Handler on Duty: Xavier Mertens
Threat Level: green
Johannes Ullrich Diaries
- Microsoft Patch Tuesday - October 2024
- Survey of CUPS exploit attempts
- Hurricane Helene Aftermath - Cyber Security Awareness Month
- Patch for Critical CUPS vulnerability: Don't Panic
- DNS Reflection Update and Odd Corrupted DNS Requests
- Exploitation of RAISECOM Gateway Devices Vulnerability CVE-2024-7120
- Fake GitHub Site Targeting Developers
- Microsoft September 2024 Patch Tuesday
- Scans for Moodle Learning Platform Following Recent Update
- OpenAI Scans for Honeypots. Artificially Malicious? Action Abuse?
- Where are we with CVE-2024-38063: Microsoft IPv6 Vulnerability
- Video: Same Origin, CORS, DNS Rebinding and Localhost
- A Survey of Scans for GeoServer Vulnerabilities
- Even Linux users should take a look at this Microsoft KB article.
- Tracking Proxy Scans with IPv4.Games
- Increased Activity Against Apache OFBiz CVE-2024-32113
- Apple Patches Everything. July 2024 Edition
- New Exploit Variation Against D-Link NAS Devices (CVE-2024-3273)
- CrowdStrike: The Monday After
- Widespread Windows Crashes Due to Crowdstrike Updates
- Attacks against the "Nette" PHP framework CVE-2020-15227
- Understanding SSH Honeypot Logs: Attackers Fingerprinting Honeypots
- Microsoft Patch Tuesday July 2024
- Overlooked Domain Name Resiliency Issues: Registrar Communications
- SSH "regreSSHion" Remote Code Execution Vulnerability in OpenSSH.
- Configuration Scanners Adding Java Specific Configuration Files
- Video Meta Data: DJI Drones
- Port 1801 Traffic: Microsoft Message Queue
- Microsoft Patch Tuesday June 2024
- Attacker Probing for New PHP Vulnerablity CVE-2024-4577
- Finding End of Support Dates: UK PTSI Regulation
- Brute Force Attacks Against Watchguard VPN Endpoints
- No-Defender, Yes-Defender
- Apple Patches Everything: macOS, iOS, iPadOS, watchOS, tvOS updated.
- Detecting XFinity/Comcast DNS Spoofing
- Scans Probing for LB-Link and Vinga WR-AC1200 routers CVE-2023-24796
- Another Day, Another NAS: Attacks against Zyxel NAS326 devices CVE-2023-4473, CVE-2023-4474
- D-Link NAS Device Backdoor Abused
- Struts "devmode": Still a problem ten years later?
- Palo Alto Networks GlobalProtect exploit public and widely exploited CVE-2024-3400
- Quick Palo Alto Networks Global Protect Vulnerablity Update (CVE-2024-3400)
- Critical Palo Alto GlobalProtect Vulnerability Exploited (CVE-2024-3400)
- April 2024 Microsoft Patch Tuesday Summary
- Slicing up DoNex with Binary Ninja
- Some things you can learn from SSH traffic
- Scans for Apache OfBiz
- Apple Updates for MacOS, iOS/iPadOS and visionOS
- Whois "geofeed" Data
- Scans for Fortinet FortiOS and the CVE-2024-21762 vulnerability
- Attacker Hunting Firewalls
- Microsoft Patch Tuesday - March 2024
- MacOS Patches (and Safari, TVOS, VisionOS, WatchOS)
- Apple Releases iOS/iPadOS Updates with Zero Day Fixes.
- Why Your Firewall Will Kill You
- Exploit Attempts for Unknown Password Reset Vulnerability
- Take Downs and the Rest of Us: Do they matter?
- Large AT&T Wireless Network Outage #att #outage
- Exploit against Unnamed "Bytevalue" router vulnerability included in Mirai Bot
- Internet Storm Center Podcast ("Stormcast") 15th Birthday
- Anybody knows that this URL is about? Maybe Balena API request?
- What is a "Top Level Domain"?
- The Fun and Dangers of Top Level Domains (TLDs)
- What did I say to make you stop talking to me?
- Exploit Flare Up Against Older Altassian Confluence Vulnerability
- How Bad User Interfaces Make Security Tools Harmful
- Update on Atlassian Exploit Activity
- Apple Updates Everything - New 0 Day in WebKit
- Scans/Exploit Attempts for Atlassian Confluence RCE Vulnerability CVE-2023-22527
- More Scans for Ivanti Connect "Secure" VPN. Exploits Public
- Scans for Ivanti Connect "Secure" VPN Vulnerability (CVE-2023-46805, CVE-2024-21887)
- New YouTube Video Series: Hacker Tools Origin Stories
- Microsoft January 2024 Patch Tuesday
- Jenkins Brute Force Scans
- Fingerprinting SSH Identification Strings
- Increase in Exploit Attempts for Atlassian Confluence Server (CVE-2023-22518)
- What are they looking for? Scans for OpenID Connect Configuration (Update: CitrixBleed)
- Microsoft Patch Tuesday December 2023
- Apple Patches Everything
- Zarya Hacktivists: More than just Sharepoint.
- Apple Patches Exploited WebKit Vulnerabilities in iOS/iPadOS/macOS
- Pro Russian Attackers Scanning for Sharepoint Servers to Exploit CVE-2023-29357
- Scans for ownCloud Vulnerability (CVE-2023-49103)
- Happy Birthday DShield
- Beyond -n: Optimizing tcpdump performance
- Microsoft Patch Tuesday November 2023
- What's Normal: New uses of DNS, Discovery of Designated Resolvers (DDR)
- Exploit Activity for CVE-2023-22518, Atlassian Confluence Data Center and Server
- Flying under the Radar: The Privacy Impact of multicast DNS
- Adventures in Validating IPv4 Addresses
- Apple Patches Everything. Releases iOS 17.1, MacOS 14.1 and updates for older versions fixing exploited vulnerability
- Sporadic scans for "server-info.action", possibly looking for Confluence Server and Data Center Vulnerability CVE-2023-22515
- How an AppleTV may take down your (#IPv6) network
- Changes to SMS Delivery and How it Effects MFA and Phishing
- What's Normal: MAC Addresses
- CVE-2023-38545: curl SOCKS5 oversized hostname vulnerability. How bad is it?
- October 2023 Microsoft Patch Tuesday Summary
- Apple fixes vulnerabilities in iOS and iPadOS.
- What's Normal? Connection Sizes
- Apple Releases MacOS Sonoma Including Numerous Security Patches
- Apple Patches Three New 0-Day Vulnerabilities Affecting iOS/iPadOS/watchOS/macOS
- What's Normal? DNS TTL Values
- Obfuscated Scans for Older Adobe Experience Manager Vulnerabilities
- Internet Wide Multi VPN Search From Single /24 Network
- Apple fixes 0-Day Vulnerability in Older Operating Systems
- Apple Releases iOS/iPadOS 16.6.1, macOS 13.5.2, watchOS 9.6.2 fixing two zeroday vulnerabilities
- Fleezeware/Scareware Advertised via Facebook Tags; Available in Apple App Store
- Security Relevant DNS Records
- Home Office / Small Business Hurricane Prep
- Update: Researchers scanning the Internet
- Summary of DNS over HTTPS requests against our honeypots.
- USPS Phishing Scam Targeting iOS Users
- Apple Updates Everything (again)
- Exploit Attempts for "Stagil navigation for Jira Menus & Themes" CVE-2023-26255 and CVE-2023-26256
- Apple Patches Exploited Vulnerabilities in iOS/iPadOS, macOS, watchOS and Safari
- June 2023 Microsoft Patch Tuesday
- Geoserver Attack Details: More Cryptominers against Unconfigured WebApps
- Ongoing scans for Geoserver
- Github Copilot vs. Google: Which code is more secure
- Brute Forcing Simple Archive Passwords
- Your Business Data and Machine Learning at Risk: Attacks Against Apache NiFi
- Help us figure this out: Scans for Apache "Nifi"
- Probes for recent ABUS Security Camera Vulnerability: Attackers keep an eye on everything.
- Apple Updates Everything
- A Quick Survey of .zip Domains: Your highest risk is running into Rick Astley.
- The .zip gTLD: Risks and Opportunities
- Geolocating IPs is harder than you think
- SANS.edu Research Journal: Volume 3
- Calculating CVSS Scores with ChatGPT
- UDDIs are back? Attackers rediscovering old exploits.
- HTTP: What's Left of it and the OCSP Problem
- Apple Patching Two 0-Day Vulnerabilities in iOS and macOS
- Analyzing the efile.com Malware "efail"
- Supply Chain Compromise or False Positive: The Intriguing Case of efile.com [updated - confirmed malicious code]
- Tax Season Risks
- Apple Updates Everything (including Studio Display)
- Cropping and Redacting Images Safely
- Incoming Silicon Valley Bank Related Scams
- Increase in exploits agains Joomla (CVE-2023-23752)
- Hackers Love This VSCode Extension: What You Can Do to Stay Safe
- Internet Wide Scan Fingerprinting Confluence Servers
- Microsoft February 2023 Patch Tuesday
- Apple Patches Exploited Vulnerability
- Venmo Phishing Abusing LinkedIn "slink"
- Simple HTML Phishing via Telegram Bot
- Earthquake in Turkey and Syria: Be Aware of Possible Donation Scams
- APIs Used by Bots to Detect Public IP address
- Decoding DNS over HTTP(s) Requests
- Apple Updates (almost) Everything: Patch Overview
- PSA: Why you must run an ad blocker when using Google
- Elon Musk Themed Crypto Scams Flooding YouTube Today
- New year, old tricks: Hunting for CircleCI configuration files
- Its about time: OS Fingerprinting using NTP
- Can you please tell me what time it is? Adventures with public NTP servers.
