Johannes Ullrich Diaries

Back to Handlers

• Apple Fixes Two Exploited Vulnerabilities
• Exploit attempts for unpatched Citrix vulnerability
• Ancient TP-Link Backdoor Discovered by Attackers
• Scans for RDP Gateways
• Apple Updates Everything
• Two currently (old) exploited Ivanti vulnerabilities
• Development Features Enabled in Prodcution
• Everybody Loves Bash Scripts. Including Attackers.
• How much HTTP (not HTTPS) Traffic is Traversing Your Perimeter?
• A Network Nerd's Take on Emergency Preparedness
• The Top 10 Not So Common SSH Usernames and Passwords
• Angular-base64-update Demo Script Exploited (CVE-2024-42640)
• Microsoft Patch Tuesday - October 2024
• Survey of CUPS exploit attempts
• Hurricane Helene Aftermath - Cyber Security Awareness Month
• Patch for Critical CUPS vulnerability: Don't Panic
• DNS Reflection Update and Odd Corrupted DNS Requests
• Exploitation of RAISECOM Gateway Devices Vulnerability CVE-2024-7120
• Fake GitHub Site Targeting Developers
• Microsoft September 2024 Patch Tuesday
• Scans for Moodle Learning Platform Following Recent Update
• OpenAI Scans for Honeypots. Artificially Malicious? Action Abuse?
• Where are we with CVE-2024-38063: Microsoft IPv6 Vulnerability
• Video: Same Origin, CORS, DNS Rebinding and Localhost
• A Survey of Scans for GeoServer Vulnerabilities
• Even Linux users should take a look at this Microsoft KB article.
• Tracking Proxy Scans with IPv4.Games
• Increased Activity Against Apache OFBiz CVE-2024-32113
• Apple Patches Everything. July 2024 Edition
• New Exploit Variation Against D-Link NAS Devices (CVE-2024-3273)
• CrowdStrike: The Monday After
• Widespread Windows Crashes Due to Crowdstrike Updates
• Attacks against the "Nette" PHP framework CVE-2020-15227
• Understanding SSH Honeypot Logs: Attackers Fingerprinting Honeypots
• Microsoft Patch Tuesday July 2024
• Overlooked Domain Name Resiliency Issues: Registrar Communications
• SSH "regreSSHion" Remote Code Execution Vulnerability in OpenSSH.
• Configuration Scanners Adding Java Specific Configuration Files
• Video Meta Data: DJI Drones
• Port 1801 Traffic: Microsoft Message Queue
• Microsoft Patch Tuesday June 2024
• Attacker Probing for New PHP Vulnerablity CVE-2024-4577
• Finding End of Support Dates: UK PTSI Regulation
• Brute Force Attacks Against Watchguard VPN Endpoints
• No-Defender, Yes-Defender
• Apple Patches Everything: macOS, iOS, iPadOS, watchOS, tvOS updated.
• Detecting XFinity/Comcast DNS Spoofing
• Scans Probing for LB-Link and Vinga WR-AC1200 routers CVE-2023-24796
• Another Day, Another NAS: Attacks against Zyxel NAS326 devices CVE-2023-4473, CVE-2023-4474
• D-Link NAS Device Backdoor Abused
• Struts "devmode": Still a problem ten years later?
• Palo Alto Networks GlobalProtect exploit public and widely exploited CVE-2024-3400
• Quick Palo Alto Networks Global Protect Vulnerablity Update (CVE-2024-3400)
• Critical Palo Alto GlobalProtect Vulnerability Exploited (CVE-2024-3400)
• April 2024 Microsoft Patch Tuesday Summary
• Slicing up DoNex with Binary Ninja
• Some things you can learn from SSH traffic
• Scans for Apache OfBiz
• Apple Updates for MacOS, iOS/iPadOS and visionOS
• Whois "geofeed" Data
• Scans for Fortinet FortiOS and the CVE-2024-21762 vulnerability
• Attacker Hunting Firewalls
• Microsoft Patch Tuesday - March 2024
• MacOS Patches (and Safari, TVOS, VisionOS, WatchOS)
• Apple Releases iOS/iPadOS Updates with Zero Day Fixes.
• Why Your Firewall Will Kill You
• Exploit Attempts for Unknown Password Reset Vulnerability
• Take Downs and the Rest of Us: Do they matter?
• Large AT&T Wireless Network Outage #att #outage
• Exploit against Unnamed "Bytevalue" router vulnerability included in Mirai Bot
• Internet Storm Center Podcast ("Stormcast") 15th Birthday
• Anybody knows that this URL is about? Maybe Balena API request?
• What is a "Top Level Domain"?
• The Fun and Dangers of Top Level Domains (TLDs)
• What did I say to make you stop talking to me?
• Exploit Flare Up Against Older Altassian Confluence Vulnerability
• How Bad User Interfaces Make Security Tools Harmful
• Update on Atlassian Exploit Activity
• Apple Updates Everything - New 0 Day in WebKit
• Scans/Exploit Attempts for Atlassian Confluence RCE Vulnerability CVE-2023-22527
• More Scans for Ivanti Connect "Secure" VPN. Exploits Public
• Scans for Ivanti Connect "Secure" VPN Vulnerability (CVE-2023-46805, CVE-2024-21887)
• New YouTube Video Series: Hacker Tools Origin Stories
• Microsoft January 2024 Patch Tuesday
• Jenkins Brute Force Scans
• Fingerprinting SSH Identification Strings
• Increase in Exploit Attempts for Atlassian Confluence Server (CVE-2023-22518)
• What are they looking for? Scans for OpenID Connect Configuration (Update: CitrixBleed)
• Microsoft Patch Tuesday December 2023
• Apple Patches Everything
• Zarya Hacktivists: More than just Sharepoint.
• Apple Patches Exploited WebKit Vulnerabilities in iOS/iPadOS/macOS
• Pro Russian Attackers Scanning for Sharepoint Servers to Exploit CVE-2023-29357
• Scans for ownCloud Vulnerability (CVE-2023-49103)
• Happy Birthday DShield
• Beyond -n: Optimizing tcpdump performance
• Microsoft Patch Tuesday November 2023
• What's Normal: New uses of DNS, Discovery of Designated Resolvers (DDR)
• Exploit Activity for CVE-2023-22518, Atlassian Confluence Data Center and Server
• Flying under the Radar: The Privacy Impact of multicast DNS
• Adventures in Validating IPv4 Addresses
• Apple Patches Everything. Releases iOS 17.1, MacOS 14.1 and updates for older versions fixing exploited vulnerability
• Sporadic scans for "server-info.action", possibly looking for Confluence Server and Data Center Vulnerability CVE-2023-22515
• How an AppleTV may take down your (#IPv6) network
• Changes to SMS Delivery and How it Effects MFA and Phishing
• What's Normal: MAC Addresses
• CVE-2023-38545: curl SOCKS5 oversized hostname vulnerability. How bad is it?
• October 2023 Microsoft Patch Tuesday Summary
• Apple fixes vulnerabilities in iOS and iPadOS.
• What's Normal? Connection Sizes
• Apple Releases MacOS Sonoma Including Numerous Security Patches
• Apple Patches Three New 0-Day Vulnerabilities Affecting iOS/iPadOS/watchOS/macOS
• What's Normal? DNS TTL Values
• Obfuscated Scans for Older Adobe Experience Manager Vulnerabilities
• Internet Wide Multi VPN Search From Single /24 Network
• Apple fixes 0-Day Vulnerability in Older Operating Systems
• Apple Releases iOS/iPadOS 16.6.1, macOS 13.5.2, watchOS 9.6.2 fixing two zeroday vulnerabilities
• Fleezeware/Scareware Advertised via Facebook Tags; Available in Apple App Store
• Security Relevant DNS Records
• Home Office / Small Business Hurricane Prep
• Update: Researchers scanning the Internet
• Summary of DNS over HTTPS requests against our honeypots.
• USPS Phishing Scam Targeting iOS Users
• Apple Updates Everything (again)
• Exploit Attempts for "Stagil navigation for Jira Menus & Themes" CVE-2023-26255 and CVE-2023-26256
• Apple Patches Exploited Vulnerabilities in iOS/iPadOS, macOS, watchOS and Safari
• June 2023 Microsoft Patch Tuesday
• Geoserver Attack Details: More Cryptominers against Unconfigured WebApps
• Ongoing scans for Geoserver
• Github Copilot vs. Google: Which code is more secure
• Brute Forcing Simple Archive Passwords
• Your Business Data and Machine Learning at Risk: Attacks Against Apache NiFi
• Help us figure this out: Scans for Apache "Nifi"
• Probes for recent ABUS Security Camera Vulnerability: Attackers keep an eye on everything.
• Apple Updates Everything
• A Quick Survey of .zip Domains: Your highest risk is running into Rick Astley.
• The .zip gTLD: Risks and Opportunities
• Geolocating IPs is harder than you think
• SANS.edu Research Journal: Volume 3
• Calculating CVSS Scores with ChatGPT
• UDDIs are back? Attackers rediscovering old exploits.
• HTTP: What's Left of it and the OCSP Problem
• Apple Patching Two 0-Day Vulnerabilities in iOS and macOS
• Analyzing the efile.com Malware "efail"
• Supply Chain Compromise or False Positive: The Intriguing Case of efile.com [updated - confirmed malicious code]
• Tax Season Risks
• Apple Updates Everything (including Studio Display)
• Cropping and Redacting Images Safely
• Incoming Silicon Valley Bank Related Scams
• Increase in exploits agains Joomla (CVE-2023-23752)
• Hackers Love This VSCode Extension: What You Can Do to Stay Safe
• Internet Wide Scan Fingerprinting Confluence Servers
• Microsoft February 2023 Patch Tuesday
• Apple Patches Exploited Vulnerability
• Venmo Phishing Abusing LinkedIn "slink"
• Simple HTML Phishing via Telegram Bot
• Earthquake in Turkey and Syria: Be Aware of Possible Donation Scams
• APIs Used by Bots to Detect Public IP address
• Decoding DNS over HTTP(s) Requests
• Apple Updates (almost) Everything: Patch Overview
• PSA: Why you must run an ad blocker when using Google
• Elon Musk Themed Crypto Scams Flooding YouTube Today
• New year, old tricks: Hunting for CircleCI configuration files
• Its about time: OS Fingerprinting using NTP
• Can you please tell me what time it is? Adventures with public NTP servers.
