Diaries by Keyword - SANS Internet Storm Center

Handler on Duty: Johannes Ullrich

Threat Level: green

Date	Author	Title
BACK TUESDAY
2013-09-10	Swa Frantzen	Microsoft September 2013 Black Tuesday Overview
2013-07-09	Swa Frantzen	Microsoft July 2013 Black Tuesday Overview
2013-06-11	Swa Frantzen	Microsoft June 2013 Black Tuesday Overview
2013-06-11	Swa Frantzen	Other Microsoft Black Tuesday News
2013-05-14	Swa Frantzen	Microsoft May 2013 Black Tuesday Overview
2013-05-14	Swa Frantzen	Firefox & Thunderbird released
2013-03-12	Swa Frantzen	Microsoft March 2013 Black Tuesday Overview
2009-05-12	Swa Frantzen	May Black Tuesday Overview
BACK
2025-06-02/a>	Xavier Mertens	Simple SSH Backdoor
2025-05-22/a>	Johannes Ullrich	Resilient Secure Backup Connectivity for SMB/Home Users
2024-11-17/a>	Johannes Ullrich	Ancient TP-Link Backdoor Discovered by Attackers
2024-04-16/a>	Yee Ching Tok	Rolling Back Packages on Ubuntu/Debian
2024-04-01/a>	Bojan Zdrnja	The amazingly scary xz sshd backdoor
2023-09-30/a>	Xavier Mertens	Simple Netcat Backdoor in Python Script
2023-06-09/a>	Xavier Mertens	Undetected PowerShell Backdoor Disguised as a Profile File
2023-03-18/a>	Xavier Mertens	Old Backdoor, New Obfuscation
2023-02-21/a>	Xavier Mertens	Phishing Page Branded with Your Corporate Website
2023-02-09/a>	Xavier Mertens	A Backdoor with Smart Screenshot Capability
2022-10-07/a>	Xavier Mertens	Powershell Backdoor with DGA Capability
2022-05-09/a>	Xavier Mertens	Octopus Backdoor is Back with a New Embedded Obfuscated Bat File
2022-03-18/a>	Johannes Ullrich	Scans for Movable Type Vulnerability (CVE-2021-20837)
2022-02-01/a>	Xavier Mertens	Automation is Nice But Don't Replace Your Knowledge
2021-12-15/a>	Xavier Mertens	Simple but Undetected PowerShell Backdoor
2021-11-21/a>	Didier Stevens	Backdooring PAM
2021-11-08/a>	Xavier Mertens	(Ab)Using Security Tools & Controls for the Bad
2021-07-02/a>	Xavier Mertens	"inception.py"... Multiple Base64 Encodings
2021-05-28/a>	Xavier Mertens	Malicious PowerShell Hosted on script.google.com
2020-12-24/a>	Xavier Mertens	Malicious Word Document Delivering an Octopus Backdoor
2020-12-10/a>	Xavier Mertens	Python Backdoor Talking to a C2 Through Ngrok
2020-11-25/a>	Xavier Mertens	Live Patching Windows API Calls Using PowerShell
2020-09-16/a>	Johannes Ullrich	Do Vulnerabilities Ever Get Old? Recent "Mirai" Variant Scanning for 20 Year Old Amanda Version?
2020-07-11/a>	Guy Bruneau	Scanning Home Internet Facing Devices to Exploit
2018-12-16/a>	Guy Bruneau	Random Port Scan for Open RDP Backdoor
2018-09-04/a>	Rob VandenBrink	Let's Trade: You Read My Email, I'll Read Your Password!
2018-06-13/a>	Xavier Mertens	A Bunch of Compromized Wordpress Sites
2018-03-05/a>	Xavier Mertens	Malicious Bash Script with Multiple Features
2018-03-03/a>	Xavier Mertens	Reminder: Beware of the "Cloud"
2017-09-18/a>	Xavier Mertens	CCleaner 5.33 compromised - http://www.piriform.com/news/release-announcements/2017/9/18/security-notification-for-ccleaner-v5336162-and-ccleaner-cloud-v1073191-for-32-bit-windows-users
2017-09-14/a>	Xavier Mertens	Another webshell, another backdoor!
