BF-SIRT Newsletter 2016-13

The top stories from this week consist of a story on how one hacker exposed thousands of insecure desktops that anyone can remotely view, and information about the latest vulnerability with its own brand and logo, Badlock.
You can also read a story about how a hospital declares “Internal State of Emergency” after a ransomware infection, and that FBI has successfully unlocked terrorist’s iPhone without Apple’s help.

Top 5 Security links
How one hacker exposed thousands of insecure desktops that anyone can remotely view
Badlock — Unpatched Windows-Samba Vulnerability Affects All Versions of Windows
Carders Park Piles of Cash at Joker’s Stash
Six Charged for Hacking Lottery Terminals to Produce More Winning Tickets
FBI is fighting back against Judge’s Order to reveal TOR Exploit Code

Top 5 Business Intelligence links
Hospital Declares ‘Internal State of Emergency’ After Ransomware Infection
FBI Has Successfully Unlocked Terrorist’s iPhone Without Apple’s Help
Eight tips for preventing ransomware
What is SMTP STS? How It improves Email Security for StartTLS?
Cyber Criminal Ecosystems in the Deep Web

BF-SIRT Newsletter 2016-11

The top stories from this week consist of a story on how hackers stole $80 Million from a Bangladesh Bank, and how hackers demo a prototype security scanner that thinks like a human.
You can also read a story about how FBI threatens to force Apple to hand over iOS source code, and that thanks to a redaction blunder, it’s now clear Snowden was the Feds’ quarry in Lavabit case.

Top 5 Security links
Here’s How Hackers Stole $80 Million from Bangladesh Bank
Hackers demo prototype security scanner that thinks like a human
‘The Fappening’ Hacker Reveals How He Stole Nude Pics of Over 100 Celebrities
New Exploit to ‘Hack Android Phones Remotely’ threatens Millions of Devices
More than a Billion Snapdragon-based Android Phones Vulnerable to Hacking

Top 5 Business Intelligence links
FBI threatens to Force Apple to Hand Over iOS Source Code
Thanks to a redaction blunder, it’s now clear Snowden was the Feds’ quarry in Lavabit case
Google says hack Chromebook, get $100K richer
Attacker leaves “SECURITY TIPS” after invading anti-DDoS firm Staminus
Watch Video: How Hacker Installs a Credit Card Skimmer in 3 Seconds

BF-SIRT Newsletter 2016-10

The top stories from this week consist of a story on how one man could have broken into any Facebook account, and how Pirates hacked a shipping company to steal information for efficient hijackings.
You can also read a story about Ray Tomlinson, the creator of Email, who has passed away, and that Let’s Encrypt reaches one million certificate encryption milestone.

Top 5 Security links
How one man could have broken into any Facebook account
Pirates hacked shipping company to steal info for efficient hijackings
‘Guccifer,’ who Hacked former President, to be extradited to the US
Someone is Rickrolling people using fake parking tickets
When a WordPress Plugin Goes Bad

Top 5 Business Intelligence links
RIP Ray Tomlinson, The Creator of Email, Dies at 74
Let’s Encrypt reaches one million certificate encryption milestone
5 Innocent Mistakes That Cause an IT Security Breach
Seagate Phish Exposes All Employee W-2’s
Hacker arrested for ATM Skimming escaped from Prison

Basefarm SIRT Posts
Patch Tuesday March 2016

Patch Tuesday March 2016

Yet another patch Tuesday has come upon us.
Microsoft released 13 updates, 5 of which fix critical issues, to address vulnerabilities in their product line. Adobe on the other hand has released patches which address vulnerabilities in a large amount of their product portfolio.

UPDATE: Adobe released a critical patch for Adobe Flash, which fixes an issue that may cause remote control of a system.
Adobe Flash

Microsoft
Adobe

BF-SIRT Newsletter 2016-08

The top stories from this week consist of a story on the Linux Mint website being hacked, leaving replaced with Backdoored version of the Operating System, and a follow up story where the Hacker explains how he did it .
You can also read a story about the simple way to stop your business from being extorted by ransomware, and how opening an MS Word document can hijack every file on your system.

Top 5 Security links
Linux Mint Website Hacked and ISOs replaced with Backdoored Operating System
Hacker explains how he put “backdoor” in hundreds of Linux Mint downloads
NSA Data Center Experiencing 300 Million Hacking Attempts Per Day
How to Hack a Computer from 100 Meters by Hijacking its Wireless Mouse or Keyboard
Using EMET to disable EMET

Top 5 Business Intelligence links
The Simple Way to Stop your Business from Being Extorted by Ransomware
How Just Opening an MS Word Doc Can Hijack Every File On Your System
Did the Dark Web just get a whole lot bigger?
The Importance of Strong Encryption to Security
Nissan LEAF cloud security fail leaves drivers exposed

BF-SIRT Newsletter 2016-07

The top stories from this week consist of a story on patching your systems which are using glibc, and how Police arrest a 16-year-old boy who is suspected of breaking into accounts belonging to the CIA Director.
You can also read a story about how Hollywood Hospital Pays $17,000 Ransom to Hacker for Unlocking Medical Records, and that Apple says NO to iPhone backdoor in terror case.

