Internet Storm Center
Sign In
Sign Up
Handler on Duty:
Didier Stevens
Threat Level:
green
Date
Author
Title
HP STORAGEWORKS MSA G3 P2000 DEFAULT PASSWORD
2010-12-15
Manuel Humberto Santander Pelaez
HP StorageWorks P2000 G3 MSA hardcoded user
HP
2024-11-06/a>
Jesse La Grew
[Guest Diary] Insights from August Web Traffic Surge
2024-03-29/a>
Xavier Mertens
Quick Forensics Analysis of Apache logs
2023-09-23/a>
Guy Bruneau
Scanning for Laravel - a PHP Framework for Web Artisants
2022-09-07/a>
Johannes Ullrich
PHP Deserialization Exploit attempt
2022-02-02/a>
Johannes Ullrich
Finding elFinder: Who is looking for your files?
2022-01-26/a>
Jan Kopriva
Over 20 thousand servers have their iLO interfaces exposed to the internet, many with outdated and vulnerable versions of FW
2021-11-30/a>
Johannes Ullrich
Hunting for PHPUnit Installed via Composer
2020-06-05/a>
Remco Verhoef
Not so FastCGI!
2019-07-18/a>
Xavier Mertens
Malicious PHP Script Back on Stage?
2019-04-04/a>
Xavier Mertens
New Waves of Scans Detected by an Old Rule
2018-11-16/a>
Xavier Mertens
Basic Obfuscation With Permissive Languages
2018-07-11/a>
Remco Verhoef
Well, Hello Again Peppa!
2018-07-02/a>
Guy Bruneau
Hello Peppa! - PHP Scans
2018-06-13/a>
Xavier Mertens
A Bunch of Compromized Wordpress Sites
2018-05-06/a>
Guy Bruneau
Scans Attempting to use PowerShell to Download PHP Script
2017-09-14/a>
Xavier Mertens
Another webshell, another backdoor!
2017-08-07/a>
Xavier Mertens
Increase of phpMyAdmin scans
2017-02-28/a>
Xavier Mertens
Analysis of a Simple PHP Backdoor
2016-12-26/a>
Russ McRee
Critical security update: PHPMailer 5.2.20 (CVE-2016-10045)
2016-07-13/a>
Xavier Mertens
Drupal: Patch released today to fix a highly critical RCE in contributed modules
2016-04-25/a>
Guy Bruneau
Highlights from the 2016 HPE Annual Cyber Threat Report
2015-07-21/a>
Didier Stevens
Searching Through the VirusTotal Database
2015-07-12/a>
Guy Bruneau
PHP 5.x Security Updates
2014-09-19/a>
Guy Bruneau
PHP Fixes Several Bugs in Version 5.4 and 5.5
2014-08-22/a>
Richard Porter
PHP 5.4.32 Released http://www.php.net/ChangeLog-5.php#5.4.32
2014-08-22/a>
Richard Porter
PHP 5.5.16 is available http://www.php.net/ChangeLog-5.php#5.5.16
2014-08-16/a>
Lenny Zeltser
Web Server Attack Investigation - Installing a Bot and Reverse Shell via a PHP Vulnerability
2014-04-04/a>
Stephen Hall
PHP 5.4.27 released
2014-03-27/a>
Alex Stanford
Mass XSSodus in PHP
2013-10-25/a>
Johannes Ullrich
PHP.net compromise aftermath: Why Code Signing Beats Hashes
2013-10-24/a>
Johannes Ullrich
False Positive: php.net Malware Alert
2013-09-19/a>
Bojan Zdrnja
Arrays in requests, PHP and DedeCMS
2013-08-11/a>
Bojan Zdrnja
XATattacks (attacks on xat.com)
2013-08-04/a>
Johannes Ullrich
BBCode tag "[php]" used to inject php code
2013-06-07/a>
Daniel Wesemann
PHP patches - see http://www.php.net/ChangeLog-5.php - fixes CVE2013-2110
2013-02-22/a>
Chris Mohan
PHP 5.4.12 and PHP 5.3.22 released http://www.php.net/ChangeLog-5.php
2013-01-27/a>
Tony Carothers
HP JetDirect Vulnerabilities Discussed
2013-01-17/a>
Russ McRee
PHP 5.4.11 and PHP 5.3.21 released
2012-09-19/a>
Russ McRee
Script kiddie scavenging with Shellbot.S
2012-06-14/a>
Johannes Ullrich
PHP 5.4.4 and 5.3.14 released with fixes for DES crypt issue and phar heap overflow
2012-05-08/a>
Kevin Liston
PHP 5.4.3 and PHP 5.3.13 Released
2012-04-12/a>
Guy Bruneau
HP ProCurve 5400 zl Switch, Flash Cards Infected with Malware
2012-04-05/a>
Johannes Ullrich
Evil hides everywhere: Web Application Exploits in Headers
2012-03-07/a>
Johannes Ullrich
What happened to RFI attacks?
