CERT-SE:s veckobrev v.39

Veckobrev

Från datacenter på havsbotten till ansiktsigenkänning i butiker till regeringens budgetproposition och finansiering till ett nytt nationellt cybersäkerhetscenter - detta och mycket mer ryms i veckans nyhetssvep. Till sist, en påminnelse om FOI:s cybersäkerhetsövning 20/20 CTF, https://www.foi.se/2020ctf, som arrangeras imorgon lördag. Trevlig helg önskar CERT-SE!

Nyheter i veckan

Microsoft’s underwater server experiment resurfaces after two years (14 sep) https://www.theverge.com/2020/9/14/21436746/microsoft-project-natick-data-center-server-underwater-cooling-reliabilityIranian hacker group developed Android malware to steal 2FA SMS codes (18 sep) https://www.zdnet.com/article/iranian-hacker-group-developed-android-malware-to-steal-2fa-sms-codes/UK National Cyber Security Centre Warns of Surge in Ransomware Attacks Targeting Education Institutions (21 sep) https://hotforsecurity.bitdefender.com/blog/uk-national-cyber-security-centre-warns-of-surge-in-ransomware-attacks-targeting-education-institutions-24163.htmlStort IT-haveri på Göteborgs universitet (21 sep) https://www.svt.se/nyheter/lokalt/vast/mailhaveri-pa-goteborgs-universitetDaaS, BYOD, leasing and buying: Which is better for cybersecurity? (22 sep) https://www.helpnetsecurity.com/2020/09/22/daas-byod-leasing-buying/Cybersecurity Leadership: Risk Exposure Awareness (22 sep) https://www.bankinfosecurity.com/cybersecurity-leadership-risk-exposure-awareness-a-15035A member The Dark Overlord group sentenced to 5 years in prison (22 sep) https://securityaffairs.co/wordpress/108599/cyber-crime/the-dark-overlord-group-member-sentence.htmlCybercrime is Everywhere: Keeping Track of Today’s Trends (22 sep) https://www.rsa.com/en-us/blog/2020-09/cybercrime-is-everywhere-keeping-track-of-todays-trendsEmotet double blunder: fake ‘Windows 10 Mobile’ and outdated messages (22 sep) https://www.bleepingcomputer.com/news/security/emotet-double-blunder-fake-windows-10-mobile-and-outdated-messages/Security teams struggle with ransomware, cloud services (22 sep) https://www.scmagazine.com/home/security-news/security-teams-struggle-with-ransomware-cloud-services/Russian hackers use fake NATO training docs to breach govt networks (22 sep) https://www.bleepingcomputer.com/news/security/russian-hackers-use-fake-nato-training-docs-to-breach-govt-networks/IBM to train 800 mid-career people in AI, cyber security (23 sep) https://www.straitstimes.com/tech/ibm-to-train-800-mid-career-people-in-ai-cyber-securityNew ransomware actor OldGremlin uses custom malware to hit top orgs (23 sep) https://www.bleepingcomputer.com/news/security/new-ransomware-actor-oldgremlin-uses-custom-malware-to-hit-top-orgs/Microsoft’s OS joins macOS and Linux at the Flutter party, but guess which one performs best? Hint: It’s not Windows (23 sep) https://www.theregister.com/2020/09/23/flutter_targets_the_windows_desktop/Utpressningsvirus kan ha slagit ut Synsam (23 sep) https://www.dn.se/ekonomi/utpressningsvirus-kan-ha-slagit-ut-synsam/Cyberwarfare fears add to security headaches for businesses (23 sep) https://www.zdnet.com/article/cyberwarfare-fears-add-to-security-headaches-for-businesses/Security and Privacy Controls for Information Systems and Organizations (23 sep) https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/finalNetworkMiner 2.6 Released (23 sep) https://www.netresec.com/?page=Blog&month=2020-09&post=NetworkMiner-2-6-ReleasedHigh volumes of attacks keep targeting video game companies and players (24 sep) https://www.helpnetsecurity.com/2020/09/24/attacks-keep-targeting-video-game-companies-players/Threat landscape for industrial automation systems, H1 2020 (24 sep) https://ics-cert.kaspersky.com/reports/2020/09/24/threat-landscape-for-industrial-automation-systems-h1-2020/Drop Everything and Secure Remote Workforce, Gartner Warns (24 sep) https://www.bankinfosecurity.com/blogs/drop-everything-secure-remote-workforce-gartner-warns-p-2947Taking a Gander at Threats Inside Malicious Emails (24 sep) https://cyware.com/news/taking-a-gander-at-threats-inside-malicious-emails-14bf127fCredential stuffing is just the tip of the iceberg (24 sep) https://www.helpnetsecurity.com/2020/09/24/credential-stuffing-is-just-the-tip-of-the-iceberg/Rapport: Danska underrättelsetjänsten har spionerat på danskarna (24 sep) https://www.svt.se/nyheter/utrikes/rapport-danska-underrattelsetjansten-har-spionerat-pa-danskarnahttps://www.dr.dk/nyheder/indland/ny-afsloering-fe-masseindsamler-oplysninger-om-danskere-gennem-avanceret-spionsystemMicrosoft removed 18 Azure AD apps used by Chinese state-sponsored hacker group (24 sep) https://www.zdnet.com/article/microsoft-removed-18-azure-ad-apps-used-by-chinese-state-sponsored-hacker-group/CISA says a hacker breached a federal agency (24 sep) https://www.zdnet.com/article/cisa-says-a-hacker-breached-a-federal-agency/How worried should we be about deadly cyber-attacks? (25 sep) https://www.bbc.com/news/av/technology-54269045It-miss gör det möjligt att runda kön till högskoleprovet (25 sep) https://sverigesradio.se/sida/artikel.aspx?programid=83&artikel=7561555Alleged source code for Windows XP and other Microsoft software leaks online (25 sep) https://betanews.com/2020/09/25/windows-xp-source-code-leak/

