Continued interest in Nikjju mass SQL injection campaign, (Mon, Apr 23rd)

Readers continue to write in conveying updates from sources regarding the Nikjju mass SQL injection campaign. Like the Lilupophilupop campaign from December, ASP/ASP.net sites are target and scripts inserted. Be wary of script src= hxxp://nikjju.com/r.php /script or script src = hxxp://hgbyju.com/r.php /script and the resulting fake/rogue AV campaigns they subject victims to. Infected site…

read more

Comments open for NIST-proposed updates to Digital Signature Standard, (Mon, Apr 23rd)

The comment period for National Institute of Standards and Technology (NIST) proposed changes to the Digital Signature Standard (FIPS 186-3) is open until May 25, 2012. Submit comments via  fips_186-3_change_notice at nist dot gov, with ”186-3 Change Notice” in the subject line. The proposed changes include: “clarification on how to implement the…

read more

ISC StormCast for Monday, April 23rd 2012 http://isc.sans.edu/podcastdetail.html?id=2482, (Mon, Apr 23rd)

iOS vs Android Malwarehttp://threatpost.com/en_us/blogs/accountability-not-code-quality-makes-ios-safer-android-042012 http://www.trailofbits.com/resources/mobile_eip-04-19-2012.pdf Flashback Numbershttp://www.h-online.com/security/news/item/Kaspersky-Number-of-Macs-infected-by-Flashback-drops-to-30-000-Update-1544589.html Mixmaster Confiscationhttps://help.riseup.net/en/seizure-2012-april

read more

ISC StormCast for Sunday, April 15th 2012 http://isc.sans.edu/podcastdetail.html?id=2467, (Sun, Apr 15th)

Microsoft Updatehttp://support.microsoft.com/kb/2671605 Flashback Removal Toolhttp://support.apple.com/kb/DL1517 Oracle Patcheshttp://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html SOPA Malwarehttp://threatpost.com/en_us/blogs/malware-campaign-extorts-users-sopa-threats-041312 Mozilla Plug Inshttp://msujaws.wordpress.com/2012/04/11/opting-in-to-plugins-in-firefox/ Other links you may like: Gregory Evans, LocatePC, Fake Emails go to SPOOFEM.COM, LIGATT Security, Hacker Gear OnlineStolen Computer Alert

read more

Sysinternals Updates

In case you have not seen or heard, some of our readers pointed us to Monday’s posting on the Sysinternals Site Discussion panel about a number of updates that are now available.   Among the release are updates to the following: NotMyFault Process Monitor v3.01 TestLimit v5.2 Webcasts from Mark…

read more

ISC Feature of the Week: Suspicious Domains, (Wed, Apr 18th)

Overview After some maintenance downtime, the Suspicious Domains lists at https://isc.sans.edu/tools/suspicious_domains.html have been re-launched. This project was developed by handler Jason Lam and is an effort to assemble weighted lists of suspicious domains based on tracking, malware and other sources. Features Background – https://isc.sans.edu/tools/suspicious_domains.html#background Project description, sources cited and suggested…

read more

OpenSSL Security Advisory – CVE-2012

Earlier today, the OpenSSL team released a fix for a recently discovered vulnerability that exposes applications, that use certain features of OpenSSL, to a heap overflow. Since OpenSSL is used extensively, there is much speculation and discussion about who is vulnerable.  Here are some highlights and links of the reading…

read more

ISC StormCast for Friday, April 20th 2012 http://isc.sans.edu/podcastdetail.html?id=2479, (Thu, Apr 19th)

Fake Anti Virus Twitter Spam:http://www.securelist.com/en/blog/208193477/New_Spam_campaign_on_Twitter_Leads_to_Rogue_AV Fake Instagram Android Apphttp://nakedsecurity.sophos.com/2012/04/18/fake-instagram-app-android-malwar/ Windows 8 Enterprisehttp://windowsteamblog.com/windows/b/business/archive/2012/04/18/introducing-windows-8-enterprise-and-enhanced-software-assurance-for-today-s-modern-workforce.aspx Firefox blocks Java on older OS X versionshttp://www.h-online.com/open/news/item/Mozilla-blocklists-Java-on-older-Mac-OS-X-systems-1542769.html

read more

ISC StormCast for Thursday, April 12th 2012 http://isc.sans.edu/podcastdetail.html?id=2461, (Thu, Apr 12th)

Samba Vulnerabilityhttps://www.samba.org/samba/security/CVE-2012-1182 HP Flashcard Malwarehttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03249176 (thanks for those who responded to the “poll” yesterday. The stickers will go out today to the first 10 who responded). As always, feedback is welcome. (jullrich – at – sans – dot – edu or use the contact form) Other links you may like:…

read more