Threat Level: green Handler on Duty: Pedro Bueno

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Egyptian networks are being announced on BGP

Published: 2011-02-02
Last Updated: 2011-02-02 22:53:06 UTC
by Chris Mohan (Version: 1)
1 comment(s)

Egyptian networks are now being announced on BGP which has lead to a number of  Egyptian web sites being available again.

Reported at the web site BGPmon[1], over 2800 BGP announcements for Egyptian networks have returned.

Whether full internet services to and from Egypt will return and stay accessable remains to be seen over the coming days and weeks.

[1] http://www.bgpmon.com/blog/?p=480

Chris Mohan --- ISC Handler on Duty

Keywords:
1 comment(s)

Default Credentials for Root Account on Cisco Personal Video units

Published: 2011-02-02
Last Updated: 2011-02-02 22:39:49 UTC
by Chris Mohan (Version: 1)
0 comment(s)

Tandberg C Series Endpoints and E/EX Personal Video units that are running software versions prior to TC4.0.0 ship with a root administrator account that is enabled by default with no password.

Cisco advise that all customers set the password on these devices to secure them.

Cisco advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110202-tandberg.shtml.

Chris Mohan --- ISC Handler on Duty

Keywords: Cisco Advisories
0 comment(s)

Having Phish on Friday

Published: 2011-02-02
Last Updated: 2011-02-02 16:57:35 UTC
by Johannes Ullrich (Version: 1)
1 comment(s)

We have gotten reports of a phish group which may reside in Indonesia compromising large numbers of web servers. There isn't a lot of detail so far. One interesting facet is that the phish usually goes "live" on a Friday, probably in an attempt to maximize response time.

Each compromised site typically hosts phishing pages for multiple banks.

Many of the sites appear to have outdated versions of OS Commerce installed which is a likely source of the compromise.

If you have any logs willing to share: Please send them in via our contact form. We are trying to determine the exact entry vector (is it OS Commerce or something else?), maybe any tools used to achieve the compromise and anything else left behind besides the phishing pages.

https://isc.sans.edu/contact.html

 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Keywords: oscommerce phishing
1 comment(s)
Diary Archives