Handler on Duty: Johannes Ullrich
Threat Level: green
John Bambenek Diaries
- Prophetic Post by Intern on CVE-2023-1389 Foreshadows Mirai Botnet Expansion Today
- Writing Yara Rules for Fun and Profit: Notes from the FireEye Breach Countermeasures
- Hunting for SigRed Exploitation
- VMWare Security Advisory on DoS Vulnerability in ESXi
- MSFT July 2019 Patch Tuesday
- Solving the WHOIS and Privacy Problem: A Draft of Implementing WHOIS in DNS
- Are you Ready for DNS Flag Day?
- Sextortion Bitcoin on the Move
- Microsoft Publishes Patches for Skype for Business and Team Foundation Server
- Life after GDPR: Implications for Cybersecurity
- Spectre and Meltdown: What You Need to Know Right Now
- Phishing to Rural America Leads to Six-figure Wire Fraud Losses
- I'm All Up in Your Blockchain, Pilfering Your Wallets
- Great Misadventures of Security Vendors: Absurd Sandboxing Edition
- Ransomware Operators Cold Calling UK Schools to Get Malware Through
- Was the Brazilian version of Google hijacked two days ago?
- New Year's Resolution: Build Your Own Malware Lab?
- Mixed Messages : Novel Phishing Attempts Trying to Steal Your E-mail Password Goes Wrong
- UPDATED x1: Mirai Scanning for Port 6789 Looking for New Victims / Now hitting tcp/23231
- What are your 2017 infosec predictions?
- DDoS Extortion - Almost Universally an Empty Threat
- Tool Released to Decrypt Petya Ransomware Infected Disks
- Tips for Stopping Ransomware
- Protecting Users and Enterprises from the Mobile Malware Threat
- ICYMI: Widespread Unserialize Vulnerability in Java
- CVE-2014-4114 and an Interesting AV Bypass Technique
- Will 2015 be the year we finally do something about DDoS?
- How I learned to stop worrying and love malware DGAs....
- What do you think will be the top cybersecurity story of 2015?
- Gameover Zeus and Cryptolocker Takedowns
- New, Unpatched IE 0 Day published at ZDI
- OpenSSL.org Defaced by Attackers Gaining Access to Hypervisor
- Juniper SSL VPN and UAC Host Checker Issue
- Cryptolocker Update, Request for Info
- Obamacare related domain registration spike, Government shutdown domain registration beginning
- *Metaspoit Releases Module to Exploit Unpatched IE Vuln CVE-2013-3893
- Microsoft Releases Out-of-Band Advisory for all Versions of Internet Explorer
- FYI: Anonymous Planning "OpUSA" Attacks on Banks and US Gov't on May 7th. More Info as Relevant to Come.
- A Chargen-based DDoS? Chargen is still a thing?
- ISC Handler Lenny Zeltser's REMnux v4 Reviewed on Hak5
- UPDATEDx1: Boston-Related Malware Campaigns Have Begun - Now with Waco Plant Explosion Fun
- Fake Boston Marathon Scams Update
- Where Were You During the Great DDoS Cybergeddon of 2013?
- Is This Chinese Registrar Really Trying to XSS Me?
- It's 3pm 2 days after Christmas, do you know where your unmanaged SSH keys are?
- A Consumer's Guide to Spotting "Fake" Charities
- Microsoft December 2012 Black Tuesday Update - Overview
- Joomla (and WordPress) Bulk Exploit Going on
- John McAfee Exposes His Location in Photo About His Being on Run
- Online Shopping for the Holidays? Tips, News and a Fair Warning
- New Poll: Top 5 Unresolved Security Problems of 2012
- Behind the Random NTP Bizarreness of Incorrect Year Being Set
- Request for info: Robocall Phishing Against Local/Regional Banks
- Hacking HP Printers for Fun and Profit
- Another Defense Contractor Hacked in AntiSec Hacktivism Spree
- Is the Insider Threat Really Over?
