BF-SIRT Newsletter 2017-26

The top stories from this week is of course that the ransomware Petya adds worm capabilities and that Google researcher uncovers another RCE in Microsoft Malware Protection Engine.

You can also read about how British parliamentary email accounts were compromised this weekend, or that the Windows 10 source code has leaked online.

Top 5 Security links
Petya adds worm capabilities
Google researcher uncovers another RCE in Microsoft Malware Protection Engine
British parliamentary email accounts were compromised
Windows 10 Source Code Leaked Online
Microsoft’s Windows 10 S still vulnerable to macros

BF-SIRT Newsletter 2017-25

The top stories from this week is that TrickBot Goes Nordic, Once in a While and South Korean web hosting company ransomed for 550 BTC.

You can also read the Cisco 2017 Annual Cybersecurity Report and McAfee Labs Threat Report for June 2017.

Top 5 Security links
TrickBot Goes Nordic, Once in a While
South Korean web hosting company ransomed for 550 BTC
Cisco 2017 Annual Cybersecurity Report
McAfee Labs Threat Report
New Phishing Tactic Targeting Facebook Users Relies on Padding URLs with Hyphens

BF-SIRT Newsletter 2017-24

The top stories from this week is how you now can subscribe to SS7 interception and tracking of mobile phones for $500 and Al-Jazeera reportedly hit by systematic hacking attempts.

You can also read about ‘Crash Override’: The Malware That Took Down a Power Grid, or how Samsung left millions vulnerable to hackers because it forgot to renew a domain.

Top 5 Security links:
For $500, This Site Promises the Power to Track a Phone and Intercept Its Texts
Al-Jazeera Reportedly Hit by Systematic Hacking Attempts
‘Crash Override’: The Malware That Took Down a Power Grid
Samsung Left Millions Vulnerable to Hackers Because It Forgot to Renew a Domain
Click-farm that used 500k SIM cards raided in Thailand

BF-SIRT Newsletter 2017-23

The top stories from this week is how The Intercept outed the NSA contractor Reality Winner and a new PowerPoint Mouseover based downloader.

You can also read about the journey to hijacking a country’s TLD and about Dvmap, the first Android malware with code injection.

Top 5 Security links:
How The Intercept Outed Reality Winner
New PowerPoint Mouseover Based Downloader – Analysis Results
The Journey to Hijacking a Country’s TLD – The Hidden Risks of Domain Extensions
Dvmap: the first Android malware with code injection
Car Thieves Everywhere Rejoice as Unsecured Database Exposes 10 Million Car VINs

BF-SIRT Newsletter 2017-22

The top stories from this week is about the OneLogin breach which exposed the ability to decrypt data and a fileserver implant which replace documents on the fly with Trojanized versions without touching the files at rest.

You can also read about how backend servers for 1 000 apps expose terabytes of user data and also how badly configured Hadoop servers expose over 5 Petabytes of data.

Top 5 Security Links
OneLogin: Breach Exposed Ability to Decrypt Data
WikiLeaks Dumps CIA Patient Zero Windows Implant
Backend Servers for 1,000 Apps Expose Terabytes of User Data
Hadoop Servers Expose Over 5 Petabytes of Data
Chrome Bug Allows Sites to Record Audio and Video Without a Visual Indicator