Som du ser är vår webbplats inte anpassad för äldre webbläsare. Vi rekommenderar att du uppgraderar till en nyare webbläsare.

Publicerad - Veckobrev

CERT-SE:s veckobrev v.20

Idag firar vi Norges 🇳🇴 nationaldag 🇳🇴 med en samling sköna nyhetslänkar från veckan som varit.

Gratulerer med dagen Norge og ha en fin helg, ønsker CERT-SE!

Nyheter i veckan

Ever app users uploaded billions of photos, unaware they were being used to build a facial recognition system
https://www.grahamcluley.com/ever-app-users-uploaded-billions-of-photos-unaware-they-were-being-used-to-build-a-facial-recognition-system/

WhatsApp discloses vulnerability that allowed Israeli spyware to be installed on iPhones
https://9to5mac.com/2019/05/13/whatsapp-vulnerability-israeli-spyware/

New Details Emerge of Fxmsp's Hacking of Antivirus Companies
https://www.bleepingcomputer.com/news/security/new-details-emerge-of-fxmsps-hacking-of-antivirus-companies/

Microsoft SharePoint Vulnerability Exploited in the Wild
https://www.securityweek.com/microsoft-sharepoint-vulnerability-exploited-wild

Plead malware distributed via MitM attacks at router level, misusing ASUS WebStorage
https://www.welivesecurity.com/2019/05/14/plead-malware-mitm-asus-webstorage/

Hackers Inject Magecart Card Skimmer in Forbes’ Subscription Site
https://www.bleepingcomputer.com/news/security/hackers-inject-magecart-card-skimmer-in-forbes-subscription-site/

Google offers free 2FA Bluetooth Titan Security Key swaps after security flaw discovered
https://www.pcworld.com/article/3395817/google-bluetooth-titan-security-key-recall-security-flaw.html

0day "In the Wild" - Google har sammanställt de senaste årens 0-days som utnyttjats aktivt
https://googleprojectzero.blogspot.com/p/0day.html

The radio navigation planes use to land safely is insecure and can be hacked
https://arstechnica.com/information-technology/2019/05/the-radio-navigation-planes-use-to-land-safely-is-insecure-and-can-be-hacked/

Threat Actor Profile: TA542, From Banker to Malware Distribution Service
https://www.proofpoint.com/us/threat-insight/post/threat-actor-profile-ta542-banker-malware-distribution-service

Attackers Evade Detection By Randomizing TLS Handshake Ciphers
https://www.bleepingcomputer.com/news/security/attackers-evade-detection-by-randomizing-tls-handshake-ciphers/

Ice Hockey World Championship: The risks of free live streaming
https://www.welivesecurity.com/2019/05/15/ice-hockey-world-championship-streaming/

Feds Target $100M ‘GozNym’ Cybercrime Network
https://krebsonsecurity.com/2019/05/feds-target-100m-goznym-cybercrime-network/

Unsecured Survey Database Exposes Info of 8 Million People
https://www.bleepingcomputer.com/news/security/unsecured-survey-database-exposes-info-of-8-million-people/

Threat spotlight: CrySIS, aka Dharma ransomware, causing a crisis for
businesses
https://blog.malwarebytes.com/threat-analysis/2019/05/threat-spotlight-crysis-aka-dharma-ransomware-causing-a-crisis-for-businesses/

The all new Microsoft Attack Surface Analyzer 2.0
https://www.microsoft.com/security/blog/2019/05/15/announcing-new-attack-surface-analyzer-2-0/

Alltid aktuell favorit i repris

Appropå vår publicering tidigare i veckan om "Kritisk sårbarhet i Windows Remote Desktop Services" så påminner vi om våra rekommendationer om RDP-protokollet
https://www.cert.se/2018/10/information-om-skanningar-av-rdp-protokollet

Orelaterat

Vila i frid "Grumpy cat"
https://twitter.com/RealGrumpyCat/status/1129310647458467840

CERT-SE i veckan

Sårbarheter i Cisco-produkter

Kritisk sårbarhet i Windows Remote Desktop Services

Säkerhetsuppdateringar för Adobe-produkter

Microsofts månatliga säkerhetsuppdateringar för maj 2019

Säkerhetsuppdateringar från Apple