CERT-SE:s veckobrev v.27
I veckan som gick var det tre år sedan NotPetya härjade i it-system världen över, säkerligen hektiska dagar för många läsare. Veckans länksamling tittar bland annat på vilka lärdomar som kan dras från NotPetya, men även senaste nytt om diverse ransomware, botnät och cyberangrepp.
Trevlig helg önskar CERT-SE!
Nyheter i veckan
LG Electronics allegedly hit by Maze ransomware attack (25 jun) https://www.bleepingcomputer.com/news/security/lg-electronics-allegedly-hit-by-maze-ransomware-attack/
Critical Bugs and Backdoor Found in GeoVision’s Fingerprint and Card Scanners (25 jun) https://thehackernews.com/2020/06/geovision-scanner-vulnerabilities.html
DDoS botnet coder gets 13 months in prison (26 jun) https://www.zdnet.com/article/ddos-botnet-coder-gets-13-months-in-prison/
US Local Government Services Targeted by New Magecart Credit Card Skimming Attack (26 jun) https://blog.trendmicro.com/trendlabs-security-intelligence/us-local-government-services-targeted-by-new-magecart-credit-card-skimming-attack/
NotPetya attack - three years on, what have we learned? (27 jun) https://www.techradar.com/news/notpetya-attack-three-years-on-what-have-we-learned
DDoS Malware is Infecting Docker Servers in Unusual Attacks (27 jun) https://koddos.net/blog/ddos-malware-is-infecting-docker-servers-in-unusual-attacks/
This new botnet has recruited an army of Windows devices (27 jun) https://www.techradar.com/news/this-new-botnet-has-recruited-an-army-of-windows-devices
Ransomware is now your biggest online security nightmare. And it’s about to get worse (28 jun) https://www.zdnet.com/article/ransomware-is-now-your-biggest-online-security-nightmare-and-its-about-to-get-worse/
Apple strong-arms entire CA industry into one-year certificate lifespans (28 jun)
https://www.zdnet.com/article/apple-strong-arms-entire-ca-industry-into-one-year-certificate-lifespans/
..
https://support.apple.com/en-us/HT211025
..
https://chromium.googlesource.com/chromium/src/+/ae4d6809912f8171b23f6aa43c6a4e8e627de784
..
https://chromium-review.googlesource.com/c/chromium/src/+/2258690/2/net/docs/certificate_lifetimes.md
How hackers extorted $1.14m from University of California, San Francisco (29 jun) https://www.bbc.com/news/technology-53214783
Evil Corp’s latest ransomware project spreading fast (29 jun) https://www.computerweekly.com/news/252485331/Evil-Corps-latest-ransomware-project-spreading-fast
One Letter Away: Impersonation, Bitcoin, and Phishing Expeditions (29 jun) https://blog.knowbe4.com/one-letter-away-impersonation-bitcoin-and-phishing-expeditions
Beware “secure DNS” scam targeting website owners and bloggers (29 jun)
https://nakedsecurity.sophos.com/2020/06/29/beware-secure-dns-scam-targeting-website-owners-and-bloggers/
..
https://www.bleepingcomputer.com/news/security/clever-phishing-scam-targets-websites-with-free-dnssec-offer/
ETSI issues New White Paper on Artificial Intelligence (29 jun)
https://www.etsi.org/newsroom/news/1788-2020-06-etsi-issues-new-white-paper-on-artificial-intelligence
..
https://www.etsi.org/images/files/ETSIWhitePapers/etsi_wp34_Artificial_Intellignce_and_future_directions_for_ETSI.pdf
System hardening in Android 11 (30 jun) https://security.googleblog.com/2020/06/system-hardening-in-android-11.html
New Mac ransomware spreading through piracy (30 jun)
https://blog.malwarebytes.com/mac/2020/06/new-mac-ransomware-spreading-through-piracy/
..
https://www.zdnet.com/article/new-evilquest-ransomware-discovered-targeting-macos-users/
Brute-Force Attacks Targeting RDP on the Rise (30 jun) https://www.govinfosecurity.com/brute-force-attacks-targeting-rdp-on-rise-a-14531
Google removes 25 Android apps caught stealing Facebook credentials (30 jun) https://www.zdnet.com/article/google-removes-25-android-apps-caught-stealing-facebook-credentials/
Ransomware attacks are increasing, do you have an emergency plan in place? (1 jul) https://www.helpnetsecurity.com/2020/07/01/ransomware-emergency-plan/
Securing the International IoT Supply Chain (1 jul)
https://www.schneier.com/blog/archives/2020/07/securing_the_in_1.html
..
