Threat Level: green Handler on Duty: Deborah Hale

SANS ISC: Internet Storm Center - SANS Internet Storm Center Internet Storm Center

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Latest Diaries

Angler Exploit Kits Reported

Published: 2016-08-31
Last Updated: 2016-08-31 18:12:41 UTC
by Deborah Hale (Version: 1)
0 comment(s)

We have had a report from one of our readers (thanks Andrew) indicating that they are seeing Angler Exploit Kit attempts in the past 2 days appearing to be tied to Heart Internet. I am not seeing any activity in my logs. 

Is anyone else seeing this type of activity in your weblogs?


Deb Hale

Keywords: Angler Angler EK
0 comment(s)

Cisco Security Advisories Issued

Published: 2016-08-31
Last Updated: 2016-08-31 18:04:25 UTC
by Deborah Hale (Version: 1)
0 comment(s)

If you use any of these Cisco Devices please take recommended action.

WebEx Player -

Cisco Small Business 220 Series Smart Plus (Sx220) Switches-

Cisco Small Business SPA3x/5x Series -

Deb Hale


Keywords: Cisco Advisory
0 comment(s)

Dropbox Breach

Published: 2016-08-31
Last Updated: 2016-08-31 16:22:34 UTC
by Deborah Hale (Version: 1)
0 comment(s)

Dropbox has just been added to the myriad of sites that have been hacked.  It seems that back in 2012 there was a breach and around 60 million accounts were stolen.  There is now evidence surfacing that the details from the accounts are out there.  Dropbox is forcing password changes for a number of users that have been affected. 

I don’t use dropbox but have a number of our employees that do so I went to to check their accounts.  Sure enough I had a couple that were included in the list.  I immediately notified the users to change their dropbox passwords.  Out of curiosity I checked my email addresses… I use several for security purposes.  I found that 3 of mine were listed.  One was for a potential breach at  They notified me several weeks ago and when I logged in I was forced to change my password.  I felt pretty good about that.  However, what I discovered today is that I also had a potential breach from which I was not notified of on 2 of my email addresses.  I forgot that I had even setup an account on the one email address.  I also discovered that I had a potential breach on an email address that I no longer use for  Of course, no way to change this password because that email address has been done away with. I requested my account to be removed. Hopefully, they will take care of that. Interesting that I have a subscription to one of the so-called financial protection sites that are supposed to be watching for these and notifying me when it happens.  I was notified by them about 6 weeks after I received the email from Logmein that I may have been breached.  They have never notified me of the others.  I guess I will keep an eye on my email addresses using the previously mentioned website.

I then started looking at some key email addresses here in the company.  One of them had a potential breach on  I notified the user and his response was so why would they steal LinkedIn information.  My response, not sure…  Perhaps they are banking on people using the same password for other accounts such as banking/credit card accounts.  If they happen on to the email address in some other “breach” (such as your bank or your credit card) they will try the password.  His response was might be a good time to change some passwords.

An article on Motherboard concerning the breach states:

This is just the latest so-called “mega-breach” to be revealed. This summer, hundreds of millions of records from sites such as LinkedIn, MySpace, Tumblr, and from years-old data breaches were sold and traded amongst hackers.

Perhaps it is a good time to change those passwords as well. I try not to use the same password for multiple sites and I strive to use good strong passwords. I have devised a scheme in creating my passwords that allows me to recall the password from any site even though all of the passwords are different. 

Many thanks to Troy for the website. 

For more information about the Dropbox breach see …

Deb Hale

0 comment(s)

If you have more information or corrections regarding our diary, please share.

Recent Diaries

View All Diaries →

Latest Discussions

API call to get the IP list at the sources page?
created 1 day ago by John (0 replies)

Why flex css properties does not work on Safari.
created 1 day ago by Mike (0 replies)

created 2 days ago by Hausi (0 replies)

New telnet attack? command injection against telnet...
created 1 week ago by EricWedaa (2 replies)

SWIFT frauds
created 1 week ago by RAJASEKHARAN (0 replies)

View All Forums →

Latest News

View All News →

Top Diaries

Critical Cisco ASA IKEv1/v2 Vulnerability. Active Scanning Detected
6 months ago by Dr. J. (25 comments)

Data Classification For the Masses
1 week ago by Xme (14 comments)

An Approach to Vulnerability Management
2 months ago by Russell (13 comments)

Using File Entropy to Identify "Ransomwared" Files
3 weeks ago by Rob VandenBrink (2 comments)

Voice Message Notifications Deliver Ransomware
1 week ago by Xme (6 comments)