Som du ser är vår webbplats inte anpassad för äldre webbläsare. Vi rekommenderar att du uppgraderar till en nyare webbläsare.

Publicerad - Veckobrev

CERT-SE:s veckobrev v.15

Vi på CERT-SE önskar er alla en mycket trevlig helg!

Nyheter i veckan

Stealing Credit Cards from FUZE via Bluetooth
https://blog.ice9.us/2018/04/stealing-credit-cards-from-fuze-bluetooth.html

Over 65,000 Home Routers Are Proxying Bad Traffic for Botnets, APTs
https://www.bleepingcomputer.com/news/security/over-65-000-home-routers-are-proxying-bad-traffic-for-botnets-apts/

Facebook to Offer 'Bounty' for Reporting Data Abuse
https://www.securityweek.com/facebook-offer-bounty-reporting-data-abuse

Social Engineering: A Trick as Old as Time
https://securityintelligence.com/social-engineering-a-trick-as-old-as-time/

'SirenJack' Vulnerability Lets Hackers Hijack Emergency Warning System
https://www.darkreading.com/iot/sirenjack-vulnerability-lets-hackers-hijack-emergency-warning-system/d/d-id/1331502

Decentralized Application Security Project
https://dasp.co/

A Long-Awaited IoT Crisis Is Here, and Many Devices Aren't Ready
https://www.wired.com/story/upnp-router-game-console-vulnerabilities-exploited/

Don’t Give Away Historic Details About Yourself
https://krebsonsecurity.com/2018/04/dont-give-away-historic-details-about-yourself/

Malicious Cryptomining Spikes, While Virtually All Other Malware Declines
https://www.securityweek.com/malware-activity-slows-attacks-more-sophisticated-report

Google, Microsoft, and Mozilla Put Their Backing Behind New WebAuthn API
https://www.bleepingcomputer.com/news/security/google-microsoft-and-mozilla-put-their-backing-behind-new-webauthn-api/

Stop calling these Dark Design Patterns or Dark UX — these are simply a**hole designs
https://uxdesign.cc/stop-calling-these-dark-design-patterns-or-dark-ux-these-are-simply-asshole-designs-bb02df378ba?gi=41a3fd4d3e5e

Hacker Can Steal Data from Air-Gapped Computers through Power Lines
https://thehackernews.com/2018/04/hacking-airgap-computers.html

‘FakeUpdates’ campaign leverages multiple website platforms
https://blog.malwarebytes.com/threat-analysis/2018/04/fakeupdates-campaign-leverages-multiple-website-platforms/

New ‘Early Bird’ Code Injection Technique Helps APT33 Evade Detection
https://threatpost.com/new-early-bird-code-injection-technique-helps-apt33-evade-detection/131147/

APT Trends report Q1 2018
http://cyberparse.co.uk/2018/04/12/apt-trends-report-q1-2018/

Exploitation of Drupalgeddon2 Flaw Starts After Publication of PoC Code
https://www.bleepingcomputer.com/news/security/exploitation-of-drupalgeddon2-flaw-starts-after-publication-of-poc-code/

Margaret Hamilton Takes Software Engineering To the Moon and Beyond
https://hackaday.com/2018/04/10/margaret-hamilton-takes-software-engineering-to-the-moon-and-beyond/

Building my ideal router for $50
https://blog.tjll.net/building-my-perfect-router/

CERT-SE i veckan

Sårbarhet i Junos OS

Microsofts säkerhetsuppdateringar april 2018

Säkerhetsuppdateringar från Adobe