Entries by abel de kat angelino

BF-SIRT Newsletter 2018-31

Huge Cryptomining Attack on ISP-Grade Routers Spreads Globally Carrier-grade MikroTik routers are delivering potentially millions of daily cryptomining pages to the attacker. A massive hacking campaign has been uncovered, compromising tens of thousands of MikroTik routers to embed Coinhive scripts in websites using a known vulnerability. So far, Censys.io has reported more than 170,000 active […]

BF-SIRT Newsletter 2018-14

Intel tells remote keyboard users to delete app after critical bug found. On Tuesday, Intel warned of a critical escalation of privilege vulnerability (CVE-2018-3641) in all versions of the Intel Remote Keyboard that allows a network attacker to inject keystrokes as if they were a local user. The vulnerability received a Common Vulnerabilities and Exposure […]

BF-SIRT Newsletter 2018-10

Netflix could pwn 2020s IT security – they need only reach out and take The container is doomed, killed by serverless. Containers are killing Virtual Machines (VM). Nobody uses bare metal servers. Oh, and tape is dead. These, and other clichés, are available for a limited time, printed on a coffee mug of your choice […]

BF-SIRT Newsletter 2018-09

Memcrashed – Major amplification attacks from UDP port 11211 Over last couple of days we’ve seen a big increase in an obscure amplification attack vector – using the memcached protocol, coming from UDP port 11211. The general idea behind all amplification attacks is the same. An IP-spoofing capable attacker sends forged requests to a vulnerable […]

BF-SIRT Newsletter 2018-08

Apple fixes that “1 character to crash your Mac and iPhone” bug Apple has pushed out an emergency update for all its operating systems and devices, including TVs, watches, tablets, phones and Macs. The fix patches a widely-publicised vulnerability known officially as CVE-2018-4124, and unofficially as “one character to crash your iPhone”, or “the Telugu […]

BF-SIRT Newsletter 2018-06

Beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as “not secure”. For the past several years, we’ve moved toward a more secure web by strongly advocating that sites adopt HTTPS encryption. And within the last year, we’ve also helped users understand that HTTP sites are not secure […]