Som du ser är vår webbplats inte anpassad för äldre webbläsare. Vi rekommenderar att du uppgraderar till en nyare webbläsare.

Publicerad - Veckobrev

CERT-SE:s veckobrev v.35

Den här veckan samlar vi nyheter om så vitt skilda ämnen som dataintrång, kryptovalutor och strategier för 5G. Vi tipsar även möjligheten att göra ett virtuellt besök på The National Museum of Computing i Storbritannien, nu när det ändå ska regna i helgen...

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Lazarus Group: Campaign targeting the cryptocurrency vertical (18 aug)
https://www.f-secure.com/content/dam/f-secure/en/consulting/our-thinking/collaterals/digital/f-secureLABS_tlp-white-lazarus-threat-intel-report.pdf

The National Museum of Computing: 3D Virtual Tour (19 aug)
https://www.tnmoc.org/3d-virtual-tour

Lucifer’s Spawn (19 aug)
https://www.netscout.com/blog/asert/lucifers-spawn

AI ska hjälpa polisen hitta misstänkta i övervakningsfilmer (19 aug)
https://sverigesradio.se/avsnitt/1554179

The NCCC at the NSDC of Ukraine has detected signs of preparation for a large-scale coordinated attack on state authorities of Ukraine and critical infrastructure on the eve of the Independence Day (19 aug)
https://www.rnbo.gov.ua/en/Diialnist/4669.html

APT Hackers for Hire Used for Industrial Espionage (20 aug)
https://labs.bitdefender.com/2020/08/apt-hackers-for-hire-used-for-industrial-espionage/

How Four Brothers Allegedly Fleeced $19 Million From Amazon (20 aug)
https://www.wired.com/story/how-four-brothers-allegedly-fleeced-19-million-amazon/

Cryptominer Found Embedded in AWS Community AMI (21 aug)
https://www.darkreading.com/cloud/cryptominer-found-embedded-in-aws-community-ami/d/d-id/1338713

Researchers Sound Alarm Over Malicious AWS Community AMIs (21 aug)
https://threatpost.com/malicious-aws-community-amis/158555/

Chromium’s impact on root DNS traffic (21 aug)
https://blog.apnic.net/2020/08/21/chromiums-impact-on-root-dns-traffic/

A Google Drive 'Feature' Could Let Attackers Trick You Into Installing Malware (22 aug)
https://thehackernews.com/2020/08/google-drive-file-versions.html

[Heads Up] DarkSide: Sophisticated New Customized Ransomware Strain Demands Millions Of Dollars (23 aug)
https://blog.knowbe4.com/heads-up-darkside-sophisticated-new-customized-ransomware-strain-demands-million-of-dollars

Här är de tre vanligaste attackvektorerna för gisslanprogram (24 aug)
https://techworld.idg.se/2.2524/1.738498/attackvektorer-gisslanprogram

Top exploits used by ransomware gangs are VPN bugs, but RDP still reigns supreme (24 aug)
https://www.zdnet.com/article/top-exploits-used-by-ransomware-gangs-are-vpn-bugs-but-rdp-still-reigns-supreme/

Google Researcher Reported 3 Flaws in Apache Web Server Software (24 aug)
https://thehackernews.com/2020/08/apache-webserver-security.html

Triada (24 aug)
https://lab.secure-d.io/triada/

SourMint: malicious code, ad fraud, and data leak in iOS (24 aug)
https://snyk.io/blog/sourmint-malicious-code-ad-fraud-and-data-leak-in-ios/

Lifting the veil on DeathStalker, a mercenary triumvirate (24 aug)
https://securelist.com/deathstalker-mercenary-triumvirate/98177/

Identifying People by Their Browsing Histories (25 aug)
https://www.schneier.com/blog/archives/2020/08/identifying_peo_9.html
--
https://www.usenix.org/system/files/soups2020-bird.pdf

Phishing Attack Used Box to Land in Victim Inboxes (25 aug)
https://www.darkreading.com/attacks-breaches/phishing-attack-used-box-to-land-in-victim-inboxes/d/d-id/1338754