2017-07-12/a>	Xavier Mertens	Backup Scripts, the FIM of the Poor
2017-05-12/a>	Xavier Mertens	When Bad Guys are Pwning Bad Guys...
2017-02-28/a>	Xavier Mertens	Analysis of a Simple PHP Backdoor
2017-02-17/a>	Rob VandenBrink	RTRBK - Router / Switch / Firewall Backups in PowerShell (tool drop)
2017-01-14/a>	Xavier Mertens	Backup Files Are Good but Can Be Evil
2016-01-21/a>	Jim Clausing	Scanning for Fortinet ssh backdoor
2015-12-13/a>	Didier Stevens	Use The Privilege
2015-06-26/a>	Daniel Wesemann	Cisco default credentials - again!
2015-02-09/a>	Chris Mohan	Backups are part of the overall business continuity and disaster recovery plan
2014-07-08/a>	Johannes Ullrich	Hardcoded Netgear Prosafe Switch Password
2014-07-02/a>	Johannes Ullrich	Cisco Unified Communications Domain Manager Update
2014-03-12/a>	Johannes Ullrich	Wordpress "Pingback" DDoS Attacks
2014-01-10/a>	Basil Alawi S.Taher	Cisco Small Business Devices backdoor fix
2014-01-02/a>	Johannes Ullrich	Scans Increase for New Linksys Backdoor (32764/TCP)
2013-12-24/a>	Daniel Wesemann	Unfriendly crontab additions
2013-12-16/a>	Tom Webb	The case of Minerd
2013-11-05/a>	Daniel Wesemann	Is your vacuum cleaner sending spam?
2013-09-10/a>	Swa Frantzen	Microsoft September 2013 Black Tuesday Overview
2013-09-03/a>	Rob VandenBrink	Is "Reputation Backscatter" a Thing?
2013-07-09/a>	Swa Frantzen	Microsoft July 2013 Black Tuesday Overview
2013-06-11/a>	Swa Frantzen	Microsoft June 2013 Black Tuesday Overview
2013-06-11/a>	Swa Frantzen	Other Microsoft Black Tuesday News
2013-05-14/a>	Swa Frantzen	Microsoft May 2013 Black Tuesday Overview
2013-05-14/a>	Swa Frantzen	Firefox & Thunderbird released
2013-03-12/a>	Swa Frantzen	Microsoft March 2013 Black Tuesday Overview
2013-01-30/a>	Richard Porter	Getting Involved with the Local Community
2012-12-04/a>	Johannes Ullrich	Where do your backup tapes go to die?
2012-08-14/a>	Rick Wanner	Backtrack 5 r3 released - http://www.backtrack-linux.org/downloads/
2012-05-18/a>	Johannes Ullrich	ZTE Score M Android Phone backdoor
2012-04-14/a>	Rick Wanner	Flashback Trojan Removal Tool Released
2012-04-12/a>	Guy Bruneau	wicd Privilege Escalation 0day exploit for Backtrack 5 R2
2012-04-12/a>	Guy Bruneau	Apple Java Updates for Mac OS X
2012-03-05/a>	Johannes Ullrich	Flashback Malware now with Twitter C&C
2012-02-24/a>	Guy Bruneau	Flashback Trojan in the Wild
2011-10-28/a>	Russ McRee	Critical Control 19: Data Recovery Capability
2011-07-04/a>	Deborah Hale	VSFTP Backdoor in Source Code
2011-05-10/a>	Swa Frantzen	Backtrack 5 released
2011-01-14/a>	Chris Mohan	How does your family backup their memories?
2010-12-27/a>	Johannes Ullrich	Various sites "Owned and Exposed"
2010-12-15/a>	Johannes Ullrich	OpenBSD IPSec "Backdoor"
2010-12-02/a>	Kevin Johnson	ProFTPD distribution servers compromised
2010-08-30/a>	Adrien de Beaupre	Apple QuickTime potential vulnerability/backdoor
2010-01-11/a>	Adrien de Beaupre	BackTrack 4 final released http://www.remote-exploit.org/news.html http://www.backtrack-linux.org/downloads/
2009-10-19/a>	Daniel Wesemann	Backed up, lately ?
