BF-SIRT Newsletter 2013-51

This week shows the importance of keeping up-to-date. As we reported earlier in a post, there was a patch for a ColdFusion vulnerability in the end of November. This has now been used on multiple sites, and you can read here about how Attackers exploited ColdFusion vulnerability to install Microsoft IIS malware
The newsletter will take a small break now, to return on the 2nd week of 2014 (11th of January to be exact). We hope everyone have a great holiday!

Top 5 Security links
Botnet Enlists Firefox Users to Hack Web Sites
Resurgence of malware signed with stolen certificates
Unlocking CryptoLocker: How infosec bods hunt the fiends behind it
Attackers exploited ColdFusion vulnerability to install Microsoft IIS malware
Foreign attackers hacked elections site during government shutdown

Top 5 Business Intelligence links
IT pros are playing cat and mouse with cybercriminals
The Case for a Compulsory Bug Bounty
93% of large organisations had a security breach last year
Energy Department Breach Years In Making, Investigators Say
Report: In 2013, more than one million U.S. computers were infected with banking trojans

December 20 – Remove unnecessary programs or services from your computer
December 19 – Log out or lock your computer when stepping away
December 18 – Never share passwords or passphrases
December 17 – Practice the principle of least privilege (PoLP)
December 16 – Use an Intrusion Detection System
December 15 – Deploy two-factor authentication
December 14 – Have security on all your devices