Som du ser är vår webbplats inte anpassad för äldre webbläsare. Vi rekommenderar att du uppgraderar till en nyare webbläsare.

Publicerad - Veckobrev

CERT-SE:s veckobrev v.48

När första ljuset brinner och servrar står på glänt, CERT-SE hoppas alla patchar så alla fira få advent.

Trevlig helg!

Nyheter i veckan

Ransomware attack forces web hosting provider Managed.com to take servers offline (17 nov)
https://www.zdnet.com/article/web-hosting-provider-managed-shuts-down-after-ransomware-attack/

Multiple Industrial Control System Vendors Warn of Critical Bugs (17 nov)
https://threatpost.com/ics-vendors-warn-critical-bugs/161333/

National Cyber Force Transforms country's cyber capabilities to protect UK (19 nov)
https://www.gov.uk/government/news/national-cyber-force-transforms-countrys-cyber-capabilities-to-protect-uk
..
UK reveals new National Cyber Force to improve offensive cyber capabilities (21 nov)
https://securityaffairs.co/wordpress/111223/cyber-warfare-2/uk-establishes-national-cyber-force.html

Artificial intelligence could be used to hack connected cars, drones warn security experts (20 nov)
https://www.zdnet.com/article/artificial-intelligence-could-be-used-to-hack-connected-cars-drones-warn-security-experts/

Facebook Messenger bug allowed callers to listen unattended calls (20 nov)
https://www.hackread.com/facebook-messenger-bug-call-listen-calls/

Manchester United hit by 'sophisticated' cyber attack but say fan data is safe (20 nov)
https://www.theguardian.com/football/2020/nov/20/manchester-united-confirm-cyber-attack-but-confident-match-can-go-ahead
..
Manchester United football club discloses security breach (21 nov)
https://www.zdnet.com/article/manchester-united-football-club-discloses-security-breach/

Dutch tech reporter gatecrashes EU defence secret video conference (21 nov)
https://securityaffairs.co/wordpress/111250/security/reporter-gatecrashes-eu-defence-conference.html

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services (21 nov)
https://krebsonsecurity.com/2020/11/godaddy-employees-used-in-attacks-on-multiple-cryptocurrency-services/

Hacker posts exploits for over 49,000 vulnerable Fortinet VPNs (22 nov)
https://www.bleepingcomputer.com/news/security/hacker-posts-exploits-for-over-49-000-vulnerable-fortinet-vpns/

Brazilian government recovers from "worst-ever" cyberattack (23 nov)
https://www.zdnet.com/article/brazilian-government-recovers-from-worst-ever-cyberattack/

Så hanterar du dina lösenord smart och enkelt (23 nov)
https://www.dn.se/ekonomi/sa-hanterar-du-dina-losenord-smart-och-enkelt/

Hackers accidentally expose Spotify user data they stole (23 nov)
https://www.cnet.com/news/hoard-of-spotify-user-data-exposed-by-hackers-careless-security-practices/

DDoS attacks surge, becoming more sophisticated (23 nov)
https://securitybrief.eu/story/ddos-attacks-surge-becoming-more-sophisticated

Walmart-exclusive router and others sold on Amazon & eBay contain hidden backdoors to control devices (23 nov)
https://cybernews.com/security/walmart-exclusive-routers-others-made-in-china-contain-backdoors-to-control-devices/

Tesla Model X hacked and stolen in minutes using new key fob hack (23 nov)
https://www.zdnet.com/article/tesla-model-x-hacked-and-stolen-in-minutes-using-new-key-fob-hack/

On That Dusseldorf Hospital Ransomware Attack and the Resultant Death (24 nov)
https://www.schneier.com/blog/archives/2020/11/on-that-dusseldorf-hospital-ransomware-attack-and-the-resultant-death.html

Is Cybersecurity Smart Enough to Protect Automated Buildings? (24 nov)
https://www.tripwire.com/state-of-security/featured/cybersecurity-smart-enough-to-protect-automated-buildings/

XDR: Unifying incident detection, response and remediation (24 nov)
https://www.helpnetsecurity.com/2020/11/24/xdr-extended-detection-and-response/

TrickBot Gets Updated to Survive Takedown Attempts (24 nov)
https://www.securityweek.com/trickbot-gets-updated-survive-takedown-attempts

New WAPDropper malware stealthily subscribes you to premium services (24 nov)
https://www.bleepingcomputer.com/news/security/new-wapdropper-malware-stealthily-subscribes-you-to-premium-services/

Värnpliktiga rycker in som cybersoldater (25 nov)
https://sverigesradio.se/sida/artikel.aspx?programid=1650&artikel=7607410

Hackad nyhetsbyrå vägrar betala (25 nov)
https://www.ttela.se/nyheter/v%C3%A4rlden/dansk-nyhetsbyr%C3%A5-utsatt-f%C3%B6r-hackerattack-1.37556414
..
Ritzau ramt af hackerangreb (24 nov)
https://jyllands-posten.dk/indland/ECE12582696/ritzau-ramt-af-hackerangreb/

Sophos notifies customers of data exposure after database misconfiguration (26 nov)
https://www.zdnet.com/article/sophos-notifies-customers-of-data-exposure-after-database-misconfiguration/

Informationssäkerhet och blandat

Recipe for a successful phishing campaign (part 1/2) (13 okt)
https://medium.com/bugbountywriteup/recipe-for-a-successful-phishing-campaign-part-1-2-dc23d927ec55

Recipe for a successful phishing campaign (part 2/2) (15 okt)
https://medium.com/bugbountywriteup/recipe-for-a-successful-phishing-campaign-part-2-2-68552806dcba

Booting from a vinyl record (19 nov)
http://boginjr.com/it/sw/dev/vinyl-boot/

Introducing another free CA as an alternative to Let's Encrypt (20 nov)
https://scotthelme.co.uk/introducing-another-free-ca-as-an-alternative-to-lets-encrypt/

Bluffakturor med avsändare billpay (25 nov)
https://sakerhetskollen.se/aktuella-brott/bluffakturor-med-avsandare-billpay

Architecture of a ransomware (1/2) (25 nov)
https://securityshenaningans.medium.com/architecture-of-a-ransomware-1-2-1b9fee757fcb

Architecture of a ransomware (2/2) (26 nov)
https://securityshenaningans.medium.com/architecture-of-a-ransomware-2-2-e22d8eb11cee

CERT-SE i veckan

Ny sårbarhet i VMware-produkter