![[CERT-SE]](/static/img/cert-se.svg)
![[MSB]](/static/img/msb.svg)
Publicerad
CERT-SE:s veckobrev v.32
Sommaren börjar lida mot sitt slut och semestrarna med den. Här kommer ett gäng veckobrevslänkar för att mjukstarta semesterhjärnan.
Trevlig helg önskar CERT-SE.
Nyheter i veckan
Commando VM 2.0: Customization, Containers, and Kali, Oh My!
https://www.fireeye.com/blog/threat-research/2019/08/commando-vm-customization-containers-kali.html
Reverse RDP Attack Also Enables Guest-to-Host Escape in Microsoft Hyper-V
https://thehackernews.com/2019/08/reverse-rdp-windows-hyper-v.html
Boeing 787 On-Board Network Vulnerable to Remote Hacking, Researcher Says
https://www.darkreading.com/vulnerabilities---threats/boeing-787-on-board-network-vulnerable-to-remote-hacking-researcher-says/d/d-id/1335463
FakesApp: A Vulnerability in WhatsApp
https://research.checkpoint.com/fakesapp-a-vulnerability-in-whatsapp/
Steam Zero-Day Vulnerability Affects Over 100 Million Users
https://www.bleepingcomputer.com/news/security/steam-zero-day-vulnerability-affects-over-100-million-users/
With warshipping, hackers ship their exploits directly to their target’s mail room
https://techcrunch.com/2019/08/06/warshipping-hackers-ship-exploits-mail-room/
SWAPGS Attack — New Speculative Execution Flaw Affects All Modern Intel CPUs
https://thehackernews.com/2019/08/swapgs-speculative-execution.html
Black Hat 2019: Security Culture Is Everyone's Culture
https://www.darkreading.com/risk/black-hat-2019-security-culture-is-everyones-culture/d/d-id/1335472
Revealed: Microsoft Contractors Are Listening to Some Skype Calls
https://www.vice.com/en_us/article/xweqbq/microsoft-contractors-listen-to-skype-calls
Google Project Zero: 95.8% of all bug reports are fixed before deadline expires
https://www.zdnet.com/article/google-project-zero-95-8-of-all-bug-reports-are-fixed-before-deadline-expires/
Dragonblood - Analysing WPA3's Dragonfly Handshake
https://wpa3.mathyvanhoef.com
Enter Mordor 😈: Pre-recorded Security Events from Simulated Adversarial Techniques
https://posts.specterops.io/enter-mordor-pre-recorded-security-events-from-simulated-adversarial-techniques-fdf5555c9eb1
Azure Security Lab: a new space for Azure research and collaboration
https://msrc-blog.microsoft.com/2019/08/05/azure-security-lab-a-new-space-for-azure-research-and-collaboration/
Corporate IoT – a path to intrusion
https://msrc-blog.microsoft.com/2019/08/05/corporate-iot-a-path-to-intrusion/
The Pwnie awards nominations 2019
https://pwnies.com/nominations-2019/
How to Build Your Own Penetration Testing Dropbox Using a Raspberry Pi 4
https://artificesecurity.com/blog/2019/8/6/how-to-build-your-own-penetration-testing-drop-box-using-a-raspberry-pi-4
Microsoft names top security researchers, zero-day contributors
https://www.zdnet.com/article/microsoft-names-top-security-researchers-zero-day-contributors/
HTTP Desync Attacks: Request Smuggling Reborn
https://portswigger.net/blog/http-desync-attacks-request-smuggling-reborn
The good, the bad and the non-functional, or "how not to do an attack campaign"
https://isc.sans.edu/diary/%5BGuest+Diary%5D+The+good%2C+the+bad+and+the+non-functional%2C+or+%22how+not+to+do+an+attack+campaign%22/25218
Avaya VoIP Phones Harbored 10-year Old Vulnerability
https://www.bleepingcomputer.com/news/security/avaya-voip-phones-harbored-10-year-old-vulnerability/
Nördhörnan
Multi Programming - Computerphile
https://www.youtube.com/watch?v=MB0yDMQj1lU