Entries by Hans-Petter Fjeld

Covid-19 forces changes

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT). Helpdesksecurity writes “A time of chaos is a time for opportunity for unscrupulous individuals and groups, and COVID-19 is seemingly an unmissable boon for cyber crooks. We’ve already covered a variety of COVID-19-themed scams, […]

Infosec preparedness during Covid-19 outbreak

Our customers’ business continuity is of paramount importance for Basefarm. We are fully aware that several of our clients provide services that are absolutely critical for our society. Basefarm is following the ongoing outbreak closely and is constantly considering the implications for secure operations for us and our customers. There are several ways that this […]

CVE-2020-0852 | Microsoft Word Remote Code Execution Vulnerability

Published: 2020-03-10 MITRE CVE-2020-0852 “A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions […]

CVE-2020-0796 | Server Message Block 3.0 (SMBv3) Remote Code Execution

Published: 2020-03-10 MITRE CVE-2020-0796 As of writing, Microsoft has not released any official information, but FortiGuard writes that there exists a “(…) Buffer Overflow Vulnerability in Microsoft SMB Servers. The vulnerability is due to an error when the vulnerable software handles a maliciously crafted compressed data packet. A remote, unauthenticated attacker can exploit this to […]

Nation state actors plays the long game

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT). “Qihoo 360, one of the most prominent cybersecurity firms, today published a new report accusing the U.S. Central Intelligence Agency (CIA) to be behind an 11-year-long hacking campaign against several Chinese industries and government […]

CVE-2020-0688 | Microsoft Exchange Validation Key Remote Code Execution Vulnerability

Published: 02/11/2020 | Last Updated : 02/11/2020 MITRE CVE-2020-0688 “A remote code execution vulnerability exists in Microsoft Exchange Server when the server fails to properly create unique keys at install time. Knowledge of a the validation key allows an authenticated user with a mailbox to pass arbitrary objects to be deserialized by the web application, […]

CVE-2020-1938 – Apache Tomcat AJP Request Injection and potential Remote Code Execution

Published by Apache: 2020-02-24 MITRE CVE-2020-3158 “When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may […]

CVE-2020-3158 – Cisco Smart Software Manager On-Prem Static Default Credential Vulnerability

Published by Cisco: 2020-02-19 MITRE CVE-2020-3158 “A vulnerability in the High Availability (HA) service of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to access a sensitive part of the system with a high-privileged account.” The vulnerability has a CVSS Base score of 9.8, Critical. Basefarm has triaged this vulnerability and found […]

VMSA-2020-0003 vRealize Operations for Horizon Adapter updates address multiple security vulnerabilities (CVE-2020-3943, CVE-2020-3944, CVE-2020-3945)

Published by VMware: 2020-02-18 MITRE CVE-2020-3943 “vRealize Operations for Horizon Adapter uses a JMX RMI service which is not securely configured. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.0.” “vRealize Operations for Horizon Adapter has an improper trust store configuration […]