Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2015-11-12 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Cisco Cloud Web Security DNS Hijack

Published: 2015-11-12
Last Updated: 2015-11-12 16:20:14 UTC
by Rick Wanner (Version: 1)
7 comment(s)

We have received a report that a domain critical in delivering the Cisco Cloud Web Security product had for a while earlier today been hijacked. The report indicates that the DNS entryies for scansafe.net were hijacked and pointed to 208.91.197.132, a site which both VirusTotal and Web of Trust indicate has a reputation for delivering malware. 

Guidance that has been provided to customers is that the issue has been resolved but that the TTL on the DNS entries are 48 hours so it will take a while for caches to clear.  In the meantime customers should should use the IP, not the FQDN to access the site.

If anyone has any further details please pass them our way.

-- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected)

Keywords:
7 comment(s)

Oracle WebLogic Server: CVE-2015-4852 patched

Published: 2015-11-12
Last Updated: 2015-11-12 15:49:15 UTC
by Rick Wanner (Version: 1)
1 comment(s)

Lost in the hoopla around Microsoft and Adobe patch Tuesday was a critical patch released by Oracle which addressed CVE-2015-4852. CVE-2105-4852 is a critical vulnerability in Apache Commons which affects Oracle WebLogic Server.  This vulnerability permits remote exploitation without authentication and should be patched as soon as practical. 

More information can be found at the Oracle Blog.

-- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected)

Keywords:
1 comment(s)

Microsoft Patch Tuesday followup: KB3097877 re-issued!

Published: 2015-11-12
Last Updated: 2015-11-12 15:35:23 UTC
by Rick Wanner (Version: 1)
9 comment(s)

As a follow-up to the this month's Microsoft Patch Tuesday.  It appears that Microsoft has quietly re-released the problematic KB3097877 fix.  The original was reportedly causing some versions of Outlook to crash on systems and other Windows issues with this patch applied.

Please let us know if you are still experiencing difficulties with the new version applied.

-- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected)

Keywords:
9 comment(s)
ISC StormCast for Thursday, November 12th 2015 http://isc.sans.edu/podcastdetail.html?id=4743
Diary Archives