Adobe updates for March...
-- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons...
View ArticleMarch 2016 Microsoft Patch Tuesday, (Tue, Mar 8th)
https://isc.sans.edu/mspatchdays.html?viewday=2016-03-08 -- Alex Stanford - GIAC GWEB GSEC, Research Operations Manager, SANS Internet Storm Center /in/alexstanford (c) SANS Internet Storm Center....
View ArticleCritical Adobe Updates - March 2016, (Tue, Mar 8th)
Adobe has released updates for Acrobat and Acrobat Reader versionsto address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. According to...
View ArticleISC Stormcast For Tuesday, March 8th 2016...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleA Wall Against Cryptowall? Some Tips for Preventing Ransomware, (Wed, Mar 9th)
A lot of attention has been paid lately to the Cryptowall / Ransomware family (as in crime family) of malware. What I get asked a lot by clients is how can I prepare / prevent an infection? Prepare is...
View ArticlePowershell Malware - No Hard drive, Just hard times, (Wed, Mar 9th)
ISC Reader Eric Volking submitted a very nice sample of some Powershell based malware. Lets take a look! The malware starts inthe traditional way, by launching itself with an autorun registry key....
View ArticleISC Stormcast For Wednesday, March 9th 2016...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleRecent example of KaiXin exploit kit, (Thu, Mar 10th)
Introduction KaiXin exploit kit (EK) was first identified in August 2012 by Kahu Security [1]. KaiXin has remained a staple of the EK scene, and it generally hasnt changed too much in the years since...
View ArticleAdobe updates Flash Player to 21.0.0.182 (ESR at 18.0.0.333) and AIR to...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleISC Stormcast For Friday, March 11th 2016...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleForensicating Docker, Part 1, (Fri, Mar 11th)
By now youve probably heard about Docker, the application containerization tool. Lenny Zeltser has talked about using it for malware analysis, for example, and also looked at the security implications....
View ArticleA Look at the Mandiant M-Trends 2016 Report, (Sun, Mar 13th)
Mandiant released their 2016 threat reports last month and highlighted some interesting trends: more breaches were made public and location and motive of attackers were more diversified. Handlers have...
View ArticleISC Stormcast For Monday, March 14th 2016...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleSSH Honeypots (Ab)used as Proxy, (Sun, Mar 13th)
Im operating a small group of SSH honeypots (locatedinBelgium, Canada France) and Im of course keeping an eye on it every day. Collected data are sent to DShieldand to my Splunk instance. Asmall...
View ArticleISC Stormcast For Tuesday, March 15th 2016...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleDockerized DShield SSH Honeypot, (Tue, Mar 15th)
One month ago, Johannes releaseda beta version of a DShield sensor for the Raspberry Pi. The Pi is a cool computer to run such kind of tools but you must have a spare one and it requires extra cables...
View ArticleISC Stormcast For Wednesday, March 16th 2016...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleWhat is this "/smoke/" about?, (Wed, Mar 16th)
I am currently seeing a lot of requests against my honeypot like the following: ----------POST /smoke/ 1.1Content-Type: application/x-www-form-urlencoded InfoPath.2)Host: [server ip...
View ArticleSecurity Pros Love Python? and So Do Malware Authors!, (Thu, Mar 17th)
This is a guest post submitted byIsmaelValenzuela. Learning how adversaries compromise our systems and, more importantly, what are the techniques they use after the initial compromise is one of the...
View ArticleISC Stormcast For Thursday, March 17th 2016...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View Article