- Apple Updates Everything
- Mirai Botnet and Gafgyt DDoS Team Up Against SOHO Routers.
- What's the deal with these router vulnerabilities?
- Identifying Groups of "Bot" Accounts on LinkedIn
- Ukraine Themed Twitter Spam Pushing iOS Scareware
- Happy 22nd Birthday DShield.org!
- Packet Tuesday: Episode 2 - Extended DNS Option Type 0
- Lessons Learned from Automatic Failover: When 8.8.8.8 "disappears". IPv6 to the Rescue?
- Evil Maid Attacks - Remediation for the Cheap
- Packet Tuesday: Network Traffic Analysis for the Whole Family
- Critical OpenSSL 3.0 Update Released. Patches CVE-2022-3786, CVE-2022-3602
- Upcoming Critical OpenSSL Vulnerability: What will be Affected?
- Why is My Cat Using Baidu? And Other IoT DNS Oddities
- Apple Patches Everything: October 2022 Edition
- Forensic Value of Prefetch
- Scans for old Fortigate Vulnerability: Building Target Lists?
- October 2022 Microsoft Patch Tuesday
- What is in your Infosec Calendar?
- More IcedID
- Credential Harvesting with Telegram API
- Exchange Server 0-Day Actively Exploited
- 10 Years Later: Attacker re-discovering old VTiger CRM Vulnerability?
- DNS Option 15: Debugging DNSSEC Errors.
- VirusTotal Result Comparisons for Honeypot Malware
- PHP Deserialization Exploit attempt
- Jolokia Scans: Possible Hunt for Vulnerable Apache Geode Servers (CVE-2022-37021)
- Underscores and DNS: The Privacy Story
- Two things that will never die: bash scripts and IRC!
- Windows Security Blocks UPX Compressed (packed) Binaries
- Honeypot Attack Summaries with Python
- Apple Patches Two Exploited Vulnerabilities
- A Quick VoIP Experiment
- Realtek SDK SIP ALG Vulnerability: A Big Deal, but not much you can do about it. CVE 2022-27255
- And Here They Come Again: DNS Reflection Attacks
- JSON All the Logs!
- l9explore and LeakIX Internet wide recon scans.
- Increase in Chinese "Hacktivism" Attacks
- A Little DDoS in the Morning - Followup
- A Little DDoS In the Morning
- PDF Analysis Intro and OpenActions Entries
- Exfiltrating Data With Bookmarks
- Apple Patches Everything Day
- Requests For beacon.http-get. Help Us Figure Out What They Are Looking For
- ISC Website Redesign
- How Many SANs are Insane?
- Possible Scans for HiByMusic Devices
- Encrypted Client Hello: Anybody Using it Yet?
- Experimental New Domain / Domain Age API
- Odd TCP Fast Open Packets. Anybody understands why?
- Terraforming Honeypots. Installing DShield Sensors in the Cloud
- Atlassian Confluence Exploits Seen By Our Honeypots (CVE-2022-26134)
- Quick Answers in Incident Response: RECmd.exe
- Attacker Scanning for jQuery-File-Upload
- Apple Patches Everything
- Why is my Honeypot a Russian Certificate Authority?
- From 0-Day to Mirai: 7 days of BIG-IP Exploits
- F5 BIG-IP Unauthenticated RCE Vulnerability (CVE-2022-1388)
- Some Honeypot Updates
- A Day of SMB: What does our SMB/RPC Honeypot see? CVE-2022-26809
- Resetting Linux Passwords with U-Boot Bootloaders
- An Update on CVE-2022-26809 - MSRPC Vulnerabliity - PATCH NOW
- Spring: It isn't just about Spring4Shell. Spring Cloud Function Vulnerabilities are being probed too.
- What is BIMI and how is it supposed to help with Phishing.
- WebLogic Crypto Miner Malware Disabling Alibaba Cloud Monitoring Tools
- Emptying the Phishtank: Are WordPress sites the Mosquitoes of the Internet?
- Apple Patches Actively Exploited Vulnerability in macOS, iOS and iPadOS,
- Spring Vulnerability Update - Exploitation Attempts CVE-2022-22965
- Java Springtime Confusion: What Vulnerability are We Talking About
- BGP Hijacking of Twitter Prefix by RTComm.ru
- Possible new Java Spring Framework Vulnerability (Updated: not a Spring problem)
- More Fake/Typosquatting Twitter Accounts Asking for Ukraine Crytocurrency Donations
- Statement by President Biden: What you need to do (or not do)
- Scans for Movable Type Vulnerability (CVE-2021-20837)
- Look Alike Accounts Used in Ukraine Donation Scam impersonating Olena Zelenska
- Apple Updates Everything: MacOS 12.3, XCode 13.3, tvOS 15.4, watchOS 8.5, iPadOS 15.4 and more
- No Bitcoin - No Problem: Follow Up to Last Weeks Donation Scam
- Scam E-Mail Impersonating Red Cross
- Attackers Search For Exposed "LuCI" Folders: Help me understand this attack
- The More Often Something is Repeated, the More True It Becomes: Dealing with Social Media
- The Rise and Fall of log4shell
- Reminder: Decoding TLS Client Hellos to non TLS servers
- iOS/iPadOS and MacOS Update: Single WebKit 0-Day Vulnerability Patched
- Zyxel Network Storage Devices Hunted By Mirai Variant
- web3 phishing via self-customizing landing pages
- Keeping Track of Your Attack Surface for Cheap
- Finding elFinder: Who is looking for your files?
- Apple Patches Everything
- Log4Shell Attacks Getting "Smarter"
- Use of Alternate Data Streams in Research Scans for index.jsp.
- A Quick CVE-2022-21907 FAQ
- Microsoft Patch Tuesday - January 2022
- Defending Cloud IMDS Against log4shell (and more)
- log4shell and cloud provider internal meta data services (IMDS)
- Log4j: Getting ready for the long haul (CVE-2021-44228)
- Log4j / Log4Shell Followup: What we see and how to defend (and how to access our data)
- Webshells, Webshells everywhere!
- Hunting for PHPUnit Installed via Composer
- In Memory of Alan Paller
- Can you make the Great Chinese Firewall work for you?
- Please fix your E-Mail Brute forcing tool!
- Things that go "Bump" in the Night: Non HTTP Requests Hitting Web Servers
- Who Is Hunting For Your IPTV Set-Top Box?
- Apache 2.4.49 Directory Traversal Vulnerability (CVE-2021-41773)
- Looking Glasses: Debugging Network Connectivity Issues
- Facebook Outage: Yes, its DNS (sort of). A super quick analysis of what is going on.
- Boutique "Dark" Botnet Hunting for Crumbs
- A First Look at Apple's iOS 15 "Private Relay" feature.
- #OMIGOD Exploits Captured in the Wild. Researchers responsible for half of scans for related ports.
- Updates to Our Datafeeds/API
- Microsoft Offers Workaround for 0-Day Office Vulnerability (CVE-2021-40444)
- Why I Gave Up on IPv6. And no, it is not because of security issues.
- Attackers Hunting For Twilio Credentials
- Out of Band Phishing. Using SMS messages to Evade Network Detection
- When Lightning Strikes. What works and doesn't work.
- 5 Things to Consider Before Moving Back to the Office
- Laravel (<=v8.4.2) exploit attempts for CVE-2021-3129 (debug mode: Remote code execution)
- Three Problems with Two Factor Authentication
- Is this the Weirdest Phishing (SMishing?) Attempt Ever?
- Lost in the Cloud: Akamai DNS Outage
- "Summer of SAM": Microsoft Releases Guidance for CVE-2021-36934
- USPS Phishing Using Telegram to Collect Data
- Securing and Optimizing Networks: Using pfSense Traffic Shaper Limiters to Combat Bufferbloat
- Microsoft Releases Patches for CVE-2021-34527
- CVE-2021-1675: Incomplete Patch and Leaked RCE Exploit
- Standing With Security Researchers Against Misuse of the DMCA
- Multi Perimeter Device Exploit Mirai Version Hunting For Sonicwall, DLink, Cisco and more
- Are Cookie Banners a Waste of Time or a Complete Waste of Time?
- Amazon Sidewalk: Cutting Through the Hype
- New YouTube Video Series: Everything you ever wanted to know about DNS and more!
- And Ransomware Just Got a Bit Meaner (yes... it is possible)
- Correctly Validating IP Addresses: Why encoding matters for input validation.
- Why and How You Should be Using an Internal Certificate Authority
- WiFi IDS and Private MAC Addresses
- Piktochart - Phishing with Infographics
- Microsoft Releases Exchange Emergency Patch to Fix Actively Exploited Vulnerability
- Scans for Zyxel Backdoors are Commencing.
- Netfox Detective: An Alternative Open-Source Packet Analysis Tool
- SolarWinds Breach Used to Infiltrate Customer Networks (Solarigate)
- December 2020 Microsoft Patch Tuesday: Exchange, Sharepoint, Dynamics and DNS Spoofing
- The special case of TCP RST
- Rediscovering Limitations of Stateful Firewalls: "NAT Slipstreaming" ? Implications, Detections and Mitigations
- PATCH NOW: CVE-2020-14882 Weblogic Actively Exploited Against Honeypots
- CVE-2020-16898: Windows ICMPv6 Router Advertisement RRDNS Option Remote Code Execution Vulnerability
- Today, Nobody is Going to Attack You.
- Scans for FPURL.xml: Reconnaissance or Not?
- Securing Exchange Online [Guest Diary]
- Do Vulnerabilities Ever Get Old? Recent "Mirai" Variant Scanning for 20 Year Old Amanda Version?
- Not Everything About ".well-known" is Well Known
- A First Look at macOS 11 Big Sur Network Traffic (New! Now with more GREASE!)