2012-02-16/a>
Johannes Ullrich
Adobe Flash Player Update
2012-02-07/a>
Johannes Ullrich
Secure E-Mail Access
2012-02-03/a>
Guy Bruneau
PHP 5.3.10 Released, Fixes CVE-2012-0830 available for download http://www.php.net/archive/2012.php#id2012-02-02-1
2012-02-03/a>
Johannes Ullrich
Critical PHP bug patched
2012-01-16/a>
Kevin Shortt
php 5.3.9 released -Jan-10-2011
2012-01-12/a>
Rob VandenBrink
PHP 5.39 was release on the 10th, amongst other things, it addresses CVE-2011-4885 (prevents attacks based on hash collisions) and CVE-2011-4566 (integer overflow when parsing invalid exif header)
2011-11-29/a>
John Bambenek
Hacking HP Printers for Fun and Profit
2011-08-22/a>
Jim Clausing
DO NOT upgrade to PHP 5.3.7, significant bug in crypt() function, see http://www.php.net/
2011-08-18/a>
Rob VandenBrink
PHP 5.37 release. Some security updates, plus lots of bug fixes ==> http://www.php.net/archive/2011.php#id2011-08-18-1
2011-03-07/a>
Johannes Ullrich
Outbound SSH Traffic from HP Virtual Connect Blades
2010-12-15/a>
Manuel Humberto Santander Pelaez
HP StorageWorks P2000 G3 MSA hardcoded user
2010-08-31/a>
Bojan Zdrnja
Interesting PHP injection
2010-08-10/a>
Daniel Wesemann
SSH - new brute force tool?
2010-07-04/a>
Manuel Humberto Santander Pelaez
Interesting analysis of the PHP SplObjectStorage Vulnerability
2010-06-14/a>
Manuel Humberto Santander Pelaez
Another way to get protection for application-level attacks
2010-05-23/a>
Manuel Humberto Santander Pelaez
e-mail scam announcing Fidel Castro's funeral ... and nasty malware to your computer.
2010-02-27/a>
Guy Bruneau
PHP 5.2.13 Security Update
2010-01-29/a>
Johannes Ullrich
Analyzing isc.sans.org weblogs, part 2, RFI attacks
2009-12-28/a>
Johannes Ullrich
8 Basic Rules to Implement Secure File Uploads http://jbu.me/48 (inspired by IIS ; bug)
2009-11-20/a>
Mark Hofman
PHP 5.3.1 is released. With many of the websites on the net relying on PHP and the number of attacks we see, consider upgrading. This release has over 100 bug fixes, some of which are security related.
2009-08-01/a>
Deborah Hale
Website Warnings
2009-06-26/a>
Mark Hofman
PHPMYADMIN scans
2009-06-24/a>
Kyle Haugsness
Exploit tools are publicly available for phpMyAdmin
2009-06-21/a>
Scott Fendley
phpMyAdmin Scans
2009-04-07/a>
Johannes Ullrich
Common Apache Misconception
2009-02-06/a>
Adrien de Beaupre
Time to patch your HP printers
2009-02-03/a>
Swa Frantzen
On the importance of patching fast
2008-12-10/a>
Stephen Hall
PHP Group has released PHP version 5.2.8
2008-09-09/a>
Swa Frantzen
wordpress upgrade
2008-08-19/a>
Johannes Ullrich
A morning stroll through my web logs
2008-05-05/a>
John Bambenek
PHP 5.2.6 out w/ security updates
2008-04-07/a>
John Bambenek
HP USB Keys Shipped with Malware for your Proliant Server
2006-12-24/a>
Swa Frantzen
phpBB 2.0.22 - upgrade time
2006-11-29/a>
Toby Kohlenberg
New Vulnerability Announcement and patches from Apple
2006-09-13/a>
Swa Frantzen
PHP - shared hosters, take note.
