Basefarm Blog – Page 3 – Security, Cloud and Big Data

Microsoft Windows Multiple Security Updates Affecting TCP/IP | CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086

February 10, 2021/in Vulnerability bulletin /by Basefarm

Published: 2021-02-09MITRE CVE-2021-24074MITRE CVE-2021-24094MITRE CVE-2021-24086 “Microsoft released a set of fixes affecting Windows TCP/IP implementation that include two Critical Remote Code Execution (RCE) vulnerabilities (CVE-2021-24074, CVE-2021-24094) and an Important Denial of Service (DoS) vulnerability (CVE-2021-24086). The two RCE vulnerabilities are complex which make it difficult to create functional exploits, so they are not likely in the […]

Mikael Karlsson

Don’t get caught in the cold with ransomware

February 8, 2021/in Security blog /by Basefarm

Ransoms is sadly the trend these days. We want to share a cheap and effective way to enable prevention that most probably fail to consider. Using the ransomware simulator from KnowBe4, RanSim, we could see that our endpoints did no prevention previously. An easy way to minimize the attack surface for ransomware is to use […]

Image by Hermann Schmider from Pixabay

CVE-2021-3156 | Heap-Based Buffer Overflow in Sudo

January 27, 2021/in Vulnerability bulletin /by Basefarm

Published: 2021-01-26MITRE CVE-2021-3156 “The Qualys Research Team has discovered a heap overflow vulnerability in sudo, a near-ubiquitous utility available on major Unix-like operating systems. Successful exploitation of this vulnerability allows any unprivileged user to gain root privileges on the vulnerable host.” This is especially bad for multi-user environments where some users have login access, but […]

Image by Ervin Gjata from Pixabay

SolarWinds Supply Chain Attack to Compromise Victims With SUNBURST Backdoor

December 16, 2020/in Security blog /by Basefarm

There is an ongoing news-story concerning SolarWinds and a supply chain attack used by an advanced threat actor to compromise victims with a rather advanced backdoor. Basefarm does not use this affected product, but are aware of at least one of our customer who do. We are working with the customer in question to mitigate […]

Image by adege from Pixabay

CVE-2020-17095 | Windows Hyper-V Remote Code Execution Vulnerability

December 11, 2020/in Vulnerability bulletin /by Basefarm

Published: 2020-12-08MITRE CVE-2020-17095 “A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit this vulnerability, an attacker could run a specially crafted application on a Hyper-V guest that could cause the Hyper-V host operating system to […]

NSA publishes advisory on 25 vulnerabilities used by Chinese state sponsored hackers

October 23, 2020/in Basefarm SIRT, Security blog, SIRT /by Basefarm

The National security Agency in the United States recently released an advisory warning of the threat of Chinese state sponsored attacks and detailed 25 vulnerabilities used. The advisory gives detailed information about the vulnerabilities, what it affects and how to remediate them. Most of them are remotely exploited and can be used to gain initial […]

Photo by Caleb George on Unsplash

CVE-2020-16891 | Windows Hyper-V Remote Code Execution Vulnerability

October 14, 2020/in Vulnerability bulletin /by Basefarm

Published: 2020-10-13MITRE CVE-2020-16891 “A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system.” This is especially bad for “hotel” environment with multiple different tenants that should not be able to influence each other, but it is also bad […]

Photo by Ricardo Esquivel from Pexels

CVE-2020-16898 | Windows TCP/IP Remote Code Execution Vulnerability

October 14, 2020/in Vulnerability bulletin /by Basefarm

Published: 2020-10-13MITRE CVE-2020-16898 “A remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets.” This vulnerability affects Windows 10, Server 2019 and Server Core versions (see full Security Advisory for proper details). It can be mitigated by disabling a network feature or blocking ICMPv6 Router Advertisement packets. Basefarm and […]

Image by Karl Egger from Pixabay

CVE-2020-3992 | ESXi OpenSLP remote code execution vulnerability

October 11, 2020/in Vulnerability bulletin /by Basefarm

Published: 2020-10-20MITRE CVE-2020-3992 “A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution.” The workaround is to stop and disable the SLP service. CVSS Base Score is 9.8 Basefarm and VMware […]

“Known assailant” back with a vengeance

September 4, 2020/in Basefarm SIRT, Security blog /by Basefarm

In this post there is specific focus on an infamous threat that resurfaced during the summer. Following several news articles in Nordic media of phishing attacks towards public services in late august and, in addition, sources that indicate that the Emotet trojan resurfaced in mid-july, several sources online are now indicating a massive campaigning not […]