- Exposed Windows Domain Controllers Used in CLDAP DDoS Attacks
- CenturyLink Outage Causing Internet Wide Problems
- A Word of Caution: Helping Out People Being Stalked Online
- Internet Choke Points: Concentration of Authoritative Name Servers
- Reminder: Patch Cisco ASA / FTD Devices (CVE-2020-3452). Exploitation Continues
- Python Developers: Prepare!!!
- Consumer VPNs: You May Be Fine Without
- All I want this Tuesday: More Data
- In Memory of Donald Smith
- PATCH NOW - SIGRed - CVE-2020-1350 - Microsoft DNS Server Vulnerability
- Active Exploit Attempts Targeting Recent Citrix ADC Vulnerabilities CTX276688
- Happy Birthday DShield: DShield.org was registered 20 years ago.
- Summary of CVE-2020-5902 F5 BIG-IP RCE Vulnerability Exploits
- Share the Mic in Cyber
- Tech Tuesday Recap / Recordings: Part 2 (Installing the Honeypot) release.
- Cyberbunker 2.0: Analysis of the Remnants of a Bullet Proof Hosting Provider
- Odd "Protest" Spam (Scam?) Targeting Atlanta Police Foundation
- Cyber Security for Protests
- Suspending Suspicious Domain Feed / Update to Researcher IP Feed
- The Impact of Researchers on Our Data
- Privacy Preserving Protocols to Trace Covid19 Exposure
- Using AppLocker to Prevent Living off the Land Attacks
- Increase in RDP Scanning
- Kwampirs Targeted Attacks Involving Healthcare Sector
- A Quick Summary of Current Reflective DNS DDoS Attacks
- Microsoft Patch Tuesday March 2020
- Let's Encrypt Revoking 3 Million Certificates
- Introduction to EvtxEcmd (Evtx Explorer)
- Network Security Perspective on Coronavirus Preparedness
- CVE-2020-0601 Followup
- Microsoft Patch Tuesday for January 2020
- Citrix ADC Exploits are Public and Heavily Used. Attempts to Install Backdoor
- A Quick Update on Scanning for CVE-2019-19781 (Citrix ADC / Gateway Vulnerability)
- Increase in Number of Sources January 3rd and 4th: spoofed
- Some Thoughts About the Critical Citrix ADC/Gateway Vulnerability (CVE-2019-19781)
- Miscellaneous Updates to our "Threatfeed" API
- More DNS over HTTPS: Become One With the Packet. Be the Query. See the Query
- Is it Possible to Identify DNS over HTTPs Without Decrypting TLS?
- Cheap Chinese JAWS of DVR Exploitability on Port 60001
- SMS and 2FA: Another Reason to Move away from It.
- November 2019 Microsoft Patch Tuesday
- Are We Going Back to TheMoon (and How is Liquor Involved)?
- rConfig Install Directory Remote Code Execution Vulnerability Exploited
- Your Supply Chain Doesn't End At Receiving: How Do You Decommission Network Equipment?
- When MacOS Catalina Comes to Life: The First Few Minutes of Network Traffic From MacOS 10.15.
- A Quick Look at Some Current Comment Spam
- [Guest Diary] Tricky LNK points to TrickBot
- [Guest Diary] Open Redirect: A Small But Very Common Vulnerability
- Is it Safe to Require TLS 1.2 for E-Mail
- August 2019 Microsoft Patch Tuesday
- [Guest Diary] The good, the bad and the non-functional, or "how not to do an attack campaign"
- What is Listening On Port 9527/TCP?
- Targeted Phishing Attacks in the Financial Industry: Fire-3 Phishing Kit
- Can You Spell 2FA? A Luno Phish Example
- Remembering Mike Assante
- Extensive BGP Issues Affecting Cloudflare and possibly others
- What You Need To Know About TCP "SACK Panic"
- Critical Actively Exploited WebLogic Flaw Patched CVE-2019-2729
- Quick Detect: Exim "Return of the Wizard" Attack
- Investigating an Odd DNS Query
- An Update on the Microsoft Windows RDP "Bluekeep" Vulnerability (CVE-2019-0708) [now with pcaps]
- Update about Weblogic CVE-2019-2725 (Exploits Used in the Wild, Patch Status)
- Odd DNS Requests that are Normal
- Configuring MTA-STS and TLS Reporting For Your Domain
- When Windows 10 Comes to Live: The First Few Minutes in the Live of a Windows 10 System
- How to Find Hidden Cameras in your AirBNB
- Fake AV is Back: LaCie Network Drives Used to Spread Malware
- Test Diary
- A Not So Well Done Phish (Why Attackers need to Implement IPv6 Now! ;-) )
- Microsoft January 2019 Patch Tuesday
- Arrest of Huawei CFO Inspires Advance Fee Scam
- Critical Vulnerability in Flash Player
- November 2018 Microsoft Patch Tuesday
- Struts 2.3 Vulnerable to Two Year old File Upload Flaw
- Fake Bank/Post Office Phone Calls Targeting Chinese Immigrants
- October 2018 Microsoft Patch Tuesday
- It is the End of the World as We Know It. So What's Next?
- Identifying a phisher
- Pre-Pwned AMI Images in Amazon's AWS public instance store
- So What is Going on With IPv4 Fragments these Days?
- Microsoft September Patch Tuesday Summary
- Microsoft August 2018 Patch Tuesday
- What Do I Need To Know about "SegmentSmack"
- When Cameras and Routers attack Phones. Spike in CVE-2014-8361 Exploits Against Port 52869
- Facebook Phishing via SMS
- New Extortion Tricks: Now Including Your Password!
- Microsoft Patch Tuesday July 2018 (now with Dashboard!)
- Worm (Mirai?) Exploiting Android Debug Bridge (Port 5555/tcp)
- Apple Patches Everything Again.
- New and Improved Cryptominers: Now with 50% less Greed.
- Secure Phishing: Netflix Phishing Goes TLS
- Microsoft June 2018 Patch Tuesday
- Apple Security Updates
- Resetting Your Router the Paranoid (=Right) Way
- DNS is Changing. Are you Ready?
- Insecure Claymore Miner Management API Exploited in the Wild
- Microsoft May 2018 Patch Tuesday
- Yet Another Drupal RCE Vulnerability
- Apple Patches iOS, Safari and MacOS
- A Review of Recent Drupal Attacks (CVE-2018-7600)
- A Phisher's View of Phishing: U-Admin 2.7 Phishing Control Panel
- Microsoft April 2018 Patch Tuesday
- ISC/DShield Website TLS Updates
- Java Deserialization Attack Against Windows
- SPECTRE and Meltdown To patch or not to patch?..and HOW (Guest Diary)
- Microsoft March 2018 Patch Tuesday
- How did it all start? Early Memcached DDoS Attack Precursors and Ransom Notes
- Why Does Emperor Xi Dislike Winnie the Pooh and Scrambled Eggs?
- Why we Don't Deserve the Internet: Memcached Reflected DDoS Attacks.
- February 2018 Microsoft (and Adobe) Patch Tuesday
- Adobe Flash 0-Day Used Against South Korean Targets
- Apple Updates Everything, Again
- Microsoft January 2018 Patch Tuesday
- A Story About PeopleSoft: How to Make $250k Without Leaving Home.
- December Microsoft Patch Tuesday Summary
- Using Our API To Adjust iptables Rules
- Apple Updates Everything. Again.
- PSA: Do not Trust Reverse DNS (and why does an address resolve to "localhost").
- 9 Fast and Easy Ways To Lose Your Crypto Coins
- Internet Wide Ethereum JSON-RPC Scans
- Critical Patch For Oracle's Identity Manager
- Is a telco in Brazil hosting an epidemic of open SOCKS proxies?
- WPA2 "KRACK" Attack
- What's in a cable? The dangers of unauthorized cables
- pcap2curl: Turning a pcap file into a set of cURL commands for "replay"
- Security Awareness Month: How to Help Friends and Family
- Securing "Out of Band" Access
- Microsoft Patch Tuesday September 2017
- The Mirai Botnet: A Look Back and Ahead At What's Next
- An Update On DVR Malware: A DVR Torture Chamber
- Microsoft Patch Tuesday August 2017
- Use of the Open Graph Protocol to Disguise Malicious Facebook Links
- Using a Raspberry Pi honeypot to contribute data to DShield/ISC
- Investigation of BitTorrent Sync (v.2.0) as a P2P Cloud Service (Part 2 ? Log Files artefacts)
- Investigation of BitTorrent Sync (v.2.0) as a P2P Cloud (Part 1)
- Traveling with a Laptop / Surviving a Laptop Ban: How to Let Go of "Precious"
- Fake DDoS Extortions Continue. Please Forward Us Any Threats You Have Received.
- Microsoft and Adobe June 2017 Patch Tuesday: Two Exploited Vulnerabilities Patched
- Deceptive Advertisements: What they do and where they come from
- FreeRadius Authentication Bypass
- Investigating Sites After They are Gone; And a Case of Uber Phishing With SSL
- WannaCry/WannaCrypt Ransomware Summary
- Read This If You Are Using a Script to Pull Data From This Site
- Microsoft Patch Tuesday (and Adobe)
- BGP Hijacking: The Internet is Still/Again Broken
- If there are some unexploited MSSQL Servers With Weak Passwords Left: They got you now (again)
- CAA Records and Certificate Issuance
- Analysis of the Shadow Z118 PayPal phishing site
- Yet Another Apple Phish and Some DNS Lessons Learned From It
- Tool to Detect Active Phishing Attacks Using Unicode Look-Alike Domains
- Detecting SMB Covert Channel ("Double Pulsar")
- ETERNALBLUE: Windows SMBv1 Exploit (Patched)
- Java Struts2 Vulnerability Used To Install Cerber Crypto Ransomware
- A Practical Use for a SHA1 Collision
- Symantec vs. Google: The CA Fight Continues. What do you need to know?
