BF-SIRT Newsletter 2015-10

Welcome to another edition of the newsletter! This week we cover stories such as “Inside a Retail Hack: Lateral Movement & Credential-Harvesting” and how FBI put out a $3M Bounty for ZeuS Trojan Author. On the radar we also have the latest SSL vulnerability, FREAK, and how “Iran hacks America where it hurts: Las Vegas casinos”

Top 5 Security links
Anthem Breach Evidence Points to China, Security Researchers Say
Inside a Retail Hack: Lateral Movement & Credential-Harvesting
Exploit Kits and CryptoWall 3.0
FBI: $3M Bounty for ZeuS Trojan Author
Domain Shadowing Latest Angler Exploit Kit Evasion Technique

Top 5 Business Intelligence links
FREAK – another serious flaw in the web’s encryption
Iran hacks America where it hurts: Las Vegas casinos
Pharming Attack Targets Home Router DNS Settings
Global experiment exposes the dangers of using Wi-Fi hotspots
Hospital Sues Bank of America Over Million-Dollar Cyberheist

BF-SIRT Newsletter 2015-09

Welcome to another edition of the newsletter! This week we cover things such as the Gemalto compromise and the Superfish incident. We also cover stories about how Webnic is blamed for the hijack of Lenovo and Google Domains, as well as how nearly 70 percent of breached firms are alerted by outside sources.

Top 5 Security links
NSA, UK’s GCHQ reportedly hacked encryption of SIM card maker
After Superfish-Lenovo incident, Facebook probes larger issue of SSL-sniffing adware
3 million strong RAMNIT botnet taken down
Shodan boss finds 250,000 routers have common keys
Air gaps: Happy gas for infosec or a noble but inert idea?

Top 5 Business Intelligence links
Older vulnerabilities a top enabler of breaches, according to report
M-Trends report: Nearly 70 percent of breached firms alerted by outside source
Webnic Registrar Blamed for Hijack of Lenovo, Google Domains
Sony hack forced firms to consider cyber attack disruption plans
Anthem’s latest breach estimate says 78.8 million were affected

BF-SIRT Newsletter 2015-08

Welcome to another edition of the newsletter! This week we cover things such as how “omnipotent” hackers tied to NSA hid for 14 years—and were found at last, and “The Great Bank Heist” which has been reported in mainstream media during the week. We also cover things such as how there is more evidence tying North Korea to the Sony hack and that there are Microsoft phishing emails being sent out that target corporate users and deliver malware which evades sandboxes.

Top 5 Security links
How “omnipotent” hackers tied to NSA hid for 14 years—and were found at last
Indexing the Dark Web One Hacking Forum At A Time
First Arabic Cyberespionage Operation Uncovered
The Great Bank Heist, or Death by 1,000 Cuts?
Biter bitten as hacker leaks source code for popular exploit kit

Top 5 Business Intelligence links
What’s in a typo? More evidence tying North Korea to the Sony hack
VirusTotal sets up huge AV whitelist to minimize false positives
16 million mobile devices infected by malware
Microsoft phishing emails target corporate users, deliver malware that evades sandboxes
Dutch government websites KO’d by 10-hour DDoS

BF-SIRT Newsletter 2015-07

Welcome to another edition of the newsletter! This week we cover things such as how “Netflix airs its developers’ Dirty Laundry” and how “Tens of thousands MongoDB databases are easily accessible from the Internet”. We also cover some updates on how the “Anthem Breach May Have Started in April 2014” and how “Fraudsters make bank as exec wires $17 million to China”.

Top 5 Security links
Netflix airs its developers’ Dirty Laundry
Analyzing Angler: The World’s Most Sophisticated Exploit Kit
Today I Am Releasing Ten Million Passwords
Four technologies that betrayed Silk Road’s anonymity
Tens of thousands MongoDB databases are easily accessible from the Internet

Top 5 Business Intelligence links
Fraudsters make bank as exec wires $17 million to China
Defense Contract Management Agency Probes Hack
Anthem Breach May Have Started in April 2014
Phishers Pounce on Anthem Breach
US Government builds “Memex Deep Web Search Engine” to Track Criminals

Basefarm Posts
Patch Tuesday February 2015

Patch Tuesday February 2015

Another month, another patch Tuesday!

Microsoft has released eight updates to address vulnerabilities in Windows, Internet Explorer and the Office package.
Adobe has released security updates to address multiple vulnerabilities in Flash Player. Check the link below and make sure you are running the latest version available.

Some of these vulnerabilities could allow elevation of privilege, denial of service, remote code execution, or security feature bypass that allows an attacker to take control of the affected system. It is advised to upgrade as soon as possible.

