CERT-SE:s veckobrev v.6

Kattsingen vad veckan går fort! En vecka med flera händelser inom cybersäkerhet att hålla kolla på. Allt från angrepp på en vattenreningsanläggning i Florida till att MSB:s årsrapport för NIS-leverantörers it-incidentrapportering 2020, och mycket mer finns här att läsa om.

Trevlig läsning och helg!

Nyheter i veckan

Taking a Realistic View of Cyber Security Requirements for Digital Providers (1 feb) https://www.sentinelone.com/blog/taking-a-realistic-view-of-cyber-security-requirements-for-digital-providers/

Largest compilation of emails and passwords leaked for free on public forum (2 feb) https://cybernews.com/news/largest-compilation-of-emails-and-passwords-leaked-free/

Plex Media servers actively abused to amplify DDoS attacks (4 feb) https://www.bleepingcomputer.com/news/security/plex-media-servers-actively-abused-to-amplify-ddos-attacks/

Barcode Scanner app on Google Play infects 10 million users with one update (5 feb) https://blog.malwarebytes.com/android/2021/02/barcode-scanner-app-on-google-play-infects-10-million-users-with-one-update/

That Slack email you just got asking to reset your password is legit, not a scam (5 feb) https://www.androidpolice.com/2021/02/05/that-slack-email-you-just-got-asking-to-reset-your-password-is-legit-not-a-scam/

NIST offers tools to defend against nation state cyber threats (5 feb) https://fcw.com/articles/2021/02/05/nist-cyber-defense-tools-cui.aspx

Eletrobras, Copel energy companies hit by ransomware attacks (5 feb) https://www.bleepingcomputer.com/news/security/eletrobras-copel-energy-companies-hit-by-ransomware-attacks/

How the United States Lost to Hackers (6 feb) https://www.nytimes.com/2021/02/06/technology/cyber-hackers-usa.html

New phishing attack uses Morse code to hide malicious URLs (7 feb) https://www.bleepingcomputer.com/news/security/new-phishing-attack-uses-morse-code-to-hide-malicious-urls/

Ziggy ransomware shuts down and releases victims’ decryption keys (7 feb) https://www.bleepingcomputer.com/news/security/ziggy-ransomware-shuts-down-and-releases-victims-decryption-keys/

Google Launches Database for Open Source Vulnerabilities (7 feb) https://www.securityweek.com/google-launches-database-open-source-vulnerabilities

Microsoft to add ‘nation-state activity alerts’ to Defender for Office 365 (8 feb) https://www.zdnet.com/article/microsoft-to-add-nation-state-activity-alerts-to-defender-for-office-365/

Analys av kinesiska cyberoperationer under 2020 (8 feb) https://www.cstromblad.com/2021/02/analys-av-kinesiska-cyberoperationer-under-2020/

Conti ransomware gang tied to latest attacks on hospitals in Florida and Texas (8 feb) https://www.scmagazine.com/home/security-news/ransomware/conti-ransomware-gang-tied-to-latest-attacks-on-hospitals-in-florida-and-texas/

Ökat antal rapporterade it-incidenter från leverantörer av samhällsviktiga tjänster (8 feb) https://www.msb.se/sv/aktuellt/nyheter/2021/februari/okat-antal-rapporterade-it-incidenter-fran-leverantorer-av-samhallsviktiga-tjanster/ .. Rapport | NIS-leverantörers it-incidentrapportering 2020 https://www.msb.se/sv/amnesomraden/informationssakerhet-cybersakerhet-och-sakra-kommunikationer/nis-direktivet/incidentrapportering-for-nis-leverantorer/arsrapport-over-nis-leverantorers-incidentrapportering-2020/

Security gaps in operational tech exposed with hacker attempt to poison Florida city water (8 feb) https://www.scmagazine.com/home/security-news/network-security/security-gaps-in-operational-tech-exposed-with-hacker-attempt-to-poison-florida-city-water/ .. Someone tried to poison a Florida city by hacking into the water treatment system, sheriff says (9 feb) https://edition.cnn.com/2021/02/08/us/oldsmar-florida-hack-water-poison/index.html .. What’s most interesting about the Florida water system hack? That we heard about it at all. (10 feb) https://krebsonsecurity.com/2021/02/whats-most-interesting-about-the-florida-water-system-hack-that-we-heard-about-it-at-all/

