Som du ser är vår webbplats inte anpassad för äldre webbläsare. Vi rekommenderar att du uppgraderar till en nyare webbläsare.

Publicerad - Veckobrev

CERT-SE:s veckobrev v.22

Vi firar "flugans" 35-årsdag (i Sverige) med ett rykande färskt veckobrev.

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Internet fyller 35 år i Sverige
https://www.chalmers.se/sv/nyheter/Sidor/Internet-35-ar-i-Sverige.aspx

In Baltimore and Beyond, a Stolen N.S.A. Tool Wreaks Havoc
https://www.nytimes.com/2019/05/25/us/nsa-hacking-tool-baltimore.html

MacOS X GateKeeper Bypass
https://www.fcvl.net/vulnerabilities/macosx-gatekeeper-bypass

You could be unknowingly loading malicious content from 'trusted' sites
https://phys.org/news/2019-05-unknowingly-malicious-content-sites.html

DSSuite - A Docker Container with Didier's Tools
https://isc.sans.edu/forums/diary/DSSuite+A+Docker+Container+with+Didiers+Tools/24926/

Serious Security: Don’t let your SQL server attack you with ransomware
https://nakedsecurity.sophos.com/2019/05/25/serious-security-dont-let-your-sql-server-attack-you-with-ransomware/

Nätets största säkerhetshål – telekomjättarna granskas
https://www.svd.se/natets-storsta-sakerhetshal--telekomjattarna-granskas

Phishing Emails Pretend to be Office 365 'File Deletion' Alerts
https://www.bleepingcomputer.com/news/security/phishing-emails-pretend-to-be-office-365-file-deletion-alerts/

Eurofins opens IoT security test lab
https://www.broadbandtvnews.com/2019/05/29/eurofins-opens-iot-security-test-lab/

200k Personal Records Exposed by Events Planning Firm
https://threatpost.com/200k-personal-records-exposed-by-events-planning-firm/145133/

Malware and botnets: Why Emotet is dominating the malicious threat landscape in 2019
https://www.zdnet.com/article/malware-and-botnets-why-emotet-is-dominating-the-malicious-threat-landscape-in-2019/

Directed attacks against MySQL servers deliver ransomware
https://news.sophos.com/en-us/2019/05/24/gandcrab-spreading-via-directed-attacks-against-mysql-servers/

A journey to Zebrocy land
https://www.welivesecurity.com/2019/05/22/journey-zebrocy-land/

Advanced Linux backdoor found in the wild escaped AV detection
https://arstechnica.com/information-technology/2019/05/advanced-linux-backdoor-found-in-the-wild-escaped-av-detection/

A dive into Turla PowerShell usage
https://www.welivesecurity.com/2019/05/29/turla-powershell-usage/

Potential human costs of cyber operations – Key ICRC takeaways from discussion with tech experts
https://blogs.icrc.org/law-and-policy/2019/05/29/potential-human-costs-cyber-operations-key-icrc-takeaways-discussion-tech-experts/

The Changing Cost of Cybercrime
https://www.lightbluetouchpaper.org/2019/05/30/the-changing-cost-of-cybercrime/

Google-protected mobile browsers were open to phishing for over a year
https://nakedsecurity.sophos.com/2019/05/28/google-protected-mobile-browsers-left-open-to-phishing-attacks-for-over-a-year/

Configuring automated security fixes in Github
https://help.github.com/en/articles/configuring-automated-security-fixes

Infected Cryptocurrency-Mining Containers Target Docker Hosts With Exposed APIs, Use Shodan to Find Additional Victims
https://blog.trendmicro.com/trendlabs-security-intelligence/infected-cryptocurrency-mining-containers-target-docker-hosts-with-exposed-apis-use-shodan-to-find-additional-victims/

Auction for a laptop full of malware closes at $1.3 million (updated)
https://www.engadget.com/2019/05/27/persistence-of-chaos-malware-laptop-auction/

Bluekeep (CVE-2019-0708) - special

A Reminder to Update Your Systems to Prevent a Worm
https://blogs.technet.microsoft.com/msrc/2019/05/30/a-reminder-to-update-your-systems-to-prevent-a-worm/

Intense scanning activity detected for BlueKeep RDP flaw
https://www.zdnet.com/article/intense-scanning-activity-detected-for-bluekeep-rdp-flaw/

Report: 1 Million Systems Affected by Remote Desktop Vulnerability
https://www.tomshardware.com/news/million-windows-systems-rdp-vulnerability,39520.html