• Apple Updates Everything
• Mirai Botnet and Gafgyt DDoS Team Up Against SOHO Routers.
• What's the deal with these router vulnerabilities?
• Identifying Groups of "Bot" Accounts on LinkedIn
• Ukraine Themed Twitter Spam Pushing iOS Scareware
• Happy 22nd Birthday DShield.org!
• Packet Tuesday: Episode 2 - Extended DNS Option Type 0
• Lessons Learned from Automatic Failover: When 8.8.8.8 "disappears". IPv6 to the Rescue?
• Evil Maid Attacks - Remediation for the Cheap
• Packet Tuesday: Network Traffic Analysis for the Whole Family
• Critical OpenSSL 3.0 Update Released. Patches CVE-2022-3786, CVE-2022-3602
• Upcoming Critical OpenSSL Vulnerability: What will be Affected?
• Why is My Cat Using Baidu? And Other IoT DNS Oddities
• Apple Patches Everything: October 2022 Edition
• Forensic Value of Prefetch
• Scans for old Fortigate Vulnerability: Building Target Lists?
• October 2022 Microsoft Patch Tuesday
• What is in your Infosec Calendar?
• More IcedID
• Credential Harvesting with Telegram API
• Exchange Server 0-Day Actively Exploited
• 10 Years Later: Attacker re-discovering old VTiger CRM Vulnerability?
• DNS Option 15: Debugging DNSSEC Errors.
• VirusTotal Result Comparisons for Honeypot Malware
• PHP Deserialization Exploit attempt
• Jolokia Scans: Possible Hunt for Vulnerable Apache Geode Servers (CVE-2022-37021)
• Underscores and DNS: The Privacy Story
• Two things that will never die: bash scripts and IRC!
• Windows Security Blocks UPX Compressed (packed) Binaries
• Honeypot Attack Summaries with Python
• Apple Patches Two Exploited Vulnerabilities
• A Quick VoIP Experiment
• Realtek SDK SIP ALG Vulnerability: A Big Deal, but not much you can do about it. CVE 2022-27255
• And Here They Come Again: DNS Reflection Attacks
• JSON All the Logs!
• l9explore and LeakIX Internet wide recon scans.
• Increase in Chinese "Hacktivism" Attacks
• A Little DDoS in the Morning - Followup
• A Little DDoS In the Morning
• PDF Analysis Intro and OpenActions Entries
• Exfiltrating Data With Bookmarks
• Apple Patches Everything Day
• Requests For beacon.http-get. Help Us Figure Out What They Are Looking For
• ISC Website Redesign
• How Many SANs are Insane?
• Possible Scans for HiByMusic Devices
• Encrypted Client Hello: Anybody Using it Yet?
• Experimental New Domain / Domain Age API
• Odd TCP Fast Open Packets. Anybody understands why?
• Terraforming Honeypots. Installing DShield Sensors in the Cloud
• Atlassian Confluence Exploits Seen By Our Honeypots (CVE-2022-26134)
• Quick Answers in Incident Response: RECmd.exe
• Attacker Scanning for jQuery-File-Upload
• Apple Patches Everything
• Why is my Honeypot a Russian Certificate Authority?
• From 0-Day to Mirai: 7 days of BIG-IP Exploits
• F5 BIG-IP Unauthenticated RCE Vulnerability (CVE-2022-1388)
• Some Honeypot Updates
• A Day of SMB: What does our SMB/RPC Honeypot see? CVE-2022-26809
• Resetting Linux Passwords with U-Boot Bootloaders
• An Update on CVE-2022-26809 - MSRPC Vulnerabliity - PATCH NOW
• Spring: It isn't just about Spring4Shell. Spring Cloud Function Vulnerabilities are being probed too.
• What is BIMI and how is it supposed to help with Phishing.
• WebLogic Crypto Miner Malware Disabling Alibaba Cloud Monitoring Tools
• Emptying the Phishtank: Are WordPress sites the Mosquitoes of the Internet?
• Apple Patches Actively Exploited Vulnerability in macOS, iOS and iPadOS,
• Spring Vulnerability Update - Exploitation Attempts CVE-2022-22965
• Java Springtime Confusion: What Vulnerability are We Talking About
• BGP Hijacking of Twitter Prefix by RTComm.ru
• Possible new Java Spring Framework Vulnerability (Updated: not a Spring problem)
• More Fake/Typosquatting Twitter Accounts Asking for Ukraine Crytocurrency Donations
• Statement by President Biden: What you need to do (or not do)
• Scans for Movable Type Vulnerability (CVE-2021-20837)
• Look Alike Accounts Used in Ukraine Donation Scam impersonating Olena Zelenska
• Apple Updates Everything: MacOS 12.3, XCode 13.3, tvOS 15.4, watchOS 8.5, iPadOS 15.4 and more
• No Bitcoin - No Problem: Follow Up to Last Weeks Donation Scam
• Scam E-Mail Impersonating Red Cross
• Attackers Search For Exposed "LuCI" Folders: Help me understand this attack
• The More Often Something is Repeated, the More True It Becomes: Dealing with Social Media
• The Rise and Fall of log4shell
• Reminder: Decoding TLS Client Hellos to non TLS servers
• iOS/iPadOS and MacOS Update: Single WebKit 0-Day Vulnerability Patched
• Zyxel Network Storage Devices Hunted By Mirai Variant
• web3 phishing via self-customizing landing pages
• Keeping Track of Your Attack Surface for Cheap
• Finding elFinder: Who is looking for your files?
• Apple Patches Everything
• Log4Shell Attacks Getting "Smarter"
• Use of Alternate Data Streams in Research Scans for index.jsp.
• A Quick CVE-2022-21907 FAQ
• Microsoft Patch Tuesday - January 2022
• Defending Cloud IMDS Against log4shell (and more)
• log4shell and cloud provider internal meta data services (IMDS)
• Log4j: Getting ready for the long haul (CVE-2021-44228)
• Log4j / Log4Shell Followup: What we see and how to defend (and how to access our data)
• Webshells, Webshells everywhere!
• Hunting for PHPUnit Installed via Composer
• In Memory of Alan Paller
• Can you make the Great Chinese Firewall work for you?
• Please fix your E-Mail Brute forcing tool!
• Things that go "Bump" in the Night: Non HTTP Requests Hitting Web Servers
• Who Is Hunting For Your IPTV Set-Top Box?
• Apache 2.4.49 Directory Traversal Vulnerability (CVE-2021-41773)
• Looking Glasses: Debugging Network Connectivity Issues
• Facebook Outage: Yes, its DNS (sort of). A super quick analysis of what is going on.
• Boutique "Dark" Botnet Hunting for Crumbs
• A First Look at Apple's iOS 15 "Private Relay" feature.
• #OMIGOD Exploits Captured in the Wild. Researchers responsible for half of scans for related ports.
• Updates to Our Datafeeds/API
• Microsoft Offers Workaround for 0-Day Office Vulnerability (CVE-2021-40444)
• Why I Gave Up on IPv6. And no, it is not because of security issues.
• Attackers Hunting For Twilio Credentials
• Out of Band Phishing. Using SMS messages to Evade Network Detection
• When Lightning Strikes. What works and doesn't work.
• 5 Things to Consider Before Moving Back to the Office
• Laravel (<=v8.4.2) exploit attempts for CVE-2021-3129 (debug mode: Remote code execution)
• Three Problems with Two Factor Authentication
• Is this the Weirdest Phishing (SMishing?) Attempt Ever?
• Lost in the Cloud: Akamai DNS Outage
• "Summer of SAM": Microsoft Releases Guidance for CVE-2021-36934
• USPS Phishing Using Telegram to Collect Data
• Securing and Optimizing Networks: Using pfSense Traffic Shaper Limiters to Combat Bufferbloat
• Microsoft Releases Patches for CVE-2021-34527
• CVE-2021-1675: Incomplete Patch and Leaked RCE Exploit
• Standing With Security Researchers Against Misuse of the DMCA
• Multi Perimeter Device Exploit Mirai Version Hunting For Sonicwall, DLink, Cisco and more
• Are Cookie Banners a Waste of Time or a Complete Waste of Time?
• Amazon Sidewalk: Cutting Through the Hype
• New YouTube Video Series: Everything you ever wanted to know about DNS and more!
• And Ransomware Just Got a Bit Meaner (yes... it is possible)
• Correctly Validating IP Addresses: Why encoding matters for input validation.
• Why and How You Should be Using an Internal Certificate Authority
• WiFi IDS and Private MAC Addresses
• Piktochart - Phishing with Infographics
• Microsoft Releases Exchange Emergency Patch to Fix Actively Exploited Vulnerability
• Scans for Zyxel Backdoors are Commencing.
• Netfox Detective: An Alternative Open-Source Packet Analysis Tool
• SolarWinds Breach Used to Infiltrate Customer Networks (Solarigate)
• December 2020 Microsoft Patch Tuesday: Exchange, Sharepoint, Dynamics and DNS Spoofing
• The special case of TCP RST
• Rediscovering Limitations of Stateful Firewalls: "NAT Slipstreaming" ? Implications, Detections and Mitigations
• PATCH NOW: CVE-2020-14882 Weblogic Actively Exploited Against Honeypots
• CVE-2020-16898: Windows ICMPv6 Router Advertisement RRDNS Option Remote Code Execution Vulnerability
• Today, Nobody is Going to Attack You.
