BF-SIRT Newsletter 2014-35

Welcome to the newsletter! This week’s top stories include how 220 million records were stolen in a South Korean data breach and about a Massive cyber attack on oil and energy industry in Norway.

Top 5 Security links
220 million records stolen, 16 arrested in massive South Korean data breach
Massive cyber attack on oil and energy industry in Norway
Duping the machine – the cunning malware that throws off researchers
Netflix open sources internal threat monitoring tools
Russia-based hackers prime suspects in JPMorgan mega-breach

Top 5 Business Intelligence links
Security spending gets boost from mobile, social and cloud, says Gartner
Attack targets firms from the automobile industry in Europe
Akamai warns: SMB security remains major risk
Why every security-conscious organization needs a honeypot
Nearly 70 percent of IT pros target of weekly phishing attacks, HP finds

BF-SIRT Newsletter 2014-34

Welcome to the newsletter! This week we have stories about how Heartbleed implicated in US hospital megahack and a two part story about NSA BIOS Backdoor a.k.a. God Mode Malware Part 1: DEITYBOUNCE. On our own posts we also cover how Databases in Sweden were stolen with SQL Injection attacks and how to avoid them.

Top 5 Security links
NSA BIOS Backdoor a.k.a. God Mode Malware Part 1: DEITYBOUNCE
NSA Backdoor Part 2, BULLDOZER: And, Learn How to DIY a NSA Hardware Implant
Lorem Ipsum: Of Good & Evil, Google & China
Disguising Exfiltrated Data
Hacking Traffic Lights is Amazingly Really Easy

Top 5 Business Intelligence links
Infographic: Major security skills shortages
Hillary Clinton’s Phone Intercepted by German intelligence Agency
QUANTUM Technology Sold by Cyberweapons Arms Manufacturers
Heartbleed implicated in US hospital megahack
Cridex Malware Takes Lesson From GameOver Zeus

BF-SIRT Posts
Databases stolen with SQL Injection attacks and how to avoid them

Databases stolen with SQL Injection attacks and how to avoid them

Multiple Swedish websites have had the misfortune of being the target of SQL Injection attacks. For example, techworld.se wrote this monday an article about Allabolag who, unfortunately, got to experience SQL Injection attacks.

SQL Injections are possible due to mistakes done when coding an application,
and means that and as a result sensitive information from databases could be stolen.

How do you avoid attacks?

You should make sure your website cannot be the target of a SQL injection, as that can, amongst other things, read sensitive data from the database and in some cases issue commands to the operating system. Because of this, it’s highly recommended to review and test your code before publishing it online. While this may seem daunting at first, you’ll see that it does not take that much effort once you’ve read up on it and know what to look for. The two easiest ways to mitigate SQL injection attacks are Parameterized queries using bound, typed parameters and Careful use of parameterized stored procedures.

It is also advised to place a WAF, Web Application Firewall, in front as this will assist in blocking harmful attack attempts towards your website. A WAF will assist in protecting your website against SQL Injections, but it can also give you multiple other features such as being able to block known exploits, as previously mentioned in our Christmas Calendar for 2014.

BF-SIRT Newsletter 2014-33

Welcome to the newsletter! During this week we’ve been able to read about how NSA Accidentally Took Down Syria’s Internet While Infiltrating Central Router System, how Xiaomi Phones Secretly Sending Users’ Sensitive Data to Chinese Servers and the fact that most people think public Wi-Fi is safe. It’s also been time for this month’s Patch Tuesday, so make sure you update your Adobe and Microsoft products!

Top 5 Security links
NSA Accidentally Took Down Syria’s Internet While Infiltrating Central Router System
Android “Heart App” virus spreads quickly, author arrested within 17 hours
Xiaomi Phones Secretly Sending Users’ Sensitive Data to Chinese Servers
DefCon: Stolen data markets are as organized as legitimate online businesses
Millions of PCs affected by mysterious computrace backdoor

Top 5 Business Intelligence links
Most people think public Wi-Fi is safe. Seriously?
Fifteen countries KO’d in malware one-two punch
86% of hackers don’t worry about repercussions
Gmail introduces filters for non-Latin characters, weeding out more phishing emails
What caused today’s Internet hiccup

Basefarm Posts
Patch Tuesday August 2014

Patch Tuesday August 2014

Another month, another patch tuesday!

