ISC StormCast for Thursday, August 16th 2012...
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleA Poor Man's DNS Anomaly Detection Script, (Thu, Aug 16th)
I still think, DNS logs are one of the most overlooked resources for intrusion and malware detection. Frequently, command and control servers will use specific top level domains or host names, and due...
View ArticleISC StormCast for Friday, August 17th 2012...
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleSuspicious eFax Spear Phishing Messages, (Fri, Aug 17th)
Chad sent us a report today that they have been receiving strange eFax messages. Users who are using eFax are receiving spear phishing emails. The emails are using the default eFax account (From: eFax...
View ArticleISC StormCast for Monday, August 20th 2012...
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleAuthentication Issues between entities during protocol message exchange in...
Well, better late than never ;) My SANSFIRE conference was about authentication issues between entities where unauthorized parties can exchange fake messages which may cause damage to the industrial...
View ArticleDo we need test procedures in our companies before implementing Antivirus...
We have heard a couple of cases regarding problems caused my faulty antivirus signature files.Most recend that has a worldwide impact was the Microsoft Antivirus treating code from google webpage as...
View ArticleISC StormCast for Tuesday, August 21st 2012...
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleApple Remote Desktop update fixes no encryption issue, (Wed, Aug 22nd)
The Remote Desktop 3.6.1 update from Apple fixes the problem that if a user connected to a remote VNC server that did not have encrytion enabled, there was no encryption, even though Encrypt all...
View ArticleRuggedCom fails key management 101 on Rugged Operating System (ROS), (Tue,...
The Rugged Operating System (ROS) has a hard coded RSA private key used for SSL/TLS communications. With the private key from a server being a known value it is not difficult to decrypt any traffic...
View ArticleYYABCAFU - Yes Yet Another Bleeping Critical Adobe Flash Update, (Tue, Aug...
From their Security Bulletin Adobe has released security updates for Adobe Flash Player 11.3.300.271 and earlier versions for Windows, Macintosh and Linux, Adobe Flash Player 11.1.115.11 and earlier...
View ArticlePhishing/spam via SMS, (Wed, Aug 22nd)
I have seen one on my own phone, and a lot of people have reported seeing them. It is an SMS mesage from a throw away or spoofed number and looks something like this: You have won an Apple iPad or...
View ArticleISC StormCast for Wednesday, August 22nd 2012...
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleISC StormCast for Thursday, August 23rd 2012...
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleAnalyzing outgoing network traffic, (Thu, Aug 23rd)
We all know that network traffic contains real treasure when trying to identify malicious activities. Various organizations recognized this and even mandate that IDS or IPS systems are implemented....
View ArticleISC StormCast for Wednesday, August 29th 2012...
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View Article"Data" URLs used for in-URL phishing, (Wed, Aug 29th)
The use of data URLs in cross site scripting and other attacks isn't exactly new. But the concept is still not widely known, and keeps getting rediscovered. The latest iteration is a paper outlining...
View ArticleISC StormCast for Thursday, August 30th 2012...
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleAnalyzing outgoing network traffic (part 2), (Thu, Aug 30th)
Normal 0 21 false false false HR X-NONE X-NONE /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes;...
View ArticleEditorial: The Slumlord Approach to Network Security...
------ Johannes B. Ullrich, Ph.D. SANS Technology Institute Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View Article