ISC StormCast for Wednesday, November 12th 2014...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleHow bad is the SCHANNEL vulnerability (CVE-2014-6321) patched in MS14-066?,...
We had a number of users suggesting that we should have labeled MS14-066 as Patch Now instead of just critical. This particular vulnerability probably has the largest potential impact among all of the...
View ArticlePCRE for malware audits, (Thu, Nov 13th)
When auditing a company for their malware defense savvy, you are likely used to be presented with colorful pie charts of all the malware that their Anti-Virus (AV) product of choice successfully...
View ArticleISC StormCast for Thursday, November 13th 2014...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleISC StormCast for Friday, November 14th 2014...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleSChannel Update and Experimental Vulnerability Scanner (MS14-066), (Fri, Nov...
Just a quick update on the SChannel problem (MS14-066, CVE-2014-6321). So far, there is still no public available exploit for the vulnerability, and details are still sparse. But apparently, there is...
View ArticleMicrosoft Updates MS14-066, (Sun, Nov 16th)
Microsoft updated MS14-066 to warn users about some problems caused by the additional ciphers added with the update [1]. It appears that clients who may not support these ciphers may fail to connect at...
View ArticleISC StormCast for Monday, November 17th 2014...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleUpdates for OS X , iOS and Apple TV, (Mon, Nov 17th)
Apple today released updates for iOS 8 and OS X 10.10 (Yosemite) . Here are some of the highlights from a security point of view: OS 10.10.1 (approx. listed in order of severity) CVE Impact ISC Rating...
View ArticleISC StormCast for Tuesday, November 18th 2014...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleMicrosoft Will Release MS14-068 Later Today, (Tue, Nov 18th)
Today, Microsoft will release MS14-068. This is one of the bulletins that was skipped in Novembers patch Tuesday update. The bulletin fixes a privilege escalation vulnerability and Microsoft rated it...
View ArticleMicrosoft November out-of-cycle patch MS14-068, (Tue, Nov 18th)
Microsoft November out-of-cycle patch Note: MS14-066 was also updated today to fix some of the issues previously discussed with the introduction of the additional TLS cipher suites. Folks running...
View ArticleISC StormCast for Wednesday, November 19th 2014...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View Article"Big Data" Needs a Trip to the Security Chiropracter!, (Wed, Nov 19th)
When the fine folks at Portswigger updated Burp Suite last month to 1.6.07 (Nov 3), I was really glad to see NoSQL injection in the list of new features. Whats NoSQL you ask? If your director is...
View ArticleISC StormCast for Thursday, November 20th 2014...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleCritical WordPress XSS Update, (Thu, Nov 20th)
Today, Wordpress4.0.1 was released, which addresses a critical XSS vulnerability (among other vulnerabilities). [1] The XSS vulnerability deserves a bit more attention, as it is an all too common...
View ArticleGoogle Web "Firing Range" Available, (Thu, Nov 20th)
Google has released a Firing Range for assessing various web application scanners, with what looks like a real focus on Cross Site Scripting. The code was co-developed by Google and Politecnico di...
View ArticleISC StormCast for Friday, November 21st 2014...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleMore Trouble For Hikvision DVRs, (Mon, Nov 24th)
The Internet of Things is turning against us once more. Rapid 7 is reporting how HikvisionDVRs are vulnerable to at least 3 different remote code execution vulnerabilities. Metasploit modules are...
View ArticleISC StormCast for Monday, November 24th 2014...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View Article