CERT-SE:s veckobrev v.21

Veckobrev

Cyberattacker och dataintrång, ransomware och phishing, DNS och malware - det är bara några ledtrådar till innehållet i veckans nyhetssvep.

Trevlig läsning och en god helg önskar CERT-SE!

Nyheter i veckan

New YouTube Video Series: Everything you ever wanted to know about DNS and more! (20 maj)
https://isc.sans.edu/diary/rss/27440

Vaccinationsföretag i Skåne utsatt för IT-attack (21 maj)
https://sverigesradio.se/artikel/vaccinationsforetag-i-skane-utsatt-for-it-attack

How much economic damage would be done if a cyberattack took out the internet? (21 maj)
https://www.zdnet.com/article/how-much-economic-damage-would-be-done-if-a-cyberattack-took-out-the-internet/

FBI: Conti ransomware attacked 16 US healthcare, first responder orgs (21 maj)
https://www.bleepingcomputer.com/news/security/fbi-conti-ransomware-attacked-16-us-healthcare-first-responder-orgs/

“Serverless” Phishing Campaign (22 maj)
https://isc.sans.edu/diary/%22Serverless%22+Phishing+Campaign/27446

Belgium approves new cyber strategy with emphasis on essential institutions (22 maj)
https://therecord.media/belgium-approves-new-cyber-strategy-with-emphasis-on-essential-institutions/

Super-Secure Processor Thwarts Hackers by Turning a Computer Into a Puzzle (22 maj)
https://www.sciencealert.com/morpheus-computer-processor-is-forever-changing-its-microarchitecture-to-thwart-hackers

Conti Ransomware hit 16 US health and emergency Services, said FBI (22 maj)
https://securityaffairs.co/wordpress/118167/cyber-crime/conti-ransomware-flash-alert.html

Irish cyber-attack: Hackers bail out Irish health service for free (22 maj)
https://www.bbc.com/news/world-europe-57197688

A malware attack hit the Alaska Health Department (23 maj)
https://securityaffairs.co/wordpress/118184/cyber-crime/alaska-health-department-malware.html

This massive phishing campaign delivers password-stealing malware disguised as ransomware (24 maj)
https://www.zdnet.com/article/this-massive-phishing-campaign-delivers-password-stealing-malware-disguised-as-ransomware/

New Bluetooth Flaws Let Attackers Impersonate Legitimate Devices (24 maj)
https://thehackernews.com/2021/05/new-bluetooth-flaws-let-attackers.html

Devices supporting Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks and AuthValue disclosure (24 maj)
https://kb.cert.org/vuls/id/799380

USB Drop Attack (25 maj)
https://sliitcs2.medium.com/usb-drop-attack-d8dcb8ce2e4a

Crimes of Opportunity: Increasing Frequency of Low Sophistication Operational Technology Compromises (25 maj)
https://www.fireeye.com/blog/threat-research/2021/05/increasing-low-sophistication-operational-technology-compromises.html

This dangerous new malware is stealing people’s passwords (25 maj)
https://bgr.com/tech/malware-attack-microsoft-identifies-phishing-campaign-malware-stealing-passwords-5927634/

Not as complex as we thought: Cyberattacks on operational technology are on the rise (25 maj)
https://www.zdnet.com/article/not-as-complex-as-we-thought-cyberattacks-on-operational-technology-are-on-the-rise/

Triple-extortion is a new tool for ransomware attackers (25 maj)
https://www.techrepublic.com/videos/triple-extortion-is-a-new-tool-for-ransomware-attackers/

Colonial Pipeline attack spurs new rules for critical infrastructure (25 maj)
https://blog.malwarebytes.com/ransomware/2021/05/colonial-pipeline-attack-spurs-new-rules-for-critical-infrastructure/

UK Insurer Recovering From Ransomware Attack (25 maj)
https://www.bankinfosecurity.com/uk-insurer-recovering-from-ransomware-attack-a-16736

