Som du ser är vår webbplats inte anpassad för äldre webbläsare. Vi rekommenderar att du uppgraderar till en nyare webbläsare.
!!

Vi söker en teknisk skribent, en it-säkerhetsspecialist och en övningskoordinator till CERT-SE, alla centrala roller i arbetet med att utveckla Sveriges förmåga att förebygga och hantera it-incidenter. Sista ansökningsdag är den 29 maj, 31 maj respektive den 5 juni.

Publicerad - Veckobrev

CERT-SE:s veckobrev v.35

Grattis IMP på 50-årsdagen!
CERT-SE önskar er alla en trevlig helg!

Nyheter i veckan

Extracting Certificates From the Windows Registry
https://blog.nviso.be/2019/08/28/extracting-certificates-from-the-windows-registry/

Oil and Gas Firms Targeted By New LYCEUM Threat Group
https://threatpost.com/oil-and-gas-firms-targeted-by-new-lyceum-threat-group/147705/

Inside the APT28 DLL Backdoor Blitz
https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html

Suspicious sniffers Programmer discovers thousands of phone numbers, addresses, and geolocations apparently leaked by Russia’s ‘SORM’ surveillance tech
https://meduza.io/en/feature/2019/08/27/suspicious-sniffers

Building Out ProtonMail Spoofed Infrastructure with Creation Timestamp Pivoting
https://threatconnect.com/blog/building-out-protonmail-spoofed-infrastructure/

Imperva Firewall Breach Exposes Customer API Keys, SSL Certificates
https://threatpost.com/imperva-firewall-breach-api-keys-ssl-certificates/147743/

Microsoft will let some Windows 7 customers get free security updates for an extra year
https://techcrunch.com/2019/08/26/microsoft-enterprise-windows-7-security-updates/

Nasa said to be investigating first allegation of a crime in space
https://www.bbc.com/news/world-49457912

Exploiting AWS ECR and ECS with the Cloud Container Attack Tool (CCAT)
https://rhinosecuritylabs.com/aws/cloud-container-attack-tool/

All Your Clicks Belong to Me: Investigating Click Interception on the Web
https://www.usenix.org/system/files/sec19-zhang-mingxue.pdf

Python clock
https://pythonclock.org/

Critical Cisco VM Bug Allows Remote Takeover of Routers
https://threatpost.com/critical-cisco-bug-remote-takeover-routers/147826/

Microsoft Wants exFAT in Linux Kernel, Opens File System Specs
https://www.bleepingcomputer.com/news/microsoft/microsoft-wants-exfat-in-linux-kernel-opens-file-system-specs/

Employees connect nuclear plant to the internet so they can mine cryptocurrency
https://www.zdnet.com/article/employees-connect-nuclear-plant-to-the-internet-so-they-can-mine-cryptocurrency/

A very deep dive into iOS Exploit chains found in the wild
https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html

Retadup Worm Squashed After Infecting 850K Machines
https://www.darkreading.com/risk/retadup-worm-squashed-after-infecting-850k-machines/d/d-id/1335693

Protocol used by 630,000 devices can be abused for devastating DDoS attacks
https://www.zdnet.com/article/protocol-used-by-630000-devices-can-be-abused-for-devastating-ddos-attacks/

Google Offers Big Bounties for Data Abuse Reports
https://www.securityweek.com/google-offers-big-bounties-data-abuse-reports

SSL VPN

Attacking SSL VPN - Part 1: PreAuth RCE on Palo Alto GlobalProtect, with Uber as Case Study!
https://blog.orange.tw/2019/07/attacking-ssl-vpn-part-1-preauth-rce-on-palo-alto.html

Attacking SSL VPN - Part 2: Breaking the Fortigate SSL VPN
https://blog.orange.tw/2019/08/attacking-ssl-vpn-part-2-breaking-the-fortigate-ssl-vpn.html

Enterprise VPN Vulnerabilities Expose Organizations to Hacking, Espionage
https://www.securityweek.com/enterprise-vpn-vulnerabilities-expose-organizations-hacking-espionage

Attackers Targeting Vulnerability in Pulse Secure VPN
https://duo.com/decipher/attackers-targeting-vulnerability-in-pulse-secure-vpn

Hackers Hit Unpatched Pulse Secure and Fortinet SSL VPNs
https://www.databreachtoday.com/hackers-hit-unpatched-pulse-secure-fortinet-ssl-vpns-a-12958

CERT-SE i veckan

Kritisk sårbarhet i Ciscos operativsystem IOS XE

Kritiska sårbarheter i Pulse Secure VPN utnyttjas nu aktivt