Safe – Tools, Tactics and Techniques, (Mon, May 20th)

Posts Tagged ‘feeds’

Safe – Tools, Tactics and Techniques, (Mon, May 20th)

By Perry Varanoid on Monday, May 20th, 2013 | No Comments

Trend Micro published a report last week on a spear-phishing emails campaign that contain a malicious attachment exploiting a Microsoft Office vulnerability ( CVE-2012-0158 ).

Ubuntu Package available to submit firewall logs to DShield, (Mon, May 20th)

By Perry Varanoid on Monday, May 20th, 2013 | No Comments

I put together a simple .deb package to install our DShield iptables client on Ubuntu.

Sysinternals Updates for Accesschk, Procdump, RAMMap and Strings…

By Perry Varanoid on Monday, May 20th, 2013 | No Comments

———– Guy Bruneau IPSS Inc.

ISC StormCast for Friday, May 17th 2013 http://isc.sans.edu/podcastdetail.html?id=3314, (Fri, May 17th)

By Perry Varanoid on Friday, May 17th, 2013 | No Comments

Extracting signatures from Apple .apps, (Thu, May 16th)

By Perry Varanoid on Thursday, May 16th, 2013 | No Comments

As an add-on to ISC Handler Lenny Zeltser's earlier diary on extracting certificates from signed Windows binaries, here's how to do the same on a Mac. Given that today's blog over at F-Secure documents a screenshot-taking Mac spyware that is signed with a developer ID, signed bad .apps might actually be more prevalent than expected

Cisco TelePresence Supervisor MSE 8050 Denial of Service Vulnerability, (Thu, May 16th)

By Perry Varanoid on Thursday, May 16th, 2013 | No Comments

Cisco TelePresence Supervisor MSE 8050 contains a vulnerability that may allow an unauthenticated, remote attacker to cause high CPU utilization and a reload of the affected system. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available

Call for Papers – 4th annual Forensics and Incident Response Summit EU, (Wed, May 15th)

By Perry Varanoid on Thursday, May 16th, 2013 | No Comments

http://computer-forensics.sans.org/blog/2013/05/15/sans-eu-dfir-summit- in-prague-call-for-speakers-now-open/ The 4th annual Forensics and Incident Response Summit EU will take place on October 6-13 in Prague, one of the most historical European cities, in the context of the SANS Forensics Prague conference, the biggest Incident Response and Digital Forensics event in Europe to date. The Summit will focus on high quality and extremely relevant content as well as panel discussions in Digital Forensics and Incident Response.

TA13-134A: Microsoft Updates for Multiple Vulnerabilities

By Perry Varanoid on Tuesday, May 14th, 2013 | No Comments

Original release date: May 14, 2013 Systems Affected Microsoft Windows Internet Explorer Microsoft .NET Framework Microsoft Lync Microsoft Office Microsoft Windows Essentials Overview Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these vulnerabilities. Description The Microsoft Security Bulletin Summary for May 2013 describes multiple vulnerabilities in Microsoft software.

Adobe May 2013 Black Tuesday Overview, (Tue, May 14th)

By Perry Varanoid on Tuesday, May 14th, 2013 | No Comments

Adobe released their May 2013 Black Tueday bulletins : # Affected CVE Adobe rating APSB13-13 ColdFusion CVE-2013-1387 CVE-2013-1388 Critical APSB13-14 Flash Player and AIR CVE-2013-2728 CVE-2013-3324 CVE-2013-3325 CVE-2013-3326 CVE-2013-3327 CVE-2013-3328 CVE-2013-3329 CVE-2013-3330 CVE-2013-3331 CVE-2013-3332 CVE-2013-3333 CVE-2013-3334 CVE-2013-3335 Critical APSB13-15 Reader and Acrobat CVE-2013-2549 CVE-2013-2550 CVE-2013-2718 CVE-2013-2719 CVE-2013-2720 CVE-2013-2721 CVE-2013-2722 CVE-2013-2723 CVE-2013-2724 CVE-2013-2725 CVE-2013-2726 CVE-2013-2727 CVE-2013-2729 CVE-2013-2730 CVE-2013-2731 CVE-2013-2732 CVE-2013-2733 CVE-2013-2734 CVE-2013-2735 CVE-2013-2736 CVE-2013-2737 CVE-2013-3337 CVE-2013-3338 CVE-2013-3339 CVE-2013-3340 CVE-2013-3341 CVE-2013-3342 Critical — Swa Frantzen — Section 66 (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

So what passwords are those ssh scanners trying?, (Tue, May 14th)

By Perry Varanoid on Tuesday, May 14th, 2013 | No Comments

If you run an ssh server (especially if you still run it on the default port), you've no doubt had plenty of folks scan your machine and do password guessing attacks against it. BTW, you'll never get in mine that way, I only allow public/private key authentication, but that is beside the point here. I've done a couple of other reports analyzing passwords, and I really like pipal by Robin Wood for much of the analysis (you can grab it from here ). I've been running a kippo ssh honeypot for the day job for about 2 years and I've done a couple of reports on the password guesses for the ThreatTraq webcast, but then I discovered that in addition to firewall logs and the 404 logs, we also collect kippo logs here at the SANS Internet Storm Center. Ooh, more data!! If you'd like contribute, please grab https://isc.sans.edu/kipposcript.pl . So, without further ado, here is what I've found in our kippo data (as of about 15 April 2013). I should note here, though, that these are the guesses the bad guys are making. They've developed their lists most likely based on what has worked for someone at some point, so they will be somewhat different from what you find in analyzing passwords from breaches like my analysis of last year's Yahoo breach .

Posts Tagged ‘feeds’