CERT-SE:s veckobrev v.41

Veckobrev

Vi börjar med ett boktips: I veckan var det 42 år sedan Liftarens guide till galaxen publicerades för första gången, dags att läsa om den kanske? I övrigt tipsar vi om intressanta rapporter om digitalt försvar, ransomware och cyberhot mot vatten- och avloppssystem. Missa inte chansen att lösa CERT-SE:s CTF, som ligger ute till och med månadsslutet. Kom ihåg att man kan betrakta världen ur olika perspektiv…

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Avoid Dangers of Wildcard TLS Certificates, the ALPACA Technique (7 okt)
https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/2804293/avoid-dangers-of-wildcard-tls-certificates-the-alpaca-technique/

Four months later, Cox Media confirms ransomware attack (8 okt)
https://therecord.media/four-months-later-cox-media-confirms-ransomware-attack/Microsoft Digital Defense Report (8 okt)
https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWMFIi

Hacker arrested in France for theft of COVID-19 tests for 1.4 million Parisians (8 okt)
https://therecord.media/hacker-arrested-in-france-for-theft-of-covid-19-tests-for-1-4-million-parisians/

Mikael fick en spionmaskin på kroken (9 okt)
https://www.mitti.se/nyheter/mikael-fick-en-spionmaskin-pa-kroken/repuja!DjsLTDRix14792NdJWPubQ/

Aktieinvest: Viktig information (10 okt)
https://www.aktieinvest.se/viktig-information/REvil/Sodinokibi accounting for 73% of ransomware detections in Q2 2021 (11 okt) https://www.helpnetsecurity.com/2021/10/11/ransomware-detections-q2-2021/

When criminals go corporate: Ransomware-as-a-service, bulk discounts and more (11 okt)
https://www.theregister.com/2021/10/11/ransomware_as_a_service/

Beware - a brand new malware family is infecting Linux systems (11 okt)
https://www.techradar.com/news/a-brand-new-malware-family-is-infecting-linux-systems

Hackers target the Swiss town of Montreux (11 okt)
https://www.swissinfo.ch/eng/hackers-target-the-swiss-town-of-montreux/47017914

NCSC warns organisations: ‘You cannot perform all functions securely with just BYOD’ (11 okt)
https://www.publictechnology.net/articles/news/ncsc-warns-organisations-%E2%80%98you-cannot-perform-all-functions-securely-just-byod%E2%80%99 – Bring Your Own Device: How to do it well
https://www.ncsc.gov.uk/blog-post/bring-your-own-device-how-to-do-it-wellUkrainian police arrest DDoS operator controlling 100,000 bots (11 okt)
https://www.bleepingcomputer.com/news/security/ukrainian-police-arrest-ddos-operator-controlling-100-000-bots/

Pacific City Bank confirms it was hit by ransomware (11 okt)
https://www.itpro.co.uk/security/ransomware/361189/pacific-city-bank-confirms-it-was-hit-by-ransomware

Ransomware is the biggest cyber threat to business. But most firms still aren’t ready for it (11 okt)
https://www.zdnet.com/article/ransomware-is-now-the-most-urgent-cyber-threat-to-business-but-most-firms-arent-ready-for-it/

Huawei Cloud targeted by updated cryptomining malware (11 okt)
https://www.bleepingcomputer.com/news/security/huawei-cloud-targeted-by-updated-cryptomining-malware/

Microsoft: Azure customer hit by record DDoS attack in August (12 okt)
https://www.bleepingcomputer.com/news/security/microsoft-azure-customer-hit-by-record-ddos-attack-in-august/

Australia’s new ransomware plan to create ransomware offences and reporting regime (12 okt)
https://www.zdnet.com/article/australias-new-ransomware-plan-to-create-ransomware-offences-and-reporting-regime/

Olympus confirms US cyberattack, weeks after BlackMatter ransomware hit EMEA systems (12 okt)
https://techcrunch.com/2021/10/12/olympus-confirms-us-cyberattack-weeks-after-blackmatter-ransomware-hit-emea-systems/

Dutch police send warning letters to DDoS booter customers (12 okt)
https://www.bleepingcomputer.com/news/security/dutch-police-send-warning-letters-to-ddos-booter-customers/

VirusTotal Shares Data on Ransomware Activity (13 okt)
https://www.darkreading.com/threat-intelligence/virustotal-shares-data-on-ransomware-activity

