Security Software & Tools Tips – May 2019

In this monthly post, we try to make you aware of five different security related products.
This is a repost from my personal website Ulyaoth

This month we have chosen for the following:
* Brakeman
* Moloch
* OSXCollector
* Zeek


Information from the angr website:

angr is a python framework for analyzing binaries. It combines both static and dynamic symbolic (“concolic”) analysis, making it applicable to a variety of tasks.



Information from the Brakeman website:

Brakeman is a security scanner for Ruby on Rails applications. Unlike many web security scanners, Brakeman looks at the source code of your application. This means you do not need to set up your whole application stack to use it. Once Brakeman scans the application code, it produces a report of all security issues it has found.



Information from the Moloch website:

Moloch augments your current security infrastructure to store and index network traffic in standard PCAP format, providing fast, indexed access. An intuitive and simple web interface is provided for PCAP browsing, searching, and exporting. Moloch exposes APIs which allow for PCAP data and JSON formatted session data to be downloaded and consumed directly. Moloch stores and exports all packets in standard PCAP format, allowing you to also use your favorite PCAP ingesting tools, such as wireshark, during your analysis workflow.



Information from the OSXCollector website:

OSXCollector is a forensic evidence collection & analysis toolkit for OSX.



Information from the Zeek website:

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 20 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally by both major companies and numerous many educational and scientific institutions for securing their cyberinfrastructure.


Image by methodshop from Pixabay

Continuous development using containers

Are you familiar with the “throw it over the fence” method? If so, you’ll know that it is not very productive.

The method refers back to the old times of web development, when humans and technology often failed to work together optimally. Once new code runs well on the developers’ machines, it was ‘thrown over the fence’ to the test and operations layer. There, the setup may be so different that the code fails. It then needs to be thrown back, or a lot of work put into getting it to run.

As if that’s not enough, the procedure then has to be repeated more or less for every update.

Break down the barriers

“A complete and coherent programming process is much better”, claims Basefarm system architect, Andreas Skoglund.

What he has in mind are Docker containers, Kubernetes, a continuous development cycle, databases, message queues, monitoring and logging tied together into a single solution.“OpenShift Container Platform is a Kubernetes distribution with a robust bunch of other technologies that deliver precisely that”, he explains.

The setup works equally well in private clouds and cloud services like Microsoft Azure and AWS.

At the base are Docker containers. Docker is a way of packaging applications together with all their dependencies. This contrasts with traditional packaging like .exe, .rpm and other application types whose operability is sensitive to library and version differences in the operating environment.

Containers can be set to be ‘immutable’, to prevent them being changed. This ensures consistency of behaviour during development, testing and production.

To avoid software conflicts, current practice has been to run a single application per virtual machine (VM). Using containers avoids this problem, and a VM is easily able to run several containers, which both saves resources and simplifies administration.

Kubernetes – a building block

Kubernetes is a modular framework that can be assembled in many different ways, but also gives developers and technicians the same experience no matter where under the bonnet they are working.

A major benefit of this is familiarity, regardless of the system’s location, whether in the cloud using Microsoft Azure for instance, or on a server in the basement.

Kubernetes also simplifies many of the technician’s tasks, distribution and siting of the containers is automatic, and extra capacity can be provisioned at very short notice to handle increased load, e.g. for Black Friday.

“The platform automates container-based architectures.”


OpenShift is one way of deploying Kubernetes. In OpenShift, Kubernetes is combined with a number of other services that are often required in agile and DevOps oriented environments.

In this way, OpenShift is able to realise the dream of most IT environments – a coherent, integrated programming process. OpenShift also allows for multiple, separate, independent CI/CD processes and the necessary support around Kubernetes such as image administration, build tools, monitoring and consistent security across all the services.

That’s why we in Basefarm are working more and more with Kubernetes on OpenShift – to help our customers make the most of their multi cloud environments, develop and deploy quickly, in a safe way.

From application to container

So, what about the pathway from application to container?

Here too OpenShift helps in several ways. One of these functions is called source-to-image (S2I). OpenShift stores the containers for you based on S2I recipes available for all the most popular languages and frameworks.

Supporting technologies such as message queues, databases and so on are also supported in OpenShift via the Service Catalog. These can be provisioned outside of OpenShift, for example in AWS, but at the same time be tied to your application and controlled from OpenShift.

