ISC StormCast for Monday, November 24th 2014

By Johannes Ullrich Sprear Phishing Works Well! Hikvision: Broken and Dangerous DVRs don’t keep you safe; MSFT and Sandwort: Missed Chances; Paypal patches slowly
1 out of 5 spear phishing emails successful
Multiple remote vulnerabilities in Hikvision DVRs–multiple-vulnerabilities
MSFT Overlooked “Sandworm” vulnerability in earlier patches
PayPal Takes 18 Months to Fix Arbitrary Code Execution Flaw
ICMP Redirect Attacks Documented in the Wild
More Here