BF-SIRT Newsletter 2015-44

The top stories from this week consist of how TalkTalk got compromised and hackers demanded £80K in Bitcoin, as well as how Free Web Hosting company 000Webhost has suffered a major data breach, exposing more than 13.5 Million of its customers’ personal records..
You can also read about how FBI Suggests Ransomware Victims ‘Just Pay the Ransom Money’, and how NSA-linked Spying Malware Infected Top German Official’s Computer.

Top 5 Security links
TalkTalk Hackers Demanded £80K in Bitcoin
Free Web Hosting company 000Webhost has suffered a major data breach, exposing more than 13.5 Million of its customers’ personal records.
What does your stolen credit card cost on the black market?
15-year-old Boy Arrested in connection with TalkTalk Cyber Attack
TalkTalk attack: ‘No legal obligation to encrypt customer bank details’, says chief

Top 5 Business Intelligence links
FBI Suggests Ransomware Victims — ‘Just Pay the Ransom Money’
NSA-linked Spying Malware Infected Top German Official’s Computer
Cybersecurity Information (Over)Sharing Act?
Curious people can’t resist plugging in random flash drives
So what’s the internet community doing about the NSA cracking VPN, HTTPS encryption?

BF-SIRT Newsletter 2015-43

The top stories from this week consist of how Joomla patch severe SQL Injection vulnerability, as well as how Let’s Encrypt Hits Another Free HTTPS Milestone.
You can also read about how you go about Building A Winning Security Team From The Top Down, and how Facebook has started Notifying Users of Targeted, Nation-State Attacks.

Top 5 Security links
Joomla patch severe SQL Injection vulnerability
Let’s Encrypt Hits Another Free HTTPS Milestone
Corrupt ex-DEA agent Carl Force gets 6 years for extorting Silk Road
Malvertising meets the Daily Mail
New Android Marshmallow devices must have default encryption, Google says

Top 5 Business Intelligence links
Building A Winning Security Team From The Top Down
Facebook Notifying Users of Targeted, Nation-State Attacks
US Navy renews training in celestial navigation over GPS hack fears
Apple tells judge it’s “impossible” to unlock a device running iOS 8 or higher
Hacker detained for giving US service members’ personal info to ISIS

BF-SIRT Newsletter 2015-42

The top stories from this week consist of information on Japan’s Cybercrime Underground being on the rise, as well as how the arrest of Chinese Hackers is not a first for U.S.. You can also read about how a quarter of firms can’t tell how hackers get into their networks, and how the average cost of cybercrime escalates to $15 million per organization.

Top 5 Security links
Japan’s Cybercrime Underground On The Rise
Arrest of Chinese Hackers Not a First for U.S.
Researchers say SHA-1 will soon be broken, urge migration to SHA-2
Prices of stolen data on the Dark Web
Pawn Storm attack: Flash zero-day exploit hits diplomatic inboxes

Top 5 Business Intelligence links
Quarter of firms can’t tell how hackers get in
The average cost of cybercrime escalates to $15 million per organization
US will not seek legislation against encryption
SANS: 20 critical security controls you need to add
Cyberattacks pose a serious risk for nuclear facilities

Basefarm SIRT posts
Patch Tuesday 2015

Patch Tuesday October 2015

Yet another patch Tuesday has come upon us.
Microsoft released 6 patches that address 33 issues, some of which are critical. Adobe on the other hand has released updates for Reader, Acrobat and Flash which address 69 Vulnerabilities.

Microsoft
Adobe

BF-SIRT Newsletter 2015-40

The top stories from this week consist of information on What you need to know about Stagefright 2.0, as well as how Yahoo open-sources Gryffin, a large scale web security scanning platform.
You can also read about how Companies leave vulnerabilities unpatched for up to 120 days, and how Scandinavian users hit with fake post office emails, ransomware.

Next week, the newsletter will take a break due to holidays.

Top 5 Security links
What you need to know about Stagefright 2.0
Yahoo open-sources Gryffin, a large scale web security scanning platform
ATM Skimmer Gang Firebombed Antivirus Firm
‘eBay’ of targeted attacks infiltrated by ex- Shin Bet intel men
JavaScript DDoS attack peaks at 275,000 Requests-Per-Second

Top 5 Business Intelligence links
Companies leave vulnerabilities unpatched for up to 120 days
Scandinavian users hit with fake post office emails, ransomware
The Karma Police
USA hits Russian with 4.5 year prison sentence in Citadel malware case
With Stolen Cards, Fraudsters Shop to Drop