- February and March Microsoft Patch Tuesday
- Critical Apache Struts 2 Vulnerability (Patch Now!)
- My Catch Of 4 Months In The Amazon IP Address Space
- Hardening Postfix Against FTP Relay Attacks
- AVM Private Key Leak Puts Cable Modems Worldwide At Risk
- OpenSSL 1.1.0e Update: No need to panic #openssl
- Microsoft February Patch Tuesday Now Rolled into March Update
- Microsoft Patch Tuesday Delayed
- Cloud Metadata Urls
- My Password is [taco] Using Emojis for Stronger Passwords
- Malicious Or Not? You decide...
- What Are These Odd POP3 (Port 110/tcp) Scans About?
- Windows SMBv3 Denial of Service Proof of Concept (0 Day Exploit)
- Multiple Vulnerabilities in tcpdump
- Malicious Office files using fileless UAC bypass to drop KEYBASE malware
- Critical Vulnerability in Cisco WebEx Chrome Plugin
- How to Have Fun With IPv6 Fragments and Scapy
- Whitelisting File Extensions in Apache
- January 2017 Microsoft Patch Tuesday
- Adobe January 2017 Patches
- Port 37777 "MapTable" Requests
- Realtors Be Aware: You Are a Target
- December 2016 Microsoft Patch Tuesday
- 5 Questions to Ask your IoT Vendors; But Do Not Expect an Answer.
- Good Cop; Bad Cop; Domain Cop?
- Tap Gigabit Networks on the Cheap
- Unpatched Vulnerability in Firefox used to Attack Tor Browser
- Take Back Wednesday? SQL Slammer... still alive but barely kicking
- Port 7547 SOAP Remote Code Execution Attack Against DSL Modems
- TR-069 NewNTPServer Exploits: What we know so far
- ICMP Unreachable DoS Attacks (aka "Black Nurse")
- Packet Capture Options
- November 2016 Microsoft Patch Day
- Extracting Malware Transmitted Via Telnet
- Windows "Atom Bombing" Attack
- Your Bill Is Not Overdue today!
- Critical Flash Player Update APSB16-36
- A few Mirai Updates: MIPS, PPC version; a bit less scanning
- ISC Briefing: Large DDoS Attack Against Dyn
- Dyn.com DDoS Attack
- How Stolen iOS Devices Are Unlocked
- OpenSSH Protocol Mismatch In Response to SSL Client Hello
- Microsoft and Adobe Patch Tuesday, October 2016
- SSL Requests to non-SSL HTTP Servers
- Password Buddies: A Better Way To Reset Passwords
- The Short Life of a Vulnerable DVR Connected to the Internet
- OpenSSL Update Released
- Does it Matter If You Cover Your Webcam?
- Is "2 out of 3" good enough for Anti-Malware?
- Exploit Attempts for Drupal RESTWS .x Module Vulnerability
- Getting Ready for macOS Sierra: Upgrade Securely
- Updated DShield Blocklist
- How to Set Up Your Own Malware Trap
- Apple Patches "Trident" Vulnerabilities in OS X / Safari
- Today's Locky Variant Arrives as a Windows Script File
- Another Day - Another Ransomware Sample
- Profiling SSL Clients with tshark
- Microsoft Patch Tuesday, August 2016
- Odd Packet: Any ideas where this comes from?
- Surge in Exploit Attempts for Netis Router Backdoor (UDP/53413)
- The Dark Side of Certificate Transparency
- Command and Control Channels Using "AAAA" DNS Records
- HTTP Proxy Header Vulnerability ("httpoxy")
- Microsoft Patch Tuesday Summary for July 2016
- Hiding in White Text: Word Documents with Embedded Payloads
- Patchwork: Is it still "Advanced" if all you have to do is Copy/Paste?
- Apache Update: TLS Certificate Authentication Bypass with HTTP/2 (CVE-2016-4979)
- Critical Symantec Endpoint Protection Vulnerability
- What is your most unusual User-Agent?
- Critical Adobe Flash Update. Patch Now
- LinkedIn Breach Data Used For Malicious E-Mails
- What Time Is It? Using NTP Traffic to Calibrate PCAP Timestamps
- What's Going on With libtiff?
- Increase in Port 23 (telnet) scanning
- Stop Using "internal" Top Level Domain Names
- Exploit Available For Cisco IKEv1 and IKEv2 Buffer Overflow Vulnerability
- Reminder: Fair Use of Our Data
- Uninstall QuickTime For Windows Today
- HTTP Public Key Pinning: How to do it right
- Updated PFSense Client
- Microsoft Patch Tuesday Summary for April 2016
- BadLock Vulnerability (CVE-2016-2118)
- Security Features Nobody Implements
- Getting Ready for Badlock
- Apple Updates Everything (Again)
- Why Users Fall For Ransomware
- Security Pros Love Python? and So Do Malware Authors!
- What is this "/smoke/" about?
- OpenSSL Update Released
- Quick Analysis of a Recent MySQL Exploit
- Critical Vulnerabilities in Palo Alto Networks PAN-OS
- CVE-2015-7547: Critical Vulnerability in glibc getaddrinfo
- More Multi-Architecture IoT Malware
- Critical Cisco ASA IKEv1/v2 Vulnerability. Active Scanning Detected
- Beta Testers Wanted: Use a Raspberry Pi as a DShield Sensor
- Adobe Patch Tuesday - February 2016
- Microsoft February 2016 Patch Tuesday
- Out-of Order Java Update
- Fake Adobe Flash Update OS X Malware
- Targeted IPv6 Scans Using pool.ntp.org .
- SYN-ACK Packets With Data
- Couple updates and reminders
- Site Updates: ISC/DShield API and ipinfo_ascii.html Page
- Year End Surveys
- Survey: How Can We Get You to Submit Logs To Us
- First Exploit Attempts For Juniper Backdoor Against Honeypot
- Infocon Yellow: Juniper Backdoor (CVE-2015-7755 and CVE-2015-7756)
- Color My Logs: Providing Context for Your Logs Using Our Data
- Apple Patches Everything
- Adobe Flash Update
- December 2015 Microsoft Patch Tuesday
- Patch Tuesday Warmup: Internet Explorer Sunset and Windows XP Embedded End of Support
- SHA1 Phase Out Overview
- Superfish 2.0: Dell Windows Systems Pre-Installed TLS Root CA
- When Hunting BeEF, Yara rules.
- Help Wanted: Please help test our experimental PFSense Client
- Adobe Flash Player Update
- November 2015 Microsoft Patch Tuesday
- Internet Wide Scanners Wanted
- This Article is Brought to You By the Letter ノ
- Adobe Releases Surprise Shockwave Player Patch
- Typo Squatting Charities for Fake Tech Support Schemes
- OS X 10.11.1 (El Capitan) File System Deep Directory Buffer Overflow
- Apple Releases Updates for iOS, WatchOS, OS X, Safari and iTunes.
- Odd DNS TXT Record. Anybody Seen This Before?
- Oracle Critical Patch Update for Q3 2015 (Includes Java Updates)
- Ongoing Flash Vulnerabilities
- ISC Two Factor Authentication Update
- Do Extortionists Get Paid?
- Cyber Security Awareness Month: Protecting Your Network From "Dave"
- "Transport of London" Malicious E-Mail
- TLS Everywhere: Upgrade Insecurity Requests Header
- Adobe Updates Shockwave Player
- September 2015 Microsoft Patch Tuesday
- Dropbox Phishing via Compromised Wordpress Site
- Are You Protecting your Backdoor ?
- .COM.COM Used For Malicious Typo Squatting
- What Was Old is New Again: Honeypots!
- Whatever Happened to tmUnblock.cgi ("Moon Worm")
- Your SSH Server On Port 8080 Is No Longer "Hidden" Or "Safe"
- Special Microsoft Bulletin Patching Remote Code Execution Flaw in OpenType Font Drivers
- July 2015 Microsoft Patch Tuesday
- Adobe Updates Flash Player, Shockwave and PDF Reader
- Apple "Patch Tuesday"
- SMTP Brute Forcing
- OS X and iOS Unauthorized Cross Application Resource Access (XARA)
- Odd HTTP User Agents
- VMWare Workstation Guest Escape via Shared Printers on COM1
- How much is your IPv4 Space Worth
- Microsoft Patch Tuesday Summary for June 2015
- Web Application Security: It doesn't stop with the application
- Possible Wordpress Botnet C&C: errorcontent.com
- Lazy Coordinated Attacks Against Old Vulnerabilities
- IoT roundup: Apple Watch Patches, Router Vulnerabilities
- False Positive? settings-win.data.microsoft.com resolving to Microsoft Blackhole IP
- May 2015 Microsoft Patch Tuesday Summary
- The Art of Logging
- Dridex Redirecting to Malicious Dropbox Hosted File Via Google
- Logging Complete Requests in Apache 2.2 and 2.4
- Reminder: Secure Your Tomcat Admin Interface
- MS15-034: HTTP.sys (IIS) DoS And Possible Remote Code Execution. PATCH NOW
- Odd POST Request To Web Honeypot
- OpenSSL Patch Released
- Automatically Documenting Network Connections From New Devices Connected to Home Networks
- Who got the bad SSL Certificate? Using tshark to analyze the SSL handshake.
- Microsoft March Patch Tuesday
- Apple Patches for iOS, OS X and Apple TV
- Anybody Doing Anything About ANY Queries?
- How Do You Control the Internet of Things Inside Your Network?
