CERT-SE:s veckobrev v.41

CERT-SE uppmärksammar att vid användning av publika tjänster för att undersöka potentiellt skadliga filer, finns risk för oönskad informationsspridning. CERT-SE har även uppfattat att det är många som gillar CTF. Förra helgen gick finalen i Midnight Sun CTF av stapeln! Här kan ni spana in resultatet hur de 16 deltagande lagen placerade sig: https://ctf.midnightsunctf.se/dashboard/scoreboard

Nyheter i veckan

Facebook Shut Down Malware That Hijacked Accounts to Run Ads (1 okt) https://www.wired.com/story/facebook-shut-down-malware-that-hijacked-accounts-to-run-ads/Cybersäkerhet avgörande för svensk konkurrenskraft (1 okt) https://entreprenorskapsforum.se/2020/10/01/cybersakerhet-avgorande-for-svensk-konkurrenskraft/ .. Rapport: https://entreprenorskapsforum.se/wp-content/uploads/2020/09/Rapport_Cybersakerhet_Web.pdfZeroLogon is now detected by Microsoft Defender for Identity (CVE-2020-1472 exploitation) (1 okt) https://techcommunity.microsoft.com/t5/microsoft-365-defender/zerologon-is-now-detected-by-microsoft-defender-for-identity-cve/ba-p/1734034Graphology of an Exploit – Hunting for exploits by looking for the author’s fingerprints (2 okt) https://research.checkpoint.com/2020/graphology-of-an-exploit-volodya/Emotet Spoofs DNC in New Attack Campaign (2 okt) https://www.darkreading.com/threat-intelligence/emotet-spoofs-dnc-in-new-attack-campaign/d/d-id/1339075 .. CISA: Alert (AA20-280A) Emotet Malware (6 okt) https://us-cert.cisa.gov/ncas/alerts/aa20-280aCompanies that facilitate ransomware payments risk violating US sanctions (2 okt) https://www.helpnetsecurity.com/2020/10/02/ransomware-us-sanctions/Utrikesministeriet betalade 10 000 euro till lagliga hackare (2 okt) https://www.vasabladet.fi/Artikel/Visa/402464Two North American hospitality merchants hacked in May and June (4 okt) https://www.zdnet.com/article/two-north-american-hospitality-merchants-hacked-in-may-and-june/Clinical Trials Hit by Ransomware Attack on Health Tech Firm (3 okt) https://www.nytimes.com/2020/10/03/technology/clinical-trials-ransomware-attack-drugmakers.html .. Ransomware Disrupts COVID-19 Medical Trials (5 okt) https://www.infosecurity-magazine.com/news/ransomware-disrupts-covid19/New Jersey hospital paid ransomware gang $670K to prevent data leak (3 okt) https://www.bleepingcomputer.com/news/security/new-jersey-hospital-paid-ransomware-gang-670k-to-prevent-data-leak/Ransomware victims aren’t reporting attacks to police. That’s causing a big problem (5 okt) https://www.zdnet.com/article/ransomware-victims-arent-reporting-attacks-to-police-thats-causing-a-big-problem/ .. Report: https://www.europol.europa.eu/sites/default/files/documents/internet_organised_crime_threat_assessment_iocta_2020.pdfSuspected Chinese Hackers Unleash Malware That Can Survive OS Reinstalls (5 okt) https://uk.pcmag.com/security/129035/suspected-chinese-hackers-unleash-malware-that-can-survive-os-reinstallsPoetRAT: Malware targeting public and private sector in Azerbaijan evolves (6 okt) https://blog.talosintelligence.com/2020/10/poetrat-update.htmlBoom! Hacked page on mobile phone website is stealing customers’ card data (6 okt) https://arstechnica.com/information-technology/2020/10/boom-hacked-page-on-mobile-phone-website-is-stealing-customers-card-data/Hackers abuse Windows error service in fileless malware attack (6 okt) https://www.bleepingcomputer.com/news/security/hackers-abuse-windows-error-service-in-fileless-malware-attack/This ‘invisible’ malware is nearly impossible to detect (6 okt) https://www.techradar.com/news/this-invisible-malware-is-nearly-impossible-to-detectRelease the Kraken: Fileless APT attack abuses Windows Error Reporting service (6 okt) https://blog.malwarebytes.com/malwarebytes-news/2020/10/kraken-attack-abuses-wer-service/Waterbear malware used in attack wave against government agencies (8 okt) https://www.zdnet.com/article/waterbear-malware-used-in-attack-wave-against-government-agencies/

Informationssäkerhet och blandat

Nätfiske i fokus under årets Tänk säkert-kampanj (1 okt) https://www.msb.se/sv/aktuellt/nyheter/2020/oktober/idag-startar-tank-sakert-kampanjen/Undersköterska smygläste skjuten patients journal (2 okt) https://www.expressen.se/kvallsposten/krim/underskoterska-smyglaste-skjuten-patients-journal/Efter två veckor – e-posthaveriet i Göteborg ännu inte löst (2 okt) https://computersweden.idg.se/2.2683/1.740520/e-posthaveri-goteborgVårdanställd tjuvläste i patientjournaler (3 okt) https://sverigesradio.se/artikel/7567200The politics of internet security: Private industry and the future of the web (5 okt) https://www.atlanticcouncil.org/in-depth-research-reports/report/the-politics-of-internet-security-private-industry-and-the-future-of-the-web/Så här får arbetsgivare hantera personuppgifter (5 okt) https://www.datainspektionen.se/nyheter/sa-har-far-arbetsgivare-hantera-personuppgifter/Excel: Why using Microsoft’s tool caused Covid-19 results to be lost (6 okt) https://www.bbc.com/news/technology-54423988Nya risker – detta gäller vid hemmajobb (7 okt) https://www.svd.se/nya-risker–detta-galler-vid-hemmajobbAlhem: ”Viktigt värna patientsäkerheten och integriteten” (7 okt) https://www.svt.se/nyheter/lokalt/gavleborg/viktigt-varna-patientsakerheten-och-integritetenFlera intrång i Region Gävleborgs journalsystem – trots hög säkerhet (7 okt) https://www.svt.se/nyheter/lokalt/gavleborg/intrang-i-journalsystemen-trots-hog-sakerhetStora problem med trygghetslarm i Luleå – 1600 drabbade (9 okt) https://www.svt.se/nyheter/lokalt/norrbotten/stora-problem-med-trygghetslarm-i-lulea

CERT-SE i veckan

Risk för informationsläckage via publika tjänster för bedömning av filer