Clik here to view.
Newly discovered flaw undermines HTTPS connections for almost 1,000 sites
Enlarge Encrypted connections established by at least 949 of the top 1 million websites are leaking potentially sensitive data because of a recently discovered software vulnerability in appliances...
View ArticleHancitor/Pony malspam, (Fri, Feb 10th)
Introduction Its been one month since my last diary on malcious spam (malspam) with links to malicious Word documents containing Hancitor [1]. Back then, we saw Hancitor use Pony to download Vawtrak...
View ArticleISC Stormcast For Friday, February 10th 2017...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleClik here to view.
Virally growing attacks on unpatched WordPress sites affect ~2m pages
Enlarge (credit: Wordfence) Attacks on websites running an outdated version of WordPress are increasing at a viral rate. Almost 2 million pages have been defaced since a serious vulnerability in the...
View ArticleVuln: IBM Tivoli Storage Manager CVE-2016-6034 Information Disclosure...
IBM Tivoli Storage Manager CVE-2016-6034 Information Disclosure Vulnerability
View ArticleVuln: IBM Security Key Lifecycle Manager CVE-2016-6097 Local Information...
IBM Security Key Lifecycle Manager CVE-2016-6097 Local Information Disclosure Vulnerability
View ArticleAnalysis of a Suspicious Piece of JavaScript, (Sun, Feb 12th)
What to do on a cloudy lazy Sunday? You go hunting and review some alerts generated by your robots. Pastebin remains one of my favourite playground and you always find interesting stuff there. In a...
View ArticleStuff I Learned Decrypting, (Mon, Feb 13th)
With the prevalence of Next-Gen Firewalls, were seeing a new wave of organizations decrypting traffic at the network edge, between organizations and the public internet. This is a good thing. As we...
View ArticleISC Stormcast For Monday, February 13th 2017...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleFor all the SDR folks out there, new version of HackRF released:...
=============== Rob VandenBrink Metafore (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleDo You Use VirusTotal? Give PacketTotal a Spin!, (Mon, Feb 13th)
Packettotal ( http://www.packettotal.com ) is a new site that does some nifty analysis of Packet Captures for you if youre not so familiar with Wireshark or other analysis tools Out of the gate, this...
View ArticleBugtraq: [slackware-security] php (SSA:2017-041-03)
[slackware-security] php (SSA:2017-041-03)
View ArticleBugtraq: WebKitGTK+ Security Advisory WSA-2017-0002
WebKitGTK+ Security Advisory WSA-2017-0002
View ArticleBugtraq: [SECURITY] [DSA 3783-1] php5 security update
[SECURITY] [DSA 3783-1] php5 security update
View ArticleBugtraq: TP-Link C2 and C20i vulnerable to command injection (authenticated...
TP-Link C2 and C20i vulnerable to command injection (authenticated root RCE), DoS, improper firewall rules
View ArticleBugtraq: [slackware-security] tcpdump (SSA:2017-041-04)
[slackware-security] tcpdump (SSA:2017-041-04)
View ArticleBugtraq: [security bulletin] HPESBHF03704 rev.1 - HPE OfficeConnect Network...
[security bulletin] HPESBHF03704 rev.1 - HPE OfficeConnect Network Switches, Local Unauthorized Data Modification
View ArticleBugtraq: [security bulletin] HPSBMU03692 rev.1 - HPE Matrix Operating...
[security bulletin] HPSBMU03692 rev.1 - HPE Matrix Operating Environment, Multiple Remote Vulnerabilities
View ArticleBugtraq: [security bulletin] HPESBGN03698 rev.1 - HPE DDMi using OpenSSL,...
[security bulletin] HPESBGN03698 rev.1 - HPE DDMi using OpenSSL, Remote Arbitrary Code Execution, Bypass Security Restrictions, Denial of Service (DoS)
View Article