Clik here to view.
SSH Fingerprints Are Important, (Fri, Apr 3rd)
Some years ago, I was preparing Cisco certification exams. I connected via SSH to a new Cisco router, and was presented with this familiar dialog: This made me think: before proceeding, I wanted to...
View ArticleVMware Product Updates Address Critical Information Disclosure Issue In JRE,...
VMSA-2015-0003 Oracle JRE is updated in VMware products to address a critical security issue that existed in earlier releases of Oracle JRE. VMware products running JRE 1.7 Update 75 or newer and JRE...
View ArticleClik here to view.
Wireshark TCP Flags, (Sun, Apr 5th)
When I took SEC503 last year in Brussels, taught by Jess Garcia, he remarked that he missed Snorts TCP flag representation in Wireshark. Lua dissectors are a great way to enhance Wireshark, so I wrote...
View ArticleISC StormCast for Monday, April 6th 2015...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View Article'Dead Drops' Hidden USB Sticks Around the World, (Mon, Apr 6th)
We received this article from Joe an ISC contributor about USB sticks hidden in various places around the world such as walls, padlocks, etc. where anyone can connect to them using a laptop. The...
View ArticleISC StormCast for Tuesday, April 7th 2015...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleGuest Diary: Xavier Mertens - Analyzing an MS Word document not detected by...
[Guest Diary: Xavier Mertens] [Analyzing an MS Word document not detected by AV software] Like everybody, Im receiving a lot of spam everyday but... I like it! All unsolicited received messages are...
View ArticleISC StormCast for Wednesday, April 8th 2015...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleIs it a breach or not?, (Wed, Apr 8th)
Incidents happen, and the most important part of IR is the planning stage. You should have a process or checklists with steps to make sure it goes as smoothly and fast as possible. When your forensic...
View ArticleAn example of the malicious emails sometimes sent to the ISC handler...
Part of being an ISC handler is reviewing the emails sent to our various email distros. Because these email addresses are publicly-known, we receive a lot of spam. Occasionally, we get more malicious...
View ArticleApple updates for 2015-04-08 include OS X Yosemite 10.10.3, iOS 8.3, Apple...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleISC StormCast for Thursday, April 9th 2015...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleISC StormCast for Friday, April 10th 2015...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleClik here to view.
The Kill Chain: Now With Pastebin, (Fri, Apr 10th)
I have yet another maldoc sample. They still keep coming, these malicious Word and Excel documents with VBA macros designed to download a trojan. Each day they are slightly different, and sometimes I...
View ArticleISC StormCast for Monday, April 13th 2015...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleOdd POST Request To Web Honeypot, (Tue, Apr 14th)
I just saw this odd POST request to our honeypotsENUSMSN)\r\n Host: [IP Address of Honeypot] Content-Length:364 Cache-Control: no-cache...
View ArticleISC StormCast for Tuesday, April 14th 2015...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleMicrosoft Patch Tuesday - April 2015, (Tue, Apr 14th)
Overview of the April 2015 Microsoft patches and their status. # Affected Contra Indications - KB Known Exploits Microsoft rating(**) ISC rating(*) clients servers MS15-032 Cumulative Security Update...
View ArticleISC StormCast for Wednesday, April 15th 2015...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleExploit kits (still) pushing Teslacrypt ransomware, (Thu, Apr 16th)
Teslacrypt is a form of ransomware that was first noted in January of this year [1]. This malware apparently targets video game-related files [2, 3, 4]. Ive seen Teslacrypt dropped by the Sweet Orange...
View Article