- New Feature: Subnet Report
- Copy.com Used to Distribute Crypto Ransomware
- 11 Ways To Track Your Moves When Using a Web Browser
- Microsoft Patch Mayhem: February Patch Failure Summary
- Microsoft February Patch Failures Continue: KB3023607 vs. Cisco AnyConnect Client
- Did You Remove That Debug Code? Netatmo Weather Station Sending WPA Passphrase in the Clear
- Did PCI Just Kill E-Commerce By Saying SSL is Not Sufficient For Payment Info ? (spoiler: TLS!=SSL)
- Microsoft Hardens GPO by Fixing Two Serious Vulnerabilities.
- Anthem, TurboTax and How Things "Fit Together" Sometimes
- Tomcat security: Why run an exploit if you can just log in?
- Adobe Flash Player Update Released, Fixing CVE 2015-0313
- Another Network Forensic Tool for the Toolbox - Dshell
- What is using this library?
- New Critical GLibc Vulnerability CVE-2015-0235 (aka GHOST)
- "Stealth" Update for Flash from Adobe
- Flash 0-Day: Deciphering CVEs and Understanding Patches
- How Vulnerabilities Happen: Input Validation Problems
- Flash 0-Day Exploit Used by Angler Exploit Kit
- Oracle Critical Patch Update for Q1 2015 (Includes Java Updates)
- Finding Privilege Escalation Flaws in Linux
- Traffic Patterns For CryptoWall 3.0
- Adobe Patch Tuesday - January 2015
- Microsoft Patch Tuesday - January 2015 (Really? Telnet?)
- Are You Piratebay? thepiratebay.org Resolving to Various Hosts
- IoT: The Rise of the Machines (Guest Diary)
- A Packet a Day: ICMPv6 Type 1 Code 5
- "Rocket Kitten": Is it still APT if you can buy it off the shelf?
- Critical #NTP Vulnerability in ntpd prior to 4.2.8
- Exploit Kit Evolution During 2014 - Nuclear Pack
- Is the polkit Grinch Going to Steal your Christmas?
- Certified pre-pw0ned Android Smartphones: Coolpad Firmware Backdoor
- Safari 8.0.2 Still Supporting SSLv3 with Block Ciphers
- Customized Support Scam Supported by Typo Squatting
- Worm Backdoors and Secures QNAP Network Storage Devices
- Two VMWare Security Updates for vCloud Automation Center and Airwatch
- Malware Signed With Valid SONY Certificate (Update: This was a Joke!)
- Adobe December Patch Tuesday
- POODLE Strikes (Bites?) Again
- Does Your Vulnerability Scanner Speak Portuguese?
- Dridex Phishing Campaign uses Malicious Word Documents
- More Trouble For Hikvision DVRs
- Critical WordPress XSS Update
- Microsoft Will Release MS14-068 Later Today
- Updates for OS X , iOS and Apple TV
- Microsoft Updates MS14-066
- SChannel Update and Experimental Vulnerability Scanner (MS14-066)
- How bad is the SCHANNEL vulnerability (CVE-2014-6321) patched in MS14-066?
- Adobe Flash Update
- Microsoft November 2014 Patch Tuesday
- Important EMET 5.1 Update. Apply before Patches today
- Apple Updates (not just Yosemite)
- Logging SSL
- POODLE: Turning off SSLv3 for various servers and client.
- OpenSSL Releases OpenSSL 1.0.1j, 1.0.0o and 0.9.8zc
- SSLv3 POODLE Vulnerability Official Release
- OpenSSL Vulnerability leaked via OpenBSD patch (NOT!)?
- Microsoft October 2014 Patch Tuesday
- Adobe October 2014 Bulletins for Flash Player and Coldfusion
- CSAM: Be Wary of False Beacons
- CSAM: My servers started speaking IRC, and that is when I started to listen!
- CSAM: Scary ports and firewall remote administration
- Belkin Router Apocalypse: heartbeat.belkin.com outage taking routers down
- Confusion over SSL and 1024 bit keys
- CSAM: Patch and get pw0ned (not OR).
- Shellshock: More details released about CVE-2014-6277 and CVE-2014-6278. Also: Does Windows have a shellshock problem?
- Spoofed packets with Window Size 6667: Anybody else seeing this?
- CSAM: The Power of Virustotal to Turn Harmless Binaries Malicious
- Why is your Mac all for sudden using Bing as a search engine?
- CSAM: My Storage Array SSHs Outbound!
- Cyber Security Awareness Month 2014: Scary False Positives
- Shellshock: Updated Webcast (Now 6 bash related CVEs!)
- Shellshock: A Collection of Exploits seen in the wild
- Shellshock: We are not done yet CVE-2014-6277, CVE-2014-6278
- Shellshock: Vulnerable Systems you may have missed and how to move forward
- Webcast Briefing: Bash Code Injection Vulnerability
- Update on CVE-2014-6271: Vulnerability in bash (shellshock)
- jQuery.com Compromise: The Dangers of Third Party Hosted Content
- Fake LogMeIn Certificate Update with Bad AV Detection Rate
- iOS 7.1.x Exploit Released (CVE-2014-4377)
- Cyber Security Awareness Month: What's your favorite/most scary false positive
- Google DNS Server IP Address Spoofed for SNMP reflective Attacks
- Even Bad Malware Works
- Content Security Policy (CSP) is Growing Up.
- Odd Persistent Password Bruteforcing
- F5 BigIP Unauthenticated rsync Vulnerability
- False Positive or Not? Difficult to Analyze Javascript
- Updates for Apple Safari
- Exploit Available for Symantec End Point Protection
- All Passwords have been lost: What's next?
- Synolocker: Why OFFLINE Backups are important
- Legal Threat Spam: Sometimes it Gets Personal
- Interesting HTTP User Agent "chroot-apach0day"
- New Feature: "Live" SSH Brute Force Logs and New Kippo Client
- The Internet of Things: How do you "on-board" devices?
- Hardcoded Netgear Prosafe Switch Password
- Multi Platform *Coin Miner Attacking Routers on Port 32764
- Credit Card Processing in 700 Words or Less
- Simple Javascript Extortion Scheme Advertised via Bing
- Cisco Unified Communications Domain Manager Update
- Microsoft No-IP Takedown
- Apple Releases Patches for All Products
- Should I setup a Honeypot? [SANSFIRE]
- Metasploit now includes module to exploit CVE-2014-0195 (OpenSSL DTLS Fragment Vuln.)
- Microsoft June Patch Tuesday Advance Notification
- Updated OpenSSL Patch Presentation
- More Details Regarding CVE-2014-0195 (DTLS arbitrary code execution)
- Critical OpenSSL Patch Available. Patch Now!
- When was the last time you checked your Comcast cable modem settings?
- Fake Australian Electric Bill Leads to Cryptolocker
- When Good Logs Go Bad: Do You Understand Your Logs?
- True Crypt Compromised / Removed?
- Discontinuing Support for ISC Alert Task Bar Icon
- Detecting Queries to "odd" DNS Servers
- De-Clouding your Life: Things that should not go into the cloud.
- Kippo Users Beware: Another fingerprinting trick
- Adobe May 2014 Patch Tuesday
- Microsoft May 2014 Patch Tuesday
- This is not a test/typo: Support for Windows 8.1 Ends in a month!
- SNMP: The next big thing in DDoS Attacks?
- New DNS Spoofing Technique: Why we haven't covered it.
- And the Web it keeps Changing: Recent security relevant changes to Browsers and HTML/HTTP Standards
- Coin Mining DVRs: A compromise from start to finish.
- Microsoft Announces Special Patch for IE 0-day (Win XP included!)
- Busybox Honeypot Fingerprinting and a new DVR scanner
- Be on the Lookout: Odd DNS Traffic, Possible C&C Traffic
- DHCPv6 and DUID Confusion
- Port 32764 Router Backdoor is Back (or was it ever gone?)
- Apple Patches for OS X, iOS and Apple TV.
- Oracle Critical Patch Update for April 2014
- How to talk to your kids (or manager) about "Heartbleed"
- * Patch Now: OpenSSL "Heartbleed" Vulnerability
- Attack or Bad Link? Your Guess?
- cmd.so Synology Scanner Also Found on Routers
- More Device Malware: This is why your DVR attacked my Synology Disk Station (and now with Bitcoin Miner!)
- War of the Bots: When DVRs attack NASs
- Let's Finally "Nail" This Port 5000 Traffic - Synology owners needed.
- A few updates on "The Moon" worm
- New Microsoft Advisory: Unpatched Word Flaw used in Targeted Attacks
- Integrating Physical Security Sensors
- Cisco AsyncOS Patch
- Normalizing IPv6 Addresses
- Scans for FCKEditor File Manager
- Wordpress "Pingback" DDoS Attacks
- Microsoft Patch Tuesday March 2014
- Adobe Updates: Flash Player
- UPS Malware Spam Using Fake SPF Headers
- More Details About "TheMoon" Linksys Worm
- Scanning for Symantec Endpoint Manager
- Linksys Worm "TheMoon" Summary: What we know so far
- Linksys Worm ("TheMoon") Captured
- Suspected Mass Exploit Against Linksys E1000 / E1200 Routers
- Adobe February 2014 Patch Tuesday
- February 2014 Microsoft Patch Tuesday
- Microsoft Advance Notification for February 2014
- To Merrillville or Sochi: How Dangerous is it to travel?
- Odd ICMP Echo Request Payload
- Adobe Flash Player Emergency Patch
- Do you block "new" domain names?
- When an Attack isn't an Attack
- New gTLDs appearing in the root zone
- IPv6 and isc.sans.edu (Update)
- Oracle Reports Vulnerability
- How to Debug DKIM
- How to send mass e-mail the right way
- Oracle Critical Patch Update January 2014
- Adobe Patch Tuesday January 2014
- Microsoft Patch Tuesday January 2014
- Got an IPv6 Firewall?
