Basefarm SIRT Newsletter 22

This week we had the U.S. Government seize the online currency site Liberty Reserve due to being a “financial hub of the cybercrime world”. There is also an interesting articles from arstechnica how easy it is to decrypt passwords, and how easy it is to be branded a “hacker”. When it comes to our own posts we suggest that you take a look at each of them as they contain information about DoS-vulnerabilities for those running older versions of ModSecurity, as well as going over how Drupal.org got hacked – resulting in ~1 million drupal.org accounts being compromised.

Top 5 Business Intelligence links
U.S. Government Seizes LibertyReserve.com
Confidential report lists U.S. weapons system designs compromised by Chinese cyberspies
New Computer Attacks Traced to Iran, Officials Say
China announces giant military hackathon
Profiling modern hackers: Hacktivists, criminals, and cyber spies

Top 5 Miscellaneous Security links
Anatomy of a hack: How crackers ransack passwords like “qeadzcwrsfxv1331”
Reporters use Google, find breach, get branded as “hackers”
A Peek Inside the Russian Underground Market for Fake Documents/IDs/Passports
PayPal refuses to pay bug-finding teen
Hammond pleads guilty to Stratfor hack: ‘It’s a relief’

Basefarm SIRT Posts
ModSecurity 2.7.4 released – fixes critical DoS vulnerability
Ruby on Rails Exploit publicly used in the wild
Drupal.org compromised – 967,659 users and (hashed) passwords stolen

Ruby on Rails Exploit publicly used in the wild

The exploits mentioned on the blog in January for Ruby on Rails are now publicly being exploited in the wild. While this exploit has been known and surely used quite a bit since then, it shows the importance of patching in order to avoid having your server becoming the victim of an attack.

More information:
http://jarmoc.com/blog/2013/05/28/ror-cve-2013-0156-in-the-wild/

Drupal.org compromised – 967,659 users and (hashed) passwords stolen

The Drupal.org Security Team and Infrastructure Team has discovered unauthorized access to account information on Drupal.org and groups.drupal.org.

Information exposed includes usernames, email addresses, and country information, as well as hashed passwords. However, we are still investigating the incident and may learn about other types of information compromised, in which case we will notify you accordingly. As a precautionary measure, we’ve reset all Drupal.org account holder passwords and are requiring users to reset their passwords at their next login attempt. A user password can be changed at any time by taking the following steps.

Go to https://drupal.org/user/password
Enter your username or email address.
Check your email and follow the link to enter a new password.
It can take up to 15 minutes for the password reset email to arrive. If you do not receive the e-mail within 15 minutes, make sure to check your spam folder as well.

Using the same password for different websites is a very bad idea, and you should avoid it as much as you can. Security tips regarding passwords can be found in our newsletter here: http://blog.basefarm.com/blog/2013/03/08/basefarm-sirt-newsletter-2013-03-08/

More information: https://drupal.org/news/130529SecurityUpdate

ModSecurity 2.7.4 released – fixes critical DoS vulnerability

A new stable release of ModSecurity (2.7.4) was released yesterday, fixing an issue where an attacker could cause a DoS on a server running ModSecurity. It is recommended to upgrade as soon as possible.

More information:
http://www.modsecurity.org/
https://github.com/SpiderLabs/ModSecurity/blob/master/CHANGES
http://www.shookalabs.com/

Geek day 2013

Tomorrow is the official Geek day for geeks and nerds around the world. The Geek day has been celebrated on May 25 since 2006. The day originated in Spain as “Día del Orgullo Friki” and with help from internet it has been spread worldwide.

What is a geek?
In my opinion I see a geek as a person who have a passion for something and is an expert within a specific field. I know that I share this approach with my colleagues, we are geeks because of our passion for technology. Our movie called “Basefarm behind the scenes” describes pretty well what geekiness is for us at Basefarm. In the movie we take you to one of our data centres and talk about all the technology behind the solutions. Click on this link to show our movie.

How geeky are you?
At this point you might wonder how geeky you are? I actually did a geek test to find out how geeky I am and got the answer “Somewhat nerdy”. See the result on the picture below and do the test to find out how geeky you are.

geek-test

What is geekiness for you and what kind of geek are you? I’m glad if you would like to share your thoughts. Have a great Geek day tomorrow!

Basefarm SIRT Newsletter 21

News links for this week goes through a bit of a mix, containing articles such as a three part interview with a Blackhat hacker which is interesting to read through. Another interesting article, which although is a very old subject, is TheRegister talking about how having WiFi turned on your phone could be a bad idea. To get an idea how easy it is to set this up you can browse over to HakShop who have been selling a box since 2008 which is taking advantage of this.