As Classes Resume, Schools Face Ransomware Risk (26 aug)
https://www.bankinfosecurity.com/as-classes-resume-schools-face-ransomware-risk-a-14895

New Zealand stock exchange hit by cyber attack for second day (26 aug)
https://www.theguardian.com/technology/2020/aug/26/new-zealand-stock-exchange-hit-by-cyber-attack-for-second-day
--
https://www.theregister.com/2020/08/27/nzx_ddos_third_day/
--
http://www.straitstimes.com/business/companies-markets/cyber-attacks-halt-new-zealand-stock-exchange-for-4th-day

Internationellt tillslag mot filmpirater – svenska servrar beslagtagna (26 aug)
https://www.dn.se/kultur/internationellt-tillslag-mot-filmpirater-svenska-servrar-beslagtagna/

Engineer admits he wiped 456 Cisco WebEx VMs from AWS after leaving the biz, derailed 16,000 Teams accounts (26 aug)
https://www.theregister.com/2020/08/26/former_cisco_engineer_aws_webex_teams/

Belarus Turned Off the Internet. Its Citizens Hot-Wired It. (26 aug)
https://gizmodo.com/belarus-turned-off-the-internet-its-citizens-hot-wired-1844853575

Is the electric grid closer to a devastating cyberattack that could mean lights out? (26 aug)
https://www.scmagazine.com/home/security-news/is-the-electric-grid-closer-to-a-devastating-cyberattack-that-could-mean-lights-out/

Dracula’s Botnet (26 aug)
https://graphika.com/posts/draculas-botnet/

Huawei mobile mast installed next to secret MI5 data centre in London has 7 years to do whatever it is Huawei does (26 aug)
https://www.theregister.com/2020/08/26/huawei_mobile_mast_secret_mi5_data_centre/

Malicious Excel Sheet with a NULL VT Score (26 aug)
https://isc.sans.edu/diary/rss/26506

Facing gender bias in facial recognition technology (27 aug)
https://www.helpnetsecurity.com/2020/08/27/facial-recognition-bias/

Svart marknadsplats på nätet kan ha försvunnit för gott (27 aug)
https://computersweden.idg.se/2.2683/1.738665/empire-market-nedplockad

DDoS extortionists target NZX, Moneygram, Braintree, and other financial services (27 aug)
https://www.zdnet.com/article/ddos-extortionists-target-nzx-moneygram-braintree-and-other-financial-services/

Dataguise unveils method for enterprises to report impact of data breach faster and more accurately (27 aug)
https://www.helpnetsecurity.com/2020/08/27/dataguise-data-discovery-and-protection-software/

Informationssäkerhet och blandat

How one attack campaign steals and sells RDP credentials (17 aug)
https://www.techrepublic.com/article/how-one-attack-campaign-steals-and-sells-rdp-credentials/

Tens of suspects arrested for cashing-out Santander ATMs using software glitch (19 aug)
https://www.zdnet.com/article/tens-of-suspects-arrested-for-cashing-out-santander-atms-using-software-glitch/

FBI, CISA Echo Warnings on ‘Vishing’ Threat (20 aug)
https://krebsonsecurity.com/2020/08/fbi-cisa-echo-warnings-on-vishing-threat/
--
https://krebsonsecurity.com/wp-content/uploads/2020/08/fbi-cisa-vishing.pdf

Freepik data breach: Hackers stole 8.3M records via SQL injection (21 aug)
https://www.bleepingcomputer.com/news/security/freepik-data-breach-hackers-stole-83m-records-via-sql-injection/

Yet Another Biometric: Bioacoustic Signatures (21 aug)
https://www.schneier.com/blog/archives/2020/08/yet_another_bio_1.html

Iranian hackers attack exposed RDP servers to deploy Dharma ransomware (24 aug)
https://www.bleepingcomputer.com/news/security/iranian-hackers-attack-exposed-rdp-servers-to-deploy-dharma-ransomware/

