Threat Level: green Handler on Duty: Tom Webb

SANS ISC Diaries by Keyword


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
DateAuthorTitle

EMET ADOBE EXPLOIT

2010-09-13Manuel Humberto Santander Pelaez Enhanced Mitigation Experience Toolkit can block Adobe 0-day exploit

EMET

2014-08-01/a>Chris MohanMicrosoft's Enhanced Mitigation Experience Toolkit 5.0 is out: http://www.microsoft.com/en-us/download/details.aspx?id=43714
2013-06-18/a>Russ McReeEMET 4.0 is now available for download
2013-05-27/a>Johannes UllrichNuclear Scientists, Pandas and EMET Keeping Me Honest
2013-01-02/a>Russ McReeEMET 3.5: The Value of Looking Through an Attacker's Eyes
2012-05-16/a>Johannes UllrichMicrosoft released an update for its Enhanced Mitigation Experience Tool (EMET) http://blogs.technet.com/b/srd/archive/2012/05/15/introducing-emet-v3.aspx
2010-09-13/a>Manuel Humberto Santander Pelaez Enhanced Mitigation Experience Toolkit can block Adobe 0-day exploit
2009-11-02/a>Rob VandenBrinkMicrosoft releases v1.02 of Enhanced Mitigation Evaluation Toolkit (EMET)
2008-08-02/a>Maarten Van HorenbeeckIssues affecting sites using Sitemeter [resolved]

ADOBE

2014-11-11/a>Johannes UllrichAdobe Flash Update
2014-10-14/a>Johannes UllrichAdobe October 2014 Bulletins for Flash Player and Coldfusion
2014-08-12/a>Adrien de BeaupreAdobe updates for 2014/08
2014-04-28/a>Russ McReeAdobe Security Bulletin: Security updates available for Adobe Flash Player http://adobe.ly/QVjO72
2014-04-08/a>Rick WannerSecurity Updates available for Adobe Flash Player - http://helpx.adobe.com/security/products/flash-player/apsb14-09.html
2014-03-13/a>Daniel WesemannAdobe Shockwave Player critical update: http://helpx.adobe.com/security/products/shockwave/apsb14-10.html
2014-03-11/a>Johannes UllrichAdobe Updates: Flash Player
2014-02-20/a>Stephen HallAbobe out of band patch announcement (APSB14-07)
2014-02-11/a>Johannes UllrichAdobe February 2014 Patch Tuesday
2014-02-04/a>Johannes UllrichAdobe Flash Player Emergency Patch
2014-01-14/a>Johannes UllrichAdobe Patch Tuesday January 2014
2013-12-21/a>Daniel WesemannAdobe phishing underway
2013-12-10/a>Rob VandenBrinkAdobe Updates today as well.
2013-11-22/a>Rick WannerTales of Password Reuse
2013-10-09/a>Johannes UllrichOther Patch Tuesday Updates (Adobe, Apple)
2013-10-05/a>Richard PorterAdobe Breach Notification, Notifications?
2013-10-04/a>Johannes UllrichThe Adobe Breach FAQ
2013-10-03/a>Johannes UllrichOctober Patch Tuesday Preview (CVE-2013-3893 patch coming!)
