Diaries by Keyword - SANS Internet Storm Center

Handler on Duty: Johannes Ullrich

Threat Level: green

Date	Author	Title
2025-04-02	Guy Bruneau	Exploring Statistical Measures to Predict URLs as Legitimate or Intrusive [Guest Diary]
2025-03-31	Johannes Ullrich	Apache Camel Exploit Attempt by Vulnerability Scan (CVE-2025-27636, CVE-2025-29891)
2025-03-26	Jesse La Grew	[Guest Diary] Leveraging CNNs and Entropy-Based Feature Selection to Identify Potential Malware Artifacts of Interest
2024-07-10	Jesse La Grew	Finding Honeypot Data Clusters Using DBSCAN: Part 1
2024-03-29	Xavier Mertens	Quick Forensics Analysis of Apache logs
2023-12-20	Guy Bruneau	How to Protect your Webserver from Directory Enumeration Attack ? Apache2 [Guest Diary]
2023-09-02	Jesse La Grew	What is the origin of passwords submitted to honeypots?
2023-06-23	Xavier Mertens	Word Document with an Online Attached Template
2023-05-30	Johannes Ullrich	Your Business Data and Machine Learning at Risk: Attacks Against Apache NiFi
2023-05-03	Xavier Mertens	Increased Number of Configuration File Scans
2022-09-01	Johannes Ullrich	Jolokia Scans: Possible Hunt for Vulnerable Apache Geode Servers (CVE-2022-37021)
2022-03-12	Didier Stevens	ICMP Messages: Original Datagram Field
2022-01-27	Johannes Ullrich	Apple Patches Everything
2021-12-28	Russ McRee	LotL Classifier tests for shells, exfil, and miners
2021-10-16	Guy Bruneau	Apache is Actively Scan for CVE-2021-41773 & CVE-2021-42013
2021-10-06	Johannes Ullrich	Apache 2.4.49 Directory Traversal Vulnerability (CVE-2021-41773)
2021-08-24	Johannes Ullrich	Attackers Hunting For Twilio Credentials
2021-02-25	Daniel Wesemann	Forensicating Azure VMs
2020-07-04	Russ McRee	Happy FouRth of July from the Internet Storm Center
2019-07-08	Didier Stevens	Machine Code? No!
2019-07-04	Didier Stevens	Machine Code?
2018-06-06	Xavier Mertens	Converting PCAP Web Traffic to Apache Log
2018-02-28	Kevin Liston	How did this Memcache thing happen?
2017-05-31	Pasquale Stirparo	Analysis of Competing Hypotheses, WCry and Lazarus (ACH part 2)
2017-05-28	Pasquale Stirparo	Analysis of Competing Hypotheses (ACH part 1)
2016-09-22	Rick Wanner	YAHDD! (Yet another HUGE data Breach!)
2016-08-31	Deborah Hale	Dropbox Breach
2016-07-05	Johannes Ullrich	Apache Update: TLS Certificate Authentication Bypass with HTTP/2 (CVE-2016-4979)
2016-05-02	Rick Wanner	Lean Threat Intelligence
2015-10-12	Guy Bruneau	Critical Vulnerability in Multiple Cisco Products - Apache Struts 2 Command Execution http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2
2015-04-08	Tom Webb	Is it a breach or not?
2015-03-21	Russell Eubanks	Have you seen my personal information? It has been lost. Again.
2014-12-01	Guy Bruneau	Do you have a Data Breach Response Plan?
2014-08-23	Guy Bruneau	NSS Labs Cyber Resilience Report
2014-07-28	Johannes Ullrich	Interesting HTTP User Agent "chroot-apach0day"
2014-06-13	Richard Porter	A welcomed response, PF Chang's
2014-03-17	Jim Clausing	New Apache web server release
2014-03-13	Daniel Wesemann	Web server logs containing RS=^ ?
2013-12-21	Daniel Wesemann	Adobe phishing underway
2013-11-27	Rob VandenBrink	Apache 2.4.7 is released 11/25. Download: http://httpd.apache.org/download.cgi#apache24 and Readme: http://apache.mirror.iweb.ca//httpd/CHANGES_2.4.7
2013-11-15	Johannes Ullrich	The Security Impact of HTTP Caching Headers
2013-11-04	Manuel Humberto Santander Pelaez	When attackers use your DNS to check for the sites you are visiting
2013-10-22	Richard Porter	Greenbone and OpenVAS Scanner
2013-10-21	Johannes Ullrich	New tricks that may bring DNS spoofing back or: "Why you should enable DNSSEC even if it is a pain to do"
2013-10-05	Richard Porter	Adobe Breach Notification, Notifications?
2013-10-04	Johannes Ullrich	The Adobe Breach FAQ
2013-08-09	Kevin Shortt	Copy Machines - Changing Scanned Content
2013-07-22	Johannes Ullrich	Apple Developer Site Breach
