Updated Standards Part 2 - PCI DSS/PA DSS, (Thu, Dec 5th)
Last week the PCI Security Standards Council released the next versions of the Payment Card Industry Data Security Standard (PCI DSS) and the Payment Application Data Security Standard (PA DSS),...
View ArticleChrome update heading your way - multiple security updates (thanks Martin)....
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleDec OUCH! is out - "Securing Your New Tablet". Download & share with...
Dec OUCH! is out - "Securing Your New Tablet". Download & share with family/friends. www.securingthehuman.org/ouch (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons...
View ArticleWindows "Support" calls, (Fri, Dec 6th)
One of our readers  received a "Microsoft Support" call, finally.  It was to funny not to put up.  Happy Friday  "Finally(!), I got one of those unsolicited telephone calls from the "Windows Service...
View Articlefacebook, gmail and twitter accounts breached, (Fri, Dec 6th)
Spiderlabs published an interesting article on this the other day. http://blog.spiderlabs.com/2013/12/look-what-i-found-moar-pony.html The list has now appeared on pastebin and is being sold for 0.05...
View ArticleReminder: Please help us track fake tech support scams by reporting them...
------ Johannes B. Ullrich, Ph.D. SANS Technology Institute Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleISC StormCast for Friday, December 6th 2013...
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleVMware ESX 4.x Security Advisory, (Fri, Dec 6th)
VMware released an ESX 4.1 update to third party libraries. The complete advisory can be viewed here. VMware updated advisory VMSA-2013-0007 for ESX 4.0 and 4.1 related to third party update for...
View ArticleClik here to view.
Suspected Active Rovnix Botnet Controller, (Sat, Dec 7th)
We have received information about a suspected Rovnix botnet controller currently using at least 2 domains (mashevserv[.]com and ericpotic[.]com) pointing to the same IP address of 37.9.53.126 (AS...
View ArticleMicrosoft December Patch Pre-Announcement, (Sat, Dec 7th)
Microsoft released its pre-announcement for the upcoming patch Tuesday. The summary indicates 11 bulletins total, 5 are critical all with remote code execution and 6 Important with a mix of remote...
View ArticleISC StormCast for Monday, December 9th 2013...
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleScanning without Scanning, (Mon, Dec 9th)
I had a chat with another one of the ISC Incident Handlers the other day about inventorying large networks, which is covered in the first two Controls in the SANS "Critical Security Controls"...
View ArticleISC StormCast for Tuesday, December 10th 2013...
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleClik here to view.
Those Look Just Like Hashes!, (Tue, Dec 10th)
Have you ever during a penetration test collected a list of values that look very much like hashes, and thought "I could maybe start cracking those, if I only knew what algorithm was used to calculate...
View ArticleMicrosoft December Patch Tuesday, (Tue, Dec 10th)
Overview of the December 2013 Microsoft patches and their status. # Affected Contra Indications - KB Known Exploits Microsoft rating(**) ISC rating(*) clients servers MS13-096 Code Execution...
View ArticleAdobe Updates today as well., (Tue, Dec 10th)
Adobe also has published updates today for Flash Player, resolving CVE-2013-5331 and CVE-2013-5332. This is a remote execution vulnerability, by way of a malicious SWF (Flash) content in an MS Word...
View ArticleISC StormCast for Wednesday, December 11th 2013...
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleClik here to view.
Facebook Phishing and Malware via Tumblr Redirects, (Wed, Dec 11th)
We got a couple reports of pretty convincing Facebook spam redirecting users to malware and a Facebook phishing site. The initial bait is a message that you may receive from one of your Facebook...
View ArticleClik here to view.
Browser Fingerprinting via SSL Client Hello Messages, (Wed, Dec 11th)
Encrypted traffic has long been a challenge for network monitoring. But even if traffic is encrypted, there is still plenty of information that can be extracted. In this little example, we are looking...
View ArticleISC StormCast for Thursday, December 12th 2013...
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View Article