Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Diaries by Keyword - SANS Internet Storm Center Diaries by Keyword


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Date Author Title

CLOUD XEN VMWARE VIRTUALIZATION GOOGLE APPS AMAZON EC2

2010-02-17Rob VandenBrinkDefining Clouds - " A Cloud by any Other Name Would be a Lot Less Confusing"

CLOUD

2018-10-08/a>Guy BruneauApple Security Updates
2017-12-01/a>Xavier MertensPhishing Kit (Ab)Using Cloud Services
2017-02-24/a>Rick WannerCloudflare data leak...what does it mean to me?
2015-08-19/a>Bojan ZdrnjaOutsourcing critical infrastructure (such as DNS)
2014-07-15/a>Daniel WesemannAOC Cloud
2014-07-09/a>Daniel WesemannWho inherits your IP address?
2014-05-07/a>Johannes UllrichDe-Clouding your Life: Things that should not go into the cloud.
2014-04-21/a>Daniel WesemannAllow us to leave!
2013-03-28/a>John BambenekWhere Were You During the Great DDoS Cybergeddon of 2013?
2013-03-23/a>Guy BruneauApple ID Two-step Verification Now Available in some Countries
2013-01-09/a>Rob VandenBrinkHotmail seeing some temporary access issues
2011-06-12/a>Mark HofmanCloud thoughts
2010-02-22/a>Rob VandenBrinkNot Every Cloud has a Silver Lining
2010-02-17/a>Rob VandenBrinkDefining Clouds - " A Cloud by any Other Name Would be a Lot Less Confusing"
2009-11-29/a>Patrick Nolan A Cloudy Weekend

XEN

2016-07-27/a>Xavier MertensCritical Xen PV guests vulnerabilities
2014-10-01/a>Russ McReeXen Security Advisory - XSA 108 - http://xenbits.xen.org/xsa/advisory-108.html
2011-07-28/a>Guy BruneauXenApp and XenDesktop could result in Arbitrary Code Execution
2010-02-17/a>Rob VandenBrinkDefining Clouds - " A Cloud by any Other Name Would be a Lot Less Confusing"

