BF-SIRT Newsletter 2017-49

This weeks top stories is that Microsoft Issues Emergency Windows Security Update For A Critical Vulnerability that could lead to remote code execution in Microsoft’s own Malware Protection Engine. CVE-2017-11937 uses a memory corruption bug that lets a specially crafted file … Continue reading

Posted in IT security, SIRT | Tagged , | Comments Off on BF-SIRT Newsletter 2017-49

BF-SIRT Newsletter 2017-48

This weeks top stories is that half of the Internet’s email servers was vulnerable to a remote code execution, half the planets inhabitants seemingly wondered how blank password could give privilege escalation in the latest version of macOS. Financially focused … Continue reading

Posted in IT security, SIRT | Tagged , | Comments Off on BF-SIRT Newsletter 2017-48

BF-SIRT Newsletter 2017-47

This weeks top stories is that Intel fixes critical bugs in Management Engine, its secret CPU-On-Chip, and that F5 announces a critical BIG-IP SSL vulnerability. You should also read about the new OWASP Top 10 that has been released, and … Continue reading

Posted in Basefarm SIRT, IT security | Tagged , | Comments Off on BF-SIRT Newsletter 2017-47

BF-SIRT Newsletter 2017-46

This weeks top stories is that research by Google and the University of California found that phishing attacks are more efficient than data breaches at getting criminals into victim’s account and that the average person still has can’t pick a … Continue reading

Posted in Basefarm SIRT, IT security | Tagged , | Comments Off on BF-SIRT Newsletter 2017-46

BF-SIRT Newsletter 2017-45

This weeks top stories is that the recent Intel Chips running Minix for their Management Engine have debugging ports that can be reached over USB, USB is also a theme in Linux Kernel patching these days with more than 40 … Continue reading

Posted in Basefarm SIRT, IT security | Tagged , | Comments Off on BF-SIRT Newsletter 2017-45

BF-SIRT Newsletter 2017-44

This weeks top stories is that the Reaper IoT Botnet is not fully mobilized according to report, and that Heathrow Airport Security Plans was found on memory stick on a street in London. European Union member states have drafted a … Continue reading

Posted in IT security, SIRT | Tagged , | Comments Off on BF-SIRT Newsletter 2017-44

We wrote tests for our third-party security libraries, and you won’t believe what happened next! (CVE-2017-8028)

On the importance of thorough testing Much of modern software development revolves around the concept of “quality”. As with all abstract concepts, “quality” is somewhat difficult to pin down, but for this article we can define it as “how well … Continue reading

Posted in Basefarm SIRT, IT security | Tagged , | Comments Off on We wrote tests for our third-party security libraries, and you won’t believe what happened next! (CVE-2017-8028)

BF-SIRT Newsletter 2017-43

This weeks top stories is that Bad Rabbit, a new Petya-like ransomware is spreading, and Reaper, a new Mirai-like Iot botnet, has been detected and is many times larger. A recent report concludes that cybercriminals focus on the shipping and … Continue reading

Posted in Basefarm SIRT, IT security | Tagged , | Comments Off on BF-SIRT Newsletter 2017-43

BF-SIRT Newsletter 2017-42

This weeks top stories is that a serious flaw in the WPA2 protocol lets attackers intercept network traffic (KRACK), and a factorization flaw in TPM chips makes attacks on RSA private keys feasible (ROCA). You can also read about how … Continue reading

Posted in Basefarm SIRT, IT security | Tagged , | Comments Off on BF-SIRT Newsletter 2017-42

BF-SIRT Newsletter 2017-41

This weeks top stories is that Kaspersky reportedly modified its AV to help Russia Government spy, and in the latest string of AWS S3 bucket embarrassments Accenture left four servers of sensitive data completely unprotected. You can also read about … Continue reading

Posted in Basefarm SIRT, IT security | Tagged , | Comments Off on BF-SIRT Newsletter 2017-41