BF-SIRT Newsletter 2013-35

The end of the weeks means a new newsletter to recap what has happened during the week! One of the most notable compromises were the takeover of which came to be from a simple phishing email, while for the Asian market, the DDoS of .cn caused major disruptions. The Syrian Electronic Army stays in the news as well, and Brian Krebs have written a summary of whom he belives are behind the ground which is a well interesting read. Those with Mac OS X should also have a read at the hardening guidelines that the NSA has written up.

Top 5 Security links
Hand of Thief – The Linux Trojan that steals your banking credentials
How the hack came to be
Who built the Syrian Electronic Army?
.cn back after large DDoS attack
Researcher reverse engineer the Dropbox client

Top 5 Business Intelligence links
Mac OS X Hardening Tips from NSA
Android security holes worry FBI, DHS
Stern new data breach reporting requirement takes hold in EU
Facebook produces its first report on government request for Data
Codename ‘Apalachee’: How America Spies on Europe and the UN

BF-SIRT Newsletter 2013-34

One of this week’s biggest events has been that Bradley Manning was sentenced to 35 years in prison. Those interested in hearing how one can turn into a security industry analyst should listen to the interview with Rich Mogull. The end of Windows XP is also drawing nearer (April 8th, 2014) which means there won’t be any patches coming out after that date, meaning also no security patches, so those who still haven’t updated should definitely look into doing so as soon as possible!

Top 5 Security links
How Not to DDoS Your Former Employer
Facebook stands by bug disclosure policy following Zuckerberg hack
Scanning the Internet in 45 minutes
Cracking crypto just got a little easier
ZeroAccess: Millions of Computers In US Infected And It Updates With P2P

Top 5 Business Intelligence links
Bradley Manning sentenced to 35 years in prison
Your perilous future on Windows XP
Google, Mozilla Considering limiting certificate validity to 60 months
FDA issues recommendations on the security of Wireless Medical Devices
How I Got Here: Rich Mogull

BF-SIRT Newsletter 2013-33

We’re back! Due to the summer holidays we will give the top links from the last three weeks instead of just last week.
During this time, Defcon and Black Hat has happened, and there’s been a few updates from Microsoft during Patch Tuesday August 2013 and a Joomla! critical exploit that we suggest you update as soon as possible.

Top 5 Business Intelligence links
2013 Browser Security Comparative Analysis: Privacy
Black Hat 2013: What have we learned
New NSA tool exposed: XKeyscore sees ‘nearly EVERYTHING you do online’
Browlock Ransomware Targets New Countries
BGP spoofing – why nothing on the internet is actually secure

Top 5 Miscellaneous Security links
BREACH decodes HTTPS encrypted data in 30 seconds
Michele Catalano Home visit after googling backpacks and pressure cookers
Texas students hijack superyacht with GPS-spoofing luggage
Apple Developer site hack
Washington post site hacked after successful phishing campaign

Patch Tuesday August 2013
Joomla! critical exploit

BF-SIRT Newsletter 29

The BF-SIRT Newsletter will take summer holiday for two weeks now, but will return again in full force on the 9th of August 2013! Until then, you have some very interesting links below ranging from what a Minute looks like within the Akamai Network to how PRISM can affect businesses.

Oracle did their monthly Patch Advisory for July, which covers a few critical vulnerabilities that you should apply.
Enjoy your Summer!

Top 5 Business Intelligence links
What happens in the Akamai Network during 60 Seconds?
Former CIA and NSA head says Huawei spies for China
PRISM And Your Business (Or: Dependence Is Risky)
California AG Breach Study Highlights Importance of Encrypting Data
Hackers target NASDAQ Community for passwords and account data

Top 5 Miscellaneous Security links
Nations Buying as Hackers Sell Flaws in Computer Code
College Student Gets Year in Prison For Wire Fraud In Tampering With Student Election
Bruce Schneier and Mikko Hypponen on the NSA, PRISM and why we should be worried
Symantec: Google Glass still vulnerable to Wi-Fi attack
Snowden’s Contingency: “Dead Man’s Switch” Borrows From Cold War, WikiLeaks