• Scans for FPURL.xml: Reconnaissance or Not?
• Securing Exchange Online [Guest Diary]
• Do Vulnerabilities Ever Get Old? Recent "Mirai" Variant Scanning for 20 Year Old Amanda Version?
• Not Everything About ".well-known" is Well Known
• A First Look at macOS 11 Big Sur Network Traffic (New! Now with more GREASE!)
• Exposed Windows Domain Controllers Used in CLDAP DDoS Attacks
• CenturyLink Outage Causing Internet Wide Problems
• A Word of Caution: Helping Out People Being Stalked Online
• Internet Choke Points: Concentration of Authoritative Name Servers
• Reminder: Patch Cisco ASA / FTD Devices (CVE-2020-3452). Exploitation Continues
• Python Developers: Prepare!!!
• Consumer VPNs: You May Be Fine Without
• All I want this Tuesday: More Data
• In Memory of Donald Smith
• PATCH NOW - SIGRed - CVE-2020-1350 - Microsoft DNS Server Vulnerability
• Active Exploit Attempts Targeting Recent Citrix ADC Vulnerabilities CTX276688
• Happy Birthday DShield: DShield.org was registered 20 years ago.
• Summary of CVE-2020-5902 F5 BIG-IP RCE Vulnerability Exploits
• Share the Mic in Cyber
• Tech Tuesday Recap / Recordings: Part 2 (Installing the Honeypot) release.
• Cyberbunker 2.0: Analysis of the Remnants of a Bullet Proof Hosting Provider
• Odd "Protest" Spam (Scam?) Targeting Atlanta Police Foundation
• Cyber Security for Protests
• Suspending Suspicious Domain Feed / Update to Researcher IP Feed
• The Impact of Researchers on Our Data
• Privacy Preserving Protocols to Trace Covid19 Exposure
• Using AppLocker to Prevent Living off the Land Attacks
• Increase in RDP Scanning
• Kwampirs Targeted Attacks Involving Healthcare Sector
• A Quick Summary of Current Reflective DNS DDoS Attacks
• Microsoft Patch Tuesday March 2020
• Let's Encrypt Revoking 3 Million Certificates
• Introduction to EvtxEcmd (Evtx Explorer)
• Network Security Perspective on Coronavirus Preparedness
• CVE-2020-0601 Followup
• Microsoft Patch Tuesday for January 2020
• Citrix ADC Exploits are Public and Heavily Used. Attempts to Install Backdoor
• A Quick Update on Scanning for CVE-2019-19781 (Citrix ADC / Gateway Vulnerability)
• Increase in Number of Sources January 3rd and 4th: spoofed
• Some Thoughts About the Critical Citrix ADC/Gateway Vulnerability (CVE-2019-19781)
• Miscellaneous Updates to our "Threatfeed" API
• More DNS over HTTPS: Become One With the Packet. Be the Query. See the Query
• Is it Possible to Identify DNS over HTTPs Without Decrypting TLS?
• Cheap Chinese JAWS of DVR Exploitability on Port 60001
• SMS and 2FA: Another Reason to Move away from It.
• November 2019 Microsoft Patch Tuesday
• Are We Going Back to TheMoon (and How is Liquor Involved)?
• rConfig Install Directory Remote Code Execution Vulnerability Exploited
• Your Supply Chain Doesn't End At Receiving: How Do You Decommission Network Equipment?
• When MacOS Catalina Comes to Life: The First Few Minutes of Network Traffic From MacOS 10.15.
• A Quick Look at Some Current Comment Spam
• [Guest Diary] Tricky LNK points to TrickBot
• [Guest Diary] Open Redirect: A Small But Very Common Vulnerability
• Is it Safe to Require TLS 1.2 for E-Mail
• August 2019 Microsoft Patch Tuesday
• [Guest Diary] The good, the bad and the non-functional, or "how not to do an attack campaign"
• What is Listening On Port 9527/TCP?
• Targeted Phishing Attacks in the Financial Industry: Fire-3 Phishing Kit
• Can You Spell 2FA? A Luno Phish Example
• Remembering Mike Assante
• Extensive BGP Issues Affecting Cloudflare and possibly others
• What You Need To Know About TCP "SACK Panic"
• Critical Actively Exploited WebLogic Flaw Patched CVE-2019-2729
• Quick Detect: Exim "Return of the Wizard" Attack
• Investigating an Odd DNS Query
• An Update on the Microsoft Windows RDP "Bluekeep" Vulnerability (CVE-2019-0708) [now with pcaps]
• Update about Weblogic CVE-2019-2725 (Exploits Used in the Wild, Patch Status)
• Odd DNS Requests that are Normal
• Configuring MTA-STS and TLS Reporting For Your Domain
• When Windows 10 Comes to Live: The First Few Minutes in the Live of a Windows 10 System
• How to Find Hidden Cameras in your AirBNB
• Fake AV is Back: LaCie Network Drives Used to Spread Malware
• Test Diary
• A Not So Well Done Phish (Why Attackers need to Implement IPv6 Now! ;-) )
• Microsoft January 2019 Patch Tuesday
• Arrest of Huawei CFO Inspires Advance Fee Scam
• Critical Vulnerability in Flash Player
• November 2018 Microsoft Patch Tuesday
• Struts 2.3 Vulnerable to Two Year old File Upload Flaw
• Fake Bank/Post Office Phone Calls Targeting Chinese Immigrants
• October 2018 Microsoft Patch Tuesday
• It is the End of the World as We Know It. So What's Next?
• Identifying a phisher
• Pre-Pwned AMI Images in Amazon's AWS public instance store
• So What is Going on With IPv4 Fragments these Days?
• Microsoft September Patch Tuesday Summary
• Microsoft August 2018 Patch Tuesday
• What Do I Need To Know about "SegmentSmack"
• When Cameras and Routers attack Phones. Spike in CVE-2014-8361 Exploits Against Port 52869
• Facebook Phishing via SMS
• New Extortion Tricks: Now Including Your Password!
• Microsoft Patch Tuesday July 2018 (now with Dashboard!)
• Worm (Mirai?) Exploiting Android Debug Bridge (Port 5555/tcp)
• Apple Patches Everything Again.
• New and Improved Cryptominers: Now with 50% less Greed.
• Secure Phishing: Netflix Phishing Goes TLS
• Microsoft June 2018 Patch Tuesday
• Apple Security Updates
• Resetting Your Router the Paranoid (=Right) Way
• DNS is Changing. Are you Ready?
• Insecure Claymore Miner Management API Exploited in the Wild
• Microsoft May 2018 Patch Tuesday
• Yet Another Drupal RCE Vulnerability
• Apple Patches iOS, Safari and MacOS
• A Review of Recent Drupal Attacks (CVE-2018-7600)
• A Phisher's View of Phishing: U-Admin 2.7 Phishing Control Panel
• Microsoft April 2018 Patch Tuesday
• ISC/DShield Website TLS Updates
• Java Deserialization Attack Against Windows
• SPECTRE and Meltdown To patch or not to patch?..and HOW (Guest Diary)
• Microsoft March 2018 Patch Tuesday
• How did it all start? Early Memcached DDoS Attack Precursors and Ransom Notes
• Why Does Emperor Xi Dislike Winnie the Pooh and Scrambled Eggs?
• Why we Don't Deserve the Internet: Memcached Reflected DDoS Attacks.
• February 2018 Microsoft (and Adobe) Patch Tuesday
• Adobe Flash 0-Day Used Against South Korean Targets
• Apple Updates Everything, Again
• Microsoft January 2018 Patch Tuesday
• A Story About PeopleSoft: How to Make $250k Without Leaving Home.
• December Microsoft Patch Tuesday Summary
• Using Our API To Adjust iptables Rules
• Apple Updates Everything. Again.
• PSA: Do not Trust Reverse DNS (and why does an address resolve to "localhost").
• 9 Fast and Easy Ways To Lose Your Crypto Coins
• Internet Wide Ethereum JSON-RPC Scans
• Critical Patch For Oracle's Identity Manager
• Is a telco in Brazil hosting an epidemic of open SOCKS proxies?
• WPA2 "KRACK" Attack
• What's in a cable? The dangers of unauthorized cables
• pcap2curl: Turning a pcap file into a set of cURL commands for "replay"
• Security Awareness Month: How to Help Friends and Family
• Securing "Out of Band" Access
• Microsoft Patch Tuesday September 2017
• The Mirai Botnet: A Look Back and Ahead At What's Next
• An Update On DVR Malware: A DVR Torture Chamber
• Microsoft Patch Tuesday August 2017
• Use of the Open Graph Protocol to Disguise Malicious Facebook Links
• Using a Raspberry Pi honeypot to contribute data to DShield/ISC
• Investigation of BitTorrent Sync (v.2.0) as a P2P Cloud Service (Part 2 ? Log Files artefacts)
• Investigation of BitTorrent Sync (v.2.0) as a P2P Cloud (Part 1)
• Traveling with a Laptop / Surviving a Laptop Ban: How to Let Go of "Precious"
• Fake DDoS Extortions Continue. Please Forward Us Any Threats You Have Received.
• Microsoft and Adobe June 2017 Patch Tuesday: Two Exploited Vulnerabilities Patched
• Deceptive Advertisements: What they do and where they come from
• FreeRadius Authentication Bypass
• Investigating Sites After They are Gone; And a Case of Uber Phishing With SSL
• WannaCry/WannaCrypt Ransomware Summary
• Read This If You Are Using a Script to Pull Data From This Site
• Microsoft Patch Tuesday (and Adobe)
• BGP Hijacking: The Internet is Still/Again Broken
• If there are some unexploited MSSQL Servers With Weak Passwords Left: They got you now (again)
• CAA Records and Certificate Issuance
• Analysis of the Shadow Z118 PayPal phishing site
• Yet Another Apple Phish and Some DNS Lessons Learned From It
• Tool to Detect Active Phishing Attacks Using Unicode Look-Alike Domains
• Detecting SMB Covert Channel ("Double Pulsar")
• ETERNALBLUE: Windows SMBv1 Exploit (Patched)
• Java Struts2 Vulnerability Used To Install Cerber Crypto Ransomware
• A Practical Use for a SHA1 Collision
• Symantec vs. Google: The CA Fight Continues. What do you need to know?
