Entries by Hans-Petter Fjeld

Microsoft IIS DoS, patch install not enough

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT). Microsoft announced a bug in the Internet Information Services (IIS) where malicious HTTP/2 packets would consume 100% CPU until restarted. Microsoft have published patches that would allow a MS IIS administrator to mitigate this […]

DNSpionage and how to mitigate DNS tunneling

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT). Cisco Talos has published details regarding an APT campaign using DNS redirection and a malware they call DNSpionage. The malware supports both regular HTTP and also DNS tunneling as a way of communicating back […]

Russia accused of Energy Sector Siege

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT). Advanced attackers, most likely from Russia, seem to be in the reconnaissance phase of a cyber war, according to a research report from threat hunting firm Vectra. The attackers are using stealthy tactics seemingly […]

Dynamic Content Attacks and How to Mitigate them

This blog post is a summary of this weeks Information Security News put together by our Security Incident Response Team (SIRT). “Most dynamic content attacks are launched against content delivery networks. The attacker uses networks of infected hosts or botnets to request non-cached content from the target. If enough of these requests are made, the […]

BF-SIRT Newsletter 2018-30

New Spectre attack enables secrets to be leaked over a network In a paper named “NetSpectre: Read Arbitrary Memory over Network” researchers from Graz University of Technology, including one of the original Meltdown discoverers, Daniel Gruss, have described NetSpectre: a fully remote attack based on Spectre. With NetSpectre, an attacker can remotely read the memory […]

BF-SIRT Newsletter 2018-26

Gentoo shows off prompt and professional security response after minor breach A weak administrator password allowed an unknown attacker to gain access to the Gentoo Linux distribution’s GitHub account and lock developers out of it. The GitHub repositories of Gentoo are only downstream mirrors from the self-hosted Gentoo.org infrastructure. From an organizational standpoint, Gentoo’s handling […]

BF-SIRT Newsletter 2018-23

New Vulnerability Found in All Modern Intel CPUs Another security vulnerability has been discovered in Intel chips that affects the processor’s speculative execution technology. Dubbed Lazy FP State Restore, the vulnerability (CVE-2018-3665) within Intel Core and Xeon processors has just been confirmed by Intel, and vendors are now rushing to roll out security updates in […]

BF-SIRT Newsletter 2018-16

State-Sponsored Cyber Actors do State-Sponsored Cyber Actor stuff US-CERT published a joint Technical Alert (TA) resulting from efforts between the Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI), and the United Kingdom’s National Cyber Security Centre (NCSC) providing information on the worldwide cyber exploitation of network infrastructure devices (e.g., router, switch, firewall, […]