![[CERT-SE]](/static/img/cert-se.svg)
![[MSB]](/static/img/msb.svg)
Uppdaterad | Publicerad
CERT-SE:s veckobrev v.37
Notiser från veckan.
How a fish tank helped hack a casino
https://www.washingtonpost.com/news/innovations/wp/2017/07/21/how-a-fish-tank-helped-hack-a-casino/
SEC-T 2017, day 1
https://www.youtube.com/watch?v=zG0Yw97SS2M
SEC-T 2017, day 2
https://www.youtube.com/watch?v=SBMb1UsuA2U
BlueBorne May Affect Billions of Bluetooth Devices
https://blog.fortinet.com/2017/09/14/blueborne-may-affect-billions-of-bluetooth-devices
ExpensiveWall: A dangerous ‘packed’ malware on Google Play that will hit your wallet
https://blog.checkpoint.com/2017/09/14/expensivewall-dangerous-packed-malware-google-play-will-hit-wallet/
Apache Struts Flaw Increasingly Exploited to Hack Servers
http://www.securityweek.com/apache-struts-flaw-increasingly-exploited-hack-servers
Apache Struts Flaw Reportedly Exploited in Equifax Hack
http://www.securityweek.com/apache-struts-flaw-reportedly-exploited-equifax-hack>
Apache Struts Statement on Equifax Security Breach
https://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifax
Chrome to label FTP sites insecure
https://www.theregister.co.uk/2017/09/15/chrome_to_label_ftp_sites_insecure/
Chrome’s Plan to Distrust Symantec Certificates
https://security.googleblog.com/2017/09/chromes-plan-to-distrust-symantec.html?m=1
Kaspersky Lab Antivirus Software Is Ordered Off U.S. Government Computers
https://mobile.nytimes.com/2017/09/13/us/politics/kaspersky-lab-antivirus-federal-government.html
How to Not Get Your Identity Stolen
https://auth0.com/blog/how-to-not-get-your-identity-stolen/?utm_source=reddit&utm_medium=sc&utm_campaign=protect_identity
Your Go-To Guide to Online Data Protection
https://blog.stopad.io/2017/09/07/online_data_protection_guide
FireEye Uncovers CVE-2017-8759: Zero-Day Used in the Wild to Distribute FINSPY
https://www.fireeye.com/blog/threat-research/2017/09/zero-day-used-to-distribute-finspy.html
Kromtech Security Center Discovers Massive ElasticSearch Infected Malware Botnet
https://mackeepersecurity.com/post/kromtech-discovers-massive-elasticsearch-infected-malware-botnet
Analyzing JPEG files
https://isc.sans.edu/forums/diary/Analyzing+JPEG+files/22806/
Vulners API v3 Python wrapper
https://github.com/vulnersCom/api
Deep Dive in MarkLogic Exploitation Process via Argus PDF Converter
http://blog.talosintelligence.com/2017/09/deep-dive-marklogic-exploitation.html#more
Detecting Mimikatz & other Suspicious LSASS Access - Part 1
https://www.eideon.com/2017-09-09-THL01-Mimikatz/
From SQL Injection to Shell
https://pentesterlab.com/exercises/from_sqli_to_shell
Enlarge your botnet with: top D-Link routers (DIR8xx D-Link routers cruisin' for a bruisin')
https://embedi.com/blog/enlarge-your-botnet-top-d-link-routers-dir8xx-d-link-routers-cruisin-bruisin
Några svenska notiser
Liga misstänks ligga bakom tusentals dataintrång – kan vara största it-härvan någonsin
https://www.svt.se/nyheter/inrikes/liga-misstanks-ligga-bakom-tusentals-dataintrang-kan-vara-storsta-it-harvan-nagonsin
Därför ska du inte använda VPN
https://kryptera.se/darfor-ska-du-inte-anvanda-vpn
Glöm ej!
DNSSEC key rollover time!
https://www.iis.se/english/news/dnssec-key-rollover-time/
CERT-SE i veckan
Kritiska sårbarheter rättade i Adobe-produkter