Som du ser är vår webbplats inte anpassad för äldre webbläsare. Vi rekommenderar att du uppgraderar till en nyare webbläsare.

Publicerad - Veckobrev

CERT-SE:s veckobrev v.12

Nu är dagarna längre än nätterna och vi har en strålande fredag här i huvudstaden. Vad kan då vara bättre än ännu ett av CERT-SE:s veckobrev? Trevlig helg!

Nyheter i veckan

FBI crackdown on DDoS-for-hire sites led to 85% slash in attack sizes
https://nakedsecurity.sophos.com/2019/03/21/fbi-crackdown-on-ddos-for-hire-sites-led-to-85-slash-in-attack-sizes/

Researcher Says NSA’s Ghidra Tool Can Be Used for RCE
https://threatpost.com/nsa-ghidra-bug-rce/142937/

Spam Warns about Boeing 737 Max Crashes While Pushing Malware
https://www.bleepingcomputer.com/news/security/spam-warns-about-boeing-737-max-crashes-while-pushing-malware/

Buffer Overflow Practical Examples , ret2libc - protostar stack6
https://0xrick.github.io/binary-exploitation/bof6/

Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years
https://krebsonsecurity.com/2019/03/facebook-stored-hundreds-of-millions-of-user-passwords-in-plain-text-for-years/

Critical flaw lets hackers control lifesaving devices implanted inside patients
https://arstechnica.com/information-technology/2019/03/critical-flaw-lets-hackers-control-lifesaving-devices-implanted-inside-patients/

Google Photos vulnerability could have let hackers retrieve image metadata
https://www.zdnet.com/article/google-photos-vulnerability-could-have-let-hackers-retrieve-image-metadata/

New Mirai Variant Comes with 27 Exploits, Targets Enterprise Devices
https://www.bleepingcomputer.com/news/security/new-mirai-variant-comes-with-27-exploits-targets-enterprise-devices/

FIN7 Cybercrime Gang Rises Again
https://www.darkreading.com/analytics/fin7-cybercrime-gang-rises-again-/d/d-id/1334228

DDoS attacks on the rise: Largest attack ever hit 1.7 Tb/second
https://www.techrepublic.com/article/ddos-attacks-on-the-rise-largest-attack-ever-hit-1-7-tbsecond/#ftag=RSS56d97e7

Cyber-Telecom Crime Report 2019 - Trend Micro Research
https://documents.trendmicro.com/assets/white_papers/wp-cyber-telecom-crime-report-2019.pdf

Threat actors leverage credential dumps, phishing, and legacy email protocols to bypass MFA and breach cloud accounts worldwide
https://www.proofpoint.com/us/threat-insight/post/threat-actors-leverage-credential-dumps-phishing-and-legacy-email-protocols

Russian hackers spear-phishing European government organisations
https://www.teiss.co.uk/threats/russian-hackers-spear-phishing-european-government-organisations/

We invited professional hackers to attack us: Here's what happened
https://www.cnet.com/news/we-invited-professional-hackers-to-attack-us-heres-what-happened/

Norske telefoner sendte personopplysninger til Kina
https://nrkbeta.no/2019/03/21/norske-telefoner-sendte-personopplysninger-til-kina/

IPv6 unmasking via UPnP
https://blog.talosintelligence.com/2019/03/ipv6-unmasking-via-upnp.html

The Norsk Hydro ransomware attack: An in-depth look
https://swimlane.com/blog/norsk-hydro-ransomware-attack/

How Lockergoga took down Hydro — ransomware used in targeted attacks aimed at big business
https://doublepulsar.com/how-lockergoga-took-down-hydro-ransomware-used-in-targeted-attacks-aimed-at-big-business-c666551f5880

CERT-SE i veckan

Sårbarheter i Cisco IP Phone 7800 och 8800

Angrepp av skadlig kod för windowssystem upptäckt

VMware rättar sårbarheter i Horizon och Workstation