Q&A: How Infrastructure Upgrades Helped Sky Lakes Medical Center Survive a Ransomware Attack (13 okt)
https://healthtechmagazine.net/article/2021/10/qa-how-infrastructure-upgrades-helped-sky-lakes-medical-center-survive-ransomware-attack

The ad blocker that injects ads (13 okt)
https://www.imperva.com/blog/the-ad-blocker-that-injects-ads/

Necro Python Botnet Starts Targeting Visual Tools DVRs (13 okt)
https://www.securityweek.com/necro-python-botnet-starts-targeting-visual-tools-dvrs

EU legislation introduced to ban anonymous domain registration (13 okt)
https://www.bleepingcomputer.com/news/government/eu-legislation-introduced-to-ban-anonymous-domain-registration/

New Python-based Ransomware Encrypts Virtual Machines Quickly (14 okt)
https://www.esecurityplanet.com/threats/new-python-based-ransomware-encrypts-vms-quickly/

Sunderland University suffers ‘extensive IT disruption’ after cyber attack (14 okt)
https://www.computing.co.uk/news/4038620/sunderland-university-suffers-extensive-disruption-cyber-attack

Israeli Hospital Targeted in Ransomware Attack (14 okt)
https://www.securityweek.com/israeli-hospital-targeted-ransomware-attack

This new ransomware encrypts your data and makes some nasty threats, too (14 okt)
https://www.zdnet.com/article/this-new-ransomware-encrypts-your-data-and-makes-some-nasty-threats-too/

FBI warns of ransomware gang – What you need to know about the OnePercent group (14 okt)
https://cybersecurity.att.com/blogs/security-essentials/fbi-warns-of-ransomware-gang-what-you-need-to-know-about-the-onepercent-group

Ongoing Cyber Threats to U.S. Water and Wastewater Systems (14 okt)
https://us-cert.cisa.gov/sites/default/files/publications/AA21-287A-Ongoing_Cyber_Threats_to_U.S._Water_and_Wastewater_Systems.pdf

EU-pris till avslöjande av spionprogram (14 okt)
https://www.svd.se/eu-pris-till-avslojande-av-spionprogram

Google skapar ny avdelning för cybersäkerhet (14 okt)
https://computersweden.idg.se/2.2683/1.757308/google-skapar-ny-avdelning-for-cybersakerhet

State-sponsored Iranian hackers uploaded fake VPN app to Google’s Play store, posed as university officials (14 okt)
https://www.cyberscoop.com/iran-hacker-google-app-vpn-email/

LAN cables can be sniffed to reveal network traffic with a $30 setup, says researcher (14 okt)
https://www.theregister.com/2021/10/14/lantenna_ethernet_cable_rf_emissions/

Acer confirms second cyberattack in 2021 after ransomware incident in March (14 okt)
https://www.zdnet.com/article/acer-confirms-second-cyberattack-in-2021/

Hon har skyddat internet i 20 år – nu startar experten eget (14 okt)
https://www.nyteknik.se/digitalisering/hon-har-skyddat-internet-i-20-ar-nu-startar-experten-eget-7022583

Informationssäkerhet och blandat

Hackers could have stolen beer from BrewDog using bug that exposed details of 200,000 shareholders (8 okt)
https://news.sky.com/story/hackers-could-have-stolen-beer-from-brewdog-using-bug-that-exposed-details-of-200-000-shareholders-12428929

How Coinbase Phishers Steal One-Time Passwords (13 okt)
https://krebsonsecurity.com/2021/10/how-coinbase-phishers-steal-one-time-passwords/

7-Eleven breached customer privacy by collecting facial imagery without consent (13 okt)
https://www.zdnet.com/article/7-eleven-collected-customer-facial-imagery-during-in-store-surveys-without-consent/

Everyday cybersecurity practices inadequate among many online consumers (14 okt)
https://www.helpnetsecurity.com/2021/10/14/everyday-cybersecurity-practices/

Thingiverse Data Leaked — Check Your Passwords (14 okt)
https://hackaday.com/2021/10/14/thingiverse-data-leaked-check-your-passwords/

CERT-SE i veckan

Adobes månatliga säkerhetsuppdateringar för oktoberMicrosofts månatliga säkerhetsuppdateringar för oktober 2021Apple uppdaterar iOS och iPadOS efter 0-day-sårbarhet