware of the GIF: Account Takeover Vulnerability in Microsoft Teams (27 apr) https://www.cyberark.com/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams/
Datainspektionen utfärdar sanktionsavgift mot Statens servicecenter (28 apr)
https://www.datainspektionen.se/nyheter/datainspektionen-utfardar-sanktionsavgift-mot-statens-servicecenter/
..
https://www.datainspektionen.se/globalassets/dokument/beslut/beslut-tillsyn-ssc-20200428.pdf
Troves of Zoom Credentials Shared on Hacker Forums (28 apr) https://threatpost.com/troves-of-zoom-credentials-shared-on-hacker-forums/155163/
Nine million logs of Brits’ road journeys spill onto the internet from password-less number-plate camera dashboard (28 apr) https://www.theregister.co.uk/2020/04/28/anpr_sheffield_council/
CERT-SE i veckan
Sårbarhet i Sophos XG Firewall/SFOS utnyttjas aktivt