BF-SIRT Newsletter 2014-39

Welcome to the newsletter! The biggest news this week is obviously how the “Shellshock” Bug Spells Trouble for Web Security. McAfee have also released a Phishing Quiz a few weeks ago, which is still worth taking if you mised it the first time around. You can also find information as how a European cyber crime ring has been exposed after 12 years.

Top 5 Security links
“Shellshock” Bug Spells Trouble for Web Security
Quick notes about the bash bug, its impact, and the fixes so far
Google to turn on encryption by default in next Android version
V3 Security Summit: European cyber crime ring exposed after 12 years
Game pirates ‘donate’ compute power to Bitcoin miners

Top 5 Business Intelligence links
McAfee Phishing Quiz
Thwarting Ransomware Attacks
High-volume DDoS attacks on the rise
Report: Intrustion prevention systems made a comeback in 2013
Home Depot completes malware elimination in all U.S. stores

BF-SIRT Newsletter 2014-38

Welcome to the newsletter! This week we have stories such as how Breach at Goodwill Vendor Lasted 18 Months and that Citadel Trojan phishes its way into petrochem firm’s webmail. We also have information as to how SNMP DDoS Scans Spoof Google Public DNS Server and that a Study concludes ‘Heartbleed’ flaw was unknown before disclosure. From our own posts we have mentioned the latest iOS 8 update.

Top 5 Security links
Information Sharing on Threats Seen as a Key for Auto Makers
Securing virtual machines: Considerations for the hybrid cloud
Everything you need to know about POS malware
Breach at Goodwill Vendor Lasted 18 Months
Citadel Trojan phishes its way into petrochem firm’s webmail

Top 5 Business Intelligence links
Study concludes ‘Heartbleed’ flaw was unknown before disclosure
Researchers unlock TorrentLocker encryption
Hacked Brazilian Newspaper Site Targets Router DNS Settings
SNMP DDoS Scans Spoof Google Public DNS Server
Hackers penetrated systems of key defense contractors

Basefarm Posts
iOS 8

iOS 8

Apple has released the latest version of its mobile OS on Wednesday, and in it has fixed over 50 vulnerabilities, many of which are very serious:
Two vulnerabilities allowed a local attacker to escalate privileges and install unverified (likely malicious) applications
A validation issue in the handling of update check responses allowed an attacker with a privileged network position to cause an iOS device to think that it is up to date even when it is not
Two vulnerabilities in CoreGraphics made it possible for a maliciously crafted PDF file to terminate apps or execute arbitrary code
Several vulnerabilities in the IOHIDFamily kernel extension made it posible for a malicious app to read kernel pointers, which can be used to bypass kernel address space layout randomization, or to execute arbitrary code with system privileges (the latter was also made possible by the existence of several IOKit bugs)
A Libnotify bug allowed a malicious application may be able to execute arbitrary code with root privileges
Two Safari vulnerabilities made it possible for attackers and websites to intercept or harvest user credentials
12 WebKit bugs could have been misused by attackers to execute arbitrary code on the device by simply creating a malicious website and tricking users into visiting it.
With iOS 8, Apple has also updated its certificate trust policy and has randomised the MAC address to prevent potential device tracking attacks via passive WiFi scans.

If you can, it’s a good idea to update to iOS 8, because all these bugs remain unpatched in all earlier version of the OS.

More information:
http://www.net-security.org/secworld.php?id=17378
http://support.apple.com/kb/HT6441

BF-SIRT Newsletter 2014-37

Welcome to the newsletter! This week it’s being available two days in advance, but that doesn’t meant it’s got less interesting news in it! Among the highlights for this week are how an OS X version of Windows backdoor has been spotted, and Why Google is Hurrying the Web to Kill SHA-1 as well as a forum post with 5 million “compromised” Google accounts. Other included news are how Malicious advertising have hit Amazon, YouTube and Yahoo according to Cisco, and of course it’s also time for Patch Tuesday September 2014.

Top 5 Security links
China is now 99.8% sure you’re you, thanks to world’s-best facial recognition wares
Report: China’s underground activity doubled last year
OS X version of Windows backdoor spotted
5 million “compromised” Google accounts leaked
Robin Hood virus: Chinese hackers target nation’s wealthy

Top 5 Business Intelligence links
Malicious advertising hits Amazon, YouTube and Yahoo, Cisco says
Apple CEO says iCloud security will be strengthened
One in five Massachusetts residents breached in 2013
Goodwill announces breach, more than 800K payment cards compromised
Why Google is Hurrying the Web to Kill SHA-1

Basefarm Posts
Patch Tuesday September 2014

Patch Tuesday September 2014

Another month, another patch tuesday!

For this month’s Patch Tuesday, Microsoft have, amongst other things, released updates for Internet Explorer, which addresses 37 CVEs. The other updates include an update to Improve Credentials Protection and Management(adds additional users’ credentials when logging into a Windows 7 or Windows Sever 2008 R2 system, as well as Security Advisory 2905247 – Insecure ASP.Net Site Configuration Could Allow Remote Code Execution and Security Advisory 2755801: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer.

Adobe on the other hand have opted to just supply updates to Adobe Flash for today, and will have updates available for Adobe Reader and Acrobat on the 15th of September.

