newsletter – Basefarm Blog

Thunderbolt interface makes millions of PC’s in danger

May 15, 2020/in Basefarm SIRT /by Iryna Yuzhyna

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT)

It wasn’t really a news that Thunderbolt technology (USB-C) was vulnerable from years before, but now we got a demo from researcher which shows how Thunderbolt flaw allows access to a PC’s data in minutes.

Zero click bugs in Apple operating systems

April 30, 2020/in Basefarm SIRT, Security blog, SIRT /by Raymond Aarseth

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

According to Google’s project zero there are vulnerabilities in Apples operating systems media managements. The vulnerabilities could let an attacker gain access by sending a specially crafted image or video to a target and no interaction would be needed from the user to be exploited.
The vulnerabilities was found using fuzzing techniques on previously found bugs, and the vulnerabilities they found have now been fixed.

Covid-19 forces changes

March 20, 2020/in Security blog /by Hans-Petter Fjeld

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Helpdesksecurity writes “A time of chaos is a time for opportunity for unscrupulous individuals and groups, and COVID-19 is seemingly an unmissable boon for cyber crooks.

We’ve already covered a variety of COVID-19-themed scams, phishing attempts, hoaxes and malware delivery campaigns, but new and inventive approaches are popping up daily.”

Top 5 Security links

Man wearing black fedora hat and black suit jacket.

Photo by Sergiu Nista on Unsplash

Nation state actors plays the long game

March 6, 2020/in Security blog /by Hans-Petter Fjeld

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

“Qihoo 360, one of the most prominent cybersecurity firms, today published a new report accusing the U.S. Central Intelligence Agency (CIA) to be behind an 11-year-long hacking campaign against several Chinese industries and government agencies.”

“According to Qihoo 360, the hacking tools developed by the CIA, such as Fluxwire and Grasshopper, were used by the APT-C-39 group against Chinese targets years before the Vault 7 leak.”

Top 5 Security News

Hackers Scanning for Vulnerable Microsoft Exchange Servers, Patch Now!
Let’s Encrypt is Revoking Three Million Certificates on March 4
670+ Subdomains of Microsoft are Vulnerable to Takeover
Emoji to Zero-Day: Latin Homoglyphs in Domains and Subdomains
CPR evasion encyclopedia: The Check Point evasion repository

Cloud security is voodoo?

January 31, 2020/in Basefarm SIRT, SIRT /by Hans-Petter Fjeld

“Researchers detail the process of finding two flaws in the Azure Stack architecture and Azure App Service, both of which have been patched.”

“Check Point Research analysts who discovered two vulnerabilities in the Microsoft Azure cloud infrastructure have published the details of how these flaws were found and how attackers could potentially use them.”

Threat Hunting or Efficiency: Pick Your EDR Path?

November 29, 2019/in Basefarm SIRT, Security blog, SIRT /by Security Incident Response Team

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Cybersecurity teams face a lot of conflicting objectives—both within their teams and from upper management. But a May 2019 commissioned study conducted by Forrester Consulting on behalf of McAfee really puts a fine point on it: When decision makers were asked which endpoint security goals and initiatives they’re prioritizing for the coming year, the top two responses were “improve security detection capabilities” (87%) and “increase efficiency in the SOC” (76%).

Top 5 Security News

5 scams to watch out for this shopping season

Dexphot Malware Hijacked 80K+ Devices to Mine Cryptocurrency

It’s Way Too Easy to Get a .gov Domain Name

A Cause You Care About Needs Your Cybersecurity Help

Google caught a state hacker crew uploading badness to the Play Store

Do you know about all equipment connected in you operation, really?

October 18, 2019/in Basefarm SIRT, Security blog, SIRT /by Hans-Petter Fjeld

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Pen Test Partners has a great blog-post about one of their recent adventures.

This is a little bit out of the normal scenario for many, but this is regarding a finding they did on a ship. This is a good reminder to all to cover critical control number 1, inventory and control of hardware assets. It is not so easy to track this down on the spot when you got unlabeled shielded cables and deck penetration to deal with, no known paperwork or invoices related to the thing they found. They have a nice write up of what they did, what considerations they had to make.