Oracle Patch Advisory July 2013

Basefarm SIRT Newsletter 28

Bluebox Labs found a vulnerability in Android which has been a lot in the news, and while Google have issued a Patch for it, it doesn’t mean the users will have the fix before the OEMs send it out to them. Reports regarding Styx-Crypt and the previous attacks on South Korea. A serious flaw was also found in Cryptocat that meant it was extremely easy to eavesdrop on conversations for seven months.
Microsoft and Adobe did their regular Patch Tuesday for July, which covers a few critical vulnerabilities that you should apply!

Top 5 Business Intelligence links
DEF CON To Feds: We Need Some Time Apart
Ponemon Survey: 59% Of IT Profs Say Security Metrics Are Too Complicated For Management
Practical IT: How to plan against threats to your business
Oops. Japanese Government Shares Internal E-Mails on Google
McAfee: Malware hunts for South Korean military secrets

Top 5 Miscellaneous Security links
Serious flaw found in Cryptocat chat app
Who’s Behind The Styx-Crypt Exploit Pack?
Uncovering Android Master Key that makes 99% of devices vulnerable
This Is Not a Test: Emergency Broadcast Systems Proved Hackable
Thousands of websites defaced after Belgium and Netherland domain registrars hacked

Basefarm SIRT Posts
Patch Tuesday July 2013

Basefarm SIRT Newsletter 27

This week there’s been quite a lot of coverage about the US government, with PRISM and Stuxnet related stories. Attacks on government sites are also going up, and the governments are having issues with encryption techniques when it comes to monitoring people. Apple have also released a security update that we suggest you apply as soon as possible!

Top 5 Business Intelligence links
DHS notes rise in brute-force attacks against natural gas companies
South Korea govt site hacking sees massive data breach
DNI Clapper says statement to congress about NSA data collection was “erroneous”
U.S. Cyber Challenge and Virginia Tech Hosted Successful Cyber Security Competition
California to focus on unencrypted data in breach investigations

Top 5 Miscellaneous Security links
Pair of PC viruses help each other survive
Vulnerabilities found in code library used by encrypted phone call apps
9 Years After Shadowcrew, Feds Get Their Hands on Fugitive Cybercrook
Encryption Has Foiled Wiretaps for First Time Ever, Feds Say
Retired 4-star general probed over Stuxnet details leak – report

Basefarm SIRT Posts
Apple Security Update 2013-003

Basefarm SIRT Newsletter 26

Basefarm is now officially a full member of the global security organization FIRST, an umbrella organization that brings together trusted computer incident security teams from around the world!

FIRST (the Forum of Incident Response and Security Teams) aims to facilitate collaborative incident management to quickly tackle and prevent incidents and facilitate the exchange of information between FIRST members. The organization has now accepted Basefarm as a full member; this means that Basefarm has met FIRST’s stringent security standards – which are high due to the level of trust demanded by the other FIRST members in order to share security-related information. Basefarm now joins the ranks of organizations such as Apple, AT&T, Ernst & Young, IBM, INTERPOL, Juniper, NASA, Paypal, Symantec, Visa and VeriSign.
You can read more about this here.

In other news, a flaw in Facebook has been fixed that allowed for account to be easily compromised. The after effects of PRISM can also be noted largely in the news coming out. There’s also been a security update for WordPress, and it’s suggested to update as soon as possible.

