Som du ser är vår webbplats inte anpassad för äldre webbläsare. Vi rekommenderar att du uppgraderar till en nyare webbläsare.

Publicerad - Veckobrev

CERT-SE:s veckobrev v.10

Följderna av sårbarheten i Microsoft Exchange Server är fortsatt mycket allvarliga, se till att uppdatera och undersöka era system omgående. Vi har en hel del information om sårbarheten bland veckans länkar, så se till att ta del av den informationen, plus allt annat som rapporteras om den här veckan. Trevlig helg önskar CERT-SE!

Nyheter i veckan

Google’s FLoC Is a Terrible Idea (3 mar)
https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea

Three Top Russian Cybercrime Forums Hacked (4 mar)
https://krebsonsecurity.com/2021/03/three-top-russian-cybercrime-forums-hacked/

Ransomware har blivit en mångmiljardindustri visar ny analys (5 mar)
https://computersweden.idg.se/2.2683/1.747864/ransomware-ar-nu-en-mangmiljardindustri

SolarWinds: "IT's Pearl Harbor." (5 mar)
https://www.idginsiderpro.com/article/3609889/solarwinds-its-pearl-harbor.html

A new type of supply-chain attack with serious consequences is flourishing (6 mar)
https://arstechnica.com/gadgets/2021/03/more-top-tier-companies-targeted-by-new-type-of-potentially-serious-attack/

Ransomware Gang Threatens To Launch DDoS Attacks, Call Reporters and Business Partners (7 mar)
https://therecord.media/ransomware-gang-threatens-to-launch-ddos-attacks-call-reporters-and-business-partners/

Hacking Digitally Signed PDF Files (8 mar)
https://www.schneier.com/blog/archives/2021/03/hacking-digitally-signed-pdf-files.html

Intel, DoD start sprint to make homomorphic encryption ready for real (8 mar)
https://www.scmagazine.com/home/security-news/encryption-data-security/intel-dod-start-sprint-to-make-homomorphic-encryption-ready-for-real/

Introducing ThreatFox (8 mar)
https://abuse.ch/blog/introducing-threatfox/

Bazar Drops the Anchor (8 mar)
https://thedfirreport.com/2021/03/08/bazar-drops-the-anchor/

Chinese hackers targeted SolarWinds customers in parallel with Russian op (9 mar)
https://arstechnica.com/gadgets/2021/03/chinese-hackers-targeted-solarwinds-customers-in-parallel-with-russian-op/

Only 12% of enterprises have fully embraced SASE (9 mar)
https://www.helpnetsecurity.com/2021/03/09/sase-adoption/

Linux Foundation Debuts Sigstore Project for Software Signing (9 mar)
https://www.darkreading.com/application-security/linux-foundation-debuts-sigstore-project-for-software-signing/d/d-id/1340360

Spanish government falls victim to Ryuk ransomware attack (10 mar)
https://therecord.media/spanish-government-falls-victim-to-ryuk-ransomware-attack/

New Linux Backdoor RedXOR Likely Operated by Chinese Nation-State Actor (10 mar)
https://www.intezer.com/blog/malware-analysis/new-linux-backdoor-redxor-likely-operated-by-chinese-nation-state-actor/

SharpRDP - PSExec without PSExec, PSRemoting without PowerShell (10 mar)
https://isc.sans.edu/forums/diary/SharpRDP+PSExec+without+PSExec+PSRemoting+without+PowerShell/27188/

European Police Pounce After Cracking Crime Chat Network (10 mar)
https://www.securityweek.com/european-police-pounce-after-cracking-crime-chat-network

3.6 million websites taken offline after fire at OVH datacenters (10 mar)
https://news.netcraft.com/archives/2021/03/10/ovh-fire.html
--
Giant Datacenter Fire Takes Down Government Hacking Infrastructure (10 mar)
https://www.vice.com/en/article/3an9wb/ovh-datacenter-fire-takes-down-government-hacking-infrastructure
--
Brand i datacenter slog ut delar av hackares infrastruktur (12 mar)
https://computersweden.idg.se/2.2683/1.748135/brand-i-datacenter-ovhcloud

After Emotet takedown, Trickbot roars up threat charts (11 mar)
https://www.computerweekly.com/news/252497657/After-Emotet-takedown-Trickbot-roars-up-threat-charts

Över 700 myndighetskontor i Spanien nedtagna av ransomware (11 mar)
https://techworld.idg.se/2.2524/1.748066/myndighetskontor-i-spanien-ransomware-ryuk

Fast Random Bit Generation (11 mar)
https://www.schneier.com/blog/archives/2021/03/fast-random-bit-generation.html

