Internet Storm Center
Sign In
Sign Up
Handler on Duty:
Xavier Mertens
Threat Level:
green
Date
Author
Title
JAVA SUPPORT ENDED
2014-07-05
Guy Bruneau
Java Support ends for Windows XP
JAVA
2024-03-28/a>
Xavier Mertens
From JavaScript to AsyncRAT
2024-02-28/a>
Johannes Ullrich
Exploit Attempts for Unknown Password Reset Vulnerability
2024-02-21/a>
Jan Kopriva
Phishing pages hosted on archive.org
2023-11-17/a>
Jan Kopriva
Phishing page with trivial anti-analysis features
2023-05-20/a>
Xavier Mertens
Phishing Kit Collecting Victim's IP Address
2022-06-16/a>
Xavier Mertens
Houdini is Back Delivered Through a JavaScript Dropper
2022-06-01/a>
Jan Kopriva
HTML phishing attachments - now with anti-analysis features
2022-03-31/a>
Johannes Ullrich
Spring Vulnerability Update - Exploitation Attempts CVE-2022-22965
2022-03-30/a>
Johannes Ullrich
Possible new Java Spring Framework Vulnerability (Updated: not a Spring problem)
2022-03-30/a>
Johannes Ullrich
Java Springtime Confusion: What Vulnerability are We Talking About
2022-01-18/a>
Jan Kopriva
Phishing e-mail with...an advertisement?
2021-11-18/a>
Xavier Mertens
JavaScript Downloader Delivers Agent Tesla Trojan
2021-10-21/a>
Brad Duncan
"Stolen Images Evidence" campaign pushes Sliver-based malware
2021-10-09/a>
Guy Bruneau
Scanning for Previous Oracle WebLogic Vulnerabilities
2021-05-22/a>
Xavier Mertens
"Serverless" Phishing Campaign
2021-05-18/a>
Xavier Mertens
From RunDLL32 to JavaScript then PowerShell
2021-04-28/a>
Xavier Mertens
Deeper Analyzis of my Last Malicious PowerPoint Add-On
2021-01-22/a>
Xavier Mertens
Another File Extension to Block in your MTA: .jnlp
2020-11-13/a>
Xavier Mertens
Old Worm But New Obfuscation Technique
2020-07-24/a>
Xavier Mertens
Compromized Desktop Applications by Web Technologies
2020-07-08/a>
Xavier Mertens
If You Want Something Done Right, You Have To Do It Yourself... Malware Too!
2020-06-11/a>
Xavier Mertens
Anti-Debugging JavaScript Techniques
2020-03-27/a>
Xavier Mertens
Malicious JavaScript Dropping Payload in the Registry
2019-08-09/a>
Xavier Mertens
100% JavaScript Phishing Page
2019-06-10/a>
Xavier Mertens
Interesting JavaScript Obfuscation Example
2019-02-07/a>
Xavier Mertens
Phishing Kit with JavaScript Keylogger
2018-07-13/a>
Xavier Mertens
Cryptominer Delivered Though Compromized JavaScript File
2018-06-18/a>
Xavier Mertens
Malicious JavaScript Targeting Mobile Browsers
2017-11-03/a>
Xavier Mertens
Simple Analysis of an Obfuscated JAR File
2017-06-22/a>
Xavier Mertens
Obfuscating without XOR
2017-03-24/a>
Xavier Mertens
Nicely Obfuscated JavaScript Sample
2017-03-04/a>
Xavier Mertens
How your pictures may affect your website reputation
2017-02-12/a>
Xavier Mertens