• February and March Microsoft Patch Tuesday
• Critical Apache Struts 2 Vulnerability (Patch Now!)
• My Catch Of 4 Months In The Amazon IP Address Space
• Hardening Postfix Against FTP Relay Attacks
• AVM Private Key Leak Puts Cable Modems Worldwide At Risk
• OpenSSL 1.1.0e Update: No need to panic #openssl
• Microsoft February Patch Tuesday Now Rolled into March Update
• Microsoft Patch Tuesday Delayed
• Cloud Metadata Urls
• My Password is [taco] Using Emojis for Stronger Passwords
• Malicious Or Not? You decide...
• What Are These Odd POP3 (Port 110/tcp) Scans About?
• Windows SMBv3 Denial of Service Proof of Concept (0 Day Exploit)
• Multiple Vulnerabilities in tcpdump
• Malicious Office files using fileless UAC bypass to drop KEYBASE malware
• Critical Vulnerability in Cisco WebEx Chrome Plugin
• How to Have Fun With IPv6 Fragments and Scapy
• Whitelisting File Extensions in Apache
• January 2017 Microsoft Patch Tuesday
• Adobe January 2017 Patches
• Port 37777 "MapTable" Requests
• Realtors Be Aware: You Are a Target
• December 2016 Microsoft Patch Tuesday
• 5 Questions to Ask your IoT Vendors; But Do Not Expect an Answer.
• Good Cop; Bad Cop; Domain Cop?
• Tap Gigabit Networks on the Cheap
• Unpatched Vulnerability in Firefox used to Attack Tor Browser
• Take Back Wednesday? SQL Slammer... still alive but barely kicking
• Port 7547 SOAP Remote Code Execution Attack Against DSL Modems
• TR-069 NewNTPServer Exploits: What we know so far
• ICMP Unreachable DoS Attacks (aka "Black Nurse")
• Packet Capture Options
• November 2016 Microsoft Patch Day
• Extracting Malware Transmitted Via Telnet
• Windows "Atom Bombing" Attack
• Your Bill Is Not Overdue today!
• Critical Flash Player Update APSB16-36
• A few Mirai Updates: MIPS, PPC version; a bit less scanning
• ISC Briefing: Large DDoS Attack Against Dyn
• Dyn.com DDoS Attack
• How Stolen iOS Devices Are Unlocked
• OpenSSH Protocol Mismatch In Response to SSL Client Hello
• Microsoft and Adobe Patch Tuesday, October 2016
• SSL Requests to non-SSL HTTP Servers
• Password Buddies: A Better Way To Reset Passwords
• The Short Life of a Vulnerable DVR Connected to the Internet
• OpenSSL Update Released
• Does it Matter If You Cover Your Webcam?
• Is "2 out of 3" good enough for Anti-Malware?
• Exploit Attempts for Drupal RESTWS .x Module Vulnerability
• Getting Ready for macOS Sierra: Upgrade Securely
• Updated DShield Blocklist
• How to Set Up Your Own Malware Trap
• Apple Patches "Trident" Vulnerabilities in OS X / Safari
• Today's Locky Variant Arrives as a Windows Script File
• Another Day - Another Ransomware Sample
• Profiling SSL Clients with tshark
• Microsoft Patch Tuesday, August 2016
• Odd Packet: Any ideas where this comes from?
• Surge in Exploit Attempts for Netis Router Backdoor (UDP/53413)
• The Dark Side of Certificate Transparency
• Command and Control Channels Using "AAAA" DNS Records
• HTTP Proxy Header Vulnerability ("httpoxy")
• Microsoft Patch Tuesday Summary for July 2016
• Hiding in White Text: Word Documents with Embedded Payloads
• Patchwork: Is it still "Advanced" if all you have to do is Copy/Paste?
• Apache Update: TLS Certificate Authentication Bypass with HTTP/2 (CVE-2016-4979)
• Critical Symantec Endpoint Protection Vulnerability
• What is your most unusual User-Agent?
• Critical Adobe Flash Update. Patch Now
• LinkedIn Breach Data Used For Malicious E-Mails
• What Time Is It? Using NTP Traffic to Calibrate PCAP Timestamps
• What's Going on With libtiff?
• Increase in Port 23 (telnet) scanning
• Stop Using "internal" Top Level Domain Names
• Exploit Available For Cisco IKEv1 and IKEv2 Buffer Overflow Vulnerability
• Reminder: Fair Use of Our Data
• Uninstall QuickTime For Windows Today
• HTTP Public Key Pinning: How to do it right
• Updated PFSense Client
• Microsoft Patch Tuesday Summary for April 2016
• BadLock Vulnerability (CVE-2016-2118)
• Security Features Nobody Implements
• Getting Ready for Badlock
• Apple Updates Everything (Again)
• Why Users Fall For Ransomware
• Security Pros Love Python? and So Do Malware Authors!
• What is this "/smoke/" about?
• OpenSSL Update Released
• Quick Analysis of a Recent MySQL Exploit
• Critical Vulnerabilities in Palo Alto Networks PAN-OS
• CVE-2015-7547: Critical Vulnerability in glibc getaddrinfo
• More Multi-Architecture IoT Malware
• Critical Cisco ASA IKEv1/v2 Vulnerability. Active Scanning Detected
• Beta Testers Wanted: Use a Raspberry Pi as a DShield Sensor
• Adobe Patch Tuesday - February 2016
• Microsoft February 2016 Patch Tuesday
• Out-of Order Java Update
• Fake Adobe Flash Update OS X Malware
• Targeted IPv6 Scans Using pool.ntp.org .
• SYN-ACK Packets With Data
• Couple updates and reminders
• Site Updates: ISC/DShield API and ipinfo_ascii.html Page
• Year End Surveys
• Survey: How Can We Get You to Submit Logs To Us
• First Exploit Attempts For Juniper Backdoor Against Honeypot
• Infocon Yellow: Juniper Backdoor (CVE-2015-7755 and CVE-2015-7756)
• Color My Logs: Providing Context for Your Logs Using Our Data
• Apple Patches Everything
• Adobe Flash Update
• December 2015 Microsoft Patch Tuesday
• Patch Tuesday Warmup: Internet Explorer Sunset and Windows XP Embedded End of Support
• SHA1 Phase Out Overview
• Superfish 2.0: Dell Windows Systems Pre-Installed TLS Root CA
• When Hunting BeEF, Yara rules.
• Help Wanted: Please help test our experimental PFSense Client
• Adobe Flash Player Update
• November 2015 Microsoft Patch Tuesday
• Internet Wide Scanners Wanted
• This Article is Brought to You By the Letter ノ
• Adobe Releases Surprise Shockwave Player Patch
• Typo Squatting Charities for Fake Tech Support Schemes
• OS X 10.11.1 (El Capitan) File System Deep Directory Buffer Overflow
• Apple Releases Updates for iOS, WatchOS, OS X, Safari and iTunes.
• Odd DNS TXT Record. Anybody Seen This Before?
• Oracle Critical Patch Update for Q3 2015 (Includes Java Updates)
• Ongoing Flash Vulnerabilities
• ISC Two Factor Authentication Update
• Do Extortionists Get Paid?
• Cyber Security Awareness Month: Protecting Your Network From "Dave"
• "Transport of London" Malicious E-Mail
• TLS Everywhere: Upgrade Insecurity Requests Header
• Adobe Updates Shockwave Player
• September 2015 Microsoft Patch Tuesday
• Dropbox Phishing via Compromised Wordpress Site
• Are You Protecting your Backdoor ?
• .COM.COM Used For Malicious Typo Squatting
• What Was Old is New Again: Honeypots!
• Whatever Happened to tmUnblock.cgi ("Moon Worm")
• Your SSH Server On Port 8080 Is No Longer "Hidden" Or "Safe"
• Special Microsoft Bulletin Patching Remote Code Execution Flaw in OpenType Font Drivers
• July 2015 Microsoft Patch Tuesday
• Adobe Updates Flash Player, Shockwave and PDF Reader
• Apple "Patch Tuesday"
• SMTP Brute Forcing
• OS X and iOS Unauthorized Cross Application Resource Access (XARA)
• Odd HTTP User Agents
• VMWare Workstation Guest Escape via Shared Printers on COM1
• How much is your IPv4 Space Worth
• Microsoft Patch Tuesday Summary for June 2015
• Web Application Security: It doesn't stop with the application
• Possible Wordpress Botnet C&C: errorcontent.com
• Lazy Coordinated Attacks Against Old Vulnerabilities
• IoT roundup: Apple Watch Patches, Router Vulnerabilities
• False Positive? settings-win.data.microsoft.com resolving to Microsoft Blackhole IP
• May 2015 Microsoft Patch Tuesday Summary
• The Art of Logging
• Dridex Redirecting to Malicious Dropbox Hosted File Via Google
• Logging Complete Requests in Apache 2.2 and 2.4
• Reminder: Secure Your Tomcat Admin Interface
• MS15-034: HTTP.sys (IIS) DoS And Possible Remote Code Execution. PATCH NOW
• Odd POST Request To Web Honeypot
• OpenSSL Patch Released
• Automatically Documenting Network Connections From New Devices Connected to Home Networks
• Who got the bad SSL Certificate? Using tshark to analyze the SSL handshake.
• Microsoft March Patch Tuesday
• Apple Patches for iOS, OS X and Apple TV
• Anybody Doing Anything About ANY Queries?
