CERT-SE:s veckobrev v.37

Veckobrev

På internationella patiensäkerhetsdagen kommer CERT-SE bland annat med tips på hur man skyddar patienternas data. Det har också rapporterats om den nya spionprogramvaran Pegasus och ett antal olika incidenter. Mer positivt är att det nu finns en gratis nyckel för att avkryptera REvils ransomware från före 13:e juli.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Expert: Cyberhot blir största utmaningen för luftfarten (10 sep)
https://www.nyteknik.se/samhalle/expert-cyberhot-blir-storsta-utmaningen-for-luftfarten-7020608

Technology giant Olympus hit by BlackMatter ransomware (13 sep)
https://techcrunch.com/2021/09/12/technology-giant-olympus-hit-by-blackmatter-ransomware/

Investigating potential cybersecurity incident affecting limited areas of our EMEA IT system (11 sep)
https://www.olympus-europa.com/company/en/news/press-releases/2021-09-11t03-00-00/investigating-potential-cybersecurity-incident-affecting-limited-areas-of-our-emea-it-system.html

How a glitch in the Matrix led to apps potentially exposing encrypted chats (13 sep)
https://www.theregister.com/2021/09/13/matrix_foundation_implementation_bug/

Hackers port Cobalt Strike attack tool to Linux (13 sep)
https://searchsecurity.techtarget.com/news/252506642/Hackers-port-Cobalt-Strike-attack-tool-to-Linux

Vermilion Strike: Linux and Windows Re-implementation of Cobalt Strike (13 sep)
https://www.intezer.com/blog/malware-analysis/vermilionstrike-reimplementation-cobaltstrike/

BazarLoader to Conti Ransomware in 32 Hours (13 sep)
https://thedfirreport.com/2021/09/13/bazarloader-to-conti-ransomware-in-32-hours/

SEC charges App Annie with securities fraud in $10 million settlement (14 sep)
https://www.protocol.com/bulletins/app-annie-sec-fraud

Kungsbacka kommuns hemsida utsattes för it-attack: ”En allvarlig händelse” (14 sep)
https://www.kungsbackaposten.se/nyheter/kungsbacka-kommuns-hemsida-utsattes-f%C3%B6r-it-attack-en-allvarlig-h%C3%A4ndelse-1.54801408

Krita art app users targeted by ransomware posing as paid ‘collaboration’ opportunities (14 sep)
https://www.theregister.com/2021/09/14/krita_users_targeted_by_ransomware/

“Secret” Agent Exposes Azure Customers To Unauthorized Code Execution (14 sep)
https://www.wiz.io/blog/secret-agent-exposes-azure-customers-to-unauthorized-code-execution

Ransomware accounted for a quarter of all cyber insurance claims in Europe between 2016 and 2020 (15 sep)
https://therecord.media/ransomware-accounted-for-a-quarter-of-all-cyber-insurance-claims-in-europe-between-2016-and-2020/

Ransomware encrypts South Africa’s entire Dept of Justice network (15 sep)
https://www.bleepingcomputer.com/news/security/ransomware-encrypts-south-africas-entire-dept-of-justice-network/

DfE launches cyber security scorecard for schools (15 sep)
https://schoolsweek.co.uk/dfe-launches-cyber-security-scorecard-for-schools/

FTC rules that health apps must notify consumers affected by data breaches (16 sep)
https://www.engadget.com/ftc-rules-that-health-apps-must-notify-consumers-if-their-data-is-breached-114043312.html

There Is No Evidence Russia-based Ransomware Is Slowing Down (16 sep)
https://mytechdecisions.com/network-security/there-is-no-evidence-russia-based-ransomware-is-slowing-down/

Bitdefender Offers Free Universal Decryptor for REvil/Sodinokibi Ransomware (16 sep)
https://www.bitdefender.com/blog/labs/bitdefender-offers-free-universal-decryptor-for-revil-sodinokibi-ransomware/

Flera lokaltidningars sajter låg nere efter IT-problem (17 sep)
https://www.svt.se/nyheter/lokalt/jonkoping/jonkopings-posten-sajt-ligger-nere-tekniska-problem

Utländska myndigheter kan få direktåtkomst till uppgifter hos FRA (17 sep)
https://sverigesradio.se/artikel/utlandska-myndigheter-far-direktatkomst-till-uppgifter-hos-fra

Internet Society introduces MANRS initiative to improve the resilience and security of the routing infrastructure (17 sep)
https://www.helpnetsecurity.com/2021/09/17/internet-society-manrs-initiative/

Spionprogramvaran Pegasus

Apple rushes to block ‘zero-click’ iPhone spyware (14 sep)
https://www.bbc.com/news/business-58540936

FORCEDENTRY - NSO Group iMessage Zero-Click Exploit Captured in the Wild (13 sep)
https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/

Nytt spionprogram riktat mot Apples produkter (13 sep)
https://www.dn.se/ekonomi/nytt-spionprogram-riktat-mot-apples-produkter/

Apple Security Flaw: How do ‘Zero-Click’ Attacks Work? (14 sep)
https://www.securityweek.com/apple-security-flaw-how-do-zero-click-attacks-work

Så identifierar du spionprogramvaran Pegasus från NSO Group (17 sep)
https://kryptera.se/sa-identifierar-du-spionprogramvaran-pegasus-fran-nso-group/

Informationssäkerhet och blandat

How to Detect Cobalt Strike: An Inside Look at the Popular Commercial Post-Exploitation Tool (14 sep)
https://www.recordedfuture.com/detect-cobalt-strike-inside-look/

OSI Layer 1: The soft underbelly of cybersecurity (14 sep)
https://www.helpnetsecurity.com/2021/09/14/osi-layer-1/

Healthcare cybersecurity: How to prevent the compromise of patient records? (14 sep)
https://www.helpnetsecurity.com/2021/09/14/compromise-healthcare-records/

Understanding DDoS cyber attacks – Expert Reaction (15 sep)
https://www.scoop.co.nz/stories/SC2109/S00035/understanding-ddos-cyber-attacks-expert-reaction.htm

Microsoft accounts can now go fully passwordless (15 sep)
https://www.theverge.com/2021/9/15/22675175/microsoft-account-passwordless-no-password-security-feature

RIP Sir Clive Sinclair: British home computer trailblazer dies aged 81 (16 sep)
https://www.theregister.com/2021/09/16/sir_clive_sinclair/

Pointer: Hunting Cobalt Strike globally (16 sep)
https://medium.com/@shabarkin/pointer-hunting-cobalt-strike-globally-a334ac50619a

APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus (16 sep)
https://us-cert.cisa.gov/ncas/alerts/aa21-259a

CERT-SE i veckan

Kritiska sårbarheter i OMI kan påverka Linux-maskinerAdobes månatliga säkerhetsuppdateringar för september

Microsofts månatliga säkerhetsuppdateringar för september 2021

Nytt spionprogram påverkar Apple-produkter