Som du ser är vår webbplats inte anpassad för äldre webbläsare. Vi rekommenderar att du uppgraderar till en nyare webbläsare.

Publicerad - Veckobrev

CERT-SE:s veckobrev v.08

Vinter i hela landet. Värm dig framför brasan läsandes våra länktips.

Nyheter i veckan

AMSI Bypass With a Null Character
https://standa-note.blogspot.se/2018/02/amsi-bypass-with-null-character.html

FlightSimLabs Alleged Malware Analysis
https://medium.com/@lukegorman97/flightsimlabs-alleged-malware-analysis-1427c4d23368

utorrent: various JSON-RPC issues resulting in remote code execution, information disclosure, etc.
https://bugs.chromium.org/p/project-zero/issues/detail?id=1524

Project Patton: The clever vulnerability knowledge store
http://seclists.org/fulldisclosure/2018/Feb/51

Meet Coldroot, a nasty Mac trojan that went undetected for years
http://www.zdnet.com/article/coldroot-nasty-mac-trojan-went-undetected-for-years/

Year-old vuln turns Jenkins servers into Monero mining slaves
https://www.theregister.co.uk/2018/02/20/unpatched_jenkins_servers_mining_monero/

Internet of Babies – When baby monitors fail to be smart
https://www.sec-consult.com/en/blog/2018/02/internet-of-babies-when-baby-monitors-fail-to-be-smart/index.html

I've Just Launched "Pwned Passwords" V2 With Half a Billion Passwords for Download
https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/

What Is RFID Skimming?
https://www.tripwire.com/state-of-security/featured/what-rfid-skimming/

Siemens Leads Launch of Global Cybersecurity Initiative
https://www.darkreading.com/threat-intelligence/siemens-leads-launch-of-global-cybersecurity-initiative/d/d-id/1331083

Facebook is pushing its data-tracking Onavo VPN within its main mobile app
https://techcrunch.com/2018/02/12/facebook-starts-pushing-its-data-tracking-onavo-vpn-within-its-main-mobile-app/

Nearly 8,000 Security Flaws Did Not Receive a CVE ID in 2017
https://www.bleepingcomputer.com/news/security/nearly-8-000-security-flaws-did-not-receive-a-cve-id-in-2017/

2018 CVE List
https://xkcd.com/1957/

Here’s what Siri would have been like on MS-DOS in 1987
https://arstechnica.com/gadgets/2018/02/heres-what-siri-would-have-been-like-on-ms-dos-in-1987/

Fjällsemestersektionen

För fem år sedan åktes det gratis i skidliften. Det fungerar naturligtvis inte idag.
https://packetstormsecurity.com/files/124079/Skidata-RFID-Freemotion.Gate-Remote-Command-Execution.html

Det är så hälsosamt och stärkande i fjällen
https://www.youtube.com/watch?v=AUPHr201FAQ

CERT-SE i veckan

Kritiska sårbarheter i Cisco-produkter

Säkerhetsuppdateringar från Apple