2013-09-10/a>Swa FrantzenAdobe September 2013 Black Tuesday Overview
2013-07-09/a>Swa FrantzenAdobe July 2013 Black Tuesday Overview
2013-06-11/a>Swa FrantzenAdobe June 2013 Black Tuesday Overview
2013-05-14/a>Swa FrantzenAdobe May 2013 Black Tuesday Overview
2013-05-10/a>Johannes UllrichMicrosoft and Adobe Patch Tuesday Pre-Release
2013-05-09/a>John BambenekAdobe Releases 0-day Security Advisory for Coldfusion, Exploit Code Available. Advisory here: http://www.adobe.com/support/security/advisories/apsa13-03.html
2013-05-08/a>Johannes Ullrich"De Flashing" the ISC Web Site and Flash XSS issues
2013-04-09/a>Swa FrantzenAdobe April 2013 Black Tuesday Overview
2013-03-12/a>Swa FrantzenAdobe March 2013 Black Tueday
2013-02-27/a>Adam SwangerAdobe Flash Player Security Update - http://www.adobe.com/support/security/bulletins/apsb13-08.html
2013-02-20/a>Johannes UllrichUpdate Palooza
2013-02-17/a>Guy BruneauAdobe Acrobat and Reader Security Update Planned this Week
2013-02-13/a>Swa FrantzenMore adobe reader and acrobat (PDF) trouble
2013-02-07/a>John BambenekAdobe Releases Patches for 0-day Vulnerability in Flash Player for Windows and Mac, Upgrade now: http://www.adobe.com/support/security/bulletins/apsb13-04.html
2013-01-09/a>Rob VandenBrinkSecurity Updates for Adobe Flash - http://www.adobe.com/support/security/bulletins/apsb13-01.html
2013-01-09/a>Rob VandenBrinkSecurity Updates for Adobe Reader / Acrobat - http://www.adobe.com/support/security/bulletins/apsb13-02.html
2013-01-08/a>Richard PorterAdobe Security Bulletins http://blogs.adobe.com/psirt/2013/01/adobe-security-bulletins-posted-4.html
2013-01-04/a>Daniel WesemannPatch pre-notification from Adobe and Microsoft
2012-11-08/a>Daniel WesemannAdobe Patches
2012-10-09/a>Johannes UllrichAdobe Flash Player update http://www.adobe.com/support/security/bulletins/apsb12-22.html
2012-08-21/a>Adrien de BeaupreYYABCAFU - Yes Yet Another Bleeping Critical Adobe Flash Update
2012-08-14/a>Rick WannerAdobe Security Bulletins - http://blogs.adobe.com/psirt/2012/08/adobe-security-bulletins-posted-2.html
2012-06-12/a>Swa FrantzenAdobe June 2012 Black Tuesday patches
2012-05-25/a>Guy BruneauTechnical Analysis of Flash Player CVE-2012-0779
2012-05-12/a>Tony CarothersAdobe Update to Vulnerabilities
2012-05-04/a>Guy BruneauAdobe Security Flash Update
2012-04-10/a>Swa FrantzenAdobe April 2012 Black Tuesday Update
2012-04-06/a>Johannes UllrichAdobe Patch Tuesday Prerelease (Reader/Acrobat) http://www.adobe.com/support/security/bulletins/apsb12-08.html
2012-03-28/a>Kevin ShorttAdobe Flash Player APSB12-07 - 28 March 2012
2012-03-05/a>Johannes UllrichAdobe Flash Player Security Update
2012-02-16/a>Johannes UllrichAdobe Flash Player Update
2012-02-14/a>Johannes UllrichAdobe Shockwave Player and RoboHelp for Word Patches
2012-01-10/a>Adrien de BeaupreAdobe January 2012 Black Tuesday overview
2011-12-13/a>Johannes UllrichDecember 2011 Adobe Black Tuesday
2011-12-08/a>Adrien de BeaupreNewest Adobe Flash 11.1.102.55 and Previous 0 Day Exploit
2011-12-07/a>Lenny ZeltserAdobe Acrobat Latest Zero-Day Vulnerability Fix Coming to All Platforms by January 10
2011-11-11/a>Rick WannerAdobe Air updated to 3.1.0.4880
2011-11-08/a>Swa FrantzenAbobe November 2011 Black Tuesday Overview
2011-10-05/a>Johannes UllrichAdobe SSL Certificate Problem (fixed)
2011-10-01/a>Mark HofmanAdobe Photoshop for Windows Vulnerability (CVE-2011-2443)
2011-09-21/a>Swa FrantzenEmergency patch expected for Flash Player
2011-09-21/a>Guy BruneauAdobe Release Flash Player 10.3.183.10 available at http://get.adobe.com/flashplayer/
