A couple of days ago I received another malicious document (078409755.doc B28EF236D901A96CFEFF9A70562C9155). Unlike the XML file I wrote about before , this one does not contain VBA macros: But as you can see, it should contain an embedded object.
Category: Research & Alerts
Vulnerability Note VU#591120 Multiple SSL certificate authorities use email addresses as proof of domain ownership Original Release date: 27 Mar 2015 | Last revised: 27 Mar 2015 Overview Multiple SSL certificate authorities may issue certificates to a customer based solely on the control of certain email addresses.
ISC StormCast for Friday, March 27th 2015 http://isc.sans.edu/podcastdetail.html?id=4415, (Fri, Mar 27th)
(c) SANS Internet Storm Center.
Vulnerability Note VU#930956 Multiple ANTlabs InnGate models allow unauthenticated read/write to filesystem Original Release date: 26 Mar 2015 | Last revised: 26 Mar 2015 Overview ANTlabs InnGate is a gateway device designed for operating corporate guest/visitor networks. Multiple models and firmware versions of the InnGate has been shown to allow read/write access to remote unauthenticated users via a misconfigured rsync instance. Description CWE-276 : Incorrect Default Permissions The instance of rsync included with the InnGate firmware is incorrectly configured to allow the entire filesystem to be read/write without authentication
4 retweets 4 favorites
ISC StormCast for Thursday, March 26th 2015 http://isc.sans.edu/podcastdetail.html?id=4413, (Thu, Mar 26th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
The Nmap security scanner project is participating again in its 11th Google Summer of Code. We often get queries from students on how they can get into this field, and this is an excellent way to get experience while using your powers for good. Details are available here: http://nmap.org/soc/ (c) SANS Internet Storm Center.