ISC StormCast for Thursday, December 11th 2014

By Johannes Ullrich Can SONY Software still be trusted? D-Link Routers Hunted; InititeWP / X-Window Patches; Problems with #MSFT #Exchange patch
SONY Private Key Leaked, Used in PoC to sign malware
https://isc.sans.edu/forums/diary/Malware+Signed+With+Valid+SONY+Certificate+Update+This+was+a+Joke+/19049
D-Link Router SSH Password Brute Forcing
https://isc.sans.edu/forums/diary/Odd+new+ssh+scanning+possibly+for+D-Link+devices/19055
InfiniteWP SQL Injection Vulnerability
https://www.securityweek.com/sql-injection-other-vulnerabilities-found-infinitewp-admin-panel
Old X-Window Bug Found and Patched
http://lists.x.org/archives/xorg-announce/2014-December/002500.html
Microsoft Exchange Patch Causing Problems
http://www.edugeek.net/forums/enterprise-software/146585-outlook-client-issues-following-exchange-2010-rollup-8-a.html More Here