ISC StormCast for Friday, October 24th 2014

By Johannes Ullrich VMWare Patches; NIST Hypervisor Deployment Advice; Adobe eReader Now Spying over SSL; Samsung KNOX not that secure; Cryptowall
VMware Updates
http://www.vmware.com/security/advisories/VMSA-2014-0011.html
NIST Publication 800-125A : Deploying Hypervisors
http://csrc.nist.gov/publications/drafts/800-125a/sp800-125a_draft.pdf
Adobe eReader now using SSL to phone home
http://www.theregister.co.uk/2014/10/23/adobe_updates_digital_editions_encryption/
Analysis of Samsung KNOX
http://mobilesecurityares.blogspot.de/2014/10/why-samsung-knox-isnt-really-fort-knox.html
Cryptowall coming back via paid-for ads
http://www.proofpoint.com/threatinsight/posts/malware-in-ad-networks-infects-visitors-and-jeopardizes-brands.php More Here      

ISC StormCast for Thursday, October 23rd 2014

By Johannes Ullrich 2001 vulnerability found in 2013 Cisco product; Dangers of NAT-PMP; iOS 8.1 Jailbreak; Ruxcon; 911 outage lessons;
Telnetd Vulnerability in Cisco Ironport WSA
https://isc.sans.edu/forums/diary/+telnetd+rulez+Cisco+Ironport+WSA+Telnetd+Remote+Code+Execution+Vulnerability/18869
Miconsconfigured Routers Allow Config Changes via NAT-PMP
https://community.rapid7.com/community/metasploit/blog/2014/10/21/r7-2014-17-nat-pmp-implementation-and-configuration-vulnerabilities
Jailbreak for iOS 8.1
http://pangu.io
Ruxcon Slides / Intercepting Pager Data
https://ruxcon.org.au/slides/
April 911 Outages Affected 3.5 % of US Population
http://threatpost.com/april-911-outage-affected-3-5-percent-of-u-s-population/108974 More Here      

ISC StormCast for Wednesday, October 22nd 2014

By Johannes Ullrich #MSFT releases special security advisory; #NCSAM false positives in pentest reports; Palo Alto Leaks Credentials; UEFI Vulnerabilities
Microsoft Releases Special Security Advisory for new OLE Vulnerability
https://technet.microsoft.com/library/security/3010060
False Positives in Pentest Reports
https://isc.sans.edu/forums/diary/CSAM+Month+of+False+Positives+Ghosts+in+the+Pentest+Report/18861
Misconfigured Palo Alto Firewalls Leak Credentials
https://community.rapid7.com/community/infosec/blog/2014/10/14/palo-alto-networks-userid-credential-exposure
http://live.paloaltonetworks.com/docs/DOC-8125/
UEFI Vulnerability exploitable for Windows 8
https://www.mitre.org/publications/technical-papers/presentation-extreme-privilege-escalation-on-windows-8uefi-systems More Here      

ISC StormCast for Tuesday, October 21st 2014

By Johannes Ullrich #Apple iOS Security Updates; #MSFT pulls SHA-2 patch from October Updates; China intercepts iCloud; US Gov Pushes Chip&Pin; PHP Patch
Apple iOS 8.1 and Apple TV 7.0.1
https://support.apple.com/kb/HT1222
Microsoft Pulls Windows 7 SHA-2 Update
https://technet.microsoft.com/en-us/library/security/2949927
iCloud SSL Traffic Intercepted in China using self signed certificates
https://en.greatfire.org/blog/2014/oct/china-collecting-apple-icloud-data-attack-coincides-launch-new-iphone
US Government to Require Chip-and-Pin for Federal Payments
http://www.whitehouse.gov/the-press-office/2014/10/17/fact-sheet-safeguarding-consumers-financial-security
PHP Update Released
http://php.net/ChangeLog-5.php More Here      

