Som du ser är vår webbplats inte anpassad för äldre webbläsare. Vi rekommenderar att du uppgraderar till en nyare webbläsare.

Publicerad - Veckobrev

CERT-SE:s veckobrev v.50

Vårt gäng av stolliga drängar önskar er glad adv3nt

Nyheter i veckan

Better password protections in Chrome - How it works
https://security.googleblog.com/2019/12/better-password-protections-in-chrome.html

Snatch ransomware reboots PCs into Safe Mode to bypass protection
https://news.sophos.com/en-us/2019/12/09/snatch-ransomware-reboots-pcs-into-safe-mode-to-bypass-protection/

Hackers Can Mess With Voltages to Steal Intel Chips' Secrets
https://www.wired.com/story/plundervolt-intel-chips-sgx-hack/

Linux Bug Opens Most VPNs to Hijacking
https://threatpost.com/linux-bug-vpns-hijacking/150891/

Caution! Ryuk Ransomware decryptor damages larger files, even if you pay
https://blog.emsisoft.com/en/35023/bug-in-latest-ryuk-decryptor-may-cause-data-loss/

Introducing Unfurl
https://dfir.blog/introducing-unfurl/

Digital lockpicking - stealing keys to the kingdom
https://labs.f-secure.com/blog/digital-lockpicking-stealing-keys-to-the-kingdom/

Don’t Fall for the Hype – Marketing Myths in Artificial Intelligence for Cybersecurity
https://securityboulevard.com/2019/12/dont-fall-for-the-hype-marketing-myths-in-artificial-intelligence-for-cybersecurity/

Gemensamt it-system för myndigheter: ”sparar miljarder”
https://www.svd.se/ygeman-hoppas-pa-gemensamma-it-system

Social Media Influencer Sentenced to 14 Years in Federal Prison after Plotting to Hijack Internet Domain
https://www.justice.gov/usao-ndia/pr/social-media-influencer-sentenced-14-years-federal-prison-after-plotting-hijack

Windows 0-day exploit CVE-2019-1458 used in Operation WizardOpium
https://securelist.com/windows-0-day-exploit-cve-2019-1458-used-in-operation-wizardopium/95432/

RTTM - Real Time Threat Monitoring Tool
https://www.kitploit.com/2019/12/rttm-real-time-threat-monitoring-tool.html

(Almost) Hollow and Innocent: Monero Miner Remains Undetected via Process Hollowing
https://blog.trendmicro.com/trendlabs-security-intelligence/almost-hollow-and-innocent-monero-miner-remains-undetected-via-process-hollowing/

Microsoft details the most clever phishing techniques it saw in 2019
https://www.zdnet.com/article/microsoft-details-the-most-clever-phishing-techniques-it-saw-in-2019/

Blink XT2 Camera System Command Injection Flaws
https://medium.com/tenable-techblog/blink-xt2-camera-system-command-injection-flaws-4768fced9ece

New macOS Bundlore Loader Analysis
https://blog.confiant.com/new-macos-bundlore-loader-analysis-ca16d19c058c?gi=cb47f562a69b

CERT-SE i veckan

Supporten för Windows 7 upphör

Adobe säkerhetsuppdaterar sina produkter

Microsofts månatliga säkerhetsuppdateringar för december 2019

VMware rättar sårbarheter i ESXi och Horizon DaaS