Basefarm SIRT Newsletter 22

This week we had the U.S. Government seize the online currency site Liberty Reserve due to being a “financial hub of the cybercrime world”. There is also an interesting articles from arstechnica how easy it is to decrypt passwords, and how easy it is to be branded a “hacker”. When it comes to our own posts we suggest that you take a look at each of them as they contain information about DoS-vulnerabilities for those running older versions of ModSecurity, as well as going over how got hacked – resulting in ~1 million accounts being compromised.

Top 5 Business Intelligence links
U.S. Government Seizes
Confidential report lists U.S. weapons system designs compromised by Chinese cyberspies
New Computer Attacks Traced to Iran, Officials Say
China announces giant military hackathon
Profiling modern hackers: Hacktivists, criminals, and cyber spies

Top 5 Miscellaneous Security links
Anatomy of a hack: How crackers ransack passwords like “qeadzcwrsfxv1331”
Reporters use Google, find breach, get branded as “hackers”
A Peek Inside the Russian Underground Market for Fake Documents/IDs/Passports
PayPal refuses to pay bug-finding teen
Hammond pleads guilty to Stratfor hack: ‘It’s a relief’

Basefarm SIRT Posts
ModSecurity 2.7.4 released – fixes critical DoS vulnerability
Ruby on Rails Exploit publicly used in the wild compromised – 967,659 users and (hashed) passwords stolen

Basefarm SIRT Newsletter 21

News links for this week goes through a bit of a mix, containing articles such as a three part interview with a Blackhat hacker which is interesting to read through. Another interesting article, which although is a very old subject, is TheRegister talking about how having WiFi turned on your phone could be a bad idea. To get an idea how easy it is to set this up you can browse over to HakShop who have been selling a box since 2008 which is taking advantage of this.

Top 5 Business Intelligence links
Aha, I see you switched on your mobile Wi-Fi. YOU FOOL!
NC Fuel Distributor Hit by $800,000 Cyberheist
The Global Cyber Game
Operation Aurora hack was counterespionage, not China picking on Tibetan activists
Rise In Sophisticated, Targeted Cyber Attacks Heightens Demand for Intrusion Prevention Systems Globally

Top 5 Miscellaneous Security links
Interview With A Blackhat
NYPD detective charged with hiring email hackers to break into colleagues’ personal accounts
Google Strengening Keys on SSL Certificates to 2048 Bits
Anonymous threat shutters Gitmo WiFi
Chinese hackers who breached Google in 2010 gained access to thousands of surveillance orders

Basefarm SIRT Newsletter 20

One of the most talked about stories this week is the fact that a company found out that Skype is actually monitoring and checking links posted. This should, in my opinion, not come as a surprise to anyone working in the IT industry. If anything, I personally assume that everything I write online is logged in one way or another.
Also, something to keep in mind is that sometimes all it takes is one employee falling for a phishing attempt as was the case when The Onion was compromised. This serves as a good reminder on the importance of mitigating such attacks through informing employees of risks and running systems which can help mitigate these kind of attacks.

Top 5 Business Intelligence links
Passwords “are starting to fail us”, says PayPal security chief
The US government might be the biggest hacker in the world
Is Microsoft reading your Skype communications?
View from inside Verizon’s security SWAT team
Five Things Every Organization Should Know about Detecting And Responding To Targeted Cyberattacks

Top 5 Miscellaneous Security links
Weakness in Adobe ColdFusion allowed court hackers access to 160K SSNs
Pushdo Botnet Morphs To Elude Hunters
Ragebooter: ‘Legit’ DDoS Service, or Fed Backdoor?
British LulzSec hackers hear jail doors slam shut for years
The Onion hack brings tears to my eyes

Basefarm SIRT Posts

Basefarm SIRT Newsletter 19

This week have had some critical vulnerabilities released, and those running ColdFusion, NginX and Internet explorer are also highly advised to look at the Basefarm SIRT posts below, as there are some critical vulnerabilities that needs addressing.
A very large and coordinated attack on ATMs allowed the attackers to withdraw $45 Million before getting caught, and an interesting part of this is that it wasn’t due to the Bank’s security system going off that they were caught – but rather as one of the members of the heist was murdured.
You can also find a very interesting story about how the Redkit (which has been in the news quite a lot lately) operates, and for those who are interested in reading more can also find the second part of it on nakedsecurity.
Prolexic have released “PLXPatrol”, a public portal showing the DDoS attacks they are tracking, at

Top 5 Business Intelligence links
Pentagon Warns North Korea Could Become a Hacker Haven
Prolexic Tracks More Than 47 Million DDoS Attack Bots Worldwide
U.S. Blames China’s Military Directly for Cyberattacks
Consumer Reports: 58 Million U.S. PCs Infected With Malware
Traffic from Syria disappeared from Internet

Top 5 Miscellaneous Security links
Eight indicated in $45 Million ATM Heists
Alaska phishing pupils take over classroom computers
Subway multimillion-dollar hack ringleader pleads guilty
A closer look at the malicious Redkit exploit kit Part 1
Three-Year Hunt Nabs Hacker Who Popularized Cybercrime

Basefarm SIRT Posts
Critical ColdFusion vulnerability
Highly Critical Internet Explorer 8.0 vulnerability
Major Stack-based buffer overflow affecting some Nginx versions

Basefarm SIRT Newsletter 17

This week, Verizon released their Data Breach Investigations Report for 2013. Some interesting facts are that 92% of breaches were done by outsiders and that 76% of breaches were caused by intrusion due to weak or stolen credentials. A survey has also put light to 80% of small UK firms were victims of hacks last year, and DDoS gained popularity. The twitter account owned by the Associated Press caused a major drop in the US stock market when it announced that the White House had been bombed and that Obama had been hurt – all of which was untrue and was posted due to their Twitter account got compromised which shows the effect on society that a breached twitter account could have.

