Som du ser är vår webbplats inte anpassad för äldre webbläsare. Vi rekommenderar att du uppgraderar till en nyare webbläsare.

Publicerad - Veckobrev

CERT-SE:s veckobrev v.44

Håll till godo med veckans axplock, nu med musik.

Nyheter i veckan

Malware Mash Halloween Parody
https://youtu.be/h0yWQka4OmU

Popular USB Audio Driver Ships With Root Certificate, Big Security No-No
https://www.bleepingcomputer.com/news/security/popular-usb-audio-driver-ships-with-root-certificate-big-security-no-no/

Same thing, but straight from the horse's mouth
https://community.rsa.com/community/products/netwitness/blog/2017/11/03/inaudible-subversion-did-your-hi-fi-just-subvert-your-pc

Poisoning the Well: Banking Trojan Targets Google Search Results
https://blog.talosintelligence.com/2017/11/zeus-panda-campaign.html

IoT Security: Does Such a Thing Exist?
https://www.tripwire.com/state-of-security/security-data-protection/iot/iot-security-does-such-a-thing-exist/

Securing SSH Services (Blue Team, Red Team)
https://isc.sans.edu/forums/diary/Securing+SSH+Services+Go+Blue+Team/22992/
https://isc.sans.edu/forums/diary/Auditing+SSH+Settings+some+Blue+Team+some+Red+Team/22998/
https://isc.sans.edu/forums/diary/Attacking+SSH+Over+the+Wire+Go+Red+Team/23000/

Malaysia investigating reported leak of 46 million mobile users' data
https://uk.reuters.com/article/us-malaysia-cyber/malaysia-investigating-reported-leak-of-46-million-mobile-users-data-idUKKBN1D13JM

Microsoft Engineer Installs Google Chrome Mid-Presentation After Edge Kept Crashing
https://thehackernews.com/2017/10/microsoft-edge-crashes.html

Updated - ROCA: Vulnerable RSA generation (CVE-2017-15361)
https://crocs.fi.muni.cz/public/papers/rsa_ccs17

Estonia is enhancing the security of its digital identities
https://medium.com/e-residency-blog/estonia-is-enhancing-the-security-of-its-digital-identities-361b9a3c9c52

Don't use Sera! aka CVE-2017-15918
http://seclists.org/fulldisclosure/2017/Nov/12

What is Entropy and How Do I Get More of It?
https://hackaday.com/2017/11/02/what-is-entropy-and-how-do-i-get-more-of-it/

USS McCain collision ultimately caused by UI confusion
https://arstechnica.co.uk/information-technology/2017/11/uss-mccain-collision-ultimately-caused-by-ui-confusion/

Bypassing Browser Security Warnings with Pseudo Password Fields
https://www.troyhunt.com/bypassing-browser-security-warnings-with-pseudo-password-fields/

59% of Employees Hit by Ransomware at Work Paid Ransom Out of Their Own Pockets
https://www.bleepingcomputer.com/news/security/59-percent-of-employees-hit-by-ransomware-at-work-paid-ransom-out-of-their-own-pockets/

Disclosure: WordPress WPDB SQL Injection - Technical
https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html

Night of the Devil: Ransomware or wiper? A look into targeted attacks in Japan using MBR-ONI
https://www.cybereason.com/blog/night-of-the-devil-ransomware-or-wiper-a-look-into-targeted-attacks-in-japan

Eavesdropping With An ESP8266
https://hackaday.com/2017/11/02/eavesdropping-with-an-esp8266/

CERT-SE i veckan

Sårbarheter i Cisco-produkter

Säkerhetsuppdateringar från Apple

Kritisk sårbarhet i Oracle Identity Manager