CERT-SE:s veckobrev v.47

Återigen en hel del ransomware att berätta om i veckobrevet, men även uppdateringar om CISA:s numera f.d. chef, utbildning av svenska cybersoldater, risken för vaccinhack samt den senaste cyberväderleksrapporten. Trevlig helg önskar CERT-SE!

Nyheter i veckan

Microsoft says three APTs have targeted seven COVID-19 vaccine makers (13 nov) https://www.zdnet.com/article/microsoft-says-three-apts-have-targeted-seven-covid-19-vaccine-makers/The Scammer Who Wanted to Save His Country (13 nov) https://www.wired.com/story/brazil-hacker-bolsonaro-car-wash-leaks/Här utbildas framtidens cybersoldater (15 nov) https://www.hallandsposten.se/nyheter/sverige/h%C3%A4r-utbildas-framtidens-cybersoldater-1.37119411Expert: Vaccinhackare redo för attack (16 nov) https://www.svd.se/expert-vaccinhackare-redo-att-ga-till-attackHow the U.S. Military Buys Location Data from Ordinary Apps (16 nov) https://www.vice.com/en/article/jgqm5x/us-military-location-data-xmode-locate-x Heartbleed, BlueKeep and other vulnerabilities that didn’t disappear just because we don’t talk about them anymore (16 nov) https://isc.sans.edu/diary/26798Be Very Sparing in Allowing Site Notifications (17 nov) https://krebsonsecurity.com/2020/11/be-very-sparing-in-allowing-site-notifications/Why biometrics will not fix all your authentication woes (17 nov) https://www.helpnetsecurity.com/2020/11/17/biometric-authentication/More than 200 systems infected by new Chinese APT ‘FunnyDream’ (17 nov) https://www.zdnet.com/article/more-than-200-systems-infected-by-new-chinese-apt-funnydream/Russian State-Sponsored Advanced Persistent Threat Actor Compromises U.S. Government Targets (17 nov) https://us-cert.cisa.gov/ncas/alerts/aa20-296a – https://indd.adobe.com/view/64463245-3411-49f9-b203-1c7cb8f16769More than 245,000 Windows systems still remain vulnerable to BlueKeep RDP bug (17 nov) https://www.zdnet.com/article/more-than-245000-windows-systems-still-remain-vulnerable-to-bluekeep-rdp-bug/Trump Fires Christopher Krebs, Head of CISA (17 nov) https://www.bankinfosecurity.com/trump-fires-christopher-krebs-head-cisa-a-15386 – Trump fires cybersecurity boss Chris Krebs for doing his job: Securing the election and telling the truth about it (18 nov) https://www.theregister.com/2020/11/18/trump_fires_krebs/ – Trump Fires Security Chief Christopher Krebs (18 nov) https://krebsonsecurity.com/2020/11/trump-fires-security-chief-christopher-krebs/ – “Krebs has been terminated”: Trump fires cybersecurity chief on Twitter (18 nov) https://arstechnica.com/tech-policy/2020/11/trump-fires-cybersecurity-chief-for-debunking-election-fraud-claims/ – Analysis: Does Krebs’ Firing Leave US Vulnerable to Attack? (19 nov) https://www.govinfosecurity.com/analysis-does-krebs-firing-leave-us-vulnerable-to-attack-a-15398 Network-layer DDoS attack trends for Q3 2020 (18 nov) https://blog.cloudflare.com/network-layer-ddos-attack-trends-for-q3-2020/Massive, China-state-funded hack hits companies around the world, report says (19 nov) https://arstechnica.com/information-technology/2020/11/massive-china-state-funded-hack-hits-companies-around-the-word-report-says/Hard to believe but Congress just approved an IoT security law and it doesn’t totally suck (18 nov) https://www.theregister.com/2020/11/18/us_iot_security/Major Technological Disasters 2000-2020 (18 nov) https://erccportal.jrc.ec.europa.eu/getdailymap/docId/3541EU’s DORA regulation explained: New risk management requirements for financial firms (18 nov) https://www.csoonline.com/article/3596881/eus-dora-regulation-explained-new-risk-management-requirements-for-financial-firms.htmlMicrosoft Warns of Office 365 Phishing Attacks (18 nov) https://www.govinfosecurity.com/microsoft-warns-office-365-phishing-attacks-a-15395Linux servers: How to encrypt files with gocryptfs (19 nov) https://www.techrepublic.com/videos/linux-servers-how-to-encrypt-files-with-gocryptfs/

