ISC StormCast for Tuesday, July 29th 2014

By Johannes Ullrich Help us figure out an odd HTTP User Agent; New tool to analyze Flash apps; Kaspersky analyzes Koler Android ransomware in depth
Odd User-Agent Used to Scan Web Servers
https://isc.sans.edu/forums/diary/Interesting+HTTP+User+Agent+chroot-apach0day+/18453
Kaspersky Analysis of Koler Android Ransomware
https://kasperskycontenthub.com/securelist/files/2014/07/201407_Koler.pdf
BugCrowd Publishes Bug Bounty Program Guidelines
https://github.com/bugcrowd/disclosure-policy/blob/master/setting_up_a_responsible_disclosure_program.md
Flashbang: Tool to analyze Flash scripts
https://github.com/cure53/Flashbang
If you are interested in attending todays (Tuesday july 29th) talk in Boston, please use our contact page https://isc.sans.edu/contact.html or email jullrich – at -sans.edu More Here    

ISC StormCast for Monday, July 28th 2014

By Johannes Ullrich #MSFT #IE Will Rat You Out! Finally: Synology Patches for DSM 4.2; Tails advisory for I2P Bug; Honeydrive Update!
TAILS published advisory for I2P Problem
https://tails.boum.org/security/Security_hole_in_I2P_0.9.13/
Synology Patches for DSM 4.2
http://ukdl.synology.com/download/DSM/4.2/3250/
New Version of Honeydrive
http://bruteforce.gr/honeydrive-3-royal-jelly-edition.html
Simatic Patches for ICS
http://ics-cert.us-cert.gov/advisories/ICSA-14-205-02
How a Bot Can Use Internet Explorer to Learn More about a Victim
http://www.alienvault.com/open-threat-exchange/blog/attackers-abusing-internet-explorer-to-enumerate-software-and-detect-securi/ More Here    

ISC StormCast for Friday, July 25th 2014

By Johannes Ullrich Getting files back in Windows; Fake #google bots on the rise; #WSJ & #vice hit by w0rm crew; Better malware protection in #firefox
Windows “Previous Version” Feature
https://isc.sans.edu/forums/diary/Windows+Previous+Versions+against+ransomware/18439
Fake “Google Bots” used for attacks
http://www.incapsula.com/blog/googlebot-study-mr-hack.html
https://isc.sans.edu/forums/diary/When+Google+isnt+Google/15968/
w0rm crew brached Wall Street Journal and Vice
http://www.theregister.co.uk/2014/07/22/wsj_vice_hack_claims_w0rm_punts_stolen_data/
Firefox Improving Malware Protection
https://blog.mozilla.org/security/2014/07/23/improving-malware-detection-in-firefox/ More Here    

ISC StormCast for Thursday, July 24th 2014

By Johannes Ullrich Help us monitor #ssh brute forcing; Apple explains mystery daemons; Malware Hiding in Registry; Tor & Tails: Not so anonymous
New ISC Feature: SSH Passwords
https://isc.sans.edu/forums/diary/New+Feature+Live+SSH+Brute+Force+Logs+and+New+Kippo+Client/18433
Apple Documents “Mystery” Services
http://support.apple.com/kb/HT6331?viewlocale=en_US&locale=en_US
Malware Stores Itself in Registry Value
http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3377
http://techhelplist.com/index.php/spam-list/483-scheduled-package-delivery-failed-date-multi-malware
Tor Vulnerabilities
http://www.robgjansen.com/publications/sniper-ndss2014.pdf
Tails Vulnerabilities
http://blog.exodusintel.com/2014/07/23/silverbullets_and_fairytails/ More Here    

ISC StormCast for Wednesday, July 23rd 2014

By Johannes Ullrich Host Names with many Labels Used for Magnitude Exploit Kit
https://isc.sans.edu/forums/diary/Ivan+s+Order+of+Magnitude/18419
FoxIt Mobile Beacons Back to Advertiser
https://isc.sans.edu/forums/diary/App+telemetry+/18425
Password Brute Forcing Against WordPress Uses XMLRPC Functions
https://isc.sans.edu/forums/diary/+WordPress+brute+force+attack+via+wp+getUsersBlogs/18427
Firefox 31 Released
https://www.mozilla.org/security/known-vulnerabilities/firefox.html
Android Voice Commands Can be Used to Escalate Privileges
http://arxiv.org/abs/1407.4923
More Here    