• How Do You Control the Internet of Things Inside Your Network?
• New Feature: Subnet Report
• Copy.com Used to Distribute Crypto Ransomware
• 11 Ways To Track Your Moves When Using a Web Browser
• Microsoft Patch Mayhem: February Patch Failure Summary
• Microsoft February Patch Failures Continue: KB3023607 vs. Cisco AnyConnect Client
• Did You Remove That Debug Code? Netatmo Weather Station Sending WPA Passphrase in the Clear
• Did PCI Just Kill E-Commerce By Saying SSL is Not Sufficient For Payment Info ? (spoiler: TLS!=SSL)
• Microsoft Hardens GPO by Fixing Two Serious Vulnerabilities.
• Anthem, TurboTax and How Things "Fit Together" Sometimes
• Tomcat security: Why run an exploit if you can just log in?
• Adobe Flash Player Update Released, Fixing CVE 2015-0313
• Another Network Forensic Tool for the Toolbox - Dshell
• What is using this library?
• New Critical GLibc Vulnerability CVE-2015-0235 (aka GHOST)
• "Stealth" Update for Flash from Adobe
• Flash 0-Day: Deciphering CVEs and Understanding Patches
• How Vulnerabilities Happen: Input Validation Problems
• Flash 0-Day Exploit Used by Angler Exploit Kit
• Oracle Critical Patch Update for Q1 2015 (Includes Java Updates)
• Finding Privilege Escalation Flaws in Linux
• Traffic Patterns For CryptoWall 3.0
• Adobe Patch Tuesday - January 2015
• Microsoft Patch Tuesday - January 2015 (Really? Telnet?)
• Are You Piratebay? thepiratebay.org Resolving to Various Hosts
• IoT: The Rise of the Machines (Guest Diary)
• A Packet a Day: ICMPv6 Type 1 Code 5
• "Rocket Kitten": Is it still APT if you can buy it off the shelf?
• Critical #NTP Vulnerability in ntpd prior to 4.2.8
• Exploit Kit Evolution During 2014 - Nuclear Pack
• Is the polkit Grinch Going to Steal your Christmas?
• Certified pre-pw0ned Android Smartphones: Coolpad Firmware Backdoor
• Safari 8.0.2 Still Supporting SSLv3 with Block Ciphers
• Customized Support Scam Supported by Typo Squatting
• Worm Backdoors and Secures QNAP Network Storage Devices
• Two VMWare Security Updates for vCloud Automation Center and Airwatch
• Malware Signed With Valid SONY Certificate (Update: This was a Joke!)
• Adobe December Patch Tuesday
• POODLE Strikes (Bites?) Again
• Does Your Vulnerability Scanner Speak Portuguese?
• Dridex Phishing Campaign uses Malicious Word Documents
• More Trouble For Hikvision DVRs
• Critical WordPress XSS Update
• Microsoft Will Release MS14-068 Later Today
• Updates for OS X , iOS and Apple TV
• Microsoft Updates MS14-066
• SChannel Update and Experimental Vulnerability Scanner (MS14-066)
• How bad is the SCHANNEL vulnerability (CVE-2014-6321) patched in MS14-066?
• Adobe Flash Update
• Microsoft November 2014 Patch Tuesday
• Important EMET 5.1 Update. Apply before Patches today
• Apple Updates (not just Yosemite)
• Logging SSL
• POODLE: Turning off SSLv3 for various servers and client.
• OpenSSL Releases OpenSSL 1.0.1j, 1.0.0o and 0.9.8zc
• SSLv3 POODLE Vulnerability Official Release
• OpenSSL Vulnerability leaked via OpenBSD patch (NOT!)?
• Microsoft October 2014 Patch Tuesday
• Adobe October 2014 Bulletins for Flash Player and Coldfusion
• CSAM: Be Wary of False Beacons
• CSAM: My servers started speaking IRC, and that is when I started to listen!
• CSAM: Scary ports and firewall remote administration
• Belkin Router Apocalypse: heartbeat.belkin.com outage taking routers down
• Confusion over SSL and 1024 bit keys
• CSAM: Patch and get pw0ned (not OR).
• Shellshock: More details released about CVE-2014-6277 and CVE-2014-6278. Also: Does Windows have a shellshock problem?
• Spoofed packets with Window Size 6667: Anybody else seeing this?
• CSAM: The Power of Virustotal to Turn Harmless Binaries Malicious
• Why is your Mac all for sudden using Bing as a search engine?
• CSAM: My Storage Array SSHs Outbound!
• Cyber Security Awareness Month 2014: Scary False Positives
• Shellshock: Updated Webcast (Now 6 bash related CVEs!)
• Shellshock: A Collection of Exploits seen in the wild
• Shellshock: We are not done yet CVE-2014-6277, CVE-2014-6278
• Shellshock: Vulnerable Systems you may have missed and how to move forward
• Webcast Briefing: Bash Code Injection Vulnerability
• Update on CVE-2014-6271: Vulnerability in bash (shellshock)
• jQuery.com Compromise: The Dangers of Third Party Hosted Content
• Fake LogMeIn Certificate Update with Bad AV Detection Rate
• iOS 7.1.x Exploit Released (CVE-2014-4377)
• Cyber Security Awareness Month: What's your favorite/most scary false positive
• Google DNS Server IP Address Spoofed for SNMP reflective Attacks
• Even Bad Malware Works
• Content Security Policy (CSP) is Growing Up.
• Odd Persistent Password Bruteforcing
• F5 BigIP Unauthenticated rsync Vulnerability
• False Positive or Not? Difficult to Analyze Javascript
• Updates for Apple Safari
• Exploit Available for Symantec End Point Protection
• All Passwords have been lost: What's next?
• Synolocker: Why OFFLINE Backups are important
• Legal Threat Spam: Sometimes it Gets Personal
• Interesting HTTP User Agent "chroot-apach0day"
• New Feature: "Live" SSH Brute Force Logs and New Kippo Client
• The Internet of Things: How do you "on-board" devices?
• Hardcoded Netgear Prosafe Switch Password
• Multi Platform *Coin Miner Attacking Routers on Port 32764
• Credit Card Processing in 700 Words or Less
• Simple Javascript Extortion Scheme Advertised via Bing
• Cisco Unified Communications Domain Manager Update
• Microsoft No-IP Takedown
• Apple Releases Patches for All Products
• Should I setup a Honeypot? [SANSFIRE]
• Metasploit now includes module to exploit CVE-2014-0195 (OpenSSL DTLS Fragment Vuln.)
• Microsoft June Patch Tuesday Advance Notification
• Updated OpenSSL Patch Presentation
• More Details Regarding CVE-2014-0195 (DTLS arbitrary code execution)
• Critical OpenSSL Patch Available. Patch Now!
• When was the last time you checked your Comcast cable modem settings?
• Fake Australian Electric Bill Leads to Cryptolocker
• When Good Logs Go Bad: Do You Understand Your Logs?
• True Crypt Compromised / Removed?
• Discontinuing Support for ISC Alert Task Bar Icon
• Detecting Queries to "odd" DNS Servers
• De-Clouding your Life: Things that should not go into the cloud.
• Kippo Users Beware: Another fingerprinting trick
• Adobe May 2014 Patch Tuesday
• Microsoft May 2014 Patch Tuesday
• This is not a test/typo: Support for Windows 8.1 Ends in a month!
• SNMP: The next big thing in DDoS Attacks?
• New DNS Spoofing Technique: Why we haven't covered it.
• And the Web it keeps Changing: Recent security relevant changes to Browsers and HTML/HTTP Standards
• Coin Mining DVRs: A compromise from start to finish.
• Microsoft Announces Special Patch for IE 0-day (Win XP included!)
• Busybox Honeypot Fingerprinting and a new DVR scanner
• Be on the Lookout: Odd DNS Traffic, Possible C&C Traffic
• DHCPv6 and DUID Confusion
• Port 32764 Router Backdoor is Back (or was it ever gone?)
• Apple Patches for OS X, iOS and Apple TV.
• Oracle Critical Patch Update for April 2014
• How to talk to your kids (or manager) about "Heartbleed"
• * Patch Now: OpenSSL "Heartbleed" Vulnerability
• Attack or Bad Link? Your Guess?
• cmd.so Synology Scanner Also Found on Routers
• More Device Malware: This is why your DVR attacked my Synology Disk Station (and now with Bitcoin Miner!)
• War of the Bots: When DVRs attack NASs
• Let's Finally "Nail" This Port 5000 Traffic - Synology owners needed.
• A few updates on "The Moon" worm
• New Microsoft Advisory: Unpatched Word Flaw used in Targeted Attacks
• Integrating Physical Security Sensors
• Cisco AsyncOS Patch
• Normalizing IPv6 Addresses
• Scans for FCKEditor File Manager
• Wordpress "Pingback" DDoS Attacks
• Microsoft Patch Tuesday March 2014
• Adobe Updates: Flash Player
• UPS Malware Spam Using Fake SPF Headers
• More Details About "TheMoon" Linksys Worm
• Scanning for Symantec Endpoint Manager
• Linksys Worm "TheMoon" Summary: What we know so far
• Linksys Worm ("TheMoon") Captured
• Suspected Mass Exploit Against Linksys E1000 / E1200 Routers
• Adobe February 2014 Patch Tuesday
• February 2014 Microsoft Patch Tuesday
• Microsoft Advance Notification for February 2014
• To Merrillville or Sochi: How Dangerous is it to travel?
• Odd ICMP Echo Request Payload
• Adobe Flash Player Emergency Patch
• Do you block "new" domain names?
• When an Attack isn't an Attack
• New gTLDs appearing in the root zone
• IPv6 and isc.sans.edu (Update)
• Oracle Reports Vulnerability
• How to Debug DKIM
• How to send mass e-mail the right way
• Oracle Critical Patch Update January 2014
• Adobe Patch Tuesday January 2014
• Microsoft Patch Tuesday January 2014
• Got an IPv6 Firewall?