2011-09-09/a>Guy BruneauAdobe plan to release critical security updates next Tuesday for Acrobat and Reader http://www.adobe.com/support/security/bulletins/apsb11-24.html
2011-09-09/a>Guy BruneauAdobe Publish its List of Trusted Root Certificate - http://www.adobe.com/security/approved-trust-list.html
2011-08-26/a>Daniel WesemannAdobe Flash stability update to 10.3.183.7. See http://forums.adobe.com/message/3883150
2011-08-09/a>Swa FrantzenAdobe August 2011 Black Tuesday Overview
2011-06-30/a>Guy BruneauAdobe Release Flash Player 10.3.181.34 available at http://get.adobe.com/flashplayer/
2011-06-14/a>Swa FrantzenAdobe releases patches
2011-06-06/a>Johannes UllrichAdobe releases Flash Player patch on a Sunday to combat latest 0day http://www.adobe.com/support/security/bulletins/apsb11-13.html
2011-05-12/a>Chris MohanSecurity updates available for Flash Player, RoboHelp, Audition, and Flash Media Server
2011-04-21/a>Guy BruneauAdobe Reader and Acrobat Security Updates
2011-04-14/a>Johannes UllrichUpdate to Adobe Flash 0-day: Patch will be out soon
2011-04-11/a>Johannes UllrichYet another Adobe Flash/Reader/Acrobat 0 day
2011-03-22/a>Kevin ShorttAdobe Reader/Acrobat Security Update - http://www.adobe.com/support/security/bulletins/apsb11-06.html
2011-03-14/a>Bojan ZdrnjaAdobe Flash 0-day being used in targeted attacks
2011-03-02/a>Chris MohanUpdates: Firefox 3.6.14/3.5.17, Thunderbird 3.1.8, Adobe Flash v10.2.152.32 & WireShark 1.4.4
2011-02-09/a>Mark HofmanAdobe Patches (shockwave, Flash, Reader & Coldfusion)
2011-01-06/a>Johannes UllrichFlash Local-with-filesystem Sandbox Bypass
2010-11-22/a>Lenny ZeltserAdobe Acrobat Spam Going Strong - More to Come?
2010-11-19/a>Jason LamAdobe Reader X - Sandbox
2010-11-04/a>Johannes UllrichToday's Adobe Patches and Vulnerablities
2010-10-28/a>Manuel Humberto Santander PelaezCVE-2010-3654 - New dangerous 0-day authplay library adobe products vulnerability
2010-10-06/a>Robert DanfordAdobe updates: http://www.adobe.com/support/security/bulletins/apsb10-21.html
2010-09-14/a>Adrien de BeaupreAdobe Flash v10.1.82.76 and earlier vulnerability in-the-wild
2010-09-13/a>Manuel Humberto Santander Pelaez Enhanced Mitigation Experience Toolkit can block Adobe 0-day exploit
2010-09-13/a>Manuel Humberto Santander PelaezAdobe SING table parsing exploit (CVE-2010-2883) in the wild
2010-09-12/a>Manuel Humberto Santander PelaezAdobe Acrobat pushstring Memory Corruption paper
2010-09-08/a>John BambenekAdobe Acrobat/Reader 0-day in Wild, Adobe Issues Advisory
2010-08-25/a>Pedro BuenoAdobe released security update for Shockwave player that fix several CVEs: APSB1020
2010-08-19/a>Rob VandenBrinkDon points us to multiple Adobe updates (Reader and Acrobat 9.3.4 among them) ==> http://www.adobe.com/support/downloads/new.jsp
2010-08-18/a>Guy BruneauAdobe out-of-cycle Updates
2010-08-10/a>Jason LamAdobe critical security updates
2010-08-05/a>Manuel Humberto Santander PelaezAdobe Acrobat Font Parsing Integer Overflow Vulnerability
2010-07-21/a>Adrien de BeaupreAdobe Reader Protected Mode
2010-06-29/a>donald smithAdobe Reader 9.3.3/8.2.3 addressing CVE-2010-1297
2010-06-16/a>Kevin ShorttAdobe Flash Player 10.1 - Security Update Available
2010-06-09/a>Deborah HaleAdobe POC in the Wild
2010-06-09/a>Deborah HaleBest Practice to Prevent PDF Attacks
2010-06-05/a>Guy BruneauSecurity Advisory for Flash Player, Adobe Reader and Acrobat
2010-05-12/a>Rob VandenBrinkAdobe Shockwave Update
2010-04-13/a>Adrien de BeaupreSecurity update available for Adobe Reader and Acrobat
2010-04-09/a>Mark HofmanAdobe launch issue response/work around.
