Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Cisco Unified Videoconferencing Affected by Multiple Vulnerabilities

Published: 2010-11-17
Last Updated: 2010-11-17 21:57:57 UTC
by Guy Bruneau (Version: 1)
0 comment(s)

Multiple vulnerabilities have been reported in Cisco Unified Videoconferencing (Cisco UVC) 5100 series which also impact Cisco Unified Videoconferencing 5200 and 3500 Series.[1]


There is currently no fixes for these vulnerabilities and Cisco recommends "limiting access to Cisco UVC web server to trusted hosts by disabling FTP, SSH, and Telnet services and by setting the "Security mode" field in the "Security" section of the Cisco UVC web GUI to Maximum."

The complete list of affected products/versions, including detailed information about the vulnerabilities can be found here.

[1] http://www.cisco.com/warp/public/707/cisco-sr-20101117-cuvc.shtml


-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org

0 comment(s)

Conficker B++ Activated on Nov 15

Published: 2010-11-17
Last Updated: 2010-11-17 18:32:50 UTC
by Guy Bruneau (Version: 1)
1 comment(s)

We have received reports indicating that Conficker B++ (also known as Downup, Downadup and Kido) activated on the 15 Nov around 10 PM EST time. If you have samples or packets to share, please submit them via our contact page.
 

[1] http://en.wikipedia.org/wiki/Conficker

 

*** Update 2

We have determined the reports we have received appear to be isolated and unrelated incidents.

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org

 

***UPDATE

We are still looking into the reported events. On the surface it would appear that the reported events are "standard" Conficker infections and behavior. At this time we do not have any binary samples, and are working from third party reports.  From what little is known, this does not appear to be a new version of Conficker, or any new behavior patterns that havent' been discussed publicly. ( http://mtc.sri.com/Conficker/ for more details)   If any of that changes we will update this diary entry with those results.  - Andre Ludwig - Shadowserver

1 comment(s)

Reference on Open Source Digital Forensics

Published: 2010-11-17
Last Updated: 2010-11-17 01:52:51 UTC
by Guy Bruneau (Version: 1)
0 comment(s)

This site initially started by Brian Carrier is now maintained by a team of volunteers, contains a large repository of open source digital forensics tools, papers, images and procedures on digital forensics. If your favourite open source tool is not listed on this site, you can submit it to get added to the list. [1]

[1] http://www2.opensourceforensics.org

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org

0 comment(s)
Diary Archives