Entries by Fredrik Svantes

Russian State-Sponsored Cyber Actors Targeting Network Infrastructure

Yesterday, US-CERT posted a bulletin about Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices ( https://www.us-cert.gov/ncas/alerts/TA18-106A ). Our take on this is that this is something one must always assume to be happening, and if the bulletin is accurate then it’s not something Russia is alone in doing: https://arstechnica.com/tech-policy/2014/05/photos-of-an-nsa-upgrade-factory-show-cisco-router-getting-implant/ https://www.engadget.com/2016/08/21/nsa-technique-for-cisco-spying/ It is vital to have critical controls […]

BF-SIRT Newsletter 2018-15

Facebook On Tuesday and Wednesday this week, Mark Zuckerberg took part of congressional hearings regarding Cambridge Analytica and privacy concerns regarding Facebook. There are multiple news outlets covering the story, and KrebsonSecurity also wrote an article about how one should not trust these type of quizzes and such may receive data about you and your […]

BF-SIRT Newsletter 2018-11

AMD Vulnerabilities This week, CTS-Labs sent out an advisory regarding AMD Vulnerabilities. What’s worth noting about this is that the vulnerabilities all require local administrator access to exploit, and if an attacker already got that access it means that it’s basically game over in either case. There are also concerns that this was done in […]

BF-SIRT Newsletter 2018-07

NCCGroup rebuilt NotPetya, replacing its destructive payload with telemetry and safeguards to see what the impact could have been. They found the following: The customer ran it on one machine in their engineering network with no privileges. It found three machines unpatched. It exploited those three machines to obtain kernel level access. It infected those […]

BF-SIRT Newsletter 2018-03

Researchers have uncovered a government-sponsored mobile hacking group operating since 2012. OnePlus had its store compromised, leaving 40 000 credit cards compromised. Hackers have started exploiting three Microsoft Office flaws to spread Zyklon malware. Top 5 Security Links OnePlus minus 40,000 credit cards: Smartmobe store hacked to siphon payment info to crooks Transmission users beware: […]

BF-SIRT Newsletter 2018-02

Microsoft released patches for Meltdown and Spectre, but it’s important to update ones antivirus before applying the patches. Latest WebLogic exploit caused an increase in compromised hosts being used for mining Cryptocurrencies. F-Secure finds a new Intel AMT Security Issue which gives hackers with physical access full control of laptops in 30 seconds. Top 5 […]

BF-SIRT Newsletter 2017-20

The top stories from this week is of course about WannaCry and WannaCry 2.0. You can also read about how a Google researcher finds link between WannaCry attacks and North Korea, and that WikiLeaks reveals “AfterMidnight” & “Assassin” CIA Windows Malware Frameworks Top 5 security links WannaCry WannaCry 2.0 Google Researcher Finds Link Between WannaCry […]

WannaCry

WannaCry is the name of a new ransomware that is utilizing a Windows vulnerability to spread. It encrypt files, and promises to decrypt the files for a fee (which should not be paid). Microsoft released a patch for the vulnerability in March. Basefarm has always had the mentality that the best way to advance is […]

Star Wars – Good versus Evil

In fairy tales good always triumphs over evil. In real life that is not always the case. To remedy this, we have seen a change in how businesses work on security In stories like The Lord of the Rings, Cinderella, and Star Wars, good always triumphs over evil. In real life, however, that is not […]

BF-SIRT Newsletter 2017-18

The top stories from this week is an explanation on the Intel AMT vulnerability and a warning about a phishing mail related to Google Docs. You can also read about how, after years of warnings, mobile network hackers exploit SS7 flaws to drain bank accounts or about Malware Hunter — Shodan’s new tool to find […]