Som du ser är vår webbplats inte anpassad för äldre webbläsare. Vi rekommenderar att du uppgraderar till en nyare webbläsare.

Publicerad - Veckobrev

CERT-SE:s veckobrev v.45

Den här veckan har handlat mycket om ransomware efter att amerikanska myndigheter publicerade en varning om att hälso- och sjukvårdssektorn är en måltavla.

Nyheter i veckan

Home Depot Confirms Data Breach in Order Confirmation SNAFU (29 okt)
https://threatpost.com/home-depot-data-breach-order-confirmation/160728/

Advisory 2020-017: Resumption of Emotet malware campaign (30 okt)
https://www.cyber.gov.au/acsc/view-all-content/advisories/advisory-2020-017-resumption-emotet-malware-campaign

Lazada confirms 1.1M accounts compromised in RedMart security breach (30 okt)
https://www.zdnet.com/article/lazada-confirms-1-1m-accounts-compromised-in-redmart-security-breach/

Google patches second Chrome zero-day in two weeks (2 nov)
https://www.zdnet.com/article/google-patches-second-chrome-zero-day-in-two-weeks/

US officials confirm Iranian hackers stole voter data (2 nov)
https://www.al-monitor.com/pulse/originals/2020/11/iran-tehran-washington-election-trump-biden-hacking-vote.html

Charming Kitten APT Launched Spoofing Attacks Against Key Personalities (2 nov)
https://cyware.com/news/charming-kitten-apt-launched-spoofing-attacks-against-key-personalities-c8152b35

North Korean Group Kimsuky Targets Government Agencies With New Malware (2 nov)
https://www.securityweek.com/north-korean-group-kimsuky-targets-government-agencies-new-malware

MSB: Hotet mot demokratin en av de största riskerna i samhället (2 nov)
https://www.dn.se/sverige/msb-hotet-mot-demokratin-en-av-de-storsta-riskerna-i-samhallet/

New NAT/Firewall Bypass Attack Lets Hackers Access Any TCP/UDP Service (2 nov)
https://thehackernews.com/2020/11/new-natfirewall-bypass-attack-lets.html

Russian National Sentenced to 8 Years in Prison for Role in Botnet Operation (2 nov)
https://www.darkreading.com/attacks-breaches/russian-national-sentenced-to-8-years-in-prison-for-role-in-botnet-operation/d/d-id/1339352

A massive hacking network that Microsoft and the US military tried to stop last month is already back — and it could be a bad sign for Election Day (2 nov)
https://www.businessinsider.com/trickbot-election-microsoft-botnet-malware-hackers-2020-11?r=US&IR=T

The NCSC Annual Review 2020 (3 nov)
https://www.ncsc.gov.uk/news/annual-review-2020
..
Report: https://www.ncsc.gov.uk/files/Annual-Review-2020.pdf

A new APT uses DLL side-loads to “KilllSomeOne” (4 nov)
https://news.sophos.com/en-us/2020/11/04/a-new-apt-uses-dll-side-loads-to-killlsomeone/

Deloitte's 'Test your Hacker IQ' site fails itself after exposing database user name, password in config file (5 nov)
https://www.theregister.com/2020/11/05/deloitte_hacker_test/

Operation North Star: Behind The Scenes (5 nov)
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/operation-north-star-behind-the-scenes/

INJ3CTOR3 Operation – Leveraging Asterisk Servers for Monetization (5 nov)
https://research.checkpoint.com/2020/inj3ctor3-operation-leveraging-asterisk-servers-for-monetization/

Rackspace Hosted Email Flaw Actively Exploited by Attackers (5 nov)
https://www.bankinfosecurity.com/rackspace-hosted-email-flaw-actively-exploited-by-attackers-a-15309

7,500 educational organizations hacked, access being sold on Russian hacker forums (5 nov)
https://cybernews.com/security/7500-educational-organizations-hacked-access-being-sold-on-russian-hacker-forums/

Ranomware

Hackers have only just wet their whistle. Expect more ransomware and data breaches in 2021. (2 nov)
https://www.techrepublic.com/article/hackers-have-only-just-wet-their-whistle-expect-more-ransomware-and-data-breaches-in-2021/

Vården varnas för cyberattacker: ”Ökad aktivitet” (2 nov)
https://www.svt.se/nyheter/inrikes/varden-varnas-for-cyberhot-okad-aktivitet
..
CISA Alert (AA20-302A)| Ransomware Activity Targeting the Healthcare and Public Health Sector (uppdaterad 2 nov)
https://us-cert.cisa.gov/ncas/alerts/aa20-302a

How to protect backups from ransomware (2 nov)
https://www.csoonline.com/article/3331981/how-to-protect-backups-from-ransomware.html

New RegretLocker ransomware targets Windows virtual machines (3 nov)
https://www.bleepingcomputer.com/news/security/new-regretlocker-ransomware-targets-windows-virtual-machines/

REvil ransomware gang 'acquires' KPOT malware (4 nov)
https://www.zdnet.com/article/revil-ransomware-gang-acquires-kpot-malware/

Ransomware Demands continue to rise as Data Exfiltration becomes common, and Maze subdues (4 nov)
https://www.coveware.com/blog/q3-2020-ransomware-marketplace-report

23,600 hacked databases have leaked from a defunct 'data breach index' site (4 nov)
https://www.zdnet.com/article/23600-hacked-databases-have-leaked-from-a-defunct-data-breach-index-site/

As Maze retires, clients turn to Sekhmet ransomware spin-off Egregor (4 nov)
https://www.zdnet.com/article/as-maze-ransomware-group-retires-clients-turn-to-sekhmet-ransomware-spin-off-egregor/

Global ransomware attacks surged by 110% at 34 million Year-on-Year (5 nov)
https://atlasvpn.com/blog/global-ransomware-attacks-surged-by-110-at-34-million-year-on-year

Ryuk Speed Run, 2 Hours to Ransom (5 nov)
https://thedfirreport.com/2020/11/05/ryuk-speed-run-2-hours-to-ransom/

Informationssäkerhet och blandat

ENISA Threat Landscape 2020: Cyber Attacks Becoming More Sophisticated, Targeted, Widespread and Undetected (20 okt)
https://www.enisa.europa.eu/news/enisa-news/enisa-threat-landscape-2020
..
Rapport: https://www.enisa.europa.eu/publications/year-in-review

APT trends report Q3 2020 (3 nov)
https://securelist.com/apt-trends-report-q3-2020/99204/

Folksam har delat personuppgifter för en miljon personer med Facebook och Google (3 nov)
https://computersweden.idg.se/2.2683/1.742108/folksam-personuppgifter-facebook-google

Här får barnen lära sig att surfa säkert (4 nov)
https://www.dn.se/sverige/har-far-barnen-lara-sig-att-surfa-sakert/

University of Surrey adopts people-centric blueprint for cyber security (6 nov)
https://www.ukauthority.com/articles/university-of-surrey-adopts-people-centric-blueprint-for-cyber-security/

November 2020 Ouch! Newsletter: Social Engineering Attacks
https://www.sans.org/security-awareness-training/resources/social-engineering-attacks

CERT-SE i veckan

Allvarliga sårbarheter i Cisco-produkter

Allvarliga sårbarheter i Adobe Acrobat och Reader

Ny sårbarhet i Oracle WebLogic Server

Ökad hotbild mot hälso- och sjukvårdssektorn