- Wordpress.com Security Breach
- LizaMoon Mass SQL-Injection Attack Infected at least 500k Websites
- TCP Tricks to Detect Rogue Wireless Access Points
- Mozilla Notifies of Relatively Minor Security Breach
- IIS 7.5 0-Day DoS (processing FTP requests)
- Is Stuxnet the Beginning of the Cyberwar Era?
- Adobe Acrobat/Reader 0-day in Wild, Adobe Issues Advisory
- Mozilla Thunderbird updated to version 3.1.3 also, more here: http://www.mozillamessaging.com/en-US/thunderbird/3.1.3/releasenotes/
- Month of Undisclosed 0-day Bugs
- Responsible Disclosure or Full Disclosure?
- Data Redaction: You're Doing it Wrong
- The Top 10 Riskiest US Cities for Cybercrime
- March 2010 - Microsoft Patch Tuesday Diary
- Vodafone Android Phone: Complete with Mariposa Malware
- GSM Cell Phone Encryption is Cracked - Interception of Cell Calls Possible
- Merry Festivus: Commence the "Airing of Infosec Grievaces"
- There is no such thing as a free lunch .
- BIND Security Advisory (DNSSEC only)
- Government Approaches to Cybersecurity - What are your tips?
- Missouri Passes Breach Notification Law: Gap Still Exists for Banking Account Information
- Replacing Phishers with a Small Shell Script: Jakarta Bombing Malware
- Cross-Platform, Cross-Browser DoS Vulnerability
- Latest Updates on Ongoing DDoS on Governmental/Commercial Websites in USA and S. Korea
- URL Shortening Service Cligs Hacked
- Iran Internet Blackout: Using Twitter for Operational Intelligence
- Embedded Devices: An Avenue for Cyberterrorism?
- SANS Internet Storm Center Winner of RSA Social Security Award for Best Technical Blog
- Data Leak Prevention: Proactive Security Requirements of Breach Notification Laws
- Google Search Engine's Malware Detection Broken
- Thoughts on Security Intelligence (McColo Corp alleged spam/malware host knocked offline)
- Google Chrome in Beta, Vulnerabilities Discovered
- E-Mail from SANS/GIAC
- MX Records Disappearing?
- The Number of Machines Controlled by Botnets Has Jumped 4x in Last 3 Months
- IE8 Beta 2 Released: InPrivate Browsing
- Active attacks using stolen SSH keys (UPDATED)
- The Latest in Crimeware
- Thoughts on the Best Western Compromise
- Is Anti-Virus Dead?
- OpenOffice 2.4.1 Out - Fixes One Vuln
- CitectSCADA Buffer Overflow Vulnerability
- 5 News Cisco Vulnerabilities for PIX and ASA
- SQL Injection Worm on the Loose (UPDATED x2)
- Windows XP Service Pack 3 Released
- PHP 5.2.6 out w/ security updates
- Defenses Against Automated Patch-Based Exploit Generation
- Intel Centrino Wireless Driver Buffer Overlow - from @RISK digest
- The Patch Window is Gone: Automated Patch-Based Exploit Generation
- EV SSL Certificates - Just once, why can't one of our poorly considered quick fixes work?
- IIS Vulnerability Documented by Microsoft - Includes Workarounds
- A Federal Subpoena or Just Some More Spam & Malware?
- ADSL Router / Cable Modem / Home Wireless AP Hardening in 5 Steps
- Kraken Technical Details: UPDATED x3
- Network Solutions Technical Difficulties? Enom too
- Got Kraken?
- HP USB Keys Shipped with Malware for your Proliant Server
- 'Tis the Season for Tax Return Scams
- Happy Data Privacy Day
- Facebook, pr0n and privacy
- Cyber Security Awareness Tip #25: E-mail (PGP, Attachments, etc), IM, IRC
- Is Pump-and-Dump more lucrative than Identity Theft?