Hur skolor kan garantera att data förblir säkra i en tidsepok av digital inlärning och ransomware (24 aug)
https://www.aktuellsakerhet.se/hur-skolor-kan-garantera-att-data-forblir-sakra-i-en-tidsepok-av-digital-inlarning-och-ransomware/

Cyber attacks: Several Canadian government services disrupted (24 aug)
https://www.welivesecurity.com/2020/08/24/cyber-attacks-canada-revenue-agency-government/

CISA 5G Strategy: Ensuring the Security and Resilience of 5G Infrastructure In Our Nation (24 aug)
https://www.cisa.gov/news/2020/08/24/cisa-releases-5g-strategy-secure-and-resilient-critical-infrastructure
--
https://www.cisa.gov/sites/default/files/publications/cisa_5g_strategy_508.pdf

Lazarus Group hackers target cryptocurrency in global campaign (25 aug)
https://betanews.com/2020/08/25/hackers-target-cryptocurrency/

Hack-for-Hire Group Targets Financial Sector Since 2012 (25 aug)
https://www.securityweek.com/hack-hire-group-targets-financial-sector-2012

Hackers are exploiting the 'Internet of Things' (25 aug)
https://www.itproportal.com/features/hackers-are-exploiting-the-internet-of-things/

En organiserad IT-attack anmäld till Säpo (25 aug)
https://www.gunnebogroup.com/Press/Pressmeddelanden/details?postId=8278E09F6A9FA82E
--
https://www.svt.se/nyheter/inrikes/gunnebo-anmaler-organiserd-it-attack-till-sapo

How to Be a Cyber Criminal: Phishing Email Scams (25 aug)
https://www.proofpoint.com/us/blog/cybersecurity-essentials/how-be-cyber-criminal-phishing-email-scams

Säkrare inloggning för SJs kunder (25 aug)
http://nyhetsrum.sj.se/pressreleases/saekrare-inloggning-foer-sjs-kunder-3028503
--
https://computersweden.idg.se/2.2683/1.738597/sj-inloggning-sms (Bakom betalvägg)

Almost 235 Million YouTube, TikTok and Instagram Profiles Exposed Online by Unsecured Database (25 aug)
https://hotforsecurity.bitdefender.com/blog/almost-235-million-youtube-tiktok-and-instagram-profiles-exposed-online-by-unsecured-database-23987.html

Dataspelare bestulen på virtuellt vapen (26 aug)
https://www.hd.se/2020-08-26/dataspelare-bestulen-pa-virtuellt-vapen

Estonia ambassador to connect dots from cyberwar to security culture (26 aug)
https://www.scmagazine.com/home/events/risksec-2020/estonia-ambassador-to-connect-dots-from-cyberwar-to-security-culture/

Using Artificial Intelligence to Fight Money Laundering (26 aug)
https://www.bankinfosecurity.com/using-artificial-intelligence-to-fight-money-laundering-a-14893

Säkerhetsbrist i Safari – enkelt att komma åt känsliga filer (26 aug)
https://macworld.idg.se/2.1038/1.738632/sakerhetsbrist-i-safari--enkelt-att-komma-at-kansliga-filer

Confessions of an ID Theft Kingpin, Part I & II (26 aug)
https://krebsonsecurity.com/2020/08/confessions-of-an-id-theft-kingpin-part-i/
--
https://krebsonsecurity.com/2020/08/confessions-of-an-id-theft-kingpin-part-ii/

What a year of penetration testing data can reveal about the state of cybersecurity (26 aug)
https://www.techrepublic.com/article/what-a-year-of-penetration-testing-data-can-reveal-about-the-state-of-cybersecurity/

Russian Arrested After Offering $1 Million to U.S. Company Employee for Planting Malware (26 aug)
https://thehackernews.com/2020/08/russian-extortion-malware.html

Researchers develop AI technique to protect medical devices from anomalous instructions (27 aug)
https://www.helpnetsecurity.com/2020/08/27/ai-protect-medical-devices/

Förre Karlskronarektorn anmäld för dataintrång (27 aug)
https://sverigesradio.se/artikel/7541695

CERT-SE i veckan

Sårbarhet i Citrix Hypervisor