Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2014-10-01 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Xen Security Advisory - XSA 108 - http://xenbits.xen.org/xsa/advisory-108.html

Published: 2014-10-01
Last Updated: 2014-10-01 23:04:53 UTC
by Russ McRee (Version: 1)
2 comment(s)

Xen has issued an advisory and a related patch to address an issue that allows a "buggy or malicious HVM guest to crash the host or read data relating to other guests or the hypervisor itself."

Xen 4.1 and onward are vulnerable, only x86 systems are vulnerable. ARM systems are not vulnerable.

Applying the patch resolves this issue.

Keywords: xen
2 comment(s)

Security Onion news: Updated ShellShock detection scripts for Bro

Published: 2014-10-01
Last Updated: 2014-10-01 21:03:13 UTC
by Russ McRee (Version: 1)
0 comment(s)

Per Security Onion's Doug Burks, Seth Hall has developed some comprehensive ShellShock detection scripts for Bro.
These scripts "detect successful exploitation of the Bash vulnerability with CVE-2014-6271 nicknamed "ShellShock" and are more comprehensive than most detections in that they're watching for behavior from the attacked host that might indicate successful compromise or actual vulnerability."
Seth has updated these scripts again today to "Add shellscripts as a post-exploit detection mechanism."
Doug has updated the securityonion-bro-scripts package to include these changes and has also updated the securityonion-web-page package to include some ELSA queries for "ShellShock Exploits" and "ShellShock Scanners".

This is great for current Security Onion users, and even better for readers who have not yet investigated and invested in Security Onion. Now's the time to become familiar and improve your situational awareness, particularly given the fact that it's National Cyber Security Awareness Month. :-)

Everything you need is available on Doug's blog: http://blog.securityonion.net/2014/10/new-securityonion-bro-scripts-and.html

0 comment(s)
VMware security advisory: VMSA-2014-0010 http://www.vmware.com/security/advisories/VMSA-2014-0010.html
ISC StormCast for Wednesday, October 1st 2014 http://isc.sans.edu/podcastdetail.html?id=4171
Diary Archives