Security Bulletins | Jeremy Murtishaw, Inc.

Cisco – Issue with Clock Signal Component, (Fri, Feb 3rd)

by nateSecurity Bulletins February 3, 2017Comments are Disabled

One of our readers, Dalibor Cerar, sent us an email about an issue impacting Cisco…at this point. While its a hardware issue, the result if it occurs is a self inflicted Denial of Service. Cisco released a notice on February 2 that some of its products had an issue with the Clock Signal component manufactured …

Windows SMBv3 Denial of Service Proof of Concept (0 Day Exploit), (Thu, Feb 2nd)

by nateSecurity Bulletins February 2, 2017Comments are Disabled

The tweet originally announcing this issue stated that Windows 2012 and 2016 is vulnerable. I tested it with a fully patched Windows 10, and got an immediate blue screen of death (see below for screenshot). A Proof of Concept (PoC) Exploit causing a blue screen of death on recent Windows version was released on Github …

New tcpdump release -> 4.9.0 http://www.tcpdump.org/#latest-release, (Thu, Feb 2nd)

by nateSecurity Bulletins February 2, 2017Comments are Disabled

— Rick Wanner MSISE – rwanner at isc dot sans dot edu – http://namedeplume.blogspot.com/ – Twitter:namedeplume (Protected) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

What Keeps My Honeypot Busy These Days, (Fri, Jan 27th)

by nateSecurity Bulletins January 27, 2017Comments are Disabled

Sometimes, it isnt the new and sophisticated attacks that keep your honeypots (and with that: you) busy, but things that make you go that works?. Looking over my honeypot today, I had a couple experiences like this. First of all, the old TR-064 NTP Server exploit that beca me big news when the Mirai botnet …

ISC Stormcast For Monday, January 23rd 2017 https://isc.sans.edu/podcastdetail.html?id=5341, (Mon, Jan 23rd)

by nateSecurity Bulletins January 27, 2017Comments are Disabled

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

How to Have Fun With IPv6 Fragments and Scapy, (Mon, Jan 23rd)

by nateSecurity Bulletins January 27, 2017Comments are Disabled

I may extend this with a second entry later this week. But as so often, I found myself on a long flight with some time on my hands, and since the IETF just released a new RFC regarding IPv6 atomic fragments, I figured I will play a bit with scapy to kill time. [1] And …

All things Apple Updated today: iTunes 12.5.5 (Windows), Safari 10.0.3, macOS 10.12.3, iOS 10.2.1, tvOS 10.1.1, watchOS 3.1.3 – Details at https://support.apple.com/en-ca/HT201222, (Tue, Jan 24th)

by nateSecurity Bulletins January 27, 2017Comments are Disabled

=============== Rob VandenBrink Metafore (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

ISC Stormcast For Tuesday, January 24th 2017 https://isc.sans.edu/podcastdetail.html?id=5343, (Tue, Jan 24th)

by nateSecurity Bulletins January 27, 2017Comments are Disabled

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Critical Vulnerability in Cisco WebEx Chrome Plugin, (Tue, Jan 24th)

by nateSecurity Bulletins January 27, 2017Comments are Disabled

Update: Version 1.0.5 of the Google Chrome WebEx plugin, released this morning, fixes this issue. The Google 0-Day project announced a critical remote code execution vulnerability in Ciscos WebEx plugin for Google Chrome. This vulnerability allows a remote attacker to execute arbitrary code on the victims system by delivering it to the WebEx plugin via …

ISC Stormcast For Wednesday, January 25th 2017 https://isc.sans.edu/podcastdetail.html?id=5345, (Wed, Jan 25th)

by nateSecurity Bulletins January 27, 2017Comments are Disabled

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.