Entries by Security Incident Response Team

Thousands of breached websites turn up on MagBo Black market

This blog post is a summary of this weeks Information Security News put together by our Security Incident Response Team (SIRT). Thousands of breached websites turn up on MagBo Black market The research team said it has shared its findings with law enforcement and victims are being notified. A newly-discovered underground marketplace has been peddling […]

BF-SIRT Newsletter 2018-31

Huge Cryptomining Attack on ISP-Grade Routers Spreads Globally Carrier-grade MikroTik routers are delivering potentially millions of daily cryptomining pages to the attacker. A massive hacking campaign has been uncovered, compromising tens of thousands of MikroTik routers to embed Coinhive scripts in websites using a known vulnerability. So far, Censys.io has reported more than 170,000 active […]

BF-SIRT Newsletter 2018-27

Chrome Now Features Site Isolation to Defend Against Spectre A new feature called site isolation is being tapped to protect Chrome users against Spectre. Google introduced new security mitigations for its Chrome browser to defend against recently discovered Spectre variants. The new security feature, called site isolation, essentially isolates different browser work processes between various browser […]

BF-SIRT Newsletter 2018-25

Ticketmaster chat feature leads to Credit-Card Breach Tens of thousands of people have been caught up in a data breach at Ticketmaster UK, which exposed credit-card and personal information for UK and some international customers. The ticket-selling giant said that on Saturday it found malware within a customer chat function for its websites, hosted by […]

BF-SIRT Newsletter 2018-22

Public Disclosure of a Critical Arbitrary File Overwrite Vulnerability: Zip Slip The Snyk Security team is today announcing the public disclosure of a critical arbitrary file overwrite vulnerability called Zip Slip. It is a widespread vulnerability which typically results in remote command execution. The vulnerability affects thousands of projects, including ones from HP, Amazon, Apache, […]

BF-SIRT Newsletter 2018-21

BUG in GIT opens developers systems up to attack. Git repository hosting services GitHub, GitLab and Microsoft VSTS each patched a serious vulnerability on Tuesday that could lead to arbitrary code execution when a developer uses a malicious repository. Developers behind the open-source development Git tool pushed out Git 2.17.1, addressing two bugs (CVE-2018-11233 and […]

BF-SIRT Newsletter 2018-20

VIRGINIA TECH AND DASHLANE ANALYSIS FIND RISKY, LAZY PASSWORDS THE NORM Dashlane analyzed over 61 million passwords and uncovered some troubling password patterns. The analysis was conducted with research provided by Dr. Gang Wang, an Assistant Professor in the Department of Computer Science at Virginia Tech. The Virginia Tech project, described as “the first large-scale empirical analysis […]