Diaries by Keyword - SANS Internet Storm Center

Handler on Duty: Didier Stevens

Threat Level: green

Date	Author	Title
AFFORDABLE CARE ACT
2013-10-02	John Bambenek	Obamacare related domain registration spike, Government shutdown domain registration beginning
AFFORDABLE
2013-10-02/a>	John Bambenek	Obamacare related domain registration spike, Government shutdown domain registration beginning
CARE
2023-09-07/a>	Johannes Ullrich	Fleezeware/Scareware Advertised via Facebook Tags; Available in Apple App Store
2022-11-28/a>	Johannes Ullrich	Ukraine Themed Twitter Spam Pushing iOS Scareware
2020-03-31/a>	Johannes Ullrich	Kwampirs Targeted Attacks Involving Healthcare Sector
2013-10-02/a>	John Bambenek	Obamacare related domain registration spike, Government shutdown domain registration beginning
2012-05-31/a>	Johannes Ullrich	SCADA@Home: Your health is no secret no more!
2010-05-29/a>	G. N. White	Rogue AV Indictment
2009-09-10/a>	Johannes Ullrich	Healthcare Spam
ACT
2024-02-28/a>	Johannes Ullrich	Exploit Attempts for Unknown Password Reset Vulnerability
2024-02-03/a>	Guy Bruneau	DShield Sensor Log Collection with Elasticsearch
2023-11-27/a>	Guy Bruneau	Decoding the Patterns: Analyzing DShield Honeypot Activity [Guest Diary]
2023-10-28/a>	Xavier Mertens	Size Matters for Many Security Controls
2023-08-12/a>	Guy Bruneau	DShield Sensor Monitoring with a Docker ELK Stack [Guest Diary]
2023-06-11/a>	Guy Bruneau	DShield Honeypot Activity for May 2023
2023-05-26/a>	Xavier Mertens	Using DFIR Techniques To Recover From Infrastructure Outages
2023-01-02/a>	Xavier Mertens	NetworkMiner 2.8 Released
2021-12-16/a>	Brad Duncan	How the "Contact Forms" campaign tricks people
2021-09-24/a>	Xavier Mertens	Keep an Eye on Your Users Mobile Devices (Simple Inventory)
2021-09-08/a>	Johannes Ullrich	Microsoft Offers Workaround for 0-Day Office Vulnerability (CVE-2021-40444)
2021-06-25/a>	Jim Clausing	Is this traffic bAD?
2021-02-13/a>	Guy Bruneau	Using Logstash to Parse IPtables Firewall Logs
2020-10-01/a>	Daniel Wesemann	Making sense of Azure AD (AAD) activity logs
2020-09-29/a>	Xavier Mertens	Managing Remote Access for Partners & Contractors
2020-03-21/a>	Guy Bruneau	Honeypot - Scanning and Targeting Devices & Services
2020-03-15/a>	Guy Bruneau	VPN Access and Activity Monitoring
2018-12-19/a>	Xavier Mertens	Using OSSEC Active-Response as a DFIR Framework
2017-08-25/a>	Xavier Mertens	Malicious AutoIT script delivered in a self-extracting RAR file
2017-04-28/a>	Russell Eubanks	KNOW before NO
2017-03-25/a>	Russell Eubanks	Distraction as a Service
2017-03-11/a>	Russell Eubanks	What's On Your Not To Do List?
2015-12-29/a>	Daniel Wesemann	New Years Resolutions
2015-10-17/a>	Russell Eubanks	CIS Critical Security Controls - Version 6.0
2015-06-24/a>	Rob VandenBrink	The Powershell Diaries - Finding Problem User Accounts in AD
2014-07-26/a>	Chris Mohan	"Internet scanning project" scans
2014-03-14/a>	Richard Porter	Word Press Shenanigans? Anyone seeing strange activity today?
2014-02-14/a>	Chris Mohan	Scanning activity for /siemens/bootstrapping/JnlpBrowser/Development/
2014-01-31/a>	Chris Mohan	Looking for packets from three particular subnets
2013-12-23/a>	Rob VandenBrink	How-To's for the Holidays - Java Whitelisting using AD Group Policy
2013-10-12/a>	Richard Porter	Reported Spike in tcp/5901 and tcp/5900
2013-10-02/a>	John Bambenek	Obamacare related domain registration spike, Government shutdown domain registration beginning
2013-03-23/a>	Guy Bruneau	Apple ID Two-step Verification Now Available in some Countries
2012-12-22/a>	Guy Bruneau	New Poll - Which of the following issues impacted the most your business in 2012? - https://isc.sans.edu/poll.html
2012-10-23/a>	Rob VandenBrink	Cyber Security Awareness Month - Day 23: Character Encoding Standards - ASCII and Successors
2012-05-22/a>	Johannes Ullrich	When factors collapse and two factor authentication becomes one.
2011-06-09/a>	Richard Porter	One Browser to Rule them All?
2011-06-07/a>	Johannes Ullrich	RSA Offers to Replace Tokens
2011-05-22/a>	Kevin Shortt	Facebook goes two-factor
2011-05-12/a>	Johannes Ullrich	ActiveX Flaw Affecting SCADA systems
2011-02-11/a>	Kevin Johnson	Two-Factor Auth: Can we just Google the response?
2010-09-21/a>	Johannes Ullrich	Implementing two Factor Authentication on the Cheap
2010-08-22/a>	Manuel Humberto Santander Pelaez	SCADA: A big challenge for information security professionals
2010-06-18/a>	Tom Liston	IMPORTANT INFORMATION: Distributed SSH Brute Force Attacks
2010-04-22/a>	John Bambenek	Data Redaction: You're Doing it Wrong
2010-02-21/a>	Patrick Nolan	Looking for "more useful" malware information? Help develop the format.
2010-02-11/a>	Deborah Hale	Critical Update for AD RMS
2009-11-29/a>	Patrick Nolan	A Cloudy Weekend
2009-10-02/a>	Stephen Hall	Cyber Security Awareness Month - Day 2 - Port 0
2009-08-13/a>	Jim Clausing	Tools for extracting files from pcaps
2009-07-13/a>	Adrien de Beaupre	Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution
2009-07-13/a>	Adrien de Beaupre	* Infocon raised to yellow for Excel Web Components ActiveX vulnerability
2009-02-22/a>	Mari Nichols	The Internet Safety Act of 2009
2008-12-09/a>	Swa Frantzen	Contacting us might be hard today
2008-09-21/a>	Mari Nichols	You still have time!
2008-08-15/a>	Jim Clausing	Another MS update that may have escaped notice
2008-08-15/a>	Jim Clausing	WebEx ActiveX buffer overflow
2008-07-15/a>	Maarten Van Horenbeeck	BlackBerry PDF parsing vulnerability
2008-07-07/a>	Scott Fendley	Microsoft Snapshot Viewer Security Advisory
2008-05-29/a>	Joel Esler	Creative Software AutoUpdate Engine ActiveX stack buffer overflow
2006-09-15/a>	Swa Frantzen	MSIE DirectAnimation ActiveX 0-day update

AFFORDABLE CARE ACT

AFFORDABLE

CARE

ACT