CERT-SE:s veckobrev v.39

Veckobrev

Idag inleds årets cybersäkerhetsmånad. Det firar vi med att lansera årets upplaga av CERT-SE:s CTF-utmaning, välkommen att dyka in och leta flaggor!

Lycka till och trevlig helg önskar CERT-SE!

Nyheter i veckan

This ransomware-dropping malware has swapped phishing for a sneaky new attack route (24 sept)
https://www.zdnet.com/article/this-ransomware-dropping-malware-has-swapped-phishing-for-a-sneaky-new-attack-route/

The Proliferation of Zero-days (24 sept)
https://www.schneier.com/blog/archives/2021/09/the-proliferation-of-zero-days.html

Björn lär företag att skydda sig mot cyberattacker: Kan bli jobbigt (24 sept)
https://sverigesradio.se/artikel/bjorn-lar-foretag-att-skydda-sig-mot-cyberattacker-kan-bli-jobbigt

EU larmar om ryska cyberattacker (25 sept)
https://www.svd.se/eu-larmar-om-ryska-cyberattacker – EU: Russia Behind ‘Ghostwriter’ Campaign Targeting Germany (27 sept)
https://threatpost.com/eu-russia-ghostwriter-germany/175025/

Port of Houston was hit by an alleged state-sponsored attack (26 sept)
https://securityaffairs.co/wordpress/122599/hacking/port-of-houston-cyberattack.html

The August cyber attacks targeted a dozen Russian banks (27 sept)
https://www.ehackingnews.com/2021/09/the-august-cyber-attacks-targeted-dozen.html

Threat Actor Targets Indian Government With Commercial RATs (27 sept)
https://www.securityweek.com/threat-actor-targets-indian-government-commercial-rats

FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor (27 sept)
https://www.microsoft.com/security/blog/2021/09/27/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/

Russian Turla APT Group Deploying New Backdoor on Targeted Systems (27 sept)
https://thehackernews.com/2021/09/russian-turla-apt-group-deploying-new.html

New malware steals Steam, Epic Games Store, and EA Origin accounts (27 sept)
https://www.bleepingcomputer.com/news/security/new-malware-steals-steam-epic-games-store-and-ea-origin-accounts/

Attackers Moving Faster Inside Target Networks (28 sept)
https://www.darkreading.com/threat-intelligence/attackers-moving-faster-inside-target-networks-report

FinSpy Surveillance Spyware Fitted With UEFI Bootkit (28 sept)
https://www.securityweek.com/finspy-surveillance-spyware-fitted-uefi-bootkit

Winter Vivern – all Summer (28 sept)
https://lab52.io/blog/winter-vivern-all-summer/

AirTag vulnerability turns tracker into Trojan horse, fix incoming (28 sept)
https://appleinsider.com/articles/21/09/28/airtag-vulnerability-turns-tracker-into-trojan-horse-fix-incoming

It-attack mot aktietjänst – krävs på pengar (28 sept)
https://www.dn.se/ekonomi/it-attack-mot-aktietjanst-kravs-pa-pengar/

NSA, CISA Release Guidance on Selecting and Hardening Remote Access VPNs (28 sept)
https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/2791320/nsa-cisa-release-guidance-on-selecting-and-hardening-remote-access-vpns/

Hotbilden mot dricksvatten-och livsmedelsområdet (28 sept)
https://www.livsmedelsverket.se/globalassets/publikationsdatabas/broschyrer-foldrar/slv-hotbilden-mot-dricksvatten-och-livsmedelsomradet-utskrift-2021..pdf

Cybercrime - The Other Pandemic (28 sept)
https://www.bankinfosecurity.com/blogs/cybercrime-other-pandemic-p-3120

How nation-state attackers like NOBELIUM are changing cybersecurity (28 sept)
https://www.microsoft.com/security/blog/2021/09/28/how-nation-state-attackers-like-nobelium-are-changing-cybersecurity/

Gopher, The Competing Standard To WWW In The ’90s Is Still Worth Checking Out (28 sept)
https://hackaday.com/2021/09/28/gopher-the-competing-standard-to-www-in-the-90s-is-still-worth-checking-out/

Around the world with the NSA’s cyber chief (29 sept)
https://therecord.media/around-the-world-with-the-nsas-cyber-chief/

