BF-SIRT Newsletter 2017-39

This weeks top stories is an update on how the CCleaner APT security incident targeted large technology companies, and a Deloitte breach affecting all company email.

A couple of new stories are currently evolving, including an easy-to-exploit flaw in Linux kernel rated ‘high risk’ (CVE-2017-1000253) and a (for now) more theoretical CLKSCREW Attack which can hack modern chipsets via their power management features.

ICANN delays KSK Rollover over fears 60 million people would be kicked offline.

If you are looking for longer reading to keep you company this weekend you are in luck, McAfee Labs Report sees cyberattacks target healthcare and social media users, Accenture reports global cost of cybercrime soars 23% in a year and Europol published it’s Internet Organised Crime Threat Assessment.

Notable CVEs this week
CVE-2017-14867 – git: cvsserver command injection – CVSS3 Base Score 7.8
CVE-2017-1000253 – kernel: load_elf_ binary() – CVSS3 Base Score 7.8
CVE-2017-7805 – nss: Potential use-after-free in TLS 1.2 server – CVSS3 Base Score 7.5

Top 5 Security Links
Avast, Cisco Confirm: CCleaner Malware Targeted Large Technology Companies
Source: Deloitte Breach Affected All Company Email, Admin Accounts
Patch alert! Easy-to-exploit flaw in Linux kernel rated ‘high risk’
CLKSCREW Attack Can Hack Modern Chipsets via Their Power Management Features
Internet-wide security update put on hold over fears 60 million people would be kicked offline

BF-SIRT Newsletter 2017-38

This weeks top stories is that popular software CCleaner made part of a supply chain attack targeting tech giants, and about a massive Viacom breach through Amazon Web Services.

There is an Apache bug that leaks contents of server memory, and a hacker made a great writeup of how he gained access to hundreds of companies through their helpdesk.

Top 5 Security links
CCleaner supply chain malware targeted tech giants
Massive Viacom Data Exposed Through Amazon Web Services
Apache bug leaks contents of server memory for all to see
This hacker gained access to hundreds of companies through their helpdesk
Undocumented Word feature could lead to system information theft

BF-SIRT Newsletter 2017-37

This weeks top stories is that Equifax traced the source of its massive hack to a preventable software flaw, and that billions of mobile, desktop and IoT devices are potentially exposed to a Bluetooth based attack.

Security researcher Troy Hunt has a great look into mobile security features in the wake of iPhone X announced locking feature. You can also read about how the US Department of Homeland security banned government agencies for using software products developed by Kaspersky Lab.

Top 5 Security links
Equifax traced the source of its massive hack to a preventable software flaw
Billions of mobile, desktop and IoT devices potentially exposed to BlueBorne Attack
Face ID, Touch ID, No ID, PINs and Pragmatic Security
Kaspersky Lab solutions banned from US government agencies
Iceland home delivery site spills customer details

Cloud strategy

The race is on. 72% will increase their public cloud usage. How are you going to get there?
In this webinar we will present the findings from our cloud survey and guide you through the different steps in our cloud maturity ladder. We will share real life examples from our customers and give advice what to do in order to move to the next step on your cloud journey.


Anna Jäger our VP Marketing will share the market insights from the survey.

Jan Aril Sigvartsen our Cloud Consultant manager will share real life examples and give advice on what to focus on to prepare for the shift to public cloud.

Insights from the cloud report and the cloud maturity ladder

– Deep dive to the different steps
– Customer example
– Guide to take the next step

Next step to cloud webinar – Video

BF-SIRT Newsletter 2017-36

This weeks top stories is how a breach at Equifax may impact 143 million Americans. BroadSoft, a huge communication software and service provider just leaked more than 600GB of sensitive files online, through a publicly accessible AWS S3 bucket.

Cybercriminals known as Dragonfly is behind a new wave of cyber attacks against the energy sector, writes Symantec, and a malware author uses same Skype ID to run IoT botnet and apply for jobs.

There are also some nice writeups this week, one article is about analyzing different strategies for subverting the CloudFlare security service and identifying the real IP addresses of cloud targets, another is about Mastercard Internet Gateway Service and how a hashing design flaw allows modification of the transaction amount (and MasterCard not responding to the vulnerability). The final one is about how AT&T modems use hard-coded credentials, and turned on public SSH by default.

Finally, for those who are following the case of Marcus Hutchins, a British security researched arrested after attending security conferences in Los Angeles this August, Krebs has a nice writeup that might shed a bit more light on the case while we wait for the trial.

Top 5 Security links
Breach at Equifax May Impact 143M Americans
Global Communication Software and Service Provider Left Massive Amount of Data Online
Introducing CFire: Evading CloudFlare Security Protections
Dragonfly: Western energy sector targeted by sophisticated attack group
Mastercard Internet Gateway Service: Hashing Design Flaw

BF-SIRT Newsletter 2017-35

This weeks top stories is 465,000 patients need software updates for their hackable pacemakers. Researchers from Akamai, Cloudflare, Flashpoint, Google, Oracle Dyn, RiskIQ, Team Cymru, and other organizations cooperated to combat a botnet comprised primarily of Android devices and designed to create DDoS traffic.

Researchers find a way to disable the much-hated Intel ME component courtesy of the NSA and Krebs is asking you to consider if your mobile carrier is your weakest link.

You can also read about how cops trick dark-web criminals into unmasking themselves and a nice article from Wired about how vulnerable hotel keycard locks was exploited by a burglar.

Top 5 Security Links
465,000 Patients Need Software Updates for Their Hackable Pacemakers, FDA Says
The WireX Botnet: An example of cross-organizational cooperation
Researchers Find a Way to Disable Much-Hated Intel ME Component Courtesy of the NSA
Is Your Mobile Carrier Your Weakest Link?
This Is How Cops Trick Dark-Web Criminals Into Unmasking Themselves