VMWARE

2018-11-20/a>Xavier MertensVMware Affected by Dell EMC Avamar Vulnerability
2018-10-17/a>Russ McReeVMSA-2018-0026 VMware ESXi, Workstation & Fusion updates address out-of-bounds read vulnerability https://www.vmware.com/security/advisories/VMSA-2018-0026.html
2018-05-22/a>Xavier MertensVMware Workstation and Fusion updates address signature bypass and multiple denial-of-service vulnerabilities https://www.vmware.com/security/advisories/VMSA-2018-0013.html
2017-12-20/a>Richard PorterVMWare Security Advisory: VMSA-2017-0021: https://www.vmware.com/security/advisories/VMSA-2017-0021.html
2017-09-16/a>Guy BruneauVMware ESXi, vCenter Server, Fusion and Workstation updates resolve multiple security vulnerabilities - https://www.vmware.com/security/advisories/VMSA-2017-0015.html
2017-03-29/a>Xavier MertensCritical VMware vulnerabilities disclosed
2017-01-31/a>Johannes UllrichVMWare Security Advisory for AirWatch http://www.vmware.com/security/advisories/VMSA-2017-0001.html
2016-11-23/a>Tom WebbVmware Patches VMSA-2016-0005.5, VMSA-2016-0018.3 and VMSA-2016-0021
2016-10-26/a>Johannes UllrichNew VMWare Security Advisory: VMSA-2016-0017 Information Disclosure in VMWare Fusion and VMWare Tools https://www.vmware.com/security/advisories/VMSA-2016-0017.html
2016-05-25/a>Rick WannerVMWare Security Advisories
2016-02-23/a>Xavier MertensVMware VMSA-2016-0002
2016-02-13/a>Guy BruneauVMware VMSA-2015-0007.3 has been Re-released
2016-01-10/a>Jim ClausingVMware security update
2015-12-19/a>Russell EubanksVMWare Security Advisory
2015-04-04/a>Didier StevensVMware Product Updates Address Critical Information Disclosure Issue In JRE
2014-12-05/a>Basil Alawi S.TaherVMware new and updated security advisories
2014-10-23/a>Russ McReeDigest: 23 OCT 2014
2014-10-01/a>Russ McReeVMware security advisory: VMSA-2014-0010 http://www.vmware.com/security/advisories/VMSA-2014-0010.html
2014-09-12/a>Chris MohanVMware NSX and vCNS product updates address a critical information disclosure vulnerability http://www.vmware.com/security/advisories/VMSA-2014-0009.html
2014-08-14/a>Basil Alawi S.TaherThreats to virtual environments
2014-08-05/a>Johannes UllrichCenter for Internet Security Releases Benchmark for VMWare ESXi 5.5 https://benchmarks.cisecurity.org/downloads/form/index.cfm?download=esxi55.100
2014-04-15/a>Richard PorterVMWare Advisory VMSA-2014-0004 - Updates on OpenSSL HeartBleed http://www.vmware.com/security/advisories/VMSA-2014-0004.html
2014-04-11/a>Rob VandenBrinkVMware Security Advisories / Patches released for 2 issues (NOT Heartbleed) - http://www.vmware.com/security/advisories/VMSA-2014-0003.html and http://www.vmware.com/security/advisories/VMSA-2014-0002.html
2014-01-17/a>Russ McReeNew and updated VMWare security advisories - http://www.vmware.com/security/advisories
2013-12-23/a>Scott FendleyVMWare ESX/ESXi Security Advisory
2013-12-04/a>Adrien de BeaupreVMware Security Advisory VMSA-2013-0014
2013-11-15/a>Johannes UllrichVMWare Security Advisory: http://www.vmware.com/security/advisories/VMSA-2013-0013.html
2013-08-30/a>Kevin ListonVMware ESXi and ESX address an NFC Protocol Unhandled Exception
2013-08-02/a>Chris MohanVMware Security Advisory VMSA-2013-0009 - http://www.vmware.com/security/advisories/VMSA-2013-0009.html
2013-06-11/a>Swa Frantzenvmware security advisory VMSA-2013-0008
2013-05-31/a>Chris MohanVMware releases new and updated security advisories
2013-02-22/a>Chris MohanVMware releases new and updated security advisories
2013-02-08/a>Johannes UllrichVMWare Advisories (ESX, Workstation, Fusion...) http://www.vmware.com/security/advisories/VMSA-2013-0002.html
2013-02-01/a>Jim ClausingVMware vSphere security updates for the authentication service and third party libraries (see http://www.vmware.com/security/advisories/VMSA-2013-0001.html)
