ISC StormCast for Wednesday, January 21st 2015...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleOracle Critical Patch Update for Q1 2015 (Includes Java Updates), (Wed, Jan...
Oracle released its critical patch update. This quarters CPU fixes a total of 169 vulnerabilities across the entire Oracle product portfolio. For end users, Java is probably the most important part of...
View ArticleFlash 0-Day Exploit Used by Angler Exploit Kit, (Wed, Jan 21st)
The Angler exploit kit is a tool frequently used in drive-by download attacks to probe the browser for different vulnerabilities, and then exploit them to install malware. The exploit kit is very...
View ArticleISC StormCast for Thursday, January 22nd 2015...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleOOB Adobe patch!, (Thu, Jan 22nd)
Adobe has released an advisory regarding an out of band security update for Flash, APSB15-021. It is a fix forCVE-2015-0310, which is reserved but for which there is little additional information at...
View ArticleISC StormCast for Friday, January 23rd 2015...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleHow Vulnerabilities Happen: Input Validation Problems, (Fri, Jan 23rd)
We would like to thank Richard Ackroyd of RandomStormfor reporting a critical input validation error in our site to us. As we have done before, here is how it happened so hopefully you can learn from...
View ArticlePHP 5.6.5 is available, (Fri, Jan 23rd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleFlash 0-Day: Deciphering CVEs and Understanding Patches, (Fri, Jan 23rd)
The last two weeks, we so far had two different Adobe advisories (one regularly scheduled, and one out of band), and three new vulnerabilities. I would like to help our readers deciphering some of the...
View ArticleInfocon change to yellow for Adobe Flash issues, (Fri, Jan 23rd)
We have decided to change the Infocon 1to yellow in order to bring attention to the multiple recentAdobe Flash Player vulnerabilities2 that are being actively exploited. There have been 3...
View Article"Stealth" Update for Flash from Adobe, (Sat, Jan 24th)
[Update] Adobe now updated its advisory and confirmed that version 16.0.0.296 fixes the o-day vulnerability (CVE-2015-0311). [2][3] Adobe apparently just released Flash version 16.0.0.296. There is...
View ArticleISC StormCast for Monday, January 26th 2015...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleAdobe updates Security Advisory for Adobe Flash Player, Infocon returns to...
On Saturday, 24 JAN 2015, Adobe updated their Security Advisory for Adobe Flash Player specific to CVE-2015-0311. From the update: Users who have enabled auto-update for the Flash Player desktop...
View ArticleISC StormCast for Tuesday, January 27th 2015...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleApple Security Updates 27 JAN 2015 for OS X, Safari, iOS, and Apple TV -...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleNew Critical GLibc Vulnerability CVE-2015-0235 (aka GHOST), (Tue, Jan 27th)
Qualys discovered a criticalbuffer overflow in the gethostbyname() and gethostbyname2() functions in glibc. According to the announcement by Qualys, they were able to create an in-house exploit that...
View ArticleVMware Security Advisories - 1 New, 1 Updated, (Wed, Jan 28th)
VMware has released an new and updated security advisory today. The two security advisories, listed below, address numerous vulnerabilities in the VMware platform. For information regarding the...
View ArticleISC StormCast for Wednesday, January 28th 2015...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleGHOST glibc gethostbyname() Vulnerability:...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleAdobe Flash Update Available for CVE-2015-0311 & -0312, (Wed, Jan 28th)
Adobe has released an update to the Flash vulnerability CVE-2015-0311 discussed earlier this week here on the ISC. The update released from Adobe addresses Flash vulnerabilities documented in...
View Article