CERT-SE:s veckobrev v.40

Veckobrev

Måndagens störningar i Facebooks tjänster har diskuterats en del den här veckan. När enstaka fel kan leda till omfattande avbrott med stor spridning och konsekvens, blir frågan om samhällets sårbarhet med ökade centraliseringen av internetstrukturen hos fåtalet företag på nytt aktualiserad.

Vi vill även påminna om CERT-SE:s CTF för nu trillar det in lösningar löpande …

Nyheter i veckan

First on CNN: Biden administration to convene 30 countries to crack down on ransomware threat (1 okt)
https://edition.cnn.com/2021/10/01/politics/blinken-cybersecurity-alliance/

BazarLoader and the Conti Leaks (4 okt)
https://thedfirreport.com/2021/10/04/bazarloader-and-the-conti-leaks/

Ransomware gang arrested in Ukraine with Europol’s support (4 okt)
https://www.europol.europa.eu/newsroom/news/ransomware-gang-arrested-in-ukraine-europol%E2%80%99s-support .. Two ‘Prolific’ Ransomware Operators Arrested in Ukraine (4 okt)
https://www.securityweek.com/two-prolific-ransomware-operators-arrested-ukraine

CISA Kicks Off Cybersecurity Awareness Month (4 okt)
https://www.darkreading.com/operations/cisa-kicks-off-cybersecurity-awareness-month

PoC Exploit Released for macOS Gatekeeper Bypass (4 okt)
https://www.securityweek.com/poc-exploit-released-macos-gatekeeper-bypass

Washington Adventist University Confirms Ongoing Ransomware Attack (4 okt)
https://www.marylandmatters.org/blog/washington-adventist-university-confirms-ongoing-ransomware-attack/

Arizona Launches Command Center to Combat Cyberattacks (5 okt)
https://www.securityweek.com/arizona-launches-command-center-combat-cyberattacks

Medtronic expands 2 MiniMed insulin pump recalls on ring flaw, cyber risks (5 okt)
https://www.medtechdive.com/news/medtronic-expands-2-minimed-insulin-pump-recalls-ring-flaw-cyber-diabetes/607717/

NSA chief predicts U.S. will face ransomware ‘every single day’ for years to come (5 okt)
https://therecord.media/nsa-chief-predicts-u-s-will-face-ransomware-every-single-day-for-years-to-come/

Company that routes SMS for all major US carriers was hacked for five years (6 okt)
https://arstechnica.com/information-technology/2021/10/company-that-routes-sms-for-all-major-us-carriers-was-hacked-for-five-years/

Twitch confirms it was hacked after its source code and secrets leak out (6 okt)
https://www.theverge.com/2021/10/6/22712365/twitch-data-leak-breach-security-confirmation-comments

Google notifies 14,000 Gmail users of targeted APT28 attacks (7 okt)
https://therecord.media/google-notifies-14000-gmail-users-of-targeted-apt28-attacks/

State-sponsored Chinese crims targeted India with tax and COVID phishing (7 okt)
https://www.theregister.com/2021/10/07/apt_41_phishing_schemes_indian_nationals/

Microsoft to disable Excel 4.0 macros, one of the most abused Office features (7 okt)
https://therecord.media/microsoft-to-disable-excel-4-0-macros-one-of-the-most-abused-office-features/

Rapid RYUK Ransomware Attack Group Christened as FIN12 (7 okt)
https://www.darkreading.com/attacks-breaches/rapid-ryuk-ransomware-attack-group-christened-as-fin12

Ransomware Attack on Springhill Medical Center Leads to a Negligent Homicide Investigation After a Baby Dies (7 okt)
https://www.cpomagazine.com/cyber-security/ransomware-attack-on-springhill-medical-center-leads-to-a-negligent-homicide-investigation-after-a-baby-dies/

Air gaps have been ‘shattered’, says new Indian policy on power sector security (8 okt)
https://www.theregister.com/2021/10/08/india_power_sector_infosec_policy/

Facebook

Understanding How Facebook Disappeared from the Internet (4 okt)
https://blog.cloudflare.com/october-2021-facebook-outage/

What Happened to Facebook, Instagram, & WhatsApp? (4 okt)
https://krebsonsecurity.com/2021/10/what-happened-to-facebook-instagram-whatsapp/

It-expert: ”Det här varade extremt länge” (5 okt)
https://www.svd.se/haveriet-vittnar-om-hur-valdigt-sarbara-vi-ar

Web Scrapers Claim to Possess and Sell Personal Data on 1.5 Billion Facebook Users on a Hacker Forum (7 okt)
https://www.privacyaffairs.com/facebook-data-sold-on-hacker-forum/

More details about the October 4 outage (5 okt) https://engineering.fb.com/2021/10/05/networking-traffic/outage-details/

Informationssäkerhet och blandat

Confronting the challenges of working in cyberspace (4 okt)
https://www.osce.org/blog/confronting-the-challenges-of-working-in-cyberspace

CIS Control 07: Continuous Vulnerability Management (6 okt)
https://www.tripwire.com/state-of-security/controls/cis-control-07/

A holistic approach to vulnerability management solidifies cyberdefenses (7 okt)
https://www.techrepublic.com/article/a-holistic-approach-to-vulnerability-management-solidifies-cyberdefenses/

Kunduppgifter kan ha läckt från nätmäklare (7 okt)
https://www.dn.se/ekonomi/kunduppgifter-kan-ha-lackt-fran-natmaklare/

Fälls för intrång i dubbelmördarens journal (8 okt) https://www.svd.se/falls-for-intrang-i-dubbelmordarens-journal

Welcome to the OWASP Top 10 - 2021
https://owasp.org/Top10/

CERT-SE i veckan

Sårbarhet i Apache utnyttjas aktivt (uppdaterad 2021-10-08)