ISC StormCast for Friday, October 17th 2014

By Johannes Ullrich Mobbing up bad SSL Configs and Attacks with Logging; Ebola: Infecting More PCs then Humans? Oracle Forms 10g Remote Exec & Java Patches.
Logging SSL Parameters
https://isc.sans.edu/forums/diary/Logging+SSL/18847
US-Cert warns of Ebola Malware
https://www.us-cert.gov/ncas/current-activity/2014/10/16/Ebola-Phishing-Scams-and-Malware-Campaigns
Oracle Forms 10g Arbitrary Remote Code Execution
https://www.netspi.com/blog/entryid/243/advisory-oracle-forms-10g-unauthenticated-remote-code-execution-cve-2014-4278 More Here      

ISC StormCast for Thursday, October 16th 2014

By Johannes Ullrich POODLE Update (wrap up?)
https://isc.sans.edu/forums/diary/POODLE+Turning+off+SSLv3+for+various+servers+and+client+/18837
https://www.sans.org/webcasts/about-poodle-99032 (webcast archive)
Weak Random Number Generators in Bitcoin Wallets Used to Steal Bitcoins
http://conference.hitb.org/hitbsecconf2014kul/materials/D1T1%20-%20Filippo%20Valsorda%20-%20Exploiting%20ECDSA%20Failures%20in%20the%20Bitcoin%20Blockchain.pdf
OS X Leaves Indexes With Private Data on USB Drives
http://www.f-secure.com/weblog/archives/00002752.html
Drupal Fixes SQL Injection Vulnerability
http://threatpost.com/drupal-fixes-highly-critical-sql-injection-flaw/108861 More Here      

ISC StormCast for Wednesday, October 15th 2014

By Johannes Ullrich SSLv3 POODLE Vulnerability
https://isc.sans.edu/forums/diary/OpenSSL+SSLv3+POODLE+Vulnerability+Official+Release/18827
Test your client: https://sslv3.dshield.org
Google Announcement:
http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html
MSFT Announcement:
https://technet.microsoft.com/en-us/library/security/3009008.aspx
Microsoft Patch Tuesday:
http://technet.microsoft.com/en-us/security/bulletin/ms14-oct
Today’s podcast is somewhat rushed due to the plethora of topics. We will have a special webcast tomorrow, likely around noon / early afternoon ET to discuss POODLE. More Here      

ISC StormCast for Tuesday, October 14th 2014

By Johannes Ullrich Some Beacons are False Beacons; Cyanogenmod open to MitM SSL Attack; Snapchat: Still not as ephemeral as you may think;
CSAM: Be Wary of False Beacons
https://isc.sans.edu/forums/diary/CSAM+Be+Wary+of+False+Beacons/18813
Cyanogenmod vulnerable to SSL MitM Attack
http://www.theregister.co.uk/2014/10/13/androids_cyanogenmod_open_to_mitm_attacks/
https://docs.google.com/document/pub?id=1roBIeSJsYq3Ntpf6N0PIeeAAvu4ddn7mGo6Qb7aL7ew
Decrypting Snapchat Images
https://github.com/programa-stic/snapchat-decrypt
More Here      

ISC StormCast for Monday, October 13th 2014

By Johannes Ullrich Is it a phish or just a badly done breach notification? Dairy Queen/KMart: Next in line for PoS compromises; HP signs malware; Snapchat image archive leaked;
NCSAM: When Breach Notifications Look Worse then some Phishing Emails.
https://isc.sans.edu/forums/diary/CSAM+Month+of+False+Positives+-+Breach+Emails+/18805
Dairy Queen Breached
http://www.dairyqueen.com/us-en/datasecurityincident/?localechange=1&
(and KMart..)
HP Signs Malware with Valid Certificate
http://krebsonsecurity.com/2014/10/signed-malware-is-expensive-oops-for-hp/
Snpchat Image Archive Surfces
https://gigaom.com/2014/10/10/thousands-of-snapchat-images-may-have-been-hacked-via-a-third-party-image-saving-service/ More Here