Analysis of a Suspicious Piece of JavaScript
2016-08-28/a>
Guy Bruneau
Spam with Obfuscated Javascript
2016-06-18/a>
Rob VandenBrink
Controlling JavaScript Malware Before it Runs
2016-02-20/a>
Didier Stevens
Locky: JavaScript Deobfuscation
2016-02-07/a>
Xavier Mertens
More Malicious JavaScript Obfuscation
2016-01-15/a>
Xavier Mertens
JavaScript Deobfuscation Tool
2015-11-09/a>
John Bambenek
ICYMI: Widespread Unserialize Vulnerability in Java
2015-08-07/a>
Tony Carothers
Critical Firefox Update Today
2014-12-06/a>
Rick Wanner
Google App Engine Java Security Sandbox bypasses
2014-08-29/a>
Johannes Ullrich
False Positive or Not? Difficult to Analyze Javascript
2014-07-15/a>
Daniel Wesemann
Oracle Java: 20 new vulnerabilities patched
2014-07-13/a>
Tony Carothers
Oracle July 2014 Update Pre-Notification
2014-07-05/a>
Guy Bruneau
Java Support ends for Windows XP
2014-07-02/a>
Johannes Ullrich
Simple Javascript Extortion Scheme Advertised via Bing
2013-12-23/a>
Rob VandenBrink
How-To's for the Holidays - Java Whitelisting using AD Group Policy
2013-10-28/a>
Daniel Wesemann
Exploit cocktail (Struts, Java, Windows) going after 3-month old vulnerabilities
2013-10-15/a>
Rob VandenBrink
Java Quarterly Updates
2013-09-10/a>
Swa Frantzen
More Black Tuesday workload
2013-08-07/a>
Johannes Ullrich
Firefox 23 and Mixed Active Content
2013-04-23/a>
Russ McRee
Microsoft's Security Intelligence Report (SIRv14) released
2013-04-19/a>
Russ McRee
Java 8 release schedule delayed for renewed focus on security
2013-04-16/a>
Rob VandenBrink
Java 7 Update 21 is available - Watch for Behaviour Changes !
2013-03-07/a>
Guy Bruneau
Apple Blocking Java Web plug-in
2013-03-05/a>
Richard Porter
Java j6u43 update #YAJU http://www.oracle.com/technetwork/java/javase/6u43-relnotes-1915290.html
2013-03-04/a>
Richard Porter
Java 7u17 update #YAJU http://www.oracle.com/technetwork/java/javase/7u17-relnotes-1915289.html
2013-03-01/a>
Jim Clausing
And the Java 0-days just keep on coming
2013-02-26/a>
Rob VandenBrink
All I need Java for is ....
2013-02-20/a>
Johannes Ullrich
Update Palooza
2013-02-19/a>
Johannes Ullrich
Oracle Updates Java (Java 7 Update 15, Java 6 update 41)
2013-02-08/a>
Kevin Shortt
Is it Spam or Is it Malware?
2013-02-01/a>
Jim Clausing
Oracle quitely releases Java 7u13 early
2013-01-19/a>
Guy Bruneau
Java 7 Update 11 Still has a Flaw
2013-01-15/a>
Rob VandenBrink
When Disabling IE6 (or Java, or whatever) is not an Option...
2013-01-13/a>
Stephen Hall
Java 0-Day patched as Java 7 U 11 released
2013-01-12/a>
Stephen Hall
Java 0-day impact to Java 6 (and beyond?)
2013-01-10/a>
Johannes Ullrich
Java is still exploitable and is likely going to remain so.
2012-11-01/a>
Daniel Wesemann
Patched your Java yet?
