ISC StormCast for Monday, February 8th 2016

By Johannes B. Ullrich, Ph.D. Malware With Zip’ed Javascript Attachments
https://isc.sans.edu/forums/diary/A+trip+through+the+spam+filters+more+malspam+with+zip+attachments+containing+js+files/20697/
Netgear NMS300 Arbitrary Codes Execution Vulnerability
https://www.kb.cert.org/vuls/id/777024
Apple Home Button “Error 53”
http://www.theguardian.com/money/2016/feb/05/error-53-apple-iphone-software-update-handset-worthless-third-party-repair
Symantec Certificate Authority Whois E-Mail Parsing Problem
https://www.agwa.name/blog/post/domain_validation_vulnerability_in_symantec_ca
T9000 Backdoor Records Skype Conversations
http://researchcenter.paloaltonetworks.com/2016/02/t9000-advanced-modular-backdoor-uses-complex-anti-analysis-techniques/
More Here      

ISC StormCast for Friday, February 5th 2016

By Johannes B. Ullrich, Ph.D. Fake Flash Installer OS X Malware
https://isc.sans.edu/forums/diary/Fake+Adobe+Flash+Update+OS+X+Malware/20693/
Dridex Botnet Installing Avira Antivirus
http://www.theregister.co.uk/2016/02/04/dridex_botnet_pwned/
Avast Antivirus Installing Vulnerable Version of Chromium
https://code.google.com/p/google-security-research/issues/detail?id=679
German Federal Office for Information Security Publishes Audit Results For OpenSSL
https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Studies/OpenSSL-library/DocumentationOpenSSL.pdf?__blob=publicationFile&v=2
Security Blogger Awared Voting (Please only vote once)
http://www.ashimmy.com/2016/01/2016-social-security-blogger-award-voting-is-open-now.html
More Here      

ISC StormCast for Thursday, February 4th 2016

By Johannes B. Ullrich, Ph.D. EMET 5.5 Released
http://blogs.technet.com/b/srd/archive/2016/02/02/enhanced-mitigation-experience-toolkit-emet-version-5-5-is-now-available.aspx
Automating Vulnerability Scans with OpenVAS
https://isc.sans.edu/forums/diary/Automating+Vulnerability+Scans/20685
20 Million TaoBao Accounts Stolen Due to Duplicate Passwords
http://www.techweb.com.cn/internet/2016-02-03/2273441.shtml
(chinese)
“Chromodo” Browser Less Securityt then “Chrome/Chromium”
https://code.google.com/p/google-security-research/issues/detail?id=704
More Here