Security Updates available for Adobe Flash Player -...
-- Rick Wanner - rwanner at isc dot sans dot org - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected) (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons...
View ArticleApril 2014 Microsoft Patches, (Tue, Apr 8th)
Overview of the April 2014 Microsoft patches and their status. # Affected Contra Indications - KB Known Exploits Microsoft rating(**) ISC rating(*) clients servers MS14-017 Vulnerabilities in...
View Article* Patch Now: OpenSSL "Heartbleed" Vulnerability, (Tue, Apr 8th)
(this article is work in progress and will be updated as we have new information. Also see the comments for links to signatures and other information provided by readers) We decided to go to Infocon...
View ArticleISC StormCast for Wednesday, April 9th 2014...
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleSpecial Simulcast Presentation from SANS 2014 in Orlando: OpenSSL Heartbleed...
------ Johannes B. Ullrich, Ph.D. SANS Technology Institute Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleHeartbleed vendor notifications, (Wed, Apr 9th)
As people are running around having an entertaining day we thought it might be a good idea to keep track of the various vendor notifications. I'd like to start a list here and either via comments or...
View ArticleTesting for Heartbleed, (Wed, Apr 9th)
There are a fair few sites popping up testing for this issue. I know this is possibly overly motherly, sorry, but be careful. You may not know who is running the site, what they are actually testing...
View ArticleISC StormCast for Thursday, April 10th 2014...
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleAll things not Heartbleed, (Thu, Apr 10th)
We were talking yesterday that with the Heart Bleeds issue front and center, what about the "everything else" factor? With everyone so focused on this one issue, coupled with the knowledge that *lots*...
View ArticleBrace Yourselves (and your Users / Clients) for Heartbleed SPAM, (Thu, Apr 10th)
I started getting emails yesterday asking me to change passwords on services I do not have accounts on - complete with helpful links - back-ended by malware and/or credential harvesting of course Just...
View ArticleISC StormCast for Friday, April 11th 2014...
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleHow to talk to your kids (or manager) about "Heartbleed", (Fri, Apr 11th)
With more mass-media attention to the heartbleed bug, we are getting more questions from "normal users" about the heartbleed bug. The "Heartbleed" bug is not affecting end users using Windows. It does...
View ArticleThe Other Side of Heartbleed - Client Vulnerabilities, (Fri, Apr 11th)
We're getting reports of client applications that are vulnerable to the heartbleed issue. Just as with server applications, these client applications are dependant on vulnerable versions of OpenSSL....
View ArticleVMware Security Advisories / Patches released for 2 issues (NOT Heartbleed)...
=============== Rob VandenBrink Metafore (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleTonight OpenSSL Webcast #4: Client Side Issues / What to tell your kids &...
------ Johannes B. Ullrich, Ph.D. SANS Technology Institute Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleHeartbleed Fix Available for Download for Cisco Products, (Fri, Apr 11th)
The following Cisco products that were previously identified as vulnerable and have been remediated: Cisco Registered Envelope Service (CRES) Cisco Webex Messenger Service Cisco USC Invicta Series...
View ArticleCritical Security Update for JetPack WordPress Plugin. Bug has existed since...
----------- Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleInterested in a Heartbleed Challenge?, (Sat, Apr 12th)
CloudFlare lunched a challenge yesterday: Can You Get Private SSL Keys Using Heartbleed?[1] The site created by CloudFlare engineers is located here and is intentionally vulnerable to heartbleed. If...
View ArticleReverse Heartbleed Testing, (Sun, Apr 13th)
I wanted to know if the tools/software I execute regularly are vulnerable to scraping my system memory. Now the reverse heartbleed scenario is very possible, but the likelihood seems to be much more...
View ArticleISC StormCast for Monday, April 14th 2014...
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View Article