Analysis of the Shadow Z118 PayPal phishing site, (Mon, Apr 24th)
[This is a guest post submitted by Remco Verhoef. Got something interesting to share? Please use our contact form to suggest your topic] Today I got lucky walking around within a phishing site and...
View ArticleISC Stormcast For Tuesday, April 25th 2017...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleCAA Records and Certificate Issuance, (Tue, Apr 25th)
[This is a guest diary submitted by J. Edward Durrett, GCUX] While going over an SSL report from SSL Labs [1], I noticed something that I had not seen before: a check for CAA records. Certification...
View ArticleISC Stormcast For Wednesday, April 26th 2017...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleIf there are some unexploited MSSQL Servers With Weak Passwords Left: They...
Setting up a Microsoft SQL server with a stupid simple password like sa for the sa user is hard. First of all, Microsoft implemented a default password policy that you need to disable. And then, when...
View ArticleISC Stormcast For Thursday, April 27th 2017...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleBGP Hijacking: The Internet is Still/Again Broken, (Thu, Apr 27th)
The Internet is a network of networks. Each Autonomous system (AS) connects to the internet using a router that speaks the Border Gateway Protocol (BGP) to disseminate and receive routing information....
View ArticleISC Stormcast For Friday, April 28th 2017...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleAnother Day, Another Obfuscation Technique, (Fri, Apr 28th)
We got many samples from our readers and wethank them for this. It helps us to find how attackers are improving their techniques to bypass security controls and to fool the victims. Often the provided...
View ArticleKNOW before NO, (Fri, Apr 28th)
A good friend told me that anengagedinformation security professional is one wholeads with the KNOW instead of the NO. This comment struck me and has resonated wellfor the lastseveral years. It...
View ArticleISC Stormcast For Monday, May 1st 2017...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleEffective security governance, (Mon, May 1st)
According to the Carnegie Mellon University (CMU) Software engineering Institute (SEI), there are 11 characteristics for effective security governance: Enterprise-wide issue: Security is managed as an...
View ArticleISC Stormcast For Tuesday, May 2nd 2017...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleISC Stormcast For Wednesday, May 3rd 2017...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleDo you have Intel AMT? Then you have a problem today! Intel Active Management...
There have been some reports to us about an issue with Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability [1]. It might be a good idea to review...
View ArticlePowershelling with exploits, (Wed, May 3rd)
It should be no surprise to our regular readers how powerful PowerShell (pun intended) really is. In last couple of years, it has become the main weapon of not only white hat penetration testing, but...
View ArticleMay Issue of OUCH Security Awareness Newsletter: "Securing Kids...
--- Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute STI|Twitter| (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United...
View ArticleClik here to view.
OAUTH phishing against Google Docs ? beware!, (Wed, May 3rd)
We got several reports (thanks to Seren Thompson, Tahir Khan and Harry Vann) about OAUTH phishing attacks against Google users. The phishing attack arrives, of course, as an e-mail where it appears...
View ArticleISC Stormcast For Thursday, May 4th 2017...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleMigrating Telnet to SSH without Migrating, (Thu, May 4th)
I recently had a security assessment / internal pentest project, and one of the findings was I found an AS/400 running telnet services (actually unencrypted tn5250, but it comes to the same thing) The...
View Article