ISC StormCast for Wednesday, July 29th 2015

By Johannes Ullrich Javascript ZIP archives used for Malspam
https://isc.sans.edu/forums/diary/Malicious+spam+continues+to+serve+zip+archives+of+javascript+files/19973/
Brinks Smart Safe Vulnerability
http://www.bishopfox.com/blog/2015/07/on-the-brink-of-a-robbery/
XEN/Qemu Exploit in ATAPI (CDROM) commands allows for VM escape
http://seclists.org/oss-sec/2015/q3/212
Waterplant Honeynet (german only)
http://www.tuev-sued.de/tuev-sued-konzern/presse/pressemeldungen/potenzielle-angreifer-sind-ueberall More Here      

ISC StormCast for Tuesday, July 28th 2015

By Johannes Ullrich Angler’s Best Friends
https://isc.sans.edu/forums/diary/Anglers+best+friends/19959/
Android MMS Media Library Exploit
http://blog.zimperium.com/experts-found-a-unicorn-in-the-heart-of-android/
Windows 10 Support for Intel Real Sense
https://software.intel.com/en-us/blogs/2015/03/19/realsense-sdk-and-camera-setup-on-windows-10
Valve Software Password Reset Vulnerability
https://threatpost.com/valve-patches-password-reset-vulnerability-in-steam/113976 More Here      

ISC StormCast for Monday, July 27th 2015

By Johannes Ullrich Is Patching in 2 Days Possible?
https://isc.sans.edu/forums/diary/Patching+in+2+days+tell+him+hes+dreaming/19957/
NHTSA Orders Fiat/Chrysler Recall of Vulnerable Vehicles
http://www-odi.nhtsa.dot.gov/owners/SearchCurrentMonthRecall#
New Version of Google Chrome
http://googlechromereleases.blogspot.co.uk/2015/07/stable-channel-update_21.html?m=1
Malicous Images Can Affect Cars
http://www.bbc.com/news/technology-33622298 More Here      

ISC StormCast for Friday, July 24th 2015

By Johannes Ullrich Four 0-Days Affecting Internet Explorer Mobile Released
https://isc.sans.edu/forums/diary/Some+more+0days+from+ZDI/19953/
Virtual Machine Side Channel Attacks Leak Crypto Keys
http://blog.trailofbits.com/2015/07/21/hardware-side-channels-in-the-cloud/
Drupal / WordPress Updates
https://wordpress.org/news/2015/07/wordpress-4-2-3/
https://www.drupal.org/node/2537860
Userhelper / libuser Allow Privilege Escalation
http://www.openwall.com/lists/oss-security/2015/07/23/16
AV Comperatives Release Mac Anti Virus Test Results
http://www.av-comparatives.org/mac-security-reviews/ More Here      

ISC StormCast for Thursday, July 23rd 2015

By Johannes Ullrich Bartalex malspam pushing Pony/Dyre
https://isc.sans.edu/forums/diary/Bartalex+malspam+pushing+PonyDyre/19947/
Lottery IT Security Director Riggs Lottery
http://www.desmoinesregister.com/story/news/crime-and-courts/2015/07/20/hot-lotto-verdict/30411901/
Pump and Dump Spammers Linked to JP Morgan Breach Arrested
http://www.justice.gov/usao-sdny/pr/manhattan-us-attorney-announces-charges-against-three-defendants-multimillion-dollar
http://www.usatoday.com/story/money/2015/07/21/jpmorgan-chase-hack-arrests-israel-florida/30469203/
DEV522: Defending Web Applications
http://www.sans.org/course/defending-web-applications-security-essentials More Here