More information:
Microsoft
Adobe

BF-SIRT Newsletter 2015-06

Welcome to another edition of the newsletter! This week we cover things such as how a “Female Skype Avatar Sinks Syria Opposition Fighters” and Flash Zero Days Dominate Exploit Landscape
“An In-depth analysis of the Fiesta Exploit Kit: An infection in 2015”. We have some stories about how a “Dangerous IE vulnerability opens door to powerful phishing attacks” and “The Internet of Dangerous Things”

Top 5 Security links
Army Research Lab Releases Dshell Forensics Framework
Silk Road operators developed a taste for murder
Female Skype Avatar Sinks Syria Opposition Fighters
Flash Zero Days Dominate Exploit Landscape
An In-depth analysis of the Fiesta Exploit Kit: An infection in 2015

Top 5 Business Intelligence links
Putting Information Sharing into Context
U.S. Officials Say Chinese Cyberespionage ‘Needs to Stop’
BMW issues security patch for bug allowing attackers physical access into vehicles
Dangerous IE vulnerability opens door to powerful phishing attacks
The Internet of Dangerous Things

BF-SIRT Newsletter 2015-05

Welcome to another edition of the newsletter! This week we cover things such as The GHOST Vulnerability and a story from Brian Krebs about “Spreading the Disease and Selling the Cure”. We also have some stories such as a report on how Insider threats change security spending and how China sets new regulations for foreign tech companies.

Top 5 Security links
The GHOST Vulnerability
Thousands of US Gas Stations Vulnerable to Remote Hacks
Spreading the Disease and Selling the Cure
Silk Road paid thousands in shake-downs from malicious hackers
The Internet of Dangerous Things

Top 5 Business Intelligence links
Insider threats changing security spending, report says
Dating site buys back 20 million hacked email addresses
China sets new regulations for foreign tech companies
FBI: Businesses Lost $215M to Email Scams
CTB-Locker ransomware variant being distributed in spam campaign

BF-SIRT Newsletter 2015-04

Welcome to another edition of the newsletter! This week we cover things such as Cisco’s annual report which goes through how
spammers sneak small botnets under the wire and that companies are not patching security vulnerabilities. We also cover how NSA hacked North Korea with custom malware long before Sony breach and that a story on what helped Sony’s hackers break in.

Oracle also released critical updates for their application suites, and Adobe updated their Flash player to fix a critical vulnerability.

Top 5 Security links
How Was Your Credit Card Stolen?
Root Password Found in Ceragon Microwave Bridges
2014 in infosec: Spammers sneak small botnets under the wire, Java is dull
NSA hacked North Korea with custom malware long before Sony breach
Details on Regin Malware Modules Disclosed

Top 5 Business Intelligence links
Here’s What Helped Sony’s Hackers Break In: Zero-Day Vulnerability
Report: Companies Still Not Patching Security Vulnerabilities
U.S. and U.K. to team up in cyber defense exercises
Holes in Progressive Dongle Could Lead to Car Hacks
SoShabby GoDaddy flings patch at domain hijack hole

BF-SIRT Newsletter 2015-03

Welcome to another edition of the newsletter! This week we cover things such as how “Another Lizard Arrested, Lizard Lair Hacked” and “How a $10 USB Charger Can Record Your Keystrokes Over the Air”. We also have some information about an “Open source tool that trawls Github repositories for sensitive data” as well as a white paper from Puppetlabs called “How Quickly Can You Respond to Software Vulnerability Announcements?”.

Top 5 Security links
Inside North Korea’s Naenara Browser
Another Lizard Arrested, Lizard Lair Hacked
Malware coders adopt DevOps to target smut sites
Hong Kong SWC attack
How a $10 USB Charger Can Record Your Keystrokes Over the Air

Top 5 Business Intelligence links
How Quickly Can You Respond to Software Vulnerability Announcements?
19,000 French websites hit by DDoS, defaced in wake of terror attack
Over 930M Android users in danger as Google stops delivering critical patches
Attackers planting banking Trojans in industrial systems
Open source tool trawls Github repositories for sensitive data

Basefarm Blog posts
Patch Tuesday January 2015

Patch Tuesday January 2015

Another month, another patch Tuesday!

Microsoft has released eight updates to address vulnerabilities in Microsoft Windows.

Adobe has released security updates to address multiple vulnerabilities in Flash Player.

Some of these vulnerabilities could allow elevation of privilege, denial of service, remote code execution, or security feature bypass that allows an attacker to take control of the affected system. It is advised to upgrade as soon as possible.

More information:
Microsoft
Adobe