• Scans Increase for New Linksys Backdoor (32764/TCP)
• Exposed .svn Directories
• WhatsApp Malware Spam uses Geolocation to Mass Customize Filename
• Browser Fingerprinting via SSL Client Hello Messages
• Facebook Phishing and Malware via Tumblr Redirects
• Microsoft December Patch Tuesday
• More Bad Port 0 Traffic
• vBulletin.com Compromise - Possible 0-day
• Am I Sending Traffic to a "Sinkhole"?
• The Security Impact of HTTP Caching Headers
• Packet Challenge for the Hivemind: What's happening with this Ethernet header?
• Adobe, Google and other Patch Tuesday patches
• November 2013 Microsoft Patch Tuesday
• OpenSSH Vulnerability
• What Happened to the SANS Ads?
• Microsoft Patch Tuesday Preview
• Rapid7 Discloses IPMI Vulnerabilities
• PHP.net compromise aftermath: Why Code Signing Beats Hashes
• Are you a small business that experienced a DoS attack?
• False Positive: php.net Malware Alert
• Netflow on Nexus 1000v
• New tricks that may bring DNS spoofing back or: "Why you should enable DNSSEC even if it is a pain to do"
• .QA (Qatar) TLD Compromised
• Yet Another WHMCS SQL Injection Exploit
• google.com.my DNS hijack
• CSAM: SSL Request Logs
• Other Patch Tuesday Updates (Adobe, Apple)
• CSAM: ANY queries used in reflective DoS attack
• Microsoft October 2013 Patch Tuesday
• Anti-Virus Company Avira Homepage Defaced
• The Adobe Breach FAQ
• October Patch Tuesday Preview (CVE-2013-3893 patch coming!)
• CSAM: Web Honeypot Logs
• CSAM: Misc. DNS Logs
• iOS 7 Adds Multipath TCP
• How do you monitor DNS?
• A Random Diary
• Reboot Wednesday: Yesterday's Patch Tuesday Aftermath
• In Defense of Biometrics
• SSL is broken. So what?
• When does your browser send a "Referer" header (or not)?
• Running Snort on ESXi using the Distributed Switch
• Imaging LUKS Encrypted Drives
• How to get sufficient funding for your security program (without having a major incident)
• .GOV zones may not resolve due to DNSSEC problems.
• Firefox 23 and Mixed Active Content
• OpenX Ad Server Backdoor
• BBCode tag "[php]" used to inject php code
• Fake American Express Alerts
• Scans for Open File Uploads into CKEditor
• McAfee Artemis/GTI File Reputation False Positive
• POP3 Server Brute Forcing Attempts Using Polycom Credentials
• More heavily URL encoded PHP Exploits against Plesk "phppath" vulnerability
• Dovecot / Exim Exploit Detects
• A Couple of SSH Brute Force Compromises
• A couple Site Updates
• Apple Developer Site Breach
• Network Solutions Outage
• Why don't we see more examples of web app attacks via POST?
• Problems with MS13-057
• Microsoft Teredo Server "Sunset"
• .NL Registrar Compromisse
• Instagram "Fruit" Spam
• Opera got pw0n3d: But did you get pw0n3d too?
• Linkedin DNS Hijack
• Stupid Little IPv6 Tricks
• When Google isn't Google
• Plesk 0-day: Real or not?
• Apple releases OS 10.8.4
• There's value in your logs! (Part 2)
• Running Snort on VMWare ESXi
• Nuclear Scientists, Pandas and EMET Keeping Me Honest
• Ubuntu Package available to submit firewall logs to DShield
• SSL: Another reason not to ignore IPv6
• Microsoft and Adobe Patch Tuesday Pre-Release
• "De Flashing" the ISC Web Site and Flash XSS issues
• Are there any websites that are NOT compromised?
• Internet Explorer 8 0-Day Update (CVE-2013-1347)
• Protocol 61 Packets Follow Up
• Protocol 61: Anybody got packets?
• Cleaning Up After the Leak: Hiding exposed web content
• Postgresql Patches Critical Vulnerability
• Microsoft April Patch Tuesday Advance Notification
• The HTTP "Range" Header
• IPv6 Focus Month: IPv6 over IPv4 Preference
• IPv6 Focus Month: The warm and fuzzy side of IPv6
• Scam of the day: More fake CNN e-mails
• Windows 7 SP1 and Windows Server 2008 R2 SP1 Being "pushed" today
• IPv6 Focus Month: What is changing with DHCP
• IPv6 Focus Month: Kaspersky Firewall IPv6 Vulnerability
• IPv6 Focus Month: Filtering ICMPv6 at the Border
• IPv6 Focus Month: Addresses
• Punkspider enumerates web application vulnerabilities
• Trustwave Trustkeeper Phish
• Mass-Customized Malware Lures: Don't trust your cat!
• What has Iran been up to lately?
• When web sites go bad: bible . org compromise
• Zendesk breach affects Tumblr/Pinterest/Twitter
• Update Palooza
• EDUCAUSE Breach
• Oracle Updates Java (Java 7 Update 15, Java 6 update 41)
• APT1, Unit 61398 and are state sponsored attacks real
• Microsoft February Patch Tuesday Advance Notification
• Intel Network Card (82574L) Packet of Death
• Are you losing system logging information (and don't know it)?
• HTTP Range Header and Partial Downloads
• IPv6 Focus Month
• Exposed UPNP Devices
• iOS 6.1 Released
• Vulnerability Scans via Search Engines (Request for Logs)
• Barracuda "Back Door"
• Java is still exploitable and is likely going to remain so.
• New Format for Monthly Threat Update
• FixIt Available for Internet Explorer Vulnerability
• What if Tomorrow Was the Day?
• Your CPA License has not been revoked
• How to identify if you are behind a "Transparent Proxy"
• Where do your backup tapes go to die?
• What to watch out For on Election Day
• Possible Fake-AV Ads from Doubleclick Servers
• Reminder: Ongoing SMTP Brute Forcing Attacks
• Cyber Security Awareness Month - Day 31 - Business Continuity and Disaster Recovery
• Hurricane Sandy Update
• Cyber Security Awareness Month - Day 22: Connectors
• Cyber Security Awareness Month - Day 19: Standard log formats and CEE.
• Cyber Security Awareness Month - Day 16: W3C and HTML
• Microsoft October 2012 Black Tuesday Update - Overview
• Cyber Security Awreness Month - Day 9 - Request for Comment (RFC)
• Cyber Security Awareness Month - Day 5: Standards Body Soup, So many Flavors in the bowl.
• Microsoft October Patch Pre-Announcement
• Cyber Security Awareness Month - Day 4: Crypto Standards
• Cyber Security Awareness Month
• More Java Woes
• Some Android phones can be reset to factory default by clicking on links
• iOS 6 Security Roundup
• Godaddy DDoS Attack
• Microsoft Patch Tuesday Pre-Release
• SSL Requests sent to port 80 (request for help/input)
• Another round of "Spot the Exploit E-Mail"
• VMware Updates
• "Data" URLs used for in-URL phishing
• The Good, Bad and Ugly about Assigning IPv6 Addresses
• Malware Spam harvesting Facebook Information
• A Poor Man's DNS Anomaly Detection Script
• Google Chrome 21 and getUserMedia API
• Apple Releases Safari 6
• Apple OS X 10.8 (Mountain Lion) released
• Microsoft Exchange/Sharepoint and others: Oracle Outside In Vulnerability
• Most Anti-Privacy Web Browsing Tool Ever?
• The FBI will turn off the Internet on Monday (or not)
• ocsp.comodoca.com blocklisted (by comodo itself)
• Authenticating E-Mail
• Spot the Phish: Verizon Wireless
• VMWare Security Advisories
• Microsoft Certificate Updater
• ICANN "Reveal Day" Lists new TLD Applications
• The bane of XSS
• Exploit Available for Trivial MySQL Password Bypass
• Microsoft Update Security
• Microsoft June Security Bulletin Advance Notification
• IPMI: Hacking servers that are turned "off"
• Microsoft Emergency Bulletin: Unauthorized Certificate used in "Flame"
• What Does "IPv6 Day" mean to you?
• Apple Releases iOS Security Specs
• NASA Man-in-the-Middle Attack: Why you should use proper SSL Certificates
• Why Flame is Lame
• SCADA@Home: Your health is no secret no more!
• Speeding up the Web and your IDS / Firewall
• When factors collapse and two factor authentication becomes one.
• The "Do Not Track" header
• nmap 6 released
• ZTE Score M Android Phone backdoor
• Do Firewalls make sense?
• Reserved IP Address Space Reminder
• Got Packets? Odd duplicate DNS replies from 10.x IP Addresses
• Critical Unpatched Oracle Vulnerability
• Not your Parent's Wireless Threat
• Another OS X Java Patch
• Social Share Privacy
• Evil hides everywhere: Web Application Exploits in Headers
• SHA 1-2-3
• Firefox 3.6 EOL
• Virus Bulletin Spam Filter Test
• A Reminder: Private Key Security
• Apple Released Safari 5.1.4
• An Analysis of Jester's QR Code Attack. (Guest Diary)
• Apple Patches
• What happened to RFI attacks?
• Adobe Flash Player Security Update
• Flashback Malware now with Twitter C&C
• COX Network Outage
• Odd Vanishing Signatures in OS X XProtect
• Apache 2.4 Features
• How to test OS X Mountain Lion's Gatekeeper in Lion
• The Ultimate OS X Hardening Guide Collection
• Adobe Flash Player Update
• February 2012 Microsoft Black Tuesday
• Adobe Shockwave Player and RoboHelp for Word Patches
• Secure E-Mail Access
• Critical PHP bug patched
• Javascript DDoS Tool Analysis
• Use of Mixed Case DNS Queries
• Firefox 9 Security Fixes
• New Vulnerability in Windows 7 64 bit
• December 2011 Adobe Black Tuesday
• Possible Widespread DNS Attack (info wanted)
• December 2011 Microsoft Black Tuesday Summary
• SCADA hacks published on Pastebin
• Details About the fbi.gov DNSSEC Configuration Issue.
