SANS ISC Diary - Vulnerabilities don’t disappear just because we don’t talk about them anymore

Jan Kopriva — Mon, 16 Nov 2020 11:08:20 +0200

A Diary of mine was published today on the SANS Internet Storm Center. In this one, we take a look at couple of pre-2020 high-impact vulnerabilities, which still affect surprising number of publicly accessible systems.

Looking back at September 2015

Jan Kopriva — Sun, 18 Oct 2015 16:13:47 +0100

Information concerning number of devices vulnerable to Heartbleed vulnerability has appeared in the news during September. Given that the existence of Heartbleed was made public almost a year and a half ago it may be surprising that the number of vulnerable devices exceeds 200.000.
Affair concerning the Stagefright vulnerability (which was mentioned in the last Looking back) continued in September when Zimperium – the company which discovered Stagefright – released a proof-of-concept code which exploits the vulnerability.
A stealth malware hidden in modified Cisco IOS images and named SYNful knock has been discovered on tens of Cisco routers around the world. The malware functions as a backdoor and besides the (persistent) IOS-embedded main component uses tens of modules which provide further functionality which it loads into volatile memory.
It should be mentioned that Google, Microsoft and Mozzila made a press release announcing that their browsers will stop supporting the RC4 encryption algorithm early next year.
One final piece of interesting news we will mention has been the discovery of a malware targeted at online poker players. The trojan horse is named Odlanor and captures screenshots of applications used for playing poker online and then sends them to the attacker.

Heartbleed on Untrusted Network

SANS ISC Diary - Vulnerabilities don’t disappear just because we don’t talk about them anymore

Looking back at September 2015