- Skype Back Online / Patch Tuesday to Blame? - UPDATED x4
- Job Search Sites Compromised, Spear Phishing Hillarity Ensues
- Principle of Most Privilege and the Snort/ClamAV Purchase
- Black Hat / DEFCON
- Security Update for Firefox: 2.0.0.5
- Symantec False-Positive on Filezilla, NASA World Wind
- Cross-Platform OpenOffice Virus Proof of Concept
- Estonia, Botnets, and Economic Warfare
- Full-Width/Half-Width Unicode Bypasses HTTP Scanning
- Gozi Trojan Steals SSL Encrypted Data for Fun and Profit
- The rise of the botnets
- New SCADA Vulnerabilities in OPC Servers
- Security Guard Script e-mail scam
- A Case of Identity Theft
- MS06-077: Remote Installation Service (RIS) remote exploit
- Honeypot Mirroring .edu domains under .eu / Active Threat
- IE unspecified remote code execution vulnerability
- Visual Studio 2005 Remote Code Exploit, Actively Being Exploited
- Remote DoS in Firefox 1.5.0.7 and Firefox 2
- Delays on Windows Update & the Death of SUS
- MS06-065: Remote Code Excution in Windows Object Packager
- MS06-064: Vulnerabilities in IPv6
- Microsoft patch tuesday - October 2006 STATUS
- There are no more Passive Exploits
- Microsoft Advance Notice Out - 11 Patches
- Tip of the Day: Protect the Single Points of Compromise
- Printer Hacking for Fun and Profit
- Net Neutrality and Information Security
- The ISC is not Trying to Trojan Your Machines
- Black Tuesday Advance Notice
- Hacking Wireless Drivers for Fun and Profit
- MS06-028: PowerPoint malformed record / Remote Code Execution
- MS06-027: MS Word object pointer / Remote Code Execution
- MS06-026: Graphics Rendering Engine / Remote Code Execution
- New Version of PHP, Cisco Advisory, BurstNET DoS'd
- People - Greatest Asset and Biggest Vulnerability
- QWest Problems
- NetworkSolutions Down Again - Not a DoS Attack
- RealPlayer (et al) vulnerabilities & Joomla/Mambo Worm
- New IE 0-Day Exploit in Wild
- Identity Theft: Accounts Stolen vs Accounts Used - Reader Input
- Guide to Finding Safe Online Merchants
- Request for Data
- Spam ahoy!
- Safer Online Shopping Guide
- Microsoft Patch Tuesday Advance Notice
- Blackworm/Nyxem Animation of Infections
- Microsoft Security Advance Bulletin (7 updates, at least 2 Critical)
- First Vulnerability for Firefox 1.5 (released version) Announced - PoC available
- Malware, eBay, and You.
- Misc. Items
- Snort 2.4.2 Released
- Over $24 billion Dollars at Risk of Theft from Spyware in US Alone
- Major Cisco IOS Vulnerability Announced
- Katrina Malware; Katrina Donation Scams (now with domain name list); Dameware
- MS05-036 Color Management Exploit Code in Wild; mod_jrun exploit scanning from Europe; Insecure by Design
- Microsoft Releases 3 Critical Patches - Hilarity Does Not Ensue; MS Patches Reset Settings in Program Defaults?
- Corporate Espionage Made Easy with Spyware; Honeynet KYE: Phishing paper Published; Some New Vulnerabilities
- With Every Patch Tuesday there is a Black Wednesday, Juniper Update, COAST (adware-spyware) is toast, Virus Spreading through MSN?, Comcast downtime
- ISPs and Egress Filtering, Bad News for Reverse Engineers, Broken Spam Message
- Another Virus, ISC Poll Results, Port 1433 scans
- ISC Reader's Diary, PHP Include Worm, Trojan in wild that exploits new IE bug , Pacific Earthquake & Tsunami
- *Santy Worm Update, Snort 2.2 DoS, IRC over SMTP, SSH Scanning, An InfoSec Christmas Story
- Bot Nets - Moving to Prime Time, AV Vendors Taking Out Valuable Resource,
- IE IFRAME Exploit, Sun Java Web Proxy Buffer Overflow, SSH Scanning Continues, Yesterday's Diary
- Backbone issues?
- Doubleclick DDoS'd, W32.Zindos.A Microsoft DoS, FXMYDOOM Feedback
- BHO scanning tool and New Scam Targets Bank Customers