BF-SIRT Newsletter 2014-48

Welcome to the newsletter! This week you can read about how Chinese e-cigarettes may damage your PC’s health and how Sony Pictures Dealing With Apparent Network Compromise. You can also find stories about such things as how Home Depot spent $43 million on data breach in just one quarter and Why it took antivirus giants YEARS to drill into the malware Regin.

Top 5 Security links
Chinese e-cigarettes may damage your PC’s health
Sony Pictures Dealing With Apparent Network Compromise
Driverless cars are liable to being stolen and used in terrorist attacks, report warns
Hacking Collective ‘Sits Down’ for Interview
Skimmer Innovation: ‘Wiretapping’ ATMs

Top 5 Business Intelligence links
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds
Asian mobiles the DDOS threat of 2015, security mob says
EFF, Mozilla back new certificate authority that will offer free SSL certificates
NSA director states China can shut down U.S. electric grids, report indicates
Home Depot spent $43 million on data breach in just one quarter

Basefarm SIRT Posts
WordPress 4.0.1 – Critical security release

WordPress 4.0.1 – Critical security release

The WordPress 4.0.1 security update has been released today, which addresses 8 security flaws including cross-site scripting (XSS) and denial of service exploits. In addition, 23 bugs in the 4.0 release have been fixed.

It is highly recommended that anyone running WordPress have their installations updated as soon as possible.

Further information can be found at:

https://core.trac.wordpress.org/query?milestone=4.0.1

BF-SIRT Newsletter 2014-46

Welcome to the newsletter! This week you can read about how Darkhotel espionage campaign targets corporate executives traveling abroad and thatHackers Stole 53M Email Addresses from Home Depot. You can also find a story on how China is building a quantum encryption network between Beijing and Shanghai and how Tor Project Mulls How Feds Took Down Hidden Websites

Top 5 Security links
Crooks are using proxy servers to build more convincing phishing sites – new claim
Tor Project Mulls How Feds Took Down Hidden Websites
Iranian contractor named as Stuxnet ‘patient zero’
China is building a quantum encryption network between Beijing and Shanghai
John Gordon Baden arrested in Tijuana

Top 5 Business Intelligence links
Darkhotel espionage campaign targets corporate executives traveling abroad
Home Depot: Hackers Stole 53M Email Addresses
Chertoff Reminds Enterprises There is Hope in Security
Study: Organizations assailed by cyber attacks, 15 percent are targeted
Cybersecurity ‘Inevitable’ Data Breaches Require Changes To Cybersecurity Measures, Survey Finds

Basefarm SIRT Posts
Patch Tuesday November 2014

Patch Tuesday November 2014

Another month, another patch Tuesday!

Microsoft issued sixteen security bulletins for various products that’s then translated into fourteen patches, including a fix to a critical Schannel vulnerability (MS14-066) which could allow remote execution if an attacker sends specially crafted packets to a Windows Server (there is however currently no public exploit for this).
Adobe has released multiple security hotfixes for Adobe Flash Player and Adobe Air.

More information:
https://technet.microsoft.com/library/security/ms14-nov
http://helpx.adobe.com/security/products/flash-player/apsb14-24.html

BF-SIRT Newsletter 2014-45

Welcome to the newsletter! This week you can read about how Feds Arrest Alleged ‘Silk Road 2′ Admin, Seize Servers or how Google open sources nogotofail, a network traffic security testing tool. You can also read This month’s “OUCH!”: Social Engineering as well as how you should be prepared as The Next Internet Bug Won’t Be The Last.

Top 5 Security links
Feds Arrest Alleged ‘Silk Road 2′ Admin, Seize Servers
Still Spamming After All These Years
FM Radio Hack Allows Data To Be Routed Out of Isolated Networks
Forging administrator cookies and crocking crypto
Google open sources nogotofail, a network traffic security testing tool

Top 5 Business Intelligence links
Be Ready: Next Internet Bug Won’t Be The Last
‘Widespread Harm’ Likely from Cyberattack in Next Decade
This month’s “OUCH!”: Social Engineering
BlackEnergy Malware Plug-Ins Leave Trail of Destruction
Rovnix Trojan infection outbreak infects 130,000 machines in Blighty