ISC StormCast for Thursday, July 24th 2014

By Johannes Ullrich Help us monitor #ssh brute forcing; Apple explains mystery daemons; Malware Hiding in Registry; Tor & Tails: Not so anonymous
New ISC Feature: SSH Passwords
https://isc.sans.edu/forums/diary/New+Feature+Live+SSH+Brute+Force+Logs+and+New+Kippo+Client/18433
Apple Documents “Mystery” Services
http://support.apple.com/kb/HT6331?viewlocale=en_US&locale=en_US
Malware Stores Itself in Registry Value
http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3377
http://techhelplist.com/index.php/spam-list/483-scheduled-package-delivery-failed-date-multi-malware
Tor Vulnerabilities
http://www.robgjansen.com/publications/sniper-ndss2014.pdf
Tails Vulnerabilities
http://blog.exodusintel.com/2014/07/23/silverbullets_and_fairytails/ More Here    

ISC StormCast for Wednesday, July 23rd 2014

By Johannes Ullrich Host Names with many Labels Used for Magnitude Exploit Kit
https://isc.sans.edu/forums/diary/Ivan+s+Order+of+Magnitude/18419
FoxIt Mobile Beacons Back to Advertiser
https://isc.sans.edu/forums/diary/App+telemetry+/18425
Password Brute Forcing Against WordPress Uses XMLRPC Functions
https://isc.sans.edu/forums/diary/+WordPress+brute+force+attack+via+wp+getUsersBlogs/18427
Firefox 31 Released
https://www.mozilla.org/security/known-vulnerabilities/firefox.html
Android Voice Commands Can be Used to Escalate Privileges
http://arxiv.org/abs/1407.4923
More Here    

ISC StormCast for Tuesday, July 22nd 2014

By Johannes Ullrich Hidden #iOS daemons log packets and provide access. But for whom? Surprise: #POS Device sold on #eBay comes with SSNs. #Tesla hacked. More browser FP techniques.
iOS Back Doors Identified
http://www.zdziarski.com/blog/wp-content/uploads/2014/07/iOS_Backdoors_Attack_Points_Surveillance_Mechanisms.pdf
POS Devices Sold on EBay Contain Confidential Information
http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Hacking-POS-Terminal-for-Fun-and-Non-profit/ba-p/6540620#.U820hFYXk2_
Tesla Car Hacked at Syscan
http://www.theregister.co.uk/2014/07/21/chinese_uni_students_pop_tesla_model_s/
Browser Canvas Fingerprinting
http://www.propublica.org/article/meet-the-online-tracking-device-that-is-virtually-impossible-to-block More Here    

ISC StormCast for Monday, July 21st 2014

By Johannes Ullrich Are SOHO Routers SOHOplessly Broken? Google how to use crossdomain.xml files to avoid what happened with BING.
…….

Keeping the RATs out: Part 3
https://isc.sans.edu/forums/diary/Keeping+the+RATs+out+the+trap+is+sprung+-+Part+3/18415
SOHOPlessly Broken Challenge to Find Router Backdoors
http://sohopelesslybroken.com
Siemens ICS Suffer from Various SSL Bugs
http://ics-cert.us-cert.gov/advisories/ICSA-14-198-03
Open CrossDomain.XML file on Bing allows for CSRF
http://sethsec.blogspot.com/2014/07/crossdomain-bing.html More Here    

ISC StormCast for Friday, July 18th 2014

By Johannes Ullrich Cisco Cable Modem Remote Code Execution Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscosa-20140716-cm
IPTables Backdoor
http://researchcenter.paloaltonetworks.com/2014/07/iptables-backdoor-even-linux-risk-intrusion/
SONY Forgets to Pay for Domain Name
http://eq2wire.com/2014/07/15/sonyonline-net-domain-expires-shenanigans-ensue-for-all-soe-games-websites/
Apache mod_status Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-14-236/
Google Releases New Version of Chrome and Fixes URL Spoofing Bug
http://www.osvdb.org/show/osvdb/109214 More Here    

