Admins have to hold their breath for two more weeks on the Badlock vulnerability. Which will come first: the patch, or a public exploit?
Tag Archives: sans institute
Cryptowall 3.0 Infections Spike from Angler EK, Malicious Spam Campaigns
SANS Institute reports that Cryptowall 3.0 ransomware infections emanating from the Angler Exploit Kit are on the rise, and coincide with a spike from malicious spam campaigns.
Active DoS Exploits for MS15-034 Under Way
Public denial-of-service exploits for a critical vulnerability in Microsoft’s implementation of the HTTP protocol stack, HTTP.sys are under way, while remote code execution attacks may still be to come.
Shellshock Worm Exploiting Unpatched QNAP NAS Devices
A worm exploiting the Bash vulnerability in QNAP network attached storage devices has been discovered. The attack opens a backdoor and for now is carrying out a click-fraud scam against JuiceADV.
WordPress 4.0.1 Update Patches Critical XSS Vulnerability
The latest version of WordPress, 4.0.1, patches a critical cross-site scripting vulnerability in comment fields that enables admin-level control over a website.
Shellshock Exploits Targeting SMTP Servers at Webhosts
SANS Internet Storm Center reports attacks against SMTP servers using Shellshock exploits to create a DDoS botnet.