BF-SIRT Newsletter 2018-01 november 8, 2018/in Security blog /door johan_kanMeltdown and Spectre, two security flaws said to be affecting almost all CPUs released since 1995, was announced this week, and will probably haunt us for years to come.Exploit code used in the Mirai malware variant called Satori, which was used to attack hundreds of thousands of Huawei routers over the past several weeks, is now public. We might see more of this in near future botnets.A researcher released details of a local privilege escalation attack against macOS that dates back to 2002, totally ignoring any responsible disclosure process.Top 5 Security Links Meltdown and Spectre – Bugs in modern computers leak passwords and sensitive data. Mozilla Patches Critical Bug in Thunderbird Attention, vSphere VDP backup admins: There is a little remote root hole you need to patch… MacOS LPE Exploit Gives Attackers Root Access Code Used in Zero Day Huawei Router Attack Made Public https://basefarm.nl/wp-content/uploads/2018/01/Huawei.jpg 1875 2500 johan_kan /wp-content/uploads/2018/04/Basefarm-PERFECTLY-BALANCED-CLOUD-SOLUTIONS-neg-2.png johan_kan2018-11-08 08:47:222018-11-08 08:47:22BF-SIRT Newsletter 2018-01
BF-SIRT Newsletter 2018-02 november 8, 2018/in Security blog /door johan_kanMicrosoft released patches for Meltdown and Spectre, but it’s important to update ones antivirus before applying the patches.Latest WebLogic exploit caused an increase in compromised hosts being used for mining Cryptocurrencies.F-Secure finds a new Intel AMT Security Issue which gives hackers with physical access full control of laptops in 30 seconds.Top 5 Security Links Police give out infected USBs as prizes in cybersecurity quiz Wi-Fi Alliance launches WPA3 protocol with new security features Mining or Nothing! Anti-Virus updates required ahead of Microsoft’s Meltdown, Spectre patches New Intel AMT Security Issue Lets Hackers Gain Full Control of Laptops in 30 Seconds https://basefarm.nl/wp-content/uploads/2018/01/Meltdown-Patch.jpg 1406 2500 johan_kan /wp-content/uploads/2018/04/Basefarm-PERFECTLY-BALANCED-CLOUD-SOLUTIONS-neg-2.png johan_kan2018-11-08 08:47:192018-11-08 08:47:19BF-SIRT Newsletter 2018-02
BF-SIRT Newsletter 2018-03 november 8, 2018/in Security blog /door johan_kanResearchers have uncovered a government-sponsored mobile hacking group operating since 2012. OnePlus had its store compromised, leaving 40 000 credit cards compromised. Hackers have started exploiting three Microsoft Office flaws to spread Zyklon malware.Top 5 Security Links OnePlus minus 40,000 credit cards: Smartmobe store hacked to siphon payment info to crooks Transmission users beware: Flaw lets hackers control your computer Skygofree Android malware is “one of the most powerful ever seen” Hackers Exploiting Three Microsoft Office Flaws to Spread Zyklon Malware Researchers Uncover Government-Sponsored Mobile Hacking Group Operating Since 2012 https://basefarm.nl/wp-content/uploads/2018/01/hackers.jpg 1251 2000 johan_kan /wp-content/uploads/2018/04/Basefarm-PERFECTLY-BALANCED-CLOUD-SOLUTIONS-neg-2.png johan_kan2018-11-08 08:46:122018-11-08 08:46:12BF-SIRT Newsletter 2018-03
BF-SIRT Newsletter 2018-04 november 8, 2018/in Security blog /door johan_kanIt has been announced that hackers from the Dutch intelligence service AIVD have provided the FBI with crucial information about Russian interference with the American elections. This seem to be a good showcase of cyber warfare and capabilities.Maersk chair detailed the reinstall “4,000 new servers, 45,000 new PCs, and 2,500 applications” after the NotPetya attack in 2017, providing good insights into a working disaster recovery process, completing 6 months work in 10 days and only suffering 20 percent drop in volumes.Top 5 Security links Dutch agencies provide crucial intel about Russia’s interference in US-elections IT ‘heroes’ saved Maersk from NotPetya with ten-day reinstallation bliz The popular former NSA hacker Patrick Wardle published a detailed analysis of the CrossRAT malware used by Dark Caracal for surveillance. Alphabet enters enterprise cybersecurity market, launches Chronicle Critical Flaw Hits Popular Windows Apps Built With Electron JS Framework https://basefarm.nl/wp-content/uploads/2018/01/hacker-2300772.jpg 1667 2500 johan_kan /wp-content/uploads/2018/04/Basefarm-PERFECTLY-BALANCED-CLOUD-SOLUTIONS-neg-2.png johan_kan2018-11-08 08:46:102018-11-08 08:46:10BF-SIRT Newsletter 2018-04
