CERT-SE:s veckobrev v.28
Senaste nytt från veckan som gått. Trevlig helg önskar CERT-SE!
Nyheter i veckan
ICS-Targeting Snake Ransomware Isolates Infected Systems Before Encryption (3 jul) https://www.securityweek.com/ics-targeting-snake-ransomware-isolates-infected-systems-encryption
New ransomware targeting Apple macOS users via pirated apps (3 jul) https://www.sify.com/finance/new-ransomware-targeting-apple-macos-users-via-pirated-apps-news-topnews-uhdmkAfidgifa.html
What is Patch Management? (3 jul) https://heimdalsecurity.com/blog/patch-management/
Kraftig ökning av MongoDB-attacker som utnyttjar GDPR (3 jul) https://techworld.idg.se/2.2524/1.736899/kraftig-okning-av-mongodb-attacker-som-utnyttjar-gdpr
Hackers Attacking Exchange Servers In New Warning From Microsoft (3 jul) https://www.neorhino.com/2020/07/03/hackers-attacking-exchange-servers-in-new-warning-from-microsoft/
The Four Phases of Offensive Security Teams (5 jul) https://securityboulevard.com/2020/07/the-four-phases-of-offensive-security-teams/
U.K. Set to Start Huawei 5G Phase-Out as Soon as This Year (5 jul) https://www.bloomberg.com/news/articles/2020-07-05/u-k-prepares-to-start-huawei-5g-phase-out-as-soon-as-this-year
Data exfiltration: The art of distancing (6 jul) https://www.helpnetsecurity.com/2020/07/06/data-exfiltration-the-art-of-distancing/
North Korean hackers linked to web skimming (Magecart) attacks, report says (6 jul) https://www.zdnet.com/article/north-korean-hackers-linked-to-web-skimming-magecart-attacks-report-says/
Credit card skimmer targets ASP.NET sites (6 jul) https://blog.malwarebytes.com/threat-analysis/2020/07/credit-card-skimmer-targets-asp-net-sites/
Phishing attack spoofs Twitter to steal account credentials (6 jul) https://www.techrepublic.com/article/phishing-attack-spoofs-twitter-to-steal-account-credentials/
Home router warning: They’re riddled with known flaws and run ancient, unpatched Linux (6 jul)
https://www.zdnet.com/article/home-router-warning-theyre-riddled-with-known-flaws-and-run-ancient-unpatched-linux/
..
https://www.fkie.fraunhofer.de/content/dam/fkie/de/documents/HomeRouter/HomeRouterSecurity_2020_Bericht.pdf
Source Code of “ArisLocker” Ransomware Appears on the Dark Web (6 jul) https://notjustnews.org/source-code-of-arislocker-ransomware-appears-on-the-dark-web/1163/
“Keeper” Magecart Group Infects 570 Sites (7 jul) https://geminiadvisory.io/keeper-magecart-group-infects-570-sites/
Purple Fox Malware Targets More Vulnerabilities (7 jul) https://www.bankinfosecurity.com/purple-fox-malware-targets-more-vulnerabilities-a-14574
Configuring IPsec Virtual Private Networks (7 jul) https://media.defense.gov/2020/Jul/02/2002355501/-1/-1/0/CONFIGURING_IPSEC_VIRTUAL_PRIVATE_NETWORKS_2020_07_01_FINAL_RELEASE.PDF
What You Don’t Understand About Crypto Can Hurt You (7 jul) https://www.govinfosecurity.com/webinars/what-you-dont-understand-about-crypto-hurt-you-w-2524
Microsoft Seizes Domains Used for COVID-19 Phishing Scam (7 jul) https://www.bankinfosecurity.com/microsoft-seizes-domains-used-for-covid-19-phishing-scam-a-14576
F5 BigIP vulnerability exploitation followed by a backdoor implant attempt (7 jul) https://isc.sans.edu/forums/diary/F5+BigIP+vulnerability+exploitation+followed+by+a+backdoor+implant+attempt/26322/
Configuring a Windows Domain to Dynamically Analyze an Obfuscated Lateral Movement Tool (7 jul) https://www.fireeye.com/blog/threat-research/2020/07/configuring-windows-domain-dynamically-analyze-obfuscated-lateral-movement-tool.html
MongoDB is subject to continual attacks when exposed to the internet (8 jul) https://www.helpnetsecurity.com/2020/07/08/mongodb-is-subject-to-continual-attacks-when-exposed-to-the-internet/
Google open-sources Tsunami vulnerability scanner (8 jul) https://www.zdnet.com/article/google-open-sources-tsunami-vulnerability-scanner/
Mozilla suspends Firefox Send service while it addresses malware abuse (7 jul)
https://www.zdnet.com/article/mozilla-suspends-firefox-send-service-while-it-addresses-malware-abuse/
..
