BF-SIRT Newsletter 2016-51

The top stories from this week consist of stories about hackers suspected of causing power outage in Ukraine and a summary of what you can learn from the security year 2016.

You can also read a story about how 44% of organizations fail to meet breach reporting deadlines and how to make a rootkit yourself.

Top 5 Security links

The Shadow Brokers are offering the NSA arsenal for direct sale
Remote Code Execution Bug Found in Ubuntu Quantal
Panasonic, IOActive Clash on Vulnerability Report
Leaked files reveal scope of Israeli firm’s phone cracking tech
Brute-Force Botnet Attacks Now Elude Volumetric Detection

BF-SIRT Newsletter 2016-50

The top stories from this week consist of stories such as how Yahoo! had one Billion more accounts hacked, and that FBI Most Wanted Fugitive JPMorgan Hacker Was Arrested in New York. You can also read a story about how 91% Of Cyberattacks Start With A Phishing Email, and that Evernote’s new not-so-privacy policy will let employees read your notes.

Top 5 Security links
Yahoo: One Billion More Accounts Hacked
FBI Most Wanted Fugitive JPMorgan Hacker Arrested in New York
Simple Bug allows Hackers to Read all your Private Facebook Messenger Chats
Security conferences – Survival guide 2017 Q1
How to Hack Apple Mac Encryption Password in Just 30 Seconds

Top 5 Business Intelligence links
91% Of Cyberattacks Start With A Phishing Email
Evernote’s new not-so-privacy policy will let employees read your notes
President Obama Orders ‘Full Review’ of Possible Russian hacking in US Election
5-year-old Skype Backdoor Discovered — Mac OS X Users Urged to Update
After Failed Auction, Shadow Brokers Opens NSA Hacking Tools for Direct Sales

BF-SIRT Newsletter 2016-49

The top stories from this week consist of stories such as The 7 Most Sensational Breaches Of 2016, and Announcing OSS-Fuzz: Continuous Fuzzing for Open Source Software. You can also read a story about The Orphaned Internet – Taking Over 120K Domains via a DNS Vulnerability in AWS, Google Cloud, Rackspace and Digital Ocean, and What’s Ahead for 2017: The RSAC Advisory Board Industry Predictions.

Top 5 Security links
Google Fixes 12 High-Severity Flaws In Chrome Browser
Google patches Dirty Cow vulnerability in latest Android security update
Here are some best practices for preventing DDoS attacks
Old Linux Kernel Code Execution Bug Patched

Four cyber security challenges for cloud deployment

Top 5 Business Intelligence links
43,203 Indian patient pathology reports were left publicly exposed by Health Solutions
EFF Blasts DEA in Ongoing Secret ‘Super Search Engine’ Lawsuit
Guessing Credit Card Security Details
Where Cybercriminals Go To Buy Your Stolen Data
Clients say they’ll take their money and run if service hacked – poll

BF-SIRT Newsletter 2016-48

The top stories from this week consist of stories such as Ransomware Crooks caught San Francisco Transport System and ImageGate: Check Point uncovers a new method for distributing malware through images. You can also read a story about Paypals OAuth hijacking and Tesla smartphone app was found to lack security.

Top 5 Security links:
Microsoft Silently Fixes Kernel Bug That Led to Chrome Sandbox Bypass
Firefox 0-day in the wild is being used to attack Tor users
Bypassing SAML 2.0 SSO with XML Signature Attacks
SHIFT + F10, Linux gets you Windows 10’s cleartext BitLocker key
Avalanche – Law Enforcement Take Down

BF-SIRT Newsletter 2016-47

The top stories from this week consist of stories such as Facebook ‘quietly developing censorship tool’ for China, and US Navy warns 134,000 sailors of data breach after HPE laptop is compromised. You can also read a story about Evolution of the SSL and TLS protocols, and It’s time: Patch Network Time Protocol before it loses track of time.

Top 5 Security links
The limitations of Android N Encryption
It’s the final countdown for SHA-1 SSL certificates
Great. Now Even Your Headphones Can Spy on You
Israeli Firm Can Steal Phone Data in Seconds
Evaluating Risks to Identity and Access When Moving to the Cloud

BF-SIRT Newsletter 2016-45

The top stories from this week consist of stories about things like Blacknurse and how a DDoS Attack Takes Down Central Heating System Amidst Winter In Finland. You can also read a story about how Bangladesh Bank Recovers $15 Million from a Philippines Casino, and that China Passes Cybersecurity Law to Tighten its Control over the Internet.

