Category: Research & Alerts

Shellshock via SMTP, (Fri, Oct 24th) 0

Shellshock via SMTP, (Fri, Oct 24th)

Ive received several reports of what appears to be shellshock exploit attempts via SMTP. The sources so far have all be webhosting providers, so Im assuming these are compromised systems.” /> The payload is an IRC perl bot with simple DDoS commands and the ability to fetch and execute further code

Are you receiving Empty or "Hi" emails?, (Fri, Oct 24th) 0

Are you receiving Empty or "Hi" emails?, (Fri, Oct 24th)

I wanted to perform a little unscientific information gathering, Im working with a small group who think theyre being specifically targeted by these, while I think its more widespread and opportunitistic. If youve recently received these no content probe emails, or a simple Hi message, please send a simple comment below in this format: Industry Order of magnitued in size ( e.g. 10, 100, 1000) Sending domain Feel free to use our comment page to add extra analysis comments here: https://isc.sans.edu/contact.html (c) SANS Internet Storm Center.

VU#184540: Incorrect implementation of NAT-PMP in multiple devices 0

VU#184540: Incorrect implementation of NAT-PMP in multiple devices

Vulnerability Note VU#184540 Incorrect implementation of NAT-PMP in multiple devices Original Release date: 23 Oct 2014 | Last revised: 23 Oct 2014 Overview Many NAT-PMP devices are incorrectly configured, allowing them to field requests received on external network interfaces or map forwarding routes to addresses other than that of the requesting host, making them potentially vulnerable to information disclosure and malicious port mapping requests. Description CWE-200 : Information Exposure NAT-PMP is a port-mapping protocol in which a network address translation (NAT) device, typically a router, is petitioned by a trusted local network host to forward traffic between the external network and the petitioning host. As specified in RFC 6886 , “The NAT gateway MUST NOT accept mapping requests destined to the NAT gateway’s external IP address or received on its external network interface.” Additionally, mapping requests “must” be mapped to the source address of the internal requesting host.

Apple Releases Security Updates for QuickTime 0

Apple Releases Security Updates for QuickTime

Original release date: October 23, 2014 Apple has released QuickTime 7.7.6 for Windows 7, Vista, XP SP2 or later to address multiple vulnerabilities, some of which may allow remote attackers to execute arbitrary code or cause a denial of service. Users and administrators are encouraged to review Apple Support Article HT6493 and apply any necessary updates