Threat Level: green Handler on Duty: Russ McRee

SANS ISC Internet Storm Center


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Latest Diaries

ISC StormCast for Thursday, October 2nd 2014 http://isc.sans.edu/podcastdetail.html?id=4173

Xen Security Advisory - XSA 108 - http://xenbits.xen.org/xsa/advisory-108.html

Published: 2014-10-01
Last Updated: 2014-10-01 23:04:53 UTC
by Russ McRee (Version: 1)
2 comment(s)

Xen has issued an advisory and a related patch to address an issue that allows a "buggy or malicious HVM guest to crash the host or read data relating to other guests or the hypervisor itself."

Xen 4.1 and onward are vulnerable, only x86 systems are vulnerable. ARM systems are not vulnerable.

Applying the patch resolves this issue.

Keywords: xen
2 comment(s)

Security Onion news: Updated ShellShock detection scripts for Bro

Published: 2014-10-01
Last Updated: 2014-10-01 21:03:13 UTC
by Russ McRee (Version: 1)
0 comment(s)

Per Security Onion's Doug Burks, Seth Hall has developed some comprehensive ShellShock detection scripts for Bro.
These scripts "detect successful exploitation of the Bash vulnerability with CVE-2014-6271 nicknamed "ShellShock" and are more comprehensive than most detections in that they're watching for behavior from the attacked host that might indicate successful compromise or actual vulnerability."
Seth has updated these scripts again today to "Add shellscripts as a post-exploit detection mechanism."
Doug has updated the securityonion-bro-scripts package to include these changes and has also updated the securityonion-web-page package to include some ELSA queries for "ShellShock Exploits" and "ShellShock Scanners".

This is great for current Security Onion users, and even better for readers who have not yet investigated and invested in Security Onion. Now's the time to become familiar and improve your situational awareness, particularly given the fact that it's National Cyber Security Awareness Month. :-)

Everything you need is available on Doug's blog: http://blog.securityonion.net/2014/10/new-securityonion-bro-scripts-and.html

0 comment(s)
VMware security advisory: VMSA-2014-0010 http://www.vmware.com/security/advisories/VMSA-2014-0010.html
ISC StormCast for Wednesday, October 1st 2014 http://isc.sans.edu/podcastdetail.html?id=4171

If you have more information or corrections regarding our diary, please share.

Recent Diaries

Xen Security Advisory - XSA 108 - http://xenbits.xen.org/xsa/advisory-108.html
published 11 hours ago by Russ McRee (1 comment)

Security Onion news: Updated ShellShock detection scripts for Bro
published 13 hours ago by Russ McRee (0 comments)

DerbyCon highlights
published 1 day ago by Russ McRee (1 comment)

Shellshock: Updated Webcast (Now 6 bash related CVEs!)
published 2 days ago by Dr. J. (0 comments)

Shellshock: A Collection of Exploits seen in the wild
published 2 days ago by Dr. J. (8 comments)

Shellshock: We are not done yet CVE-2014-6277, CVE-2014-6278
published 2 days ago by Dr. J. (0 comments)

Shellshock: Vulnerable Systems you may have missed and how to move forward
published 2 days ago by Dr. J. (2 comments)

What has Bash and Heartbleed Taught Us?
published 4 days ago by Guy (1 comment)

Why We Have Moved to InfoCon:Yellow
published 5 days ago by Richard (5 comments)

Webcast Briefing: Bash Code Injection Vulnerability
published 6 days ago by Dr. J. (7 comments)

Update on CVE-2014-6271: Vulnerability in bash (shellshock)
published 6 days ago by Dr. J. (25 comments)

View All Diaries →

Latest Discussions

SSH Bruteforce Uptick Anyone?
created 1 day ago by Philip (0 replies)

XSS vulnerability in opencms v9.0.1 workplace
created 1 week ago by Murali (0 replies)

RSS feeds broken in Sage
created 4 weeks ago by Madmanguruman (0 replies)

Brown Breach.. . UPS
created 1 month ago by ICI2Eye (0 replies)

So, how dead is antivirus exactly?
created 1 month ago by Safensoft (3 replies)

View All Forums →

Latest News

View All News →