BF-SIRT Newsletter 2014-09

The most talked about news this week were regarding Apple and how an Apple Encryption Mistake Puts Many Desktop Applications At Risk. Other interesting news are how the Source Code for Android Ibanking Bot Surfaces on Underground Forum, and how F1 team Marussia was hit by Trojan virus.

Top 5 Security links
Apple Encryption Mistake Puts Many Desktop Applications At Risk
South Korea plans Stuxnet-style cyber weapons to sabotage North’s nuclear program
New iOS Flaw Allows Malicious Apps to Record Touch Screen Presses
F1 team Marussia hit by Trojan virus
Source Code for Android Ibanking Bot Surfaces on Underground Forum

Top 5 Business Intelligence links
AT&T and IBM Cement Security Partnership
IE Zero-day Exploit Being Used in Widespread Attacks
Oracle Introduces Mobile Security Suite for Android and iOS
Third-party programs responsible for 76% of vulnerabilities in popular software
RSA’s Coviello: Historic shift in IT use is changing society and culture

Basefarm SIRT Posts
Apple Security Updates

Apple security updates

Apple have released multiple critical security updates for iOS, OS X, Safari and Quicktime. These updates fixes critical issues with SSL traffic, so make sure you update as soon as possible.
The updates will push your iOS devices to 7.0.6, your OS X to 10.9.2, your Quicktime to 7.7.5 and Safari to 7.0.2 (included in the 10.9.2 version of OS X).

More information:

How to outsource your mission critical services in a secure way

Today more than 30 000 sites are hacked everyday*. It means that they get hacked, modified or alerted by someone placing hidden viruses, which are then transferred to the computer or device who visits the site. The numbers are breathtaking and the trend suggests that the numbers will increase to 40,000 per day by years end. With this in mind, let us simply conclude: most companies today are like a swiss cheese with hole in it. Therefore it is a good idea to outsource your mission critical services to a hosting provider that has the best defenses in place.

As Dante already said in the 1200th century; “there are circles of hell”. That is why the first question we ask to those who want to outsource their mission critical services: “What are your security needs – really?” Are you a hot dog stand or a Fort Knox? Security officers often want to turn a hot dog stand into a fortress if given the chance. While developers can turn Fort Knox to an open hot dog stand, without knowing it. So, how do you outsource your mission critical services in a secure way?

We recommend that it is best to describe the requirements at the component level and get help to see how components interact without compromise, both technically and socially. The latter is just as important because our own employees are often an organization’s biggest threat. Policies and procedures must be implemented internally and you have to create a culture with safety thinking, that understands how important this is. Our customers have a good safety mindset because they appear in sensitive industries with mission critical services, but all companies, organizations and authorities should consider and incorporate safety in their operations. To help you out a get started our VP Global Sales, Stefan Månsby, has created a small checklist with 8 tips for secure IT outsourcing for IT managers to consider:

8 tips for secure IT outsourcing

  1. Define the area/delimit – which systems etc should be included by this? For instance, is your payment platform process flow really separated from your internal systems, like e-mail?
  2. Calculate the cost to do this by yourself: X/users/month – do this to create an image for yourself, do your homework and do not lie to yourself. Also, the quotes you receive from your potential partners becomes easier to compare.
  3. Investigate possible legal challenges – are we allowed to outsource the environment, are there any legal restrictions like geographical limitation requirements that needs to be taken into consideration?
  4. What “evidence” of security experience can the hosting supplier provide you with? – you want a supplier who is just as beautiful the day after the party, someone who can keep your high standard day one as well as day 900. Look for evidence for example track record and if the hosting provider can hold the certifications not only today but after year and year.
  5. What are my compliance requirements (today/tomorrow)? – day one of our outsourcing strategy may not include security or compliance requirements, but please do assume that you one day will have to include compliance and therefore should avoid having the cost of changing outsourcing partner as your security requirements advances.
  6. How do the hosting provider handle Multi-tenancy? – how would the hosting partner isolating its different clients environments?
  7. Does the provider has its own 24/7 security organization? – secure 24/7 to handle all kind of attacks
  8. References – references are king. Look for references and compare hosting providers!

*Source: Trustwave


BF-SIRT Newsletter 2014-08

We have a new Adobe Flash Vulnerability that everyone should look into patching (unless they run a browser such as Google Chrome which will auto-patch Flash). There is also some interesting information regarding what’s happening on Silk Road, as well as some information about the latest sites that have been victims of database exfiltrations.