2012-11-16/a>Guy BruneauVMware security updates for vSphere API and ESX Service Console - http://www.vmware.com/security/advisories/VMSA-2012-0016.html
2012-10-05/a>Richard PorterVMWare Security Advisory: VMSA-2012-0014 - http://www.vmware.com/security/advisories/VMSA-2012-0014.html
2012-08-31/a>Johannes UllrichVMware Updates
2012-07-13/a>Russ McReeVMWare Security Advisory 12 JUL 2012
2012-06-14/a>Johannes UllrichVMWare Security Advisories
2012-06-04/a>Rob VandenBrinkvSphere 5.0 Hardening Guide Officially Released
2012-05-25/a>Guy BruneauVMware vMA Security Advisory VMSA-2012-0010 - http://www.vmware.com/security/advisories/VMSA-2012-0010.html
2012-05-03/a>Guy BruneauVMware Critical Security Issues Advisory - http://www.vmware.com/security/advisories/VMSA-2012-0009.html
2012-05-02/a>Bojan ZdrnjaMonitoring VMWare logs
2012-04-13/a>Daniel WesemannVMware ESX/ESXi privilege escalation vuln. advisory: http://www.vmware.com/security/advisories/VMSA-2012-0007.html
2012-03-16/a>Guy BruneauVMware New and Updated Security Advisories
2012-03-09/a>Guy BruneauVMware New and Updated Advisories
2012-01-31/a>Russ McReeFirefox 10 and VMWare advisories and updates
2011-11-18/a>Kevin ListonRecent VMWare security advisories
2011-10-13/a>Kevin ShorttVMware ESXi and ESX updates to third party libraries and ESX Service Console - http://www.vmware.com/security/advisories/VMSA-2011-0012.html
2011-10-05/a>Jim ClausingVMware Advisory - UDF file system handling
2011-08-17/a>Rob VandenBrinkPutting all of Your Eggs in One Basket - or How NOT to do Layoffs
2011-04-28/a>Guy BruneauVMware ESXi 4.1 Security and Firmware Updates
2011-03-08/a>Jim ClausingVMware ESX/ESXi security updates released, see http://www.vmware.com/security/advisories/VMSA-2011-0004.html
2011-02-08/a>Chris MohanVMWare Security Advisory
2011-01-05/a>Johannes UllrichVMWare Security Advisory VMSA-2011-0001
2010-07-13/a>Jim ClausingVMware Studio Security Update
2010-05-30/a>Kevin ListonVMware ESX/ESXi Updates
2010-04-09/a>Mark HofmanVMware has released the following patch "VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues". Make sure you test before applying to production.
2010-04-02/a>Guy BruneauSecurity Advisory for ESX Service Console
2010-03-30/a>Pedro BuenoVMWare Security Advisories Out
2010-02-17/a>Rob VandenBrinkDefining Clouds - " A Cloud by any Other Name Would be a Lot Less Confusing"
2010-02-17/a>Rob VandenBrinkMultiple Security Updates for ESX 3.x and ESXi 3.x
2010-02-10/a>Marcus SachsDatacenters and Directory Traversals
2010-01-30/a>Stephen HallNew and updated VMWare advisories
2010-01-26/a>Rob VandenBrinkVMware vSphere Hardening Guide Draft posted for public review
2009-11-21/a>Mark HofmanVMware vCenter and ESX updates available http://lists.vmware.com/pipermail/security-announce/2009/000070.html
2009-10-27/a>Rob VandenBrinkNew VMware Desktop Products Released (Workstation, Fusion, ACE)
2009-10-16/a>Stephen HallVMWare updates ESX
2009-10-02/a>Stephen HallVMware Fusion updates to fixes a couple of bugs
2009-08-21/a>Rick WannerUpdates to VMWare Products
2009-07-11/a>Rick WannerVMWare Security Advisories
2009-07-01/a>Bojan ZdrnjaNew VMWare Security Advisory
2009-05-29/a>Lorna HutchesonVMWare Patches Released
2009-04-14/a>Swa FrantzenVMware exploits - just how bad is it ?
2009-04-10/a>Stephen HallPatches for critical VMWare vulnerability
2009-04-04/a>Tony CarothersRecent VMware Updates Available
2009-01-31/a>Swa FrantzenVMware updates
2008-09-19/a>Bojan ZdrnjaVMWare ESX(i) 3.5 security patches
2008-08-12/a>Johannes UllrichVMWare ESX 3.5u2 Errors
2008-06-01/a>Mari NicholsUpdates to VMware resolve critical security issues
2008-03-19/a>Raul SilesVMware updates resolve critical security issues (VMSA-2008-0005)