2010-03-31/a>Johannes UllrichPDF Arbitrary Code Execution - vulnerable by design.
2010-02-16/a>Robert DanfordAdobe Updates: http://www.adobe.com/support/security/bulletins/apsb10-07.html http://www.adobe.com/support/security/bulletins/apsb10-06.html
2010-02-12/a>G. N. WhiteAdobe Flash Player 10.0.45.2 and AIR 1.5.3.9130 released to correct vulnerability CVE-2010-0186 Details: http://www.adobe.com/support/security/bulletins/apsb10-06.html
2010-02-02/a>Guy BruneauAdobe ColdFusion Information Disclosure
2010-01-21/a>Chris CarboniSecurity Update Available for Shockwave Player
2010-01-14/a>Bojan ZdrnjaPDF Babushka
2010-01-12/a>Johannes UllrichMicrosoft Advices XP Users to Uninstall Flash Player 6
2010-01-12/a>Johannes UllrichPre-Announced Adobe Reader and Acrobat Patch Found!
2010-01-07/a>Daniel WesemannStatic analysis of malicious PDFs
2010-01-07/a>Daniel WesemannStatic analysis of malicous PDFs (Part #2)
2009-12-15/a>Johannes UllrichAdobe 0-day in the wild - again
2009-12-09/a>Swa FrantzenAdobe flash player and air patched
2009-12-03/a>Mark HofmanNext week will be a big patch week - Adobe is also releasing patches "Adobe is planning to release an update for Adobe Flash Player 10.0.32.18 and earlier versions, and an update to Adobe AIR 1.5.2 and earlier versions, to resolve critical security issues
2009-11-03/a>Bojan ZdrnjaAdobe released Shockwave Player 11.5.2.602 which fixes several critical security vulnerabilities
2009-10-13/a>Daniel WesemannAdobe Reader and Acrobat - Black Tuesday continues
2009-10-08/a>Johannes UllrichNew Adobe Vulnerability Exploited in Targeted Attacks
2009-08-18/a>Deborah HaleSecurity Bulletin for ColdFusion and JRun
2009-07-31/a>Deborah HaleAdobe Patch is out
2009-07-22/a>Bojan ZdrnjaYA0D (Yet Another 0-Day) in Adobe Flash player
2009-06-24/a>Kyle HaugsnessAdobe Shockwave Player Update
2009-06-09/a>Swa FrantzenAdobe June Black Tuesday upgrades
2009-05-24/a>Raul SilesAnalyzing malicious PDF documents
2009-05-22/a>Mark HofmanPatching and Adobe
2009-05-12/a>Swa FrantzenAdobe Acrobat (reader) patches released
2009-05-01/a>Adrien de BeaupreAdobe Flash Media Server privilege escalation security bulletin
2009-04-29/a>Jason LamTwo Adobe 0-day vulnerabilities
2009-04-20/a>Jason LamDigital Content on TV
2009-03-18/a>Adrien de BeaupreAdobe Security Bulletin Adobe Reader and Acrobat
2009-03-10/a>Swa FrantzenAdobe Acrobat 9.1 released
2009-02-25/a>Andre LudwigAdobe Acrobat pdf 0-day exploit, No JavaScript needed!
2009-02-25/a>Andre LudwigAdobe flash player patch
2009-02-25/a>Andre LudwigPreview/Iphone/Linux pdf issues
2008-12-05/a>Daniel WesemannBeen updatin' your Flash player lately?
2008-11-17/a>Jim ClausingCritical update to Adobe AIR
2008-11-11/a>Swa FrantzenAcrobat continued activity in the wild
2008-11-06/a>Joel EslerMore Adobe Updates
2008-10-15/a>Mari NicholsAdobe Flash 10 Released
2008-07-17/a>Mari NicholsAdobe Reader 9 Released
2008-07-11/a>Raul SilesHow to Determine if Adobe Acrobat or Reader 8.1.2 Security Update 1 is Installed?