Cyberespionage Implant Delivered via Targeted Government DNS Hijacking (29 sept)
https://www.securityweek.com/cyberespionage-implant-delivered-targeted-government-dns-hijacking

This dangerous mobile Trojan has stolen a fortune from over 10 million victims (29 sept)
https://www.zdnet.com/article/this-dangerous-mobile-trojan-has-stolen-a-fortune-from-over-10-million-victims-worldwide/

Kraken Security Labs Identifies Vulnerabilities In Commonly Used Bitcoin ATM (29 sept)
https://blog.kraken.com/post/11263/kraken-security-labs-identifies-vulnerabilities-in-commonly-used-bitcoin-atm/

Russia detains cyber-security tycoon Ilya Sachkov in treason case (29 sept)
https://www.bbc.com/news/world-europe-58738952

Hackare är missnöjda med hackargruppen Revil (29 sept)
https://computersweden.idg.se/2.2683/1.756518/hackare-ar-missnojda-med-hackargruppen-revil

Opportunities for Women in Cybersecurity (29 sept)
https://www.csoonline.com/article/3635132/opportunities-for-women-in-cybersecurity.html

Ransomware attack disrupts hundreds of bookstores across France, Belgium, and the Netherlands (30 sept)
https://therecord.media/ransomware-attack-disrupts-hundreds-of-bookstores-across-france-belgium-and-the-netherlands/

Revealed: How to steal money from victims’ contactless Apple Pay wallets (30 sept)
https://www.theregister.com/2021/09/30/apple_pay_contactless_visa_fraud/

RansomEXX, Fixing Corrupted Ransom (30 sept)
https://medium.com/proferosec-osm/ransomexx-fixing-corrupted-ransom-8e379bcaf701

Why the cybersecurity industry should treat civil society as critical infrastructure (30 sept)
https://therecord.media/why-the-cybersecurity-industry-should-treat-civil-society-as-critical-infrastructure/

Google startar buggjägarprogram för Tsunami Security Scanner (30 sept)
https://computersweden.idg.se/2.2683/1.756548/google-startar-buggjaktsprogram-for-tsunami-security-scanner

Congress demands briefing from FBI on decision not to share Kaseya decryption keys (30 sept)
https://www.zdnet.com/article/congress-demands-briefing-from-fbi-on-decision-not-to-share-kaseya-decryption-keys/

ESET Threat Report T2 2021 (30 sept)
https://www.welivesecurity.com/2021/09/30/eset-threat-report-t22021/

Kaspersky research shows top targets of cyber criminals in Africa (30 sept)
https://www.itweb.co.za/content/mQwkoq6Pd2Y73r9A/pXnWJadMba7bjO1e

Baby’s Death Alleged to Be Linked to Ransomware (30 sept)
https://threatpost.com/babys-death-linked-ransomware/175232/

Join us in October for #CyberSecMonth 2021 (1 okt)
https://cybersecuritymonth.eu/

More Than 90% of Q2 Malware Was Hidden in Encrypted Traffic (1 okt)
https://www.darkreading.com/perimeter/more-than-90-of-q2-malware-was-hidden-in-encrypted-traffic

This malware pretends to be Amnesty International protection from Pegasus (1 okt)
https://www.techradar.com/news/this-malware-pretends-to-be-amnesty-international-protection-from-pegasus

Informationssäkerhet och blandat

Polis döms för flera fall av dataintrång (26 sept)
https://sverigesradio.se/artikel/polis-doms-for-flera-fall-av-dataintrang

Portpass app may have exposed hundreds of thousands of users’ personal data (28 sept)
https://www.cbc.ca/news/canada/calgary/portpass-privacy-breach-1.6191749

Check What Information Your Browser Leaks (28 sept)
https://www.schneier.com/blog/archives/2021/09/check-what-information-your-browser-leaks.html

5 Personal Cyber Security Tips (29 sept)
https://www.hackread.com/5-personal-cyber-security-tips/

The Rise of One-Time Password Interception Bots (29 sept)
https://krebsonsecurity.com/2021/09/the-rise-of-one-time-password-interception-bots/

CERT-SE i veckan

CERT-SE CTF2021

Kritisk sårbarhet i Trend Micro ServerProtect

Kritisk sårbarhet i Sonicwall Secure Mobile Access