- Scans Increase for New Linksys Backdoor (32764/TCP)
- Exposed .svn Directories
- WhatsApp Malware Spam uses Geolocation to Mass Customize Filename
- Browser Fingerprinting via SSL Client Hello Messages
- Facebook Phishing and Malware via Tumblr Redirects
- Microsoft December Patch Tuesday
- More Bad Port 0 Traffic
- vBulletin.com Compromise - Possible 0-day
- Am I Sending Traffic to a "Sinkhole"?
- The Security Impact of HTTP Caching Headers
- Packet Challenge for the Hivemind: What's happening with this Ethernet header?
- Adobe, Google and other Patch Tuesday patches
- November 2013 Microsoft Patch Tuesday
- OpenSSH Vulnerability
- What Happened to the SANS Ads?
- Microsoft Patch Tuesday Preview
- Rapid7 Discloses IPMI Vulnerabilities
- PHP.net compromise aftermath: Why Code Signing Beats Hashes
- Are you a small business that experienced a DoS attack?
- False Positive: php.net Malware Alert
- Netflow on Nexus 1000v
- New tricks that may bring DNS spoofing back or: "Why you should enable DNSSEC even if it is a pain to do"
- .QA (Qatar) TLD Compromised
- Yet Another WHMCS SQL Injection Exploit
- google.com.my DNS hijack
- CSAM: SSL Request Logs
- Other Patch Tuesday Updates (Adobe, Apple)
- CSAM: ANY queries used in reflective DoS attack
- Microsoft October 2013 Patch Tuesday
- Anti-Virus Company Avira Homepage Defaced
- The Adobe Breach FAQ
- October Patch Tuesday Preview (CVE-2013-3893 patch coming!)
- CSAM: Web Honeypot Logs
- CSAM: Misc. DNS Logs
- iOS 7 Adds Multipath TCP
- How do you monitor DNS?
- A Random Diary
- Reboot Wednesday: Yesterday's Patch Tuesday Aftermath
- In Defense of Biometrics
- SSL is broken. So what?
- When does your browser send a "Referer" header (or not)?
- Running Snort on ESXi using the Distributed Switch
- Imaging LUKS Encrypted Drives
- How to get sufficient funding for your security program (without having a major incident)
- .GOV zones may not resolve due to DNSSEC problems.
- Firefox 23 and Mixed Active Content
- OpenX Ad Server Backdoor
- BBCode tag "[php]" used to inject php code
- Fake American Express Alerts
- Scans for Open File Uploads into CKEditor
- McAfee Artemis/GTI File Reputation False Positive
- POP3 Server Brute Forcing Attempts Using Polycom Credentials
- More heavily URL encoded PHP Exploits against Plesk "phppath" vulnerability
- Dovecot / Exim Exploit Detects
- A Couple of SSH Brute Force Compromises
- A couple Site Updates
- Apple Developer Site Breach
- Network Solutions Outage
- Why don't we see more examples of web app attacks via POST?
- Problems with MS13-057
- Microsoft Teredo Server "Sunset"
- .NL Registrar Compromisse
- Instagram "Fruit" Spam
- Opera got pw0n3d: But did you get pw0n3d too?
- Linkedin DNS Hijack
- Stupid Little IPv6 Tricks
- When Google isn't Google
- Plesk 0-day: Real or not?
- Apple releases OS 10.8.4
- There's value in your logs! (Part 2)
- Running Snort on VMWare ESXi
- Nuclear Scientists, Pandas and EMET Keeping Me Honest
- Ubuntu Package available to submit firewall logs to DShield
- SSL: Another reason not to ignore IPv6
- Microsoft and Adobe Patch Tuesday Pre-Release
- "De Flashing" the ISC Web Site and Flash XSS issues
- Are there any websites that are NOT compromised?
- Internet Explorer 8 0-Day Update (CVE-2013-1347)
- Protocol 61 Packets Follow Up
- Protocol 61: Anybody got packets?
- Cleaning Up After the Leak: Hiding exposed web content
- Postgresql Patches Critical Vulnerability
- Microsoft April Patch Tuesday Advance Notification
- The HTTP "Range" Header
- IPv6 Focus Month: IPv6 over IPv4 Preference
- IPv6 Focus Month: The warm and fuzzy side of IPv6
- Scam of the day: More fake CNN e-mails
- Windows 7 SP1 and Windows Server 2008 R2 SP1 Being "pushed" today
- IPv6 Focus Month: What is changing with DHCP
- IPv6 Focus Month: Kaspersky Firewall IPv6 Vulnerability
- IPv6 Focus Month: Filtering ICMPv6 at the Border
- IPv6 Focus Month: Addresses
- Punkspider enumerates web application vulnerabilities
- Trustwave Trustkeeper Phish
- Mass-Customized Malware Lures: Don't trust your cat!
- What has Iran been up to lately?
- When web sites go bad: bible . org compromise
- Zendesk breach affects Tumblr/Pinterest/Twitter
- Update Palooza
- EDUCAUSE Breach
- Oracle Updates Java (Java 7 Update 15, Java 6 update 41)
- APT1, Unit 61398 and are state sponsored attacks real
- Microsoft February Patch Tuesday Advance Notification
- Intel Network Card (82574L) Packet of Death
- Are you losing system logging information (and don't know it)?
- HTTP Range Header and Partial Downloads
- IPv6 Focus Month
- Exposed UPNP Devices
- iOS 6.1 Released
- Vulnerability Scans via Search Engines (Request for Logs)
- Barracuda "Back Door"
- Java is still exploitable and is likely going to remain so.
- New Format for Monthly Threat Update
- FixIt Available for Internet Explorer Vulnerability
- What if Tomorrow Was the Day?
- Your CPA License has not been revoked
- How to identify if you are behind a "Transparent Proxy"
- Where do your backup tapes go to die?
- What to watch out For on Election Day
- Possible Fake-AV Ads from Doubleclick Servers
- Reminder: Ongoing SMTP Brute Forcing Attacks
- Cyber Security Awareness Month - Day 31 - Business Continuity and Disaster Recovery
- Hurricane Sandy Update
- Cyber Security Awareness Month - Day 22: Connectors
- Cyber Security Awareness Month - Day 19: Standard log formats and CEE.
- Cyber Security Awareness Month - Day 16: W3C and HTML
- Microsoft October 2012 Black Tuesday Update - Overview
- Cyber Security Awreness Month - Day 9 - Request for Comment (RFC)
- Cyber Security Awareness Month - Day 5: Standards Body Soup, So many Flavors in the bowl.
- Microsoft October Patch Pre-Announcement
- Cyber Security Awareness Month - Day 4: Crypto Standards
- Cyber Security Awareness Month
- More Java Woes
- Some Android phones can be reset to factory default by clicking on links
- iOS 6 Security Roundup
- Godaddy DDoS Attack
- Microsoft Patch Tuesday Pre-Release
- SSL Requests sent to port 80 (request for help/input)
- Another round of "Spot the Exploit E-Mail"
- VMware Updates
- "Data" URLs used for in-URL phishing
- The Good, Bad and Ugly about Assigning IPv6 Addresses
- Malware Spam harvesting Facebook Information
- A Poor Man's DNS Anomaly Detection Script
- Google Chrome 21 and getUserMedia API
- Apple Releases Safari 6
- Apple OS X 10.8 (Mountain Lion) released
- Microsoft Exchange/Sharepoint and others: Oracle Outside In Vulnerability
- Most Anti-Privacy Web Browsing Tool Ever?
- The FBI will turn off the Internet on Monday (or not)
- ocsp.comodoca.com blocklisted (by comodo itself)
- Authenticating E-Mail
- Spot the Phish: Verizon Wireless
- VMWare Security Advisories
- Microsoft Certificate Updater
- ICANN "Reveal Day" Lists new TLD Applications
- The bane of XSS
- Exploit Available for Trivial MySQL Password Bypass
- Microsoft Update Security
- Microsoft June Security Bulletin Advance Notification
- IPMI: Hacking servers that are turned "off"
- Microsoft Emergency Bulletin: Unauthorized Certificate used in "Flame"
- What Does "IPv6 Day" mean to you?
- Apple Releases iOS Security Specs
- NASA Man-in-the-Middle Attack: Why you should use proper SSL Certificates
- Why Flame is Lame
- SCADA@Home: Your health is no secret no more!
- Speeding up the Web and your IDS / Firewall
- When factors collapse and two factor authentication becomes one.
- The "Do Not Track" header
- nmap 6 released
- ZTE Score M Android Phone backdoor
- Do Firewalls make sense?
- Reserved IP Address Space Reminder
- Got Packets? Odd duplicate DNS replies from 10.x IP Addresses
- Critical Unpatched Oracle Vulnerability
- Not your Parent's Wireless Threat
- Another OS X Java Patch
- Social Share Privacy
- Evil hides everywhere: Web Application Exploits in Headers
- SHA 1-2-3
- Firefox 3.6 EOL
- Virus Bulletin Spam Filter Test
- A Reminder: Private Key Security
- Apple Released Safari 5.1.4
- An Analysis of Jester's QR Code Attack. (Guest Diary)
- Apple Patches
- What happened to RFI attacks?
- Adobe Flash Player Security Update
- Flashback Malware now with Twitter C&C
- COX Network Outage
- Odd Vanishing Signatures in OS X XProtect
- Apache 2.4 Features
- How to test OS X Mountain Lion's Gatekeeper in Lion
- The Ultimate OS X Hardening Guide Collection
- Adobe Flash Player Update
- February 2012 Microsoft Black Tuesday
- Adobe Shockwave Player and RoboHelp for Word Patches
- Secure E-Mail Access
- Critical PHP bug patched
- Javascript DDoS Tool Analysis
- Use of Mixed Case DNS Queries
- Firefox 9 Security Fixes
- New Vulnerability in Windows 7 64 bit
- December 2011 Adobe Black Tuesday
- Possible Widespread DNS Attack (info wanted)
- December 2011 Microsoft Black Tuesday Summary
- SCADA hacks published on Pastebin
- Details About the fbi.gov DNSSEC Configuration Issue.
