Subscribe: SANS Internet Storm Center, InfoCON: green
http://isc.sans.org/rssfeed.xml
Added By: Feedage Forager Feedage Grade A rated
Language: English
Tags:
https isc  https  internet storm  isc sans  isc  jul sans  jul  sans creative  sans internet  sans  states license  storm https 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: SANS Internet Storm Center, InfoCON: green

SANS Internet Storm Center, InfoCON: green



SANS Internet Storm Center - Cooperative Cyber Security Monitor



Published: Tue, 25 Jul 2017 09:56:59 GMT

Last Build Date: Wed, 26 Jul 2017 01:00:16 +0000

Copyright: (C) SANS Institute 2017
 



Trends Over Time, (Mon, Jul 24th)

Tue, 25 Jul 2017 09:56:59 GMT

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.



ISC Stormcast For Tuesday, July 25th 2017 https://isc.sans.edu/podcastdetail.html?id=5596, (Tue, Jul 25th)

Tue, 25 Jul 2017 01:10:02 GMT

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.



Uber drivers new threat: the "passenger", (Mon, Jul 24th)

Mon, 24 Jul 2017 17:57:00 GMT

This week I was told about a scam that surprised me due to the criminals creativity. A New York City Uber driver had his Uber account and days income was stolen by someone who was supposed to be his next passenger.



ISC Stormcast For Monday, July 24th 2017 https://isc.sans.edu/podcastdetail.html?id=5594, (Mon, Jul 24th)

Mon, 24 Jul 2017 02:35:02 GMT

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.



Another .lnk File, (Sun, Jul 23rd)

Sun, 23 Jul 2017 18:50:46 GMT

In diary entry Office maldoc + .lnk we analyzed a Windows shortcut file (.lnk) and looked for metadata, but it didn width:1037px" />



Black Hat is coming and with it a good reason to update your "Broadcom-based" devices, (Fri, Jul 21st)

Sat, 22 Jul 2017 00:19:55 GMT

Black Hat US 2017 is debuting and with it a potential concern to most of us. It turns out that one of the conference presentations, entitledBROADPWN: REMOTELY COMPROMISING ANDROID AND IOS VIA A BUG IN BROADCOMS WI-FI CHIPSETS[1],will detail how Broadcom BCM43xx Wi-Fi chipsets can be exploited to achieve full code execution on the compromised device without user interaction.



Malicious .iso Attachments, (Fri, Jul 21st)

Fri, 21 Jul 2017 22:23:02 GMT

We width:1067px" />



ISC Stormcast For Friday, July 21st 2017 https://isc.sans.edu/podcastdetail.html?id=5592, (Fri, Jul 21st)

Fri, 21 Jul 2017 00:15:04 GMT

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.



ISC Stormcast For Thursday, July 20th 2017 https://isc.sans.edu/podcastdetail.html?id=5590, (Thu, Jul 20th)

Thu, 20 Jul 2017 00:05:02 GMT

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.



Bots Searching for Keys & Config Files, (Wed, Jul 19th)

Wed, 19 Jul 2017 06:26:44 GMT

If youdont know our 404project[1], I would definitively recommend having a look at it! The idea is to track HTTP 404 errors returned by your web servers. I like to compare the value of 404 errors found in web sites log files to dropped events in firewall logs. They can have a huge value to detect ongoing attacks or attackers performing some reconnaissance. Reviewing 404 errors is one task from my daily hunting-todo-list but it may quickly become unmanageable if you have a lot of websites or popular ones. The idea is to focus on rare events that could usually pass below the radar. Here is a Splunk query that I padding:5px 10px"> index=web sourcetype=access_combined status=404 | rex field=uri (?new_uri^\/{1}[a-zA-Z0-9_\-\~]+\.\w+$) | cluster showcount=true t=0.6 field=new_uri | table _time, cluster_count, cluster_label, new_uri | sort cluster_count