Top 5 Security links
Silk Road reboot claims: Hacker STOLE all our Bitcoin funds
SEA hacks Forbes, steals and leaks 1M user records
Russian cybercrooks shun real currencies, develop private altcoins
Kickstarter Compromised, User Data stolen
300,000 Usernames and Passwords posted to Pastebin

Top 5 Business Intelligence links
Lessons learned from blocking 100 million cyber attacks
96 percent of apps have security vulnerabilities
Conspiracy theories rage as 100 website defacements hit Singapore
Most organizations are unable to resolve a cyber attack
New variant of Zeus banking trojan concealed in JPG images

Basefarm SIRT Posts
Adobe Flash Vulnerability

Adobe Flash Vulnerability

Adobe has released security updates for Adobe Flash Player and earlier versions for Windows and Macintosh and Adobe Flash Player and earlier versions for Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of reports that an exploit for CVE-2014-0502 exists in the wild, and recommends users update their product installations to the latest versions.

You can find some tips regarding Flash here;

More information:

BF-SIRT Newsletter 2014-07

Basefarm has been a member of FIRST for some time already, and with recommendations from other teams we’re now also listed under TF-CSIRT.
For this month’s Patch Tuesday, Microsoft also made a special recommendation for users to install EMET,which is a free toolkit for deploying and configuring security mitigation technologies (it assists with keeping your Windows system more secure). Adobe has also released critical updates for their Shockwave product, so users of it should update as soon as possible (you can find more information under the Basefarm SIRT Posts).

Top 5 Security links
Technical Details Behind a 400Gbps NTP Amplification DDoS Attack
Email Attack on Third Party Vendor Set Up Breach at Target
New Trojan, “CoinThief,” Targets Mac Users, Steals Bitcoins
Cyberespionage Operation ‘The Mask’ Compromised Organizations in 30+ Countries

Top 5 Business Intelligence links
As Crimeware Evolves, Phishing Attacks Increase
Statistics Point to Increased Physical Danger Risks of Cyberterrorism
New Global Partnership To Fight Cybercrime
Facebook: At Least 67 million Accounts Are Fake
Encryption Use Continues To Grow

Basefarm SIRT Posts
Patch Tuesday February 2014

Patch Tuesday February 2014

Microsoft has fixed a number of critical updates which should be applied as quickly as possible through Windows Update. These vulnerabilities can cause someone to potentially take over your system. This month, Microsoft is also recommending users to install EMET which is a free toolkit for deploying and configuring security mitigation technologies (it assists with keeping your Windows system more secure).

Adobe has released a security update for Adobe Shockwave Player and earlier versions on the Windows and Macintosh operating systems. This fixes a Critical vulnerability, so users of Adobe Shockwave need to upgrade directly.
It’s not everyone who has Shockwave, but if you do you can see what version of Shockwave you have here;
Should you not see an animation below the “ADOBE SHOCKWAVE PLAYER” test then that means you don’t have Shockwave (and should not install the update).
Those running an old version of Shockwave should uninstall it if they don’t need it for something specific, or update if it is really required to use Shockwave (it’s not common to need it):

More information:

Looking back at 2013

2014 is already in its second month! A new year always appears as a new start, but in most ways it’s just a steady continuation of history. I’m happy to say that “The History of Basefarm, chapter 2013” is nice reading.

An increasing base of challenging customers trust us with their business critical IT systems. Our staff is strengthened by more than 50 skilled, dedicated employees, adding nicely to the 300 we already had on board. Our financial results are sound, and Basefarm is a safe and good place to work as well as a sustainable partner. In other words: More of the same development we have seen throughout our almost 14 years of operation.

In at least two ways, entering into 2014 also represents a milestone for Basefarm: We’ve celebrated our first year’s anniversary with our new owners, which has given us valuable insight into being part of a more international business society. From 1.1.2014 we have also changed our organizational setup thus enabling our three companies to work as ONE Basefarm.

People to build the business
The number of employees increased almost 18% last year, and we are now approaching 350. We also received a nice increase in the trust index of our employee survey that we are really proud of. After just one month with the new organization we can already see that collegues are working more with each other across the borders. Which they also seem to enjoy! By the way, we are still hiring if you are interested in joining our team!