Top 5 Security links
Blacknurse
DDoS Attack Takes Down Central Heating System Amidst Winter In Finland
Over 300,000 Android Devices Hacked Using Chrome Browser Vulnerability
Wi-Fi can be turned into IMSI Catcher to Track Cell Phone Users Everywhere
Hundreds Of Operations Canceled After Malware Hacks Hospitals Systems

Top 5 Business Intelligence links
SWIFT Hack: Bangladesh Bank Recovers $15 Million from a Philippines Casino
Facebook Buys Leaked Passwords From Black Market, But Do You Know Why?
China Passes Cybersecurity Law to Tighten its Control over the Internet
Web Of Trust’ Browser Add-On Caught Selling Users’ Data — Uninstall It Now
Did the Mirai Botnet Really Take Liberia Offline?

BF-SIRT Newsletter 2016-44

The top stories from this week consist of stories such as Google warning about an actively exploited 0-day vulnerability in Windows. You can also read a story about
Critical Flaws in MySQL Give Hackers Root Access to Server, and Google joins Mozilla and Apple in banning WoSign and StartCom as CAs.

Top 5 Security links

Someone is using Miray botnet to shut down internet for Liberia
Hackers hustle to hassle un-patched Joomla! sites
Remotely Exploitable Bugs in Memcached Identified and Patched
Firefox kills the Battery Status ‘super cookie’
Tokens of terror spark ‘major security update’ at GitLab

Top 5 Business Intelligence links
Is password security at just $1/month too expensive for most?
Why trust is becoming increasingly difficult to achieve in today’s digital era
New DMCA Exemptions Give White Hats License To Hack Cars, Medical Devices
Teen UK hacker pleads guilty after earning $385k from DDoS tool
The 4 Biggest Mistakes Businesses Make Trying To Secure Endpoints

BF-SIRT Newsletter 2016-43

The top stories from this week consist of stories such as DDoS on Dyn Impacts Twitter, Spotify, Reddit, and Inside The Foggy, Shady Market For Zero-Day Bugs. You can also read a story about Horrible hacks, death robots, and kamikaze phones: Meet the scariest tech of the year, and Android phones rooted by “most serious” Linux escalation bug ever.

Top 5 Security links
Double-dip Internet-of-Things botnet attack felt across the Internet
How Google’s Project Zero made Apple refactor its kernel
Critical Vulnerabilities Patched in Joomla
Researchers tag new brace of bugs in NTP, but they’re fixable
Using Rowhammer bitflips to root Android phones is now a thing

Top Business Intelligence links
How Clinton, Trump Could Champion Cybersecurity
How To Build A Strong Security Awareness Program
Security Economics MOOC

BF-SIRT Newsletter 2016-42

The top stories from this week consist of stories such as Most serious” Linux privilege-escalation bug ever is under active exploit (updated), and More than half of Androids susceptible to ancient malware. You can also read a story about Spreading the DDoS Disease and Selling the Cure, and It’s finally happened: Hackers are coming for home routers en masse.

Top 5 Security links
Flaw in Intel chips could make malware attacks more potent
SHA-256 and SHA3-256 Are Safe For the Foreseeable Future
The QuarksLab audit of VeraCrypt has been completed, and this is the public release of the results.
Oracle puts out 253 fixes and a request to please apply patches NOW!
Russian Arrested by Czech Police Tied to 2012 LinkedIn Hack

Top 5 Business Intelligence links
Barack Obama on Artificial Intelligence, Autonomous Cars, and the Future of Humanity | WIRED
3.2 million debit cards compromised; SBI, HDFC Bank, ICICI, YES Bank and Axis worst hit
Gartner: Top 10 Strategic Technology Trends For 2017
Is it worth reporting ransomware?
Facial recognition technology is taking over US, says privacy group

 

 

BF-SIRT Newsletter 2016-40

The top stories from this week consist of stories such as how Yahoo! secretly scanned customer emails for U.S. intelligence, and that Verizon wants $1 Billion Discount on Yahoo Acquisition Deal after Recent Scandals. You can also read a story about how the Source Code for IoT botnet responsible for World’s largest DDoS Attack was released Online, and that 68 Million Hacked Dropbox Accounts are Just a Click Away.

Top 5 Security links
Source Code for IoT botnet responsible for World’s largest DDoS Attack released Online
68 Million Hacked Dropbox Accounts are Just a Click Away!
Hack crashes Linux Distros with 48 characters of code
You Could Get Hacked Just by Opening a ‘JPEG 2000’ Image
United States set to Hand Over Control of the Internet to ICANN Today

Top 5 Business Intelligence links
Yahoo secretly scanned customer emails for U.S. intelligence
Verizon wants $1 Billion Discount on Yahoo Acquisition Deal after Recent Scandals
French banks launch Credit Cards where CVV code changes every hour
Mastercard rolls out pay-by-selfie across Europe
Welcome to Cybersecurity Awareness Month 2016!