BF-SIRT Newsletter 2017-46

This weeks top stories is that research by Google and the University of California found that phishing attacks are more efficient than data breaches at getting criminals into victim’s account and that the average person still has can’t pick a … Continue reading

Posted in Basefarm SIRT, IT security | Tagged , | Comments Off on BF-SIRT Newsletter 2017-46

BF-SIRT Newsletter 2017-45

This weeks top stories is that the recent Intel Chips running Minix for their Management Engine have debugging ports that can be reached over USB, USB is also a theme in Linux Kernel patching these days with more than 40 … Continue reading

Posted in Basefarm SIRT, IT security | Tagged , | Comments Off on BF-SIRT Newsletter 2017-45

BF-SIRT Newsletter 2017-44

This weeks top stories is that the Reaper IoT Botnet is not fully mobilized according to report, and that Heathrow Airport Security Plans was found on memory stick on a street in London. European Union member states have drafted a … Continue reading

Posted in IT security, SIRT | Tagged , | Comments Off on BF-SIRT Newsletter 2017-44

We wrote tests for our third-party security libraries, and you won’t believe what happened next! (CVE-2017-8028)

On the importance of thorough testing Much of modern software development revolves around the concept of “quality”. As with all abstract concepts, “quality” is somewhat difficult to pin down, but for this article we can define it as “how well … Continue reading

Posted in Basefarm SIRT, IT security | Tagged , | Comments Off on We wrote tests for our third-party security libraries, and you won’t believe what happened next! (CVE-2017-8028)

BF-SIRT Newsletter 2017-43

This weeks top stories is that Bad Rabbit, a new Petya-like ransomware is spreading, and Reaper, a new Mirai-like Iot botnet, has been detected and is many times larger. A recent report concludes that cybercriminals focus on the shipping and … Continue reading

Posted in Basefarm SIRT, IT security | Tagged , | Comments Off on BF-SIRT Newsletter 2017-43

BF-SIRT Newsletter 2017-42

This weeks top stories is that a serious flaw in the WPA2 protocol lets attackers intercept network traffic (KRACK), and a factorization flaw in TPM chips makes attacks on RSA private keys feasible (ROCA). You can also read about how … Continue reading

Posted in Basefarm SIRT, IT security | Tagged , | Comments Off on BF-SIRT Newsletter 2017-42

BF-SIRT Newsletter 2017-41

This weeks top stories is that Kaspersky reportedly modified its AV to help Russia Government spy, and in the latest string of AWS S3 bucket embarrassments Accenture left four servers of sensitive data completely unprotected. You can also read about … Continue reading

Posted in Basefarm SIRT, IT security | Tagged , | Comments Off on BF-SIRT Newsletter 2017-41

BF-SIRT Newsletter 2017-40

This weeks top stories is that Yahoo says all 3 billion accounts was hit by the 2013 hack and Google Security researchers have discovered seven serious vulnerabilities in Dnsmasq. Security researchers have developed a variant of the Rowhammer attack that … Continue reading

Posted in Basefarm SIRT, IT security | Tagged , | Comments Off on BF-SIRT Newsletter 2017-40

BF-SIRT Newsletter 2017-39

This weeks top stories is an update on how the CCleaner APT security incident targeted large technology companies, and a Deloitte breach affecting all company email. A couple of new stories are currently evolving, including an easy-to-exploit flaw in Linux … Continue reading

Posted in Uncategorized | Comments Off on BF-SIRT Newsletter 2017-39

BF-SIRT Newsletter 2017-38

This weeks top stories is that popular software CCleaner made part of a supply chain attack targeting tech giants, and about a massive Viacom breach through Amazon Web Services. There is an Apache bug that leaks contents of server memory, … Continue reading

Posted in Basefarm SIRT, IT security | Tagged , | Comments Off on BF-SIRT Newsletter 2017-38