BF-SIRT Newsletter 2018-05 november 8, 2018/in Security blog /door johan_kanWe need to prepare ourselves for that Meltdown/Specter-based Malware might be coming soon to devices near us, but are we ready? Lately researchers have discovered more than 130 malware samples trying to exploit these chip flaws. Top 5 Security links Secret military bases revealed by fitness app Strava South Korea Warns of Flash Zero-Day flaw exploited by North Korea in surgical attacks Cisco Patches Critical VPN Vulnerability Cryptocurrency Mining Malware Infected Over Half-Million PCs Using NSA Exploit Keylogger Campaign Returns, Infecting 2,000 WordPress Sites https://basefarm.nl/wp-content/uploads/2018/02/wannacry.jpeg 1786 2500 johan_kan /wp-content/uploads/2018/04/Basefarm-PERFECTLY-BALANCED-CLOUD-SOLUTIONS-neg-2.png johan_kan2018-11-08 08:46:092018-11-08 08:46:09BF-SIRT Newsletter 2018-05
BF-SIRT Newsletter 2018-06 november 8, 2018/in Security blog /door johan_kanBeginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as “not secure”.For the past several years, we’ve moved toward a more secure web by strongly advocating that sites adopt HTTPS encryption. And within the last year, we’ve also helped users understand that HTTP sites are not secure by gradually marking a larger subset of HTTP pages as “not secure”.Over 68% of Chrome traffic on both Android and Windows is now protectedOver 78% of Chrome traffic on both Chrome OS and Mac is now protected81 of the top 100 sites on the web use HTTPS by default Top 5 Security linksWordPress users do an update NOW and do it by hand Apple iboot source code leaked Covert data channel in TLS dodges network perimeter protection Leaky amazon S3 bucket exposes personal data of 12000 social media influencers Bitglass Report Microsoft SharePoint Google Drive and Majority of AV Engines Fail to Detect New Ransomware Variant https://basefarm.nl/wp-content/uploads/2018/02/AdobeStock_182173612.jpeg 1667 2500 johan_kan /wp-content/uploads/2018/04/Basefarm-PERFECTLY-BALANCED-CLOUD-SOLUTIONS-neg-2.png johan_kan2018-11-08 08:46:082018-11-08 08:46:08BF-SIRT Newsletter 2018-06
BF-SIRT Newsletter 2018-07 november 8, 2018/in Security blog /door johan_kanNCCGroup rebuilt NotPetya, replacing its destructive payload with telemetry and safeguards to see what the impact could have been. They found the following:The customer ran it on one machine in their engineering network with no privileges.It found three machines unpatched.It exploited those three machines to obtain kernel level access.It infected those three machines.Within ten minutes it had gone through the entire engineering network using recovered/stolen credentials.It then took the domain about two minutes later.107 hosts were owned in roughly 45 minutes before the client initiated the kill and remove switch.Top 5 Security links A rebuilt NotPetya gets its first execution outside of the lab Cryptomining script poisons government websites – What to do Hackers Exploit ‘Telegram Messenger’ Zero-Day Flaw to Spread Malware Winter Olympics network outages blamed on unexplained cyberhack UK names Russia as source of NotPetya, USA follows suit https://basefarm.nl/wp-content/uploads/2018/02/anonymous-studio-figure-photography-facial-mask-38275.jpeg 1669 2500 johan_kan /wp-content/uploads/2018/04/Basefarm-PERFECTLY-BALANCED-CLOUD-SOLUTIONS-neg-2.png johan_kan2018-11-08 08:46:062018-11-08 08:46:06BF-SIRT Newsletter 2018-07
BF-SIRT Newsletter 2018-08 november 8, 2018/in Security blog /door johan_kanApple fixes that “1 character to crash your Mac and iPhone” bugApple has pushed out an emergency update for all its operating systems and devices, including TVs, watches, tablets, phones and Macs.The fix patches a widely-publicised vulnerability known officially as CVE-2018-4124, and unofficially as “one character to crash your iPhone”, or “the Telugu bug”.Telugu is a widely-spoken Indian language with a writing style that is good news for humans, but surprisingly tricky for computers.Computers can store and reproduce English words really easily, because there are only 26 symbols (if you ignore lower-case letters, the hyphen and that annoying little dingleberry thing called the apostrophe that our written language could so easily do without).Many languages use a written form in which each character is made up of a combination of components that denote how to pronounce it, typically starting with a basic sound and indicating the various modifications that should be applied to it.In English, each left-arrow or right-arrow simply moves you one character along in the current line, and one byte along in the current ASCII string, but what if there are four different sub-characters stored in memory to represent the next character that’s displayed?For your iPhone, you ‘ll be updating to iOS 11.2.6; for your Mac, you need