Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Diaries by Keyword - SANS Internet Storm Center Diaries by Keyword


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Date Author Title

NIAP CCEVS PP PROTECTION PROFILE

2009-06-27Tony CarothersNew NIAP Strategy on the Horizon

NIAP

2009-06-27/a>Tony CarothersNew NIAP Strategy on the Horizon

CCEVS

2009-06-27/a>Tony CarothersNew NIAP Strategy on the Horizon

PP

2019-08-28/a>Johannes Ullrich[Guest Diary] Open Redirect: A Small But Very Common Vulnerability
2019-08-22/a>Xavier MertensSimple Mimikatz & RDPWrapper Dropper
2019-06-20/a>Xavier MertensUsing a Travel Packing App for Infosec Purpose
2018-12-31/a>Didier StevensSoftware Crashes: A New Year's Resolution
2018-11-18/a>Guy BruneauMultipurpose PCAP Analysis Tool
2018-10-08/a>Guy BruneauApple Security Updates
2018-07-11/a>Remco VerhoefWell, Hello Again Peppa!
2018-04-30/a>Remco VerhoefAnother approach to webapplication fingerprinting
2018-01-23/a>Johannes UllrichApple Updates Everything, Again
2017-11-28/a>Xavier MertensApple High Sierra Uses a Passwordless Root Account
2017-11-07/a>Xavier MertensInteresting VBA Dropper
2017-10-06/a>Johannes UllrichWhat's in a cable? The dangers of unauthorized cables
2017-09-06/a>Adrien de BeaupreModern Web Application Penetration Testing , Hash Length Extension Attacks
2017-04-18/a>Johannes UllrichYet Another Apple Phish and Some DNS Lessons Learned From It
2017-01-10/a>Johannes UllrichPort 37777 "MapTable" Requests
2016-09-13/a>Rob VandenBrinkApple iOS 10 and 10.0.1 Released
2016-09-02/a>Johannes UllrichApple Patches "Trident" Vulnerabilities in OS X / Safari
2016-08-25/a>Xavier MertensOut-of-Band iOS Patch Fixes 0-Day Vulnerabilities
2016-08-11/a>Pasquale StirparoLooking for the insider: Forensic Artifacts on iOS Messaging App
2016-04-27/a>Tom WebbKippos Cousin Cowrie
2016-02-06/a>Jim ClausingMore updates to kippo-log2db
2015-09-21/a>Xavier MertensDetecting XCodeGhost Activity
2015-06-27/a>Guy BruneauIs Windows XP still around in your Network a year after Support Ended?
2015-02-07/a>Jim ClausingUpdate to kippo-log2db.pl
2014-11-10/a>Chris MohanLessons Learn from attacks on Kippo honeypots
2014-10-17/a>Johannes UllrichApple Updates (not just Yosemite)
2014-09-18/a>Johannes UllrichApple Releases OS X 10.9.5 / Safari 6.2 and 7.1 with several security fixes http://support.apple.com/kb/HT1222
2014-08-15/a>Tom WebbAppLocker Event Logs with OSSEC 2.8
2014-08-13/a>Johannes UllrichUpdates for Apple Safari
2014-08-09/a>Adrien de BeaupreComplete application ownage via Multi-POST XSRF
2014-07-23/a>Johannes UllrichNew Feature: "Live" SSH Brute Force Logs and New Kippo Client
2014-07-11/a>Rob VandenBrinkApple pushes OS X update to block out of date Flash versions - http://support.apple.com/kb/HT5655
2014-07-05/a>Guy BruneauJava Support ends for Windows XP
2014-07-01/a>Johannes UllrichApple Releases Patches for All Products
2014-06-23/a>Russ McReeMicrosoft Interflow announced today at 26th FIRST conference
2014-05-07/a>Johannes UllrichDe-Clouding your Life: Things that should not go into the cloud.
2014-04-22/a>Johannes UllrichApple Patches for OS X, iOS and Apple TV.
2014-04-07/a>Johannes UllrichAttack or Bad Link? Your Guess?
2014-04-02/a>Kevin ShorttApple Security Update for Safari 6.1.3/7.0.3: http://support.apple.com/kb/HT6181
2014-03-27/a>Alex StanfordApple Credential Phishing via appleidconfirm.net
2014-03-10/a>Basil Alawi S.TaherApple iOS 7.1
