Entries by Security Incident Response Team

Change your Facebook password now!

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT). Oh, feet of clay! Facebook has just admitted that it has found many places – hundreds of millions of places, maybe – where it saved users’ passwords to disk in raw, unencrypted form. In […]

Hundreds of Vulnerable Docker Hosts Exploited by Cryptocurrency Miners

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT). Docker is a technology that allows you to perform operating system level virtualization. An incredible number of companies and production hosts are running Docker to develop, deploy and run applications inside containers. You can […]

Microsoft IIS DoS, patch install not enough

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT). Microsoft announced a bug in the Internet Information Services (IIS) where malicious HTTP/2 packets would consume 100% CPU until restarted. Microsoft have published patches that would allow a MS IIS administrator to mitigate this […]

Downgrade Attack on TLS 1.3 and Vulnerabilities in Major TLS Libraries

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT). On November 30, 2018. nccgroup disclosed CVE-2018-12404, CVE-2018-19608, CVE-2018-16868, CVE-2018-16869, and CVE-2018-16870. These were from vulnerabilities found back in August 2018 in several TLS libraries. Read more Top 5 Security News MacOs Zero-day exposes […]

8 security trends 2019

True to tradition, Basefarm’s Head of Security Operation has looked deep into his crystal ball to see what the new year holds. Here are 8 security trends to look out for in 2019. 1. Workforce gap necessitates different solutions According to the (ISC)2 organisation, we have a shortage of three million cybersecurity professionals. Without the […]

Multi-factor authentication time?

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT). With billions of user credentials being freely distributed online it’s high time to implement multi-factor authentication as the default way to authenticate. Wired has written an article about the magnitude of leaks: “Earlier this […]

Give Up the Ghost: A Backdoor by Another Name

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT). Government Communications Headquarters (GCHQ), the UK’s counterpart to the National Security Agency (NSA), has fired the latest shot in the crypto wars. In a post to Lawfare titled Principles for a More Informed Exceptional Access Debate, […]