Spoiler: In the end they figure out it is an outdated Windows machine, complete with TeamViewer installed, originating from a contract that had been expired for several years. And this machine had direct connection to the main engine of the ship.

Top 5 Security News
Sudo vulnerability discovered in Linux (CVE-2019-14287)
Cozy Bear Russian Hackers Spotted After Staying Undetected for Years
Researchers at Adaptive Mobile security release report concerning SimJacker attacks
What Your Personal Information is Worth to Cybercriminals
Help! I bought a domain and ended up with a stranger’s PayPal! And I can’t give it back

Photo by Vidar Nordli-Mathisen on Unsplash

Millions of passenger data publicly accessible in cloud storage buckets

September 20, 2019/in Basefarm SIRT, Security blog, SIRT /by Security Incident Response Team

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

The breach, which reportedly exposed data on millions of passengers, is one of many that have resulted from organizations leaving data publicly accessible in cloud storage buckets.

Top 5 Security News

Robocalls now flooding US phones with 200m calls per day

Is Your Medical Data Safe? 16 Million Medical Scans Left Out in the Open

GitHub gobbles biz used by NASA, Google, etc to search code for bugs and security holes in Mars rovers, apps…

LastPass Fixes Bug That Leaks Credentials

Huawei suspended from the Forum of Incident Response and Security Teams

DNS-over-HTTPS, a curse or a blessing?

September 13, 2019/in Basefarm SIRT, Security blog, SIRT /by Security Incident Response Team

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

“Mozilla plans to enable support for the DNS-over-HTTPS (DoH) protocol by default inside the Firefox browser for a small number of US users starting later this month.

When DoH support is enabled in Firefox, the browser will ignore DNS settings set in the operating system, and use the browser-set DoH resolver.

By moving DNS server settings from the OS to the browser level, and by encrypting the DNS traffic, DoH effectively hides DNS traffic from internet service providers (ISPs), local parental control software, antivirus software, enterprise firewalls and traffic filters, and about any other third-party that tries to intercept and sniff a user’s traffic.” according to Catalin Cimpanu for Zero Day.

This is causing some controversy and might affect current mitigating measures in place at businesses.

Top 5 Security News

Initial Metasploit Exploit Module for BlueKeep (CVE-2019-0708)

18 months after indictment, Iranian phishers are still targeting universities

Instagram Confirms Security Issue Exposed User Accounts And Phone Numbers—Exclusive

Simjacker attack exploited in the wild to track users for at least two years

State-sponsored entities targeting Airline Industry (Part 1)

RAMBleed, a new side-channel attack enables attackers to read memory not belonging to them

June 14, 2019/in Basefarm SIRT, Security blog, SIRT /by Security Incident Response Team

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

A new side-channel attack that enables an attacker to read out physical memory belonging to other processes, named RAMBleed, is published.

RAMBleed, based on a previous side channel called Rowhammer, violates arbitrary privilege boundaries. The implications of this is numerous, and vary in severity based on the other software running on the target machine. The researchers demonstrated an attack against OpenSSH in which they used RAMBleed to leak a 2048 bit RSA key, but the exploit can read other data as well.

“It is widely assumed however, that bit flips within the adversary’s own private memory have no security implications, as the attacker can already modify its private memory via regular write operations. We demonstrate that this assumption is incorrect, by employing Rowhammer as a read side channel.” reads the research paper. “More specifically, we show how an unprivileged attacker can exploit the data dependence between Rowhammer induced bit flips and the bits in nearby rows to deduce these bits, including values belonging to other processes and the kernel.”

Top 5 Security News

Malformed Certs make DoS on any Windows servers possible

GoldBrute bot-net brute forcing 1.5 million RDP servers

Arbitrary OS command execution vulnerability found in VIM and Neovim

The Return of the WIZard: RCE in Exim (CVE-2019-10149)

BSides Oslo 2019 conference videos published on YouTube