2012-10-18/a>
Rob VandenBrink
Another Java update! Java SE 1.6.0_37 Available ==> http://www.oracle.com/technetwork/java/javase/releasenotes-136954.html
2012-10-17/a>
Rob VandenBrink
Time to update - Java version 7 update 9 (JRE 7u9, JDK 7u9) is out! Release notes here - http://www.oracle.com/technetwork/java/javase/7u9-relnotes-1863279.html
2012-09-01/a>
Russ McRee
Blackhole targeting Java vulnerability via fake Microsoft Services Agreement email phish
2012-08-31/a>
Russ McRee
Not so fast: Java 7 Update 7 critical vulnerability discovered in less than 24 hours
2012-08-27/a>
Kevin Liston
Quick Bits about Today's Java 0-Day
2012-08-05/a>
Daniel Wesemann
Phishing for Payroll with unpatched Java
2012-06-25/a>
Guy Bruneau
Using JSDetox to Analyze and Deobfuscate Javascript
2012-06-12/a>
Swa Frantzen
Java 7u5 and 6u33 released
2012-05-22/a>
Johannes Ullrich
nmap 6 released
2012-04-25/a>
Daniel Wesemann
Blacole's obfuscated JavaScript
2012-04-12/a>
Guy Bruneau
Apple Java Updates for Mac OS X
2012-04-06/a>
Johannes Ullrich
Another OS X Java Patch
2012-03-25/a>
Daniel Wesemann
evilcode.class
2012-02-16/a>
Tony Carothers
Java Update for February
2012-01-22/a>
Johannes Ullrich
Javascript DDoS Tool Analysis
2012-01-03/a>
Bojan Zdrnja
The tale of obfuscated JavaScript continues
2011-12-12/a>
Daniel Wesemann
Java 6u30 released
2011-12-10/a>
Daniel Wesemann
Unwanted Presents
2011-12-07/a>
Lenny Zeltser
V8 as an Alternative to SpiderMonkey for JavaScript Deobfuscation
2011-10-22/a>
Guy Bruneau
Oracle Java SE Critical Patch Update
2011-09-05/a>
Raul Siles
Java 7 Officially Released
2011-08-19/a>
Kevin Shortt
Java SE 6 Update 27 released. No security updates, many bug fixes ==> http://www.oracle.com/technetwork/java/javase/6u27-relnotes-444147.html
2011-07-28/a>
Guy Bruneau
Java 7.0 released. Get it here - http://blogs.oracle.com/javase/entry/java_7_has_released
2011-06-28/a>
Johannes Ullrich
Update: Java update for OS X fixes security issues http://support.apple.com/kb/HT1222
2011-06-07/a>
Johannes Ullrich
Oracle Releases Java Version 1.6.0.26 http://java.com/en/download/manual.jsp
2011-06-06/a>
Manuel Humberto Santander Pelaez
Phishing: Same goal, same techniques and people still falling for such scams
2011-06-03/a>
Guy Bruneau
Oracle Java SE Critical Patch Update Pre-Release Announcement - June 2011
2011-05-01/a>
Deborah Hale
Java 6.25 Is Now Available
2011-04-23/a>
Manuel Humberto Santander Pelaez
Image search can lead to malware download
2011-03-09/a>
Jim Clausing
Apple updates Java
2011-02-15/a>
Jason Lam
Oracle Java 6 Update 24
2011-02-09/a>
Mark Hofman
Java Floating point issue (CVE-2010-4476)
2011-02-04/a>
Daniel Wesemann
Oh, just click "yes"
2010-12-29/a>
Daniel Wesemann
Beware of strange web sites bearing gifts ...
2010-12-24/a>
Daniel Wesemann
A question of class
2010-12-08/a>
Rob VandenBrink
Java 6, Update 23 is out => http://java.sun.com/javase/6/webnotes/ReleaseNotes.html , http://www.oracle.com/technetwork/java/javase/6u23releasenotes-191058.html , http://www.oracle.com/technetwork/java/javase/2col/6u23bugfixes-191074.html
2010-12-02/a>
Kevin Johnson
Robert Hansen and our happiness
2010-11-11/a>
Daniel Wesemann
Java Exploits
2010-07-18/a>
Manuel Humberto Santander Pelaez
New metasploit GUI written in Java
2010-07-04/a>
Manuel Humberto Santander Pelaez
Malware inside PDF Files
2010-05-23/a>
Manuel Humberto Santander Pelaez
Oracle Java SE and Java for Business 'MixerSequencer' Remote Code Execution Vulnerability
2010-04-10/a>
Andre Ludwig
New bug/exploit for javaws
2010-04-02/a>
Guy Bruneau
Oracle Java SE and Java for Business Critical Patch Update Advisory
2010-03-05/a>
Kyle Haugsness
Javascript obfuscators used in the wild
2010-01-13/a>
Guy Bruneau
Sun Java JRE 6 Update 18 Released
2009-12-05/a>
Guy Bruneau
Java JRE Buffer and Integer Overflow
2009-09-08/a>
Guy Bruneau
Bug Fixes in Sun SDK 5 and Java SE 6
2009-08-04/a>
donald smith
Java Security Update
2009-07-15/a>
Bojan Zdrnja
Make sure you update that Java
2009-07-01/a>
Bojan Zdrnja
Mobile phone trojans
2009-06-10/a>
Swa Frantzen
Java 6 update 14 released
2009-05-22/a>
Mark Hofman
Patching and Apple - Java issue
2009-05-04/a>
Tom Liston
Adobe Reader/Acrobat Critical Vulnerability
2009-04-07/a>
Bojan Zdrnja
Advanced JavaScript obfuscation (or why signature scanning is a failure)
2009-04-02/a>
Bojan Zdrnja
JavaScript insertion and log deletion attack tools
2009-03-25/a>
David Goldsmith
Java Runtime Environment 6.0 Update 13 Released
2009-02-25/a>
Andre Ludwig
Adobe Acrobat pdf 0-day exploit, No JavaScript needed!
