Twitter
LinkedIn
RSS

Archive for the ‘SANS Internet Storm Center’ Category


Windows Previous Versions against ransomware, (Thu, Jul 24th)

One of the cool features that Microsoft actually added in Windows Vista is the ability to recover previous versions of files and folders. This is part of the VSS (Volume Shadow Copy Service) which allows automatic creation of backup copies on the system. Most users “virtually meet� this service when they are installing new software, when a restore point is created that allows a user to easily revert the operating system back to the original state, if something goes wrong.

Read More...

ISC StormCast for Thursday, July 24th 2014 http://isc.sans.edu/podcastdetail.html?id=4075, (Thu, Jul 24th)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Read More...

New Feature: "Live" SSH Brute Force Logs and New Kippo Client, (Wed, Jul 23rd)

We are announcing a new feature we have been working on for a while, that will display live statistics on passwords used by SSH brute forcing bots. In addition, we also updated our script that will allow you to contribute data to this effort

Read More...

ISC StormCast for Wednesday, July 23rd 2014 http://isc.sans.edu/podcastdetail.html?id=4073, (Wed, Jul 23rd)

(c) SANS Internet Storm Center.

Read More...

Firefox 31.0 released, includes security fixes, see https://www.mozilla.org/security/known-vulnerabilities/firefox.html, (Tue, Jul 22nd)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Read More...

WordPress brute force attack via wp.getUsersBlogs, (Tue, Jul 22nd)

Now that the XMLRPC “pingback” DDoS problem in WordPress is increasingly under control, the crooks now seem to try brute force password guessing attacks via the “wp.getUsersBlogs” method of xmlrpc.php. ISC reader Robert sent in some logs that show a massive distributed (> 3000 source IPs) attempt at guessing passwords on his Wordpress installation.

Read More...

App "telemetry", (Tue, Jul 22nd)

ISC reader James had just installed “Foxit Reader” on his iPhone, and had answered “NO” to the “In order to help us improve Foxit Mobile PDF, we would like to collect anonymous usage data…” question, when he noticed his phone talking to China anyway. The connected-to site was alog.umeng.com, 211.151.151.7. Umeng is an “application telemetry” and online advertising company

Read More...

ISC StormCast for Tuesday, July 22nd 2014 http://isc.sans.edu/podcastdetail.html?id=4071, (Tue, Jul 22nd)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Read More...

Ivan’s Order of Magnitude, (Tue, Jul 22nd)

ISC reader Frank reports seeing a couple odd DNS names in his DNS resolver log 4e6.1a4bf.565697d.f52e1.306.60ae.766e0.mdleztmxhvxc.speakan.in. A=193.169.245.133  TTL=30 NS=193.169.245.133 3a.276965.3e6b39.cdaf104.da.e018.72c1a.mdleztmxhvxc.speakan.in

Read More...

OWASP Zed Attack Proxy, (Mon, Jul 21st)

Affectionately know as ZAP the OWASP Zed Attack Proxy in an excellent web application testing tool. It finds its way into the hands of experienced penetration testers, newer security administrators, vulnerability assessors, as well as auditors and the curious.

Read More...