SANS Internet Storm Center, InfoCON: green

↧

ISC StormCast for Tuesday, December 15th 2015...

December 14, 2015, 6:08 pm

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

View Article

Security Management vs Chaos: Understanding the Butterfly Effect to Manage...

December 15, 2015, 1:30 pm

And now for something completely different.">Python">Subtitle: Captain Obvious Applies Chaos Theory Introduction This diary breaks a bit from our expected norms todiscussmanaging possible...

View Article

Updates for Google Chrome (47.0.2526.106) & Mozilla Firefox (43) have...

December 15, 2015, 2:44 pm

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

View Article

ISC StormCast for Wednesday, December 16th 2015...

December 15, 2015, 4:56 pm

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

View Article

Playing With Sandboxes Like a Boss, (Wed, Dec 16th)

December 16, 2015, 3:14 am

Last week, Guy wrote a nice diary to explain how to easily deploy IRMA to analyze suspicious files. Having a good tool to work on files locally is always interesting for multiple reasons. You are doing...

View Article

ISC StormCast for Thursday, December 17th 2015...

December 16, 2015, 5:27 pm

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

View Article

Image may be NSFW.
Clik here to view.

When Hunting BeEF, Yara rules (Part 2), (Thu, Dec 17th)

December 17, 2015, 7:09 am

This is a Guest Diary submitted by Pasquale Stirparo. In my previous diary [https://isc.sans.edu/forums/diary/When+Hunting+BeEF+Yara+rules/20395], we had a look at a phishing attack scenario, where we...

View Article

TeslaCrypt ransomware sent using malicious spam, (Fri, Dec 18th)

December 17, 2015, 5:09 pm

Introduction Since late November 2015, malicious spam (malspam) distributing TelsaCrypt ransomware has surged in a recent attack offensive [1]. This offensive is on-going. Criminal groups are sending...

View Article

ISC StormCast for Friday, December 18th 2015...

December 17, 2015, 5:38 pm

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

View Article

ScreenOS vulnerability affects Juniper firewalls, (Fri, Dec 18th)

December 18, 2015, 8:21 am

Earlier today, we were notified of a vulnerability in an operating system named ScreenOS used to manage firewalls sold by Juniper Networks. Yesterday, Juniper Networks announced that ScreenOS contains...

View Article

Actor using Rig EK to deliver Qbot, (Fri, Dec 18th)

December 18, 2015, 2:28 pm

Introduction On Thursday 2015-12-18 during a Rig exploit kit (EK) infection in my lab environment, I saw the same infection chain patterns from a criminal group I hadnt noticed in a long time. This...

View Article

VMWare Security Advisory, (Sat, Dec 19th)

December 18, 2015, 4:47 pm

Today background: url(">VMWarehas released a security advisory background: url(">VMSA-2015-0009that address a critical background: url(">deserializationvulnerability.A background:...

View Article

Critical Security Controls: Getting to know the unknown, (Mon, Dec 21st)

December 20, 2015, 4:54 pm

The Critical Security Controls (CSC) were recently updated, and quite some changes were made. What did not change, though, was the order of sequence of the first four critical controls, which are:...

View Article

ISC StormCast for Monday, December 21st 2015...

December 20, 2015, 6:42 pm

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

View Article

Today 3pm ET, 12pm PT: Special Webcast "What you need to know about the...

December 21, 2015, 11:02 am

--- Johannes B. Ullrich, Ph.D. STI|Twitter|LinkedIn (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

View Article

Infocon Yellow: Juniper Backdoor (CVE-2015-7755 and CVE-2015-7756), (Mon,...

December 21, 2015, 11:03 am

Today 3pm ET, 12pm PT: Special Webcast What you need to know about the Juniper backdoor">https://www.sans.org/webcasts/101482 We decided to move to raise our Infocon to yellow over the backdoor in...

View Article

First Exploit Attempts For Juniper Backdoor Against Honeypot, (Tue, Dec 22nd)

December 21, 2015, 4:19 pm

We are detecting numerous login attempts against our ssh honeypots using the ScreenOSbackdoor password. Our honeypot doesnt emulate ScreenOS beyond the login banner, so we do not know what the...

View Article

ISC StormCast for Tuesday, December 22nd 2015...

December 21, 2015, 5:13 pm

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

View Article

The other Juniper vulnerability - CVE-2015-7756, (Tue, Dec 22nd)

December 22, 2015, 7:42 am

Almost completely lost in the hype of theJuniper unauthorized codebackdoor vulnerability (CVE-2015-7755) is the other vulnerability that was fixed as part of the same patch(CVE-2015-7756)....

View Article

ISC StormCast for Wednesday, December 23rd 2015...

December 22, 2015, 5:37 pm

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

View Article