Basefarm SIRT Newsletter 26

Basefarm is now officially a full member of the global security organization FIRST, an umbrella organization that brings together trusted computer incident security teams from around the world!

FIRST (the Forum of Incident Response and Security Teams) aims to facilitate collaborative incident management to quickly tackle and prevent incidents and facilitate the exchange of information between FIRST members. The organization has now accepted Basefarm as a full member; this means that Basefarm has met FIRST’s stringent security standards – which are high due to the level of trust demanded by the other FIRST members in order to share security-related information. Basefarm now joins the ranks of organizations such as Apple, AT&T, Ernst & Young, IBM, INTERPOL, Juniper, NASA, Paypal, Symantec, Visa and VeriSign.
You can read more about this here.

In other news, a flaw in Facebook has been fixed that allowed for account to be easily compromised. The after effects of PRISM can also be noted largely in the news coming out. There’s also been a security update for WordPress, and it’s suggested to update as soon as possible.

Top 5 Business Intelligence links
The State of Security
What Can Big Brother Teach Us About IT Security?
Patching The Ethical Bypass Flaw
South Korea and US government hacks blamed on DarkSeoul group
Data breaches: Telcos and ISPs have 24 hours to come clean, says EU

Top 5 Miscellaneous Security links
Download me—Saying “yes” to the Web’s most dangerous search terms
Carberp Source Code Leaked
Opera network cracked
How to hack any Facebook account in under a minute, by sending just one SMS
Chinese Hackers group ‘Comment Crew’ is still active and operating under cover

Basefarm SIRT Posts
Basefarm joins FIRST
WordPress 3.5.2 is released/

WordPress 3.5.2 Maintenance and Security Release

There’s a new security and maintenance release for WordPress released (3.5.2) available, fixing 12 bugs.
To quote WordPress;

This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

More information:
http://core.trac.wordpress.org/query?status=closed&group=resolution&milestone=3.5.2
http://wordpress.org/news/2013/06/wordpress-3-5-2/

Basefarm SIRT Newsletter 25

This week, the newsletter comes out a day in advance due to tomorrow being Midsummer celebrations in Sweden! Microsoft has joined Google, Mozilla, and the rest by finally offering a bug bounty where it will pay up to $150000 per vulnerability. Attackers are also, as usual, taking advantage of the latest buzz (in this case PRISM) and are sending out fake phising mails. As to our own blog posts, we go through HP iLO, Java JRE/JDK and Puppet vulnerabilities that should be patched as soon as possible!

Top 5 Business Intelligence links
The Web Cookie Is Dying. Here’s The Creepier Technology That Comes Next
Microsoft announces standing bug bounty program
“Nej till Google!” – Sweden tells a local council that Google’s cloud is a no-go area
Why Are We So Slow To Detect Data Breaches?
EU’s Cybersecurity Strategy gets harsh criticism from data protection advocate

Top 5 Miscellaneous Security links
Double Cashing With Mobile Banking
Chinese hackers launch PRISM scare campaign
LinkedIn DNS hijacked, site offline
Carberp toolkit now available for just $5k
Rich Mogull on Apple Security Strategy

Basefarm SIRT Posts
Oracle Patches JDK/JRE
HP iLO3 and iLO4 affected by unauthorized access vulnerability
Puppet Unauthenticated Remote Code Execution Vulnerability

Puppet Unauthenticated Remote Code Execution Vulnerability

When making REST api calls, the puppet master takes YAML from an untrusted client, deserializes it, and then calls methods on the resulting object. A YAML payload can be crafted to cause the deserialization to construct an instance of any class available in the ruby process, which allows an attacker to execute code contained in the payload.

Status
Resolved in Puppet 2.7.22, 3.2.2
Resolved in Puppet Enterprise 2.8.2

More information: http://puppetlabs.com/security/cve/cve-2013-3567/

Oracle Patches JDK/JRE

Oracle have released information about multiple critical Java vulnerabilities which affects JDK/JRE.

Affected product releases and versions
JDK and JRE 7 Update 21 and earlier
JDK and JRE 6 Update 45 and earlier
JDK and JRE 5.0 Update 45 and earlier
JavaFX 2.2.21 and earlier

Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible. This Critical Patch Update contains 40 new security fixes across Java SE products of which 4 are applicable to server deployments of Java.

More information: http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html

iLO3 and iLO4 affected by unauthorized access vulnerability

VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP Integrated Lights-Out iLO3 and iLO4 using Single-Sign-On (SSO). The vulnerability could be remotely exploited resulting in unauthorized access.

