BF-SIRT Newsletter 2018-32

A new method has been found to make cracking WPA/WPA2 easier

The makers of Hashcat found a simpler way to gather the Pairwise Master Key Identifier (PMKID) from WPA/WPA2-secured wifi network. Before this method was discovered an attacker would have to wait for a user to authenticate, and then steal the 4-way handshake of the user. This new method is a “client-less attack”, meaning it can gather all the information needed without anyone using the network. This can significantly speed up the process of obtaining the PMKID.

The good news is that the passwords still needs to be cracked by brute force or dictionary attack, so if you are using a secure password this is still a non-trivial process. It also only works on Pre-Shared Key (PSK), meaning using other authentication methods should be safe.

Top 5 Security links


Malware is so 2017: five security trends to watch out for

Remember when several massive ransomware attacks went global and hit many big businesses? Fredrik Svantes, Senior Information Security Manager at Basefarm, discussed with us the latest developments that keep the cybersecurity community busy.

BF-SIRT Newsletter 2018-31

Huge Cryptomining Attack on ISP-Grade Routers Spreads Globally

Carrier-grade MikroTik routers are delivering potentially millions of daily cryptomining pages to the attacker.

A massive hacking campaign has been uncovered, compromising tens of thousands of MikroTik routers to embed Coinhive scripts in websites using a known vulnerability.

So far, has reported more than 170,000 active MikroTik devices infected with the CoinHive site-key used in this campaign (the site-key is the same across infections, indicating a single entity behind the attacks). The campaign is mainly targeting Brazil – but infections are growing internationally, according to Trustwave’s Secure Web Gateway (SWG) team, indicating much larger ambitions.

“This is a warning call and reminder to everyone who has a MikroTik device to patch as soon as possible,” Trustwave researcher Simon Kenin wrote a posting today. “This attack may currently be prevalent in Brazil, but during the final stages of writing this blog, I also noticed other geo-locations being affected as well, so I believe this attack is intended to be on a global scale.”


Top 5 Security Links

How to defend yourself against SamSam ransomware

Backdoors keep appearing in Cisco’s routers

Reddit breach highlights limits of sms-based authentication

Attacks on industrial enterprises using RMS and Teamviewer

Amnesty International targeted by Nation-state spyware

When business continuity is key

Semantix, Scandinavia’s largest language company, has chosen Basefarm as their supplier of its business critical operations. High availability, security expertise and flexible solutions were on the wish list during the procurement process.

Are you prepared for DDoS attacks?

How can you protect yourself from hackers and more specifically, DDOS attacks?

Get ready for Black Friday 2018 -23rd of November is just around the corner!

Yes it seems really early, but if you want to be prepared for the biggest sale of the year, you need to get your skates on.

A telecommunication test set connected to a network switch, to perform some data transmission quality measurements.

BF-SIRT Newsletter 2018-30

New Spectre attack enables secrets to be leaked over a network

In a paper named “NetSpectre: Read Arbitrary Memory over Network” researchers from Graz University of Technology, including one of the original Meltdown discoverers, Daniel Gruss, have described NetSpectre: a fully remote attack based on Spectre. With NetSpectre, an attacker can remotely read the memory of a victim system without running any code on that system.

The major catch  is that this side-channel attack only leaks 15 bits per hour, or 60 bits an hour via an AVX-based covert channel, which means it could take days to find and gather privileged information such as an encryption key or authentication token.

Intel has issued a statement saying: “NetSpectre is an application of Bounds Check Bypass (CVE-2017-5753), and is mitigated in the same manner – through code inspection and modification of software to ensure a speculation stopping barrier is in place where appropriate. We provide guidance for developers in our whitepaper, Analyzing Potential Bounds Check Bypass Vulnerabilities, which has been updated to incorporate this method. We are thankful to Michael Schwarz, Daniel Gruss, Martin Schwarzl, Moritz Lipp, & Stefan Mangard of Graz University of Technology for reporting their research.”

Top 5 Security Links

LifeLock Bug Exposed Millions of Customer Email Addresses

Google hasn’t suffered an employee phishing compromise in over a year

DHS – Russian APT groups are inside US critical infrastructure

Attacks on Oracle WebLogic Servers Detected After Publication of PoC Code

Adopting a Zero Trust approach is the best strategy to control access



(Blogpost image by Ildefonso Polo under “Do whatever you want”-license by Unsplash)

5 IT Trends that will shape the next 5 years (Part 4): Cloud Security

Big Data and cloud computing are the drivers of digital transformation. Large, sometimes sensitive data volumes are being processed more quickly and comprehensively than ever before. Multicloud and hybrid cloud computing enable access to pretty much unlimited resources, as well as create unimaginable possibilities – and even new high demands on IT security, too, particularly when it comes to clouds.

7 steps for more secure web applications

The protection of your web application should be on the agenda from the first line of code and is key to functional and secure operations, of the application in the future. We recommend Detectify who helped out Facebook, Google, PayPal, Dropbox and lots of others and here we outline what you need to do to improve the security of your applications.

The four greatest challenges for IT leaders

Against the backdrop of new technologies and the ever-more demanding requirements of customers and/or employees, IT leaders in companies are constantly faced with new challenges.