BF-SIRT Newsletter 2017-37

This weeks top stories is that Equifax traced the source of its massive hack to a preventable software flaw, and that billions of mobile, desktop and IoT devices are potentially exposed to a Bluetooth based attack.

Security researcher Troy Hunt has a great look into mobile security features in the wake of iPhone X announced locking feature. You can also read about how the US Department of Homeland security banned government agencies for using software products developed by Kaspersky Lab.

Top 5 Security links
Equifax traced the source of its massive hack to a preventable software flaw
Billions of mobile, desktop and IoT devices potentially exposed to BlueBorne Attack
Face ID, Touch ID, No ID, PINs and Pragmatic Security
Kaspersky Lab solutions banned from US government agencies
Iceland home delivery site spills customer details

Cloud strategy

The race is on. 72% will increase their public cloud usage. How are you going to get there?
In this webinar we will present the findings from our cloud survey and guide you through the different steps in our cloud maturity ladder. We will share real life examples from our customers and give advice what to do in order to move to the next step on your cloud journey.


Anna Jäger our VP Marketing will share the market insights from the survey.

Jan Aril Sigvartsen our Cloud Consultant manager will share real life examples and give advice on what to focus on to prepare for the shift to public cloud.

Insights from the cloud report and the cloud maturity ladder

– Deep dive to the different steps
– Customer example
– Guide to take the next step

Next step to cloud webinar – Video

BF-SIRT Newsletter 2017-36

This weeks top stories is how a breach at Equifax may impact 143 million Americans. BroadSoft, a huge communication software and service provider just leaked more than 600GB of sensitive files online, through a publicly accessible AWS S3 bucket.

Cybercriminals known as Dragonfly is behind a new wave of cyber attacks against the energy sector, writes Symantec, and a malware author uses same Skype ID to run IoT botnet and apply for jobs.

There are also some nice writeups this week, one article is about analyzing different strategies for subverting the CloudFlare security service and identifying the real IP addresses of cloud targets, another is about Mastercard Internet Gateway Service and how a hashing design flaw allows modification of the transaction amount (and MasterCard not responding to the vulnerability). The final one is about how AT&T modems use hard-coded credentials, and turned on public SSH by default.

Finally, for those who are following the case of Marcus Hutchins, a British security researched arrested after attending security conferences in Los Angeles this August, Krebs has a nice writeup that might shed a bit more light on the case while we wait for the trial.

Top 5 Security links
Breach at Equifax May Impact 143M Americans
Global Communication Software and Service Provider Left Massive Amount of Data Online
Introducing CFire: Evading CloudFlare Security Protections
Dragonfly: Western energy sector targeted by sophisticated attack group
Mastercard Internet Gateway Service: Hashing Design Flaw

BF-SIRT Newsletter 2017-35

This weeks top stories is 465,000 patients need software updates for their hackable pacemakers. Researchers from Akamai, Cloudflare, Flashpoint, Google, Oracle Dyn, RiskIQ, Team Cymru, and other organizations cooperated to combat a botnet comprised primarily of Android devices and designed to create DDoS traffic.

Researchers find a way to disable the much-hated Intel ME component courtesy of the NSA and Krebs is asking you to consider if your mobile carrier is your weakest link.

You can also read about how cops trick dark-web criminals into unmasking themselves and a nice article from Wired about how vulnerable hotel keycard locks was exploited by a burglar.

Top 5 Security Links
465,000 Patients Need Software Updates for Their Hackable Pacemakers, FDA Says
The WireX Botnet: An example of cross-organizational cooperation
Researchers Find a Way to Disable Much-Hated Intel ME Component Courtesy of the NSA
Is Your Mobile Carrier Your Weakest Link?
This Is How Cops Trick Dark-Web Criminals Into Unmasking Themselves

BF-SIRT Newsletter 2017-34

This weeks top stories is how a hacker Thursday afternoon published what he says is the decryption key for Apple iOS’ Secure Enclave Processor (SEP) firmware, but that doesn’t necessarily mean it’s open season on iPhones and iPads worldwide.

Researchers from Ben-Gurion University of the Negev has demonstrated that hardware replacements can be equipped with a chip that is capable of manipulating the device’s communication. While in other situations identity thieves are porting users’ mobile phone numbers to devices under their control in order to hijack their web accounts.

Mail continues to be main vector of attack. A new email exploit, dubbed ROPEMAKER by Mimecast’s research team, challenges the assumption that email is immutable once delivered. And Flashpoint has a nice write up of when they identified a recent credential phishing campaign that had a low detection rate due to its simplicity. And SANS ISC-handler Xavier does a new walkthrough of a malicious AutoIT script delivered in a self-extracting RAR file.

HPE Integrated Lights-out 4 (iLO 4) has multiple serious remote vulnerabilites, but you have that on a separate management VLAN anyway, right?

A spate of incidents involving US warships in Asia, has forced the navy to consider whether cyberattackers might be to blame.

