BF-SIRT Newsletter 2015-51

The top stories from this week consist of a story on a Critical 0-day Remote Command Execution Vulnerability in Joomla, as well as how a Hit-and-Run Driver got Arrested Because Car Reported Accident.
You can also read how Facebook, Google and Twitter agree to German demand to delete hate speech within 24 hours, and a Top 10 list of 2016 New Year’s Resolutions for Cyber Security Professionals.

The newsletter will take a break during the Christmas holidays, and will return on the the 15th of January.

Top 5 Security links
Critical 0-day Remote Command Execution Vulnerability in Joomla
Hit-and-Run Driver Arrested Because Car Reported Accident
Hacker-Friendly Search Engine that Lists Every Internet-Connected Device
FireEye flamed: single email allows total network access
VTech: 21-year-old man arrested after toy maker hack‏

Top 5 Business Intelligence links
Facebook, Google and Twitter agree to German demand to delete hate speech within 24 hours
Top 10 — 2016 New Year’s Resolutions for Cyber Security Professionals
Big Brother is born. And we find out 15 years too late to stop him
Steam ramps up security: 77,000 accounts a month hijacked
13 Million MacKeeper Users Exposed

BF-SIRT Newsletter 2015-48

The top stories from this week consist of a story on a Security Bug in Dell PCs Shipped Since 8/15, as well as how an eBay scammer steals identity of agent investigating him.
You can also read how Hilton Acknowledges Credit Card Breach, and possible Policy Repercussions of the Paris Terrorist Attacks.

Top 5 Security links
Security Bug in Dell PCs Shipped Since 8/15
eBay scammer steals identity of agent investigating him
Backdoor In A Backdoor Identified in 600,000 Arris Modems
Who’s running dozens of top-secret unpatched databases? The Dept of Homeland Security
Ten great gifts for the hacker in your life

Top 5 Business Intelligence links
Hilton Acknowledges Credit Card Breach
Policy Repercussions of the Paris Terrorist Attacks
How good will your passwords be this Black Friday?
Hillary Clinton: Stop helping terrorists, Silicon Valley – weaken your encryption
Happy 30th Birthday, Windows!

BF-SIRT Newsletter 2015-47

The top stories from this week consist of a story on how VirusTotal now Scans Mac OS X Apps for Malware, as well as how How TV ads silently ping commands to phones: Sneaky SilverPush code reverse-engineered.
You can also read how A 23-year-old Windows 3.1 system failure crashed Paris airport, and how FBI denies paying $1 MILLION to Unmask Tor Users.

Top 5 Security links
VirusTotal now Scans Mac OS X Apps for Malware
How TV ads silently ping commands to phones: Sneaky SilverPush code reverse-engineered
Forget BadBIOS, here comes BadBarcode
Flaws found in LastPass password manager by security researchers
Actors using exploit kits – How they change tactics

Top 5 Business Intelligence links
A 23-year-old Windows 3.1 system failure crashed Paris airport
FBI denies paying $1 MILLION to Unmask Tor Users
Cyber Security Assessment Netherlands 2015: cross-border cyber security approach necessary
Americans seen spending $3B online in a single day
New Dyreza variant supports Windows 10 & Edge

BF-SIRT Newsletter 2015-46

The top stories from this week consist of a story on how Hackers have Hacked into US Arrest Records Database, as well as how Three people are indicted for massive hack and fraud scheme that targeted JPMorgan.
You can also read The Edward Snowden guide to practical privacy , and how FCC Fines Cox $595K Over Lizard Squad Hack.

Top 5 Security links
Hackers have Hacked into US Arrest Records Database
Three indicted for massive hack and fraud scheme that targeted JPMorgan
Tor: FBI Paid CMU $1 Million to De-Anonymize Users
Thanks for playing: New Linux ransomware decrypted, pwns itself
NSA whistleblower: No software is ‘safe from surveillance’

Top 5 Business Intelligence links
The Edward Snowden guide to practical privacy
With just a password needed to access police databases, the FBI got basic security wrong
FCC Fines Cox $595K Over Lizard Squad Hack
Microsoft to host data in Germany to evade US spying
The Lingering Mess from Default Insecurity

Basefarm SIRT News
Patch Tuesday November 2015

Patch Tuesday November 2015

Yet another patch Tuesday has come upon us.
Microsoft released 12 updates, some of which are critical, to address vulnerabilities in their product line. Adobe on the other hand has released updates for their Adobe Flash product.

