Author: nate

Microsoft released the patch for MS017-005 today, to patch a remote code execution vulnerability inWindows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016. The MS Bulletin is posted here: https://technet.microsoft.com/en-us/library/security/MS17-005, but is not yet posted on the main feed (https://technet.microsoft.com/en-us/security/bulletins.aspx) The matching Adobe technote is APSB17-04, …

Read more “Microsoft Patch Tuesday, or is that "Patch Next Tuesday"? – Flash Player RCE patched today, (Tue, Feb 21st)”

=============== Rob VandenBrink Metafore (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Last week, I was working with a client on a web-filtering solution, using one of their organizations laptops. We happened to notice the long-long-LONG list of SSIDs that were on this machine, may of them open SSIDs. The host we were looking at had the default dlink and linksys SSIDs as auto-connect, so not a …

Read more “Investigating Off-Premise Wireless Behaviour (or, "I Know What You Connected To"), (Tue, Feb 21st)”

=============== Rob VandenBrink Compugen (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Yesterday, I read an interesting blog post about exploiting XXE (XML eXternal Entity) flaws to send e-mails [1]. In short: It is possible to trick the application to connect to an FTP server, but since mail servers tend to be forgiving enough, they will just accept e-mail if you use the FTP client to connect …

Read more “Hardening Postfix Against FTP Relay Attacks, (Mon, Feb 20th)”

Introduction Nothing really exciting this week, so lets review malicious spam (malspam) we received at our ISC handers email distro. The message is in Portuguese, and it claims to be from Detran. Detran is an abbreviation for Departamento Estadual de Trnsito, an institution responsible for supervision of ground vehicles in Brazil. border-width:2px” /> Shown above: …

Read more “Brazilian malspam sends Autoit-based malware, (Sat, Feb 18th)”

Have you ever been asked for the config of a router or switch you (or someone else) put in so long ago you didnt remember that device was there? So long ago that the layer of dust inside that switch is probably why the fan stopped spinning and melted it? Yup, me too. So when …

Read more “RTRBK – Router / Switch / Firewall Backups in PowerShell (tool drop), (Fri, Feb 17th)”

In November, Heise, a german technology news publisher, broke a story that AVM cable modems included not only the manufacturers certificate authority certificate as part of the firmwarebut also the corresponding private key [1]. The news didnt get a lot of attention back then. AVM is the maker of Fritz!Box routers and modems which are …

Read more “AVM Private Key Leak Puts Cable Modems Worldwide At Risk, (Thu, Feb 16th)”

OpenSSL released an update for OpenSSL 1.1.0. The latest version is now OpenSSL 1.1.0e. OpenSSL 1.0.2 is not affected. The vulnerability, %%cve:2017-3733%% can lead to a crash in either clients or servers. In order to trigger the vulnerability, an attacker would first negotiate an SSL connection without the Encrypt-Then-Mac extension. Later, the attacker would use …

Read more “OpenSSL 1.1.0e Update: No need to panic #openssl, (Thu, Feb 16th)”

Microsoft earlier today updated its blog post about the skipped February patch Tuesday with a note that We will deliver updates as part of the planned March Update Tuesday, March 14, 2017. March 14th is the March Patch Tuesday date, so Februarys updates will be combined with the March update. Probably overall the least disruptive …

Read more “Microsoft February Patch Tuesday Now Rolled into March Update, (Thu, Feb 16th)”