ISC StormCast for Wednesday, November 26th 2014

By Johannes Ullrich Adobe OOB Patch; Using OSSEC to Assess New Hosts; Detekt: More harm then good? Site Security Seels Worth it?
Using OSSEC to Automatically Scan New Hosts
Out of Band Update for Flash
How USeless are “Security Seals” ?
Why you should not run Detekt
Basic Web Application Vulnerabilty in AT&T U-Verse VAP2500 More Here      

ISC StormCast for Tuesday, November 25th 2014

By Johannes Ullrich Craigslist Outage due to DNS Registrar Compromise
Vulnerablity in less
Regin state sponsored malware disection More Here      

ISC StormCast for Monday, November 24th 2014

By Johannes Ullrich Sprear Phishing Works Well! Hikvision: Broken and Dangerous DVRs don’t keep you safe; MSFT and Sandwort: Missed Chances; Paypal patches slowly
1 out of 5 spear phishing emails successful
Multiple remote vulnerabilities in Hikvision DVRs–multiple-vulnerabilities
MSFT Overlooked “Sandworm” vulnerability in earlier patches
PayPal Takes 18 Months to Fix Arbitrary Code Execution Flaw
ICMP Redirect Attacks Documented in the Wild
More Here      

ISC StormCast for Friday, November 21st 2014

By Johannes Ullrich Critical WordPress Update fixes XSS
Google Releases Web Application Scanner “Firing Range”
Detekt Scanner Focusing on State Surveillance Malware
PHP Backdoor Included in Templates/Themese for various Content Management Systems
jQuery CAPTCHA XSS Flaw PAtched More Here      

ISC StormCast for Thursday, November 20th 2014

By Johannes Ullrich NoSQL and Big Data Needs Security Too; Phone Typo Squatting; “NotCompatible” Botnet learning new proxy tricks
NoSQL Big Data Security
Phone Typo Squatting
“NotCompatible” Botnet new and improved More Here