And if you need some light reading this weekend I can recommend Microsoft Security Intelligence Report Volume 22 – Focuses on Cloud and Endpoints, it is about the current state of threats, recommended best practices, and solutions.

Top 5 Security links
Hacker Publishes iOS Secure Enclave Firmware Decryption Key
Hacking smartphones with malicious replacement parts
U.S. Warship Collisions Raise Cyberattack Fears
HPE Integrated Lights-out 4 (iLO 4) Multiple Remote Vulnerabilities
Microsoft Security Intelligence Report Volume 22

BF-SIRT Newsletter 2017-33

This weeks top stories is that Maersk Shipping reports $300m loss stemming from NotPetya attack, which hopefully will help decision makers understand that infosec is not pure cost. To follow up that some attackers seem to be searching for softer targets, Checkpoint has a nice case study on the real identity behind a wave of cyber attacks on energy, mining and infrastructure companies worldwide. AP is also running a story on how attackers are looking to shut down factories for pay, but it could also be a general ransomware-story, either way it shows how infosec can be an investment.

There are a couple of stories related to DDoS this week, Imperva Incapsula reports to have witnessed the emergence of a new assault pattern, which they have come to call a “pulse wave” DDoS attack(“audio autoplay”-link) where the attacker split resources to hit more targets utilizing same amount of bandwith, and Talos has a nice writeup about the rise of chinese online DDoS platforms.

Also Paloalto Networks threat research unit Unit42 has been looking into attacker infrastructure, and was lead down a rabbit hole while investigating malware utilizing PowerShell, uncovering malicious infrastructure supporting Chthonic, Nymaim, and other malware and malicious websites.

There has been several examples of supply chain attacks in the last few weeks, Proofpoint analyzes one specific compromise of a Chrome extension, but report that several other extensions has been modified using the same modus operandi by the same actor. Also, researchers at Kaspersky Lab have found a well-hidden backdoor in NetSang’s server management software called Xmanager, dubbed it ShadowPad.

In other news, USB connections are found to leak information between each other, making that public airport USB-charger even more capable, surreptitiously.

The new NIST draft embeds privacy into US govt security for the first time, showing that there indeed is a solid connection between infosec and privacy.

London council ‘failed to test’ parking ticket app, exposed personal info and got fined for it, even though there never was any actual leak performed.

Top 5 Security links
Maersk Shipping Reports $300m Loss Stemming from NotPetya Attack
Attackers Use DDoS Pulses to Pin Down Multiple Targets
Creepy backdoor found in NetSarang server management software
New NIST draft embeds privacy into US govt security for the first time
USB connections make snooping easy

Virtual data warehousing: Even more efficient data processing

For companies who want to retain their position as a digital leader and keep pace with technological progress in our modern world, the accurate and efficient processing of data is now more critical than ever before. Data lakes are one tool that enables users to collate all the data they hold in a single location. In this post, we introduce an even more extensive method that allows users to maintain performance and efficiency in incoming data flows and retain complete flexibility during data processing: Virtual data warehouses. 

BF-SIRT Newsletter 2017-32

The top stories from this week is that
Carbon Black’s Cb Response is accused by DirectDefense to leak sensitive data, CB claim it’s a feature
, and how Salesforce fires red team staffers who gave Defcon talk.

You can also read about how the UK security community responds with shock and anger against UK authorities as MalwareTechBlog arrested suspected of creating banking trojan. or that NIST Publishes Cybersecurity Workforce Framework.

Top 5 Security Links
Carbon Black denies its IT security guard system oozes customer secrets
Salesforce fires red team staffers who gave Defcon talk
Marcus Hutchins free for now as infosec world rallies around suspected banking malware dev
NIST Publishes Cybersecurity Workforce Framework
Windows 10 Can Detect PowerShell Attacks: Microsoft

BF-SIRT Newsletter 2017-31

The top stories from this week is the new SMB flaw, SMBLoris, and that Troy Hunt Releases Password List.

A security flaws has been found in 2G modems Used by BMW, Ford, Infiniti, and Nissan Cars, and Netflix Releases DoS Testing Tool.

Top 5 Security Links
SMBLoris – the New SMB Flaw
Troy Hunt Releases Password List
Security Flaws Found in 2G Modems Used by BMW, Ford, Infiniti, and Nissan Cars
Netflix Releases DoS Testing Tool
Attacking NoSQL applications (part 2)

BF-SIRT Newsletter 2017-30

The top stories from this week is that Adobe Announces End of Flash for 2020 and Microsoft announces Windows Bounty Program.

You can also read about JA3, TLS Client fingerprinting for malware detection or how Symantecs sloppy key verification leads to revocation of certificates.

Top 5 Security links
Adobe Announces End of Flash for 2020
Microsoft announces Windows Bounty Program
JA3 Hash To Fingerprint SSL/TLS Connections
Symantec Sloppy Key Verification Leads To Revocation of Certificates
Finding Domain frontable Azure domains