https://www.atlanticcouncil.org/in-depth-research-reports/report/the-reverse-cascade-enforcing-security-on-the-global-iot-supply-chain/
TrickBot malware now checks screen resolution to evade analysis (1 jul) https://www.bleepingcomputer.com/news/security/trickbot-malware-now-checks-screen-resolution-to-evade-analysis/
Surge of MongoDB ransom attacks use GDPR as extortion leverage (2 jul) https://www.bleepingcomputer.com/news/security/surge-of-mongodb-ransom-attacks-use-gdpr-as-extortion-leverage/
Alina POS malware now using DNS tunnelling to steal payment cards data (2 jul) https://www.computing.co.uk/news/4017274/alina-pos-malware-dns-tunnelling-steal-payment-cards
Critical Apache Guacamole Flaws Put Remote Desktops at Risk of Hacking (2 jul)
https://thehackernews.com/2020/07/apache-guacamole-hacking.html
..
https://research.checkpoint.com/2020/apache-guacamole-rce/
Tillsyn och föreskrifter på remiss inom ramen för NIS (2 jul) https://www.energimyndigheten.se/nyhetsarkiv/2020/energimyndigheten-paborjar-tillsyn-och-skickar-ut-remiss-inom-nis/
How Police Secretly Took Over a Global Phone Network for Organized Crime (2 jul) https://www.vice.com/en_us/article/3aza95/how-police-took-over-encrochat-hacked
Informationssäkerhet och blandat
Cybercrime Infrastructure Never Really Dies (23 jun) https://www.darkreading.com/attacks-breaches/cybercrime-infrastructure-never-really-dies/d/d-id/1338154
The Unintended Harms of Cybersecurity (26 jun)
https://www.schneier.com/blog/archives/2020/06/the_unintended_.html
..
https://www.cl.cam.ac.uk/~ytc36/Identifying_Unintended_Harms.pdf
A Popular Study Tool Accidentally Exposed Millions Of Student Records (28 jun) https://www.forbes.com/sites/leemathews/2020/06/28/oneclass-accidentally-exposed-millions-of-student-records/#12f64de3f901
Svenska notan för cyberangrepp i år: 20 miljarder (29 jun) https://www.nyteknik.se/sakerhet/svenska-notan-for-cyberangrepp-i-ar-20-miljarder-6997884
Federal funding for ‘threat intelligence platform’ to defend against cyber attacks (29 jun) https://www.9news.com.au/national/australian-cyber-security-aushield-defend-platform-for-firms-to-boost-cyber-defences/aa17c6e6-3033-4936-af34-93bfa802d2b5?
Kraftig ökning av attacker mot Remote Desktop i pandemins spår (30 jun) https://techworld.idg.se/2.2524/1.736779/kraftig-okning-av-attacker-mot-remote-desktop-i-pandemins-spar
Apple Watch’s planned handwashing reminder feature? I don’t trust it (30 jun) https://www.computerworld.com/article/3564266/apple-watchs-planned-handwashing-reminder-feature-i-dont-trust-it.html
Keep the lights on: Three things power companies need to do to harden cybersecurity defenses (1 jul) https://www.techrepublic.com/article/keep-the-lights-on-three-things-power-companies-need-to-do-to-harden-cybersecurity-defenses/
How You Can Write Better Threat Reports (1 jul) https://zeltser.com/write-better-threat-reports/
The next cybersecurity headache: Employees know the rules but just don’t care (1 jul) https://www.techrepublic.com/article/the-next-cybersecurity-headache-employees-know-the-rules-but-just-dont-care/
Another COVID-19 Side Effect: Rising Nation-State Cyber Activity (1 jul) https://www.darkreading.com/vulnerabilities—threats/another-covid-19-side-effect-rising-nation-state-cyber-activity/a/d-id/1338186
One out of every 142 passwords is ‘123456’ (1 jul) https://www.zdnet.com/article/one-out-of-every-142-passwords-is-123456/
40% of security pros say half of cyberattacks bypass their WAF (2 jul) https://www.helpnetsecurity.com/2020/07/02/cyberattacks-bypass-waf/
Key cybersecurity industry challenges in the next five years (2 jul) https://www.helpnetsecurity.com/2020/07/02/key-cybersecurity-industry-challenges/
CERT-SE i veckan
Kritisk sårbarhet i F5 Networks BIG-IP