• House for rent! Observing an Overpayment Scam
• Critical Control 16: Secure Network Engineering
• New Flash Click Jacking Exploit
• JBoss Worm
• Evil Printers Sending Mail
• Critical Control 13: Limitation and Control of Network Ports, Protocols, and Services
• Critical Control 9 - Controlled Access Based on the Need to Know
• Critical OS X Vulnerability Patched
• Adobe SSL Certificate Problem (fixed)
• Critical Control 3 - Secure Configurations for Hardware and Software on Laptops, Workstations and Servers
• SSH Vandals?
• Early Patch Tuesday Today: Microsoft September 2011 Patches
• More RDP Worm Variants?
• Large power outage in Southern California
• Microsoft Releases Diginotar Related Patch and Advisory
• Kernel.org Compromise
• Phishing e-mail to custom e-mail addresses
• DigiNotar SSL Breach
• A Packet Challenge: Help us identify this traffic
• Some Hurricane Technology Tips
• What are the most dangerous web applications and how to secure them?
• Theoretical and Practical Password Entropy
• Common Web Attacks. A quick 404 project update
• IRC traffic on non standard ports
• Malicious Images: What's a QR Code
• Cisco shipping malicious warranty CD
• Port 3389 / terminal services scans
• Announcing: The "404 Project"
• Apple Battery Firmware Default Password
• Lion: What is new in Security
• Random SSL Tips and Tricks
• Deja-Vu: Cisco VPN Windows Client Privilege Escalation
• DNSSEC Tips
• Hashing Passwords
• Are All Networks Vulnerable?
• IPv6 Day Summary
• Spam from compromised Hotmail accounts
• IPv6 Day Started
• RSA Offers to Replace Tokens
• The Havij SQL Injection Tool
• IPv6 RA-Guard: How it works and how to defeat it
• Some Insight into Apple's Anti-Virus Signatures
• ISC Site Redesign
• Enabling Privacy Enhanced Addresses for IPv6
• Apple Improving OS X Anti-Malware Feature
• Skype EasyBits Add-on
• Lockheed Martin and RSA Tokens
• Allied Telesis Passwords Leaked
• A Couple Days of Logs: Looking for the Russian Business Network
• ActiveX Flaw Affecting SCADA systems
• Patch for BIND 9.8.0 DoS Vulnerability
• Analyzing Teredo with tshark and Wireshark
• Update on Osama Bin Laden themed Malware
• Bin Laden Death Related Malware
• iPhone GPS Data Storage
• Apple Security Patches for OS X and iOS
• dshield.org now DNSSEC signed via .org
• Update to Adobe Flash 0-day: Patch will be out soon
• Yet another Adobe Flash/Reader/Acrobat 0 day
• Layer 2 DoS and other IPv6 Tricks
• GMail User Using 2FA Warned of Access From China
• Dark Black Tuesday Coming Up: 17 Microsoft Bulletins
• IPv6 MITM via fake router advertisements
• Comodo RA Compromise
• Microsoft Advisory about fraudulent SSL Certificates
• Firefox 3 Updates and SSL Blocklist extension
• Firefox 4 Security Features
• Analyzing HTTP Packet Captures
• Outbound SSH Traffic from HP Virtual Connect Blades
• Thunderbolt Security Speculations
• Windows 7 / 2008 R2 Service Pack 1 Problems
• Windows 7 Service Pack 1 out
• ISC/DShield Website Update
• Tippingpoint Releases Details on Unpatched Bugs
• Having Phish on Friday
• The End Of IP As We Know It
• Packet Tricks with xxd
• Microsoft's Secure Developer Tools
• Flash Local-with-filesystem Sandbox Bypass
• Currently Unpatched Windows / Internet Explorer Vulnerabilities
• Microsoft Advisory: Vulnerability in Graphics Rendering Engine
• ipv6finder : How ready are you for IPv6?
• After cross_fuzz leak: More Internet Explorer Vulnerabilities reported
• Survey: Software Security Awareness Training
• VMWare Security Advisory VMSA-2011-0001
• What Will Matter in 2011
• Various sites "Owned and Exposed"
• Reports of Attacks against EXIM vulnerability
• OpenBSD IPSec "Backdoor"
• Insecure Handling of URL Schemes in iOS
• November 2010 Microsoft Black Tuesday Summary
• Today's Adobe Patches and Vulnerablities
• Microsoft Smart Screen False Positivies
• Microsoft Patches Pre-Announcement
• DNSSEC Progress for .com and .net
• Limited Malicious Search Engine Poisoning for Election
• Cyber Security Awareness Month - Day 14 - Securing a public computer
• Implementing two Factor Authentication on the Cheap
• OpenX Ad-Server Vulnerability
• A Packet a Day
• Facebook "Like Pages"
• Microsoft Out-of-Band bulletin addresses LNK/Shortcut vulnerability
• Solar activity may cause problems this week
• When Lightning Strikes
• Microsoft LNK vulnerability fix coming on Monday
• Adobe PDF Reader "Launch" vulnerability still exploitable
• How to be a better spy: Cyber security lessons from the recent russian spy arrests
• IPv6 Support in iOS 4
• Changes to Internet Storm Center Host Name
• Top 10 Things you may not know about tcpdump
• Canonical Display Driver Vulnerability
• .de TLD Outage
• Stock market "wipe out" may be due to computer error
• Sharepoint XSS Vulnerability
• New OWASP Top 10 - Final Release
• isc.sans.org SSL Certificate and URL extensions
• Microsoft April 2010 Patch Tuesday
• Apache.org Bugtracker Breach
• More Legal Threat Malware E-Mail
• Continuing ISC / SANS Network Outage
• our primary datacenter is currently experiencing a network outage
• PDF Arbitrary Code Execution - vulnerable by design.
• ".sys" Directories Delivering Driveby Downloads
• Reports about large number of fake Amazon order confirmations
• Search Engine Poisoning: Chile Earthquake
• Teredo "stray packet" analysis
• Various Olympics Related Dangerous Google Searches
• New ISC Tool: Whitelist Hash Database
• MS10-015 may cause Windows XP to blue screen
• Twitpic, EXIF and GPS: I Know Where You Did it Last Summer
• February 2010 Black Tuesday Overview
• Microsoft Patch Tuesday Pre-Release
• Information Disclosure Vulnerability in Internet Explorer
• Twitter Mass Password Reset due to Phishing
• Pushdo Update
• Analyzing isc.sans.org weblogs, part 2, RFI attacks
• Microsoft January Out of Band Patch
• New Microsoft Advisory: Vulnerability in Windows Kernel Privilege Escalation (CVE-2010-0232)
• Unpatched Microsoft Windows (all versions) Privilege Escalation Vulnerability Released
• SMS Donations Advertised via Twitter
• Haiti Earthquake: Possible scams / malware
• Pre-Announced Adobe Reader and Acrobat Patch Found!
• Oracle Patches Relased
• Microsoft Advices XP Users to Uninstall Flash Player 6
• Microsoft Security Bulletin: January 2010
• IPv6 and isc.sans.org
• Baidu defaced - Domain Registrar Tampering
• Microsoft Patch Tuesday - Preannouncement
• Fake Android Application
• 6.5 magnitude earthquake in California causing local poweroutage
• Denial of Service Attack Aftermath (and what did Iran have to do with it?)
• Tell us about your Christmas Family Emergency Kit
• Important BIND name server updates - DNSSEC
• Adobe 0-day in the wild - again
• Cyber Security Awareness Month - Day 28 - ntp (123/udp)
• Sniffing SSL: RFC 4366 and TLS Extensions
• Today: ISC Login bugfix day. If you have issues logging in using OpenID, please email a copy of your OpenID URL to jullrich\at\sans.edu
• Web honeypot Update
• Odd Apache/MSIE issue with downloads from ISC
• Microsoft October 2009 Black Tuesday Overview
• New Adobe Vulnerability Exploited in Targeted Attacks
• Cyber Security Awareness Month - Day 8 - Port 25 - SMTP
• Firefox Plugin Collections
• New ISC Feature: One Liner "event notes"
• SANS releases new Cyber Security Risk Report
• Healthcare Spam
• Malicious CD ROMs mailed to banks
• Cisco over-the-air-provisioning skyjacking exploit
• WSUS 3.0 SP2 released
• CA eTrust update crashes systems
• Help us: How to make ISC/DShield more useful
• Swine Flu (Mexican Flu) related domains
• Pandemic Preparation - Swine Flu
• Odd DNS Resolution for Google via OpenDNS
• Twitter Packet Challenge Solution
• Conficker update with payload
• SSH scanning from compromised mail servers
• Tax Season Scams
• Common Apache Misconception
• Cyber Security Act of 2009
• Identifying applications using UDP payload
• new rogue-DHCP server malware
• Apple Security Updates
• New ISC Feature: Micro Podcasts
• January Black Tuesday Overview
• SANS Log Management Survey
• MD5 SSL Summary
• Firefox extension used as password stealer?
• MSIE 0-day Spreading Via SQL Injection
• Day 27 - Validation via Vulnerability Scanning
• Day 22 - Wiping Disks and Media
• Day 21 - Removing Bots, Keyloggers, and Spyware
• Wireshark 1.0.4 released
• Fraudulent ATM Reactivation Phone Calls.
