ISC StormCast for Friday, August 29th 2014

By Johannes Ullrich Telling Good from Evil: Not easy in Javascript; Honeynet releases beeswarm; FF 32 introducing SSL Cert Pinning; JP Morgan Breached;
Obfuscated Javascript: Good or Evil
https://isc.sans.edu/forums/diary/False+Positive+or+Not+Difficult+to+Analyze+Javascript/18593
JP Morgan Breach
http://www.bloomberg.com/news/2014-08-27/fbi-said-to-be-probing-whether-russia-tied-to-jpmorgan-hacking.html
Firefox 32 To Introduce SSL Cert Pinning
http://monica-at-mozilla.blogspot.de/2014/08/firefox-32-supports-public-key-pinning.html
Honeynet Project introduces “Beeswarm”
http://www.honeynet.org/node/1189 More Here    

ISC StormCast for Thursday, August 28th 2014

By Johannes Ullrich More Memory Scraping for CC Date; More router backdoors; more browser and MSFT patches; more malvertisements
More Memory Scraping in PoS Devices
https://isc.sans.edu/forums/diary/One+More+Day+of+Trolling+in+POS+Memory/18589
Google Chrome 37 Released
http://googlechromereleases.blogspot.com.au/2014/08/stable-channel-update_26.html
Microsoft Re-Releases MS14-045
https://technet.microsoft.com/en-us/library/security/ms14-045.aspx
More Router Backdoors: Netis Routers use hard coded password on UDP/53413
http://blog.trendmicro.com/trendlabs-security-intelligence/netis-routers-leave-wide-open-backdoor/
Synology Software Update
http://www.synology.com/de-de/releaseNote/model/DS414
Popular Websites like Java.com and TMZ offering Malvertisements
http://blog.fox-it.com/2014/08/27/malvertising-not-all-java-from-java-com-is-legitimate/ More Here    

ISC StormCast for Wednesday, August 27th 2014

By Johannes Ullrich Point of Sales Devices and PCI
https://isc.sans.edu/forums/diary/Trolling+Memory+for+Credit+Cards+in+POS+PCI+Environments/18579
https://isc.sans.edu/forums/diary/Point+of+Sale+Terminal+Protection+-+Fortress+PCI+at+the+Mall/18581
Netflix Releases Security Tools
http://techblog.netflix.com/2014/08/announcing-scumblr-and-sketchy-search.html
http://techblog.netflix.com/2014/06/announcing-security-monkey-aws-security.html
New Free Windows Firewall / Network Monitoring Systems
https://www.glasswire.com More Here    

ISC StormCast for Tuesday, August 26th 2014

By Johannes Ullrich Looking for Packets: 1900/UDP DoS and abnormal CRL Downloads; SONY Playstation Network DoS and Bomb Threat; Are users too complacent?
Are you seeing abnormal CRL Downloads?
https://isc.sans.edu/forums/diary/Unusual+CRL+traffic+/18575
UDP port 1900 (UPNP) Reflective DDoS Attacks
https://isc.sans.edu/forums/diary/UDP+port+1900+DDoS+traffic/18577
SONY Playstation Network DoS Attack and Bomb Threat
http://thehackernews.com/2014/08/sony-playstation-network-taken-down-by_24.html
Kaspersky Report Shows Users are concerned about online risks but don’t do anyth
ing about them
http://media.kaspersky.com/en/Kaspersky_Lab_Consumer_Security_Risks_Survey_2014_ENG.pdf More Here    

ISC StormCast for Monday, August 25th 2014

By Johannes Ullrich What are the 2% of attacks your firewall misses? Stiffed by Synolocker crew? Try F-Secure for Help!
NSS Cyber Resiliance Report
https://www.nsslabs.com/system/files/public-report/files/Cyber%20Resilience_0.pdf
F-Secure Releases Tool to Help Decrypt Synolocker Files (IF YOU PAID THE RANSOM)
http://www.f-secure.com/weblog/archives/00002737.html
US-Cert: Over 1,000 Business Infected By Back-Off PoS Malware
https://www.us-cert.gov/ncas/alerts/TA14-212A
NIST Releases Guidance on SSH Key Management
http://csrc.nist.gov/publications/drafts/nistir-7966/nistir_7966_draft.pdf More Here    

