Som du ser är vår webbplats inte anpassad för äldre webbläsare. Vi rekommenderar att du uppgraderar till en nyare webbläsare.
!!

Jobba på CERT-SE? Sök junior systemadministratör inom IT-säkerhet. Sista ansökningsdag 3 juni.

Publicerad - Veckobrev

CERT-SE:s veckobrev v.32

Sommaren börjar lida mot sitt slut och semestrarna med den. Här kommer ett gäng veckobrevslänkar för att mjukstarta semesterhjärnan.

Trevlig helg önskar CERT-SE.

Nyheter i veckan

Commando VM 2.0: Customization, Containers, and Kali, Oh My!
https://www.fireeye.com/blog/threat-research/2019/08/commando-vm-customization-containers-kali.html

Reverse RDP Attack Also Enables Guest-to-Host Escape in Microsoft Hyper-V
https://thehackernews.com/2019/08/reverse-rdp-windows-hyper-v.html

Boeing 787 On-Board Network Vulnerable to Remote Hacking, Researcher Says
https://www.darkreading.com/vulnerabilities---threats/boeing-787-on-board-network-vulnerable-to-remote-hacking-researcher-says/d/d-id/1335463

FakesApp: A Vulnerability in WhatsApp
https://research.checkpoint.com/fakesapp-a-vulnerability-in-whatsapp/

Steam Zero-Day Vulnerability Affects Over 100 Million Users
https://www.bleepingcomputer.com/news/security/steam-zero-day-vulnerability-affects-over-100-million-users/

With warshipping, hackers ship their exploits directly to their target’s mail room
https://techcrunch.com/2019/08/06/warshipping-hackers-ship-exploits-mail-room/

SWAPGS Attack — New Speculative Execution Flaw Affects All Modern Intel CPUs
https://thehackernews.com/2019/08/swapgs-speculative-execution.html

Black Hat 2019: Security Culture Is Everyone's Culture
https://www.darkreading.com/risk/black-hat-2019-security-culture-is-everyones-culture/d/d-id/1335472

Revealed: Microsoft Contractors Are Listening to Some Skype Calls
https://www.vice.com/en_us/article/xweqbq/microsoft-contractors-listen-to-skype-calls

Google Project Zero: 95.8% of all bug reports are fixed before deadline expires
https://www.zdnet.com/article/google-project-zero-95-8-of-all-bug-reports-are-fixed-before-deadline-expires/

Dragonblood - Analysing WPA3's Dragonfly Handshake
https://wpa3.mathyvanhoef.com

Enter Mordor 😈: Pre-recorded Security Events from Simulated Adversarial Techniques
https://posts.specterops.io/enter-mordor-pre-recorded-security-events-from-simulated-adversarial-techniques-fdf5555c9eb1

Azure Security Lab: a new space for Azure research and collaboration
https://msrc-blog.microsoft.com/2019/08/05/azure-security-lab-a-new-space-for-azure-research-and-collaboration/

Corporate IoT – a path to intrusion
https://msrc-blog.microsoft.com/2019/08/05/corporate-iot-a-path-to-intrusion/

The Pwnie awards nominations 2019
https://pwnies.com/nominations-2019/

How to Build Your Own Penetration Testing Dropbox Using a Raspberry Pi 4
https://artificesecurity.com/blog/2019/8/6/how-to-build-your-own-penetration-testing-drop-box-using-a-raspberry-pi-4

Microsoft names top security researchers, zero-day contributors
https://www.zdnet.com/article/microsoft-names-top-security-researchers-zero-day-contributors/

HTTP Desync Attacks: Request Smuggling Reborn
https://portswigger.net/blog/http-desync-attacks-request-smuggling-reborn

The good, the bad and the non-functional, or "how not to do an attack campaign"
https://isc.sans.edu/diary/%5BGuest+Diary%5D+The+good%2C+the+bad+and+the+non-functional%2C+or+%22how+not+to+do+an+attack+campaign%22/25218

Avaya VoIP Phones Harbored 10-year Old Vulnerability
https://www.bleepingcomputer.com/news/security/avaya-voip-phones-harbored-10-year-old-vulnerability/

Nördhörnan

Multi Programming - Computerphile
https://www.youtube.com/watch?v=MB0yDMQj1lU

CERT-SE i veckan

Kritiska sårbarheter i produkter från Cisco