STORAGEWORKS
2010-12-15/a>
Manuel Humberto Santander Pelaez
HP StorageWorks P2000 G3 MSA hardcoded user
MSA
2016-02-23/a>
Xavier Mertens
VMware VMSA-2016-0002
2016-02-13/a>
Guy Bruneau
VMware VMSA-2015-0007.3 has been Re-released
2010-12-15/a>
Manuel Humberto Santander Pelaez
HP StorageWorks P2000 G3 MSA hardcoded user
G3
2010-12-15/a>
Manuel Humberto Santander Pelaez
HP StorageWorks P2000 G3 MSA hardcoded user
P2000
2010-12-15/a>
Manuel Humberto Santander Pelaez
HP StorageWorks P2000 G3 MSA hardcoded user
DEFAULT
2021-01-06/a>
Johannes Ullrich
Scans for Zyxel Backdoors are Commencing.
2015-06-26/a>
Daniel Wesemann
Cisco default credentials - again!
2013-03-05/a>
Mark Hofman
IPv6 Focus Month: Device Defaults
2011-05-30/a>
Johannes Ullrich
Allied Telesis Passwords Leaked
2010-12-15/a>
Manuel Humberto Santander Pelaez
HP StorageWorks P2000 G3 MSA hardcoded user
PASSWORD
2024-10-31/a>
Guy Bruneau
October 2024 Activity with Username chenzilong
2024-10-16/a>
Johannes Ullrich
The Top 10 Not So Common SSH Usernames and Passwords
2024-08-07/a>
Guy Bruneau
Same Scripts, Different Day: What My DShield Honeypot Taught Me About the Importance of Security Fundamentals [Guest Diary]
2024-07-13/a>
Didier Stevens
16-bit Hash Collisions in .xls Spreadsheets
2024-06-26/a>
Guy Bruneau
What Setting Live Traps for Cybercriminals Taught Me About Security [Guest Diary]
2024-02-28/a>
Johannes Ullrich
Exploit Attempts for Unknown Password Reset Vulnerability
2024-01-17/a>
Jesse La Grew
Number Usage in Passwords
2024-01-06/a>
Xavier Mertens
Are you sure of your password?
2023-10-29/a>
Guy Bruneau
Spam or Phishing? Looking for Credentials & Passwords
2023-10-15/a>
Guy Bruneau
Domain Name Used as Password Captured by DShield Sensor
2023-09-29/a>
Xavier Mertens
Are You Still Storing Passwords In Plain Text Files?
2023-09-05/a>
Jesse La Grew
Common usernames submitted to honeypots
2023-09-02/a>
Jesse La Grew
What is the origin of passwords submitted to honeypots?
2023-08-10/a>
Bojan Zdrnja
Some things never change ? such as SQL Authentication ?encryption?
2023-08-04/a>
Xavier Mertens
Are Leaked Credentials Dumps Used by Attackers?
2023-06-05/a>
Johannes Ullrich
Brute Forcing Simple Archive Passwords
2023-04-19/a>
Rob VandenBrink
Taking a Bite Out of Password Expiry Helpdesk Calls
2023-02-18/a>
Guy Bruneau
Spear Phishing Handlers for Username/Password
2022-08-13/a>
Guy Bruneau
Phishing HTML Attachment as Voicemail Audio Transcription
2022-05-17/a>
Xavier Mertens
Use Your Browser Internal Password Vault... or Not?
2022-03-10/a>
Xavier Mertens
Credentials Leaks on VirusTotal
2022-02-13/a>
Guy Bruneau
DHL Spear Phishing to Capture Username/Password
2021-11-15/a>
Rob VandenBrink
Changing your AD Password Using the Clipboard - Not as Easy as You'd Think!
2021-05-14/a>
Xavier Mertens
"Open" Access to Industrial Systems Interface is Also Far From Zero
2021-04-24/a>
Guy Bruneau
Base64 Hashes Used in Web Scanning
2021-01-06/a>
Johannes Ullrich
Scans for Zyxel Backdoors are Commencing.
2020-07-26/a>
Didier Stevens
Cracking Maldoc VBA Project Passwords
2020-07-13/a>
Didier Stevens
VBA Project Passwords
2020-06-10/a>
Brad Duncan
Job application-themed malspam pushes ZLoader
2020-04-06/a>
Didier Stevens
Password Protected Malicious Excel Files
2019-11-01/a>
Didier Stevens
Tip: Password Managers and 2FA
2018-12-17/a>
Didier Stevens
Password Protected ZIP with Maldoc
2018-08-22/a>
Deborah Hale
Email/password Frustration
2018-07-12/a>
Johannes Ullrich
New Extortion Tricks: Now Including Your Password!