Chinese Hackers Attack Indian Vaccine Makers (11 mar)
https://visiontimes.com/2021/03/11/chinese-hackers-attack-indian-vaccine-makers.html

5 common VPN myths busted (11 mar)
https://blog.malwarebytes.com/awareness/2021/03/5-common-vpn-myths-busted/

This malware was written in an unusual programming language to stop it from being detected (11 mar)
https://www.zdnet.com/article/this-malware-was-written-in-an-unusual-programming-language-to-stop-it-from-being-detected/

Microsoft Exchange

Hackers Exploit Exchange Flaws to Target Local Governments (5 mar)
https://www.bankinfosecurity.com/hackers-exploit-exchange-flaws-to-target-local-governments-a-16125

At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software (5 mar)
https://krebsonsecurity.com/2021/03/at-least-30000-u-s-organizations-newly-hacked-via-holes-in-microsofts-email-software/

Tiotusentals drabbade av ny hackerattack (6 mar)
https://sverigesradio.se/artikel/tiotusentals-drabbade-av-ny-hackerattack

Tens of thousands of US organizations hit in ongoing Microsoft Exchange hack (6 mar)
https://arstechnica.com/gadgets/2021/03/tens-of-thousands-of-us-organizations-hit-in-ongoing-microsoft-exchange-hack/

Microsoft's MSERT tool now finds web shells from Exchange Server attacks (7 mar)
https://www.bleepingcomputer.com/news/security/microsofts-msert-tool-now-finds-web-shells-from-exchange-server-attacks/

A Basic Timeline of the Exchange Mass-Hack (8 mar)
https://krebsonsecurity.com/2021/03/a-basic-timeline-of-the-exchange-mass-hack/

Microsoft släpper verktyg som kollar om Exchange-servrar är hackade (8 mar)
https://techworld.idg.se/2.2524/1.747946/microsoft-powershell-test-proxylogon

European Banking Authority hit by Microsoft Exchange hack (9 mar)
https://www.bbc.com/news/technology-56321567
--
https://www.eba.europa.eu/cyber-attack-european-banking-authority

Criminal hacking groups piling on to escalating Microsoft Exchange crisis (9 mar)
https://appleinsider.com/articles/21/03/09/criminal-hacking-groups-piling-on-to-escalating-microsoft-exchange-crisis

Microsoft Exchange server exploitation: how to detect, mitigate, and stay calm (9 mar)
https://redcanary.com/blog/microsoft-exchange-attacks/

Reproducing the Microsoft Exchange Proxylogon Exploit Chain (9 mar)
https://www.praetorian.com/blog/reproducing-proxylogon-exploit/

Warning the World of a Ticking Time Bomb (9 mar)
https://krebsonsecurity.com/2021/03/warning-the-world-of-a-ticking-time-bomb/

The Microsoft Exchange Server mega-hack – what you need to know (9 mar)
https://hotforsecurity.bitdefender.com/blog/the-microsoft-exchange-server-mega-hack-what-you-need-to-know-25442.html

Bollnäs och Ovanåkers kommuner har utsatts för dataintrång (9 mar)
https://sverigesradio.se/artikel/bollnas-kommun-har-utsatts-for-dataintrang
--
Ingen upptäckte dataintrång i kommunservrar innan Microsoft larmade (10 mar)
https://sverigesradio.se/artikel/ingen-upptackte-dataintrang-i-kommunservrar-innan-microsoft-larmade

Stortinget utsatt for IT-angrep (10 mar)
https://www.stortinget.no/no/Hva-skjer-pa-Stortinget/Nyhetsarkiv/Pressemeldingsarkiv/2020-2021/stortinget-utsatt-for-it-angrep/
--
Norges riksdag utsatt för it-angrepp – igen (10 mar)
https://www.dn.se/varlden/norges-riksdag-utsatt-for-it-angrepp-igen/
--
Norway parliament data stolen in Microsoft Exchange attack (10 mar)
https://www.bleepingcomputer.com/news/security/norway-parliament-data-stolen-in-microsoft-exchange-attack/

More hacking groups join Microsoft Exchange attack frenzy (10 mar)
https://www.bleepingcomputer.com/news/security/more-hacking-groups-join-microsoft-exchange-attack-frenzy/

PoC released for Microsoft Exchange ProxyLogon vulnerabilities (10 mar)
https://therecord.media/poc-released-for-microsoft-exchange-proxylogon-vulnerabilities/

There’s a vexing mystery surrounding the 0-day attacks on Exchange servers (11 mar)
https://arstechnica.com/gadgets/2021/03/security-unicorn-exchange-server-0-days-were-exploited-by-6-apts/

