Som du ser är vår webbplats inte anpassad för äldre webbläsare. Vi rekommenderar att du uppgraderar till en nyare webbläsare.

Publicerad - Veckobrev

CERT-SE:s veckobrev v.45

Det är fredag och dags för veckans axplock av länkar.
Trevlig helg önskar CERT-SE!

Nyheter i veckan

Factsheet Post-quantum cryptography
https://www.ncsc.nl/english/current-topics/factsheets/factsheet-post-quantum-cryptography.html

Drive By Cryto Currency Mining Keeps Increasing
https://go.malwarebytes.com/rs/805-USG-300/images/Drive-by_Mining_FINAL.pdf

Linux Has a USB Driver Security Problem
https://www.bleepingcomputer.com/news/security/linux-has-a-usb-driver-security-problem/

Tor Browser Users Urged to Patch Critical ‘TorMoil’ Vulnerability
https://threatpost.com/tor-browser-users-urged-to-patch-critical-tormoil-vulnerability/128769/

Oh, Crap! Someone Accidentally Triggered A Flaw That Locked Up $280 Million In Ethereum
https://thehackernews.com/2017/11/parity-ethereum-wallet.html

RickRolled by none other than IoTReaper
https://labsblog.f-secure.com/2017/11/03/rickrolled-by-none-other-than-iotreaper/

Leveraging Excel DDE for lateral movement via DCOM
https://www.cybereason.com/blog/leveraging-excel-dde-for-lateral-movement-via-dcom

Microsoft Provides Guidance on Mitigating DDE Attacks
https://threatpost.com/microsoft-provides-guidance-on-mitigating-dde-attacks/128833/

The Internet Sees Nearly 30,000 Distinct DoS Attacks Each Day: Study
http://www.securityweek.com/internet-sees-nearly-30000-distinct-dos-attacks-each-day-study

CIA forged digital certs imitating Kaspersky Lab
https://www.theregister.co.uk/2017/11/10/cia_kaspersky_fake_certs_ploy/

Phony WhatsApp used Unicode to slip under Google’s radar
https://blog.malwarebytes.com/cybercrime/social-engineering-cybercrime/2017/11/phoney-whatsapp-used-unicode-to-slip-under-googles-radar/

How to set up Honey Accounts in AD.
https://jordanpotti.com/2017/11/06/honey-accounts/

Dnstwist Helps You Find Phishing Sites Based on Your Domain
https://www.bleepingcomputer.com/news/security/dnstwist-helps-you-find-phishing-sites-based-on-your-domain/