Port 161 Oddities (aka SNMP: so what's going on?), (Sun, Jan 11th)
On a very slow Sunday in JanuaryI noticed that port 161 (designated as SNMP)is still alive and kicking, however the port 161DShield reporttrend sawdownward movementtwo weeks ago, and now we are right...
View ArticleISC StormCast for Monday, January 12th 2015...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleClik here to view.
IoT: The Rise of the Machines (Guest Diary), (Mon, Jan 12th)
[This is a guest diary submitted by Xavier Mertens] Our houses and offices are more and more infested by electronic devices embedding a real computer with anoperating system and storage. They...
View ArticleAre You Piratebay? thepiratebay.org Resolving to Various Hosts, (Mon, Jan 12th)
Thanks to our reader David for sending us this detect (anonymized): GET announce?info_hash=....peer_id=....ip=....port=....uploaded=....downloaded=....*left=....numwant=.... HTTP/1.0 Host:...
View ArticleISC StormCast for Tuesday, January 13th 2015...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleMicrosoft Patch Tuesday - January 2015 (Really? Telnet?), (Tue, Jan 13th)
Overview of the January 2015 Microsoft patches and their status. # Affected Contra Indications - KB Known Exploits Microsoft rating(**) ISC rating(*) clients servers MS15-001 Vulnerability in Windows...
View ArticleAdobe Patch Tuesday - January 2015, (Tue, Jan 13th)
Adobe released one bulletin today, affecting Flash Player. The update should be applied to Windows, OS X as well as Linux versions of Adobes Flash player. It is rated with a priority of 1 for most...
View ArticleISC StormCast for Wednesday, January 14th 2015...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticlePlease help us make the ISC better, and participate in our annual survey...
--- Johannes B. Ullrich, Ph.D. STI|Twitter|LinkedIn (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleWhich security tool is your favorite?, (Wed, Jan 14th)
Toolswatch published today the best 2014 security tools according to their readers. I like to use From that list I like OWASP ZAP, BeEF, OWASP Xenotix and PeStudio. However, I definitely miss some...
View ArticleISC StormCast for Thursday, January 15th 2015...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleStrange wordpress login patterns, (Thu, Jan 15th)
Reader Robert came today with a very interesting situation. He noticed odd wordpress login patterns: T 31.47.254.62:51020 - +http://www.google.com/bot.html). Host: **redacted** Accept: */*. Cookie:...
View Articletcp/6379 trolling - Redis NoSQL? Or something else?, (Thu, Jan 15th)
DShield sensors report an uptick of scanning for tcp/6379, currently mostly originating from 61.160.x and 61.240.144.x, which are both CHINANET/UNICOM. tcp/6379 is the default port of the Redis NoSQL...
View ArticleISC StormCast for Friday, January 16th 2015...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleShellshock keeps on giving!, (Fri, Jan 16th)
It has been 12 years since the SQL Slammer worm plagued the Interwebs .. come to think of it, that was also in January. But thats not the point :). Today, twelve years later, there are amazingly still...
View ArticleStrange & Random GET PHP Queries, (Sun, Jan 18th)
Over the past few months, I have been observing strange web queries against my honeypot where the pattern is always the same, a combination of two letters but each instance using two different letters....
View ArticleISC StormCast for Monday, January 19th 2015...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleClik here to view.
Traffic Patterns For CryptoWall 3.0, (Mon, Jan 19th)
This is a guest diary submitted by Brad Duncan. Various sources have reported version 3 of CryptoWall has appeared [1] [2] [3]. This malware is currently seen from exploit kits and phishing emails....
View ArticleISC StormCast for Tuesday, January 20th 2015...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleFinding Privilege Escalation Flaws in Linux, (Tue, Jan 20th)
We often tend to ignore privilege escalation flaws. In order to take advantage of these vulnerabilities, an attacker first needs to have access to the system itself. But in particular for systems that...
View Article