Entries by Raymond Aarseth

Basefarm security news

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT). Florida has been become a target for two serious ransomware attacks. The city of Pensacola reported a cyber incident that reportedly started Saturday morning. The city disconnected much of the city’s network, and affected […]

Data leaks and breaches

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT). Today I want to take a look at data leaks and breaches as the last week has had quite a few of those. Unicef Norway had a database exposed to the internet (Paywall) without […]

Insider threats

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT). This week we have seen multiple cases of one of the harder issues in security, the insider threat. Two former employees of twitter have been charged with spying on Twitter users for Saudi Arabia, […]

BF-SIRT Newsletter 2018-32

A new method has been found to make cracking WPA/WPA2 easier The makers of Hashcat found a simpler way to gather the Pairwise Master Key Identifier (PMKID) from WPA/WPA2-secured wifi network. Before this method was discovered an attacker would have to wait for a user to authenticate, and then steal the 4-way handshake of the […]

BF-SIRT Newsletter 2017-50

This weeks top stories begins with the ROBOT attack, a bug in the implementation of RSA key exchange for products using PKCS #1 v1.5. This includes SSL\TLS if RSA is used for for exchanging keys. The bug can let an adversary decrypt traffic and even sign messages with someones else private key. The vulnerable products […]

BF-SIRT Newsletter 2017-49

This weeks top stories is that Microsoft Issues Emergency Windows Security Update For A Critical Vulnerability that could lead to remote code execution in Microsoft’s own Malware Protection Engine. CVE-2017-11937 uses a memory corruption bug that lets a specially crafted file run code on on the machine. This is an out of band security update coming […]