SANS Internet Storm Center, InfoCON: green

↧

Your SSH Server On Port 8080 Is No Longer "Hidden" Or...

August 3, 2015, 4:51 am

I am seeing some scanning for SSH servers on port 8080 in web server logs for web servers that listen on this port. So far, I dont see any scans like this for web servers listening on port 80. In web...

View Article

ISC StormCast for Tuesday, August 4th 2015...

August 3, 2015, 6:49 pm

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

View Article

Whatever Happened to tmUnblock.cgi ("Moon Worm"), (Tue, Aug 4th)

August 4, 2015, 5:09 am

Last year, we wrote about the Moon Worm, a bitcoin mining piece of malware that infected Linksys routers. Ever since then, I have seen lots and lots of hits to the vulnerable cgi script...

View Article

Nuclear EK traffic patterns in August 2015, (Wed, Aug 5th)

August 5, 2015, 4:54 am

Introduction About two weeks ago, Nuclear exploit kit (EK)changed its URL patterns. Now it looks a bit likeAngler EK. Kafeine originally announced the change on 2015-07-21 [1], and we collected...

View Article

ISC StormCast for Wednesday, August 5th 2015...

August 5, 2015, 4:54 am

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

View Article

August OUCH Newsletter - Backup & Recovery:...

August 5, 2015, 10:49 am

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

View Article

ISC StormCast for Thursday, August 6th 2015...

August 5, 2015, 7:31 pm

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

View Article

Sigcheck and virustotal-search, (Thu, Aug 6th)

August 6, 2015, 4:28 am

In my last diary entry I mentioned offline use of Sysinternal tools with my tool virustotal-search. So you want to use sigcheck but you cant connect the machine to the Internet. Then you can use...

View Article

ISC StormCast for Friday, August 7th 2015...

August 6, 2015, 6:18 pm

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

View Article

Critical Firefox Update Today, (Fri, Aug 7th)

August 7, 2015, 8:43 am

The good folks at Firefox have released their latest version, 39.0.3, in response to vulnerability ">, which has been seen in the wild and allows an attacker to read and steal sensitive local files....

View Article

ISC StormCast for Monday, August 10th 2015...

August 9, 2015, 5:50 pm

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

View Article

What Was Old is New Again: Honeypots!, (Mon, Aug 10th)

August 10, 2015, 8:58 am

Here at the ISC, we operate a number of honeypots. So it is nice to see how honeypots in different shapes are starting to become popular again, with even a couple of startups specializing in honeypot...

View Article

Image may be NSFW.
Clik here to view.

.COM.COM Used For Malicious Typo Squatting, (Mon, Aug 10th)

August 10, 2015, 11:47 am

Today, our reader Jeff noted how domains ending in .com.com are being redirected to what looks like malicious content.Back in 2013, A blog by Whitehat Security pointed out that the famous com.com...

View Article

ISC StormCast for Tuesday, August 11th 2015...

August 10, 2015, 6:01 pm

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

View Article

August 2015 Microsoft Patch Tuesday, (Tue, Aug 11th)

August 11, 2015, 10:33 am

Overview of the August 2015 Microsoft patches and their status. # Affected Contra Indications - KB Known Exploits Microsoft rating(**) ISC rating(*) clients servers MS15-079 Cumulative Security Update...

View Article

More patch tuesday: adobe released security update for adobe flash player,...

August 11, 2015, 12:52 pm

Adobe released today bulletin APSB15-19, which address the following vulnerabilities found in Adobe Flash Player: CVE-2015-3107, CVE-2015-5124, CVE-2015-5125, CVE-2015-5127, CVE-2015-5128,...

View Article

ISC StormCast for Wednesday, August 12th 2015...

August 11, 2015, 5:39 pm

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

View Article

Windows Service Accounts - Why They're Evil and Why Pentesters Love them!,...

August 12, 2015, 5:47 am

Windows Service Accounts have been one of those enterprise neccessary evils - things that you have to have, but nobody ever talks about or considers to be a problem. All too often, these service...

View Article

Wireshark 1.12.7 is released, multiple fixes. Find the release notes at:...

August 12, 2015, 2:12 pm

=============== Rob VandenBrink Metafore (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

View Article

Yes Virginia, Stored XSS's Do Exist!, (Wed, Aug 12th)

August 12, 2015, 2:40 pm

When you go through website security, Cross Site Scripting (XSS) is almost always discussed. Almost exclusively, Reflected XSS is the main topic, and it almost always covers the lions share of the...

View Article