Entries by Abel De Kat Angelino

BF-SIRT Newsletter 2018-31

Huge Cryptomining Attack on ISP-Grade Routers Spreads Globally Carrier-grade MikroTik routers are delivering potentially millions of daily cryptomining pages to the attacker. A massive hacking campaign has been uncovered, compromising tens of thousands of MikroTik routers to embed Coinhive scripts in websites using a known vulnerability. So far, Censys.io has reported more than 170,000 active […]

BF-SIRT Newsletter 2018-27

Chrome Now Features Site Isolation to Defend Against Spectre A new feature called site isolation is being tapped to protect Chrome users against Spectre. Google introduced new security mitigations for its Chrome browser to defend against recently discovered Spectre variants. The new security feature, called site isolation, essentially isolates different browser work processes between various browser […]

BF-SIRT Newsletter 2018-25

Ticketmaster chat feature leads to Credit-Card Breach Tens of thousands of people have been caught up in a data breach at Ticketmaster UK, which exposed credit-card and personal information for UK and some international customers. The ticket-selling giant said that on Saturday it found malware within a customer chat function for its websites, hosted by […]

BF-SIRT Newsletter 2018-22

Public Disclosure of a Critical Arbitrary File Overwrite Vulnerability: Zip Slip The Snyk Security team is today announcing the public disclosure of a critical arbitrary file overwrite vulnerability called Zip Slip. It is a widespread vulnerability which typically results in remote command execution. The vulnerability affects thousands of projects, including ones from HP, Amazon, Apache, […]

BF-SIRT Newsletter 2018-21

BUG in GIT opens developers systems up to attack. Git repository hosting services GitHub, GitLab and Microsoft VSTS each patched a serious vulnerability on Tuesday that could lead to arbitrary code execution when a developer uses a malicious repository. Developers behind the open-source development Git tool pushed out Git 2.17.1, addressing two bugs (CVE-2018-11233 and […]

BF-SIRT Newsletter 2018-20

VIRGINIA TECH AND DASHLANE ANALYSIS FIND RISKY, LAZY PASSWORDS THE NORM Dashlane analyzed over 61 million passwords and uncovered some troubling password patterns. The analysis was conducted with research provided by Dr. Gang Wang, an Assistant Professor in the Department of Computer Science at Virginia Tech. The Virginia Tech project, described as “the first large-scale empirical analysis […]

BF-SIRT Newsletter 2018-19

Not So Pretty: What You Need to Know About E-Fail and the PGP Flaw Don’t panic! But you should stop using PGP for encrypted email and switch to a different secure communications method for now. A group of researchers released a paper today that describes a new class of serious vulnerabilities in PGP (including GPG), […]

BF-SIRT Newsletter 2018-18

TWITTER URGES USERS TO CHANGE PASSWORDS DUE TO GLITCH Twitter said Thursday that a glitch caused account passwords to be stored in plain text on an internal log, sending users across the platform scrambling  to change their passwords. The social media company said that it found and has fixed the glitch, and its investigation shows […]

BF-SIRT Newsletter 2018-17

Know what Instagram knows – here’s how you download your data Instagram, the visual story-centric social media platform owned by Facebook, has now added a long-requested feature: the ability for users to download their data – including images, posts and comments. Not to be cynical, but Instagram is not making this move out of the […]

BF-SIRT Newsletter 2018-14

Intel tells remote keyboard users to delete app after critical bug found. On Tuesday, Intel warned of a critical escalation of privilege vulnerability (CVE-2018-3641) in all versions of the Intel Remote Keyboard that allows a network attacker to inject keystrokes as if they were a local user. The vulnerability received a Common Vulnerabilities and Exposure […]