ISC StormCast for Monday, November 24th 2014

By Johannes Ullrich Sprear Phishing Works Well! Hikvision: Broken and Dangerous DVRs don’t keep you safe; MSFT and Sandwort: Missed Chances; Paypal patches slowly
1 out of 5 spear phishing emails successful
https://deepsec.net/speaker.html#PSLOT157
Multiple remote vulnerabilities in Hikvision DVRs
https://community.rapid7.com/community/metasploit/blog/2014/11/19/r7-2014-18-hikvision-dvr-devices–multiple-vulnerabilities
MSFT Overlooked “Sandworm” vulnerability in earlier patches
http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/SandWorm-s-target-A-patch-history-of-Object-Packager/ba-p/6675618#.VHJ8QIsXkzB
PayPal Takes 18 Months to Fix Arbitrary Code Execution Flaw
http://vulnerability-lab.com/get_content.php?id=936
ICMP Redirect Attacks Documented in the Wild
http://blog.zimperium.com/doubledirect-zimperium-discovers-full-duplex-icmp-redirect-attacks-in-the-wild/
More Here