2009-10-17/a>	Rick Wanner	Unusual traffic from Loopback to Unused ARIN address
2009-10-05/a>	Adrien de Beaupre	Cyber Security Awareness Month - Day 5 port 31337
2009-08-30/a>	Tony Carothers	How do I recover from.....?
2009-05-12/a>	Swa Frantzen	May Black Tuesday Overview
2009-01-03/a>	Rick Wanner	RAID != Backup
2008-10-25/a>	Rick Wanner	Day 26 - Restoring Systems from Backup
TUESDAY
2025-06-10/a>	Johannes Ullrich	Microsoft Patch Tuesday June 2025
2025-05-13/a>	Johannes Ullrich	Microsoft Patch Tuesday: May 2025
2025-03-11/a>	Johannes Ullrich	Microsoft Patch Tuesday: March 2025
2024-12-10/a>	Johannes Ullrich	Microsoft Patch Tuesday: December 2024
2024-07-09/a>	Johannes Ullrich	Microsoft Patch Tuesday July 2024
2024-06-11/a>	Johannes Ullrich	Microsoft Patch Tuesday June 2024
2024-03-12/a>	Johannes Ullrich	Microsoft Patch Tuesday - March 2024
2023-12-12/a>	Johannes Ullrich	Microsoft Patch Tuesday December 2023
2023-10-10/a>	Johannes Ullrich	October 2023 Microsoft Patch Tuesday Summary
2023-02-14/a>	Johannes Ullrich	Microsoft February 2023 Patch Tuesday
2022-11-29/a>	Johannes Ullrich	Packet Tuesday Episode 3: TCP Urgent Flag. https://packettuesday.com
2022-05-10/a>	Renato Marinho	Microsoft May 2022 Patch Tuesday
2022-01-11/a>	Johannes Ullrich	Microsoft Patch Tuesday - January 2022
2021-09-14/a>	Renato Marinho	Microsoft September 2021 Patch Tuesday
2021-04-13/a>	Richard Porter	Microsoft April 2021 Patch Tuesday
2020-12-08/a>	Johannes Ullrich	December 2020 Microsoft Patch Tuesday: Exchange, Sharepoint, Dynamics and DNS Spoofing
2020-05-14/a>	Rob VandenBrink	Patch Tuesday Revisited - CVE-2020-1048 isn't as "Medium" as MS Would Have You Believe
2020-03-10/a>	Johannes Ullrich	Microsoft Patch Tuesday March 2020
2019-07-09/a>	John Bambenek	MSFT July 2019 Patch Tuesday
2018-12-11/a>	Richard Porter	Microsoft December 2018 Patch Tuesday
2018-10-09/a>	Johannes Ullrich	October 2018 Microsoft Patch Tuesday
2018-09-11/a>	Johannes Ullrich	Microsoft September Patch Tuesday Summary
2018-06-12/a>	Johannes Ullrich	Microsoft June 2018 Patch Tuesday
2017-07-11/a>	Renato Marinho	July's Microsoft Patch Tuesday
2017-03-14/a>	Johannes Ullrich	February and March Microsoft Patch Tuesday
2017-02-14/a>	Johannes Ullrich	Microsoft Patch Tuesday Delayed
2017-01-10/a>	Johannes Ullrich	January 2017 Microsoft Patch Tuesday
2016-09-13/a>	Rob VandenBrink	Microsoft Patch Tuesday Analysis
2016-07-12/a>	Johannes Ullrich	Microsoft Patch Tuesday Summary for July 2016
2016-02-09/a>	Johannes Ullrich	Microsoft February 2016 Patch Tuesday
2016-02-09/a>	Johannes Ullrich	Adobe Patch Tuesday - February 2016
2015-07-14/a>	Johannes Ullrich	July 2015 Microsoft Patch Tuesday
2014-06-06/a>	Johannes Ullrich	Microsoft June Patch Tuesday Advance Notification
2014-03-11/a>	Johannes Ullrich	Microsoft Patch Tuesday March 2014
2014-03-08/a>	Guy Bruneau	Microsoft March Patch Pre-Announcement
2014-02-11/a>	Johannes Ullrich	February 2014 Microsoft Patch Tuesday
2014-02-07/a>	Johannes Ullrich	Microsoft Advance Notification for February 2014
2014-01-14/a>	Johannes Ullrich	Microsoft Patch Tuesday January 2014
2013-12-07/a>	Guy Bruneau	Microsoft December Patch Pre-Announcement
