ISC StormCast for Friday, December 19th 2014

By Johannes Ullrich Misfortune Cookie Choke Routers; The Nuclear Pack Exploit Kit; PHPBB Forum Compromise; Update Git; And MSIE 11 again;
Evolution of the Nuclear Exploit Kit
phpBB Compromised
Checkpoint Misfortune Cookie
Git Vulnerability
Microsoft Releases Fixed IE Patch
PHPBB Forum Breached More Here      

ISC StormCast for Thursday, December 18th 2014

By Johannes Ullrich Factory Backdoored Smartphones; ICANN Breached; Delta Mobile Boarding Pass too Mobile; Linux Priv Escalation; Ettercap vuln;
Coolpad Adds ROM Backdoor to Smartphones
ICANN Breached
Delta Mobile Boarding Pass Hackable
Linux x86_64 Kernel Priv. Escalation Vulnerabilities
Ettercap Vulnerabilities More Here      

ISC StormCast for Wednesday, December 17th 2014

By Johannes Ullrich Memory Forensics with “Forensic Suite”; Chromium to mark HTTP without S as insecure; This “Grinch” will probably not steal your xmas (but still learn about polkit)
Memory Forensics with “Forensic Suite” and Volatility
Chromium Suggests to Mark HTTP as “insecure”
“Grinch” Polkit Vulnerability More Here      

ISC StormCast for Tuesday, December 16th 2014

By Johannes Ullrich Typo Squatting with a Twist; Safari still falls for POODLE; Serbian Natl. ID Database breached; Snort 3.0 – where is the pig heading?
Interesting Phishing Attempts to Lure Users by asking them to call ISP
Safari 8.0.2 still supports SSLv3 with block ciphers
Entire National ID Database of Serbia Stolen
Snort 3.0 Update
Government Backdoor can not be secured
10,000+ WordPress Sites infected with SoakSoak More Here      

ISC StormCast for Monday, December 15th 2014

By Johannes Ullrich Worm Backdoors and Patches QNAP devices via Shellshock
Windows Root Certificate Update Recalled/Updated
Silverlight Update Failed
FreeBSD stdio vulnerability
More Vulnerabilties in Docker!msg/docker-user/nFAz-B-n4Bw/0wr3wvLsnUwJ
More Here