ISC StormCast for Friday, October 31st 2014

By Johannes Ullrich #NCSAM: False positives from Management; Sandworm going after Swiss Banks; Graphic Card Turned into Data Leakage Radio; More Tools to Cash out your Stolen CCs
NCSAM: False positives from Management
Sandworm Vulnerability Used in Banking Trojan
Grafic Card Uses as Radio to Leak Data
Advanced Fraud Platform Adverstised to Cash Out Stolen Credit Cards More Here      

ISC StormCast for Thursday, October 30th 2014

By Johannes Ullrich #Drupal: you are pw0n3d; MSFT readies for post SSLv3 world; #CurrentC beta leaks data; ftp command line client command exec
Drupal warns users of possible compromissed sites
Microsoft Releases Fix It to disable SSLv3
CurrentC Beta User’s Info Exposed
GMail used by malware for command and control
OS 10.10 ftp remote command exec More Here      

ISC StormCast for Wednesday, October 29th 2014

By Johannes Ullrich #wget vulnerable; and your #Cisco ASA; detect persistent software on OS X; #Yosemite leaking even more to the cloud.
wget Vulnerability
Cisco ASA Vulnerabilities
Open source script to detect auto-start processes on OS X
unsaved “recovery” documents saved to iCloud in OS X Yosemite More Here      

ISC StormCast for Tuesday, October 28th 2014

By Johannes Ullrich #VZW tagging users for advertisers; Android ransomware via SMS; string: your favorite vuln. tool; Al Quaida SSID grounds flight.
Verizon Injects Header in HTTP Traffic to Allow Advertisers to Identify Users
New Android Ransom Wear Spreads via SMS
Arbitrary Code Execution Vulnerability in “strings”
“Al Quaida” SSID causes flight delay More Here      

ISC StormCast for Monday, October 27th 2014

By Johannes Ullrich #Shellshock botnet via SMTP; Find Vulnerabilities with #masscan and #nmap; #tor exit node modifies binaries; Vulnerable Home Automation; #samsung #knox response
Shellshock Exploit used against mail servers
Scanning For Specific Vulnerabilities
Tor Exitnode “patches” Binary Downloads
Micasa Verda / Vera Home Automation Gateway Security Review (and fail)
Samsung Responds to claims about Knox Insecurity More Here      

ISC StormCast for Friday, October 24th 2014

By Johannes Ullrich VMWare Patches; NIST Hypervisor Deployment Advice; Adobe eReader Now Spying over SSL; Samsung KNOX not that secure; Cryptowall
VMware Updates
NIST Publication 800-125A : Deploying Hypervisors
Adobe eReader now using SSL to phone home
Analysis of Samsung KNOX
Cryptowall coming back via paid-for ads More Here      

ISC StormCast for Thursday, October 23rd 2014

By Johannes Ullrich 2001 vulnerability found in 2013 Cisco product; Dangers of NAT-PMP; iOS 8.1 Jailbreak; Ruxcon; 911 outage lessons;
Telnetd Vulnerability in Cisco Ironport WSA
Miconsconfigured Routers Allow Config Changes via NAT-PMP
Jailbreak for iOS 8.1
Ruxcon Slides / Intercepting Pager Data
April 911 Outages Affected 3.5 % of US Population More Here      

ISC StormCast for Wednesday, October 22nd 2014

By Johannes Ullrich #MSFT releases special security advisory; #NCSAM false positives in pentest reports; Palo Alto Leaks Credentials; UEFI Vulnerabilities
Microsoft Releases Special Security Advisory for new OLE Vulnerability
False Positives in Pentest Reports
Misconfigured Palo Alto Firewalls Leak Credentials
UEFI Vulnerability exploitable for Windows 8 More Here      

ISC StormCast for Tuesday, October 21st 2014

By Johannes Ullrich #Apple iOS Security Updates; #MSFT pulls SHA-2 patch from October Updates; China intercepts iCloud; US Gov Pushes Chip&Pin; PHP Patch
Apple iOS 8.1 and Apple TV 7.0.1
Microsoft Pulls Windows 7 SHA-2 Update
iCloud SSL Traffic Intercepted in China using self signed certificates
US Government to Require Chip-and-Pin for Federal Payments
PHP Update Released More Here