Ransomware now attacks Microsoft Exchange servers with ProxyLogon exploits (11 mar)
https://www.bleepingcomputer.com/news/security/ransomware-now-attacks-microsoft-exchange-servers-with-proxylogon-exploits/

Minst 30 organisationer i Finland har råkat ut för dataintrång – ovanligt allvarligt säkerhetshål i Microsofts e-postserver (12 mar)
https://svenska.yle.fi/artikel/2021/03/12/minst-30-organisationer-i-finland-har-rakat-ut-for-dataintrang-ovanligt

Microsoft's GitHub under fire after disappearing proof-of-concept exploit for critical Microsoft Exchange vulnerabilities (12 mar)
https://www.theregister.com/2021/03/12/github_disappears_exploit/

Informationssäkerhet och blandat

Hackers Just Looted Passenger Data From Some of the World's Biggest Airlines (5 mar)
https://gizmodo.com/hackers-just-looted-passenger-data-from-some-of-the-wor-1846417692

Cyberattack shuts down online learning at 15 UK schools (5 mar)
https://www.zdnet.com/article/cyberattack-shuts-down-online-learning-at-15-uk-schools/

The Humanity and Evolution of Cyber (7 mar)
https://www.tripwire.com/state-of-security/security-data-protection/cyber-security/humanity-and-evolution-of-cyber/

Allt vanligare att privatpersoner utpressas med stulna uppgifter (8 mar)
https://www.tv4.se/artikel/4X9UbYNQRQ324PYv16X6O0/allt-vanligare-att-privatpersoner-utpressas-med-stulna-uppgifter

Cybersecurity in 2021: Stopping the madness (8 mar)
https://www.csoonline.com/article/3610369/cybersecurity-in-2021-stopping-the-madness.html

Airline passenger data breached following “highly sophisticated attack” (8 mar)
https://grahamcluley.com/airline-passenger-data-breached-following-highly-sophisticated-attack/

We can attract more women by busting the ‘hoodie’ stereotype (8 mar)
https://www.scmagazine.com/perspectives/we-can-attract-more-women-by-busting-the-hoodie-stereotype/

Disruptions at Pan-American Life Likely Caused by Ransomware Attack (8 mar)
https://www.securityweek.com/disruptions-pan-american-life-likely-caused-ransomware-attack

University of the Highlands and Islands shuts down campuses as it deals with 'ongoing cyber incident' (8 mar)
https://www.theregister.com/2021/03/08/uni_highlands_islands_cyber_incident/

49% of female cybersecurity pros say the pandemic had a positive impact on their career (9 mar)
https://www.helpnetsecurity.com/2021/03/09/female-cybersecurity-pros-career-impact/

Serious Security: Webshells explained in the aftermath of HAFNIUM attacks (9 mar)
https://nakedsecurity.sophos.com/2021/03/09/serious-security-webshells-explained-in-the-aftermath-of-hafnium-attacks/

Falska AIS-spår som utger sig för att vara Försvarsmaktens fartyg (9 mar)
https://www.forsvarsmakten.se/sv/organisation/hogkvarteret/#!/notice/falska-ais-spar-som-utger-sig-for-att-vara-forsvarsmaktens-fartyg

Vårdcentral anmäld – patientuppgifter publicerades på Tiktok (9 mar)
https://www.dn.se/sthlm/vardcentral-anmald-patientuppgifter-publicerades-pa-tiktok/

On Not Fixing Old Vulnerabilities (9 mar)
https://www.schneier.com/blog/archives/2021/03/on-not-fixing-old-vulnerabilities.html

Hackers breach thousands of security cameras, exposing Tesla, jails, hospitals (10 mar)
https://www.bnnbloomberg.ca/hackers-break-into-thousands-of-security-cameras-exposing-tesla-jails-hospitals-1.1574681

Nu har Joe Biden utsett en cio för hela USA (10 mar)
https://computersweden.idg.se/2.2683/1.748033/clare-martorana-usa-cio

The Impact of COVID-19 on Cybersecurity Strategies (10 mar)
https://www.bankinfosecurity.com/impact-covid-19-on-cybersecurity-strategies-a-16160

Molson Coors Beer Operations Halted by Hack (11 mar)
https://www.darkreading.com/attacks-breaches/molson-coors-beer-operations-halted-by-hack/d/d-id/1340382

Metadata Left in Security Agency PDFs (12 mar)
https://www.schneier.com/blog/archives/2021/03/metadata-left-in-security-agency-pdfs.html

CERT-SE i veckan

Kritiska sårbarheter i F5 Networks BIG-IP

Adobes månatliga säkerhetsuppdateringar för mars

Microsofts månatliga säkerhetsuppdateringar för mars 2021