2014-02-25/a>Alex StanfordApple releases OS X 10.9.2 patching SSL vulnerability and updates Safari
2014-02-21/a>Jim ClausingApple updates iOS and Apple TV
2014-01-24/a>Chris MohanSecurity Update for OS X for CVE-2014-1252 http://support.apple.com/kb/HT6117
2014-01-17/a>Russ McReeMassive RFI scans likely a free web app vuln scanner rather than bots
2014-01-04/a>Tom WebbMonitoring Windows Networks Using Syslog (Part One)
2013-12-17/a>Adrien de BeaupreApple security updates Mac OS X and Safari
2013-12-14/a>Johannes UllrichWhatsApp Malware Spam uses Geolocation to Mass Customize Filename
2013-11-14/a>Johannes UllrichiOS 7.0.4 released. Fixes issue with unauthorized in App purchases http://lists.apple.com/archives/security-announce/2013/Nov/msg00000.html
2013-10-22/a>Richard PorterGreenbone and OpenVAS Scanner
2013-10-10/a>Mark HofmanCSAM Some more unusual scans
2013-10-09/a>Johannes UllrichOther Patch Tuesday Updates (Adobe, Apple)
2013-09-18/a>Rob VandenBrinkApple IOS 7 - Brace for Impact!
2013-09-13/a>Rob VandenBrinkUpdate for Safari to version 5.1.10 is out - http://support.apple.com/kb/HT5921
2013-09-05/a>Rob VandenBrinkBuilding Your Own GPU Enabled Private Cloud
2013-07-27/a>Scott FendleyDefending Against Web Server Denial of Service Attacks
2013-07-25/a>Johannes UllrichA Couple of SSH Brute Force Compromises
2013-07-22/a>Johannes UllrichApple Developer Site Breach
2013-07-03/a>Kevin ShorttApple Security Update 2013-003
2013-06-10/a>Johannes UllrichWhen Google isn't Google
2013-06-05/a>Johannes UllrichApple releases OS 10.8.4
2013-05-22/a>Adrien de BeaupreApple QuickTime 7.7.4 for Windows updated, MANY security vulnerabilities: http://support.apple.com/kb/HT1222
2013-04-17/a>Richard PorterApple iTunes Services Outage
2013-04-08/a>Johannes UllrichCleaning Up After the Leak: Hiding exposed web content
2013-03-27/a>Adam SwangerIPv6 Focus Month: Guest Diary: Stephen Groat - IPv6 moving target defense
2013-03-25/a>Johannes UllrichIPv6 Focus Month: IPv6 over IPv4 Preference
2013-03-23/a>Guy BruneauApple ID Two-step Verification Now Available in some Countries
2013-03-19/a>Johannes UllrichIPv6 Focus Month: The warm and fuzzy side of IPv6
2013-03-14/a>Richard PorterApple Security Updates: http://support.apple.com/kb/HT1222
2013-02-25/a>Johannes UllrichPunkspider enumerates web application vulnerabilities
2013-02-20/a>Johannes UllrichUpdate Palooza
2013-02-19/a>Johannes UllrichOracle Updates Java (Java 7 Update 15, Java 6 update 41)
2013-02-05/a>Russ McReeApple Security Update: OS X Server v.2.2.1 now available http://support.apple.com/kb/HT5644
2013-01-28/a>Johannes UllrichiOS 6.1 Released
2013-01-25/a>Johannes UllrichVulnerability Scans via Search Engines (Request for Logs)
2012-12-06/a>Daniel WesemannFake tech support calls - revisited
2012-11-26/a>John BambenekOnline Shopping for the Holidays? Tips, News and a Fair Warning
2012-10-03/a>Kevin ShorttFake Support Calls Reported
2012-09-20/a>Russ McReeApple and Cisco Security Advisories 19 SEP 2012
2012-08-22/a>Adrien de BeaupreApple Remote Desktop update fixes no encryption issue
2012-08-22/a>Adrien de BeauprePhishing/spam via SMS
2012-07-25/a>Johannes UllrichApple OS X 10.8 (Mountain Lion) released
2012-07-25/a>Johannes UllrichApple Releases Safari 6
2012-07-21/a>Rick WannerTippingPoint DNS Version Request increase
2012-06-12/a>Scott FendleyApple iTunes Security Update
2012-06-01/a>Johannes UllrichApple Releases iOS Security Specs