2013-07-21	Guy Bruneau	Ubuntu Forums Security Breach
2013-04-30	Russ McRee	Apache binary backdoor adds malicious redirect to Blackhole
2013-02-22	Johannes Ullrich	Zendesk breach affects Tumblr/Pinterest/Twitter
2013-01-04	Daniel Wesemann	Blue for Reset?
2012-11-22	Kevin Liston	Greek National Arrested on Suspicion of Theft of 9M Records on Fellow Greeks
2012-07-16	Jim Clausing	An analysis of the Yahoo! passwords
2012-06-06	Jim Clausing	Potential leak of 6.5+ million LinkedIn password hashes
2012-02-22	Johannes Ullrich	Apache 2.4 Features
2012-01-16	Kevin Shortt	Zappos Breached
2011-10-06	Rob VandenBrink	Apache HTTP Server mod_proxy reverse proxy issue
2011-09-28	Richard Porter	All Along the ARP Tower!
2011-09-15	Swa Frantzen	DigiNotar looses their accreditation for qualified certificates
2011-09-07	Lenny Zeltser	GlobalSign Temporarily Stops Issuing Certificates to Investigate a Potential Breach
2011-09-06	Swa Frantzen	DigiNotar audit - intermediate report available
2011-09-01	Swa Frantzen	DigiNotar breach - the story so far
2011-08-30	Johannes Ullrich	Apache patch out for "byte range" DoS vulnerability http://www.apache.org/dist/httpd/Announcement2.2.html
2011-08-25	Kevin Shortt	Revival of an Unpatched Apache HTTPD DoS
2011-06-21	Chris Mohan	StartSSL, a web authentication authority, suspend services after a security breach
2011-05-30	Johannes Ullrich	Lockheed Martin and RSA Tokens
2011-05-25	Lenny Zeltser	Monitoring Social Media for Security References to Your Organization
2011-04-28	Chris Mohan	DSL Reports advise 9,000 accounts were compromised
2011-04-20	Daniel Wesemann	Data Breach Investigations Report published by Verizon
2011-04-04	Mark Hofman	When your service provider has a breach
2011-03-25	Rob VandenBrink	The Recent RSA Breach - Imagining the Worst Case, And Why it Isn't Time to Panic (Yet)
2010-12-28	John Bambenek	Mozilla Notifies of Relatively Minor Security Breach
2010-12-15	Manuel Humberto Santander Pelaez	Vulnerability in the PDF distiller of the BlackBerry Attachment Service
2010-07-29	Rob VandenBrink	The 2010 Verizon Data Breach Report is Out
2010-07-15	Deborah Hale	Be on the Alert
2010-06-17	Deborah Hale	Digital Copy Machines - Security Risk?
2010-06-10	Deborah Hale	iPad Owners Exposed
2010-04-13	Johannes Ullrich	Apache.org Bugtracker Breach
2010-03-07	Mari Nichols	Apache releases version 2.2.15 with 5 security fixes including OpenSSL issue.
2010-01-25	William Salusky	"Bots and Spiders and Crawlers, be gone!" - or - "New Open Source WebAppSec tools, Huzzah!"
2009-11-24	John Bambenek	BIND Security Advisory (DNSSEC only)
2009-11-03	Bojan Zdrnja	Opachki, from (and to) Russia with love
2009-10-14	Johannes Ullrich	Odd Apache/MSIE issue with downloads from ISC
2009-08-28	Adrien de Beaupre	apache.org compromised
2009-07-28	Adrien de Beaupre	YYAMCCBA
2009-07-23	John Bambenek	Missouri Passes Breach Notification Law: Gap Still Exists for Banking Account Information
2009-06-23	Bojan Zdrnja	Slowloris and Iranian DDoS attacks
2009-06-21	Bojan Zdrnja	Apache HTTP DoS tool mitigation
2009-06-18	Bojan Zdrnja	Apache HTTP DoS tool released
2009-06-06	Patrick Nolan	ARRA/HIPAA Breach Reporting Dates Approaching
2009-05-09	Patrick Nolan	Unusable, Unreadable, or Indecipherable? No Breach reporting required
2009-05-05	Bojan Zdrnja	Health database breached
2009-04-24	John Bambenek	Data Leak Prevention: Proactive Security Requirements of Breach Notification Laws
2009-04-15	Marcus Sachs	2009 Data Breach Investigation Report
2009-04-07	Johannes Ullrich	Common Apache Misconception
2009-02-08	Mari Nichols	Are we becoming desensitized to data breaches?
2009-01-30	Mark Hofman	We all "Love" USB drives
2009-01-12	William Salusky	Web Application Firewalls (WAF) - Have you deployed WAF technology?
2008-10-09	Bojan Zdrnja	Watch that .htaccess file on your web site
2008-07-15	Maarten Van Horenbeeck	BlackBerry PDF parsing vulnerability