Top 5 Business Intelligence links
The State of Security
What Can Big Brother Teach Us About IT Security?
Patching The Ethical Bypass Flaw
South Korea and US government hacks blamed on DarkSeoul group
Data breaches: Telcos and ISPs have 24 hours to come clean, says EU

Top 5 Miscellaneous Security links
Download me—Saying “yes” to the Web’s most dangerous search terms
Carberp Source Code Leaked
Opera network cracked
How to hack any Facebook account in under a minute, by sending just one SMS
Chinese Hackers group ‘Comment Crew’ is still active and operating under cover

Basefarm SIRT Posts
Basefarm joins FIRST
WordPress 3.5.2 is released/

Basefarm SIRT Newsletter 25

This week, the newsletter comes out a day in advance due to tomorrow being Midsummer celebrations in Sweden! Microsoft has joined Google, Mozilla, and the rest by finally offering a bug bounty where it will pay up to $150000 per vulnerability. Attackers are also, as usual, taking advantage of the latest buzz (in this case PRISM) and are sending out fake phising mails. As to our own blog posts, we go through HP iLO, Java JRE/JDK and Puppet vulnerabilities that should be patched as soon as possible!

Top 5 Business Intelligence links
The Web Cookie Is Dying. Here’s The Creepier Technology That Comes Next
Microsoft announces standing bug bounty program
“Nej till Google!” – Sweden tells a local council that Google’s cloud is a no-go area
Why Are We So Slow To Detect Data Breaches?
EU’s Cybersecurity Strategy gets harsh criticism from data protection advocate

Top 5 Miscellaneous Security links
Double Cashing With Mobile Banking
Chinese hackers launch PRISM scare campaign
LinkedIn DNS hijacked, site offline
Carberp toolkit now available for just $5k
Rich Mogull on Apple Security Strategy

Basefarm SIRT Posts
Oracle Patches JDK/JRE
HP iLO3 and iLO4 affected by unauthorized access vulnerability
Puppet Unauthenticated Remote Code Execution Vulnerability

Basefarm SIRT Newsletter 24

The big story this week, and I don’t think there’s anyone who could have missed it, is how Snowden revealed the NSAs PRISM Spy Program. We touched this subject briefly in another newsletter post (2013 week 20 newsletter ) when it was noticed that Skype logs traffic and how it shouldn’t be a surprise. In either case, this will surely bring on some interesting discussions about online “privacy”. Gartner has also released some information about security, revealing the top 10 security myths and how the security market is expected to grow by 8.7 percent this year. Those finding their security tokens an annoyance will also want to check out Motorolas latest invention which is a token inside a pill that emits signals to your computer or tablet after you’ve swallowed it. It’s also that time of the month again, Patch Tuesday, which means updates to Microsoft and Adobe products, so make sure you have a look at the post below.

Top 5 Business Intelligence links
Gartner reveals Top 10 IT Security Myths
Gartner: Worldwide Security Market To Grow 8.7 Percent In 2013
Google warns of spike in political Iranian phishing attacks
Banks “ignore early warnings” of cyber attacks, says Australian security chief
EU to vote on harsher penalties for hackers

Top 5 Miscellaneous Security links
NSA Whistleblower: The Ultimate Insider Attack
Forgot your password? Just take a pill
Eight members of international cybercrime ring charged
Man charged with running credit data ring containing 1.1M cardholders
Operation Hangover: more links to the Oslo Freedom Forum incident

Basefarm SIRT Posts
Patch Tuesday June 2013

Basefarm SIRT Newsletter 23

This week goes through the after affects of the Liberty Reserve shut down has had on the underground scene. We also check out how attacks are usually worse than they can initially seem, as well as news of Google being ordered to hand over information to the FBI without a warrant. Those running OS X are recommended to check out our post about the latest update as it concerns quite a few critical issues.

Top 5 Business Intelligence links
Underweb Payments, Post-Liberty Reserve
The Changing Landscape of DDos
Most small businesses can’t restore all data after a cyber attack
Chinese ‘NetTraveler’ hackers stole data from 350 organisations, says Kaspersky Lab
FDIC: 2011 FIS Breach Worse Than Reported

Top 5 Miscellaneous Security links
FBI and Microsoft in massive takedown of “Citadel” crimeware
No Java Patch For You: 93 Percent Of Users Run Older Versions Of The App
Verizon Breaks Silence on Top-Secret Surveillance of Its Customers
Google ordered to hand over sensitive users details to FBI without a warrant
Smart TVs riddled with DUMB security holes

Basefarm SIRT Posts
OS X Mountain Lion v10.8.4 Security update