2012-05-25/a>Guy BruneauApple PGP Product Security key update - https://www.apple.com/support/security/pgp/
2012-05-10/a>Kevin ShorttSafari 5.1.7 - an interesting feature
2012-05-06/a>Jim ClausingTool updates and Win 8
2012-04-14/a>Rick WannerFlashback Trojan Removal Tool Released
2012-03-12/a>Johannes UllrichApple Released Safari 5.1.4
2012-03-08/a>Johannes UllrichApple Patches
2012-02-27/a>Johannes UllrichOdd Vanishing Signatures in OS X XProtect
2012-02-22/a>Johannes UllrichHow to test OS X Mountain Lion's Gatekeeper in Lion
2012-02-20/a>Johannes UllrichThe Ultimate OS X Hardening Guide Collection
2012-02-04/a>Scott FendleyApple Security Advisory 2012-001 v1.1
2012-01-16/a>Kevin ShorttZappos Breached
2011-11-14/a>Stephen HallApple update summary
2011-11-11/a>Rick WannerAPPLE-SA-2011-11-10-2 Time Capsule and AirPort Base Station (802.11n) Firmware 7.6 update
2011-11-08/a>Swa FrantzenApple Black Tuesday
2011-11-03/a>Richard PorterAn Apple, Inc. Sandbox to play in.
2011-11-01/a>Russ McReeSecure languages & frameworks
2011-10-11/a>Swa FrantzenApple iTunes 10.5
2011-09-09/a>Guy BruneauApple Certificate Trust Policy Update
2011-08-16/a>Johannes UllrichWhat are the most dangerous web applications and how to secure them?
2011-07-29/a>Richard PorterApple Lion talking on TCP 5223
2011-07-28/a>Guy BruneauXenApp and XenDesktop could result in Arbitrary Code Execution
2011-07-28/a>Johannes UllrichAnnouncing: The "404 Project"
2011-07-25/a>Johannes UllrichApple released patch for iWork security issue http://support.apple.com/kb/HT1222
2011-07-25/a>Johannes UllrichiOS 4.3.5 released fixing an SSL certificate verification flaw. http://support.apple.com/kb/HT1222
2011-07-21/a>Mark HofmanLion Released
2011-07-21/a>Johannes UllrichLion: What is new in Security
2011-07-15/a>Deborah HaleApple Software Updates
2011-07-10/a>Raul SilesJailbreakme Takes Advantage of 0-day PDF Vuln in Apple iOS Devices
2011-07-05/a>Raul SilesHelping Developers Understand Security - Spot the Vuln
2011-06-28/a>Johannes UllrichUpdate: Java update for OS X fixes security issues http://support.apple.com/kb/HT1222
2011-06-23/a>Jim ClausingApple Security Updates 2011-004
2011-06-17/a>Richard PorterWhen do you stop owning Technology?
2011-06-15/a>Pedro BuenoHit by MacDefender, Apple Web Security (name your Mac FakeAV here)...
2011-05-31/a>Johannes UllrichApple Improving OS X Anti-Malware Feature
2011-05-25/a>Daniel WesemannApple advisory on "MacDefender" malware
2011-05-23/a>Mark HofmanMicrosoft Support Scam (again)
2011-05-01/a>Deborah HaleDroid MarketPlace Has a New App
2011-04-22/a>Manuel Humberto Santander PelaezIn-house developed applications: The constant headache for the information security officer
2011-04-14/a>Johannes UllrichApple Security Patches for OS X and iOS
2011-03-21/a>Kevin ShorttAPPLE-SA-2011-03-21-1 Mac OS X v10.6.7 and Security Update 2011-001
2011-03-12/a>Chris MohanApple releases iTunes 10.2.1 - http://support.apple.com/kb/DL1103
2011-03-10/a>Bojan ZdrnjaiOS 4.3 released, numerous security vulnerabilities patched
2011-03-09/a>Jim ClausingApple updates Java
2011-03-03/a>Manuel Humberto Santander PelaezRogue apps inside Android Marketplace
2011-02-28/a>Deborah HalePossible Botnet Scanning
2011-02-25/a>Johannes UllrichThunderbolt Security Speculations
2011-02-08/a>Johannes UllrichTippingpoint Releases Details on Unpatched Bugs
2011-01-06/a>Johannes UllrichOS X 10.6.6 released. Probably some security content but Apple hasn't released details yet.
