Downgrade Attack on TLS 1.3 and Vulnerabilities in Major TLS Libraries

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

On November 30, 2018. nccgroup disclosed CVE-2018-12404, CVE-2018-19608, CVE-2018-16868, CVE-2018-16869, and CVE-2018-16870. These were from vulnerabilities found back in August 2018 in several TLS libraries.

Read more

Top 5 Security News

The dawn of the autonomous data center

In this article published by Data Center Dynamics, Ravin Mehta, founder of The unbelievable Machine Company, part of the Basefarm group, argues that now could be the time for the next big leap when it comes to the data center.

What AI and machine learning are and how they relate to IoT

We can better exploit new opportunities when we understand what new technologies involve and how they interact. Today’s topic is what artificial intelligence and machine learning are, and an insight into how they can relate to IoT and Big Data.

BF-SIRT Newsletter 2017-39

This weeks top stories is an update on how the CCleaner APT security incident targeted large technology companies, and a Deloitte breach affecting all company email.

A couple of new stories are currently evolving, including an easy-to-exploit flaw in Linux kernel rated ‘high risk’ (CVE-2017-1000253) and a (for now) more theoretical CLKSCREW Attack which can hack modern chipsets via their power management features.

ICANN delays KSK Rollover over fears 60 million people would be kicked offline.

If you are looking for longer reading to keep you company this weekend you are in luck, McAfee Labs Report sees cyberattacks target healthcare and social media users, Accenture reports global cost of cybercrime soars 23% in a year and Europol published it’s Internet Organised Crime Threat Assessment.

Notable CVEs this week
CVE-2017-14867 – git: cvsserver command injection – CVSS3 Base Score 7.8
CVE-2017-1000253 – kernel: load_elf_ binary() – CVSS3 Base Score 7.8
CVE-2017-7805 – nss: Potential use-after-free in TLS 1.2 server – CVSS3 Base Score 7.5

Top 5 Security Links
Avast, Cisco Confirm: CCleaner Malware Targeted Large Technology Companies
Source: Deloitte Breach Affected All Company Email, Admin Accounts
Patch alert! Easy-to-exploit flaw in Linux kernel rated ‘high risk’
CLKSCREW Attack Can Hack Modern Chipsets via Their Power Management Features
Internet-wide security update put on hold over fears 60 million people would be kicked offline

BF-SIRT Newsletter 2017-30

The top stories from this week is that Adobe Announces End of Flash for 2020 and Microsoft announces Windows Bounty Program.

You can also read about JA3, TLS Client fingerprinting for malware detection or how Symantecs sloppy key verification leads to revocation of certificates.

Top 5 Security links
Adobe Announces End of Flash for 2020
Microsoft announces Windows Bounty Program
JA3 Hash To Fingerprint SSL/TLS Connections
Symantec Sloppy Key Verification Leads To Revocation of Certificates
Finding Domain frontable Azure domains

BF-SIRT Newsletter 2017-20

The top stories from this week is of course about WannaCry and WannaCry 2.0.

You can also read about how a Google researcher finds link between WannaCry attacks and North Korea, and that WikiLeaks reveals “AfterMidnight” & “Assassin” CIA Windows Malware Frameworks

Top 5 security links
WannaCry 2.0
Google Researcher Finds Link Between WannaCry Attacks and North Korea
WikiLeaks Reveals ‘AfterMidnight’ & ‘Assassin’ CIA Windows Malware Frameworks
Using Chrome, SCF ands SMB to steal Windows Credentials

BF-SIRT Newsletter 2016-48

The top stories from this week consist of stories such as Ransomware Crooks caught San Francisco Transport System and ImageGate: Check Point uncovers a new method for distributing malware through images. You can also read a story about Paypals OAuth hijacking and Tesla smartphone app was found to lack security.

Top 5 Security links:
Microsoft Silently Fixes Kernel Bug That Led to Chrome Sandbox Bypass
Firefox 0-day in the wild is being used to attack Tor users
Bypassing SAML 2.0 SSO with XML Signature Attacks
SHIFT + F10, Linux gets you Windows 10’s cleartext BitLocker key
Avalanche – Law Enforcement Take Down

Patch Tuesday March 2016

Yet another patch Tuesday has come upon us.
Microsoft released 13 updates, 5 of which fix critical issues, to address vulnerabilities in their product line. Adobe on the other hand has released patches which address vulnerabilities in a large amount of their product portfolio.

UPDATE: Adobe released a critical patch for Adobe Flash, which fixes an issue that may cause remote control of a system.
Adobe Flash


Patch Tuesday June 2015

Another month, another patch Tuesday!
Microsoft and Adobe has both released a large amount of updates. Adobe fixed 13 security issues in Flash Player that could lead to serious attacks, including remote code execution and information disclosure, while Microsoft pushed out fixes for at least three dozen flaws in Windows and associated software.

You can find links to the updates below:

BF-SIRT Newsletter 2014-50

Welcome to the newsletter! This week you can read about how Hackers leak top Sony executives’ emails and how North Korea denies involvement in ‘righteous’ Sony hack. You can also read about how Cost of cybersecurity and risk management will double as well as how Cyber-espionage is expected to surge in 2015. Other big news this week is how POODLE returns, as well as the regular Patch Tuesday for the month.

Top 5 Security links
Analysis of wiper malware, implicated in Sony breach, exposes Shamoon-style attacks
North Korea denies involvement in ‘righteous’ Sony hack
Hackers leak top Sony executives’ emails
An epic ride: A look back at the ever-changing information security industry
Chinese responsible for 85 per cent of website scams

Top 5 Business Intelligence links
Ransomware is the Future of Consumer Cybercrime
13 free tools to monitor your Digital Security during Christmas
EC3 Head Paints Bleak Cybercrime Picture
Cost of cybersecurity and risk management to double
Cyber-espionage expected to surge in 2015: McAfee Labs

Basefarm SIRT Posts
POODLE returns
Patch Tuesday December 2014