Som du ser är vår webbplats inte anpassad för äldre webbläsare. Vi rekommenderar att du uppgraderar till en nyare webbläsare.

Uppdaterad | Publicerad - Veckobrev

CERT-SE:s veckobrev v.41

0 dagar kvar till helgen, utnyttja den till max! :-)

Trevlig helg
önskar
CERT-SE

Nyheter i veckan

Zero-day exploit (CVE-2018-8453) used in targeted attacks
https://securelist.com/cve-2018-8453-used-in-targeted-attacks/88151/

Millions of Xiongmai Video Surveillance Devices Can be Hacked via Cloud Feature (XMEye P2P Cloud)
https://www.sec-consult.com/en/blog/2018/10/millions-of-xiongmai-video-surveillance-devices-can-be-hacked-via-cloud-feature-xmeye-p2p-cloud/

New TeleBots backdoor: First evidence linking Industroyer to NotPetya
https://www.welivesecurity.com/2018/10/11/new-telebots-backdoor-linking-industroyer-notpetya/

California outlaws poor default passwords in connected devices
https://www.welivesecurity.com/2018/10/10/california-outlaws-poor-default-passwords-connected-devices/

Phishing Campaign uses Hijacked Emails to Deliver URSNIF by Replying to Ongoing Threads
https://blog.trendmicro.com/trendlabs-security-intelligence/phishing-campaign-uses-hijacked-emails-to-deliver-ursnif-by-replying-to-ongoing-threads/

Phishers attempt to bypass Office 365 multi-factor authentication
https://www.viestintavirasto.fi/en/cybersecurity/informationsecuritynow/2018/09/ttn201809261243.html

Turla and Zebrocy APT actors shared code, targets in 2018
https://www.scmagazineuk.com/researchers-turla-zebrocy-apt-actors-shared-code-targets-2018/article/1495268

US Advanced Weaponry Is Easy to Hack, Even by Low-Skilled Attackers
https://www.bleepingcomputer.com/news/security/us-advanced-weaponry-is-easy-to-hack-even-by-low-skilled-attackers/

FruityArmor APT Exploits Yet Another Windows Graphics Kernel Flaw
https://threatpost.com/fruityarmor-apt-exploits-yet-another-windows-graphics-kernel-flaw/138192/

How a WhatsApp call could have taken over your phone
https://nakedsecurity.sophos.com/2018/10/10/how-a-whatsapp-call-could-have-taken-over-your-phone/

New state-backed espionage campaign targets military and government using freely available hacking tools
https://www.zdnet.com/article/new-state-backed-espionage-campaign-targets-military-and-government-using-freely-available-hacking/

Trusting the delivery of Firefox Updates
https://blog.mozilla.org/security/2018/10/09/trusting-the-delivery-of-firefox-updates/

Securing IoT Devices: How Safe Is Your Wi-Fi Router? (PDF)
http://www.theamericanconsumer.org/wp-content/uploads/2018/09/FINAL-Wi-Fi-Router-Vulnerabilities.pdf

Veckans IT-allmänbildning

Ada?
https://findingada.com/about/who-was-ada/

CERT-SE i veckan

Microsofts månatliga säkerhetsuppdateringar för oktober 2018

Adobe säkerhetsuppdateringar

Kritiska sårbarheter i Juniper-produkter