2010-12-26/a>Manuel Humberto Santander PelaezISC infocon monitor app for OS X
2010-12-25/a>Manuel Humberto Santander PelaezAn interesting vulnerability playground to learn application vulnerabilities
2010-12-12/a>Raul SilesNew trend regarding web application vulnerabilities?
2010-12-12/a>Raul SilesApple Quickime 7.6.9 was released a few days ago (just in case you missed it): http://support.apple.com/kb/HT1222. Update all your web browser plugins!
2010-12-02/a>Kevin JohnsonRobert Hansen and our happiness
2010-11-11/a>Johannes UllrichOS X 10.6.5 released with security patches. Careful: issues with PGP WDE! (see PGP support forums)
2010-10-11/a>Adrien de BeaupreOT: Happy Thanksgiving Day Canada
2010-08-30/a>Adrien de BeaupreApple QuickTime potential vulnerability/backdoor
2010-08-16/a>Raul SilesBlind Elephant: A New Web Application Fingerprinting Tool
2010-08-15/a>Manuel Humberto Santander PelaezPython to test web application security
2010-08-10/a>Daniel WesemannNew Apple security updates for iPad/Pod/Phone. See http://support.apple.com/kb/ht1222
2010-07-06/a>Rob VandenBrinkBogus Support Organizations use Live Operators to Install Malware
2010-07-05/a>Manuel Humberto Santander PelaezApple ITunes account security compromised
2010-06-15/a>Manuel Humberto Santander PelaezMicrosoft Windows Help and Support Center vulnerability (CVE 2010-1885) exploit in the wild
2010-06-15/a>Manuel Humberto Santander PelaezApple releases advisory for Mac OS X - Multiple vulnerabilities discovered
2010-06-14/a>Manuel Humberto Santander PelaezAnother way to get protection for application-level attacks
2010-06-14/a>Manuel Humberto Santander PelaezRogue facebook application acting like a worm
2010-06-08/a>Mark HofmanSafari 5.0 is available for all platforms. Addresses some security issues, more here http://support.apple.com/kb/HT4196
2010-04-13/a>Adrien de BeaupreWeb App Testing Tools
2010-04-06/a>Daniel WesemannApplication Logs
2010-04-02/a>Guy BruneauApple QuickTime and iTunes Security Update
2010-03-29/a>Adrien de BeaupreAPPLE-SA-2010-03-29-1 Security Update 2010-002 / Mac OS X v10.6.3
2010-03-21/a>Scott FendleySkipfish - Web Application Security Tool
2010-03-11/a>Mark HofmanA new version of Safari is out. Looks like for Mac and Windows. Plenty of security fixes (mostly for Windows Safari users http://support.apple.com/kb/HT4070 )
2010-03-08/a>Raul SilesSamurai WTF 0.8
2010-03-01/a>Mark HofmanMicrosoft will drop support for Vista (without any Service Packs) on April 13 and support for XP SP2 ends July 13. (i.e. no more security updates). If you are still running these, it it time to update.
2010-02-20/a>Mari NicholsIs "Green IT" Defeating Security?
2010-02-17/a>Rob VandenBrinkDefining Clouds - " A Cloud by any Other Name Would be a Lot Less Confusing"
2010-02-03/a>Rob VandenBrinkAPPLE-SA-2010-02-02-1 iPhone OS 3.1.3 and iPhone OS 3.1.3 for iPod touch
2010-02-03/a>Johannes UllrichAnatomy of a Form Spam Campaign (in progress against isc.sans.org right now) https://blogs.sans.org/appsecstreetfighter/
2010-02-03/a>Rob VandenBrinkSupport for Legacy Browsers
2010-01-29/a>Adrien de BeaupreNeo-legacy applications
2010-01-27/a>Raul SilesActive SEO poisoning attacks for hot topics
2010-01-25/a>William Salusky"Bots and Spiders and Crawlers, be gone!" - or - "New Open Source WebAppSec tools, Huzzah!"
2010-01-24/a>Pedro BuenoOutdated client applications
2010-01-19/a>Jim ClausingApple Security Update 2010-001