New certifications in place
Last spring we passed the ISO 27001 certification (for security). We also completed the ISO 14001 certification for environmental management.  In addition, we completed the yearly confirmation of our PCI-DSS certification on Level 1.

FIRST Membership
We’re now a member of the global security organization FIRST; an umbrella organization that brings together trusted computer incident security teams from around the world. FIRST gives us the opportunity to more effectively respond to security incidents and work proactively with other organizations.

Collaboration with customers
Our customer satisfaction remained high also during 2013; still a score above 5 on a scale from 1 to 6 in our customer survey. We have also acquired many new interesting customers and partners. To mention a few: Cognizant – a huge international provider, with whom we cooperate on the deliveries to Orkla – supplier of consumer goods. Klarna – an e-commerce company that provides payment solutions for online storefronts and Helse Sør-Øst (South-Eastern Norway Regional Health Authority with 56% of the total population of Norway).

Chess world champion played checkmate in our cloud
Last year we were in collaboration with the new chess world champion Magnus Carlsen helping him to train using his chess applications in our cloud. Carlsen turned to Basefarm to ensure optimal preparation for the autumn’s World chess championship in Chennai, India.

Management award – all thanks to the team
As a CEO and co-founder of the Basefarm group, I just have to end the highlights of the year in 2013, by saying that I’m really proud that I was named the “IT-leader of the year” by the Norwegian Computer Society at the Rosing awards. The award is shared with everyone in Basefarm. It is all down to systematic and thorough teamwork over the years that has made Basefarm what we are today!

2014 – new year, new opportunities!
I’m looking forward to another exciting and inspiring year with good customers, partners and employees! Please remember (this year like the previous ones): having fun and delivering professional services works very well together!


BF-SIRT Newsletter 2014-06

Top news for this week are that Adobe Flash users need to quickly patch in order to avoid falling victim of the latest Adobe Flash exploit that is in the wild. You can read more about this on our blog. Sweden’s largest newspaper, Aftonbladet, has fallen victim of someone in their advertisement network spreading FakeAW Malware to users who aren’t expecting to be infected by a regular site such as Aftonbladet. There is a blog post here that is written by Bart Blaze, that goes into detail about it, and those interested to learn more about FakeAV can check out the article by net-security on How a fake antivirus attack works.
The latest “>Ouch! has also been released. In this newsletter, SANS explain what malware is, who is developing it, why and how to protect yourself against it.

Top 5 Security links
Swedish newssite compromised
PNG image metadata leading to iframe injections
War on Anonymous: British Spies Attacked Hackers, Snowden Docs Show
Gameover ZeuS adds nasty trick
New Flash Exploit Used to Distribute Credential-stealing Malware

Top 5 Business Intelligence links
How a fake antivirus attack works
Police ransomware: A multimillion business
DDoS attacks used to influence stock prices
“>Ouch! February 2014
Security Tip (ST14-001) – Sochi 2014 Olympic Games

Basefarm SIRT Posts
Adobe Flash Zero Day Exploit

Adobe Flash Zero Day Exploit

There is a vulnerability available for Adobe Flash Player that means anyone running anything but the latest version of Flash has the risk of being infected by malware when browsing a website. One of the most common ways to get infected these days are by drive-by methods, which means that a common website will unknowingly start serving malware through advertisement systems or by simply getting compromised.

It doesn’t matter if you run MAC OS X, Windows or Linux; Flash is universal and everyone run the risk if they are not keeping up-to-date (same as with Java).

I really wish I could say that this is an uncommon or ground-breaking attack vector, but unfortunately it’s the same as with Java – new exploits are coming every month and those who do not keep up-to-date will get compromised. You can find multiple other entries by, for example, searching for patch tuesday;

For those who are unsure if they are vulnerable to this, you can browse to this page to see the status of your plugins (should work with all browsers), and update as necessary:

It could even be a good idea to set it as your start-page in order to verify your browser each and every day.

As we mentioned in a previous newsletter ( ), you should really turn on “click-to-play” in your browser for flash and other objects (or use NoScript or something similar, but that’s for more technical people).

I personally recommend using Chrome as your browser. The reason for this is that Flash will auto update itself without you having to do anything, whenever there is a new release. So, those running Chrome does not need to worry about this specific vulnerability.

You can check which version of Flash you’re running by going to this website:

It should say you’re running 12.0.44 if you’re running Mac/Windows, and if you are running Linux.

You can find more information here: