Monthly Archives: June 2013

Basefarm SIRT Newsletter 26

Basefarm is now officially a full member of the global security organization FIRST, an umbrella organization that brings together trusted computer incident security teams from around the world! FIRST (the Forum of Incident Response and Security Teams) aims to facilitate … Continue reading

Posted in IT security | Tagged , , | Comments Off on Basefarm SIRT Newsletter 26

WordPress 3.5.2 Maintenance and Security Release

There’s a new security and maintenance release for WordPress released (3.5.2) available, fixing 12 bugs. To quote WordPress; This is a security release for all previous versions and we strongly encourage you to update your sites immediately. More information: http://core.trac.wordpress.org/query?status=closed&group=resolution&milestone=3.5.2 … Continue reading

Posted in IT security | Tagged , | Comments Off on WordPress 3.5.2 Maintenance and Security Release

Basefarm SIRT Newsletter 25

This week, the newsletter comes out a day in advance due to tomorrow being Midsummer celebrations in Sweden! Microsoft has joined Google, Mozilla, and the rest by finally offering a bug bounty where it will pay up to $150000 per … Continue reading

Posted in IT security | Tagged , | Comments Off on Basefarm SIRT Newsletter 25

Puppet Unauthenticated Remote Code Execution Vulnerability

When making REST api calls, the puppet master takes YAML from an untrusted client, deserializes it, and then calls methods on the resulting object. A YAML payload can be crafted to cause the deserialization to construct an instance of any … Continue reading

Posted in IT security | Tagged , | Comments Off on Puppet Unauthenticated Remote Code Execution Vulnerability

Oracle Patches JDK/JRE

Oracle have released information about multiple critical Java vulnerabilities which affects JDK/JRE. Affected product releases and versions JDK and JRE 7 Update 21 and earlier JDK and JRE 6 Update 45 and earlier JDK and JRE 5.0 Update 45 and … Continue reading

Posted in IT security | Tagged , , , , | Comments Off on Oracle Patches JDK/JRE

iLO3 and iLO4 affected by unauthorized access vulnerability

VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP Integrated Lights-Out iLO3 and iLO4 using Single-Sign-On (SSO). The vulnerability could be remotely exploited resulting in unauthorized access. References: CVE-2013-2338 (SSRT101180) SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. … Continue reading

Posted in IT security | Tagged , , | Comments Off on iLO3 and iLO4 affected by unauthorized access vulnerability

Basefarm SIRT Newsletter 24

The big story this week, and I don’t think there’s anyone who could have missed it, is how Snowden revealed the NSAs PRISM Spy Program. We touched this subject briefly in another newsletter post (2013 week 20 newsletter ) when … Continue reading

Posted in IT security | Tagged , , | Comments Off on Basefarm SIRT Newsletter 24

Patch Tuesday June 2013

Patch Tuesday is upon us yet again. This time, Microsoft fixes one Critical issue and four Important issues. It’s advised to apply these as soon as possible through Windows Update. Critical Windows and Internet Explorer: Can allow remote code to … Continue reading

Posted in IT security | Tagged , , | Comments Off on Patch Tuesday June 2013

Basefarm SIRT Newsletter 23

This week goes through the after affects of the Liberty Reserve shut down has had on the underground scene. We also check out how attacks are usually worse than they can initially seem, as well as news of Google being … Continue reading

Posted in IT security | Tagged , | Comments Off on Basefarm SIRT Newsletter 23

OS X Mountain Lion v10.8.4 Security update

Apple have released their latest update for OS X, 10.8.4, which contains the following security updates: SMB (Write files outside shared directory) Ruby (Arbitrary Code Execution) QuickTime (Arbitrary Code Execution) QuickDraw Manager (Arbitrary Code Execution) OpenSSL (DoS, decrypting your SSL … Continue reading

Posted in IT security | Tagged , , | Comments Off on OS X Mountain Lion v10.8.4 Security update