2009-12-28/a>Johannes Ullrich8 Basic Rules to Implement Secure File Uploads http://jbu.me/48 (inspired by IIS ; bug)
2009-12-03/a>Mark HofmanApple released some Java updates today APPLE-SA-2009-12-03-1 & 2 (for 10.5 and 10.6). Fixes a number of security issues so updating is a good idea.
2009-10-20/a>Raul SilesWASC 2008 Statistics
2009-09-16/a>Raul SilesReview the security controls of your Web Applications... all them!
2009-09-12/a>Jim ClausingApple Updates
2009-08-11/a>Swa FrantzenSafari 4.0.3
2009-08-05/a>donald smithSecurity Update 2009-003 / Mac OS X v10.5.8
2009-07-31/a>Deborah HaleDon't forget to tell your SysAdmin Thanks
2009-06-27/a>Tony CarothersNew NIAP Strategy on the Horizon
2009-06-09/a>Swa FrantzenSafari 4.0 released - contains security fixes
2009-05-26/a>Jason LamA new Web application security blog
2009-05-22/a>Mark HofmanPatching and Apple - Java issue
2009-05-20/a>Tom ListonWeb Toolz
2009-05-12/a>Swa FrantzenApple patches and updates
2009-04-21/a>Bojan ZdrnjaWeb application vulnerabilities
2009-03-01/a>Jim ClausingCool combination of tools
2009-01-24/a>Pedro BuenoIdentifying and Removing the iWork09 Trojan
2009-01-21/a>Raul SilesVulnerabilities on Cisco and Apple products
2009-01-12/a>William SaluskyWeb Application Firewalls (WAF) - Have you deployed WAF technology?
2008-11-20/a>Jason LamLarge quantity SQL Injection mitigation
2008-11-10/a>Stephen HallApple breathing iLife into 10.4
2008-09-16/a>Joel EslerApple Updates you may have missed in the past week
2008-09-10/a>Adrien de BeaupreApple updates iPod Touch + Bonjour for Windows
2008-09-09/a>Swa FrantzenApple updates iTunes+QuickTime
2008-08-01/a>Swa FrantzenApple's Security Update 2008-005: DNS workaround finally included
2008-07-01/a>Joel EslerApple Posts 10.5.4, Security Update 2008-004, Time Machine + Apple Base Station Upgrades, and Safari upgrade for 10.4.11
2008-06-10/a>Swa FrantzenUpgrade to QuickTime 7.5
2008-05-29/a>Joel EslerApple Update 10.5.3 and Apple Security Update 2008-003
2008-04-20/a>Joel EslerSoftware Update -- Did Apple Do Enough?
2008-04-17/a>Chris CarboniSafari 3.1.1 Released
2008-03-20/a>Joel EslerAPPLE-SA-2008-03-19 AirPort Extreme Base Station Firmware 7.3.1
2007-01-03/a>Toby KohlenbergVLC Media Player udp URL handler Format String Vulnerability
2006-11-29/a>Toby KohlenbergNew Vulnerability Announcement and patches from Apple
2006-09-28/a>Swa FrantzenPowerpoint, yet another new vulnerability
2006-09-21/a>Johannes UllrichApple updates Airport Drivers
2006-09-12/a>Swa FrantzenApple Quicktime 7.1.3 released

PROTECTION

2016-01-31/a>Guy BruneauWindows 10 and System Protection for DATA Default is OFF
2014-07-30/a>Rick WannerSymantec Endpoint Protection Privilege Escalation Zero Day
2012-04-26/a>Richard PorterDefine Irony: A medical device with a Virus?
2011-01-12/a>Richard PorterHow Many Loyalty Cards do you Carry?
2010-03-10/a>Rob VandenBrinkMicrosoft re-release of KB973811 - attacks on Extended Protection for Authentication
2009-12-07/a>Rob VandenBrinkLayer 2 Network Protections – reloaded!
2009-11-11/a>Rob VandenBrinkLayer 2 Network Protections against Man in the Middle Attacks
2009-10-30/a>Rob VandenBrinkNew version of NIST 800-41, Firewalls and Firewall Policy Guidelines
2009-08-29/a>Guy BruneauImmunet Protect - Cloud and Community Malware Protection
2009-06-27/a>Tony CarothersNew NIAP Strategy on the Horizon

PROFILE

2009-06-27/a>Tony CarothersNew NIAP Strategy on the Horizon