Date Author Title
2024-07-10Jesse La GrewFinding Honeypot Data Clusters Using DBSCAN: Part 1
2024-03-29Xavier MertensQuick Forensics Analysis of Apache logs
2023-12-20Guy BruneauHow to Protect your Webserver from Directory Enumeration Attack ? Apache2 [Guest Diary]
2023-09-02Jesse La GrewWhat is the origin of passwords submitted to honeypots?
2023-06-23Xavier MertensWord Document with an Online Attached Template
2023-05-30Johannes UllrichYour Business Data and Machine Learning at Risk: Attacks Against Apache NiFi
2023-05-03Xavier MertensIncreased Number of Configuration File Scans
2022-09-01Johannes UllrichJolokia Scans: Possible Hunt for Vulnerable Apache Geode Servers (CVE-2022-37021)
2022-03-12Didier StevensICMP Messages: Original Datagram Field
2022-01-27Johannes UllrichApple Patches Everything
2021-12-28Russ McReeLotL Classifier tests for shells, exfil, and miners
2021-10-16Guy BruneauApache is Actively Scan for CVE-2021-41773 & CVE-2021-42013
2021-10-06Johannes UllrichApache 2.4.49 Directory Traversal Vulnerability (CVE-2021-41773)
2021-08-24Johannes UllrichAttackers Hunting For Twilio Credentials
2021-02-25Daniel WesemannForensicating Azure VMs
2020-07-04Russ McReeHappy FouRth of July from the Internet Storm Center
2019-07-08Didier StevensMachine Code? No!
2019-07-04Didier StevensMachine Code?
2018-06-06Xavier MertensConverting PCAP Web Traffic to Apache Log
2018-02-28Kevin ListonHow did this Memcache thing happen?
2017-05-31Pasquale StirparoAnalysis of Competing Hypotheses, WCry and Lazarus (ACH part 2)
2017-05-28Pasquale StirparoAnalysis of Competing Hypotheses (ACH part 1)
2016-09-22Rick WannerYAHDD! (Yet another HUGE data Breach!)
2016-08-31Deborah HaleDropbox Breach
2016-07-05Johannes UllrichApache Update: TLS Certificate Authentication Bypass with HTTP/2 (CVE-2016-4979)
2016-05-02Rick WannerLean Threat Intelligence
2015-10-12Guy BruneauCritical Vulnerability in Multiple Cisco Products - Apache Struts 2 Command Execution http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2
2015-04-08Tom WebbIs it a breach or not?
2015-03-21Russell EubanksHave you seen my personal information? It has been lost. Again.
2014-12-01Guy BruneauDo you have a Data Breach Response Plan?
2014-08-23Guy BruneauNSS Labs Cyber Resilience Report
2014-07-28Johannes UllrichInteresting HTTP User Agent "chroot-apach0day"
2014-06-13Richard PorterA welcomed response, PF Chang's
2014-03-17Jim ClausingNew Apache web server release
2014-03-13Daniel WesemannWeb server logs containing RS=^ ?
2013-12-21Daniel WesemannAdobe phishing underway
2013-11-27Rob VandenBrinkApache 2.4.7 is released 11/25. Download: http://httpd.apache.org/download.cgi#apache24 and Readme: http://apache.mirror.iweb.ca//httpd/CHANGES_2.4.7
2013-11-15Johannes UllrichThe Security Impact of HTTP Caching Headers
2013-11-04Manuel Humberto Santander PelaezWhen attackers use your DNS to check for the sites you are visiting
2013-10-22Richard PorterGreenbone and OpenVAS Scanner
2013-10-21Johannes UllrichNew tricks that may bring DNS spoofing back or: "Why you should enable DNSSEC even if it is a pain to do"
2013-10-05Richard PorterAdobe Breach Notification, Notifications?
2013-10-04Johannes UllrichThe Adobe Breach FAQ
2013-08-09Kevin ShorttCopy Machines - Changing Scanned Content
2013-07-22Johannes UllrichApple Developer Site Breach
2013-07-21Guy BruneauUbuntu Forums Security Breach
2013-04-30Russ McReeApache binary backdoor adds malicious redirect to Blackhole
2013-02-22Johannes UllrichZendesk breach affects Tumblr/Pinterest/Twitter
2013-01-04Daniel WesemannBlue for Reset?