2009-02-10/a>
Swa Frantzen
Java up to date ?
2008-07-14/a>
Daniel Wesemann
Obfuscated JavaScript Redux
2008-07-09/a>
Johannes Ullrich
Java Update
2008-06-30/a>
Marcus Sachs
More SQL Injection with Fast Flux hosting
2008-05-20/a>
Raul Siles
List of malicious domains inserted through SQL injection
2008-05-20/a>
Raul Siles
Java 6 Update 6 has been released
2008-04-06/a>
Daniel Wesemann
Advanced obfuscated JavaScript analysis
2008-04-03/a>
Bojan Zdrnja
Mixed (VBScript and JavaScript) obfuscation
SUPPORT
2024-06-17/a>
Xavier Mertens
New NetSupport Campaign Delivered Through MSIX Packages
2023-08-18/a>
Xavier Mertens
From a Zalando Phishing to a RAT
2022-10-21/a>
Brad Duncan
sczriptzzbn inject pushes malware for NetSupport RAT
2020-02-05/a>
Brad Duncan
Fake browser update pages are "still a thing"
2015-06-27/a>
Guy Bruneau
Is Windows XP still around in your Network a year after Support Ended?
2014-07-05/a>
Guy Bruneau
Java Support ends for Windows XP
2012-12-06/a>
Daniel Wesemann
Fake tech support calls - revisited
2012-10-03/a>
Kevin Shortt
Fake Support Calls Reported
2011-05-23/a>
Mark Hofman
Microsoft Support Scam (again)
2010-07-06/a>
Rob VandenBrink
Bogus Support Organizations use Live Operators to Install Malware
2010-06-15/a>
Manuel Humberto Santander Pelaez
Microsoft Windows Help and Support Center vulnerability (CVE 2010-1885) exploit in the wild
2010-03-01/a>
Mark Hofman
Microsoft will drop support for Vista (without any Service Packs) on April 13 and support for XP SP2 ends July 13. (i.e. no more security updates). If you are still running these, it it time to update.
2010-02-03/a>
Rob VandenBrink
Support for Legacy Browsers
ENDED
2015-06-27/a>
Guy Bruneau
Is Windows XP still around in your Network a year after Support Ended?
2014-11-24/a>
Richard Porter
Someone is using this? PoS: Compressor
2014-07-05/a>
Guy Bruneau
Java Support ends for Windows XP
2010-03-10/a>
Rob VandenBrink
Microsoft re-release of KB973811 - attacks on Extended Protection for Authentication
Homepage
Diaries
Podcasts
Jobs
Data
TCP/UDP Port Activity
Port Trends
SSH/Telnet Scanning Activity
Weblogs
Threat Feeds Activity
Threat Feeds Map
Useful InfoSec Links
Presentations & Papers
Research Papers
API
Tools
DShield Sensor
DNS Looking Glass
Honeypot (RPi/AWS)
InfoSec Glossary
Contact Us
Contact Us
About Us
Handlers
About Us
Slack Channel
Mastodon
Bluesky
X
Have you seen our swag?
Buy SANS ISC Gear