newsletter – Basefarm Blog

NSA publishes advisory on 25 vulnerabilities used by Chinese state sponsored hackers

October 23, 2020/in Basefarm SIRT, Security blog, SIRT /by Raymond Aarseth

The National security Agency in the United States recently released an advisory warning of the threat of Chinese state sponsored attacks and detailed 25 vulnerabilities used. The advisory gives detailed information about the vulnerabilities, what it affects and how to remediate them. Most of them are remotely exploited and can be used to gain initial access to a system before using other vulnerabilities to go further in to the network. Most of these vulnerabilities already have patches ready to be installed so as always we really want to emphasize keeping systems up to date with the latest patches and software.

Top 5 Security News

Photo by John-Mark Smith from Pexels

Check your Exchange for ongoing leaks

August 27, 2020/in Basefarm SIRT, Security blog, SIRT /by Hans-Petter Fjeld

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT)

Currently the biggest exposure to threats in the cyber domain is presented via mail. Phishing attacks tricks out the credentials for legitimate users and then gain access to the mail account, and some actors will sit with this access to months looking for ways to benefit from this access. As a way of establishing persistence an attacker will often create rules in the mail-system to have mail forwarded to an external account the attacker controls. This way, even if you change passwords, the attacker still receives copies of the mail.

These forwarding rules can serve as valuable indicators. And even if absence of evidence is not evidence of absence, it is worth to look for these rules with regular intervals. This is nothing new, but a reminder seemed in place given the current threat landscape. Here is an older blogpost from Compass-Security explaining the issue.

There is also a project on Github to help faciliate testing and low-volume activity data acquisition from the Office 365 Management Activity API that might be interesting in this regard.

Top 5 Security News

Photography of person peeking through blinds

Photo by Noelle Otto from Pexels

Unique insights and large ransomware attacks

July 28, 2020/in Basefarm SIRT, Security blog, SIRT, Uncategorized /by Hans-Petter Fjeld

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT)

This week we get a unique insight into a threat actors inner working as IBM’s X-Force IRIS security team uncover a 40GB cache of data belonging to a threat actor called “ITG18” (overlaps with another outfit alternatively known as Charming Kitten and Phosphorus) believed to be sponsored by Iran. Included in the extracted data is several hours of video “showing operators searching through and exfiltrating data from multiple compromised accounts”.
Read more …

Top 5 Security News

"Soldier Holding Rifle" at Pixabay

Aerospace and military companies in the crosshairs

June 19, 2020/in Basefarm SIRT, Security blog, SIRT /by Hans-Petter Fjeld

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT)

ESET researchers are warning about targeted phishing attacks agains high-profile aerospace and military companies in Europe. The attacker will approach individual personnel about possible job vacancies, some file-sharing then commences with the pretense of informing about this vacancy, this is in reality malware giving the attacker foothold on the victims machine.

Be vigilant about files you get from strangers, and people who makes contact on social media and LinkedIn.

Top 5 Security News

Thunderbolt interface makes millions of PC’s in danger

May 15, 2020/in Basefarm SIRT /by Iryna Yuzhyna

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT)

It wasn’t really a news that Thunderbolt technology (USB-C) was vulnerable from years before, but now we got a demo from researcher which shows how Thunderbolt flaw allows access to a PC’s data in minutes.

Zero click bugs in Apple operating systems

April 30, 2020/in Basefarm SIRT, Security blog, SIRT /by Raymond Aarseth

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

According to Google’s project zero there are vulnerabilities in Apples operating systems media managements. The vulnerabilities could let an attacker gain access by sending a specially crafted image or video to a target and no interaction would be needed from the user to be exploited.
The vulnerabilities was found using fuzzing techniques on previously found bugs, and the vulnerabilities they found have now been fixed.

Covid-19 forces changes

March 20, 2020/in Security blog /by Hans-Petter Fjeld

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Helpdesksecurity writes “A time of chaos is a time for opportunity for unscrupulous individuals and groups, and COVID-19 is seemingly an unmissable boon for cyber crooks.

We’ve already covered a variety of COVID-19-themed scams, phishing attempts, hoaxes and malware delivery campaigns, but new and inventive approaches are popping up daily.”

Top 5 Security links

Man wearing black fedora hat and black suit jacket.

Photo by Sergiu Nista on Unsplash

Nation state actors plays the long game

March 6, 2020/in Security blog /by Hans-Petter Fjeld

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

“Qihoo 360, one of the most prominent cybersecurity firms, today published a new report accusing the U.S. Central Intelligence Agency (CIA) to be behind an 11-year-long hacking campaign against several Chinese industries and government agencies.”

“According to Qihoo 360, the hacking tools developed by the CIA, such as Fluxwire and Grasshopper, were used by the APT-C-39 group against Chinese targets years before the Vault 7 leak.”

Cloud security is voodoo?

January 31, 2020/in Basefarm SIRT, SIRT /by Hans-Petter Fjeld

“Researchers detail the process of finding two flaws in the Azure Stack architecture and Azure App Service, both of which have been patched.”

“Check Point Research analysts who discovered two vulnerabilities in the Microsoft Azure cloud infrastructure have published the details of how these flaws were found and how attackers could potentially use them.”

Threat Hunting or Efficiency: Pick Your EDR Path?

November 29, 2019/in Basefarm SIRT, Security blog, SIRT /by Security Incident Response Team

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Cybersecurity teams face a lot of conflicting objectives—both within their teams and from upper management. But a May 2019 commissioned study conducted by Forrester Consulting on behalf of McAfee really puts a fine point on it: When decision makers were asked which endpoint security goals and initiatives they’re prioritizing for the coming year, the top two responses were “improve security detection capabilities” (87%) and “increase efficiency in the SOC” (76%).

Posts