Heartbleed, IE Zero Days, Firefox vulnerabilities - What's a System...
With the recent headlines, we've seen heartbleed (which was not exclusive to Linux, but was predominately there), an IE zero day that had folks over-reacting with headlines of "stop using IE", but...
View ArticleMicrosoft May Patch Pre-Announcement, (Sat, May 10th)
Microsoft released its pre-announcement for the upcoming patch Tuesday. The summary indicates a total of 8 bulletins, 2 are critical with remote code execution and 6 Important with a mix of remote code...
View ArticleISC StormCast for Monday, May 12th 2014...
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleClik here to view.
Beefing up Windows End Station Security with EMET, (Mon, May 12th)
After my post last week on things a System Administrator can do to protect against zero days in your browser, operating systems and applications, one of the biggies for Windows is to deploy EMET -...
View Articlebit.ly breach (May 9) - email addresses, encrypted passwords, API keys and...
=============== Rob VandenBrink Metafore (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleISC StormCast for Tuesday, May 13th 2014...
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleThis is not a test/typo: Support for Windows 8.1 Ends in a month!, (Thu, May...
It hasn't really been reported much, but just after Microsoft sort of stopped releasing patches for Windows XP last month, we now have to get going on the next phase-out: Windows 8.1! [In a first...
View ArticleMicrosoft May 2014 Patch Tuesday, (Tue, May 13th)
Overview of the May 2014 Microsoft patches and their status. IMPORTANT: Don't miss MS14-029. This bulletin fixes ANOTHER vulnerability in MSIE that has already been used in targeted exploits! #...
View ArticleAdobe May 2014 Patch Tuesday, (Tue, May 13th)
We are now up to 3 bulletins from Adobe. TL;DR ? Current versions in one simple table (I hope I got that right): Current Adobe Software Versions  Windows OS X Linux Adobe Reader XI 11.0.07 11.0.07 -...
View ArticleISC StormCast for Wednesday, May 14th 2014...
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleKippo Users Beware: Another fingerprinting trick, (Wed, May 14th)
We all know that the ssh honeypot "kippo" is a great tool. But it is awful easy for an attacker to figure out that they are connected to a kippo honeypot. The latest trick I see people use is to run...
View ArticleISC StormCast for Thursday, May 15th 2014...
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleBreaches and Attacks that are "Not in Scope", (Thu, May 15th)
Last week, we saw Orange (a Telecom company based in France) compromised, with the info for 1.3 million clients breach. At this time, it does not appear that any credit card numbers or credentials...
View ArticleCollecting Workstation / Software Inventory Several Ways, (Thu, May 15th)
One of the "prepare for a zero day" steps that I highlighted in my story last week was to inventory your network stations, and know what's running on them. In short, the first 2 points in the SANS 20...
View ArticleAPPLE-SA-2014-05-15-1 addresses multiple security issues, updates OS X...
=============== Rob VandenBrink Metafore (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleAPPLE-SA-2014-05-15-2 iTunes 11.2 available for download - security fixes...
=============== Rob VandenBrink Metafore (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleISC StormCast for Friday, May 16th 2014...
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleClik here to view.
Punking Pet Peeves with PowerShell, (Fri, May 16th)
Yesterday, Rob discussed Collecting Workstation / Software Inventory Several Ways, including PowerShell. I don't spend nearly as much time as I used to going hands-on with systems, but everytime I need...
View ArticleApple Update for CVE 2014-1347, (Sat, May 17th)
Apple has released an update to address CVE 2014-1347 (1) for iTunes which addresses a specific vulnerability in the permissions of files and folders of the system. This vulnerability address a...
View ArticleAvast forums hacked, (Tue, May 27th)
A quick note from reader James has alerted us that the anti-virus vendor avast has taken their support forum offline because it was breached this past weekend. His notice arrived over email and is...
View Article