BF-SIRT Newsletter 2015-26

The newsletter takes a “summer holiday” from this week, and will return on week 34 (22nd of August).
The top stories from this week consist of stories such as how a Swedish man has been sentenced for the powerful Blackshades malware, and a story about finding Hacking Services and More in the Deep Web.

Amongst the top stories you can also find how hackers had access to US security clearance data for a year, as well as 10 Basic Cybersecurity Measures: Best Practices to Reduce Exploitable Weaknesses and Attacks.

Top 5 Security links
Swedish man sentenced for powerful Blackshades malware
Finding Hacking Services and More in the Deep Web
“Free” Proxies Aren’t Necessarily Free
Killer ChAraCter HOSES almost all versions of Reader, Windows
Over $18 million lost to Cryptowall just in the US

Top 5 Business Intelligence links
Hackers had access to US security clearance data for a year
10 Basic Cybersecurity Measures: Best Practices to Reduce Exploitable Weaknesses and Attacks
Targeted attacks rise, cyber attackers spreading through networks, report says
US is the world’s botnet mothership, says Level 3
The downfall of a major cybercrime ring exploiting banking Trojans

BF-SIRT Newsletter 2015-25

The top stories from this week consist of stories such as how LastPass got breached, as well as how a trojan uses steganography to hide itself in image files.

Amongst the top stories you can also find how a keyboard app bug puts millions of Samsung mobile users at risk, as well as some information on Spearphishing and how to stop it: Some lessons from AusCERT.

Top 5 Security links
LastPass breached, hashed master passwords compromised
Trojan uses steganography to hide itself in image files
49 Arrested in ‘Operation Triangle’ Phishing Campaign
Cryptowall 3.0 Infections Spike from Angler EK, Malicious Spam Campaigns
US Navy wants 0-day intelligence to develop weaponware

Top 5 Business Intelligence links
Keyboard app bug puts millions of Samsung mobile users at risk, researcher claims
Spearphishing and how to stop it: Some lessons from AusCERT
Instilling a culture of cyber security
FBI investigates St Louis Cardinals over Houston Astros hacking
Lessons Learned From The Ramnit Botnet Takedown

BF-SIRT Newsletter 2015-24

The top stories from this week consist of stories such as how the Stepson of Stuxnet stalked Kaspersky for months and how Russia’s to blame for pro-ISIS megahack on French TV network.

Amongst the top stories you can also find a study that shows how Cyber criminals’ ROI exceeds 1000 percent and that Private cloud is NOT dead – and for one good reason: Control of data.

Top 5 Security links
Stepson of Stuxnet stalked Kaspersky for months, tapped Iran nuke talks
Russia’s to blame for pro-ISIS megahack on French TV network
49 suspected members of cybercriminal group arrested in Europe
Banking Malware Vawtrak Spotted Using Tor2Web
Duqu spy group also targeted telecommunications companies

Top 5 Business Intelligence links
Study: Cyber criminals’ ROI exceeds 1000 percent
Private cloud is NOT dead – and for one good reason: Control of data
Most vulnerabilities on enterprise networks are two years old
Insider vs. Outsider Threats: Identify and Prevent
Stuxnet still a threat to critical infrastructure

Basefarm SIRT posts
Patch Tuesday June 2015

Patch Tuesday June 2015

Another month, another patch Tuesday!
Microsoft and Adobe has both released a large amount of updates. Adobe fixed 13 security issues in Flash Player that could lead to serious attacks, including remote code execution and information disclosure, while Microsoft pushed out fixes for at least three dozen flaws in Windows and associated software.

You can find links to the updates below:
Microsoft
Adobe

BF-SIRT Newsletter 2015-23

The top stories from this week consist of stories such as how We stand on the brink of global cyber war, according to Schneier, and how SourceForge hijacks popular accounts to distribute 3rd-party software.

Amongst the top stories you can also find why the Hola browser extension should be uninstalled, and how Patch-crazy Aust Govt fought off EVERY hacker since 2013.

Top 5 Security links
We stand on the brink of global cyber war, warns encryption guru
SourceForge hijacks popular accounts to distribute 3rd-party software
Hola browser extension should be uninstalled, researchers say
Ruskies behind German govt cyber attack — report
Study: New malware strains up in 2014, along with DDoS attacks

Top 5 Business Intelligence links
Patch-crazy Aust Govt fought off EVERY hacker since 2013
How your employees put your organization at risk
IT-savvy US congressmen to Feds: End your crypto-backdoor crusade
U.S. and Japan to Cooperate on Cybersecurity, Information Sharing
The NSA reportedly tried — but failed — to use a Stuxnet variant against North Korea