Entries by Basefarm

CVE-2020-0618 | Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability

Published by Microsoft: 02/11/2020 MITRE CVE-2020-0618 “A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests. An attacker who successfully exploited this vulnerability could execute code in the context of the Report Server service account.” There exists a proof of concept and write-up. Basefarm considers this a […]

Cloud security is voodoo?

“Researchers detail the process of finding two flaws in the Azure Stack architecture and Azure App Service, both of which have been patched.” “Check Point Research analysts who discovered two vulnerabilities in the Microsoft Azure cloud infrastructure have published the details of how these flaws were found and how attackers could potentially use them.” Read […]

Vulnerable Citrix Appliances

On December 17, Citrix disclosed a vulnerability in their ADC, Gateway and SD-WAN product lines. Some patches were delivered around January 10, but these patches were not that efficient. A proper patch was not released before January 19 to January 24, depending on the appliance and release train. Unfortunately, the nature of the vulnerability makes […]

New year, new vulnerabilities

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT). The year 2020 started of by throwing out a bunch of new vulnerabilities that needed fixing. First it was the Citrix vulnerability in Application Delivery Controller and Gateway products, formerly known as netscaler. The […]

Basefarm security news

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT). Florida has been become a target for two serious ransomware attacks. The city of Pensacola reported a cyber incident that reportedly started Saturday morning. The city disconnected much of the city’s network, and affected […]

Data leaks and breaches

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT). Today I want to take a look at data leaks and breaches as the last week has had quite a few of those. Unicef Norway had a database exposed to the internet (Paywall) without […]

Insider threats

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT). This week we have seen multiple cases of one of the harder issues in security, the insider threat. Two former employees of twitter have been charged with spying on Twitter users for Saudi Arabia, […]

HYBRID CLOUD FOR PEAK LOADS AT DESTINATION GOTLAND

Destination Gotland is a wholly owned subsidiary of Rederi AB Gotland. On behalf of the Swedish government, they operate the ferry services between Visby, Nynäshamn and Oskarshamn. THE CHALLENGES: RELIABLE EXPERTISE THAT WOULD NEVER FAIL During peak season, it is absolutely crucial that their booking systems work. The ferry service affects the entire island of […]