• Domaincontrol (GoDaddy) Nameservers DNS Poisoning
• Day 8 - Global Incident Awareness
• A morning stroll through my web logs
• Upcoming Infocon Test and new Color
• DNSSEC for DShield.org
• VMWare ESX 3.5u2 Errors
• isc.sans.org vs. isc.org
• One Bushel of Apple Updates
• Weblog Observations
• Java Update
• Unpatched Word Vulnerability
• Mulitple Vendors DNS Spoofing Vulnerability
• Floods: More of the same (2)
• SQL Injection: More of the same
• ISC Flyer is ready
• Reminder: Proper use of DShield data
• Suggestions wanted for ISC
• It's Tax Day
• SRI Malware Threat Center
• Internet Storm Center Podcast
• Finding hidden gems (easter eggs) in your logs (packet challenge!)
• New coordinator for US Government Network Security
• Brief DShield Outage this Weekend.
• More cable outages in the middle east
• Guest Editorial: Internet Governance Forum (Gadi Evron)
• Mystery Packets, Protocol 139
• New version of cvtwin, now with HTTP upload
• Search engines that are no search engines
• Top IPv6 Implementation Issues
• Cyber Jihad Called Off
• Soon to come: IRS Spam
• Cyber Security Awareness Tip #30 - Blogging and Social Networking
• VoIP Spam (Vonage?)
• Cyber Security Awareness Tip #29: Insider Threats
• URL Update to Internet Explorer URL Handling Vulnerability
• Wildfire Scams
• The future of security, trust and e-commerce
• Cyber Security Awareness Tip #16: Protecting Portable Media
• Updated Daily Sources Feed
• Congratulations Brian Granier!
• Web Application Security Followup: Password Strength
• Financial Website Security
• Experimental Storm Worm DNS Blocklist
• BIND cache poisoning vulnerability details released
• Websense blocking isc.sans.org
• Blocklisting Bad Apples
• Storm of the Day, Now with YouTube
• Windows Genuine Advantage (WGA) servers down
• The value of Non-Delivery-Reports (NDR). Friday Editorial
• Copper Thefts
• Hurricane Dean
• Storm of the Day (Welcome Member)
• Sunday Distractions: Safe for Work YouTube Videos
• ISC / DShield e-mail now with PGP signature
• Couple ISC site updates
• Reporting firewall logs
• Yahoo down
• MySpace Flux Malware
• Spam volume
• Preventing spoofed internal e-mail
• June 2007, Microsoft Patch Tuesday Overview.
• Beta Software (Safari for Windows)
• Massive list of compromised sites
• Attributing Attacks
• Stupid XSS mistake, and why its so hard to write good code
• More IE7 Beta spam/malware
• port 443 / https increase
• We need your help: VA Tech Domains
• Blackberry Outage
• New DShield Feature: Highly Predictive Blocklists.
• EXE/ZIP e-mail viruses (editorial)
• SANS Software Security Institute
• Quick intro to auditing web applications.
• Blocking .exe attachments
• Windows Vista availability
• Site Downtime Reminder
• Prepared statements in MySQL and PHP
• Good ol' Web Defacements
• ISC Downtime / Redesign
• MS06-074: SNMP Buffer Overflow (CVE2006-5583)
• MS06-073: WMI Object Broker Vulnerability (CVE-2006-4704)
• 404dnserror Adware
• New Data Retention Rules Effective Today
• Port 80 UDP Malware
• US DHS banking alert
• Bot C&C Servers on Port 80
• SANS Top 20 Update
• MS06-067: Internet Explorer DirectAnimation and HTML Rendering Vulnerability
• MS06-066: Netware Client Service Buffer Overflow
• Packet Challenge: Fragments and a Blast from the Past
• Broadcom Wireless Vulnerability
• fragmented packet challenge
• Windows WMIObjectBroker 0-Day Exploit
• Form Spam: Increasing the Attacker's work function.
• Substantial Increase in Infected System Numbers (is it real?)
• Internet Explorer XML Vulnerability
• Internet Explorer 7.0 High Priority Update
• MSIE IE7 Popup Address Bar Spoofing Vulnerability
• Java Trojan/Bot
• New UrSnif/Haxdoor Variant
• 0-Day Thursday: PoC for Powerpoint Vulnerability
• MS06-061: XSLT/MSXML Buffer Overflow Code Execution Vulnerability (moderate)
• MS06-056: ASP.NET XSS Information Disclosure Vulnerability (moderate)
• Apple updates Airport Drivers
• Updated Packet Attack flash animation
• Ernesto domain name registrations up
• PHP Security Update
• More MS06-042 woes
• Tip of the Day - PHP Security
• MS06-040 and MS06-042 updates
• MS06-044: Microsoft Management Console Cross Site Scripting.
• MS06-042: Internet Explorer Rollup Patch
• Tip of the Day: Use ssh keys
• Tip of the Day: Turn off your Computer
• WiFi Device Driver Issues
• *Intel Centrino Vulnerabilities
• Tip of the Day: Strong Passwords
• Out-Share or Die!
• phpMyChat scan
• Sysadmin Appreciation Day
• ASN.1 Attacks / MS04-007
• The dangers of shared web hosts
• Rumors about IIS 6.0 issues
• Webcast archive available
• Exploits for most recent Microsoft Patches
• SANSFIRE: Internet Storm Center Training Event
• Widespread Routing Outages
• Word 0-day, recommended defenses.
• Phishers use urlencoding to obfuscate hostnames
• UPnP Problems
• Apple OSX Patches, 2006-003
• Firefox 1.5.0.3 Vulnerability Update
• Microsoft Patch Tuesday: Expected Exchange patch problems.
• Monthly Threat Update Webcast
• Typo-Squatting and Password Best Practices
• Banks use non-ssl login forms.
• How to deal with Oracle patches?
• phpBB bots/worms
• Patch Tuesday Fallout
• Verisign Site Seal Update
• Couple ISC Site Updates
• Temporary Patches for createTextRange Vulnerability
• Apple Updates the Update
• Large Child porn Arrest and how to report it.
• March Microsoft Security Bulletins Released
• Cingular wireless outage
• Apple Security Update 2006-001 (more details)
• Probes for Cisco Web Interface
• How to setup penetration testing exercises.
• Blackworm Notifications
• BlackWorm Summary
• Bot herds exploring vertical markets
• Infocon back to green
• Recommended Block List
• WMF FAQ
• Bots: They are not just for Windows anymore.
• Getting Ready for the Holidays
• Updated RSS Feed
• Wrap-up: What? No Link?
• Microsoft December Patches
• MS05-051 POC Exploit
• More Sober Variants
• Infocon back to green
• * Internet Explorer 0-day exploit
• Major Cogent outage
• New ISC PGP Key
• IPSEC / ISAKMP Vulnerability wrapup
• Stolen Laptops
• Defeating A/V by inserting forged data
• Ethereal Advisory
• Escaping the P2P-induced alert onslaught
• An Assessment of the Oracle Password Hashing Algorithm
• UDP traffic to port 50368
• Infocon Yellow: Snort BO Vulnerability
• Oracle Patches
• Snort BO pre-processor Vulnerability
• MS05-051 exploit spotted
• Weekend Predictions.
• New Handler: Mohammed Haron
• How to contribute your data to DShield / ISC
• Larger Power Outage in Los Angeles
• AT&T Network Outage
• ISC/DShield Network Downtime
• Cyber-Looting update
• Continued great response to call for Volunteers
• New Diary Format
• Malware URLs.
• Port 10000; ssh brute forcing; yet another bagle?
• Multiple Greeting Card scams; MSFT time server; Sober next Monday; Netscape 8.01; Pharming
• * New DNS cache poisoning server; DNS Poisoning stats; Bluemountain; Win2k3 SP1; awstat.pl Details; port 1025; MS05-002 problem
• LAND Attack Update; DNS Poisoning Update; ssh attacks; IM Malware; Brazilian Honeynet
• Skype; Grepping Weblogs; COAST; ISTS News
• Port 41523; Linux Exploit; Phishing Name server; New Feature: tcp %; ssh attacks; MSRC blog
• AWStats Exploits, Port 7162/TCP and 24212/TCP traffic, spamvertised site redirected to Al'Jazeera
• SQL Injection: Paper & Worm, WINS, Asking for Input.
• * UPDATE: phpBB Worm. Holiday Security Guide, Predictions for 2005, Sign that you take security too serious.
• PHP Vulnerabilities
• IMAP scans, password protected image, database update, sco hack, cdi east.
• New MyDoom Variant uses unpatched exploit, Phishing tip, AV False Positive, Virus Naming
• Microsoft ASP.NET vulnerability, URL obfuscation, more MD5
• System Store Trojan, Infection Persistence, Save the Pr0n
• MyDoom Details, ssh password brute forcing.
• MyDoom-O hits search engines hard.
• more https scanning reports
• ZoneAlarm Update, RoadRunner Email, Network Monitoring, Mailbag
• Port 16191 fragment update, mail server dictionary attack, top 10 signs that you are infected
• A quiet day on the Internet
• Port 5000 increase due to two worms: Bobax and Kibuv
• port 135 spikes, Lovegate, Welchia.K, Mailbag, Unix Security
• LSASS exploit, SSL PCT exploits, port 559 (tcp) proxy hunter, Bagle.Z
• New Phishing Technique / Vulnerability Data Base Resource
• Beagle Exploit, SSL NULL encryption (update), port 12345 and 1026
• Witty Worm Wrap-up
• MS Monthly Updates Released
• LDAP Scan increase. Win98 ASN.1 patch, MyDoom Remover, Win98 free update CD
• Nachia B Worm, Microsoft XML
• www.sco.com unreachable
• 0x01 trojan update (ev1.net host), openssl proof of concept exploit, HP mystery ssh patch
• Symantec AV linked to Verisign certificate problem, DUGallery, False Weather Alerts, more phishing
• quiet holiday weekend
• h00d IRC bot, localhost port 80 traffic
• Port 10 traffic; 139 &1433 report; DCE RPC Vectors
• Apple Updates Everything (again) ... and fixes a "911 DoS bug" in iOS
• What Keeps My Honeypot Busy These Days