ISC StormCast for Friday, December 19th 2014

By Johannes Ullrich Misfortune Cookie Choke Routers; The Nuclear Pack Exploit Kit; PHPBB Forum Compromise; Update Git; And MSIE 11 again;
Evolution of the Nuclear Exploit Kit
https://isc.sans.edu/forums/diary/Exploit+Kit+Evolution+During+2014+-+Nuclear+Pack/19081
phpBB Compromised
https://www.phpbb.com/community/viewtopic.php?f=14&t=2278081
Checkpoint Misfortune Cookie
http://mis.fortunecook.ie
Git Vulnerability
https://github.com/blog/1938-git-client-vulnerability-announced
Microsoft Releases Fixed IE Patch
http://support.microsoft.com/kb/3025390
PHPBB Forum Breached
https://www.phpbb.com/community/viewtopic.php?f=14&t=2278081 More Here      

ISC StormCast for Thursday, December 18th 2014

By Johannes Ullrich Factory Backdoored Smartphones; ICANN Breached; Delta Mobile Boarding Pass too Mobile; Linux Priv Escalation; Ettercap vuln;
Coolpad Adds ROM Backdoor to Smartphones
https://www.paloaltonetworks.com/threat-research.html
ICANN Breached
https://www.icann.org/news/announcement-2-2014-12-16-en
Delta Mobile Boarding Pass Hackable
https://medium.com/@thedanigrant/need-a-last-minute-flight-45af88ec8df3
Linux x86_64 Kernel Priv. Escalation Vulnerabilities
http://seclists.org/oss-sec/2014/q4/1052
Ettercap Vulnerabilities
https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/ More Here      

ISC StormCast for Wednesday, December 17th 2014

By Johannes Ullrich Memory Forensics with “Forensic Suite”; Chromium to mark HTTP without S as insecure; This “Grinch” will probably not steal your xmas (but still learn about polkit)
Memory Forensics with “Forensic Suite” and Volatility
https://isc.sans.edu/forums/diary/Some+Memory+Forensic+with+Forensic+Suite+Volatility+plugins+/19071
Chromium Suggests to Mark HTTP as “insecure”
https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure
“Grinch” Polkit Vulnerability
https://www.alertlogic.com/blog/dont-let-grinch-steal-christmas/ More Here      

ISC StormCast for Tuesday, December 16th 2014

By Johannes Ullrich Typo Squatting with a Twist; Safari still falls for POODLE; Serbian Natl. ID Database breached; Snort 3.0 – where is the pig heading?
Interesting Phishing Attempts to Lure Users by asking them to call ISP
https://isc.sans.edu/forums/diary/Customized+Support+Scam+Supported+by+Typo+Squatting/19065
Safari 8.0.2 still supports SSLv3 with block ciphers
https://isc.sans.edu/forums/diary/Safari+8+0+2+Still+Supporting+SSLv3+with+Block+Ciphers/19067
Entire National ID Database of Serbia Stolen
http://securityaffairs.co/wordpress/31068/cyber-crime/serbia-hackers-stolen-national-database.html
Snort 3.0 Update
http://blog.snort.org/2014/12/introducing-snort-30.html
Government Backdoor can not be secured
http://www.latimes.com/opinion/op-ed/la-oe-1215-wyden-backdoor-for-cell-phones-20141215-story.html
10,000+ WordPress Sites infected with SoakSoak
http://threatpost.com/google-blacklists-wordpress-sites-peddling-soaksoak-malware/109884 More Here      

ISC StormCast for Monday, December 15th 2014

By Johannes Ullrich Worm Backdoors and Patches QNAP devices via Shellshock
https://isc.sans.edu/forums/diary/Worm+Backdoors+and+Secures+QNAP+Network+Storage+Devices/19061
Windows Root Certificate Update Recalled/Updated
https://support.microsoft.com/kb/3024777
Silverlight Update Failed
https://support.microsoft.com/kb/3011970
FreeBSD stdio vulnerability
http://blog.norsecorp.com/2014/12/10/buffer-overflow-vulnerability-in-freebsd-discovered-by-norse/
More Vulnerabilties in Docker
https://groups.google.com/forum/#!msg/docker-user/nFAz-B-n4Bw/0wr3wvLsnUwJ
More Here