2013-11-12/a>	Johannes Ullrich	November 2013 Microsoft Patch Tuesday
2013-09-10/a>	Swa Frantzen	Adobe September 2013 Black Tuesday Overview
2013-09-10/a>	Swa Frantzen	Microsoft September 2013 Black Tuesday Overview
2013-08-13/a>	Swa Frantzen	Microsoft August 2013 Black Tuesday Overview
2013-08-13/a>	Swa Frantzen	Microsoft security advisories: RDP and MD5 deprecation in Microsoft root certificates
2013-07-09/a>	Swa Frantzen	Microsoft July 2013 Black Tuesday Overview
2013-07-09/a>	Swa Frantzen	Adobe July 2013 Black Tuesday Overview
2013-07-06/a>	Guy Bruneau	Microsoft July Patch Pre-Announcement
2013-06-11/a>	Swa Frantzen	Other Microsoft Black Tuesday News
2013-06-11/a>	Swa Frantzen	vmware security advisory VMSA-2013-0008
2013-06-11/a>	Swa Frantzen	Microsoft June 2013 Black Tuesday Overview
2013-06-11/a>	Swa Frantzen	Adobe June 2013 Black Tuesday Overview
2013-05-14/a>	Swa Frantzen	Microsoft May 2013 Black Tuesday Overview
2013-05-14/a>	Swa Frantzen	Firefox & Thunderbird released
2013-05-14/a>	Swa Frantzen	Adobe May 2013 Black Tuesday Overview
2013-05-14/a>	Swa Frantzen	Microsoft Security Advisory 2846338
2013-04-09/a>	Swa Frantzen	Microsoft April 2013 Black Tuesday Overview
2013-04-09/a>	Swa Frantzen	Adobe April 2013 Black Tuesday Overview
2013-04-04/a>	Johannes Ullrich	Microsoft April Patch Tuesday Advance Notification
2013-03-12/a>	Swa Frantzen	Microsoft March 2013 Black Tuesday Overview
2013-03-12/a>	Swa Frantzen	Adobe March 2013 Black Tueday
2013-02-14/a>	Adam Swanger	ISC Monthly Threat Update - February 2013 http://isc.sans.edu/podcastdetail.html?id=3121
2013-02-12/a>	Adam Swanger	Microsoft February 2013 Black Tuesday Update - Overview
2013-02-12/a>	Swa Frantzen	Adobe Feb 2013 Black Tuesday patches
2013-02-08/a>	Johannes Ullrich	Microsoft February Patch Tuesday Advance Notification
2013-01-10/a>	Adam Swanger	ISC Monthly Threat Update New Format
2013-01-08/a>	Richard Porter	Microsoft January 2013 Black Tuesday Update - Overview
2013-01-04/a>	Daniel Wesemann	Patch pre-notification from Adobe and Microsoft
2012-12-11/a>	John Bambenek	Microsoft December 2012 Black Tuesday Update - Overview
2012-11-13/a>	Jim Clausing	Microsoft November 2012 Black Tuesday Update - Overview
2012-10-04/a>	Johannes Ullrich	Microsoft October Patch Pre-Announcement
2012-09-11/a>	Adam Swanger	Microsoft September 2012 Black Tuesday Update - Overview
2012-08-14/a>	Rick Wanner	Microsoft August 2012 Black Tuesday Update - Overview
2012-08-04/a>	Kevin Liston	Vendors: More Patch-Release Options Please
2012-07-10/a>	Swa Frantzen	Microsoft July 2012 Black Tuesday Update - Overview
2012-07-10/a>	Swa Frantzen	Microsoft revoking trust in Microsoft certificates - SA 2728973
2012-07-10/a>	Swa Frantzen	Microsoft fix-it to disable gadgets - SA 2719662
2012-07-05/a>	Adrien de Beaupre	Microsoft advanced notification for July 2012 patch Tuesday
2012-06-12/a>	Swa Frantzen	Adobe June 2012 Black Tuesday patches
2012-06-12/a>	Swa Frantzen	Microsoft June 2012 Black Tuesday Update - Overview
2012-06-12/a>	Swa Frantzen	Java 7u5 and 6u33 released
2012-05-23/a>	Mark Baggett	Problems with MS12-035 affecting XP, SBS and Windows 2003?
