State-Sponsored Cyber Actors do State-Sponsored Cyber Actor stuff US-CERT published a joint Technical Alert (TA) resulting from efforts between the Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI), and the United Kingdom’s National Cyber Security Centre (NCSC) providing information on the worldwide cyber exploitation of network infrastructure devices (e.g., router, switch, firewall, […]
DevOps and Microservices are not new concepts within IT but these aspects of the development process are not often applied. “Really a shame,” in the opinion of Basefarm’s Bent Terp, “because combining DevOps and Microservices yield benefits in a wide range of areas.”
Yesterday, US-CERT posted a bulletin about Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices ( https://www.us-cert.gov/ncas/alerts/TA18-106A ). Our take on this is that this is something one must always assume to be happening, and if the bulletin is accurate then it’s not something Russia is alone in doing: https://arstechnica.com/tech-policy/2014/05/photos-of-an-nsa-upgrade-factory-show-cisco-router-getting-implant/ https://www.engadget.com/2016/08/21/nsa-technique-for-cisco-spying/ It is vital to have critical controls […]
Facebook On Tuesday and Wednesday this week, Mark Zuckerberg took part of congressional hearings regarding Cambridge Analytica and privacy concerns regarding Facebook. There are multiple news outlets covering the story, and KrebsonSecurity also wrote an article about how one should not trust these type of quizzes and such may receive data about you and your […]
DevOps has become the go-to concept for companies looking to optimize agile processes. However, many find it difficult to understand what exactly DevOps is, what it looks like in practice, and how far-reaching its implementation can be. We explain all in this post.
Intel tells remote keyboard users to delete app after critical bug found. On Tuesday, Intel warned of a critical escalation of privilege vulnerability (CVE-2018-3641) in all versions of the Intel Remote Keyboard that allows a network attacker to inject keystrokes as if they were a local user. The vulnerability received a Common Vulnerabilities and Exposure […]
Bitcoins blockchain poisoned Researchers from the RWTH Aachen University and Goethe University, Germany, have uncovered images and links to child pornography in cryptocurrency Bitcoin’s blockchain. The analysis found that certain content, such as illegal pornography, would render the mere possession of a blockchain illegal, with data distributed to all Bitcoin participants. Version 7 of CIS […]
Outbreaks such as Petya and WannaCry really put the malware threat on the IT agenda and made cybersecurity a priority for everyone. Fredrik Svantes, Senior Information Security Manager at Basefarm, explains the latest developments that keep the cybersecurity community busy.
AMD Vulnerabilities This week, CTS-Labs sent out an advisory regarding AMD Vulnerabilities. What’s worth noting about this is that the vulnerabilities all require local administrator access to exploit, and if an attacker already got that access it means that it’s basically game over in either case. There are also concerns that this was done in […]
To define where Big Data begins and from which point the targeted use of data become a Big Data project, you need to take a look at the details and key features of Big Data. Its definition is most commonly based on the 3-V model from the analysts at Gartner and, while this model is […]