Som du ser är vår webbplats inte anpassad för äldre webbläsare. Vi rekommenderar att du uppgraderar till en nyare webbläsare.

Publicerad - Veckobrev

CERT-SE:s veckobrev v.33

En händelserik arbetsvecka är till ända. Vi bjuder som vanligt på helgläsning med allt från assemblerhack till spionmuseum. Hoppas att något faller er i smaken.

Nyheter i veckan

Researchers show how easy it is to inject a DSLR camera with ransomware
https://www.itpro.co.uk/ransomware/34191/researchers-show-how-easy-it-is-to-inject-a-dslr-camera-with-ransomware

Database from StockX Hack Sold Online, Check If You're Included
https://www.bleepingcomputer.com/news/security/database-from-stockx-hack-sold-online-check-if-youre-included/

A Beginner’s Guide to Windows Shellcode Execution Techniques
https://www.contextis.com/en/blog/a-beginners-guide-to-windows-shellcode-execution-techniques

Down the Rabbit-Hole...
https://googleprojectzero.blogspot.com/2019/08/down-rabbit-hole.html

Hackers Can Turn Everyday Speakers Into Acoustic Cyberweapons
https://www.wired.com/story/acoustic-cyberweapons-defcon/

Navy Reverting DDGs Back to Physical Throttles, After Fleet Rejects Touchscreen Controls
https://news.usni.org/2019/08/09/navy-reverting-ddgs-back-to-physical-throttles-after-fleet-rejects-touchscreen-controls

RouterOS Post Exploitation
https://medium.com/tenable-techblog/routeros-post-exploitation-784c08044790

Troldesh Ransomware Dropper
https://securityboulevard.com/2019/08/troldesh-ransomware-dropper/

Report: Data Breach in Biometric Security Platform Affecting Millions of Users
https://www.vpnmentor.com/blog/report-biostar2-leak/

Huge Survey of Firmware Finds No Security Gains in 15 Years
https://securityledger.com/2019/08/huge-survey-of-firmware-finds-no-security-gains-in-15-years/

Modified malicious Lightning cables enable remote PC hacking
https://www.theinquirer.net/inquirer/news/3080421/lightning-cable-hack

Hacker site’s incriminating database published online by rival group
https://arstechnica.com/information-technology/2019/08/hacker-sites-incriminating-database-published-online-by-rival-group/

He tried to prank the DMV. Then his vanity license plate backfired big time.
https://mashable.com/article/dmv-vanity-license-plate-def-con-backfire/?europe=true

BlueKeep-like RCE flaws in RDP among 93 vulnerabilities patched by Microsoft
https://www.scmagazine.com/home/security-news/vulnerabilities/bluekeep-like-rce-flaws-in-rdp-among-93-vulnerabilities-patched-by-microsoft/

The pwnie awards, winners
https://pwnies.com/winners/

New HTTP/2 Flaws Expose Unpatched Web Servers to DoS Attacks
https://www.bleepingcomputer.com/news/security/new-http-2-flaws-expose-unpatched-web-servers-to-dos-attacks/

Watch a Drone Take Over a Nearby Smart TV
https://www.wired.com/story/smart-tv-drone-hack/

New Bluetooth Vulnerability Lets Attackers Spy On Encrypted Connections
https://thehackernews.com/2019/08/bluetooth-knob-vulnerability.html

GCHQ Hosts A Temporary Exhibit
https://hackaday.com/2019/08/06/espionage-on-display-as-gchq-hosts-a-temporary-exhibit/

Surveillance Detection Scout - Your Lookout on Autopilot
https://github.com/tevora-threat/scout

Chrome and Firefox Changes Spark the End of EV Certificates
https://www.bleepingcomputer.com/news/software/chrome-and-firefox-changes-spark-the-end-of-ev-certificates/

CERT-SE i veckan

Utökad information om säkerhetsuppdateringar från Microsoft

Säkerhetsuppdateringar för Adobe-produkter

Microsofts månatliga säkerhetsuppdateringar för augusti 2019

Kritiska sårbarheter i SAP-produkter

Sårbarheter i FortiGate SSL VPN exploateras aktivt