2008-05-27/a>Adrien de BeaupreAdobe flash player vuln
2008-05-12/a>Scott FendleyAdobe Releases Security Updates
2008-04-09/a>Raul SilesCritical vulnerabilities in Adobe Flash Player
2008-03-20/a>Joel EslerPotential Vulnerability in Flash CS3 Professional, Flash Professional 8 and Flash Basic 8?
2008-03-12/a>Joel EslerAdobe security updates
2006-11-29/a>Toby KohlenbergNew Adobe vulnerability
2006-11-14/a>Jim ClausingMS06-069: Adobe Flash Player
2006-11-14/a>Swa FrantzenAdobe Flash update available
2006-09-12/a>Swa FrantzenAdobe Flash player upgrade time

EXPLOIT

2014-08-16/a>Lenny ZeltserWeb Server Attack Investigation - Installing a Bot and Reverse Shell via a PHP Vulnerability
2014-07-22/a>Daniel WesemannIvan's Order of Magnitude
2014-02-28/a>Daniel WesemannFiesta!
2014-02-13/a>Johannes UllrichLinksys Worm ("TheMoon") Captured
2014-02-12/a>Johannes UllrichSuspected Mass Exploit Against Linksys E1000 / E1200 Routers
2013-10-01/a>John Bambenek*Metaspoit Releases Module to Exploit Unpatched IE Vuln CVE-2013-3893
2013-09-20/a>Russ McReeThreat Level Yellow: Protection recommendations regarding Internet Explorer exploits in the wild
2013-05-22/a>Adrien de BeauprePrivilege escalation, why should I care?
2013-02-21/a>Pedro BuenoNBC site redirecting to Exploit kit
2013-02-17/a>Guy BruneauAdobe Acrobat and Reader Security Update Planned this Week
2013-02-13/a>Swa FrantzenMore adobe reader and acrobat (PDF) trouble
2013-01-05/a>Guy BruneauAdobe ColdFusion Security Advisory
2013-01-04/a>Guy Bruneau"FixIt" Patch for CVE-2012-4792 Bypassed
2012-12-10/a>Johannes UllrichYour CPA License has not been revoked
2012-12-02/a>Guy BruneauZero Day MySQL Buffer Overflow
2012-08-05/a>Daniel WesemannPhishing for Payroll with unpatched Java
2012-07-19/a>Mark BaggettA Heap of Overflows?
2012-06-18/a>Guy BruneauCVE-2012-1875 exploit is now available
2012-05-05/a>Tony CarothersVulnerability Exploit for Snow Leopard
2012-04-26/a>Richard PorterPacketstorm Security and Metasploit have Exploit code for MS12-027
2012-03-11/a>Johannes UllrichAn Analysis of Jester's QR Code Attack. (Guest Diary)
2011-12-08/a>Adrien de BeaupreNewest Adobe Flash 11.1.102.55 and Previous 0 Day Exploit
2011-12-06/a>Pedro BuenoThe RedRet connection...
2011-11-22/a>Pedro BuenoUpdates on ZeroAccess and BlackHole front...
2011-10-13/a>Johannes UllrichCritical OS X Vulnerability Patched
2011-05-06/a>Richard PorterUpdated Exploit Index for Microsoft
2011-03-29/a>Daniel WesemannMalware emails with fake cellphone invoice
2011-03-15/a>Lenny ZeltserLimiting Exploit Capabilities by Using Windows Integrity Levels
2011-03-09/a>Kevin ShorttAVG Anti-Virus 2011 False Positives - Luhe.Exploit.PDF.B
2011-02-16/a>Jason LamWindows 0-day SMB mrxsmb.dll vulnerability
2010-12-27/a>Johannes UllrichVarious sites "Owned and Exposed"
2010-12-13/a>Deborah HaleThe Week to Top All Weeks
2010-12-02/a>Kevin JohnsonProFTPD distribution servers compromised
2010-11-01/a>Manuel Humberto Santander PelaezCVE-2010-3654 exploit in the wild
2010-09-26/a>Daniel WesemannPDF analysis paper
2010-09-14/a>Adrien de BeaupreAdobe Flash v10.1.82.76 and earlier vulnerability in-the-wild
2010-09-13/a>Manuel Humberto Santander Pelaez Enhanced Mitigation Experience Toolkit can block Adobe 0-day exploit
2010-09-13/a>Manuel Humberto Santander PelaezAdobe SING table parsing exploit (CVE-2010-2883) in the wild
2010-09-02/a>Daniel WesemannSDF, please!