2012-05-08/a>	Adam Swanger	Microsoft May 2012 Black Tuesday Update - Overview
2012-04-15/a>	Rick Wanner	.Net update affects printing from some applications
2012-04-10/a>	Swa Frantzen	Microsoft April 2012 Black Tuesday Update - Overview
2012-04-10/a>	Swa Frantzen	Adobe April 2012 Black Tuesday Update
2012-04-06/a>	Johannes Ullrich	Microsoft April Patch Tuesday Pre-Announcement (6 Patches): http://technet.microsoft.com/en-us/security/bulletin/ms12-apr
2012-03-13/a>	Lenny Zeltser	March 2012 Microsoft Black Tuesday
2012-01-10/a>	Adrien de Beaupre	January 2012 Microsoft Black Tuesday Summary
2012-01-10/a>	Adrien de Beaupre	Adobe January 2012 Black Tuesday overview
2012-01-06/a>	Guy Bruneau	January 2012 Patch Tuesday Pre-release
2011-12-13/a>	Johannes Ullrich	December 2011 Microsoft Black Tuesday Summary
2011-12-08/a>	Adrien de Beaupre	Microsoft Security Bulletin Advance Notification for December 2011
2011-11-08/a>	Swa Frantzen	Microsoft November 2011 Black Tuesday Overview
2011-11-08/a>	Swa Frantzen	Abobe November 2011 Black Tuesday Overview
2011-11-08/a>	Swa Frantzen	Apple Black Tuesday
2011-11-03/a>	Guy Bruneau	November 2011 Patch Tuesday Pre-release
2011-10-11/a>	Swa Frantzen	Microsoft Black Tuesday Overview October 2011
2011-09-13/a>	Swa Frantzen	Microsoft September 2011 Black Tuesday
2011-09-13/a>	Swa Frantzen	Adobe September 2011 Black Tuesday overview
2011-09-08/a>	Mark Hofman	Microsoft has released their advanced notification for patch Tuesday. 15 Vulnerabilities to be addressed. more here --> http://blogs.technet.com/b/msrc/archive/2011/09/08/advanced-notification-for-the-september-2011-bulletin-release.aspx
2011-08-09/a>	Swa Frantzen	Microsoft August 2011 Black Tuesday Overview
2011-08-09/a>	Swa Frantzen	Adobe August 2011 Black Tuesday Overview
2011-07-12/a>	Swa Frantzen	Microsoft July 2011 Black Tuesday Overview
2011-06-14/a>	Swa Frantzen	Adobe releases patches
2011-06-14/a>	Swa Frantzen	Microsoft June 2011 Black Tuesday Overview
2011-05-10/a>	Swa Frantzen	May 2011 Microsoft Black Tuesday Overview
2011-04-11/a>	Jim Clausing	April 2011 Microsoft Black Tuesday Summary
2011-04-08/a>	Johannes Ullrich	Dark Black Tuesday Coming Up: 17 Microsoft Bulletins
2011-03-08/a>	Jim Clausing	March 2011 Microsoft Black Tuesday Summary
2011-01-08/a>	Guy Bruneau	January 2011 Patch Tuesday Pre-release
2010-12-20/a>	Guy Bruneau	Patch Issues with Outlook 2007
2010-10-12/a>	Adrien de Beaupre	October 2010 Microsoft Black Tuesday Summary
2010-10-08/a>	Rick Wanner	Patch Tuesday Pre-release -- 16 updates
2010-09-14/a>	Adrien de Beaupre	September 2010 Microsoft Black Tuesday Summary
2010-08-10/a>	Jim Clausing	August 2010 Micrsoft Black Tuesday Summary
2010-08-07/a>	Stephen Hall	Countdown to Tuesday...
