Som du ser är vår webbplats inte anpassad för äldre webbläsare. Vi rekommenderar att du uppgraderar till en nyare webbläsare.

Publicerad - Veckobrev

CERT-SE:s veckobrev v.45

Vad kan vara bättre i höstmörkret än en upplysande laddning veckobrevslänkar?

Trevlig helg önskar vi på CERT-SE!

Nyheter i veckan

40 million emoji-addicted keyboard app users left with $18m bill – after malware sneaks into Play Store yet again
https://www.theregister.co.uk/2019/11/01/aitype_keyboard_malware_alert/

Watch Out IT Admins! Two Unpatched Critical RCE Flaws Disclosed in rConfig
https://thehackernews.com/2019/11/rConfig-network-vulnerability.html

huh, the EternalPot RDP honeypots have all started BSOD'ing recently. They only expose port 3389
https://twitter.com/GossiTheDog/status/1190654984553205761

Spanish companies’ networks shut down as result of ransomware
https://arstechnica.com/information-technology/2019/11/spanish-companies-networks-shut-down-as-result-of-ransomware/

DHS/CISA - Cyber Essentials
https://www.cisa.gov/cyber-essentials

Forget Face ID! Next-gen biometrics will listen to the sound of your bones
https://www.digitaltrends.com/cool-tech/etri-south-korea-sound-biometrics/

Facebook Portal survives Pwn2Own hacking contest, Amazon Echo got hacked
https://www.zdnet.com/article/facebook-portal-survives-pwn2own-hacking-contest-amazon-echo-got-hacked/

Så kan smarta högtalare rädda folk som får hjärtinfarkt
https://www.nyteknik.se/popularteknik/sa-kan-smarta-hogtalare-radda-folk-som-far-hjartinfarkt-6963038
https://www.nature.com/articles/s41746-019-0128-7

Light Commands - Laser-Based Audio Injection on Voice-Controllable Systems
https://lightcommands.com/

Four false ideas about Multi-Factor Authentication
https://www.itproportal.com/features/four-false-ideas-about-multi-factor-authentication/

Remember the Uber self-driving car that killed a woman crossing the street? The AI had no clue about jaywalkers
https://www.theregister.co.uk/2019/11/06/uber_self_driving_car_death/

OUCH! Newsletter: Shopping Online Securely
https://www.sans.org/security-awareness-training/resources/shopping-online-securely-1

Report: Asus Router App Leaks Customer Data and Exposes Alexa Users
https://www.vpnmentor.com/blog/report-asus-alexa-leak/

Sveriges Kommuner och Landsting - Vägledningar för molntjänster
https://skl.se/naringslivarbetedigitalisering/digitalisering/arkitektursakerhet/molntjanster/vagledningarmolntjanster.29885.html

Specially Crafted ZIP Files Used to Bypass Secure Email Gateways
https://www.bleepingcomputer.com/news/security/specially-crafted-zip-files-used-to-bypass-secure-email-gateways/

Why criminals spoof your domain name
https://www.techradar.com/news/why-criminals-spoof-your-domain-name

Microsoft warns users to stay alert for more BlueKeep attacks
https://www.zdnet.com/article/microsoft-warns-users-to-stay-alert-for-more-bluekeep-attacks/

The July Galileo Outage: What happened and why
https://berthub.eu/articles/posts/galileo-accident/

Amazon Ring doorbells exposed home Wi-Fi passwords to hackers
https://techcrunch.com/2019/11/07/amazon-ring-doorbells-wifi-hackers/

CERT-SE i veckan

Sårbarhet i Windows Remote Desktop exploateras aktivt

Två kritiska sårbarheter i Google Chrome