Zerologon

Detecting and Preventing Critical ZeroLogon Windows Server Vulnerability (23 sep) https://thehackernews.com/2020/09/detecting-and-preventing-critical.htmlMicrosoft: Hackers using Zerologon exploits in attacks, patch now! (23 sep) https://www.bleepingcomputer.com/news/microsoft/microsoft-hackers-using-zerologon-exploits-in-attacks-patch-now/Race to patch as Microsoft confirms Zerologon attacks in the wild (24 sep) https://www.computerweekly.com/news/252489539/Race-to-patch-as-Microsoft-confirms-Zerologon-attacks-in-the-wildMicrosoft: Attackers Exploiting ‘ZeroLogon’ Windows Flaw (24 sep) https://krebsonsecurity.com/2020/09/microsoft-attackers-exploiting-zerologon-windows-flaw/A different way of abusing Zerologon (24 sep) https://dirkjanm.io/a-different-way-of-abusing-zerologon/

Informationssäkerhet och blandat

The 20-Year Hunt for the Man Behind the Love Bug Virus (12 sep) https://www.wired.com/story/the-20-year-hunt-for-the-man-behind-the-love-bug-virus/Passiv SAR – radar som ser utan att synas (14 sep) https://www.foi.se/nyheter-och-press/nyheter/2020-09-14-passiv-sar—radar-som-ser-utan-att-synas.htmlIranian Hackers Found Way Into Encrypted Apps, Researchers Say (18 sep) https://www.nytimes.com/2020/09/18/world/middleeast/iran-hacking-encryption.htmlNär svenska kameror läser av ansikten (20 sep) https://sverigesradio.se/artikel/7557150 – Indivds ansiktsigenkänning testas i Stockholm – 46 kameror ska analysera kunder (21 sep) https://www.breakit.se/artikel/26274/indivds-ansiktsigenkanning-testas-i-stockholm-46-kameror-ska-analysera-kunderFinansiering klar för nationellt cybersäkerhetscenter (21 sep) https://www.sakerhetspolisen.se/ovrigt/pressrum/aktuellt/aktuellt/2020-09-21-finansiering-klar-for-nationellt-cybersakerhetscenter.html – Så påverkas MSB av regeringens budgetförslag 2021-2023 (22 sep) https://www.msb.se/sv/aktuellt/nyheter/2020/september/sa-paverkas-msb-av-regeringens-budgetforslag-2021-2023/ – Ett steg närmare ett nationellt cybersäkerhetscenter (23 sep) https://www.forsvarsmakten.se/sv/aktuellt/2020/09/ett-steg-narmare-ett-nationellt-cybersakerhetscenter/Experten om Tiktok: ”Nu kan du välja om du vill övervakas av USA eller Kina” (21 sep) https://www.svt.se/nyheter/lokalt/varmland/experten-om-tiktok-nu-kan-du-valja-om-du-vill-overvakas-av-usa-eller-kinaTog tre år men kanske smäller det snart – Datainspektionen byter namn (21 sep) https://computersweden.idg.se/2.2683/1.739801/datainspektionen-byte-namnData Leak: Unsecured Server Exposed Bing Mobile App Data (22 sep) https://www.wizcase.com/blog/bing-leak-research/FBI warns of cybercriminals spreading false info about 2020 election results (23 sep) https://www.techrepublic.com/article/fbi-warns-of-cybercriminals-spreading-false-info-about-2020-election-results/https://www.ic3.gov/media/2020/200922.aspxCybersecurity for Critical Infrastructure: How CISA Programs, New Legislation Can Help (23 sep) https://www.tenable.com/blog/cybersecurity-for-critical-infrastructure-how-cisa-programs-new-legislation-can-help(ISC)2 study reveals vastly improved perceptions about cybersecurity professionals (23 sep) https://www.itsecurityguru.org/2020/09/23/isc2-study-reveals-vastly-improved-perceptions-about-cybersecurity-professionals/MSB varnade för risken med sabotage vid digitala föreläsningar (24 sep) https://sverigesradio.se/artikel/7560484 – Zoombombning drabbar universiteten (23 sep) https://sverigesradio.se/artikel/7559745InstaHack: how researchers were able to take over the Instagram App using a malicious image (24 sep) https://blog.checkpoint.com/2020/09/24/instahack-how-researchers-were-able-to-take-over-the-instagram-app-using-a-malicious-image/https://www.scmagazine.com/home/security-news/vulnerabilities/instagram-flaw-shows-importance-of-managing-third-party-apps-images/From Firewalls to Firewalling – The Future of Enterprise Security (24 sep) https://blogs.cisco.com/security/from-firewalls-to-firewalling-the-future-of-enterprise-securityBuild security by expanding cyber awareness (24 sep) https://www.scmagazine.com/perspectives/build-security-by-expanding-cyber-awareness/Layered security becomes critical as malware attacks rise (25 sep) https://www.helpnetsecurity.com/2020/09/25/malware-detections-q2-2020/

Informationssäkerhetsmånaden

https://www.msb.se/sv/amnesomraden/informationssakerhet-cybersakerhet-och-sakra-kommunikationer/informationssakerhetsmanaden

CERT-SE i veckan

Allvarliga sårbarheter i Cisco-produkter Kritisk sårbarhet i Windows Server (uppdaterad 2020-09-24) Emotet riktas mot svenska organisationer