Want to know more about Continuous Dilivery, read the blog post “How to move mountains – our road to continuous delivery” here

Author: Andreas Skoglund, Solution Architect, Basefarm

Andreas Skoglund is a solution architect at Basefarm. He describes this as a creative and varied job that mostly revolves around designing and developing technical solutions for solving customers’ dilemmas. His leisure hours are taken up with programming for fun, home automation and building an overcomplicated home network.

Secretary General gives keynote speech on NATO’s adaption to cyber threats

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

“Cyber attacks are becoming more frequent, more complex and more destructive. From low-level attempts to technologically sophisticated attacks. They come from states, and non-state actors. From close to home and from very far away. And they affect each and every one of us.” said the NATO Secretary General Jens Stoltenberg at the Cyber Defence Pledge Conference, London yesterday.

Read more


Top 5 Security News

UK provided evidence to 16 NATO allies of Russia hacking campaigns

Core Elastic Stack Security Features Now Available For Free Users As Well

Google Stored G Suite Users’ Passwords in Plain-Text for 14 Years

Hacker Disclosed 4 New Microsoft Zero-Day Exploits in Last 24 Hours

Tor Browser for Android is available through the Play Store



Hundreds of Vulnerable Docker Hosts Exploited by Cryptocurrency Miners

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Docker is a technology that allows you to perform operating system level virtualization. An incredible number of companies and production hosts are running Docker to develop, deploy and run applications inside containers.

You can interact with Docker via the terminal and also via remote API. The Docker remote API is a great way to control your remote Docker host, including automating the deployment process, control and get the state of your containers, and more. With this great power comes a great risk — if the control gets into the wrong hands, your entire network can be in danger.

Read more

Top 5 Security News

Backdoored GitHub accounts spewed secret sneakerbot software

RSAC 2019: TLS Markets Flourish on the Dark Web

Web Authentication: What It Is and What It Means for Passwords

Google Discloses Unpatched ‘High-Severity’ Flaw in Apple macOS Kernel

How To Spoof PDF Signatures

2.3B Files Exposed in a Year: A New Record for Misconfigs

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Amazon S3 cloud bucket misconfigurations however have dropped dramatically.

The last 12 months has seen the exposure of a record 2.3 billion files across cloud databases and online shares, according to an analysis released on Thursday.

A report from Digital Shadows’ Photon Research Team, Too Much Information: The Sequel, assessed the scale of inadvertent global data exposure. The 2.3 billion number represents an increase of more than 750 million files since 2018 – a more than a 50 percent annual increase.

The team’s research revealed that about half of the customer data, (1.071 billion files, including personal demographic information, passport scans and bank statements, job applications, personal photos, credentials for business networks and more) was exposed via the Server Message Block (SMB) protocol – a technology for sharing files first designed in 1983.

Read more

Top 5 Security News

A million devices still vulnerable to ‘wormable’ RDP hole

WordPress Slick Popup Plugin Contains Vulnerable Support Backdoor

Hackers Infect 50,000 MS-SQL and PHPMyAdmin Servers with Rootkit Malware

AI, the Mandatory Element of 5G Mobile Security

HiddenWasp Malware Stings Targeted Linux Systems

Women In Tech 2019

Every year at the International Women’s Day, Women In Tech is coming to Stockholm. At the event, you get to listen to some of the world’s most talented women discussing their success stories in business, technology and digital transformation. Basefarm attended the event to hear about the latest trends in the tech industry and what buzzwords to look out for during 2019. Here are the most important takeaways:

1. What are the key trends in the tech industry?

Big Data and digital privacy – One word that many of the speakers highlighted, that can be applied to all industries, was digital privacy. Consumers are becoming more aware of their digital footprint and the way companies use data, meaning that they are more careful than ever. But instead of letting this turn towards you and your company, you can create trust with your Big Data. Be transparent, store your data in a secure way and let the customers know why you are collecting their data and what they will get back from it. This will generate a win-win situation and create a better user experience.

Here is a blog post where you can read more about data privacy, GDPR and how to create customer trust trough data – Tick the box on gdpr or go above and beyond?

