BF-SIRT Newsletter 2017-21

The top stories from this week is about a Samba Remote Code Execution Vulnerability and how Multiple Video Players are Vulnerable to Code Execution via Subtitle Files.

You can also read about a NTFS bug that lets anyone hang or crash Windows 7 and 8.1, or how Keybase Extension Brings End-to-End Encrypted Chat To Twitter, Reddit, GitHub.

Top 5 Security Links
Samba Remote Code Execution Vulnerability
Multiple Video Players are Vulnerable to Code Execution via Subtitle Files
NTFS bug lets anyone hang or crash Windows 7, 8.1
Keybase Extension Brings End-to-End Encrypted Chat To Twitter, Reddit, GitHub
OpenVPN Access Server Vulnerability

BF-SIRT Newsletter 2017-20

The top stories from this week is of course about WannaCry and WannaCry 2.0.

You can also read about how a Google researcher finds link between WannaCry attacks and North Korea, and that WikiLeaks reveals “AfterMidnight” & “Assassin” CIA Windows Malware Frameworks

Top 5 security links
WannaCry
WannaCry 2.0
Google Researcher Finds Link Between WannaCry Attacks and North Korea
WikiLeaks Reveals ‘AfterMidnight’ & ‘Assassin’ CIA Windows Malware Frameworks
Using Chrome, SCF ands SMB to steal Windows Credentials

WannaCry

WannaCry is the name of a new ransomware that is utilizing a Windows vulnerability to spread. It encrypt files, and promises to decrypt the files for a fee (which should not be paid).

Microsoft released a patch for the vulnerability in March.
Basefarm has always had the mentality that the best way to advance is through systematic, tedious and hard work, and this is one of the reasons we have implemented automatic patching, denying network traffic as a default, isolating networks from each other to have working restores of files for those who purchase that service.

Basefarm is currently tracking the situation and are staying alert for any changes to the information security arena.

BF-SIRT Newsletter 2017-19

The top stories from this week is how a bad bug in Microsoft’s Windows malware scanner can be used to install malware and how HP laptops include keyloggers in the Audio driver.

You can also read about three 0-days affecting Microsoft Office is actively exploited, and a new vulnerability exploiting the Linux kernel via packet sockets.

Top 5 security links
MsMpEng: Remotely Exploitable Type Confusion in Windows
Keylogger Found in Audio Driver of HP Laptops
EPS Processing Zero-Days Exploited by Multiple Threat Actors
Linux Kernel Packet Socket Vulnerability Exploit
Upcoming NIST Guideline Advocates Simpler Rules for Online Passwords

Star Wars – Good versus Evil

In fairy tales good always triumphs over evil. In real life that is not always the case. To remedy this, we have seen a change in how businesses work on security

In stories like The Lord of the Rings, Cinderella, and Star Wars, good always triumphs over evil. In real life, however, that is not always the case. To remedy this, we have seen a change in how businesses work on security. More and more companies receive aid from the good White Hat Hackers to fight the evil Black Hat Hackers. By utilizing Bug Bounty programs, companies can receive assistance from ethical hackers. Instead of receiving the princess and half the kingdom, hackers who manage to identify vulnerabilities, receive a great reward through the Bug Bounty program.

A Frightening Menace from the Dark Side

Hacker attacks have become more frequent, and more creative. Every day, you hear about it in the media. The demand for security expertise is steadily increasing, and the number of suppliers can’t keep up, both in Sweden and internationally. This has made it ever more important for businesses to use alternative ways of finding the expertise that they need from skilled security experts.

Basefarm’s partner Detectify knows this, and has launched a new platform, Detectify Crowdsource. On this platform, they can invite independent White Hat Hackers (people who hack with good intentions) from all over the world. The initiative was inspired by the Bug Bounty programs, where companies give ethical hackers an opportunity to help them to identify holes in their website’s security. This is a way of enhancing their own security team by using freelancing security experts and rewarding them for their discoveries. The hacker world is global, and everyone has their own specialty, for example web applications, mobile applications, IOT & firmware, API, network application, and network infrastructure.

The Light Side of the Force Musters for Battle and Strikes Back

”Detectify Crowdsource helps us in accessing the best security expertise and thus enhances our tools”, says Carl Svantesson, CMO at Detectify. ”In practice, it means that our register of identified ”vulnerabilities” in various programs and technologies becomes wider and can cover niche areas.”

Through their platform, Detectify receives ongoing reports about the latest vulnerabilities that are discovered by the invited hackers. The vulnerabilities are then built into the tool by the Detectify security team, after a thorough review. For the clients of Basefarm, it means an even more reliable security scan – Vulnerability Assessment, a solution from Detectify, and offered by Basefarm.

May the Force Be With You – Test Your Applications!

Today, it’s not just the tech companies that utilize Bug Bounty programs. The programs are also used by companies in retail, the motor industry, and in banking and finance. It is primarily companies that are especially exposed that choose to start their own Bug Bounty programs, for example through the use of platforms like Bugcrowd. They do this to test their applications and to gain access to expertise and creativity from thousands of ethical hackers.

Five steps towards an increased application security:

  1. Determine the applications that need to be tested for vulnerabilities.
  2. Start work by using an automated vulnerability tool. This is good enough for most companies. If you are a Basefarm or Detectify.com client, you can use Basefarm’s Vulnerability Assessment tool.
  3. Add a manual layer by engaging the hacker world in a Bug Bounty program. This is especially important if your company is exposed to hacker attacks.
  4. Always act quickly when you have identified bugs or vulnerabilities. You can do this by using an automated tool and with a Bug Bounty program. This will enable your team to have the information as soon as a bug is discovered.
  5. Work continuously on security.

About Detectify

Aiming to offer a simple and automated security solution, Detectify was founded by the world’s best White Hat Hackers in 2013. Their solution has already been named Symantec’s Security Expert of the Future and they were also included in Europe’s hottest startups 2016 by Wired. One of the founders, Frans Rosén, came in second place in “HackRead’s 10 Famous Bug Bounty Hunters of All Time”.

BF-SIRT Newsletter 2017-18

The top stories from this week is an explanation on the Intel AMT vulnerability and a warning about a phishing mail related to Google Docs.

You can also read about how, after years of warnings, mobile network hackers exploit SS7 flaws to drain bank accounts or about Malware Hunter — Shodan’s new tool to find Malware C&C Servers.

Top 5 security links
Explained — How Intel AMT Vulnerability Allows to Hack Computers Remotely
Warning! Don’t Click that Google Docs Link You Just Received in Your Email
After years of warnings, mobile network hackers exploit SS7 flaws to drain bank accounts
Malware Hunter — Shodan’s new tool to find Malware C&C Servers
Leaked: The UK’s secret blueprint with telcos for mass spying on internet, phones – and backdoors