ISC StormCast for Friday, January 23rd 2015

By Johannes Ullrich SSL Labs API
https://community.qualys.com/blogs/securitylabs/2015/01/22/ssl-labs-apis-now-available-in-beta
Adobe Flash Out-Of-Band Patch
https://isc.sans.edu/forums/diary/OOB+Adobe+patch/19217/
Chrome Update
http://googlechromereleases.blogspot.com/2015/01/stable-update.html
Firefox Referer Meta Tag
https://blog.mozilla.org/security/2015/01/21/meta-referrer/
Atlasian Bugs
https://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+-+2015-01-21 More Here      

ISC StormCast for Thursday, January 22nd 2015

By Johannes Ullrich Flash 0 Day Exploit Used By Angler Exploit Kit
https://isc.sans.edu/forums/diary/Flash+0Day+Exploit+Used+by+Angler+Exploit+Kit/19213/
Java Updates
https://isc.sans.edu/forums/diary/Oracle+Critical+Patch+Update+for+Q1+2015+Includes+Java+Updates/19211/
Cisco Security Report
http://www.cisco.com/web/offers/pdfs/cisco-asr-2015.pdf
More Modem and Router Exploits
http://www.gironsec.com/blog/2015/01/owning_modems_and_routers_silently/ More Here      

ISC StormCast for Wednesday, January 21st 2015

By Johannes Ullrich Audit for Privilege Escalation Vulnerabilities
https://isc.sans.edu/forums/diary/Finding+Privilege+Escalation+Flaws+in+Linux/19207/
Google Releases OS X Exploits
https://code.google.com/p/google-security-research/issues/detail?id=130
https://code.google.com/p/google-security-research/issues/detail?id=135
Oracle to Release Critical Patch Update
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html More Here      

ISC StormCast for Tuesday, January 20th 2015

By Johannes Ullrich Traffic Patterns For CryptoWall 3.0
https://isc.sans.edu/forums/diary/Traffic+Patterns+For+CryptoWall+30/19203/
LizardStresser Database Leaked
https://krebsonsecurity.com/2015/01/another-lizard-arrested-lizard-lair-hacked
Hackerslist Offers Jobs for Hackers
[no URL]
Verizon Mobile App API Allows Authentication Bypass
http://randywestergren.com/critical-vulnerability-verizon-mobile-api-compromising-user-email-accounts/
Great Chinese Firewall Targeting Outlook/Microsoft
https://en.greatfire.org/blog/2015/jan/outlook-grim-chinese-authorities-attack-microsoft More Here      

ISC StormCast for Monday, January 19th 2015

By Johannes Ullrich Shellshock Keeps On Giving
https://isc.sans.edu/forums/diary/Shellshock+keeps+on+giving/19197/
Odd HTTP Requests For PHP Scripts
https://isc.sans.edu/forums/diary/Strange+Random+GET+PHP+Queries/19199/
Details And Possible PoC For Telnet Vulnerability
(Google cache link below. May not survive much longer)
http://webcache.googleusercontent.com/search?q=cache%3Ahttp%3A%2F%2Fdrops.wooyun.org%2Fpapers%2F4621&ie=utf-8&oe=utf-8
Google Releases Additional 0-Days
https://code.google.com/p/google-security-research/issues/detail?id=128
Vulnerable OBD2 Vehicle Ports
http://www.forbes.com/sites/thomasbrewster/2015/01/15/researcher-says-progressive-insurance-dongle-totally-insecure/ More Here