2010-08-22/a>Manuel Humberto Santander PelaezAnatomy of a PDF exploit
2010-06-15/a>Manuel Humberto Santander PelaezMicrosoft Windows Help and Support Center vulnerability (CVE 2010-1885) exploit in the wild
2010-06-06/a>Manuel Humberto Santander PelaezNice OS X exploit tutorial
2010-05-23/a>Manuel Humberto Santander PelaezOracle Java SE and Java for Business 'MixerSequencer' Remote Code Execution Vulnerability
2010-04-10/a>Andre LudwigNew bug/exploit for javaws
2010-02-08/a>Adrien de BeaupreWhen is a 0day not a 0day? Fake OpenSSh exploit, again.
2010-01-24/a>Pedro BuenoOutdated client applications
2010-01-19/a>Johannes UllrichUnpatched Microsoft Windows (all versions) Privilege Escalation Vulnerability Released
2010-01-12/a>Adrien de BeauprePoC for CVE-2009-0689 MacOS X 10.5/10.6 vulnerability
2009-12-05/a>Guy BruneauJava JRE Buffer and Integer Overflow
2009-11-16/a>G. N. WhiteReports of a successful exploit of the SSL Renegotiation Vulnerability?
2009-11-14/a>Adrien de BeaupreMicrosoft advisory for Windows 7 / Windows Server 2008 R2 Remote SMB DoS Exploit released
2009-11-12/a>Rob VandenBrinkWindows 7 / Windows Server 2008 Remote SMB Exploit
2009-10-21/a>Pedro BuenoWordPress Hardening
2009-09-16/a>Bojan ZdrnjaSMB2 remote exploit released
2009-08-31/a>Pedro BuenoMicrosoft IIS 5/6 FTP 0Day released
2009-08-18/a>Bojan ZdrnjaMS09-039 exploit in the wild?
2009-07-16/a>Bojan ZdrnjaOWC exploits used in SQL injection attacks
2009-07-15/a>Bojan ZdrnjaMake sure you update that Java
2009-07-13/a>Adrien de Beaupre* Infocon raised to yellow for Excel Web Components ActiveX vulnerability
2009-07-10/a>Guy BruneauWordPress Fixes Multiple vulnerabilities
2009-07-09/a>Bojan ZdrnjaOpenSSH 0day FUD
2009-06-12/a>Adrien de BeaupreGreen Dam
2009-06-08/a>Chris CarboniKloxo (formerly Lxadmin) Vulnerability Exploited
2009-05-06/a>Tom ListonFollow The Bouncing Malware: Gone With the WINS
2009-04-24/a>Pedro BuenoDid you check your conference goodies?
2009-04-14/a>Swa FrantzenVMware exploits - just how bad is it ?
2009-03-19/a>Mark HofmanBrowsers Tumble at CanSecWest
2009-03-18/a>Adrien de BeaupreAdobe Security Bulletin Adobe Reader and Acrobat
2009-02-25/a>Andre LudwigAdobe Acrobat pdf 0-day exploit, No JavaScript needed!
2009-02-25/a>Andre LudwigPreview/Iphone/Linux pdf issues
2008-08-26/a>John BambenekActive attacks using stolen SSH keys (UPDATED)
2008-05-07/a>Jim ClausingMore on automated exploit generation
2008-05-05/a>John BambenekDefenses Against Automated Patch-Based Exploit Generation
2008-04-24/a>Maarten Van HorenbeeckTargeted attacks using malicious PDF files
2008-04-18/a>John BambenekThe Patch Window is Gone: Automated Patch-Based Exploit Generation
2008-04-10/a>Deborah HaleSymantec Threatcon Level 2
2006-11-20/a>Joel EslerMS06-070 Remote Exploit