Som du ser är vår webbplats inte anpassad för äldre webbläsare. Vi rekommenderar att du uppgraderar till en nyare webbläsare.

Publicerad - Veckobrev

CERT-SE:s veckobrev v.04

En fredag som inte bara har lönen med sig, utan även CERT-SE:s veckobrev. Trevlig helg!

Nyheter i veckan

Popular WordPress plugin hacked by angry former employee
https://www.zdnet.com/article/popular-wordpress-plugin-hacked-by-angry-former-employee/

New Phobos ransomware exploits weak security to hit targets around the world
https://www.zdnet.com/article/new-phobos-ransomware-exploits-weak-security-to-hit-targets-around-the-world/

Remotely compromise devices by using bugs in Marvell Avastar Wi-Fi: from zero knowledge to zero-click RCE
https://embedi.org/blog/remotely-compromise-devices-by-using-bugs-in-marvell-avastar-wi-fi-from-zero-knowledge-to-zero-click-rce/

Can you spot when you’re being phished?
https://phishingquiz.withgoogle.com/

The most-clicked phishing lines of 2018
https://betanews.com/2019/01/22/most-clicked-phishing-2018/

DarkHydrus APT group delivers RogueRobin Trojan via Google Drive
https://www.scmagazineuk.com/darkhydrus-apt-group-delivers-roguerobin-trojan-via-google-drive/article/1523415

Hackers infiltrate East Bay family’s Nest surveillance camera, send warning of incoming North Korea missile attack
https://www.mercurynews.com/2019/01/21/it-was-five-minutes-of-sheer-terror-hackers-infiltrate-east-bay-familys-nest-surveillance-camera-send-warning-of-incoming-north-korea-missile-attack/

DNS Firewalling with MISP
https://isc.sans.edu/forums/diary/DNS+Firewalling+with+MISP/24556/

IT-säkerhet 2019: Detta behöver du ha koll på
http://www.mynewsdesk.com/se/savecore/blog_posts/it-saekerhet-2019-detta-behoever-du-ha-koll-paa-80185

How Web Apps Can Turn Browser Extensions Into Backdoors
https://threatpost.com/web-apps-browser-extensions-backdoors/141061/

Practical Web Cache Poisoning
https://portswigger.net/blog/practical-web-cache-poisoning

Local Admin Access and Group Policy Don’t Mix
https://www.trustedsec.com/2019/01/local-admin-access-and-group-policy-dont-mix/

Most Important Android Application Penetration Testing Checklist
https://gbhackers.com/penetration-testing-android-application-checklist/

Chinese Hacker Publishes PoC for Remote iOS 12 Jailbreak On iPhone X
https://thehackernews.com/2019/01/ios12-jailbreak-exploit.html

Awesome security APIs
https://github.com/deralexxx/security-apis

Abusing Exchange: One API call away from Domain Admin
https://dirkjanm.io/abusing-exchange-one-api-call-away-from-domain-admin/

Ny version av MSBs handbok om informationspåverkan
https://www.msb.se/sv/Om-MSB/Nyheter-och-press/Nyheter/Nyheter-fran-MSB/Ny-version-av-Handbok-i-informationspaverkan/

Överkurs

Video: TrickBot and ETERNALCHAMPION
https://www.netresec.com/?page=Blog&month=2019-01&post=Video%3a-TrickBot-and-ETERNALCHAMPION

CERT-SE i veckan

Allvarliga sårbarheter i Cisco-produkter

Säkerhetsuppdateringar från Apple

Sårbarhet i Debian APT pakethanterare