2010-07-13/a>	Jim Clausing	July 2010 Microsoft Black Tuesday Summary
2010-06-08/a>	Manuel Humberto Santander Pelaez	June 2010 Microsoft Black Tuesday Summary
2010-06-03/a>	Guy Bruneau	Microsoft Patch Tuesday June 2010 Pre-Release
2010-05-11/a>	Scott Fendley	May 2010 Microsoft Patches
2010-05-08/a>	Guy Bruneau	Microsoft Patch Tuesday May 2010 Pre-Release
2010-04-13/a>	Johannes Ullrich	Microsoft April 2010 Patch Tuesday
2010-04-08/a>	Guy Bruneau	Microsoft Patch Tuesday April 2010 Pre-Release
2010-03-09/a>	John Bambenek	March 2010 - Microsoft Patch Tuesday Diary
2010-02-09/a>	Johannes Ullrich	February 2010 Black Tuesday Overview
2010-02-04/a>	Johannes Ullrich	Microsoft Patch Tuesday Pre-Release
2010-01-12/a>	Johannes Ullrich	Microsoft Security Bulletin: January 2010
2009-12-08/a>	Deborah Hale	December 2009 Black Tuesday Overview
2009-11-10/a>	Swa Frantzen	Microsoft November Black Tuesday Overview
2009-10-13/a>	Johannes Ullrich	Microsoft October 2009 Black Tuesday Overview
2009-09-08/a>	Guy Bruneau	Microsoft September 2009 Black Tuesday Overview
2009-08-11/a>	Swa Frantzen	Microsoft August 2009 Black Tuesday Overview
2009-07-14/a>	Swa Frantzen	Microsoft July Black Tuesday Overview
2009-07-14/a>	Swa Frantzen	Oracle Black Tuesday
2009-06-09/a>	Swa Frantzen	Microsoft June Black Tuesday Overview
2009-06-09/a>	Swa Frantzen	Adobe June Black Tuesday upgrades
2009-05-12/a>	Swa Frantzen	MSFT's version of responsible disclosure
2009-05-12/a>	Swa Frantzen	May Black Tuesday Overview
2009-04-14/a>	Swa Frantzen	April Black Tuesday Overview
2009-03-10/a>	Swa Frantzen	March black Tuesday overview
2009-02-10/a>	Swa Frantzen	February Black Tuesday Overview
2009-01-13/a>	Johannes Ullrich	January Black Tuesday Overview
2008-12-09/a>	Swa Frantzen	December Black Tuesday Overview
2008-11-11/a>	Swa Frantzen	November Black Tuesday Overview
2008-10-14/a>	Swa Frantzen	October Black Tuesday Overview
2008-09-09/a>	Swa Frantzen	September 2008 Black Tuesday Overview
2008-08-12/a>	Stephen Hall	August 2008 Black Tuesday Overview
2008-07-08/a>	Swa Frantzen	July 2008 black tuesday overview
2008-06-10/a>	Swa Frantzen	June 2008 Black Tuesday Overview
2008-05-13/a>	Swa Frantzen	May 2008 black tuesday overview
2008-04-08/a>	Swa Frantzen	April 2008 - Black Tuesday Overview
2006-12-12/a>	Swa Frantzen	Microsoft Black Tuesday - December 2006 overview
2006-12-12/a>	Robert Danford	MS06-078: 2 Windows Media Format Vulnerabilities (CVE-2006-4702, CVE-2006-6134)
2006-10-09/a>	Swa Frantzen	Microsoft black tuesday - October 2006 STATUS

BACK TUESDAY

BACK

TUESDAY