What AI and machine learning are and how they relate to IoT

Are you prepared for social engineering and the Next Corporate hack?

San Francisco Airport (SFO) at night

BF-SIRT Newsletter 2018-16

State-Sponsored Cyber Actors do State-Sponsored Cyber Actor stuff

US-CERT published a joint Technical Alert (TA) resulting from efforts between the Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI), and the United Kingdom’s National Cyber Security Centre (NCSC) providing information on the worldwide cyber exploitation of network infrastructure devices (e.g., router, switch, firewall, Network-based Intrusion Detection System (NIDS) devices) by Russian state-sponsored cyber actors. And they provide some nice concrete information that can be reacted to. The fact that this happens is not new, and there is no reason to think Russia is the only ones who does this, they are not doing anything spectacular or fancy either. Check for the indicators provided, keep calm and carry on.

 

In a separate note, Oracle announces 250 security fixes in quarterly patch update, Cisco published important and critical security advisories for Firepower, ASA and WebEx.

 

Top 5 Security links
RSA 2018 Keynote – The Five Most Dangerous New Attack Techniques
PCI Council Releases Guidelines for Cloud Compliance
Hacking charge for URL-manipulation in Canada
Drupalgeddon 2 Vulnerability Used to Infect Servers With Backdoors & Coinminers
Tech Firms Sign ‘Digital Geneva Accord’ Not to Aid Governments in Cyberwar

 

(Blogpost image by Andrew Choy from Santa Clara, California, “San Francisco International Airport at night“, Creative Commons Attribution-Share Alike)

Ready to speed up your development?

DevOps and Microservices are not new concepts within IT but these aspects of the development process are not often applied. “Really a shame,” in the opinion of Basefarm’s Bent Terp, “because combining DevOps and Microservices yield benefits in a wide range of areas.”

Dev+Ops= development synergy

DevOps revolves around intensive collaboration between software engineers and other IT specialists within a company, resulting in more frequent and faster implementation. To get the highest benefit, applications should not be built as large monoliths but as a suite of smaller, independent components (aka Microservices).

DevOps however is not a product: after all, you can’t buy it anywhere.

“DevOps is much more a culture, a mindset within organizations,” says Terp.

And he should know: as Senior Solutions Architect at Basefarm he has to deal with numerous IT challenges and development methods.

The elusive trust culture

“DevOps relies on a culture of trust ‒ trust in the talent of your team,” Terp explains. “DevOps is only feasible with teams that encompass all the requisite skills at the development as well as the operations end.”

It sounds easy but it’s not. Terp: “We’re not simply dealing with technologies but also with the processes and the people who have to execute the processes.”

For many companies ‒ and their staff ‒ this way of developing software requires a radically different mindset.

Microservices are a developer’s best friend

Developers are responsible for communication with other teams as well as their own piece of code. An advantage of working with Microservices is that each team can work in the language they prefer.

“Everybody can do it their own way in the programming language they know best with their own release cycle,” Terp explains. “There’s no waiting around for everybody else.”

Faster time-to-market

By making it possible to work on smaller pieces of the overall system independently of the rest, microservices enhance the efficiency of software development.

Terp: “One of the largest Nordic banks had a situation where it took ten weeks to find out if a piece of software actually worked; now with DevOps on OpenShift it’s only a matter of hours, considerably reducing the time-to-market.”

More results in less time

And where a piece of code used to pass through many different, isolated teams as it travelled through the entire pipeline ‒ from development through testing and quality assurance to deployment ‒ DevOps and Microservices have made adjustments less dramatic and hence significantly shortened cycle times.


About Bent Terp, Senior Solutions Architect in Basefarm Group: An enthusiastic Linux user for more than 30 years, Bent has designed and operated solutions for credit-card processing, e-health and video streaming services. His current focus is the adoption of public-cloud services and container-based microservices to increase innovation speed and quality.

Would you like to know more? Read more about OpenShift-as-a-Service, Microservices and DevOps here.

Contact us for more information.

Russian State-Sponsored Cyber Actors Targeting Network Infrastructure

Yesterday, US-CERT posted a bulletin about Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices ( https://www.us-cert.gov/ncas/alerts/TA18-106A ).
Our take on this is that this is something one must always assume to be happening, and if the bulletin is accurate then it’s not something Russia is alone in doing:
https://arstechnica.com/tech-policy/2014/05/photos-of-an-nsa-upgrade-factory-show-cisco-router-getting-implant/
https://www.engadget.com/2016/08/21/nsa-technique-for-cisco-spying/

It is vital to have critical controls in place to protect against these types of attacks, and to be prepared to take action based on concrete Indicators of Compromise provided in alerts and threat intelligence. Basefarm is a member of FIRST.org, TF-CSIRT and Swedish CERT-Forum, which helps us gather intelligence such as this in a timely manner.