https://nakedsecurity.sophos.com/2020/07/08/mozilla-turns-off-firefox-send-following-malware-abuse-reports/
Microsoft Launches Free Linux Forensics and Rootkit Malware Detection Service (7 jul) https://thehackernews.com/2020/07/microsoft-linux-forensics-rootkit.html
Redirect auction (8 jul) https://securelist.com/redirect-auction/96944/
More pre-installed malware has been found in budget US smartphones (9 jul) https://www.zdnet.com/article/more-pre-installed-malware-has-been-found-in-budget-us-smartphones/
APT Group Targets Fintech Companies (9 jul) https://www.bankinfosecurity.com/apt-group-targets-fintech-companies-a-14590
Digicert will shovel some 50,000 EV HTTPS certificates into the furnace this Saturday after audit bungle (10 jul) https://www.theregister.com/2020/07/10/digicert_pulls_certs/
Informationssäkerhet och blandat
Customer data from fitness firm V Shred exposed on misconfigured cloud storage (2 jul) https://siliconangle.com/2020/07/02/customer-data-fitness-company-v-shred-exposed-misconfigured-cloud-storage/
CISA warns organizations of cyberattacks from the Tor network (5 jul) https://securityaffairs.co/wordpress/105537/hacking/cisa-cyberattacks-from-tor-network.html
Review: Cybersecurity Threats, Malware Trends, and Strategies (6 jul) https://www.helpnetsecurity.com/2020/07/06/review-cybersecurity-threats-malware-trends-and-strategies/
Ju längre desto bättre - Så här skapar du ett bra lösenord (6 jul) https://www.kyberturvallisuuskeskus.fi/sv/aktuellt/anvisningar-och-guider/ju-langre-desto-battre-sa-har-skapar-du-ett-bra-losenord
False Flags in Cyber Threat Intelligence Operations (6 jul) https://medium.com/datadriveninvestor/false-flags-in-cyber-threat-intelligence-operations-6893af697080
Better cybersecurity hinges on understanding actual risks and addressing the right problems (7 jul) https://www.helpnetsecurity.com/2020/07/07/better-cybersecurity/
Exposing the privacy risks of home security cameras (7 jul)
https://www.helpnetsecurity.com/2020/07/08/privacy-risks-home-security-cameras/
..
http://www.eecs.qmul.ac.uk/~tysong/files/INFOCOM20.pdf
COVID-19 Cybercrime Capitalizing on Brazil’s Government Assistance Program (7 jul) https://securityintelligence.com/posts/covid-19-cybercrime-capitalizing-on-brazils-government-assistance-program/
Ali Baba and the forty cyberthreats (9 jul) https://www.kaspersky.com/blog/fairy-tales-ali-baba/36284/
70% of organizations experienced a public cloud security incident in the last year (9 jul) https://www.helpnetsecurity.com/2020/07/09/public-cloud-security-incident/
BYOD adoption is growing rapidly, but security is lagging (9 jul) https://www.helpnetsecurity.com/2020/07/09/byod-adoption-is-growing-rapidly-but-security-is-lagging/
Svenska företag drabbas hårt i molnet (9 jul) https://aktuellsakerhet.se/svenska-foretag-drabbas-hart-i-molnet/
Moody’s - Banks’ cyber risks rise as coronavirus accelerates digital trends and remote working (8 jul) https://markets.businessinsider.com/news/bonds/moody-s-banks-cyber-risks-rise-as-coronavirus-accelerates-digital-trends-and-remote-working-1029375217
While in Lock Down, Here’s What Fraudsters Did in Q1 2020 (9 jul) https://www.rsa.com/en-us/blog/2020-07/WhileInLockDownHeresWhatFraudstersDidInQ12020
15 billion credentials from 100,000 data breaches sold on dark web (9 jul) https://www.hackread.com/dark-web-15-billion-credentials-100000-data-breaches/
Are your fleet’s vehicles leaking your data secrets? (9 jul) https://www.scmagazine.com/home/security-news/privacy-compliance/are-your-fleets-vehicles-leaking-your-data-secrets/
Gartner warns on significant cloud security issues on the horizon (9 jul) https://www.itproportal.com/news/gartner-warns-on-major-cloud-security-issues/
CERT-SE i veckan
Ny sårbarhet i Palo Alto/PAN-OS