CERT-SE:s veckobrev v.29

Veckobrev

Trots högsommar händer många spännande händelser i cybervärlden. Mycket uppmärksamhet har det varit kring avslöjandet om att övervakningsföretaget NSO:s programvara Pegasus, missbrukas för att övervaka journalister och människorättsaktivister. Kaseya meddelar att de har fått tag på dekrypteringsnyckeln för REvil-ransomware och har börjat dela denna med drabbade kunder.

Trevlig läsning! Nu gör CERT-SE:s veckobrev ett sommaruppehåll och är tillbaka vecka 35.

Nyheter i veckan

Right or Left, You Should Be Worried About Big Tech Censorship (16 jul)
https://www.eff.org/deeplinks/2021/07/right-or-left-you-should-be-worried-about-big-tech-censorship

Ransomware hits law firm counseling Fortune 500, Global 500 companies (18 jul)
https://www.bleepingcomputer.com/news/security/ransomware-hits-law-firm-counseling-fortune-500-global-500-companies/

Windows Hello bypassed using infrared image (18 jul)
https://therecord.media/windows-hello-bypassed-using-infrared-image/

Chinese State-Sponsored Cyber Operations: Observed TTPs (19 jul)
https://us-cert.cisa.gov/ncas/alerts/aa21-200b

USA och Norge anklagar Kina för it-attack (18 jul)
https://www.dn.se/varlden/usa-och-norge-anklagar-kina-for-it-attack/

Norway says cyber attack on parliament carried out from China (19 jul)
https://www.reuters.com/world/china/norway-says-march-cyber-attack-parliament-carried-out-china-2021-07-19/

Fortinet’s security appliances hit by remote code execution vulnerability (20 jul)
https://www.theregister.com/2021/07/20/fortinet_rce/

Introducing Email Protection: The easy way to block email trackers and hide your address (20 jul)
https://spreadprivacy.com/introducing-email-protection-beta/

16 Years In Hiding – Millions of Printers Worldwide Vulnerable (20 jul)
https://labs.sentinelone.com/cve-2021-3438-16-years-in-hiding-millions-of-printers-worldwide-vulnerable/

China Sets Up New Worrying Vulnerability Disclosure Rules (20 jul)
https://www.bitdefender.com/blog/hotforsecurity/china-sets-up-new-worrying-vulnerability-disclosure-rules

Make-me-admin holes found in Windows, Linux kernel (21 jul)
https://www.theregister.com/2021/07/21/windows_linux_privilege_escalation/

Groundhog day: NPM package caught stealing browser passwords (21 jul)
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords

Akamai DNS global outage takes down major websites, online services (22 jul)
https://www.bleepingcomputer.com/news/security/akamai-dns-global-outage-takes-down-major-websites-online-services/

It-haveri drabbade tusentals webbplatser
https://www.dn.se/ekonomi/stort-it-haveri-24-000-webbplatser-drabbade/

The ransomware risk management calculus is changing for OT, ICS and critical infrastructure (22 jul)
https://www.techrepublic.com/article/the-ransomware-risk-management-calculus-is-changing-for-ot-ics-and-critical-infrastructure/

A favorite target of Russian hackers, the Olympics are on guard (22 jul)
https://www.nbcnews.com/tech/security/olympics-are-guard-favorite-target-russian-hackers-rcna1422

Hackers reportedly demand $50m from Saudi Aramco over data leak (22 jul)
https://www.bbc.com/news/business-57924355

FBI warns of increase in ransomware, cyberattacks on businesses (22 jul)
https://www.fox4news.com/news/fbi-warns-of-increase-in-ransomware-cyberattacks-on-businesses

19 days after REvil’s ransomware attack on Kaseya VSA systems, there’s a fix (22 jul)
https://www.theverge.com/2021/7/22/22589643/ransomware-kaseya-vsa-decryptor-revil

Kaseya obtains REvil decryptor, starts sharing it with afflicted customers (23 jul)
https://www.theregister.com/2021/07/23/kaseya_obtains_revil_decryptor_starts/

Manufacturers turning to zero trust to better secure their networks (23 jul)
https://www.helpnetsecurity.com/2021/07/23/manufacturers-zero-trust/

Pegasus

Forensic Methodology Report: How to catch NSO Group’s Pegasus (18 jul)
https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/

Revealed: leak uncovers global abuse of cyber-surveillance weapon (18 jul)
https://www.theguardian.com/world/2021/jul/18/revealed-leak-uncovers-global-abuse-of-cyber-surveillance-weapon-nso-group-pegasus

Private Israeli malware ‘Pegasus’ used to spy on journalists, activists and politicians (18 jul)
https://www.france24.com/en/technology/20210718-private-israeli-malware-used-to-spy-on-journalists-activists-and-politicians

Amazon Shuts Down NSO Group Infrastructure (19 jul)
https://www.vice.com/en/article/xgx5bw/amazon-aws-shuts-down-nso-group-infrastructure

Spyware can make your phone your enemy. Journalism is your defence (19 jul)
https://www.theguardian.com/world/commentisfree/2021/jul/19/spyware-can-make-your-phone-your-enemy-journalism-is-your-defence

Pegasus project: spyware leak suggests lawyers and activists at risk across globe (19 jul)
https://www.theguardian.com/news/2021/jul/19/spyware-leak-suggests-lawyers-and-activists-at-risk-across-globe

Informationssäkerhet och blandat

Unlocking the secrets of the world’s oldest computer (15 jul)
https://www.bbc.com/reel/video/p09pcwnz/unlocking-the-secrets-of-the-world-s-oldest-computer?

How to Fix the Big Problems With Two-Factor and Multifactor Authentication (20 jul)
https://securityintelligence.com/articles/fix-big-problems-with-two-factor-multifactor-authentication/

How Data Discovery and Zero Trust Can Help Defend Against a Data Breach (20 jul)
https://securityintelligence.com/posts/data-discovery-zero-trust-defend-data-breach/

Did you know 1/3 of cybersecurity professionals have had personal experience of harassment online?
https://respectinsecurity.org/

Tre tips för bättre it-säkerhet (23 jul)
https://www.svt.se/nyheter/lokalt/vastmanland/tre-tips-for-battre-it-sakerhet

CERT-SE i veckan

ACL-sårbarhet i Windows ger obehörig åtkomst till systemfiler

Kritiska sårbarheter i flera Adobe-produkter

Oracles kvartalsvisa säkerhetsuppdatering för juli 2021

Flera allvarliga sårbarheter i Citrix-produkter