BF-SIRT Newsletter 2014-05

This week, Arbor, in their Worldwide Infrastructure Security Report, reveals that Datacenters are now magnets for DDoS attacks. Hasbro[.]com, the US toymaker, has also been found to unknowingly be serving malware to visitors in drive-by attacks (they have around 215 000 daily visitors), which again shows that you are not safe just because you are browsing “secure” websites.
Over in Sweden, the news has mostly been about a new service called Lexbase which has caused a lot of controversy. Lexbase offered the possibility to see anyone who has been involved in any shape or form with the justice system, and you could search either by name or check on a map to see which of your neighbors had been involved with the justice system. You could not see the documents/convictions though, for that you had to pay around EUR 10. The site was up for three days, in which time it managed to be under DDoS attacks, and security flaws were found that led to the shut down of the site.
You can find more information about this here:
Site lets Swedes snoop on friends’ criminal past
Lexbase official quits as controversy rages
Lexbase goes offline following hacker attack

Top 5 Security links
Hackers used Xtreme RAT malware to gain access to Israeli Defense computer
Researchers Discover First Android Bootkit, 350,000 Devices Already Infected
Java-based malware hits Windows, Mac and Linux
Surge in mobile network infections affects millions of devices
Honey Encryption tricks Hackers with decryption deception

Top 5 Business Intelligence links
Arbor Networks’ Research Finds 36% Increase in Advanced Persistent Threats and Attacks against Mobile Networks Doubled
Arbor’s Worldwide Infrastructure Security Report
Can TVs and Refrigerators Really Spew Botnet Spam?
DDoS attacks become smarter, faster and more severe
Toy Maker Hasbro’s site serving drive-by download attacks

BF-SIRT Newsletter 2014-04

News regarding the Target attack has come out on how researchers say the Author of BlackPOS Is a Russian Teenager.
Other big news are that Microsoft Will Furnish Malware Assassin to XP Users Until Mid-2015.
Google have had some issues though with how Spammers Buy Chrome Extensions and Turn Them Into Adware.

Top 5 Security links
Author of BlackPOS Is a Russian Teenager, Researchers Say
Hacker Launches Phishing Attack From Firm’s Own Servers
16 Million Online Accounts Probably Compromised, German Government Warns
DNS Poisoning ‘Attack’ Leaves Millions In China Dangling Free Of T’ Interwebs
Three Quarters Of World’s Email Traffic Is Spam

Top 5 Business Intelligence links
Spammers Buy Chrome Extensions and Turn Them Into Adware
Microsoft Will Furnish Malware Assassin to XP Users Until Mid-2015
20M South Koreans Affected By Insider Data Theft
Motivation And Techniques Of World’s Most Sophisticated Cyber Attackers
Russian ‘Energetic Bear’ Hackers Caught Ransacking Energy Companies

BF-SIRT Newsletter 2014-03

This week was Patch Tuesday for January 2014, which means updates to Microsoft, Adobe and Oracle products. This week has also been full of news regarding the Target hack. Up to 110 million were affected by the Target data breach, which has led Target to Invest $5 Million in Cybersecurity Education. Krebs has also released A First Look at the Target Intrusion, Malware. Another big news is the fact that Microsoft extends Windows XP anti-malware support to July 2015.

Top 5 Security links
Target: Up to 110 million affected by data breach
Target to Invest $5 Million in Cybersecurity Education
A First Look at the Target Intrusion, Malware
Mobile applications being used for DDoS attacks
Spy agencies around the world use radio signals to tap data from targeted systems

Top 5 Business Intelligence links
Researchers learn Flashback trojan is still infecting Apple computers
Banking apps: insecure and badly written, say researchers
Amazon and GoDaddy are the biggest malware hosters
Cisco: Thousands of Web Hosting Centers Now Launchpads for Attacks
Microsoft extends Windows XP anti-malware support to July 2015

Basefarm SIRT Posts
Patch Tuesday January 2014

Patch Tuesday January 2014

Microsoft has released updates to address vulnerabilities in Microsoft Office, Server Software, Windows, and Microsoft Dynamics AX, as part of the Microsoft Security Bulletin Summary for January 2014. These vulnerabilities could allow remote code execution, elevation of privilege or a denial of service.

Adobe has released security updates for Adobe Flash Player (11.9.900.170) and earlier versions for Windows, Macintosh, Adobe Flash Player (11.2.202.332), and Linux to address multiple vulnerabilities that may allow an attacker to take control of the affected system.

Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.05) and earlier versions for Windows and Macintosh to address multiple vulnerabilities affecting the following software versions:
Adobe Reader XI (11.0.05) and earlier 11.x versions for Windows and Macintosh
Adobe Reader X (10.1.8) and earlier 10.x versions for Windows and Macintosh
Adobe Acrobat XI (11.0.05) and earlier 11.x versions for Windows and Macintosh
Adobe Acrobat X (10.1.8) and earlier 10.x versions for Windows and Macintosh
Exploitation of these vulnerabilities could lead to a crash or potentially allow an attacker to take control of the affected system.

Oracle has released its Critical Patch Update for January 2014 to address 144 vulnerabilities across multiple products. This update contains the following security fixes:
5 for Oracle Database Server
22 for Oracle Fusion Middleware
2 for Oracle Hyperion
4 for Oracle E-Business Suite
16 for Oracle Supply Chain Products Suite
17 for Oracle PeopleSoft Products
2 for Oracle Siebel CRM
1 for Oracle iLearning
1 for Oracle Financial Services Software
36 for Oracle Java SE
11 for Oracle and Sun Systems Products Suite
9 for Oracle Virtualization
18 for Oracle MySQL

More information:
http://technet.microsoft.com/en-us/security/bulletin/ms14-jan
http://helpx.adobe.com/security/products/acrobat/apsb14-01.html
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
http://helpx.adobe.com/security/products/flash-player/apsb14-02.html
http://www.us-cert.gov/ncas/current-activity/2014/01/10/Microsoft-Releases-Advance-Notification-January-Security-Bulletin
https://www.us-cert.gov/ncas/current-activity/2014/01/14/Adobe-Releases-Security-Updates-Adobe-Flash-Player
https://www.us-cert.gov/ncas/current-activity/2014/01/14/Oracle-Releases-January-2014-Security-Advisory
https://www.us-cert.gov/ncas/current-activity/2014/01/14/Adobe-Releases-Security-Updates-Adobe-Reader-and-Acrobat

BF-SIRT Newsletter 2014-02

Welcome back to a new year! This newsletter consist of news that has happened throughout the holiday period. Some recommended reading is how Yahoo visitors got served with malicious ads as well as how Krebs worked on Deconstructing the $9.84 Credit Card Hustle. There has also been an uprise in DDoS attacks from NTP servers, as Hackers Spend Christmas Break Launching Large Scale NTP-Reflection Attacks.

Top 5 Security links
Flash Memory Cards contain powerful unsecured microcontrollers
Deconstructing the $9.84 Credit Card Hustle
Planning to rob a Windows ATM? Ditch the sledgehammer and bring a USB STICK
Hackers Spend Christmas Break Launching Large Scale NTP-Reflection Attacks
Is XXE the new SQLi?

Top 5 Business Intelligence links
What can we expect this year?
UK CPNI Releases Spear Phishing Paper
Key trends in ransomware, evasion techniques and social attacks
A Target payment processor denies being impacted in 40M card breach
Yahoo visitors got served with malicious ads