Som du ser är vår webbplats inte anpassad för äldre webbläsare. Vi rekommenderar att du uppgraderar till en nyare webbläsare.

Uppdaterad | Publicerad - Veckobrev

CERT-SE:s veckobrev v.18

Nedan listar vi det viktigaste som hänt i veckan. Nyhetsflödet gällande Covid-19 är inte lika dominerande jämfört med tidigare veckor. I och med kommande långhelg bjuder CERT-SE även på lite roande läsning i form av "Software Folklore", https://beza1e1.tuxen.de/lore/index.html.

Glad Valborgshelg!

Nyheter i veckan

Defending the power grid against supply chain attacks: Part 3 – Risk management strategies for the utilities industry (22 apr)
https://www.microsoft.com/security/blog/2020/04/22/defending-power-grid-against-supply-chain-attacks-3-risk-management-strategies-utilities-industry/

Web shell malware continues to evade many security tools (23 apr)
https://www.helpnetsecurity.com/2020/04/23/web-shell-malware/

Domänskojaren DNS SWEDEN (25 apr)
https://www.internetsweden.se/domanskojaren-dns-sweden/

“Asnarök” Trojan targets firewalls (26 apr)
https://news.sophos.com/en-us/2020/04/26/asnarok/

Building a WireGuard Jail with the FreeBSD's Standard Tools (26 apr)
https://genneko.github.io/playing-with-bsd/networking/freebsd-wireguard-jail/

Shade Ransomware shuts down, releases 750K decryption keys (27 apr)
https://www.bleepingcomputer.com/news/security/shade-ransomware-shuts-down-releases-750k-decryption-keys/
--
https://github.com/shade-team/keys

How does a TCP Reset Attack work? (27 apr)
https://robertheaton.com/2020/04/27/how-does-a-tcp-reset-attack-work/

Delvägledning om avlyssningsskyddade utrymmen (27 apr)
https://www.sakerhetspolisen.se/ovrigt/pressrum/aktuellt/aktuellt/2020-04-27-delvagledning-om-avlyssningsskyddade-utrymmen.html

Sysmon 11 — DNS improvements and FileDelete events (28 apr)
https://medium.com/falconforce/sysmon-11-dns-improvements-and-filedelete-events-7a74f17ca842

Skellefteå krafts stadsnät utsatt för "attack" – fler kan vara drabbade (29 apr)
https://sverigesradio.se/sida/artikel.aspx?programid=109&artikel=7463565

Curl 7.70.0 with JSON and MQTT (29 apr)
https://daniel.haxx.se/blog/2020/04/29/curl-7-77-0-with-json-and-mqtt/

SSH Tips & Tricks (29 apr)
https://smallstep.com/blog/ssh-tricks-and-tips/

Corona-relaterat

Sårbarheter i samhället ökar till följd av corona (28 apr)
https://www.sakerhetspolisen.se/ovrigt/pressrum/aktuellt/aktuellt/2020-04-28-sarbarheter-i-samhallet-okar-till-foljd-av-corona.html

Academics demand answers from NHS over potential data timebomb ticking inside new UK contact-tracing app (29 apr)
https://www.theregister.co.uk/2020/04/29/academics_open_letter_nhs_coronavirus_app/

Informationssäkerhet och blandat

For CISOs Trying to Reduce Risk, New Research Reveals the Value of Focusing on Assets (21 apr)
https://www.kennasecurity.com/blog/research-reveals-cisos-reduce-risk-with-asset-focus/

Forget Zoom: Use these private video-chatting tools, instead (21 apr)
https://mashable.com/article/private-zoom-video-chat-alternatives

MITRE releases results of evaluations of 21 cybersecurity products (21 apr)
https://www.mitre.org/news/press-releases/mitre-releases-results-of-evaluations-of-21-cybersecurity-products

A look at the ATM/PoS malware landscape from 2017-2019 (23 apr)
https://securelist.com/atm-pos-malware-landscape-2017-2019/96750/

The Evolving Threat of Credential Stuffing (23 apr)
https://www.darkreading.com/attacks-breaches/the-evolving-threat-of-credential-stuffing/a/d-id/1337567

Hackers remember the vulnerabilities we forget (24 apr)
https://fe-ddis.dk/cfcs/publikationer/Documents/Investigation-report_Hackers-remember-the-vulnerabilities-we-forget.pdf

Beware of the GIF: Account Takeover Vulnerability in Microsoft Teams (27 apr)
https://www.cyberark.com/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams/

Datainspektionen utfärdar sanktionsavgift mot Statens servicecenter (28 apr)
https://www.datainspektionen.se/nyheter/datainspektionen-utfardar-sanktionsavgift-mot-statens-servicecenter/
--
https://www.datainspektionen.se/globalassets/dokument/beslut/beslut-tillsyn-ssc-20200428.pdf

Troves of Zoom Credentials Shared on Hacker Forums (28 apr)
https://threatpost.com/troves-of-zoom-credentials-shared-on-hacker-forums/155163/

Nine million logs of Brits' road journeys spill onto the internet from password-less number-plate camera dashboard (28 apr)
https://www.theregister.co.uk/2020/04/28/anpr_sheffield_council/

CERT-SE i veckan

Sårbarhet i Sophos XG Firewall/SFOS utnyttjas aktivt

Kritisk sårbarhet i FortiMail och FortiVoiceEntreprise

Säkerhetsuppdateringar från Adobe