CERT-SE:s veckobrev v.49

Veckobrev

Det var en gång en sårbarhet, i Fortinet för att vara konkret. Angriparna kommer över många lösenord och nu har dumpen blivit offentliggjord. Mer än en påverkad finns i vårt land, om ni har drabbade konton är det dags att ta omhand!Trevlig helg önskar CERT-SE!

Nyheter i veckan

Sophos notifies customers of data exposure after database misconfiguration (26 nov) https://www.zdnet.com/article/sophos-notifies-customers-of-data-exposure-after-database-misconfiguration/

Fortinet FortiOS System File Leak (27 nov) https://us-cert.cisa.gov/ncas/current-activity/2020/11/27/fortinet-fortios-system-file-leak
Mängder av svenska företag i ny it-läcka (27 nov) https://www.dagensnaringsliv.se/20201127/198566/mangder-av-svenska-foretag-i-ny-it-lacka

Ny nationell innovationsnod för cybersäkerhet (27 nov) https://www.vinnova.se/nyheter/2020/11/ny-sidany-nationell-innovationsnod-for-cybersakerhet/

Exclusive: Suspected North Korean hackers targeted COVID vaccine maker AstraZeneca - sources (27 nov) https://www.reuters.com/article/us-healthcare-coronavirus-astrazeneca-no/exclusive-suspected-north-korean-hackers-targeted-covid-vaccine-maker-astrazeneca-sources-idUSKBN2871A2

FOI testar företags motståndskraft mot phishing (28 nov) https://www.securityworldmarket.com/se/Nyheter/Foretagsnyheter/sa-okar-foi-kunskapen-om-natfiske1

This new cyberattack can dupe DNA scientists into creating dangerous viruses and toxins (30 nov) https://www.zdnet.com/article/this-new-cyberattack-can-dupe-scientists-into-creating-dangerous-viruses-toxins/

German users targeted with Gootkit banker or REvil ransomware (30 nov) https://blog.malwarebytes.com/threat-analysis/2020/11/german-users-targeted-with-gootkit-banker-or-revil-ransomware/amp/

Ny forskning: Så liten del av darknet är fylld av kriminalitet (30 nov) https://www.svt.se/nyheter/vetenskap/ny-forskning-sa-stor-del-av-darknet-ar-fylld-av-kriminalitet

IoT chip maker Advantech confirms ransomware attack, data theft (30 nov) https://www.bleepingcomputer.com/news/security/iot-chip-maker-advantech-confirms-ransomware-attack-data-theft/

Microsoft Defender for Identity now detects Zerologon attacks (30 nov) https://www.bleepingcomputer.com/news/security/microsoft-defender-for-identity-now-detects-zerologon-attacks/

Threat actor leverages coin miner techniques to stay under the radar – here’s how to spot them (30 nov) https://www.microsoft.com/security/blog/2020/11/30/threat-actor-leverages-coin-miner-techniques-to-stay-under-the-radar-heres-how-to-spot-them/

Brazilian Plane Maker Embraer Targeted in Cyberattack (1 dec) https://www.securityweek.com/brazilian-plane-maker-embraer-targeted-cyberattack

DarkIRC bot exploits recent Oracle WebLogic vulnerability (1 dec) https://blogs.juniper.net/en-us/threat-research/darkirc-bot-exploits-oracle-weblogic-vulnerability

Automated string de-gobfuscation (2 dec) https://www.kryptoslogic.com/blog/2020/12/automated-string-de-gobfuscation/

How do hackers choose their targets? (2 dec) https://www.itpro.co.uk/security/hacking/357971/how-do-hackers-choose-their-targets

TrickBot’s new module aims to infect your UEFI firmware (3 dec) https://www.bleepingcomputer.com/news/security/trickbots-new-module-aims-to-infect-your-uefi-firmware/
TrickBot Now Offers ‘TrickBoot’: Persist, Brick, Profit (3 dec) https://eclypsium.com/2020/12/03/trickbot-now-offers-trickboot-persist-brick-profit/

IBM Uncovers Global Phishing Campaign Targeting the COVID-19 Vaccine Cold Chain (3 dec) https://securityintelligence.com/posts/ibm-uncovers-global-phishing-covid-19-vaccine-cold-chain/
IBM Releases Report on Cyber Actors Targeting the COVID-19 Vaccine Supply Chain (3 dec) https://us-cert.cisa.gov/ncas/current-activity/2020/12/03/ibm-releases-report-cyber-actors-targeting-covid-19-vaccine-supply

Credit card stealing malware hides in social media sharing icons (3 dec) https://www.bleepingcomputer.com/news/security/credit-card-stealing-malware-hides-in-social-media-sharing-icons/

Informationssäkerhet och blandat

ACSC: Ransomware https://www.cyber.gov.au/ransomware

Securing the World’s Software https://octoverse.github.com/static/2020-security-report.pdf

Healthcare security in 2021 (2 dec) https://securelist.com/healthcare-security-in-2021/99571/

ICS threat predictions for 2021 (2 dec) https://securelist.com/ics-threat-predictions-for-2021/99613/

APT annual review: What the world’s threat actors got up to in 2020 (3 dec) https://securelist.com/apt-annual-review-what-the-worlds-threat-actors-got-up-to-in-2020/99574/

The chronicles of Emotet (4 dec) https://securelist.com/the-chronicles-of-emotet/99660/

CERT-SE i veckan

Allvarliga RCE-sårbarheter