 

(Blogpost image by Erik Mandre, “Karu-Ursus arctos-Erik Mandre.jpg“, Creative Commons Attribution-Share Alike)

BF-SIRT Newsletter 2018-15

Facebook

On Tuesday and Wednesday this week, Mark Zuckerberg took part of congressional hearings regarding Cambridge Analytica and privacy concerns regarding Facebook. There are multiple news outlets covering the story, and KrebsonSecurity also wrote an article about how one should not trust these type of quizzes and such may receive data about you and your friends when you do them (which is how Cambridge Analytica got a hold of information about more than 50 million users when they approved access to the app “This is your digital life”).

Facebook has since added a website that allows you to check if your information was leaked or not, and they have also added additional privacy information on what type of data you have uploaded to Facebook with regards to Contacts, Call and Text history if you allowed Messenger or Facebook on your mobile to do so.

Facebook has also updated their bug bounty program and now offers a $40,000 bounty if you find evidence of Data Leaks.a

 

Top 5 Security links
Finland hit by a data breach affecting over 130,000 users
Drupal CVE-2018-7600 PoC is Public
Outlook bug allowed hackers to use .rtf files to steal windows passwords
Your Windows PC can get hacked by simply visiting a website if you don’t update
PowerHammer lets hackers steal data from air-gapped computers through power lines

 

What is DevOps? – A definition

DevOps has become the go-to concept for companies looking to optimize agile processes. However, many find it difficult to understand what exactly DevOps is, what it looks like in practice, and how far-reaching its implementation can be. We explain all in this post.

BF-SIRT Newsletter 2018-14

Intel tells remote keyboard users to delete app after critical bug found.

On Tuesday, Intel warned of a critical escalation of privilege vulnerability (CVE-2018-3641) in all versions of the Intel Remote Keyboard that allows a network attacker to inject keystrokes as if they were a local user.

The vulnerability received a Common Vulnerabilities and Exposure (CVE) score of 9.0 out of 10.

As part of the same advisory, Intel shared two additional Remote Keyboard vulnerabilities, both rated high. The bugs (CVE-2018-3645 and CVE-2018-3638) allow an “authorized local attacker to execute arbitrary code as a privileged user” and had CVE scores of 8.8 and 7.2, according to Intel.

An Intel spokesperson told Threatpost the product had already been scheduled for discontinuation, and the discontinuation is not related to the security advisory. Despite being discontinued, Intel still maintains a Remote Keyboard product page for the app and it is still available for download via Apple’s App Store and Google Play. According to Google Play, the app has been installed over 500,000 times.

 

Top 5 Security links
https://blog.cloudflare.com/announcing-1111/
https://www.elastic.co/blog/gdpr-personal-data-pseudonymization-part-1
https://krebsonsecurity.com/2018/04/secret-service-warns-of-chip-card-scheme/
https://blog.infostruction.com/2018/04/02/feodo-banking-trojan-dropper-analysis/
https://www.commondreams.org/news/2018/04/05/not-50-million-not-87-million-facebook-admits-data-most-its-2-billion-users

 

BF-SIRT Newsletter 2018-12

Bitcoins blockchain poisoned

Researchers from the RWTH Aachen University and Goethe University, Germany, have uncovered images and links to child pornography in cryptocurrency Bitcoin’s blockchain. The analysis found that certain content, such as illegal pornography, would render the mere possession of a blockchain illegal, with data distributed to all Bitcoin participants.

Version 7 of CIS Controls released

“CIS Controls Version 7” was released Monday by the Center for Internet Security, including steps for mapping the well-known “high-priority short list” of defensive actions to the National Institute of Standards and Technology’s framework of cybersecurity standards.

 

Top 5 Security links
Pirate Websites Expose Users to More Malware, Study Finds
AMD Will Release the Patches for the Recently Discovered Flaws Very Soon
Dragonfly Compromises Core Router to Attack Critical Infrastructure
Firefox Master Password System Has Been Poorly Secured for the Past 9 Years
EXCLUSIVE: ‘Lone DNC Hacker’ Guccifer 2.0 Slipped Up and Revealed He Was a Russian Intelligence Officer

 

 

(Blogpost image by Stefan Krause, “Glühlampe explodiert“, Free Art License)

Malware is so 2017: five new security trends to watch out for

Outbreaks such as Petya and WannaCry really put the malware threat on the IT agenda and made cybersecurity a priority for everyone. Fredrik Svantes, Senior Information Security Manager at Basefarm, explains the latest developments that keep the cybersecurity community busy.