Microsoft
Adobe

BF-SIRT Newsletter 2015-45

The top stories from this week consist of a story on TalkTalk, Script Kids & The Quest for ‘OG’, as well as how the FBI Deputy Director’s Email has been Hacked by Teenager Who Hacked CIA Chief.
You can also read about how ProtonMail Paid Hackers $6000 Ransom in Bitcoin to Stop DDoS Attacks, and how UK cyber-spy law takes Snowden’s revelations of mass surveillance – and sets them in stone.

Top 5 Security links
TalkTalk, Script Kids & The Quest for ‘OG’
FBI Deputy Director’s Email Hacked by Teenager Who Hacked CIA Chief
CryptoWall Ransomware raised $325 Million in Revenue for Its Developer
Tor Project releases anonymous Messenger app beta
How Carders Can Use eBay as a Virtual ATM

Top 5 Business Intelligence links
ProtonMail Paid Hackers $6000 Ransom in Bitcoin to Stop DDoS Attacks
UK cyber-spy law takes Snowden’s revelations of mass surveillance – and sets them in stone
MacBooks are so hot right now. And so is Mac OS X malware
Anonymous Group Leaks Identities of 1000 KKK Members
Kaspersky announces ‘death’ of Coinvault, Bitcryptor ransomware

BF-SIRT Newsletter 2015-44

The top stories from this week consist of how TalkTalk got compromised and hackers demanded £80K in Bitcoin, as well as how Free Web Hosting company 000Webhost has suffered a major data breach, exposing more than 13.5 Million of its customers’ personal records..
You can also read about how FBI Suggests Ransomware Victims ‘Just Pay the Ransom Money’, and how NSA-linked Spying Malware Infected Top German Official’s Computer.

Top 5 Security links
TalkTalk Hackers Demanded £80K in Bitcoin
Free Web Hosting company 000Webhost has suffered a major data breach, exposing more than 13.5 Million of its customers’ personal records.
What does your stolen credit card cost on the black market?
15-year-old Boy Arrested in connection with TalkTalk Cyber Attack
TalkTalk attack: ‘No legal obligation to encrypt customer bank details’, says chief

Top 5 Business Intelligence links
FBI Suggests Ransomware Victims — ‘Just Pay the Ransom Money’
NSA-linked Spying Malware Infected Top German Official’s Computer
Cybersecurity Information (Over)Sharing Act?
Curious people can’t resist plugging in random flash drives
So what’s the internet community doing about the NSA cracking VPN, HTTPS encryption?

BF-SIRT Newsletter 2015-43

The top stories from this week consist of how Joomla patch severe SQL Injection vulnerability, as well as how Let’s Encrypt Hits Another Free HTTPS Milestone.
You can also read about how you go about Building A Winning Security Team From The Top Down, and how Facebook has started Notifying Users of Targeted, Nation-State Attacks.

Top 5 Security links
Joomla patch severe SQL Injection vulnerability
Let’s Encrypt Hits Another Free HTTPS Milestone
Corrupt ex-DEA agent Carl Force gets 6 years for extorting Silk Road
Malvertising meets the Daily Mail
New Android Marshmallow devices must have default encryption, Google says

Top 5 Business Intelligence links
Building A Winning Security Team From The Top Down
Facebook Notifying Users of Targeted, Nation-State Attacks
US Navy renews training in celestial navigation over GPS hack fears
Apple tells judge it’s “impossible” to unlock a device running iOS 8 or higher
Hacker detained for giving US service members’ personal info to ISIS

BF-SIRT Newsletter 2015-42

The top stories from this week consist of information on Japan’s Cybercrime Underground being on the rise, as well as how the arrest of Chinese Hackers is not a first for U.S.. You can also read about how a quarter of firms can’t tell how hackers get into their networks, and how the average cost of cybercrime escalates to $15 million per organization.

Top 5 Security links
Japan’s Cybercrime Underground On The Rise
Arrest of Chinese Hackers Not a First for U.S.
Researchers say SHA-1 will soon be broken, urge migration to SHA-2
Prices of stolen data on the Dark Web
Pawn Storm attack: Flash zero-day exploit hits diplomatic inboxes

Top 5 Business Intelligence links
Quarter of firms can’t tell how hackers get in
The average cost of cybercrime escalates to $15 million per organization
US will not seek legislation against encryption
SANS: 20 critical security controls you need to add
Cyberattacks pose a serious risk for nuclear facilities

Basefarm SIRT posts
Patch Tuesday 2015

Patch Tuesday October 2015

Yet another patch Tuesday has come upon us.
Microsoft released 6 patches that address 33 issues, some of which are critical. Adobe on the other hand has released updates for Reader, Acrobat and Flash which address 69 Vulnerabilities.

Microsoft
Adobe