Som du ser är vår webbplats inte anpassad för äldre webbläsare. Vi rekommenderar att du uppgraderar till en nyare webbläsare.
!!

Jobba på CERT-SE? Sök junior systemadministratör inom IT-säkerhet. Sista ansökningsdag 3 juni.

Publicerad - Veckobrev

CERT-SE:s veckobrev v.31

Vi på CERT-SE önskar er alla en trevlig helg!

Nyheter i veckan

NIST Releases Draft Security Feature Recommendations for IoT Devices
https://www.nist.gov/news-events/news/2019/08/nist-releases-draft-security-feature-recommendations-iot-devices

Malicious code in the purescript npm installer
https://harry.garrood.me/blog/malicious-code-in-purescript-npm-installer/

Visa card vulnerability can bypass contactless limits
https://www.ptsecurity.com/ww-en/about/news/visa-card-vulnerability-can-bypass-contactless-limits/

Exploits for Windows BlueKeep vulnerability commercially available
https://www.itpro.co.uk/security/34097/exploits-for-windows-bluekeep-vulnerability-commercially-available

No Jail Time for “WannaCry Hero”
https://krebsonsecurity.com/2019/07/no-jail-time-for-wannacry-hero/

Cryptographic Attacks: A Guide for the Perplexed
https://research.checkpoint.com/cryptographic-attacks-a-guide-for-the-perplexed/

Finding the Balance Between Speed & Accuracy During an Internet-wide Port Scanning
https://captmeelo.com/pentest/2019/07/29/port-scanning.html

I Always Feel Like Somebody’s W̶a̶t̶c̶h̶i̶n̶g̶ Listening to Me
https://medium.com/tenable-techblog/i-always-feel-like-somebodys-w%CC%B6a%CC%B6t%CC%B6c%CC%B6h%CC%B6i%CC%B6n%CC%B6g%CC%B6-listening-to-me-938cc14aa13c

Investigating CAN Bus Network Integrity in Avionics Systems
https://www.rapid7.com/research/report/investigating-can-bus-network-integrity-in-avionics-systems

100 million Capital One customers were hacked?
https://itblogr.com/100-million-capital-one-customers-were-hacked/

Examining the Link Between TLD Prices and Abuse
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/examining-the-link-between-tld-prices-and-abuse/

Exploit kits: summer 2019 review
https://blog.malwarebytes.com/threat-analysis/2019/07/exploit-kits-summer-2019-review

APT trends report Q2 2019
https://securelist.com/apt-trends-report-q2-2019/91897/

Development stops on PowerShell Empire framework after project reaches its goal
https://www.zdnet.com/article/development-stops-on-powershell-empire-framework-after-project-reaches-its-goal/

Cyber Kill Chain Reimagined: Industry Veteran Proposes "Cognitive Attack Loop"
https://www.securityweek.com/cyber-kill-chain-reimagined-industry-veteran-proposes-cognitive-attack-loop

Global Oil and Gas Cyber Threat Perspective
https://dragos.com/wp-content/uploads/Dragos-Oil-and-Gas-Threat-Perspective-2019.pdf

Pysselhörnan

The FLARE on challenge
http://flare-on.com/

CERT-SE i veckan

Sårbarheter i flera produkter från Codesys

Kritiska sårbarheter i VxWorks