ISC StormCast for Tuesday, July 22nd 2014

By Johannes Ullrich Hidden #iOS daemons log packets and provide access. But for whom? Surprise: #POS Device sold on #eBay comes with SSNs. #Tesla hacked. More browser FP techniques.
iOS Back Doors Identified
http://www.zdziarski.com/blog/wp-content/uploads/2014/07/iOS_Backdoors_Attack_Points_Surveillance_Mechanisms.pdf
POS Devices Sold on EBay Contain Confidential Information
http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Hacking-POS-Terminal-for-Fun-and-Non-profit/ba-p/6540620#.U820hFYXk2_
Tesla Car Hacked at Syscan
http://www.theregister.co.uk/2014/07/21/chinese_uni_students_pop_tesla_model_s/
Browser Canvas Fingerprinting
http://www.propublica.org/article/meet-the-online-tracking-device-that-is-virtually-impossible-to-block More Here    

ISC StormCast for Monday, July 21st 2014

By Johannes Ullrich Are SOHO Routers SOHOplessly Broken? Google how to use crossdomain.xml files to avoid what happened with BING.
…….

Keeping the RATs out: Part 3
https://isc.sans.edu/forums/diary/Keeping+the+RATs+out+the+trap+is+sprung+-+Part+3/18415
SOHOPlessly Broken Challenge to Find Router Backdoors
http://sohopelesslybroken.com
Siemens ICS Suffer from Various SSL Bugs
http://ics-cert.us-cert.gov/advisories/ICSA-14-198-03
Open CrossDomain.XML file on Bing allows for CSRF
http://sethsec.blogspot.com/2014/07/crossdomain-bing.html More Here    

ISC StormCast for Friday, July 18th 2014

By Johannes Ullrich Cisco Cable Modem Remote Code Execution Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscosa-20140716-cm
IPTables Backdoor
http://researchcenter.paloaltonetworks.com/2014/07/iptables-backdoor-even-linux-risk-intrusion/
SONY Forgets to Pay for Domain Name
http://eq2wire.com/2014/07/15/sonyonline-net-domain-expires-shenanigans-ensue-for-all-soe-games-websites/
Apache mod_status Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-14-236/
Google Releases New Version of Chrome and Fixes URL Spoofing Bug
http://www.osvdb.org/show/osvdb/109214 More Here    

ISC StormCast for Thursday, July 17th 2014

By Johannes Ullrich #LibreSSL: Free but not Safe? #MSFT: Use less passwords! Having fund with #IOCs and IOCe.
———-
Deriving IOCs Using Mandiant’s IOCe tool
https://isc.sans.edu/forums/diary/Keeping+the+RATs+out+an+exercise+in+building+IOCs+-+Part+1/18401
Libre SSL Vulnerabilities on Linux
https://www.agwa.name/blog/post/libressls_prng_is_unsafe_on_linux
CNet Breached and User Database as well as Source Code Leaked
http://www.cnet.com/news/cnet-attacked-by-russian-hacker-group/
Microsoft Asks Us to Rethink Password Policies
http://research.microsoft.com/pubs/217510/passwordPortfolios.pdf
More Here    

ISC StormCast for Wednesday, July 16th 2014

By Johannes Ullrich Oracle Critical Patch Update
https://isc.sans.edu/forums/diary/Oracle+Java+20+new+vulnerabilities+patched/18395
Where is Your Cloud?
https://isc.sans.edu/forums/diary/AOC+Cloud/18393
Hotel Business Center Computers Compromised
http://krebsonsecurity.com/2014/07/beware-keyloggers-at-hotel-business-centers/
Dropcam Vulnerabilities
https://www.defcon.org/html/defcon-22/dc-22-speakers.html#Wardle
Google Introduces Project Zero
http://googleprojectzero.blogspot.de/2014/07/announcing-project-zero.html
More Here