Kaspersky Security Bulletin 2020-2021. EU statistics (26 maj)
https://securelist.com/kaspersky-security-bulletin-2020-2021-eu-statistics/102335/

Belgium government discovers old 2019 hack during Hafnium investigation (26 maj)
https://therecord.media/belgium-government-discovers-old-2019-hack-during-hafnium-investigation/

What to do about open source vulnerabilities? Move fast, says Linux Foundation expert (26 maj)
https://www.theregister.com/2021/05/26/open_source_vluns_talk_qcon/

Is it really the Wild West in cybercrime? Why we need to re-examine our approach to ransomware (26 maj)
https://www.techrepublic.com/article/is-it-really-the-wild-west-in-cybercrime-why-we-need-to-re-examine-our-approach-to-ransomware/

Have I Been Pwned goes open-source and teams up with the FBI on leaked passwords (27 maj)
https://thenextweb.com/news/have-i-been-pwned-open-source-fbi

‘Have I Been Pwned’ Code Base Now Open Source (27 maj)
https://www.darkreading.com/threat-intelligence/have-i-been-pwned-code-base-now-open-source/d/d-id/1341156

Pwned Passwords, Open Source in the .NET Foundation and Working with the FBI (28 maj)
https://www.troyhunt.com/pwned-passwords-open-source-in-the-dot-net-foundation-and-working-with-the-fbi/

Microsoft Announces New Campaign from NOBELIUM (27 maj)
https://us-cert.cisa.gov/ncas/current-activity/2021/05/27/microsoft-announces-new-campaign-nobelium

New sophisticated email-based attack from NOBELIUM (27 maj)
https://www.microsoft.com/security/blog/?p=93630

Another Nobelium Cyberattack (27 maj)
https://blogs.microsoft.com/on-the-issues/2021/05/27/nobelium-cyberattack-nativezone-solarwinds/

Informationssäkerhet och blandat

Air India cyber attack exposes 4.5 million customers’ data (24 maj)
https://www.itpro.co.uk/security/cyber-attacks/359642/air-india-cyber-attack-exposes-45-million-customers-data

Patientuppgifter läckta efter it-attack (26 maj)
https://www.svd.se/patientuppgifter-lackta-efter-hackerattack

Cybersecurity leaders lacking basic cyber hygiene (26 maj)
https://www.helpnetsecurity.com/2021/05/26/cybersecurity-leaders-cyber-hygiene/

Colonial Pipeline, crypto crackdowns: Feds point to critical cyber moments (26 maj)
https://www.scmagazine.com/home/security-news/cybercrime/colonial-pipeline-microsoft-crypto-crackdowns-feds-point-to-critical-cyber-moments/

DHS Unveils New Cybersecurity Requirements for Pipelines (27 maj)
https://www.bankinfosecurity.com/dhs-unveils-new-cybersecurity-requirements-for-pipelines-a-16758

Klarna har tekniska problem – appen stängd (27 maj)
https://www.dn.se/ekonomi/klarna-har-tekniska-problem/

It-expert om felet hos Klarna: ”Många känner nog ett obehag” (27 maj)
https://www.dn.se/ekonomi/it-expert-om-felet-hos-klarna-manga-kanner-nog-ett-obehag/

Written statement on app bug. (27 maj)
https://www.klarna.com/us/blog/written-statement-on-app-bug/

Intrångsförsök i FHM:s databas: ”Inte alls bra” (27 maj)
https://www.svt.se/nyheter/inrikes/intrangsforsok-i-folkhalsomyndighetens-databas-inte-alls-bra

Folkhälsomyndigheten anmäler försök till dataintrång mot SmiNet (27 maj)
https://www.folkhalsomyndigheten.se/nyheter-och-press/nyhetsarkiv/2021/maj/folkhalsomyndigheten-anmaler-forsok-till-dataintrang-mot-sminet/

It’s time to shift from verifying data to authenticating identity (28 maj)
https://www.helpnetsecurity.com/2021/05/28/shift-from-verifying-data-to-authenticating-identity/

CERT-SE i veckan

Två sårbarheter i VMware-produkter