2. What was everyone talking about at the event? (what were the buzzwords)?

Using Artificial Intelligence (AI) and machine learning in a smart way – Many of the speakers talked about Artificial Intelligence (AI) and its wide opportunity. As you may know, AI is not a new phenomenon. It has actually been around for several years. However, there has been a rising trend for companies to implement Artificial Intelligence and Machine Learning in their digital strategy for the last couple of years. And now when the hype is over, companies need to start using it in a smart way to exploit its full potential.

If you want to learn more about AI you can read our blog post “3rd wave AI tools evolve for solving real world problems” HERE 

Other buzzwords worth mentioning are VR and how it can change the world, the opportunity in CivTech and technology’s impact on the climate.

3. Tell us something you learned at the event? (three key findings?)

• Think outside the box when it comes to digital transformation and technology.
• The importance of having a diverse team to understand the problem from different angles. Use help from experts if needed.
• Always stay updated, things are moving fast in the digital world.


Author: Linnea Jonsson, Marketing Assistans, Basefarm

Linnea is a part of Basefarm’s marketing team. She has a passion for the digital world with the mission to help more companies understand the importance of digital transformation and how it can create new opportunities for an organisation.

RAMBleed, a new side-channel attack enables attackers to read memory not belonging to them

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

A new side-channel attack that enables an attacker to read out physical memory belonging to other processes, named RAMBleed, is published.

RAMBleed, based on a previous side channel called Rowhammer, violates arbitrary privilege boundaries. The implications of this is numerous, and vary in severity based on the other software running on the target machine. The researchers demonstrated an attack against OpenSSH in which they used RAMBleed to leak a 2048 bit RSA key, but the exploit can read other data as well.

“It is widely assumed however, that bit flips within the adversary’s own private memory have no security implications, as the attacker can already modify its private memory via regular write operations. We demonstrate that this assumption is incorrect, by employing Rowhammer as a read side channel.” reads the research paper. “More specifically, we show how an unprivileged attacker can exploit the data dependence between Rowhammer induced bit flips and the bits in nearby rows to deduce these bits, including values belonging to other processes and the kernel.”

Read more

Top 5 Security News

Malformed Certs make DoS on any Windows servers possible

GoldBrute bot-net brute forcing 1.5 million RDP servers

Arbitrary OS command execution vulnerability found in VIM and Neovim

The Return of the WIZard: RCE in Exim (CVE-2019-10149)

BSides Oslo 2019 conference videos published on YouTube

Change your Facebook password now!

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Oh, feet of clay!

Facebook has just admitted that it has found many places – hundreds of millions of places, maybe – where it saved users’ passwords to disk in raw, unencrypted form.

In jargon terms, they’re known as plaintext passwords and it means that instead of seeing a password scrambled into a hashed form such as 379f153­1753a7c43­ab4f4faace­212451, anyone looking at the stored data will see the actual password, right there, just like that.

Like that: 123456789, or that: mypassword99, or that: jw45X$/­6FsT8.

Read more

Top 5 Security News

Why phone numbers stink as identity proof

The European Copyright Directive: What Is It, and Why Has It Drawn More Controversy Than Any Other Directive In EU History?

Extracting bitlocker keys from a TPM

Norwegian phones sent personal information to China

Hackers take down Safari, Vmware and Oracle at Pwn2Own

Flaw in popular PDF creation library enabled remote code execution

image showing kernel panic text

SACK Panic kernel bug discovered by Netflix

This blog post is a summary of this week’s Information Security News put together by our Security Incident Response Team (SIRT).

Engineers at Netflix discovered three new vulnerabilities in Linux and FreeBSD kernels specific to its TCP networking implementation.

The Vulnerabilities can be used by an adversary to perform a Denial Of Service (DOS) attack against Linux and FreeBSD machines, and Redhat classifies one of them as Important and the rest as moderate. CVE-2019-11477 is the most critical of the four, and has been dubbed SACK panic since the bug is located in the way Linux kernel Selective Acknowledgment (SACK) capabilities. This vulnerability can lead to a Linux host ending in a complete kernel panic, effectively stopping all services running on that host. This vulnerability affects all Linux kernel versions from 2.6.29 and up.
All major Linux vendors have released patches for the Vulnerabilities and we strongly urge people to apply the patches as soon as they can. There are also workaround for those systems where patching is not an option, but these can lead to loss in performance.
You can read a more detailed explanation here.


Top 5 Security News