Som du ser är vår webbplats inte anpassad för äldre webbläsare. Vi rekommenderar att du uppgraderar till en nyare webbläsare.

Publicerad - Veckobrev

CERT-SE:s veckobrev v.11

Trevlig helg önskar vi på CERT-SE

Veckans axplock

From Fileless Techniques to Using Steganography: Examining Powload’s Evolution
https://blog.trendmicro.com/trendlabs-security-intelligence/from-fileless-techniques-to-using-steganography-examining-powloads-evolution/

DMSniff Point-of-Sale Malware Silently Attacked SMBs For Years
https://www.bleepingcomputer.com/news/security/dmsniff-point-of-sale-malware-silently-attacked-smbs-for-years/

GlitchPOS: New PoS malware for sale
https://blog.talosintelligence.com/2019/03/glitchpos-new-pos-malware-for-sale.html

Update now! WordPress abandoned cart plugin under attack
https://nakedsecurity.sophos.com/2019/03/13/update-now-wordpress-abandoned-cart-plugin-under-attack/

SimBad: A Rogue Adware Campaign On Google Play
https://research.checkpoint.com/simbad-a-rogue-adware-campaign-on-google-play/

Pandora's Box: Another New Way to Leak All Your Sensitive Data
https://www.adversis.io/research/pandorasbox

Citrix says its network was breached by international criminals
https://arstechnica.com/information-technology/2019/03/citrix-says-its-network-was-breached-by-international-criminals/

Yatron Ransomware Plans to Spread Using EternalBlue NSA Exploits
https://www.bleepingcomputer.com/news/security/yatron-ransomware-plans-to-spread-using-eternalblue-nsa-exploits/

Russia blocks encrypted email provider ProtonMail
https://techcrunch.com/2019/03/11/russia-blocks-protonmail

New Ursnif Variant Targets Japan Packed with New Features
https://www.cybereason.com/blog/new-ursnif-variant-targets-japan-packed-with-new-features

A world of hurt after GoDaddy, Apple, and Google misissue >1 million certificates
https://arstechnica.com/information-technology/2019/03/godaddy-apple-and-google-goof-results-in-1-million-misissued-certificates/

DLL Hijacking & Ghidra
https://liberty-shell.com/sec/2019/03/12/dll-hijacking/

VStarCam - An Investigative Security Journey - Part 1
http://blog.0x42424242.in/2019/03/vstarcam-investigational-security.html

Extracting BitLocker keys from a TPM
https://pulsesecurity.co.nz/articles/TPM-sniffing

CERT-SE i veckan

Cisco rättar två sårbarheter varav en kritisk

Överslag i veckonumrering hos GPS-systemet

Kritiska sårbarheter i Adobe Photoshop CC och Digital Editions

Microsofts månatliga säkerhetsuppdateringar för mars 2019