Informationssäkerhet och blandat

Analysis: Cybersecurity Challenges Facing New President (13 nov) https://www.bankinfosecurity.com/interviews/analysis-cybersecurity-challenges-facing-new-president-i-4796Ticketmaster fined £1.25m over payment data breach (14 nov) https://www.bbc.com/news/technology-54931873The ENISA Cybersecurity Threat Landscape (15 nov) https://securityboulevard.com/2020/11/the-enisa-cybersecurity-threat-landscape/How to address inefficiencies of using multiple cybersecurity systems (15 nov) https://www.hackread.com/address-inefficiencies-multiple-cybersecurity-systems/FireEye Predicts Ransomware Will Evolve and Expand in 2021 (17 nov) https://www.securityweek.com/fireeye-predicts-ransomware-will-evolve-and-expand-2021F.d. polisanställd åtalas för grovt dataintrång (17 nov) https://sverigesradio.se/artikel/7601258Over 80% companies re-structured their cybersecurity infrastructure in 2020 (17 nov) https://www.hackread.com/companies-re-structured-cybersecurity-infrastructure-2020/CEOs Will Be Personally Liable for Cyber-Physical Security Incidents by 2024 (17 nov) https://www.tripwire.com/state-of-security/risk-based-security-for-executives/ceo-personally-liable-cyber-physical-security-incidents/Blixtarna flammade, regnet smattrade men även glimtar av sol i det växlande cybervädret i oktober (17 nov) https://www.kyberturvallisuuskeskus.fi/sv/kybersaa-lokakuu-2020 – https://www.kyberturvallisuuskeskus.fi/sv/aktuellt/cybervader – https://www.kyberturvallisuuskeskus.fi/sites/default/files/media/file/SV2-Kybersaa-lokakuu2020.pdf2020’s Most Common Passwords Are Laughably Insecure (18 nov) https://uk.pcmag.com/security/130034/2020s-most-common-passwords-are-laughably-insecure – https://nordpass.com/most-common-passwords-list/A Global Reset: Cyber Security Predictions 2021 (18 nov) https://content.fireeye.com/predictions/rpt-security-predictions-2021Hemligstämplad pandemiplan låg helt öppet på nätet (18 nov) https://www.dn.se/sverige/hemligstamplad-pandemiplan-lag-helt-oppet-pa-natet/Hacking group exploits ZeroLogon in automotive, industrial attack wave (18 nov) https://www.zdnet.com/article/cicada-hacking-group-exploits-zerologon-launches-new-backdoor-in-automotive-industry-attack-wave/Covid vaccine will “inevitably” be target of cyberattacks “over the next 12 months” (18 nov) https://www.verdict.co.uk/covid-vaccine-cyberattacks/How AI Is powering a new generation of cyber-attacks (18 nov) https://www.theregister.com/2020/11/18/the_battle_of_the_algorithms/Verizon picks industries that are prime targets for cyber espionage (19 nov) https://www.scmagazine.com/home/security-news/apts-cyberespionage/verizon-picks-industries-that-are-prime-targets-for-cyber-espionage/Phishingkampanj fejkar Postnord - “sjukt snyggt gjort” (19 nov) https://computersweden.idg.se/2.2683/1.743046/phishingkampanj-postnord Recent Ransomware Attacks on U.S. Hospitals Highlight the Inefficiency of Rules-Based Cybersecurity Solutions (19 nov) https://securityboulevard.com/2020/11/recent-ransomware-attacks-on-u-s-hospitals-highlight-the-inefficiency-of-rules-based-cybersecurity-solutions/A perspective on security threats and trends, from inception to impact (19 nov) https://www.helpnetsecurity.com/2020/11/19/security-threats-and-trends/SVT avslöjar: Känsliga uppgifter läckta om tusentals läkare och sjuksköterskor (19 nov) https://www.svt.se/nyheter/inrikes/svt-avslojar-kansliga-uppgifter-lackta-om-tusentals-lakare-och-sjukskoterskor56% of organizations faced a ransomware attack, many paid the ransom (20 nov) https://www.helpnetsecurity.com/2020/11/20/faced-ransomware-attack/Rätt eller fel att betala lösen efter gisslanattack? Det här gäller för ransomware (20 nov) https://computersweden.idg.se/2.2683/1.743091/betala-losensumma-ransomware

CERT-SE i veckan

Flera kritiska sårbarheter i VMware-produkter (uppdaterad 2020-07-13 och 2020-11-20)Flera kritiska sårbarheter i Cisco-produkterFlera sårbarheter i Citrix SD-WAN CenterSårbarheter i Cisco Security Manager varav en kritisk