Twitter
RSS

Posts Tagged ‘top-of-page’

« Older Entries

Port 51616 – Got Packets?, (Sun, May 19th)

By on Sunday, May 19th, 2013 | No Comments

We're looking for any info or packets that target port 51616.   After witnessing a spike yesterday on his network and checking that our port data [1] corroborated his event, Andrew has written in asking what we know.

Read More...

SSL: Another reason not to ignore IPv6, (Fri, May 17th)

By on Friday, May 17th, 2013 | No Comments

Currently, many public web sites that allow access via IPv6 do so via proxies. This is seen as the “quick fix”, as it requires minimum changes to the site itself. As far as the web application is concerned, all incoming traffic is IPv4.  The most obvious issue here is logging, in that the application only “sees” the proxies IP address, unless it inspects headers added by the proxy, which will no point to (unreadable?) IPv6 addresses.

Read More...

Extracting signatures from Apple .apps, (Thu, May 16th)

By on Thursday, May 16th, 2013 | No Comments

As an add-on to ISC Handler Lenny Zeltser's earlier diary on extracting certificates from signed Windows binaries, here's how to do the same on a Mac. Given that today's blog over at F-Secure documents a screenshot-taking Mac spyware that is signed with a developer ID, signed bad .apps might actually be more prevalent than expected

Read More...

Cisco TelePresence Supervisor MSE 8050 Denial of Service Vulnerability, (Thu, May 16th)

By on Thursday, May 16th, 2013 | No Comments

Cisco TelePresence Supervisor MSE 8050 contains a vulnerability that may allow an unauthenticated, remote attacker to cause high CPU utilization and a reload of the affected system. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available

Read More...

CVE-2013-2094: Linux privilege escalation, (Tue, May 14th)

By on Tuesday, May 14th, 2013 | No Comments

A vulnerability was discovered using fuzzing in linux kernels 2.6.37 till 3.8.9. The vulenrability requires the kernel to be compiled with PERF_EVENTS, but unfortunately that seems the case for quite some linux distributions

Read More...

Is there an epidemic of typo squatting?, (Tue, May 7th)

By on Tuesday, May 7th, 2013 | No Comments

One of our readers, Jim, wrote in earlier today to say he has noticed an increase in “working” typo squatting over the last 2 months or so.  That is, he's seen users accidently surfing to them or being redirected there by some sort of malicious javascript trickery.  His question for us (and the rest of you) is, is this a local phenomenon or are the bad guys making more use of this tactic?  I'm not currently setup to monitor this type of activity, so I figured I'd ask our loyal readers.  Do you monitor your proxy and DNS logs for this type of activity and have you seen an increase?  Leave a comment below or our contact form to let us know.  Below are just a few examples of the domains he has seen.

Read More...

Internet Explorer 8 0-Day Update (CVE-2013-1347), (Mon, May 6th)

By on Monday, May 6th, 2013 | No Comments

Thanks to our reader Juha-Matti for pointing out that a Metasploit module was released to exploit the recent Internet Explorer 8 vulnerability. The vulnerability has also been assigned CVE-2013-1347. Please let us know if you are running into exploits for this vulnerability

Read More...

FYI: Anonymous Planning "OpUSA" Attacks on Banks and US Gov’t on May 7th. More Info as Relevant to Come., (Thu, May 2nd)

By on Thursday, May 2nd, 2013 | No Comments

— John Bambenek bambenek at gmail /dot/ com Bambenek Consulting (c) SANS Internet Storm Center.

Read More...

The cost of cleaning up, (Wed, May 1st)

By on Wednesday, May 1st, 2013 | No Comments

As Johannes mentions in yesterday's ISC StormCast , the city of Schwerin in Germany apparently decided to throw 170 PCs into the trash, because cleaning them from a Conficker worm infestation was estimated at around 130'000 Euros, whereas the replacement of the old PCs had already been budgeted for at 150'000 Euros. Our recent discussion aside on whether a modern malware infection can actually be “cleaned” or if wiping and reinstallation from scratch is always called for, “the cost of cleaning up” is actually  relevant in either case.

Read More...

Apache binary backdoor adds malicious redirect to Blackhole, (Tue, Apr 30th)

By on Tuesday, April 30th, 2013 | No Comments

On 26 APR, Sucuri's Daniel Cid posted Apache Binary Backdoors on Cpanel-based servers . This coincided closely with a technical study of the  Linux/Cdorked.A  malware provided by ESET

Read More...
« Older Entries