Top 5 Security links
Patch glibc ASAP: Tons of Linux apps can be hijacked by evil DNS servers, man-in-the-middle miscreants
Police Arrest 16-year-old Boy Who Hacked CIA Director
How-to — Stealing Decryption Key from Air-Gapped Computer in Another Room
Warning — Setting This Date On iPhone Or iPad Will Kill Your Device Permanently
“Locky” ransomware: What you need to know

Top 5 Business Intelligence links
Hollywood Hospital Pays $17,000 Ransom to Hacker for Unlocking Medical Records
Apple says NO to iPhone backdoor in terror case
Obama says passwords aren’t strong enough, urges use of 2FA
British Intelligence is Legally Allowed to Hack Anyone, Court Says
This is Why People Fear the ‘Internet of Things’

BF-SIRT Newsletter 2016-06

The top stories from this week consist of a story on how someone hijacks a botnet network and replaces Malware with an Antivirus, and how hackers behind Dyre Malware were busted in a police raid.
You can also read a story about how hackers are offering Apple employees $23,000 for corporate login details, and that Google will ban Flash-based Advertising.

We’ve also covered this month’s Patch Tuesday.

Top 5 Security links
Someone Hijacks Botnet Network & Replaces Malware with an Antivirus
Hackers behind Dyre Malware Busted in Police Raid
Vigilante Hackers Aim to Hijack 200,000 Routers to Make Them More Secure
Maru OS — Android ROM that Turns into Debian Linux When Connected to a PC
Deep Web Search Engines to Explore the Hidden Internet

Top 5 Business Intelligence links
Hackers Are Offering Apple Employees $23,000 for Corporate Login Details
Bye bye, Flash! Google to Ban Flash-based Advertising
Windows 10 Sends Your Data 5500 Times Every Day Even After Tweaking Privacy Settings
France Orders Facebook To Stop Tracking Non-Users or Face Fines
Skimmers Hijack ATM Network Cables

Basefarm SIRT Posts
Patch Tuesday February 2016

Patch Tuesday February 2016

Yet another patch Tuesday has come upon us.
Microsoft released 13 updates, some of which fix critical issues, to address vulnerabilities in their product line. Adobe on the other hand has released patches which address 22 vulnerabilities for their Adobe Flash and Adobe Acrobat/Reader products.
Oracle also pushed out a new update – Java SE 8, Update 73.

Microsoft
Adobe

BF-SIRT Newsletter 2016-05

The top stories from this week consist of a story on How Spy Agencies Hacked into Israeli Military Drones to Collect Live Video Feeds, and how AnonSec almost crashed a $222 Million Drone into Pacific Ocean after compromising NASA.
You can also read a story about how PGP co-founder believes that Ad companies are the biggest privacy problem today, not governments, and amongst others you’ll also find an article describing the Tor Network.

Top 5 Security links
How Spy Agencies Hacked into Israeli Military Drones to Collect Live Video Feeds
NASA Compromised – AnonSec almost Crash $222 Million Drone into Pacific Ocean
No More Deceptive Download Buttons
Silk Road bitcoin-stealing Secret Service agent re-arrested
They Named it — Einstein, But $6 Billion Firewall Fails to Detect 94% of Latest Threats

Top 5 Business Intelligence links
PGP co-founder: Ad companies are the biggest privacy problem today, not governments
What is… Tor?
Here’s Why Microsoft Drops a Cloud Data Center Under the Ocean
Dutch police train birds of prey to take out drones
Sources: Security Firm Norse Corp. Imploding

BF-SIRT Newsletter 2016-04

The top stories from this week consist of a story on how Cops hate encryption but the NSA loves it when you use PGP, and how a Critical OpenSSL Flaw Allows Hackers to Decrypt HTTPS Traffic.
You can also read a story about how Oracle will kill its Java Browser Plugin, and you’ll also find a story on how a 500Gbps DDoS attack flattens world record.

You will also find three articles written by Basefarm SIRT, where the first one talks about Recent weeks spam\malware trends; refunds or delay complaints, the second one about the Data Protection/Privacy Day that occurred one the 28th, as well as story on Chinese salesmen in your inbox.

Top 5 Security links
Cops hate encryption but the NSA loves it when you use PGP
Critical OpenSSL Flaw Allows Hackers to Decrypt HTTPS Traffic
Police destroy evidence with 10 failed passcode attempts on iPhone
Israeli Power Grid Authority Suffers Massive Cyber Attack
Apple Can Still Read Your End-to-End Encrypted iMessages

Top 5 Business Intelligence links
Oracle to kill Java Browser Plugin
500Gbps DDoS attack flattens world record
Samsung Get Sued for Failing to Update its Smartphones
Has your sleeping baby been indexed by this search engine?
Do not share the link that crashes iPhones and Mac browsers

Basefarm SIRT Posts
Recent weeks spam\malware trends; refunds or delay complaints
Happy Data Protection/Privacy Day!
Chinese salesmen in your inbox