CERT-SE:s veckobrev v.26

Veckobrev

Denna heta sommarvecka rapporteras det bland annat om en rekordstor DDoS-attack och nya ransomware, men även om hur framtidens cybersäkerhet kan komma att se ut, i spåren efter Corona-pandemin.

Vi påminner också om att vi söker fler medarbetare, tipsa gärna om dessa jobbannonser.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Security surprise: Four zero-days spotted in attacks on researchers’ fake networks (19 jun) https://www.zdnet.com/article/security-four-zero-day-attacks-spotted-in-attacks-against-honeypot-systems/

Adobe Prompts Users to Uninstall Flash Player As EOL Date Looms (22 jun) https://threatpost.com/adobe-prompts-users-to-uninstall-flash-player-as-eol-date-looms/156794/

Black hat SEO and You Won (22 jun) https://english.ncsc.nl/latest/weblog/weblog/2020/black-hat-seo-and-you-won

New macOS malware spreading through Google search results (22 jun) https://www.macworld.co.uk/news/mac-software/new-malware-google-results-3790719/

Over 100 New Chrome Browser Extensions Caught Spying On Users (22 jun) https://thehackernews.com/2020/06/chrome-browser-extensions-spying.html

Crooks abuse Google Analytics to conceal theft of payment card data (22 jun) https://arstechnica.com/information-technology/2020/06/google-analytics-trick-allows-crooks-to-hide-card-skimming/ ..
https://securelist.com/web-skimming-with-google-analytics/97414/

Shadow IT: It’s a bigger threat than you think (23 jun) https://www.techrepublic.com/article/shadow-it-its-a-bigger-threat-than-you-think/

A daily average of 80,000 printers exposed online via IPP (23 jun) https://securityaffairs.co/wordpress/105120/hacking/80000-printers-exposed-online-ipp.html

US government websites get HTTPS security boost (23 jun) https://www.itproportal.com/news/us-government-websites-get-https-security-boost/

European victims refuse to bow to Thanos ransomware (23 jun) https://www.bleepingcomputer.com/news/security/european-victims-refuse-to-bow-to-thanos-ransomware/

CryptoCore hacker group has stolen more than $200m from cryptocurrency exchanges (24 jun) https://www.zdnet.com/article/cryptocore-hacker-group-has-stolen-more-than-200m-from-cryptocurrency-exchanges/ ..
https://www.bankinfosecurity.com/hacker-group-stole-200-million-from-cryptocurrency-exchanges-a-14506 ..
https://www.clearskysec.com/wp-content/uploads/2020/06/CryptoCore_Group.pdf

This sneaky malware goes to unusual lengths to cover its tracks (24 jun) https://www.zdnet.com/article/this-sneaky-malware-goes-to-unusual-lengths-to-cover-its-tracks/

New ransomware masquerades as COVID-19 contact-tracing app on your Android device (24 jun) https://www.zdnet.com/article/new-crycryptor-ransomware-masquerades-as-covid-19-contact-tracing-app-on-your-device/

Microsoft: Patch your Exchange servers, they’re under attack (25 jun) https://www.zdnet.com/article/microsoft-patch-your-exchange-servers-theyre-under-attack/

There are DDoS attacks, then there’s this 809 million packet-per-second tsunami Akamai says it just caught (25 jun) https://www.theregister.com/2020/06/25/akamai_809mpps_attack/ ..
https://securityaffairs.co/wordpress/105223/hacking/akamai-record-ddos-attack.html ..
https://blogs.akamai.com/2020/06/largest-ever-recorded-packet-per-secondbased-ddos-attack-mitigated-by-akamai.html

Identifiera beacons (bakdörrstrafik) med RITA (25 jun) https://kryptera.se/identifiera-beacons-bakdorrstrafik-med-rita/

Duration of application DDoS attacks increasing, some go on for days (25 jun) https://www.helpnetsecurity.com/2020/06/25/application-ddos-attacks/

Most malware in Q1 2020 was delivered via encrypted HTTPS connections (25 jun) https://www.helpnetsecurity.com/2020/06/25/encrypted-malware/ ..
https://www.watchguard.com/wgrd-resource-center/security-report

Pandemiperspektiv: Vi talar men vem lyssnar? (25 jun) https://www.foi.se/nyheter-och-press/nyheter/2020-06-25-pandemiperspektiv-vi-talar-men-vem-lyssnar.html

Informationssäkerhet och blandat

What Will Cybersecurity’s ‘New Normal’ Look Like? (19 jun) https://www.darkreading.com/theedge/what-will-cybersecuritys-new-normal-look-like/b/d-id/1338134

Activists publish 269GB of hacked US police force data (22 jun) https://www.itpro.co.uk/security/data-breaches/356169/blueleaks-activists-publish-269gb-of-hacked-us-police-force-data

State of Insider Data Breaches in 2020 (23 jun) https://www.tripwire.com/state-of-security/featured/state-insider-data-breaches-2020/

Will China hackers target Indian businesses next? (24 jun) https://techwireasia.com/2020/06/will-china-hackers-target-indian-businesses-next/

Over 230K Indonesian COVID-19 Patients’ Records Exposed on Darknet (24 jun) https://cisomag.eccouncil.org/indonesian-patients-data-leak/

”Vi är mer drabbade än vi tror” (24 jun) https://www.svt.se/nyheter/svtforum/de-digitala-hoten-mot-sverige

Ex-CIA exec: Covid-19 has created ideal ‘crisis’ conditions for malicious hackers (24 jun) https://www.scmagazine.com/infosec-world-2020/ex-cia-exec-covid-19-has-created-ideal-crisis-conditions-for-attackers/

Så hackas Sverige (24 jun) https://www.voister.se/artikel/2020/06/sa-hackas-sverige/

With regard to industrial cyber, we can no longer hide our heads in the sand (25 jun) https://www.helpnetsecurity.com/2020/06/25/industrial-cyber-we-can-no-longer-hide

Cyber Threat Bulletin: Impact of COVID-19 on Cyber Threats to the Health Sector (25 jun) https://cyber.gc.ca/en/guidance/cyber-threat-bulletin-impact-covid-19-cyber-threats-health-sector