2017-11-28/a>
Xavier Mertens
Apple High Sierra Uses a Passwordless Root Account
2017-05-17/a>
Richard Porter
Wait What? We don?t have to change passwords every 90 days?
2017-04-26/a>
Johannes Ullrich
If there are some unexploited MSSQL Servers With Weak Passwords Left: They got you now (again)
2017-04-10/a>
Didier Stevens
Password History: Insights Shared by a Reader
2017-02-07/a>
Johannes Ullrich
My Password is [taco] Using Emojis for Stronger Passwords
2016-12-07/a>
Xavier Mertens
The Passwords You Should Never Use
2016-09-15/a>
Xavier Mertens
In Need of a OTP Manager Soon?
2016-07-21/a>
Didier Stevens
Practice ntds.dit File
2016-06-20/a>
Xavier Mertens
Using Your Password Manager to Monitor Data Leaks
2015-06-26/a>
Daniel Wesemann
Cisco default credentials - again!
2014-09-19/a>
Guy Bruneau
Added today in oclhashcat 131 Django [Default Auth] (PBKDF2 SHA256 Rounds Salt) Support - http://hashcat.net/hashcat/
2014-08-22/a>
Richard Porter
OCLHashCat 1.30 Released
2014-08-06/a>
Johannes Ullrich
All Passwords have been lost: What's next?
2014-05-22/a>
Rob VandenBrink
Another Site Breached - Time to Change your Passwords! (If you can that is)
2013-11-22/a>
Rick Wanner
Tales of Password Reuse
2013-07-21/a>
Guy Bruneau
Ubuntu Forums Security Breach
2013-06-11/a>
Swa Frantzen
Store passwords the right way in your application
2013-05-14/a>
Jim Clausing
So what passwords are those ssh scanners trying?
2013-03-18/a>
Kevin Shortt
Cisco IOS Type 4 Password Issue: http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20130318-type4
2013-01-18/a>
Russ McRee
Interesting reads for Friday 18 JAN 2013
2013-01-04/a>
Daniel Wesemann
Blue for Reset?
2012-11-15/a>
Jim Clausing
Another month another password disclosure breach
2012-07-16/a>
Jim Clausing
An analysis of the Yahoo! passwords
2012-06-06/a>
Jim Clausing
Potential leak of 6.5+ million LinkedIn password hashes
2012-05-22/a>
Johannes Ullrich
nmap 6 released
2012-01-03/a>
Rick Wanner
Analysis of the Stratfor Password List
2011-10-10/a>
Tom Liston
What's In A Name?
2011-08-10/a>
Johannes Ullrich
Theoretical and Practical Password Entropy
2011-06-28/a>
Johannes Ullrich
Hashing Passwords
2011-05-30/a>
Johannes Ullrich
Allied Telesis Passwords Leaked
2010-12-28/a>
John Bambenek
Mozilla Notifies of Relatively Minor Security Breach
2010-12-15/a>
Manuel Humberto Santander Pelaez
HP StorageWorks P2000 G3 MSA hardcoded user
2010-12-13/a>
Deborah Hale
Gawker Media Breach of Security
2010-11-26/a>
Mark Hofman
Using password cracking as metric/indicator for the organisation's security posture
2010-08-27/a>
Mark Hofman
FTP Brute Password guessing attacks
2010-02-25/a>
Chris Carboni
Pass The Hash
2010-02-02/a>
Johannes Ullrich
Twitter Mass Password Reset due to Phishing
2009-12-04/a>
Daniel Wesemann
The economics of security advice (MSFT research paper)
2009-11-02/a>
Daniel Wesemann
Password rules: Change them every 25 years
2009-10-23/a>
Johannes Ullrich
Little new tool: reversing md5/sha1 hashes http://isc.sans.org/tools/reversehash.html
2008-09-22/a>
Jim Clausing
Lessons learned from the Palin (and other) account hijacks
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Contact Us
Contact Us
About Us
Handlers
About Us
Slack Channel
Mastodon
Bluesky
X
Make the web a better place by
sharing the SANS Internet Storm Center
with others