CERT-SE:s veckobrev v.25

Veckobrev

Allt från nya tjuvlyssnarknep till cyberattack-thrillers denna vecka. Se även annonsen om att CERT-SE söker en ny medarbetare till desken, tipsa gärna om detta i ditt nätverk. Trevlig midsommarhelg!

Nyheter i veckan

Real-Time Passive Sound Recovery from Light Bulb Vibrations (8 jun) https://www.nassiben.com/lamphone

‘Highly Active’ APT Group Targeting Microsoft Office, Outlook (11 jun) https://www.darkreading.com/attacks-breaches/highly-active-apt-group-targeting-microsoft-office-outlook/d/d-id/1338061

Zoom shuts accounts of activists holding Tiananmen Square and Hong Kong events (11 jun) https://www.theguardian.com/technology/2020/jun/11/zoom-shuts-account-of-us-based-rights-group-after-tiananmen-anniversary-meeting

Attacks On Critical Infrastructure Now ‘More Targeted’ (15 jun) https://www.silicon.co.uk/workspace/attacks-critical-infrastructure-345728

This dangerous new keylogger could change the entire malware space (15 jun) https://www.techradar.com/news/this-dangerous-new-keylogger-could-change-the-entire-malware-space

Intel CET Answers Call to Protect Against Common Malware Threats (15 jun) https://newsroom.intel.com/editorials/intel-cet-answers-call-protect-common-malware-threats/

Magecart Hackers Hit Claire’s, Intersport (15 jun) https://www.securityweek.com/magecart-hackers-hit-claires-intersport

Race to the Cloud: Can Security Keep Pace With Adoption? (17 jun) https://www.bankinfosecurity.com/race-to-cloud-security-keep-pace-adoption-a-14450

Akamai, Amazon Mitigate Massive DDoS Attacks (17 jun) https://www.securityweek.com/akamai-amazon-mitigate-massive-ddos-attacks

From the crew behind the Sony Pictures hack comes Operation Interception: An aerospace cyber-attack thriller (17 jun) https://www.theregister.com/2020/06/17/eset_lazarus_group_euro_aerospace_targets/

Odd Protest-Themed Spam Messages Targeted Atlanta Police Foundation (17 jun) https://www.tripwire.com/state-of-security/security-data-protection/odd-protest-themed-spam-messages-targeted-atlanta-police-foundation

Virtually no mobile phone app is safe from data theft: report (17 jun) https://www.scmagazine.com/home/security-news/virtually-no-mobile-phone-app-is-safe-from-data-theft-report/

Passwordless Authentication: Will remote work accelerate the journey? (17 jun) https://www.rsa.com/en-us/blog/2020-06/passwordless-authentication–will-remote-work-accelerate-the-jou

Elitstyrka inom CIA utvecklade hackarverktyg – sen läckte de på nätet (17 jun) https://techworld.idg.se/2.2524/1.736275/cia-hackarverktyg-lackt

Informationssäkerhet och blandat

Hackarnas mål i coronatider: den pressade vården (13 jun) https://www.svt.se/nyheter/hackarnas-mal-i-coronatider-den-pressade-varden

Delivery Hero Confirms Foodora Data Breach (15 jun) https://www.govinfosecurity.com/delivery-hero-confirms-foodora-data-breach-a-14435

Attacks On Critical Infrastructure Now ‘More Targeted’ (15 jun) https://www.silicon.co.uk/workspace/attacks-critical-infrastructure-345728

CIA Finds It Failed to Secure Its Own Systems (16 jun) https://www.inforisktoday.com/report-cia-failed-to-secure-its-own-systems-a-14449

TA505 returns with a new bag of tricks (16 jun) https://www.telekom.com/en/blog/group/article/cybersecurity-ta505-returns-with-a-new-bag-of-tricks-602104

How Business Email Compromise attacks pose a threat to organizations (17 jun) https://www.techrepublic.com/article/how-business-email-compromise-attacks-pose-a-threat-to-organizations

Cybercriminals unleash diverse wave of attacks on COVID-19 vaccine researchers (17 jun) https://www.techrepublic.com/article/cybercriminals-unleash-diverse-wave-of-attacks-on-covid-19-vaccine-researchers/

Zoom Will Be End-to-End Encrypted for All Users (17 jun) https://www.schneier.com/blog/archives/2020/06/zoom_will_be_en.html

Information security spending growth to slow in 2020 (17 jun) https://www.itproportal.com/news/information-security-spending-growth-to-slow-in-2020/

When Security Takes a Backseat to Productivity (17 jun) https://krebsonsecurity.com/2020/06/when-security-takes-a-backseat-to-productivity/

Cyberattackers raising stakes in financial sector, security experts tell House subcommittee (17 jun) https://www.scmagazine.com/home/finance/cyberattackers-raising-stakes-in-financial-sector-security-experts-tell-house-subcommittee/

Cyber snoops targeted aerospace, defense employees with fake job offers on LinkedIn (17 jun) https://www.scmagazine.com/home/security-news/apts-cyberespionage/cyber-snoops-targeted-aerospace-defense-employees-with-fake-job-offers-on-linkedin/

CERT-SE i veckan

Flera kritiska sårbarheter i Cisco-produkter

Kritiska zero day-sårbarheter i TCP/IP-stack (Ripple20)

Kritisk sårbarhet i Adobe Flash Player