- House for rent! Observing an Overpayment Scam
- Critical Control 16: Secure Network Engineering
- New Flash Click Jacking Exploit
- JBoss Worm
- Evil Printers Sending Mail
- Critical Control 13: Limitation and Control of Network Ports, Protocols, and Services
- Critical Control 9 - Controlled Access Based on the Need to Know
- Critical OS X Vulnerability Patched
- Adobe SSL Certificate Problem (fixed)
- Critical Control 3 - Secure Configurations for Hardware and Software on Laptops, Workstations and Servers
- SSH Vandals?
- Early Patch Tuesday Today: Microsoft September 2011 Patches
- More RDP Worm Variants?
- Large power outage in Southern California
- Microsoft Releases Diginotar Related Patch and Advisory
- Kernel.org Compromise
- Phishing e-mail to custom e-mail addresses
- DigiNotar SSL Breach
- A Packet Challenge: Help us identify this traffic
- Some Hurricane Technology Tips
- What are the most dangerous web applications and how to secure them?
- Theoretical and Practical Password Entropy
- Common Web Attacks. A quick 404 project update
- IRC traffic on non standard ports
- Malicious Images: What's a QR Code
- Cisco shipping malicious warranty CD
- Port 3389 / terminal services scans
- Announcing: The "404 Project"
- Apple Battery Firmware Default Password
- Lion: What is new in Security
- Random SSL Tips and Tricks
- Deja-Vu: Cisco VPN Windows Client Privilege Escalation
- DNSSEC Tips
- Hashing Passwords
- Are All Networks Vulnerable?
- IPv6 Day Summary
- Spam from compromised Hotmail accounts
- IPv6 Day Started
- RSA Offers to Replace Tokens
- The Havij SQL Injection Tool
- IPv6 RA-Guard: How it works and how to defeat it
- Some Insight into Apple's Anti-Virus Signatures
- ISC Site Redesign
- Enabling Privacy Enhanced Addresses for IPv6
- Apple Improving OS X Anti-Malware Feature
- Skype EasyBits Add-on
- Lockheed Martin and RSA Tokens
- Allied Telesis Passwords Leaked
- A Couple Days of Logs: Looking for the Russian Business Network
- ActiveX Flaw Affecting SCADA systems
- Patch for BIND 9.8.0 DoS Vulnerability
- Analyzing Teredo with tshark and Wireshark
- Update on Osama Bin Laden themed Malware
- Bin Laden Death Related Malware
- iPhone GPS Data Storage
- Apple Security Patches for OS X and iOS
- dshield.org now DNSSEC signed via .org
- Update to Adobe Flash 0-day: Patch will be out soon
- Yet another Adobe Flash/Reader/Acrobat 0 day
- Layer 2 DoS and other IPv6 Tricks
- GMail User Using 2FA Warned of Access From China
- Dark Black Tuesday Coming Up: 17 Microsoft Bulletins
- IPv6 MITM via fake router advertisements
- Comodo RA Compromise
- Microsoft Advisory about fraudulent SSL Certificates
- Firefox 3 Updates and SSL Blocklist extension
- Firefox 4 Security Features
- Analyzing HTTP Packet Captures
- Outbound SSH Traffic from HP Virtual Connect Blades
- Thunderbolt Security Speculations
- Windows 7 / 2008 R2 Service Pack 1 Problems
- Windows 7 Service Pack 1 out
- ISC/DShield Website Update
- Tippingpoint Releases Details on Unpatched Bugs
- Having Phish on Friday
- The End Of IP As We Know It
- Packet Tricks with xxd
- Microsoft's Secure Developer Tools
- Flash Local-with-filesystem Sandbox Bypass
- Currently Unpatched Windows / Internet Explorer Vulnerabilities
- Microsoft Advisory: Vulnerability in Graphics Rendering Engine
- ipv6finder : How ready are you for IPv6?
- After cross_fuzz leak: More Internet Explorer Vulnerabilities reported
- Survey: Software Security Awareness Training
- VMWare Security Advisory VMSA-2011-0001
- What Will Matter in 2011
- Various sites "Owned and Exposed"
- Reports of Attacks against EXIM vulnerability
- OpenBSD IPSec "Backdoor"
- Insecure Handling of URL Schemes in iOS
- November 2010 Microsoft Black Tuesday Summary
- Today's Adobe Patches and Vulnerablities
- Microsoft Smart Screen False Positivies
- Microsoft Patches Pre-Announcement
- DNSSEC Progress for .com and .net
- Limited Malicious Search Engine Poisoning for Election
- Cyber Security Awareness Month - Day 14 - Securing a public computer
- Implementing two Factor Authentication on the Cheap
- OpenX Ad-Server Vulnerability
- A Packet a Day
- Facebook "Like Pages"
- Microsoft Out-of-Band bulletin addresses LNK/Shortcut vulnerability
- Solar activity may cause problems this week
- When Lightning Strikes
- Microsoft LNK vulnerability fix coming on Monday
- Adobe PDF Reader "Launch" vulnerability still exploitable
- How to be a better spy: Cyber security lessons from the recent russian spy arrests
- IPv6 Support in iOS 4
- Changes to Internet Storm Center Host Name
- Top 10 Things you may not know about tcpdump
- Canonical Display Driver Vulnerability
- .de TLD Outage
- Stock market "wipe out" may be due to computer error
- Sharepoint XSS Vulnerability
- New OWASP Top 10 - Final Release
- isc.sans.org SSL Certificate and URL extensions
- Microsoft April 2010 Patch Tuesday
- Apache.org Bugtracker Breach
- More Legal Threat Malware E-Mail
- Continuing ISC / SANS Network Outage
- our primary datacenter is currently experiencing a network outage
- PDF Arbitrary Code Execution - vulnerable by design.
- ".sys" Directories Delivering Driveby Downloads
- Reports about large number of fake Amazon order confirmations
- Search Engine Poisoning: Chile Earthquake
- Teredo "stray packet" analysis
- Various Olympics Related Dangerous Google Searches
- New ISC Tool: Whitelist Hash Database
- MS10-015 may cause Windows XP to blue screen
- Twitpic, EXIF and GPS: I Know Where You Did it Last Summer
- February 2010 Black Tuesday Overview
- Microsoft Patch Tuesday Pre-Release
- Information Disclosure Vulnerability in Internet Explorer
- Twitter Mass Password Reset due to Phishing
- Pushdo Update
- Analyzing isc.sans.org weblogs, part 2, RFI attacks
- Microsoft January Out of Band Patch
- New Microsoft Advisory: Vulnerability in Windows Kernel Privilege Escalation (CVE-2010-0232)
- Unpatched Microsoft Windows (all versions) Privilege Escalation Vulnerability Released
- SMS Donations Advertised via Twitter
- Haiti Earthquake: Possible scams / malware
- Pre-Announced Adobe Reader and Acrobat Patch Found!
- Oracle Patches Relased
- Microsoft Advices XP Users to Uninstall Flash Player 6
- Microsoft Security Bulletin: January 2010
- IPv6 and isc.sans.org
- Baidu defaced - Domain Registrar Tampering
- Microsoft Patch Tuesday - Preannouncement
- Fake Android Application
- 6.5 magnitude earthquake in California causing local poweroutage
- Denial of Service Attack Aftermath (and what did Iran have to do with it?)
- Tell us about your Christmas Family Emergency Kit
- Important BIND name server updates - DNSSEC
- Adobe 0-day in the wild - again
- Cyber Security Awareness Month - Day 28 - ntp (123/udp)
- Sniffing SSL: RFC 4366 and TLS Extensions
- Today: ISC Login bugfix day. If you have issues logging in using OpenID, please email a copy of your OpenID URL to jullrich\at\sans.edu
- Web honeypot Update
- Odd Apache/MSIE issue with downloads from ISC
- Microsoft October 2009 Black Tuesday Overview
- New Adobe Vulnerability Exploited in Targeted Attacks
- Cyber Security Awareness Month - Day 8 - Port 25 - SMTP
- Firefox Plugin Collections
- New ISC Feature: One Liner "event notes"
- SANS releases new Cyber Security Risk Report
- Healthcare Spam
- Malicious CD ROMs mailed to banks
- Cisco over-the-air-provisioning skyjacking exploit
- WSUS 3.0 SP2 released
- CA eTrust update crashes systems
- Help us: How to make ISC/DShield more useful
- Swine Flu (Mexican Flu) related domains
- Pandemic Preparation - Swine Flu
- Odd DNS Resolution for Google via OpenDNS
- Twitter Packet Challenge Solution
- Conficker update with payload
- SSH scanning from compromised mail servers
- Tax Season Scams
- Common Apache Misconception
- Cyber Security Act of 2009
- Identifying applications using UDP payload
- new rogue-DHCP server malware
- Apple Security Updates
- New ISC Feature: Micro Podcasts
- January Black Tuesday Overview
- SANS Log Management Survey
- MD5 SSL Summary
- Firefox extension used as password stealer?
- MSIE 0-day Spreading Via SQL Injection
- Day 27 - Validation via Vulnerability Scanning
- Day 22 - Wiping Disks and Media
- Day 21 - Removing Bots, Keyloggers, and Spyware
- Wireshark 1.0.4 released
- Fraudulent ATM Reactivation Phone Calls.
