google – Basefarm Blog

Cybersecurity Updates For Week 16 of 2022

April 22, 2022/in Security blog /by Sjir Bagmeijer

CVE-2021-3970, CVE-2021-3971, CVE-2021-3972: Lenovo UEFI Firmware Vulnerabilities

Security company ESET discovered 3 new vulnerabilities in the UEFI firmware of Lenovo laptops which affected hundreds of Lenovo models including Lenovo Flex; IdeaPads; Legion; V14, V15, and V17 series; and Yoga laptops.

Hackers Are Getting Caught Exploiting New Bugs More Than Ever

A pair of reports from Mandiant and Google found a spike in exploited zero-day vulnerabilities in 2021. The question is, why?

Access Bypass, Data Overwrite Vulnerabilities Patched in Drupal

Drupal on Wednesday announced the release of security updates to resolve a couple vulnerabilities that could lead to access bypass and data overwrite.

Other news worth mentioning:

Amazon’s Hotpatch for Log4j Flaw Found Vulnerable to Privilege Escalation Bug
Critical Chipset Bugs Open Millions of Android Devices to Remote Spying
Denonia Malware Shows Evolving Cloud Threats
Oracle Releases 520 New Security Patches With April 2022 CPU
Emotet reestablishes itself at the top of the malware world

Cybersecurity Updates For Week 12 of 2022

March 25, 2022/in Security blog /by Sjir Bagmeijer

Okta’s Investigation of the January 2022 Compromise

On March 22, 2022, nearly 24 hours ago, a number of screenshots were published online that were taken from a computer used by one of Okta’s third-party customer support engineers.

Microsoft confirms Lapsus$ breach after hackers publish Bing, Cortana source code

Microsoft has confirmed that it was breached by the Lapsus$ hacking group.

North Korean Hackers Exploited Chrome Zero-Day to Target Fintech, IT, and Media Firms

Google’s Threat Analysis Group (TAG) on Thursday disclosed that it acted to mitigate threats from two distinct government-backed attacker groups based in North Korea that exploited a recently-uncovered remote code execution flaw in the Chrome web browser.

Other news worth mentioning:

7 Suspected Members of LAPSUS$ Hacker Gang, Aged 16 to 21, Arrested in U.K.
FBI: Cybercrime Victims Suffered Losses of Over $6.9B in 2021
Feds Allege Destructive Russian Hackers Targeted US Refineries
Western Digital My Cloud OS update fixes critical vulnerability

Cybersecurity Updates For Week 8 of 2022

February 25, 2022/in Security blog /by Sjir Bagmeijer

New Data-Wiping Malware Discovered on Systems in Ukraine

Researchers were scrambling to analyze a newly discovered piece of data-wiping malware found in the wild.

Notorious TrickBot Malware Gang Shuts Down its Botnet Infrastructure

The modular Windows crimeware platform known as TrickBot formally shuttered its infrastructure on Thursday after reports emerged of its imminent retirement amid a lull in its activity for almost two months, marking an end to one of the most persistent malware campaigns in recent years.

Microsoft Exchange Bugs Exploited by ‘Cuba’ Ransomware Gang

The ransomware gang known as “Cuba” is increasingly shifting to exploiting Microsoft Exchange vulnerabilities – including ProxyShell and ProxyLogon – as initial infection vectors, researchers have found.

Other news worth mentioning:

Russia Sanctions May Spark Escalating Cyber Conflict
Redcar and Cleveland Council: Four serious data breaches reported
How to Use Google Chrome’s Enhanced Safety Mode
Social Media Hijacking Malware Spreading Through Gaming Apps on Microsoft Store

Bug-hunters punch huge holes in WPA3 standard for Wi-Fi security

April 12, 2019/in Basefarm SIRT, Security blog, SIRT /by Security Incident Response Team

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Researchers have detailed a set of side-channel and downgrade attacks that potentially allow an attacker to compromise Wi-Fi networks equipped with WPA3 protection.

Google Releases Google Chrome 30

October 3, 2013/in Security blog /by Basefarm

Google has released Chrome 30 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to cause a denial of service condition, spoof the address bar, or obtain sensitive information.

More information: http://googlechromereleases.blogspot.se/search/label/Stable%20updates

Basefarm SIRT Newsletter 28

July 12, 2013/in Security blog /by Basefarm

Bluebox Labs found a vulnerability in Android which has been a lot in the news, and while Google have issued a Patch for it, it doesn’t mean the users will have the fix before the OEMs send it out to them. Reports regarding Styx-Crypt and the previous attacks on South Korea. A serious flaw was also found in Cryptocat that meant it was extremely easy to eavesdrop on conversations for seven months.
Microsoft and Adobe did their regular Patch Tuesday for July, which covers a few critical vulnerabilities that you should apply!

Top 5 Business Intelligence links
DEF CON To Feds: We Need Some Time Apart
Ponemon Survey: 59% Of IT Profs Say Security Metrics Are Too Complicated For Management
Practical IT: How to plan against threats to your business
Oops. Japanese Government Shares Internal E-Mails on Google
McAfee: Malware hunts for South Korean military secrets

Top 5 Miscellaneous Security links
Serious flaw found in Cryptocat chat app
Who’s Behind The Styx-Crypt Exploit Pack?
Uncovering Android Master Key that makes 99% of devices vulnerable
This Is Not a Test: Emergency Broadcast Systems Proved Hackable
Thousands of websites defaced after Belgium and Netherland domain registrars hacked

Basefarm SIRT Posts
Patch Tuesday July 2013

Google Chrome 25.0.1364.87

February 22, 2013/1 Comment/in Security blog /by Basefarm

Google has released an update to their browser, and all users are suggested to update as soon as possible to avoid exploitation.

More information: http://googlechromereleases.blogspot.se/search/label/Stable%20updates