More information:
https://technet.microsoft.com/library/security/ms14-sep
http://helpx.adobe.com/security/products/flash-player/apsb14-21.html

BF-SIRT Newsletter 2014-36

Welcome to the newsletter! This week’s top stories include follow-up information regarding the story we posted last week regarding Norwegian companies being under attack, as well as information regarding the Russian-made tool that grabs nude selfies from iCloud accounts.

Top 5 Security links
Dance like a Dragonfly, sting like a Bear.
Data on 97K Bugzilla users posted online for about three months
CryptoWall surpasses CryptoLocker in infection rates
Linux systems infiltrated and controlled in a DDoS botnet
Android IMSI-Catcher Detector (AIMSICD)

Top 5 Business Intelligence links
160,000 new malware samples appear each day
The Russian-made tool that grabs nude selfies from iCloud accounts
Semalt botnet hijacked nearly 300k computers
80% of business users are unable to detect phishing scams
Game theory: Cyber preparedness

BF-SIRT Newsletter 2014-35

Welcome to the newsletter! This week’s top stories include how 220 million records were stolen in a South Korean data breach and about a Massive cyber attack on oil and energy industry in Norway.

Top 5 Security links
220 million records stolen, 16 arrested in massive South Korean data breach
Massive cyber attack on oil and energy industry in Norway
Duping the machine – the cunning malware that throws off researchers
Netflix open sources internal threat monitoring tools
Russia-based hackers prime suspects in JPMorgan mega-breach

Top 5 Business Intelligence links
Security spending gets boost from mobile, social and cloud, says Gartner
Attack targets firms from the automobile industry in Europe
Akamai warns: SMB security remains major risk
Why every security-conscious organization needs a honeypot
Nearly 70 percent of IT pros target of weekly phishing attacks, HP finds

BF-SIRT Newsletter 2014-34

Welcome to the newsletter! This week we have stories about how Heartbleed implicated in US hospital megahack and a two part story about NSA BIOS Backdoor a.k.a. God Mode Malware Part 1: DEITYBOUNCE. On our own posts we also cover how Databases in Sweden were stolen with SQL Injection attacks and how to avoid them.

Top 5 Security links
NSA BIOS Backdoor a.k.a. God Mode Malware Part 1: DEITYBOUNCE
NSA Backdoor Part 2, BULLDOZER: And, Learn How to DIY a NSA Hardware Implant
Lorem Ipsum: Of Good & Evil, Google & China
Disguising Exfiltrated Data
Hacking Traffic Lights is Amazingly Really Easy

Top 5 Business Intelligence links
Infographic: Major security skills shortages
Hillary Clinton’s Phone Intercepted by German intelligence Agency
QUANTUM Technology Sold by Cyberweapons Arms Manufacturers
Heartbleed implicated in US hospital megahack
Cridex Malware Takes Lesson From GameOver Zeus

BF-SIRT Posts
Databases stolen with SQL Injection attacks and how to avoid them

Databases stolen with SQL Injection attacks and how to avoid them

Multiple Swedish websites have had the misfortune of being the target of SQL Injection attacks. For example, techworld.se wrote this monday an article about Allabolag who, unfortunately, got to experience SQL Injection attacks.

SQL Injections are possible due to mistakes done when coding an application,
and means that and as a result sensitive information from databases could be stolen.

How do you avoid attacks?

You should make sure your website cannot be the target of a SQL injection, as that can, amongst other things, read sensitive data from the database and in some cases issue commands to the operating system. Because of this, it’s highly recommended to review and test your code before publishing it online. While this may seem daunting at first, you’ll see that it does not take that much effort once you’ve read up on it and know what to look for. The two easiest ways to mitigate SQL injection attacks are Parameterized queries using bound, typed parameters and Careful use of parameterized stored procedures.

It is also advised to place a WAF, Web Application Firewall, in front as this will assist in blocking harmful attack attempts towards your website. A WAF will assist in protecting your website against SQL Injections, but it can also give you multiple other features such as being able to block known exploits, as previously mentioned in our Christmas Calendar for 2014.

BF-SIRT Newsletter 2014-33

Welcome to the newsletter! During this week we’ve been able to read about how NSA Accidentally Took Down Syria’s Internet While Infiltrating Central Router System, how Xiaomi Phones Secretly Sending Users’ Sensitive Data to Chinese Servers and the fact that most people think public Wi-Fi is safe. It’s also been time for this month’s Patch Tuesday, so make sure you update your Adobe and Microsoft products!

Top 5 Security links
NSA Accidentally Took Down Syria’s Internet While Infiltrating Central Router System
Android “Heart App” virus spreads quickly, author arrested within 17 hours
Xiaomi Phones Secretly Sending Users’ Sensitive Data to Chinese Servers
DefCon: Stolen data markets are as organized as legitimate online businesses
Millions of PCs affected by mysterious computrace backdoor

Top 5 Business Intelligence links
Most people think public Wi-Fi is safe. Seriously?
Fifteen countries KO’d in malware one-two punch
86% of hackers don’t worry about repercussions
Gmail introduces filters for non-Latin characters, weeding out more phishing emails
What caused today’s Internet hiccup

Basefarm Posts
Patch Tuesday August 2014