- Domaincontrol (GoDaddy) Nameservers DNS Poisoning
- Day 8 - Global Incident Awareness
- A morning stroll through my web logs
- Upcoming Infocon Test and new Color
- DNSSEC for DShield.org
- VMWare ESX 3.5u2 Errors
- isc.sans.org vs. isc.org
- One Bushel of Apple Updates
- Weblog Observations
- Java Update
- Unpatched Word Vulnerability
- Mulitple Vendors DNS Spoofing Vulnerability
- Floods: More of the same (2)
- SQL Injection: More of the same
- ISC Flyer is ready
- Reminder: Proper use of DShield data
- Suggestions wanted for ISC
- It's Tax Day
- SRI Malware Threat Center
- Internet Storm Center Podcast
- Finding hidden gems (easter eggs) in your logs (packet challenge!)
- New coordinator for US Government Network Security
- Brief DShield Outage this Weekend.
- More cable outages in the middle east
- Guest Editorial: Internet Governance Forum (Gadi Evron)
- Mystery Packets, Protocol 139
- New version of cvtwin, now with HTTP upload
- Search engines that are no search engines
- Top IPv6 Implementation Issues
- Cyber Jihad Called Off
- Soon to come: IRS Spam
- Cyber Security Awareness Tip #30 - Blogging and Social Networking
- VoIP Spam (Vonage?)
- Cyber Security Awareness Tip #29: Insider Threats
- URL Update to Internet Explorer URL Handling Vulnerability
- Wildfire Scams
- The future of security, trust and e-commerce
- Cyber Security Awareness Tip #16: Protecting Portable Media
- Updated Daily Sources Feed
- Congratulations Brian Granier!
- Web Application Security Followup: Password Strength
- Financial Website Security
- Experimental Storm Worm DNS Blocklist
- BIND cache poisoning vulnerability details released
- Websense blocking isc.sans.org
- Blocklisting Bad Apples
- Storm of the Day, Now with YouTube
- Windows Genuine Advantage (WGA) servers down
- The value of Non-Delivery-Reports (NDR). Friday Editorial
- Copper Thefts
- Hurricane Dean
- Storm of the Day (Welcome Member)
- Sunday Distractions: Safe for Work YouTube Videos
- ISC / DShield e-mail now with PGP signature
- Couple ISC site updates
- Reporting firewall logs
- Yahoo down
- MySpace Flux Malware
- Spam volume
- Preventing spoofed internal e-mail
- June 2007, Microsoft Patch Tuesday Overview.
- Beta Software (Safari for Windows)
- Massive list of compromised sites
- Attributing Attacks
- Stupid XSS mistake, and why its so hard to write good code
- More IE7 Beta spam/malware
- port 443 / https increase
- We need your help: VA Tech Domains
- Blackberry Outage
- New DShield Feature: Highly Predictive Blocklists.
- EXE/ZIP e-mail viruses (editorial)
- SANS Software Security Institute
- Quick intro to auditing web applications.
- Blocking .exe attachments
- Windows Vista availability
- Site Downtime Reminder
- Prepared statements in MySQL and PHP
- Good ol' Web Defacements
- ISC Downtime / Redesign
- MS06-074: SNMP Buffer Overflow (CVE2006-5583)
- MS06-073: WMI Object Broker Vulnerability (CVE-2006-4704)
- 404dnserror Adware
- New Data Retention Rules Effective Today
- Port 80 UDP Malware
- US DHS banking alert
- Bot C&C Servers on Port 80
- SANS Top 20 Update
- MS06-067: Internet Explorer DirectAnimation and HTML Rendering Vulnerability
- MS06-066: Netware Client Service Buffer Overflow
- Packet Challenge: Fragments and a Blast from the Past
- Broadcom Wireless Vulnerability
- fragmented packet challenge
- Windows WMIObjectBroker 0-Day Exploit
- Form Spam: Increasing the Attacker's work function.
- Substantial Increase in Infected System Numbers (is it real?)
- Internet Explorer XML Vulnerability
- Internet Explorer 7.0 High Priority Update
- MSIE IE7 Popup Address Bar Spoofing Vulnerability
- Java Trojan/Bot
- New UrSnif/Haxdoor Variant
- 0-Day Thursday: PoC for Powerpoint Vulnerability
- MS06-061: XSLT/MSXML Buffer Overflow Code Execution Vulnerability (moderate)
- MS06-056: ASP.NET XSS Information Disclosure Vulnerability (moderate)
- Apple updates Airport Drivers
- Updated Packet Attack flash animation
- Ernesto domain name registrations up
- PHP Security Update
- More MS06-042 woes
- Tip of the Day - PHP Security
- MS06-040 and MS06-042 updates
- MS06-044: Microsoft Management Console Cross Site Scripting.
- MS06-042: Internet Explorer Rollup Patch
- Tip of the Day: Use ssh keys
- Tip of the Day: Turn off your Computer
- WiFi Device Driver Issues
- *Intel Centrino Vulnerabilities
- Tip of the Day: Strong Passwords
- Out-Share or Die!
- phpMyChat scan
- Sysadmin Appreciation Day
- ASN.1 Attacks / MS04-007
- The dangers of shared web hosts
- Rumors about IIS 6.0 issues
- Webcast archive available
- Exploits for most recent Microsoft Patches
- SANSFIRE: Internet Storm Center Training Event
- Widespread Routing Outages
- Word 0-day, recommended defenses.
- Phishers use urlencoding to obfuscate hostnames
- UPnP Problems
- Apple OSX Patches, 2006-003
- Firefox 1.5.0.3 Vulnerability Update
- Microsoft Patch Tuesday: Expected Exchange patch problems.
- Monthly Threat Update Webcast
- Typo-Squatting and Password Best Practices
- Banks use non-ssl login forms.
- How to deal with Oracle patches?
- phpBB bots/worms
- Patch Tuesday Fallout
- Verisign Site Seal Update
- Couple ISC Site Updates
- Temporary Patches for createTextRange Vulnerability
- Apple Updates the Update
- Large Child porn Arrest and how to report it.
- March Microsoft Security Bulletins Released
- Cingular wireless outage
- Apple Security Update 2006-001 (more details)
- Probes for Cisco Web Interface
- How to setup penetration testing exercises.
- Blackworm Notifications
- BlackWorm Summary
- Bot herds exploring vertical markets
- Infocon back to green
- Recommended Block List
- WMF FAQ
- Bots: They are not just for Windows anymore.
- Getting Ready for the Holidays
- Updated RSS Feed
- Wrap-up: What? No Link?
- Microsoft December Patches
- MS05-051 POC Exploit
- More Sober Variants
- Infocon back to green
- * Internet Explorer 0-day exploit
- Major Cogent outage
- New ISC PGP Key
- IPSEC / ISAKMP Vulnerability wrapup
- Stolen Laptops
- Defeating A/V by inserting forged data
- Ethereal Advisory
- Escaping the P2P-induced alert onslaught
- An Assessment of the Oracle Password Hashing Algorithm
- UDP traffic to port 50368
- Infocon Yellow: Snort BO Vulnerability
- Oracle Patches
- Snort BO pre-processor Vulnerability
- MS05-051 exploit spotted
- Weekend Predictions.
- New Handler: Mohammed Haron
- How to contribute your data to DShield / ISC
- Larger Power Outage in Los Angeles
- AT&T Network Outage
- ISC/DShield Network Downtime
- Cyber-Looting update
- Continued great response to call for Volunteers
- New Diary Format
- Malware URLs.
- Port 10000; ssh brute forcing; yet another bagle?
- Multiple Greeting Card scams; MSFT time server; Sober next Monday; Netscape 8.01; Pharming
- * New DNS cache poisoning server; DNS Poisoning stats; Bluemountain; Win2k3 SP1; awstat.pl Details; port 1025; MS05-002 problem
- LAND Attack Update; DNS Poisoning Update; ssh attacks; IM Malware; Brazilian Honeynet
- Skype; Grepping Weblogs; COAST; ISTS News
- Port 41523; Linux Exploit; Phishing Name server; New Feature: tcp %; ssh attacks; MSRC blog
- AWStats Exploits, Port 7162/TCP and 24212/TCP traffic, spamvertised site redirected to Al'Jazeera
- SQL Injection: Paper & Worm, WINS, Asking for Input.
- * UPDATE: phpBB Worm. Holiday Security Guide, Predictions for 2005, Sign that you take security too serious.
- PHP Vulnerabilities
- IMAP scans, password protected image, database update, sco hack, cdi east.
- New MyDoom Variant uses unpatched exploit, Phishing tip, AV False Positive, Virus Naming
- Microsoft ASP.NET vulnerability, URL obfuscation, more MD5
- System Store Trojan, Infection Persistence, Save the Pr0n
- MyDoom Details, ssh password brute forcing.
- MyDoom-O hits search engines hard.
- more https scanning reports
- ZoneAlarm Update, RoadRunner Email, Network Monitoring, Mailbag
- Port 16191 fragment update, mail server dictionary attack, top 10 signs that you are infected
- A quiet day on the Internet
- Port 5000 increase due to two worms: Bobax and Kibuv
- port 135 spikes, Lovegate, Welchia.K, Mailbag, Unix Security
- LSASS exploit, SSL PCT exploits, port 559 (tcp) proxy hunter, Bagle.Z
- New Phishing Technique / Vulnerability Data Base Resource
- Beagle Exploit, SSL NULL encryption (update), port 12345 and 1026
- Witty Worm Wrap-up
- MS Monthly Updates Released
- LDAP Scan increase. Win98 ASN.1 patch, MyDoom Remover, Win98 free update CD
- Nachia B Worm, Microsoft XML
- www.sco.com unreachable
- 0x01 trojan update (ev1.net host), openssl proof of concept exploit, HP mystery ssh patch
- Symantec AV linked to Verisign certificate problem, DUGallery, False Weather Alerts, more phishing
- quiet holiday weekend
- h00d IRC bot, localhost port 80 traffic
- Port 10 traffic; 139 &1433 report; DCE RPC Vectors
- Apple Updates Everything (again) ... and fixes a "911 DoS bug" in iOS
- What Keeps My Honeypot Busy These Days