Microsoft has released updates to address vulnerabilities in Windows, Office, SQL Server, Server Software, .NET Framework, and Internet Explorer as part of the Microsoft Security Bulletin Summary for August 2014. Some of these vulnerabilities could allow remote code execution, elevation of privilege, or security feature bypass.

Adobe has released security updates to address multiple vulnerabilities in Flash Player, Adobe Reader and Acrobat. Exploitation of these vulnerabilities could potentially allow an attacker to take control of the affected system.
Users and administrators are encouraged to review Adobe Security Bulletins APSB14-18 and APSB14-19, and apply the necessary updates.

More information:
https://technet.microsoft.com/library/security/ms14-aug
http://helpx.adobe.com/security/products/reader/apsb14-19.html
http://helpx.adobe.com/security/products/flash-player/apsb14-18.html

https://www.us-cert.gov/ncas/current-activity/2014/08/12/Adobe-Releases-Security-Updates-Flash-Player-Adobe-Reader-and
https://www.us-cert.gov/ncas/current-activity/2014/08/12/Microsoft-Releases-August-2014-Security-Bulletin

BF-SIRT Newsletter 2014-32

Welcome to the newsletter! The biggest news this week is about how a group in Russia have manages to amass 1.2B email account credentials, and on top of that there are some posts of our own regarding OpenSSL, Drupal and WordPress. DDoS attacks are also going down, given that NTP servers are being patched which is great news, but it’s likely that other services will be abused instead.

Top 5 Security links
New site recovers files locked by cryptolocker ransomware
How to find website vulnerabilities using Wikto
QA on the reported theft of 1.2B email accounts
Hacker group targets video game companies to steal source code
New malware has no files

Top 5 Business Intelligence links
HTTPS used as ranking signal for Google searches
Crouching Yeti APT campaign stretches back four years
92% of brands fail email security test
Russian hackers amass 1.2B email accounts
DDoS attack volumes plummet as NTP servers got patched

Basefarm Posts
OpenSSL update available – patches 9 vulneabilities
WordPress and Drupal patched for DDoS vulnerability

WordPress and Drupal patched for DDoS vulnerability

WordPress and Drupal have been patched for, amongst other things, a vulnerability that allows an attacker to take down a WordPress or Drupal site.

The PHP XML parser used by both projects has a XML-RPC endpoint is vulnerable to an XML entity expansion attack and other related XML payload attacks which can cause CPU and memory exhaustion and the site’s database to reach the maximum number of open connections. Any of these may lead to the site becoming unavailable or unresponsive (denial of service).

Users of WordPress should upgrade to 3.9.2 as soon as possible: https://www.drupal.org/SA-CORE-2014-004

More information:

OpenSSL update available – patches 9 vulneabilities

OpenSSL have released a security patch, which amongst other things fixes a vulnerability that would allow for a DDoS.

OpenSSL 0.9.8 users should upgrade to 0.9.8zb
OpenSSL 1.0.0 users should upgrade to 1.0.0n.
OpenSSL 1.0.1 users should upgrade to 1.0.1i.

You can read the full release notes here: https://www.openssl.org/news/secadv_20140806.txt

BF-SIRT Newsletter 2014-31

Welcome to this week’s newsletter! As you’re aware, we’ve had a bit of a break due to the summer holidays, but the newsletter is now back with information to go around!

Top 5 Security links
How Spammers Spoof Your Email Address (and How to Protect Yourself)
Multipath TCP Introduces Security Blind Spot
Putin: Crack Tor for me and I’ll make you a Millionaire
Fake GoogleBots are third most common DDoS attacker
Attackers install DDoS bots on Amazon cloud, exploiting Elasticsearch weakness

Top 5 Business Intelligence links
The Data Dangers of Free Public Wi-Fi
‘Things’ on the Internet-of-things have 25 vulnerabilities apiece
375 million customer records compromised in 2014
Only ‘3% of web servers in top corps’ fully fixed after Heartbleed snafu
Canada blames China for cyber intrusion at National Research Council