Researcher hacks over 35 tech firms in novel supply chain attack (9 feb) https://www.bleepingcomputer.com/news/security/researcher-hacks-over-35-tech-firms-in-novel-supply-chain-attack/amp/

Author of uPanel phishing kit arrested in Ukraine (9 feb) https://www.zdnet.com/article/author-of-upanel-phishing-kit-arrested-in-ukraine/

PyPI, GitLab dealing with spam attacks (9 feb) https://www.zdnet.com/article/pypi-gitlab-dealing-with-spam-attacks/

We uncovered a Facebook phishing campaign that tricked nearly 500,000 users in two weeks (9 feb) https://cybernews.com/security/we-uncovered-a-facebook-phishing-campaign-that-tricked-nearly-500000-users-in-two-weeks/

Cyberpunk 2077 studio falls victim to ransomware attack, data leak threatened (9 feb) https://www.theverge.com/2021/2/9/22274035/cd-projekt-hack-source-code-cyberpunk-2077-witcher-3-encrypt-data-ransom

Ransomware Profitability (10 feb) https://www.schneier.com/blog/archives/2021/02/ransomware-profitability.html

Ten hackers arrested for string of SIM-swapping attacks against celebrities (10 feb) https://www.europol.europa.eu/newsroom/news/ten-hackers-arrested-for-string-of-sim-swapping-attacks-against-celebrities

This old security vulnerability left millions of Internet of Things devices vulnerable to attacks (10 feb) https://www.zdnet.com/article/this-old-security-vulnerability-left-millions-of-internet-of-things-devices-vulnerable-to-attacks/

Region Gävleborg polisanmäler ett nytt misstänkt dataintrång (11 feb) https://sverigesradio.se/artikel/region-gavleborg-polisanmaler-ett-nytt-misstankt-dataintrang

Informationssäkerhet och blandat

IMY lämnar över integritetsskyddsrapport till regeringen (28 jan) https://www.imy.se/nyheter/imy-lamnar-over-integritetsskyddsrapport-till-regeringen/ .. Rapport: https://www.imy.se/om-oss/publikationer/integritetsskyddsrapport2020/ .. Risk för oetisk insamling av data (29 feb) https://www.offentligaaffarer.se/2021/01/29/risk-for-oetisk-insamling-av-data/

Fenomenet Clubhouse – fluga eller framtiden? (5 feb) https://www.svd.se/allt-du-behover-veta-om-fenomenet-clubhouse

Telegram, WhatsApp, Signal och Protonmail – så avslöjas din identitet trots kryptering (7 feb) https://newsvoice.se/2021/02/signal-whatsapp-telegram-protonmail/

Your security technology is only as strong as your team (9 feb) https://www.helpnetsecurity.com/2021/02/09/investing-security-technology/

Framgång i tävling om cybersäkerhet (9 feb) https://www.ltu.se/ltu/media/news/Framgang-i-tavling-om-cybersakerhet-1.206080

3 Reasons to Ditch Your VPN for Secure Enterprise Remote Access (10 feb) https://www.proofpoint.com/us/blog/zero-trust-network-access/3-reasons-ditch-your-vpn-secure-enterprise-remote-access

Texas lawyer, trapped by cat filter on Zoom call, informs judge he is not a cat (10 feb) https://www.theguardian.com/us-news/2021/feb/09/texas-lawyer-zoom-cat-filter-kitten

Fel av polisen att använda app för ansiktsigenkänning (11 feb) https://www.imy.se/nyheter/fel-av-polisen-att-anvanda-app-for-ansiktsigenkanning/

WomenInScience: High Number of Girls Sign Up for Codebreaking Contest (11 feb) https://www.infosecurity-magazine.com/news/girls-sign-up-codebreaking-contest/

CERT-SE i veckan

Adobes månatliga säkerhetsuppdateringar för februari

Microsofts månatliga säkerhetsuppdateringar för februari 2021