BF-SIRT Newsletter 2014-51

Welcome to the newsletter! This week you can read about how SpamHaus and CloudFlare Attacker Pleads Guilty and how 100k+ WordPress websites were compromised by SoakSoak malware. You can also read on how you should Learn from 2014’s security woes or face disaster in 2015 as well as how DNS Attacks Ravage Three-Quarters of US/UK Firms. The newsletter will take a short break and return on the 9th after the holidays.

Top 5 Security links
Hackable intercom lets you spy on fellow apartment-dwellers
SpamHaus, CloudFlare Attacker Pleads Guilty
Iranian CLEAVER hackers may DRAIN energy and defence firms, warn Feds
100k+ WP websites compromised by SoakSoak malware
Manufacturer’s Backdoor Found on Popular Chinese Android Smartphone

Top 5 Business Intelligence links
Learn from 2014’s security woes or face disaster in 2015
Attackers Turn Focus To PoS Vendors
1 in 5 employees going rogue with corporate data
DNS Attacks Ravage Three-Quarters of US/UK Firms
Top 5 malware attacks: 35 reused components

BF-SIRT Newsletter 2014-50

Welcome to the newsletter! This week you can read about how Hackers leak top Sony executives’ emails and how North Korea denies involvement in ‘righteous’ Sony hack. You can also read about how Cost of cybersecurity and risk management will double as well as how Cyber-espionage is expected to surge in 2015. Other big news this week is how POODLE returns, as well as the regular Patch Tuesday for the month.

Top 5 Security links
Analysis of wiper malware, implicated in Sony breach, exposes Shamoon-style attacks
North Korea denies involvement in ‘righteous’ Sony hack
Hackers leak top Sony executives’ emails
An epic ride: A look back at the ever-changing information security industry
Chinese responsible for 85 per cent of website scams

Top 5 Business Intelligence links
Ransomware is the Future of Consumer Cybercrime
13 free tools to monitor your Digital Security during Christmas
EC3 Head Paints Bleak Cybercrime Picture
Cost of cybersecurity and risk management to double
Cyber-espionage expected to surge in 2015: McAfee Labs

Basefarm SIRT Posts
POODLE returns
Patch Tuesday December 2014

Patch Tuesday December 2014

Another month, another patch Tuesday!

Microsoft has released updates to address vulnerabilities in Exchange, Windows, Internet Explorer, and the Office suite.
Adobe has released security updates to address multiple vulnerabilities in Flash, Reader, Acrobat, and ColdFusion.

It is advised to update as soon as possible as some of these vulnerabilities could allow elevation of privilege, remote code execution, or disclosure of information – basically taking over your system.

More information:
https://technet.microsoft.com/library/security/ms14-dec
http://helpx.adobe.com/security/products/flash-player/apsb14-27.html
http://helpx.adobe.com/security/products/reader/apsb14-28.html
http://helpx.adobe.com/security/products/coldfusion/apsb14-29.html

POODLE returns

The POODLE has returned, with a vengeance! This time it’s affecting vendors such as F5, even though SSLv3 is disabled. This means that TLSv1.0, TLSv1.1 and TLSv1.2 can be affected if the SSL termination is being done on a vulnerable server. Those with F5 are advised to update to the latest version as soon as possible, and you can check on SSLLabs if your site is affected by this (in which case it will automatically be graded F-).

More information:
https://support.f5.com/kb/en-us/solutions/public/15000/800/sol15882.html
http://blog.ivanristic.com/2014/12/poodle-bites-tls.html
https://www.imperialviolet.org/2014/12/08/poodleagain.html

BF-SIRT Newsletter 2014-49

Welcome to the newsletter! The biggest news last week was without a doubt the breach of Sony Pictures. You can read about how Sony Breach May Have Exposed Employee Healthcare, Salary Data and that North Korea is under the Spotlight for Sony Hack. The TV program 60 minutes have, in light of the many credit card breaches this year, created an interesting segment which you can find on their site, it’s called“What happens when you swipe your card?”

Top 5 Security links
What happens when you swipe your card?
Sony Breach May Have Exposed Employee Healthcare, Salary Data
North Korea Under the Spotlight for Sony Hack
FBI Warns US Businesses of Possible Wiper Malware Attacks
Syrian Electronic Army Hits Numerous Media Sites with DNS Redirection Attack

Top 5 Business Intelligence links
10 Deadliest Differences of State-Sponsored Attacks
Data loss and downtime costs enterprises $1.7 trillion
2015 predictions: Cyber attacks aimed at critical infrastructure, Attacks as a Service
Iranian hackers compromised airlines, airports, critical infrastructure companies
Increased nation-state threat included in predictions report