BF-SIRT Newsletter 2018-02
Microsoft released patches for Meltdown and Spectre, but it’s important to update ones antivirus before applying the patches.
Latest WebLogic exploit caused an increase in compromised hosts being used for mining Cryptocurrencies.
F-Secure finds a new Intel AMT Security Issue which gives hackers with physical access full control of laptops in 30 seconds.
Top 5 Security Links
Police give out infected USBs as prizes in cybersecurity quiz
Wi-Fi Alliance launches WPA3 protocol with new security features
Mining or Nothing!
Anti-Virus updates required ahead of Microsoft’s Meltdown, Spectre patches
New Intel AMT Security Issue Lets Hackers Gain Full Control of Laptops in 30 Seconds
Security Software & Tools Tips – October 2018
In this monthly post we try to make you aware of five different security related products.
This is a repost from my personal website Ulyaoth.
This month we have chosen the following:
* Hiawatha
* Shodan
* GRR
* Cloudfail
* AbuseIO
Hiawatha
Hiawatha is a cool lightweight webserver that has a very easy syntax to configure it.
The maker of Hiawatha has written the webserver with security in mind, so it provides out of the box support for stopping SQL injections, XSS and CSRF attacks and exploit attempts.
We think Hiawatha is a great secure alternative for Apache or Nginx.
From the Hiawatha website:
Hiawatha is an open source webserver with a focus on security. I started Hiawatha in January 2002. Before that time, I had used several webservers, but I didn’t like them. They had illogical, almost cryptic configuration syntax and none of them gave me a good feeling about their security and robustness. So, I decided it was time to write my own webserver. I never thought that my webserver would become what it is today, but I enjoyed working on it and liked to have my own open source project. In the years that followed, Hiawatha became a fully functional webserver.
Website:
https://www.hiawatha-webserver.org/
Shodan
Shodan is a website where you can scan internet connected devices for open services. This is a great tool to find out if your
organization has any services exposed to the internet that might be a security risk.
From wiki:
Shodan is a search engine that lets the user find specific types of computers connected to the internet using a variety of filters. Some have also described it as a search engine of service banners, which are metadata that the server sends back to the client.
Website:
GRR
GRR (Rapid Response) framework is a server client software that allows you to do live forensics on remote servers.
From their website:
GRR Rapid Response is an incident response framework focused on remote live forensics.
The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely.
Website:
Cloudfail
From their website:
CloudFail is a tactical reconnaissance tool which aims to gather enough information about a target protected by Cloudflare in the hopes of discovering the location of the server. Using Tor to mask all requests, the tool as of right now has 3 different attack phases.
* Misconfigured DNS scan using DNSDumpster.
* Scan the Crimeflare database.
* Bruteforce scan over 2500 subdomains.
Website:
https://github.com/m0rtem/CloudFail
AbuseIO
This piece of software gives you a web interface that imports most important feeds such as shadowserver and spamcop, you can then see this information in a easy and relevant way.
This is a great tool to automate and improve the abuse handling process.
From their website:
It is a toolkit anyone can use to receive, process, correlate abuse reports and send notifications with specific information regarding the abuse case(s) on your network. AbuseIO’s purpose is to consolidate efforts by various companies and individuals to automate and improve the abuse handling process.
Website:
Photo by Liam Tucker on Unsplash
Why use a Managed Service Provider for Amazon Web Services
Do you think taking the step to the cloud is a challenge in itself? And now that you finally chose Amazon Web Services (AWS) as your cloud solution, how should you go about to learn how to manage it? Maybe you don’t really have time to spend on these types of concerns.
Hackers Turn to Python as Attack Coding Language of Choice
This blog post is a summary of this weeks Information Security News put together by our Security Incident Response Team (SIRT).
Hackers Turn to Python as Attack Coding Language of Choice
“More than 20 percent of GitHub repositories containing an attack tool or an exploit proof of concept (PoC) are written in Python.”
Read more..
Top 5 Security links
- Twitter patches bug that may have spilled users’ private messages
- Security Flaw Found in Apple Mobile Device Enrollment Program
- LoJax: First UEFI rootkit found in the wild, courtesy of the Sednit group
- Perimeter Defenses are Dead, So Now What?
- Data Protection, Security and Shared Responsibility: What You Need to Know about Amazon Web Services
CIOs don’t know what DevOps is
‘DevOps is not an IT platform but a culture: that’s where it often goes wrong’
It seems that only one of every ten innovative software projects sees the light of day, despite CIOs setting up agile DevOps teams that develop new functionalities at a lightning pace. ‘CIOs have the world at their feet, but become the victim of their own success,’ says Jan Aril Sigvartsen of Basefarm.