the macOS High Sierra 10.13.3 Supplemental Update.Top 5 Security links https://threatpost.com/dell-emc-patches-critical-flaws-in-vmax-enterprise-storage-systems/129952/ https://www.theregister.co.uk/2018/02/20/unpatched_jenkins_servers_mining_monero/ http://fortune.com/2018/02/20/tesla-hack-amazon-cloud-cryptocurrency-mining/ https://torrentfreak.com/flight-sim-company-embeds-malware-to-steal-pirates-passwords-180219/ https://threatpost.com/word-based-malware-attack-doesnt-use-macros/129969/ https://basefarm.nl/wp-content/uploads/2018/03/it-sakerhet-basefarm.jpg 1000 1500 johan_kan /wp-content/uploads/2018/04/Basefarm-PERFECTLY-BALANCED-CLOUD-SOLUTIONS-neg-2.png johan_kan2018-11-08 08:46:032018-11-08 08:46:03BF-SIRT Newsletter 2018-08
BF-SIRT Newsletter 2018-09 november 8, 2018/in Security blog /door johan_kanMemcrashed – Major amplification attacks from UDP port 11211Over last couple of days we’ve seen a big increase in an obscure amplification attack vector – using the memcached protocol, coming from UDP port 11211.The general idea behind all amplification attacks is the same. An IP-spoofing capable attacker sends forged requests to a vulnerable UDP server. The UDP server, not knowing the request is forged, politely prepares the response. The problem happens when thousands of responses are delivered to an unsuspecting target host, overwhelming its resources – most typically the network itself.A discovery of a new amplification vector though, allowing very great amplification, happens rarely. This new memcached UDP DDoS is definitely in this category.In total we’ve seen only 5,729 unique source IPs of memcached servers. We’re expecting to see much larger attacks in future, as Shodan reports 88,000 open memcached serversGithub DDos incident on 28 Feb 2018, they received at peaks 1.35Tbps via 126.9 million packets per second.Please ensure that your memcached servers are firewalled from the internet!Top 5 Security links https://cybersins.com/howto-resposible-disclosure-with-security-txt/ https://www.bleepingcomputer.com/news/security/23-000-users-lose-ssl-certificates-in-trustico-digicert-spat/ https://www.theregister.co.uk/2018/03/01/us_researchers_apply_spectrestyle_tricks_to_break_intels_sgx/ https://nakedsecurity.sophos.com/2018/02/28/single-sign-on-authentication-the-bug-that-let-you-logon-as-someone-else/ https://threatpost.com/bug-in-hp-remote-management-tool-leaves-servers-open-to-attack/130189 https://basefarm.nl/wp-content/uploads/2018/03/basefarm-security-1.jpg 994 1500 johan_kan /wp-content/uploads/2018/04/Basefarm-PERFECTLY-BALANCED-CLOUD-SOLUTIONS-neg-2.png johan_kan2018-11-08 08:45:002018-11-08 08:45:00BF-SIRT Newsletter 2018-09
BF-SIRT Newsletter 2018-10 november 8, 2018/in Security blog /door johan_kanNetflix could pwn 2020s IT security – they need only reach out and takeThe container is doomed, killed by serverless. Containers are killing Virtual Machines (VM). Nobody uses bare metal servers. Oh, and tape is dead. These, and other clichés, are available for a limited time, printed on a coffee mug of your choice alongside a complimentary moon-on-a-stick for $24.99. Snark aside, what does the future of containers really look like?No one company is going to dominate IT security in the 2020s, but there is an empire to be built on building the very best workload wrapper money can buy.VMware has all components to build this puzzle piece. Unfortunately, they’re trapped in whatever hell befell Microsoft in 2005.Red Hat has most of the required components, but it will probably take them at least a decade to integrate all of it into systemd.Nobody is going to build an empire on containers, because containers are only one part of a more important puzzle piece.Netflix gave the world the Chaos Monkey, and then decided to build a full-scale Simian Army.Which vendor(s) will pull it together and dominate that niche? Top 5 Security links https://nakedsecurity.sophos.com/2018/03/08/smart-traffic-lights-cause-jams-when-fed-spoofed-data/ https://arstechnica.com/information-technology/2018/03/it-just-got-much-easier-to-wage-record-breaking-ddoses/ https://devco.re/blog/2018/03/06/exim-off-by-one-RCE-exploiting-CVE-2018-6789-en/ https://threatpost.com/pos-malware-found-at-160-applebees-restaurant-locations/130281/ https://www.theregister.co.uk/2018/03/08/dutch_police_detail_how_they_became_the_admins_for_hansa_dark_web_market/ https://basefarm.nl/wp-content/uploads/2018/03/pexels-photo-265685.jpeg 1660 2500 johan_kan /wp-content/uploads/2018/04/Basefarm-PERFECTLY-BALANCED-CLOUD-SOLUTIONS-neg-2.png johan_kan2018-11-08 08:44:522018-11-08 08:44:52BF-SIRT Newsletter 2018-10
