![[CERT-SE]](/static/img/cert-se.svg)
![[MSB]](/static/img/msb.svg)
Publicerad
CERT-SE:s veckobrev v.35
Grattis IMP på 50-årsdagen!
CERT-SE önskar er alla en trevlig helg!
Nyheter i veckan
Extracting Certificates From the Windows Registry
https://blog.nviso.be/2019/08/28/extracting-certificates-from-the-windows-registry/
Oil and Gas Firms Targeted By New LYCEUM Threat Group
https://threatpost.com/oil-and-gas-firms-targeted-by-new-lyceum-threat-group/147705/
Inside the APT28 DLL Backdoor Blitz
https://threatvector.cylance.com/en_us/home/inside-the-apt28-dll-backdoor-blitz.html
Suspicious sniffers Programmer discovers thousands of phone numbers, addresses, and geolocations apparently leaked by Russia’s ‘SORM’ surveillance tech
https://meduza.io/en/feature/2019/08/27/suspicious-sniffers
Building Out ProtonMail Spoofed Infrastructure with Creation Timestamp Pivoting
https://threatconnect.com/blog/building-out-protonmail-spoofed-infrastructure/
Imperva Firewall Breach Exposes Customer API Keys, SSL Certificates
https://threatpost.com/imperva-firewall-breach-api-keys-ssl-certificates/147743/
Microsoft will let some Windows 7 customers get free security updates for an extra year
https://techcrunch.com/2019/08/26/microsoft-enterprise-windows-7-security-updates/
Nasa said to be investigating first allegation of a crime in space
https://www.bbc.com/news/world-49457912
Exploiting AWS ECR and ECS with the Cloud Container Attack Tool (CCAT)
https://rhinosecuritylabs.com/aws/cloud-container-attack-tool/
All Your Clicks Belong to Me: Investigating Click Interception on the Web
https://www.usenix.org/system/files/sec19-zhang-mingxue.pdf
Python clock
https://pythonclock.org/
Critical Cisco VM Bug Allows Remote Takeover of Routers
https://threatpost.com/critical-cisco-bug-remote-takeover-routers/147826/
Microsoft Wants exFAT in Linux Kernel, Opens File System Specs
https://www.bleepingcomputer.com/news/microsoft/microsoft-wants-exfat-in-linux-kernel-opens-file-system-specs/
Employees connect nuclear plant to the internet so they can mine cryptocurrency
https://www.zdnet.com/article/employees-connect-nuclear-plant-to-the-internet-so-they-can-mine-cryptocurrency/
A very deep dive into iOS Exploit chains found in the wild
https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html
Retadup Worm Squashed After Infecting 850K Machines
https://www.darkreading.com/risk/retadup-worm-squashed-after-infecting-850k-machines/d/d-id/1335693
Protocol used by 630,000 devices can be abused for devastating DDoS attacks
https://www.zdnet.com/article/protocol-used-by-630000-devices-can-be-abused-for-devastating-ddos-attacks/
Google Offers Big Bounties for Data Abuse Reports
https://www.securityweek.com/google-offers-big-bounties-data-abuse-reports
SSL VPN
Attacking SSL VPN - Part 1: PreAuth RCE on Palo Alto GlobalProtect, with Uber as Case Study!
https://blog.orange.tw/2019/07/attacking-ssl-vpn-part-1-preauth-rce-on-palo-alto.html
Attacking SSL VPN - Part 2: Breaking the Fortigate SSL VPN
https://blog.orange.tw/2019/08/attacking-ssl-vpn-part-2-breaking-the-fortigate-ssl-vpn.html
Enterprise VPN Vulnerabilities Expose Organizations to Hacking, Espionage
https://www.securityweek.com/enterprise-vpn-vulnerabilities-expose-organizations-hacking-espionage
Attackers Targeting Vulnerability in Pulse Secure VPN
https://duo.com/decipher/attackers-targeting-vulnerability-in-pulse-secure-vpn
Hackers Hit Unpatched Pulse Secure and Fortinet SSL VPNs
https://www.databreachtoday.com/hackers-hit-unpatched-pulse-secure-fortinet-ssl-vpns-a-12958