Cloudflare data leak...what does it mean to me?, (Fri, Feb 24th)
The ISC has received several requests asking us to weigh in on the ramifications of the Cloudflare data leak, also being referred to by some as CloudBleed. The short version of the vulnerability is...
View ArticleClik here to view.
Watershed SHA1 collision just broke the WebKit repository, others may follow
Enlarge (credit: youngthousands) Thursday's watershed attack on the widely used SHA1 hashing function has claimed its first casualty: the version control system used by the WebKit browser engine,...
View ArticleUnpatched Microsoft Edge and IE Bug, (Sat, Feb 25th)
Microsoft Edge and Internet Explorer can be exploited by a type confusion in HandleColumnBreakOnColumnSpanningElement. A POC was released here. [1]...
View ArticleClik here to view.
It is Tax Season - Watch out for Suspicious Attachment, (Sun, Feb 26th)
This week I received an email looking very realistic with a Word document that made it through the AV gateway from the Canadian Revenue Agency, it is tax season after all and everyone must be extra...
View ArticleCRA Maldoc Analysis, (Sun, Feb 26th)
I took a look at Guy font-family:Helvetica Neue width:1267px" /> tevens Microsoft MVP Consumer Security blog.DidierStevens.com DidierStevensLabs.com (c) SANS Internet Storm Center....
View ArticleDynamite Phishing , (Mon, Feb 27th)
Last week I ran across a very successful phishing campaign, whats odd in most ways it was nothing special. The attacker was using this more like a worm, where stolen credentials would be used within...
View ArticleISC Stormcast For Monday, February 27th 2017...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleClik here to view.
Google reports “high-severity” bug in Edge/IE, no patch available
Enlarge (credit: Ccetsnakebite) A member of Google's Project Zero security research team has disclosed a high-severity vulnerability in Microsoft's Edge and Internet Explorer browsers that reportedly...
View ArticleClik here to view.
Creepy IoT teddy bear leaks >2 million parents’ and kids’ voice messages
Enlarge (credit: https://www.youtube.com/watch?v=EcxNHgYUz6s) A maker of Internet-connected stuffed animal toys has leaked a database of sensitive customer data. The leak includes more than 2 million...
View ArticleISC Stormcast For Tuesday, February 28th 2017...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleVuln: Linux kernel Local Use After Free Multiple Denial of Service...
Linux kernel Local Use After Free Multiple Denial of Service Vulnerabilities
View ArticleVuln: Linux Kernel CVE-2015-8962 Memory Corruption Vulnerability
Linux Kernel CVE-2015-8962 Memory Corruption Vulnerability
View ArticleAnalysis of a Simple PHP Backdoor, (Tue, Feb 28th)
With the huge surface attack provided by CMS like Drupal or Wordpress, webshells remain a classic attack scenario. A few months ago, I wrote a diary about the power of webshells[1]. A few days ago, a...
View ArticleMy Catch Of 4 Months In The Amazon IP Address Space, (Tue, Feb 28th)
This is a guest diary submitted by Remco Verhoef. The cloud is bringing a lot of interesting opportunities, enabling you to scale your server farm up and down depending on the load. Everything is...
View ArticleBugtraq: Advisory X41-2017-001: Multiple Vulnerabilities in X.org
Advisory X41-2017-001: Multiple Vulnerabilities in X.org
View ArticleVuln: Iceni Argus CVE-2016-8715 Remote Code Execution Vulnerability
Iceni Argus CVE-2016-8715 Remote Code Execution Vulnerability
View ArticleVuln: Linux Kernel CVE-2017-6074 Local Denial of Service Vulnerability
Linux Kernel CVE-2017-6074 Local Denial of Service Vulnerability
View ArticleVuln: Multiple F5 BIG-IP Products CVE-2016-9245 Denial of Service Vulnerability
Multiple F5 BIG-IP Products CVE-2016-9245 Denial of Service Vulnerability
View ArticleVuln: Linux Kernel CVE-2017-6353 Incomplete Fix Local Denial of Service...
Linux Kernel CVE-2017-6353 Incomplete Fix Local Denial of Service Vulnerability
View Article