ISC StormCast for Thursday, August 13th 2015...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleMicrosoft patch tuesday problem with Symantec Cloud Endpoint protection?,...
Reader Tim reported a problem with MS15-084 patch in Symantec Cloud Endpoint Protection. After installing the patch, the following message appears in the log: A timeout (30000 milliseconds) was reached...
View ArticleAdwind: another payload for botnet-based malspam, (Fri, Aug 14th)
Introduction Since mid-July 2015, Ive noticed an increase in malicious spam (malspam) caught by my employers spamfilters with java archive (.jar file) attachments. These .jar files are most often...
View ArticleISC StormCast for Friday, August 14th 2015...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleAre you a "Hunter"?, (Sun, Aug 16th)
It sound like an interesting question, isnt it? But what Im referring to is us analyst that searches for unusual activity or you just wait for a trigger from an IDS/IPS or that a rule will trigger...
View ArticleISC StormCast for Monday, August 17th 2015...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleTool Tip: Kansa Stafford released, PowerShell for DFIR, (Mon, Aug 17th)
In his most recent post, Guy asked Are You a Hunter?. Heres one way to become one. Dave Hull has just published the Stafford release of his exemplary PowerShell DFIR tool, Kansa. For the uninitiated,...
View ArticleISC StormCast for Tuesday, August 18th 2015...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleISC StormCast for Wednesday, August 19th 2015...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleMicrosoft Security Bulletin MS15-093 - Critical OOB - Internet Explorer RCE,...
Security Update for Internet Explorer (3088903) Recommendation: Test and patch ASAP Mitigation option: EMET 5.2 configured to protect Internet Explorer (defautlt)is able to block the known exploit...
View ArticleOutsourcing critical infrastructure (such as DNS), (Wed, Aug 19th)
Migrating everything to cloud or various online services is becoming increasingly popular in last couple of years (and will probably not stop). However, leaving our most valuable jewels with someone...
View ArticleActor using Angler exploit kit switched to Neutrino, (Thu, Aug 20th)
Introduction Ive often had a hard time finding compromised websites to kick off an infection chain for the Neutrino exploit kit (EK). During the past few months,weve usuallyseen Angler EK, Nuclear EK,...
View ArticleISC StormCast for Thursday, August 20th 2015...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleISC StormCast for Friday, August 21st 2015...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleA recent decline in traffic associated with Operation Windigo, (Fri, Aug 21st)
Introduction According to a 2014 report by ESET, Windigo is the code name for an ongoing operation that started as early as 2011 [1]. As noted in the report, legitimate traffic to servers compromised...
View ArticleISC StormCast for Monday, August 24th 2015...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleAre You Protecting your Backdoor ?, (Mon, Aug 24th)
Hardly anybody has physical access to critical public facing servers. Usually, they are located in a data center, hours away from the system administrators charged with managing them. Doing a system...
View ArticleISC StormCast for Tuesday, August 25th 2015...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleDropbox Phishing via Compromised Wordpress Site, (Tue, Aug 25th)
I got a couple of emails today notifying me of a Compulsory Email Account Update for my Dropbox account. The e-mails do overall mimic the Dropbox look and feel, and use dropbox@smtp.com as a From"...
View ArticleActor that tried Neutrino exploit kit now back to Angler, (Wed, Aug 26th)
Introduction Last week, we saw the group behind a significant amount of Angler exploit kit (EK) switch to Neutrino EK [1]. We didnt know if the change was permanent, and I also noted that criminal...
View Article