Top 5 Business Intelligence links
The Verizon Data Breach Investigations Report for 2013 – a must read!
8 in 10 small UK firms hacked last year – at £65k a pop
35% of businesses experienced a DDoS attack in 2012
2013 First Quarter Zero-Day Vulnerabilities
Escalation of Cyberattacks from North Korea

Top 5 Miscellaneous Security links
Caught in the System, Ex-Hacker Is Stalked by His Past
‘Aurora’ Cyber Attackers Were Really Running Counter-Intelligence
Hosting company Hostgator hacked, suspect arrested after being “rooted with his own rootkit”
Malware C&C Servers Found in 184 Countries
Collateral Damage Control of a Hacked Account

High Risk WordPress Super Cache and W3 Total Cache vulnerability

Basefarm SIRT Newsletter 16

Top headlines from this week include information regarding the wordpress attack that happened this week, along with tips on how to protect yourself against spear phishing attacks. There’s also some reminiscence about hacks in the past.

Top 5 links
Under the microscope: The bug that caught PayPal with its pants down
How hacking fixed the worst video game of all time
The WordPress Brute Force Attack Timeline
From US-CERT: Tips To Avoid Becoming A Victim Of Spear Phishing
Large scale malicious spam campaign exploiting Boston bombing

Apple OS X – Java 2013-003 1.0 and Safari 6.0.4
Oracle Patch Update April 2013
WordPress sites targeted by brute-force botnet attack

Basefarm SIRT newsletter Week 15

Top headlines from this week include how hackers have infiltrated the network of more than 35 MMORPG developers, cyber attack statistics for March (DDoS being the top attack) and how Google has managed to detect 99 percent of malicious executables downloaded by users – which outperforms antivirus services.

Top 5 links
Gaming Company Certificates Stolen and Used to Attack Activists, Others
Meet the hackers who sell spies the tools to crack your pc and get paid six figure fees
March 2013 Cyber Attacks Statistics
Phoenix Exploit Kit Author Arrested In Russia?
Google Uses Reputation To Detect Malicious Downloads

Security updates available for Adobe Flash Player, ColdFusion and Shockwave Player
Microsoft Patch Tuesday April 2013

Basefarm SIRT newsletter Week 14

Top headlines from this week include information from Brian Krebs regarding who possibly wrote the Flashback OS X worm that infected a lot of Mac users last year. Bitcoin has also seen a surge in the economy, and with that came attacks on bitcoin exchange Mt. Gox as well as a hack of the Bitcoin wallet site Instawallet. We’ve also seen Scribd get hacked, causing user accounts and encrypted passwords to be stolen, along with a new malware that targets Apache that have hijacked 20000+ sites.

Top 5 links
Who Wrote the Flashback OS X Worm?
Bitcoin wallet site Instawallet Hacked, suspended indefinitely
Mt. Gox: Bitcoin Exchange Under DDoS Attack
World’s largest Digital documents library ‘Scribd’ Hacked
Ongoing malware attack targeting Apache hijacks 20,000 sites

Critical BIND vulnerability – Millions of DNS servers around the world affected
Cisco IOS Multiple DoS Vulnerabilities
Mozilla releases security updates to multiple applications
Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13

Basefarm SIRT newsletter Week 13

As you can see, this newsletter does not look like the ones before!
From now on, we will post the top 5 links that catch our interest each Friday (or earlier in the week, in case of holidays). Then, on the last week of the month, we will present a more extensive where we go through the major events of the month and present some security tips (much like the previous newsletters).

PS: Those of you who are heading out on the road during the easter holiday can have a look at this blog post for some tips regarding mobile security:

Top 5 links
Web slows under 300Gbit attack

How I became a password cracker

The Four types of Spam Attacks

DDoS: A Brief History

Spear Phishing Cause of South Korean Cyber Attack

Basefarm SIRT Newsletter 2013-03-22

Year – Week: 2013 – 12

Weekly summary
Multiple South Korean banks and broadcasters were hit by a group of unknown hackers going by the name of “Whois Team”, and there are of course rumors going around that they’re originating from North Korea.
In response to the remark made by Google last week Microsoft, too, Says FBI secretly is surveilling their customers.
Krebs followed up on the story he released last week when cyber criminals had targeted him, disclosing how he tracked the attackers and even did an interview with them. NATO also released their Cyber War Manual, detailing rule sets that should be followed in future Cyber Wars. A video has also been floating around, showing a perpetrator in Russia who manages to install and run 3rd party software on an ATM (the choice of software in this case was Angry Birds).

More information:,hacked-atm-plays-angry-birds.aspx

Important Software Security updates
Ruby on Rails

Security tips
Google has released a site with information on what to do if your site has been hacked. It goes through steps to follow in case your site has been hacked and touch base on things such as contacting your hosting company (beginner) to quarantine your site (intermediate) and identifying the vulnerability (advanced).

More information:

Security news
AT&T hacker “Weev” sentenced to 41 months in prison, after obtaining the email addresses of 100,000+ iPad users

TeamSpy snooped on governments, big biz undetected for 10 years

Chameleon botnet grabbed $6m A MONTH from online ad-slingers

California duo charged with selling ready-to-hack Point-of-Sale systems to Subway branches

Researcher sets up illegal 420,000 node botnet for IPv4 internet map