ISC StormCast for Thursday, July 17th 2014

By Johannes Ullrich #LibreSSL: Free but not Safe? #MSFT: Use less passwords! Having fund with #IOCs and IOCe.
———-
Deriving IOCs Using Mandiant’s IOCe tool
https://isc.sans.edu/forums/diary/Keeping+the+RATs+out+an+exercise+in+building+IOCs+-+Part+1/18401
Libre SSL Vulnerabilities on Linux
https://www.agwa.name/blog/post/libressls_prng_is_unsafe_on_linux
CNet Breached and User Database as well as Source Code Leaked
http://www.cnet.com/news/cnet-attacked-by-russian-hacker-group/
Microsoft Asks Us to Rethink Password Policies
http://research.microsoft.com/pubs/217510/passwordPortfolios.pdf
More Here    

ISC StormCast for Wednesday, July 16th 2014

By Johannes Ullrich Oracle Critical Patch Update
https://isc.sans.edu/forums/diary/Oracle+Java+20+new+vulnerabilities+patched/18395
Where is Your Cloud?
https://isc.sans.edu/forums/diary/AOC+Cloud/18393
Hotel Business Center Computers Compromised
http://krebsonsecurity.com/2014/07/beware-keyloggers-at-hotel-business-centers/
Dropcam Vulnerabilities
https://www.defcon.org/html/defcon-22/dc-22-speakers.html#Wardle
Google Introduces Project Zero
http://googleprojectzero.blogspot.de/2014/07/announcing-project-zero.html
More Here    

ISC StormCast for Tuesday, July 15th 2014

By Johannes Ullrich EZ Pass Malware
https://isc.sans.edu/forums/diary/E-ZPass+phishing+scam/18389
http://garwarner.blogspot.com/2014/07/e-zpass-spam-leads-to-location-aware.html
Oracle Patch Advance Notice
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
How to secure the internet of things?
Please submit ideas here: https://isc.sans.edu/contact.html
Vulnerablitiies in Web Based Password Managers
http://devd.me/papers/pwdmgr-usenix14.pdf More Here    

ISC StormCast for Monday, July 14th 2014

By Johannes Ullrich The Importance of Fine Grained Egress Filtering
https://isc.sans.edu/forums/diary/Egress+Filtering+What+-+do+we+have+a+bird+problem+/18379
Inventory Scanners Infected with Targeted Malware
http://www.trapx.com/wp-content/uploads/2014/07/TrapX_ZOMBIE_Report_Final.pdf
Secure E-Mail Service Suffers from XSS Flaw
http://blog.tutanota.de/security-issue-fixed/2014/07/11/
PoC Exploit for LZO Vulnerability
http://www.theregister.co.uk/2014/07/11/firefox_lzo_rce/
Apple Blacklists Vulnerable Flash Versions
http://support.apple.com/kb/HT5655?viewlocale=en_US&locale=en_US More Here    

ISC StormCast for Friday, July 11th 2014

By Johannes Ullrich Office 365 Users Experience Bad SSL Certificates; Analyzing logs quickly and cheaply; Fireeye FEOS Updates
———–
Microsoft Uses Wrong Certificate for Office 365 Login Page
https://isc.sans.edu/forums/diary/Certificate+Errors+in+Office+365+Today/18371
Analyzing Logs quickly and on the cheap
https://isc.sans.edu/forums/diary/Finding+the+Clowns+on+the+Syslog+Carousel/18373
Multiple Flaws in Fireeye Appliance OS
http://www.forbes.com/sites/thomasbrewster/2014/07/09/researcher-i-was-suspended-for-finding-flaws-in-fireeye-security-kit/
Bot Brute Forces PoS RDP Passwords
http://www.fireeye.com/blog/technical/botnet-activities-research/2014/07/brutpos-rdp-bruteforcing-botnet-targeting-pos-systems.html
More Here