![[CERT-SE]](/static/img/cert-se.svg)
![[MSB]](/static/img/msb.svg)
Publicerad
CERT-SE:s veckobrev v.31
Vi på CERT-SE önskar er alla en trevlig helg!
Nyheter i veckan
NIST Releases Draft Security Feature Recommendations for IoT Devices
https://www.nist.gov/news-events/news/2019/08/nist-releases-draft-security-feature-recommendations-iot-devices
Malicious code in the purescript npm installer
https://harry.garrood.me/blog/malicious-code-in-purescript-npm-installer/
Visa card vulnerability can bypass contactless limits
https://www.ptsecurity.com/ww-en/about/news/visa-card-vulnerability-can-bypass-contactless-limits/
Exploits for Windows BlueKeep vulnerability commercially available
https://www.itpro.co.uk/security/34097/exploits-for-windows-bluekeep-vulnerability-commercially-available
No Jail Time for “WannaCry Hero”
https://krebsonsecurity.com/2019/07/no-jail-time-for-wannacry-hero/
Cryptographic Attacks: A Guide for the Perplexed
https://research.checkpoint.com/cryptographic-attacks-a-guide-for-the-perplexed/
Finding the Balance Between Speed & Accuracy During an Internet-wide Port Scanning
https://captmeelo.com/pentest/2019/07/29/port-scanning.html
I Always Feel Like Somebody’s W̶a̶t̶c̶h̶i̶n̶g̶ Listening to Me
https://medium.com/tenable-techblog/i-always-feel-like-somebodys-w%CC%B6a%CC%B6t%CC%B6c%CC%B6h%CC%B6i%CC%B6n%CC%B6g%CC%B6-listening-to-me-938cc14aa13c
Investigating CAN Bus Network Integrity in Avionics Systems
https://www.rapid7.com/research/report/investigating-can-bus-network-integrity-in-avionics-systems
100 million Capital One customers were hacked?
https://itblogr.com/100-million-capital-one-customers-were-hacked/
Examining the Link Between TLD Prices and Abuse
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/examining-the-link-between-tld-prices-and-abuse/
Exploit kits: summer 2019 review
https://blog.malwarebytes.com/threat-analysis/2019/07/exploit-kits-summer-2019-review
APT trends report Q2 2019
https://securelist.com/apt-trends-report-q2-2019/91897/
Development stops on PowerShell Empire framework after project reaches its goal
https://www.zdnet.com/article/development-stops-on-powershell-empire-framework-after-project-reaches-its-goal/
Cyber Kill Chain Reimagined: Industry Veteran Proposes "Cognitive Attack Loop"
https://www.securityweek.com/cyber-kill-chain-reimagined-industry-veteran-proposes-cognitive-attack-loop
Global Oil and Gas Cyber Threat Perspective
https://dragos.com/wp-content/uploads/Dragos-Oil-and-Gas-Threat-Perspective-2019.pdf
Pysselhörnan
The FLARE on challenge
http://flare-on.com/