Monthly Archives: October 2014

BF-SIRT Newsletter 2014-44

Welcome to the newsletter! This week you can read about A Window into russia’s cyber espionage operations and how a Coalition sheds more light on Hikit threat, Axiom spy group. You can also find information about Cyber Attacks on U.S. … Continue reading

Posted in IT security | Tagged , | Comments Off on BF-SIRT Newsletter 2014-44

BF-SIRT Newsletter 2014-43

Welcome to the newsletter! This week we cover things such as how Cyber attacks now cost businesses $1.6m per incident and how Akamai sees record-setting spikes in size and volume of DDoS attacks. There’s also news of how Google Accounts … Continue reading

Posted in IT security | Tagged , | Comments Off on BF-SIRT Newsletter 2014-43

BF-SIRT Newsletter 2014-42

Welcome to the newsletter! This week we’ve had quite a few things happen. On one side, we had SandWorm (which Microsoft has now patched in Patch Tuesday October 2014), and on the other side we’ve had the SSLv3 POODLE vulnerability … Continue reading

Posted in IT security | Tagged , | Comments Off on BF-SIRT Newsletter 2014-42

Drupageddon

Drupal 7 includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks. A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution. … Continue reading

Posted in IT security | Tagged , | Comments Off on Drupageddon

Patch Tuesday October 2014

Another month, another patch tuesday! Microsoft issued eight security bulletins that address over two dozen vulnerabilities, including previously mentioned SandWorm. Adobe has released security hotfixes for ColdFusion versions for all platforms. These hotfixes address a security permissions issue that could … Continue reading

Posted in IT security | Tagged , , , | Comments Off on Patch Tuesday October 2014

SSLv3 POODLE vulnerability

As mentioned yesterday a SSLv3 vulnerability did come out during the night. The vulnerability, called POODLE (Padding Oracle On Downgraded Legacy Encryption), have had some documentation released, and Google have created a blog post regarding it. CIRCL have summarised how … Continue reading

Posted in IT security | Comments Off on SSLv3 POODLE vulnerability

SandWorm

On Tuesday, October 14, 2014, iSIGHT Partners – in close collaboration with Microsoft – announced the discovery of a zero-day vulnerability impacting all supported versions of Microsoft Windows and Windows Server 2008 and 2012. Microsoft is making a patch for … Continue reading

Posted in IT security | Tagged , | Comments Off on SandWorm

Possible SSLv3 Vulnerability

“The Register has learned that news of yet another security vulnerability – this time in SSL 3.0 – is probably imminent.” While this is currently unverified, it’s still good to take a look at if any services of yours are … Continue reading

Posted in IT security | Tagged , | Comments Off on Possible SSLv3 Vulnerability

BF-SIRT Newsletter 2014-41

Welcome to the newsletter! This week we cover information about how there’s been a SQL Injection Vulnerability in ‘Yahoo! Contributors Network’ and how the Silk Road Lawyers Poke Holes in FBI’s Story. In light of the latest celebrity leaks we’ve … Continue reading

Posted in IT security | Tagged , | Comments Off on BF-SIRT Newsletter 2014-41

BF-SIRT Newsletter 2014-40

Welcome to the newsletter! This week you can find stories on The Unpatchable Malware That Infects USBs Is Now on the Loose and more information about Shellshock in the Wild. You can also read about how it is Inside the … Continue reading

Posted in IT security | Tagged , | Comments Off on BF-SIRT Newsletter 2014-40