Som du ser är vår webbplats inte anpassad för äldre webbläsare. Vi rekommenderar att du uppgraderar till en nyare webbläsare.

Publicerad - Veckobrev

CERT-SE:s veckobrev v.9

Äntligen fredag och äntligen veckobrev. Vi vill särskillt uppmärksamma sårbarheterna i Microsoft Exchange Server som offentliggjordes i veckan. När systemen är undersökta och uppdaterade finns här en mängd spännande nyheter att fördjupa sig i. Så fram med ostbågarna och hugg in!

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Lazarus, advanced persistent threat group, targets the defense industry (25 feb)
https://www.kaspersky.com.au/about/press-releases/2021_lazarus-advanced-persistent-threat-group-targets-the-defense-industry

Hospitals, Schools Get a Crucial Break From Ransomware Attacks (25 feb)
https://therecord.media/hospitals-schools-get-a-crucial-break-from-ransomware-attacks/

Hackers tied to Russia’s GRU targeted the US grid for years (27 feb)
https://arstechnica.com/information-technology/2021/02/hackers-tied-to-russias-gru-targeted-the-us-grid-for-years/

China-linked Group RedEcho Targets the Indian Power Sector Amid Heightened Border Tensions (28 feb)
https://www.recordedfuture.com/redecho-targeting-indian-power-sector/

The Hijacking of Perl.com (28 feb)
https://www.perl.com/article/the-hijacking-of-perl-com/

Social network Gab hacked, hit with $500,000 ransom demand (1 mar)
https://www.cnet.com/news/social-network-gab-hacked-hit-with-500000-ransom-demand/

Ryuk Ransomware With Worm-Like Capabilities Spotted in the Wild (1 mar)
https://www.securityweek.com/ryuk-ransomware-worm-capabilities-spotted-wild

“Gootloader” expands its payload delivery options (1 mar)
https://news.sophos.com/en-us/2021/03/01/gootloader-expands-its-payload-delivery-options/

FI: Brister i Swedbanks cybersäkerhet (1 mar)
https://www.dn.se/ekonomi/fi-brister-i-swedbanks-cybersakerhet/

The Ursnif banking Trojan has hit over 100 Italian banks (2 mar)
https://blog.avast.com/ursnif-victim-data

ObliqueRAT Trojan now lurks in images on compromised websites (2 mar)
https://www.zdnet.com/article/obliquerat-trojan-now-hides-in-images-on-compromised-websites/

ENISA and CERT-EU sign Agreement to start their Structured Cooperation (2 mar)
https://www.enisa.europa.eu/news/enisa-news/enisa-and-cert-eu-sign-agreement-to-start-their-structured-cooperation

MSB om riskerna med nya journalsystemet (3 mar)
https://www.svt.se/nyheter/lokalt/orebro/msb-om

It-attacker växande problem i Region Gotland (3 mar)
https://www.svd.se/it-attacker-vaxande-problem-i-region-gotland/i/senaste

Three Top Russian Cybercrime Forums Hacked (4 mar)
https://krebsonsecurity.com/2021/03/three-top-russian-cybercrime-forums-hacked/
..
Breaking: Elite Cybercrime Forum “Maza” Breached by Unknown Attacker (4 mar)
https://www.flashpoint-intel.com/blog/breelite-cybercrime-forum-maza-breached-by-unknown-attacker/

Kommuner anmäler sig själva efter Ekots granskning (5 mar)
https://sverigesradio.se/artikel/kommuner-anmaler-sig-sjalva-efter-ekots-granskning

Informationssäkerhet och blandat

An Exploration of JSON Interoperability Vulnerabilities (25 feb)
https://labs.bishopfox.com/tech-blog/an-exploration-of-json-interoperability-vulnerabilities

Molntjänster och FISA 702 (26 feb)
https://kryptera.se/molntjanster-och-fisa-702/

Is Your Browser Extension a Botnet Backdoor? (1 mar)
https://krebsonsecurity.com/2021/03/is-your-browser-extension-a-botnet-backdoor/

Cybersäkerhet – nu är det allvar (1 mar)
https://www.svt.se/nyheter/svtforum/cybersakerhet-nu-ar-det-allvar

Cybercrime 'Help Wanted': Job Hunting on the Dark Web (1 mar)
https://www.darkreading.com/theedge/cybercrime-help-wanted-job-hunting-on-the-dark-web/b/d-id/1340265?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

March 1st – Threat Intelligence Report (1 mar)
https://research.checkpoint.com/2021/march-1st-threat-intelligence-report/

Inside the Ransomware Economy (1 mar)
https://www.securityweek.com/inside-ransomware-economy

Cybercriminals continue to target trusted cloud apps (2 mar)
https://www.helpnetsecurity.com/2021/03/02/cybercriminals-target-trusted-cloud-apps/

Eugene Kaspersky says cyber-crooks coined it during COVID and will take a break to spend their loot (3 mar)
https://www.theregister.com/2021/03/03/eugene_kaspersky_post_covid_security_predictions/

Create your Cyber Action Plan
https://www.ncsc.gov.uk/cyberaware/actionplan

Etterretningstjenesten: Focus 2021
https://www.forsvaret.no/aktuelt-og-presse/publikasjoner/fokus/rapporter/Focus2021-english.pdf/_/attachment/inline/450b1ed0-1983-4e6b-bc65-4aa7631aa36f:21c5241a06c489fa1608472c3c8ab855c0ac3511/Focus2021-english.pdf

CERT-SE i veckan

BM21-001, BM21-002 - Aktiva skanningar efter sårbara Microsoft Exchange-servrar

Kritisk sårbarhet i Snow Inventory Agent