VIRTUALIZATION

2016-07-27/a>Xavier MertensCritical Xen PV guests vulnerabilities
2016-02-23/a>Xavier MertensVMware VMSA-2016-0002
2012-06-20/a>Raul SilesCVE-2012-0217 (from MS12-042) applies to other environments too
2010-04-02/a>Guy BruneauSecurity Advisory for ESX Service Console
2010-02-17/a>Rob VandenBrinkDefining Clouds - " A Cloud by any Other Name Would be a Lot Less Confusing"

GOOGLE

2017-08-15/a>Renato Marinho(Banker(GoogleChromeExtension)).targeting("Brazil")
2017-06-14/a>Xavier MertensSystemd Could Fallback to Google DNS?
2017-05-03/a>Bojan ZdrnjaOAUTH phishing against Google Docs ? beware!
2015-09-01/a>Daniel WesemannHow to hack
2015-02-01/a>Rick WannerImproving SSL Warnings
2014-12-06/a>Rick WannerGoogle App Engine Java Security Sandbox bypasses
2014-09-15/a>Johannes UllrichGoogle DNS Server IP Address Spoofed for SNMP reflective Attacks
2014-05-07/a>Johannes UllrichDe-Clouding your Life: Things that should not go into the cloud.
2013-10-24/a>Johannes UllrichFalse Positive: php.net Malware Alert
2013-10-10/a>Johannes Ullrichgoogle.com.my DNS hijack
2013-06-10/a>Johannes UllrichWhen Google isn't Google
2013-04-10/a>Manuel Humberto Santander PelaezMassive Google scam sent by email to Colombian domains
2013-01-25/a>Johannes UllrichVulnerability Scans via Search Engines (Request for Logs)
2012-08-01/a>Johannes UllrichGoogle Chrome 21 and getUserMedia API
2012-05-25/a>Guy BruneauGoogle Publish Transparency Report
2012-05-16/a>Johannes UllrichNew Version of Google Chrome released (19.0.1084.46)
2012-04-30/a>Rob VandenBrinkFCC posts Enquiry Documents on Google Wardriving
2011-09-18/a>Guy BruneauGoogle Chrome Security Updates
2011-08-24/a>Rob VandenBrinkGoogle Chrome 13.0.782.215 Released, several security updates ==> http://googlechromereleases.blogspot.com/2011/08/stable-channel-update_22.html
2011-06-28/a>Johannes UllrichUpdate: Google Chrome 12.0.742.112 released http://googlechromereleases.blogspot.com/2011/06/stable-channel-update_28.html
2011-02-11/a>Kevin Johnson Two-Factor Auth: Can we just Google the response?
2011-01-13/a>Rob VandenBrinkGoogle Chrome 8.0.552.237 and Chrome OS 8.0.552.334 released ==> http://googlechromereleases.blogspot.com/2011/01/chrome-stable-release.html and http://www.kb.cert.org/vuls/id/258423
2010-11-02/a>Johannes UllrichLimited Malicious Search Engine Poisoning for Election
2010-05-15/a>Deborah HaleGoogle Acknowledges Grabbing Personal Data
2010-04-21/a>Guy BruneauGoogle Chrome Security Update v4.1.249.1059 Released: http://googlechromereleases.blogspot.com/2010/04/stable-update-security-fixes.html
2010-02-17/a>Rob VandenBrinkDefining Clouds - " A Cloud by any Other Name Would be a Lot Less Confusing"
2010-02-15/a>Johannes UllrichVarious Olympics Related Dangerous Google Searches
2009-09-25/a>Deborah HaleMalware delivered over Google and Yahoo Ad's?
2009-07-31/a>Deborah HaleGoogle Safe Browsing
2009-06-12/a>Adrien de BeaupreGoogle updates for Chrome
2009-04-26/a>Johannes UllrichOdd DNS Resolution for Google via OpenDNS
2009-01-31/a>John BambenekGoogle Search Engine's Malware Detection Broken
2008-11-11/a>Swa FrantzenPhishing for Google adwords
2008-10-20/a>Raul SilesGoogle Webmaster Tools warning about hackable sites
2008-07-29/a>Kyle HaugsnessGoogle SSL cert expired for POP/IMAP users
2008-04-23/a>Mari NicholsWhat's New, Old and Morphing?
2008-03-12/a>Joel EslerDon't use G-Archiver

APPS

2017-09-06/a>Adrien de BeaupreModern Web Application Penetration Testing , Hash Length Extension Attacks
2014-04-07/a>Johannes UllrichAttack or Bad Link? Your Guess?
2010-02-17/a>Rob VandenBrinkDefining Clouds - " A Cloud by any Other Name Would be a Lot Less Confusing"
2010-01-25/a>William Salusky"Bots and Spiders and Crawlers, be gone!" - or - "New Open Source WebAppSec tools, Huzzah!"

AMAZON

2017-02-28/a>Johannes UllrichMy Catch Of 4 Months In The Amazon IP Address Space
2017-02-28/a>Xavier MertensAmazon S3 Outage
2015-04-29/a>Daniel WesemannUDP/3478 to Amazon 54.84.9.242 -- got packets? (solved)
2010-03-03/a>Johannes UllrichReports about large number of fake Amazon order confirmations
2010-02-17/a>Rob VandenBrinkDefining Clouds - " A Cloud by any Other Name Would be a Lot Less Confusing"

EC2

2010-02-17/a>Rob VandenBrinkDefining Clouds - " A Cloud by any Other Name Would be a Lot Less Confusing"