ISC StormCast for Friday, August 22nd 2014

By Johannes Ullrich #OpenIOC support for ISC API; Side Channels steal keys and screen content; More bad SSL news for Android apps; Fake Anti Virus as dead as real Anti Virus
ISC update: OpenIOC output for our API
https://isc.sans.edu/api
Side Channel Attacks via Shared Memory on Android
http://www.cs.ucr.edu/~zhiyunq/pub/sec14_android_activity_inference.pdf
Reading Encryption Keys from Surface Electric Potential Measurement
http://www.cs.tau.ac.il/~tromer/handsoff/
Mobile Applications use bad SSL Implementations
http://www.fireeye.com/blog/technical/2014/08/ssl-vulnerabilities-who-listens-when-android-applications-talk.html
Current State of Fake Anti Virus
http://blogs.technet.com/b/mmpc/archive/2014/08/19/the-fall-of-rogue-antivirus-software-brings-new-methods-to-light.aspx More Here    

ISC StormCast for Thursday, August 21st 2014

By Johannes Ullrich Heartbleed claims another victim; Traffic Signal Insecurity; Stuxnet Vulnerability still present; Get ready to phase out SHA-1
Heartbleed Bug Identified as Root Cause of Large Medical Data Breach
https://www.trustedsec.com/august-2014/chs-hacked-heartbleed-exclusive-trustedsec/
Manipulating Traffic Signals
https://jhalderm.com/pub/papers/traffic-woot14.pdf
Stuxnet Vulnerability Still Frequently Unpatched
http://www.theregister.co.uk/2014/08/20/oi_rip_van_winkle_patch_already/
Google Chrome Leading the Charge in Deprecating SHA-1 for SSL Certificates
https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/2-R4XziFc7A/YO0ZSrX_X4wJ More Here    

ISC StormCast for Wednesday, August 20th 2014

By Johannes Ullrich Lots of crypto: 1024 even less trusted; Facebook sees lots of STARTTLS; PGP: Still right for modern times?
1024 Bit CAs even less trusted
https://kuix.de/blog/index.php?entry=Cleanup-of-1024-bit-CA-certificates
Facebook sees vast improvement in STARTTLS use over only 3 months
https://www.facebook.com/notes/protect-the-graph/massive-growth-in-smtp-starttls-deployment/1491049534468526
PGP Showing Its Age, but no suitable replacement in sight
http://blog.cryptographyengineering.com/2014/08/whats-matter-with-pgp.html More Here    

ISC StormCast for Tuesday, August 19th 2014

By Johannes Ullrich More about UDP and bad NAT; Lots of Patient Records Lost; More Syrian Malware; Odd new Facebook “age verification” trick
2nd Part of the UDP behind NAT riddle
https://isc.sans.edu/forums/diary/Part+2+Is+your+home+network+unwittingly+contributing+to+NTP+DDOS+attacks+/18549
4.5 Million Patient Files Lost
http://www.theregister.co.uk/2014/08/18/hospital_chain_claims_chinese_hackers_stole_45_million_user_details/
Pro Syrian Malware on the Rise
https://securelist.com/blog/research/66051/the-syrian-malware-house-of-cards/
More Here    

ISC StormCast for Monday, August 18th 2014

By Johannes Ullrich Beware of the Patch – UDP behind NAT may not be firewalled – yet another PHP cgi exploit – talk quiet, your smart phone is vibrating
MSFT MS14-045 Patch Causes Blue Screen of Death
https://technet.microsoft.com/library/security/MS14-045
The dangers of UDP services behind NAT
http://isc.sans.edu/forums/diary/Web+Server+Attack+Investigation+-+Installing+a+Bot+and+Reverse+Shell+via+a+PHP+Vulnerability/18543
PHP CGI exploit with interesting reverse shell
http://isc.sans.edu/forums/diary/Web+Server+Attack+Investigation+-+Installing+a+Bot+and+Reverse+Shell+via+a+PHP+Vulnerability/18543
Smart Phone Gyroscope Sensitive Enough to Detect Speech
http://crypto.stanford.edu/gyrophone/files/gyromic.pdf
Internet Wide Scan Finds Many Exposed VNC Servers
http://www.forbes.com/sites/kashmirhill/2014/08/13/so-many-pwns/
More Here