Clik here to view.
Costco, BestBuy, Walmart really want to send you a package!, (Mon, Dec 23rd)
Yes, it's this time of the year again. There's a new wave of email making the rounds, with a message that looks as follows The URLs look like this The subject seems to be one of "Delivery Canceling",...
View ArticleClik here to view.
Mr Jones wants you to appear in court!, (Tue, Dec 24th)
Wondering what the Costco / Walmart malware (yesterday's diary) was up to, we ran it in a lab environment. It happily connected to its Command&Control (C&C), and soon after started spamming...
View ArticleClik here to view.
Unfriendly crontab additions, (Tue, Dec 24th)
SANS ISC reader Christopher found the following in the crontab of a customer's CentOS machine. I include it as an image here, to keep your anti-virus from panicking on this diary six months from now...
View ArticleMerry christmas!, (Wed, Dec 25th)
We wish you a merry christmas and hope you enjoy a lot with your families! Manuel Humberto Santander Peláez SANS Internet Storm Center - Handler Twitter: @manuelsantander...
View ArticleDefault configuration check for Microsoft SQL Server - Taking advantage of...
This time of the year is pretty good in companies. Many people are enjoying the holidays, there's not that many problems in day-to-day job and everything is quiet. Perfect time of the year to perform...
View ArticleISC StormCast for Friday, December 27th 2013...
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleClik here to view.
Windows Autorun Part-1, (Fri, Dec 27th)
When someone suspecting that a malware activity that may exist in a system or a compromised systemone of the most obvious places to check is the startup locations .In this diary I am going to discuss...
View ArticleWeekend Reading List 27 DEC, (Sat, Dec 28th)
Hope you had a fabulous Christmas for those who celebrate it, for those who do not, a hearty cheers to you! In the spirit of a fabulous weekly service, DRG Weekend Reads, provided by our friends over...
View ArticleClik here to view.
NTP reflection attack, (Fri, Dec 27th)
Symantec has notice in the last few weeks that there is a significant NTP reflection attacks. NTP is Network time protocol and it’s used to synch the time between client and server, it is a UDP...
View ArticleISC StormCast for Monday, December 30th 2013...
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleISC StormCast for Tuesday, December 31st 2013...
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleJuniper SSL VPN and UAC Host Checker Issue, (Tue, Dec 31st)
A few readers have written asking about odd denials when trying to use Juniper VPNs. Turns out they released a Product Support Notification (subscription required) about their host check feature...
View ArticleClik here to view.
Six degrees of celebration: Juniper, ANT, Shodan, Maltego, Cisco, and Tails,...
Happy New Year! Hope 2014 is a great year for you. Ok, so I'm stretching a bit here on the six degrees but its a chance to tie a few interesting pieces of news together for you as we celebrate the new...
View ArticleSnapchat leak reveals phone numbers, usernames of 4.6 million users -...
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleClik here to view.
Happy New Year from the Syrian Electronic Army - Skype"s Social Media...
UPDATE 1500 PDT 01 JAN: Skype Blogs now recovered and reverted to normal. Be sure to add all available protection to your social media accounts and don't use one password to access them all. The...
View ArticleScans Increase for New Linksys Backdoor (32764/TCP), (Thu, Jan 2nd)
We do see a lot of probes for port 32764/TCP . According to a post to github from 2 days ago, some Linksys devices may be listening on this port enabling full unauthenticated admin access. [1] At this...
View ArticleISC StormCast for Friday, January 3rd 2014...
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleUPDATED X1 : OpenSSL.org Defaced by Attackers Gaining Access to Hypervisor,...
By now, most of you have heard that the openssl.org website was defaced. While the source code and repositories were not tampered with, this obviously concerned people. What is more interesting is...
View ArticleMonitoring Windows Networks Using Syslog (Part One), (Sat, Jan 4th)
As an incident responder, I love high value logs. We all know Windows event logs can be super chatty, but with the right tuning they can be very useful. I’ve tried out several utilties for sysloging...
View ArticleMalicious Ads from Yahoo, (Sat, Jan 4th)
According to a blog post from fox-it.com, they found ads.yahoo.com serving malicious ads from Yahoo's home page as early as December 30th. The malicious traffic appeared to come from the following...
View Article