Som du ser är vår webbplats inte anpassad för äldre webbläsare. Vi rekommenderar att du uppgraderar till en nyare webbläsare.

Publicerad - Veckobrev

CERT-SE:s veckobrev v.27

Efter en stökig vecka med flera större störningar på interwebben kan vi koppla av med ett mastigt men matnyttigt veckobrev.

Trevlig helg önskar CERT-SE

Nyheter i veckan

Maldoc: Payloads in User Forms
https://isc.sans.edu/forums/diary/Maldoc+Payloads+in+User+Forms/25084/

Billions of Records Including Passwords Leaked by Smart Home Vendor
https://www.bleepingcomputer.com/news/security/billions-of-records-including-passwords-leaked-by-smart-home-vendor/

RDP BlueKeep exploit shows why you really, really need to patch
https://nakedsecurity.sophos.com/2019/07/01/rdp-bluekeep-exploit-shows-why-you-really-really-need-to-patch/

SKS Keyserver Network Under Attack
https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f

D-Link agrees to new security monitoring to settle FTC charges
https://arstechnica.com/information-technology/2019/07/d-link-agrees-to-new-security-monitoring-to-settle-ftc-charges/

Cloudflare Worldwide Outage Caused by Bad Software Deployment
https://www.bleepingcomputer.com/news/technology/cloudflare-worldwide-outage-caused-by-bad-software-deployment/

Youtube's ban on "hacking techniques" threatens to shut down all of infosec Youtube
https://boingboing.net/2019/07/03/nobus-r-us.html

YouTube mystery ban on hacking videos has content creators puzzled
https://www.theregister.co.uk/2019/07/03/youtube_bans_hacking_videos/

FireEye ties Microsoft Outlook exploit to Iranian hackers
https://www.computerweekly.com/news/252466257/FireEye-ties-Microsoft-Outlook-exploit-to-Iranian-hackers

Sodinokibi ransomware is now exploiting zero-day Windows vulnerability, security researchers warn
https://www.computing.co.uk/ctg/news/3078400/sodinokibi-ransomware-is-now-exploiting-zero-day-windows-vulnerability-security-researchers-warn

Facebook says glitches affecting its platforms resolved
https://www.reuters.com/article/us-facebook-outages/facebook-says-glitches-affecting-across-platforms-resolved-idUSKCN1TY288

NIST Releases IoT Security Guidelines
https://www.infosecurity-magazine.com/infosec/nist-iot-security-guidelines/

CIRCL Images Phishing Dataset - Open Data at CIRCL
https://www.circl.lu/opendata/circl-phishing-dataset-01/

LooCipher: The New Infernal Ransomware
https://blog.yoroi.company/research/loocipher-the-new-infernal-ransomware/

Malicious iMessages Could Brick iPhones Owing To iOS Vulnerabilities
https://latesthackingnews.com/2019/07/04/malicious-imessages-could-brick-iphones-owing-to-ios-vulnerabilities/

DDoS Attacker Who Ruined Gamers' Christmas Gets 27 Months in Prison
https://thehackernews.com/2019/07/christmas-ddos-attacks.html

Tusentals Almedalsbesökare anslöt sig till osäkra nätverk
https://news.cision.com/se/sentor-mss-ab/r/tusentals-almedalsbesokare-anslot-sig-till-osakra-natverk,c2856045

Fake Samsung firmware update app tricks more than 10 million Android users
https://www.zdnet.com/article/fake-samsung-firmware-update-app-tricks-more-than-10-million-android-users/

De fem första talarna presenterade för SEC-T 2019
https://www.sec-t.org/talks/

Latest Spam Campaigns from TA505 Now Using New Malware Tools Gelup and FlowerPippi
https://blog.trendmicro.com/trendlabs-security-intelligence/latest-spam-campaigns-from-ta505-now-using-new-malware-tools-gelup-and-flowerpippi/

Japan's 7-Eleven payment app gives easy access to scammers
https://www.bbc.com/news/world-asia-48878159

Huawei cryptographic keys embedded in Cisco’s firmware
https://www.iot-inspector.com/blog/2019/07/huawei-cryptographic-keys-embedded-in-ciscos-firmware/

Insulin Pumps Recalled By FDA For Cybersecurity Risks
https://www.infosecurity-magazine.com/news/medtronic-insulin-pumps-recalled-1-1/

Unfixable Seed Extraction on Trezor - A practical and reliable attack
https://ledger-donjon.github.io/Unfixable-Key-Extraction-Attack-on-Trezor/

Uber pays out $375K in bug bounties during challenge in London
https://www.scmagazine.com/home/security-news/vulnerabilities/uber-pays-out-375k-in-bug-bounties-during-challenge-in-london/

Toyota's Car-Hacking Tool Now Available
https://www.darkreading.com/analytics/toyotas-car-hacking-tool-now-available/d/d-id/1335121

Nostalgihörnan

Tiden går, sex år sedan Altavista stängde
https://sv.wikipedia.org/wiki/Altavista

Internetstiftelsens Internetmuseum
https://www.internetmuseum.se/

OSPF!
https://www.youtube.com/watch?v=aPtr43KHBGk

CERT-SE i veckan

Sårbarheter i Cisco-produkter