Top 5 Business Intelligence links
Aha, I see you switched on your mobile Wi-Fi. YOU FOOL!
NC Fuel Distributor Hit by $800,000 Cyberheist
The Global Cyber Game
Operation Aurora hack was counterespionage, not China picking on Tibetan activists
Rise In Sophisticated, Targeted Cyber Attacks Heightens Demand for Intrusion Prevention Systems Globally

Top 5 Miscellaneous Security links
Interview With A Blackhat
NYPD detective charged with hiring email hackers to break into colleagues’ personal accounts
Google Strengening Keys on SSL Certificates to 2048 Bits
Anonymous threat shutters Gitmo WiFi
Chinese hackers who breached Google in 2010 gained access to thousands of surveillance orders

Basefarm SIRT Newsletter 20

One of the most talked about stories this week is the fact that a company found out that Skype is actually monitoring and checking links posted. This should, in my opinion, not come as a surprise to anyone working in the IT industry. If anything, I personally assume that everything I write online is logged in one way or another.
Also, something to keep in mind is that sometimes all it takes is one employee falling for a phishing attempt as was the case when The Onion was compromised. This serves as a good reminder on the importance of mitigating such attacks through informing employees of risks and running systems which can help mitigate these kind of attacks.

Top 5 Business Intelligence links
Passwords “are starting to fail us”, says PayPal security chief
The US government might be the biggest hacker in the world
Is Microsoft reading your Skype communications?
View from inside Verizon’s security SWAT team
Five Things Every Organization Should Know about Detecting And Responding To Targeted Cyberattacks

Top 5 Miscellaneous Security links
Weakness in Adobe ColdFusion allowed court hackers access to 160K SSNs
Pushdo Botnet Morphs To Elude Hunters
Ragebooter: ‘Legit’ DDoS Service, or Fed Backdoor?
British LulzSec hackers hear jail doors slam shut for years
The Onion hack brings tears to my eyes

Basefarm SIRT Posts
http://blog.basefarm.com/blog/2013/05/14/patch-tuesday-may-2013/

Welcome to Basefarm’s bank and finance seminar in Stockholm!

shutterstock_85956517

Welcome to Basefarm’s free breakfast seminar in Stockholm for you in the bank & finance industry! May 29 we will go through everything you need to know about business critical bank and finance systems like secure payments and DDoS. We discuss practical projects and give you knowledge, inspiration and tools that are important in a digital bank and finance world. Attend by sending an e-mail to me, elin.mattsson@basefarm.se

Read more about the event (in swedish)

Hope to see you in May 29! 🙂

 

Patch Tuesday May 2013

Patch Tuesday of this month offers updates where Microsoft has released fixes for ten vulnerabilities where two of them are critical (for Windows and Internet Explorer), and eight as important. It’s recommended to update as soon as possible.

Adobe have released security updates for ColdFusion and Acrobat/Reader, which means you should update these as soon as possible.

Mozilla have also released multiple critical security updates which concerns Firefox and Thunderbird.

More information:
http://technet.microsoft.com/en-us/security/bulletin/ms13-may
http://www.adobe.com/support/security/advisories/apsa13-03.html
http://www.adobe.com/support/security/bulletins/apsb13-15.html
http://www.mozilla.org/security/announce/

Basefarm SIRT Newsletter 19

This week have had some critical vulnerabilities released, and those running ColdFusion, NginX and Internet explorer are also highly advised to look at the Basefarm SIRT posts below, as there are some critical vulnerabilities that needs addressing.
A very large and coordinated attack on ATMs allowed the attackers to withdraw $45 Million before getting caught, and an interesting part of this is that it wasn’t due to the Bank’s security system going off that they were caught – but rather as one of the members of the heist was murdured.
You can also find a very interesting story about how the Redkit (which has been in the news quite a lot lately) operates, and for those who are interested in reading more can also find the second part of it on nakedsecurity.
Prolexic have released “PLXPatrol”, a public portal showing the DDoS attacks they are tracking, at http://www.prolexic.com/plxpatrol/.

Top 5 Business Intelligence links
Pentagon Warns North Korea Could Become a Hacker Haven
Prolexic Tracks More Than 47 Million DDoS Attack Bots Worldwide
U.S. Blames China’s Military Directly for Cyberattacks
Consumer Reports: 58 Million U.S. PCs Infected With Malware
Traffic from Syria disappeared from Internet

Top 5 Miscellaneous Security links
Eight indicated in $45 Million ATM Heists
Alaska phishing pupils take over classroom computers
Subway multimillion-dollar hack ringleader pleads guilty
A closer look at the malicious Redkit exploit kit Part 1
Three-Year Hunt Nabs Hacker Who Popularized Cybercrime

Basefarm SIRT Posts
Critical ColdFusion vulnerability
Highly Critical Internet Explorer 8.0 vulnerability
Major Stack-based buffer overflow affecting some Nginx versions