CERT-SE:s veckobrev v.11

På supporterns dag vill CERT-SE, som varje fredag, dela med sig av intressanta nyheter från veckan som gått. Vi hoppas att det kan vara ett stöd för er och tackar så mycket för allt stöd vi får från er. Veckans nyheter bjuder bland annat på angrepp och analyser, årsrapporter från SÄPO och FBI, samt några tips på hur man skyddar sig. Rafflande läsning! Sårbarheterna i Microsoft Exchange är fortfarande i höggrad aktuella och CERT-SE:s artikel har uppdaterats med bland annat verktyg som kan vara till användning vid hanteringen av dessa.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Magento 2 PHP Credit Card Skimmer Saves to JPG (10 mar) https://blog.sucuri.net/2021/03/magento-2-php-credit-card-skimmer-saves-to-jpg.html

Phishing sites now detect virtual machines to bypass detection (15 mar) https://www.bleepingcomputer.com/news/security/phishing-sites-now-detect-virtual-machines-to-bypass-detection/

UK Set to Boost Cybersecurity Operation (15 mar) https://www.bankinfosecurity.com/uk-set-to-boost-cybersecurity-operations-a-16181

Over 400 Cyberattacks at US Public Schools in 2020 (15 mar) https://www.govinfosecurity.com/over-400-cyberattacks-at-us-public-schools-in-2020-a-16183

Security ratings could raise the bar on cyber hygiene, but won’t stop the next SolarWinds (15 mar) https://www.scmagazine.com/home/government/security-labeling-could-raise-the-bar-on-cyber-hygiene-but-wont-stop-the-next-solarwinds/

WeLeakInfo Leaked Customer Payment Info (15 mar) https://krebsonsecurity.com/2021/03/weleakinfo-leaked-customer-payment-info/

Operation Diànxùn: Cyberespionage Campaign Targeting Telecommunication Companies (16 mar) https://www.mcafee.com/blogs/other-blogs/mcafee-labs/operation-dianxun-cyberespionage-campaign-targeting-telecommunication-companies

Latest Mirai Variant Targets SonicWall, D-Link and IoT Devices (16 mar) https://threatpost.com/mirai-variant-sonicwall-d-link-iot/164811/

Apple’s app transparency rules: Google’s privacy labels for Chrome and Search on iOS highlighted by DuckDuckGo (16 mar) https://www.theregister.com/2021/03/16/keep_scrolling_googles_privacy_labels/

Can We Stop Pretending SMS Is Secure Now? (16 mar) https://krebsonsecurity.com/2021/03/can-we-stop-pretending-sms-is-secure-now/

More than $4 billion in cybercrime losses reported to FBI in 2020 (17 mar) https://www.cyberscoop.com/fbi-ic3-cybercrime-4-billion-fraud/ .. Rapport: Internet Crime Report 2020 https://www.ic3.gov/Media/PDF/AnnualReport/2020_IC3Report.pdf

~4,300 publicly reachable servers are posing a new DDoS hazard to the Internet (17 mar) https://arstechnica.com/gadgets/2021/03/mainstream-ddosers-are-abusing-d-tls-servers-to-up-the-potency-of-attacks/

Mimecast Says SolarWinds Hackers Stole Source Code (17 mar) https://www.securityweek.com/mimecast-says-solarwinds-hackers-stole-source-code .. Incident Report (16 mar) https://www.mimecast.com/incident-report/

Polis sökte på släktingar i polisregister – straffas (17 mar) https://sverigesradio.se/artikel/polis-sokte-pa-slaktingar-i-polisens-datasystem-straffas

Polish State Websites Hacked and Used to Spread False Info (18 mar) https://www.securityweek.com/polish-state-websites-hacked-and-used-spread-false-info

Cyberangrepp mot kommunernas hemsidor (18 mar) https://www.expressen.se/gt/cyberangrepp-mot-kommunernas-hemsidor/

Telenors röstbrevlådor avlyssnade efter datorintrång (18 mar) https://feber.se/mobil/telenors-rostbrevlador-avlyssnade-efter-datorintrang/422719/ .. Bakom betalvägg: https://www.dn.se/ekonomi/attack-mot-telenor-rostbrevlador-har-avlyssnats/ https://www.dn.se/ekonomi/attack-mot-telenor-rostbrevlador-har-avlyssnats/

Chinese nation state hackers linked to Finnish Parliament hack (18 mar) https://www.bleepingcomputer.com/news/security/chinese-nation-state-hackers-linked-to-finnish-parliament-hack/

“Expert” hackers used 11 0-days to infect Windows, iOS, and Android users (18 mar) https://arstechnica.com/information-technology/2021/03/expert-hackers-used-11-zerodays-to-infect-windows-ios-and-android-users/

Facebook expands support for security keys to iOS and Android (18 mar) https://www.zdnet.com/article/facebook-expands-support-for-security-keys-to-ios-and-android/

Mejlaffären växer – pekas ut som säkerhetshot (19 mar) https://www.aftonbladet.se/nyheter/a/rg5L6R/mejlaffaren-vaxer–pekas-ut-som-sakerhetshot

Informationssäkerhet och blandat

A Spectre proof-of-concept for a Spectre-proof web (12 mar) https://security.googleblog.com/2021/03/a-spectre-proof-of-concept-for-spectre.html

Security Analysis of Apple’s “Find My…” Protocol (15 mar) https://www.schneier.com/blog/archives/2021/03/security-analysis-of-apples-find-my-protocol.html

Datagram Transport Layer Security (D/TLS) Reflection/Amplification DDoS Attack Mitigation Recommendations (16 mar) https://www.netscout.com/blog/asert/datagram-transport-layer-security-dtls-reflectionamplification

Ransomware: How to make sure backups are ready for a real attack (16 mar) https://www.networkworld.com/article/3611808/ransomware-how-to-make-sure-backups-are-ready-for-a-real-attack.html

Strukturera hotinformation i cyberdomänen med OpenCTI (18 mar) https://www.cstromblad.com/2021/03/strukturera-hotinformation-i-cyberdomanen-med-opencti/

Säkerhetspolisen 2020 https://www.sakerhetspolisen.se/publikationer/om-sakerhetspolisen/sakerhetspolisen-2020.html

CERT-SE i veckan

BM21-001, BM21-002: Sårbara Microsoft Exchange-servrar (uppdat. …, 2021-03-18, 2021-03-19)