Monthly Archives: August 2014

BF-SIRT Newsletter 2014-35

Welcome to the newsletter! This week’s top stories include how 220 million records were stolen in a South Korean data breach and about a Massive cyber attack on oil and energy industry in Norway. Top 5 Security links 220 million … Continue reading

Posted in IT security, Uncategorized | Tagged , | Comments Off on BF-SIRT Newsletter 2014-35

BF-SIRT Newsletter 2014-34

Welcome to the newsletter! This week we have stories about how Heartbleed implicated in US hospital megahack and a two part story about NSA BIOS Backdoor a.k.a. God Mode Malware Part 1: DEITYBOUNCE. On our own posts we also cover … Continue reading

Posted in IT security | Tagged , | Comments Off on BF-SIRT Newsletter 2014-34

Databases stolen with SQL Injection attacks and how to avoid them

Multiple Swedish websites have had the misfortune of being the target of SQL Injection attacks.¬†For example, techworld.se wrote this monday an article about Allabolag who, unfortunately, got to experience SQL Injection attacks. SQL Injections are possible due to mistakes done … Continue reading

Posted in IT security | Tagged , | Comments Off on Databases stolen with SQL Injection attacks and how to avoid them

BF-SIRT Newsletter 2014-33

Welcome to the newsletter! During this week we’ve been able to read about how NSA Accidentally Took Down Syria’s Internet While Infiltrating Central Router System, how Xiaomi Phones Secretly Sending Users’ Sensitive Data to Chinese Servers and the fact that … Continue reading

Posted in IT security | Tagged , | Comments Off on BF-SIRT Newsletter 2014-33

Patch Tuesday August 2014

Another month, another patch tuesday! Microsoft has released updates to address vulnerabilities in Windows, Office, SQL Server, Server Software, .NET Framework, and Internet Explorer as part of the Microsoft Security Bulletin Summary for August 2014. Some of these vulnerabilities could … Continue reading

Posted in IT security | Tagged , , | Comments Off on Patch Tuesday August 2014

BF-SIRT Newsletter 2014-32

Welcome to the newsletter! The biggest news this week is about how a group in Russia have manages to amass 1.2B email account credentials, and on top of that there are some posts of our own regarding OpenSSL, Drupal and … Continue reading

Posted in IT security | Tagged , | Comments Off on BF-SIRT Newsletter 2014-32

WordPress and Drupal patched for DDoS vulnerability

WordPress and Drupal have been patched for, amongst other things, a vulnerability that allows an attacker to take down a WordPress or Drupal site. The PHP XML parser used by both projects has a XML-RPC endpoint is vulnerable to an … Continue reading

Posted in IT security | Tagged , , | 1 Comment

OpenSSL update available – patches 9 vulneabilities

OpenSSL have released a security patch, which amongst other things fixes a vulnerability that would allow for a DDoS. OpenSSL 0.9.8 users should upgrade to 0.9.8zb OpenSSL 1.0.0 users should upgrade to 1.0.0n. OpenSSL 1.0.1 users should upgrade to 1.0.1i. … Continue reading

Posted in IT security | Tagged , | Comments Off on OpenSSL update available – patches 9 vulneabilities

BF-SIRT Newsletter 2014-31

Welcome to this week’s newsletter! As you’re aware, we’ve had a bit of a break due to the summer holidays, but the newsletter is now back with information to go around! Top 5 Security links How Spammers Spoof Your Email … Continue reading

Posted in IT security | Tagged , | Comments Off on BF-SIRT Newsletter 2014-31