2012-11-22Kevin ListonGreek National Arrested on Suspicion of Theft of 9M Records on Fellow Greeks
2012-07-16Jim ClausingAn analysis of the Yahoo! passwords
2012-06-06Jim ClausingPotential leak of 6.5+ million LinkedIn password hashes
2012-02-22Johannes UllrichApache 2.4 Features
2012-01-16Kevin ShorttZappos Breached
2011-10-06Rob VandenBrinkApache HTTP Server mod_proxy reverse proxy issue
2011-09-28Richard PorterAll Along the ARP Tower!
2011-09-15Swa FrantzenDigiNotar looses their accreditation for qualified certificates
2011-09-07Lenny ZeltserGlobalSign Temporarily Stops Issuing Certificates to Investigate a Potential Breach
2011-09-06Swa FrantzenDigiNotar audit - intermediate report available
2011-09-01Swa FrantzenDigiNotar breach - the story so far
2011-08-30Johannes UllrichApache patch out for "byte range" DoS vulnerability http://www.apache.org/dist/httpd/Announcement2.2.html
2011-08-25Kevin ShorttRevival of an Unpatched Apache HTTPD DoS
2011-06-21Chris MohanStartSSL, a web authentication authority, suspend services after a security breach
2011-05-30Johannes UllrichLockheed Martin and RSA Tokens
2011-05-25Lenny ZeltserMonitoring Social Media for Security References to Your Organization
2011-04-28Chris MohanDSL Reports advise 9,000 accounts were compromised
2011-04-20Daniel WesemannData Breach Investigations Report published by Verizon
2011-04-04Mark HofmanWhen your service provider has a breach
2011-03-25Rob VandenBrinkThe Recent RSA Breach - Imagining the Worst Case, And Why it Isn't Time to Panic (Yet)
2010-12-28John BambenekMozilla Notifies of Relatively Minor Security Breach
2010-12-15Manuel Humberto Santander PelaezVulnerability in the PDF distiller of the BlackBerry Attachment Service
2010-07-29Rob VandenBrinkThe 2010 Verizon Data Breach Report is Out
2010-07-15Deborah HaleBe on the Alert
2010-06-17Deborah HaleDigital Copy Machines - Security Risk?
2010-06-10Deborah HaleiPad Owners Exposed
2010-04-13Johannes UllrichApache.org Bugtracker Breach
2010-03-07Mari NicholsApache releases version 2.2.15 with 5 security fixes including OpenSSL issue.
2010-01-25William Salusky"Bots and Spiders and Crawlers, be gone!" - or - "New Open Source WebAppSec tools, Huzzah!"
2009-11-24John BambenekBIND Security Advisory (DNSSEC only)
2009-11-03Bojan ZdrnjaOpachki, from (and to) Russia with love
2009-10-14Johannes UllrichOdd Apache/MSIE issue with downloads from ISC
2009-08-28Adrien de Beaupreapache.org compromised
2009-07-28Adrien de BeaupreYYAMCCBA
2009-07-23John BambenekMissouri Passes Breach Notification Law: Gap Still Exists for Banking Account Information
2009-06-23Bojan ZdrnjaSlowloris and Iranian DDoS attacks
2009-06-21Bojan ZdrnjaApache HTTP DoS tool mitigation
2009-06-18Bojan ZdrnjaApache HTTP DoS tool released
2009-06-06Patrick NolanARRA/HIPAA Breach Reporting Dates Approaching
2009-05-09Patrick NolanUnusable, Unreadable, or Indecipherable? No Breach reporting required
2009-05-05Bojan ZdrnjaHealth database breached
2009-04-24John BambenekData Leak Prevention: Proactive Security Requirements of Breach Notification Laws
2009-04-15Marcus Sachs2009 Data Breach Investigation Report
2009-04-07Johannes UllrichCommon Apache Misconception
2009-02-08Mari NicholsAre we becoming desensitized to data breaches?
2009-01-30Mark HofmanWe all "Love" USB drives
2009-01-12William SaluskyWeb Application Firewalls (WAF) - Have you deployed WAF technology?
2008-10-09Bojan ZdrnjaWatch that .htaccess file on your web site
2008-07-15Maarten Van HorenbeeckBlackBerry PDF parsing vulnerability