References: CVE-2013-2338 (SSRT101180)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Integrated Lights-Out 3 (iLO3) firmware versions prior to v1.57.
HP Integrated Lights-Out 4 (iLO4) firmware versions prior to v1.22.

More information: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c03787836

Basefarm SIRT Newsletter 24

The big story this week, and I don’t think there’s anyone who could have missed it, is how Snowden revealed the NSAs PRISM Spy Program. We touched this subject briefly in another newsletter post (2013 week 20 newsletter ) when it was noticed that Skype logs traffic and how it shouldn’t be a surprise. In either case, this will surely bring on some interesting discussions about online “privacy”. Gartner has also released some information about security, revealing the top 10 security myths and how the security market is expected to grow by 8.7 percent this year. Those finding their security tokens an annoyance will also want to check out Motorolas latest invention which is a token inside a pill that emits signals to your computer or tablet after you’ve swallowed it. It’s also that time of the month again, Patch Tuesday, which means updates to Microsoft and Adobe products, so make sure you have a look at the post below.

Top 5 Business Intelligence links
Gartner reveals Top 10 IT Security Myths
Gartner: Worldwide Security Market To Grow 8.7 Percent In 2013
Google warns of spike in political Iranian phishing attacks
Banks “ignore early warnings” of cyber attacks, says Australian security chief
EU to vote on harsher penalties for hackers

Top 5 Miscellaneous Security links
NSA Whistleblower: The Ultimate Insider Attack
Forgot your password? Just take a pill
Eight members of international cybercrime ring charged
Man charged with running credit data ring containing 1.1M cardholders
Operation Hangover: more links to the Oslo Freedom Forum incident

Basefarm SIRT Posts
Patch Tuesday June 2013

Patch Tuesday June 2013

Patch Tuesday is upon us yet again. This time, Microsoft fixes one Critical issue and four Important issues. It’s advised to apply these as soon as possible through Windows Update.

  • Critical Windows and Internet Explorer: Can allow remote code to be executed.
  • Important Windows: May allow data to leave the vulnerable system.
  • Important Windows: Exploit may create a Denial of Service (DDoS).
  • Important Windows: May allow privilege elevation.
  • Important Office: (Windows and OS X): Can allow remote code to be executed.


Adobe on the other hand, have released an update to Adobe Flash Player which fixes a vulnerability that could crash and potentially take over a system which doesn’t have the latest version.

More information:
http://technet.microsoft.com/en-us/security/bulletin/ms13-jun
http://www.adobe.com/support/security/bulletins/apsb13-16.html

Basefarm SIRT Newsletter 23

This week goes through the after affects of the Liberty Reserve shut down has had on the underground scene. We also check out how attacks are usually worse than they can initially seem, as well as news of Google being ordered to hand over information to the FBI without a warrant. Those running OS X are recommended to check out our post about the latest update as it concerns quite a few critical issues.

Top 5 Business Intelligence links
Underweb Payments, Post-Liberty Reserve
The Changing Landscape of DDos
Most small businesses can’t restore all data after a cyber attack
Chinese ‘NetTraveler’ hackers stole data from 350 organisations, says Kaspersky Lab
FDIC: 2011 FIS Breach Worse Than Reported

Top 5 Miscellaneous Security links
FBI and Microsoft in massive takedown of “Citadel” crimeware
No Java Patch For You: 93 Percent Of Users Run Older Versions Of The App
Verizon Breaks Silence on Top-Secret Surveillance of Its Customers
Google ordered to hand over sensitive users details to FBI without a warrant
Smart TVs riddled with DUMB security holes

Basefarm SIRT Posts
OS X Mountain Lion v10.8.4 Security update

OS X Mountain Lion v10.8.4 Security update

Apple have released their latest update for OS X, 10.8.4, which contains the following security updates:

SMB (Write files outside shared directory)
Ruby (Arbitrary Code Execution)
QuickTime (Arbitrary Code Execution)
QuickDraw Manager (Arbitrary Code Execution)
OpenSSL (DoS, decrypting your SSL traffic, and private key disclosure)
Disk Management (a local user can disable file vault)
Directory Service (Arbitrary Code Execution)
CUPS (Read/Write arbitary files with system privileges)
CoreMedia Playback (Arbitrary Code Execution)
CoreAnimation (visiting a webpage can cause Arbitrary Code Execution)

Along with this, a lot of security issues for Safari has been addressed such as being able to log in to previously accessed sites even if Private Browsing was used.

More information:
http://support.apple.com/kb/HT5784