Som du ser är vår webbplats inte anpassad för äldre webbläsare. Vi rekommenderar att du uppgraderar till en nyare webbläsare.

Publicerad - Veckobrev

CERT-SE:s veckobrev v.41

Trevlig helg önskar CERT-SE!

Nyheter i veckan

Muhstik Ransomware Victim Hacks Back, Releases Decryption Keys
https://www.bleepingcomputer.com/news/security/muhstik-ransomware-victim-hacks-back-releases-decryption-keys/

Säkra leverantörskedjor för styrsystem
https://www.foi.se/rapportsammanfattning?reportNo=FOI-R--4759--SE

How a double-free bug in WhatsApp turns to RCE
https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/

Scalable infrastructure for investigations and incident response
https://msrc-blog.microsoft.com/2019/08/30/scalable-infrastructure-for-investigations-and-incident-response/

Thunderbird, Enigmail and OpenPGP
https://blog.mozilla.org/thunderbird/2019/10/thunderbird-enigmail-and-openpgp/

Coordinated Vulnerability Disclosure: the Guideline
https://english.ncsc.nl/publications/publications/2019/juni/01/coordinated-vulnerability-disclosure-the-guideline

6 Common Phishing Attacks and How to Protect Against Them
https://www.tripwire.com/state-of-security/security-awareness/6-common-phishing-attacks-and-how-to-protect-against-them/

Credentials gathering campaign
https://www.cert.ssi.gouv.fr/cti/CERTFR-2019-CTI-003/

Researcher Adds $100,000 Worth of Credit to Voi E-Scooter App
https://www.bleepingcomputer.com/news/security/researcher-adds-100-000-worth-of-credit-to-voi-e-scooter-app/

Dutch Govt Explains the Risks Behind DNS-Over-HTTPS Move
https://www.bleepingcomputer.com/news/security/dutch-govt-explains-the-risks-behind-dns-over-https-move/

DHS and FDA warn about much broader impact of Urgent/11 vulnerabilities
https://www.zdnet.com/article/dhs-and-fda-warn-about-much-broader-impact-of-urgent11-vulnerabilities/

Critical Security Issue identified in iTerm2 as part of Mozilla Open Source Audit
https://blog.mozilla.org/security/2019/10/09/iterm2-critical-issue-moss-audit/

Multiple APT groups are exploiting VPN vulnerabilities, NSA warns
https://securityaffairs.co/wordpress/92310/apt/nsa-warns-apt-vpn-vulnerabilities.html

Attackers exploit an iTunes zeroday to install ransomware
https://arstechnica.com/information-technology/2019/10/attackers-exploit-an-itunes-zeroday-to-install-ransomware/

Misstänkt dataattack mot viktiga vittnen i Allra-härvan – så hackades deras telefoner
https://www.svt.se/nyheter/inrikes/dataattack-mot-viktiga-vittnen-i-allra-harvan-sa-hackades-deras-telefoner

Living off the Orchard: Leveraging Apple Remote Desktop for Good and Evil
https://www.fireeye.com/blog/threat-research/2019/10/leveraging-apple-remote-desktop-for-good-and-evil.html

Apple iTunes Bug Actively Exploited in BitPaymer/iEncrypt Campaign
https://threatpost.com/apple-itunes-bug-bitpaymer-iencrypt/149075/

Nördhörnan

Elliptic Curve Cryptography Explained
https://fangpenlin.com/posts/2019/10/07/elliptic-curve-cryptography-explained/

CERT-SE i veckan

Microsofts månatliga säkerhetsuppdateringar för oktober 2019