Go Back > News > RSS Newsfeeds > Categories

User login

Frontpage Sponsor


What version of Baan have you installed
Baan IV
10.2 (incl. 10.2.1)
Total votes: 8

Baanboard at LinkedIn

Reference Content


Microsoft January 2018 Patch Tuesday, (Tue, Jan 9th)

SANS Internet Storm Center - January 10, 2018 - 2:38am
Microsoft, as expected included last weeks Meltdown/Spectre update in this months patch Tuesday. But note that in addition to these two flaws, we have a number of other "traditional" privilege escalation and even remote code execution flaws that are probably easier to exploit and should be treated probably with a higher priority. Regardless, I doubt that as many people will work overtime for these run of the mill flaws. For example:
Categories: Security

What is going on with port 3333?, (Tue, Jan 9th)

SANS Internet Storm Center - January 10, 2018 - 1:10am
We've seen a spike over the last day or so in reports of apparent scanning on TCP %%port:3333%%. I have serious doubts that anyone is actually looking for DEC Notes which is the registered IANA use for this port. While we're getting our own honeypots set up, I figured I'd ask our readers, do you have packets and/or any idea what is going on here? Please let us know in the comments or via our contact page. Thanx in advance.
Categories: Security

A Story About PeopleSoft: How to Make $250k Without Leaving Home., (Mon, Jan 8th)

SANS Internet Storm Center - January 9, 2018 - 9:01pm
Yesterday, Renato published a diary about an intrusion taking advantage of a recent flaw in WebLogic. Oracle’s WebLogic is a Java EE application server [1]. PeopleSoft, another popular Oracle product can use WebLogic as a web server. PeopleSoft itself is a complex enterprise process management system. The name implies human resource functions, but the software goes way beyond simple HR features. Typically, “everything” in an organization lives in PeopleSoft [2].
Categories: Security

Meltdown and Spectre: clearing up the confusion, (Mon, Jan 8th)

SANS Internet Storm Center - January 8, 2018 - 3:01pm
Unless you’ve been living under a rock (or on a remote island, with no Internet connection), you’ve heard about the latest vulnerabilities that impact modern processors.
Categories: Security

Campaign is using a recently released WebLogic exploit to deploy a Monero miner, (Thu, Jan 4th)

SANS Internet Storm Center - January 7, 2018 - 11:02pm
     In the last couple of days, we received some reports regarding a malicious campaign which is deploying Monero cryptocurrency miners on victim’s machines. After analyzing a compromised environment, it was possible to realize that a critical Oracle WebLogic flaw, for which the exploit was made public a few days ago, is being used.
Categories: Security

Stone Soup Security, (Sun, Jan 7th)

SANS Internet Storm Center - January 7, 2018 - 3:32pm
Humans have been telling stories to each other much longer than we've had computers.  I still think it's a powerful tool.  Over the holiday I've been telling various updated versions of the "Stone Soup" story to various groups in the security community.  There are many versions of the Stone Soup story.  They all fall into the "clever man" category of the Aarne-Thompson-Uther index.  Think of it as a CVE for folktales.  Specifically, Stone Soup is a type 1548 folktale.  Such stories normally involve a stranger who comes to a house or village and promises to demonstrate that they can make soup from a stone.  The first time that I heard this story, I was in kindergarten and in that telling, travelers came to a poor village who didn't have enough food to spare, so they promised to show them how to make soup from a stone.  First they needed to borrow a pot and some water and some firewood and they began to boil the stone.  Periodically tasting it and noting that it would taste better with an onion, or carrots, or chicken or what have you.  Eventually the makings of a real soup were found by the villagers and a proper soup is made.  At kindergarten, it was a lesson on sharing and coming together.  In this telling of the story everyone wins.
Categories: Security

SSH Scans by Clients Types, (Sun, Jan 7th)

SANS Internet Storm Center - January 7, 2018 - 1:21am
I'm always curious what is scanning my honeypot but I was particularly interested what kind of client applications are used to attempt to login via SSH into that service. This graph shows the activity for the past week, including 500+ attempts for a period of 8 hours on the 31 Dec which when pretty much flat from 31 Dec 1200Z to 1 Jan 2018 1200Z while everyone celebrated New Year.
Categories: Security

Spectre and Meltdown: What You Need to Know Right Now, (Thu, Jan 4th)

SANS Internet Storm Center - January 5, 2018 - 6:05pm
By now, you've heard about the processor vulnerabilities affecting almost every processor in common use today; those vulnerabilities are called Meltdown and Spectre. The only common platform that seems unaffected as of the current moment are iPhone/iPads (Removed per recent advisory).This bug is probably worth its name and logo considering the pervasive nature of the vulnerability. At its core, both involve kernel issues that can lead to leaking running memory outside the current process which can involve compromises of system confidentiality (think encryption keys, passwords, PII/NPI in memory, etc). Contrary to some initial reporting, this is NOT just an Intel bug, it affects AMD and ARM processors as well. These could even be used in cloud / virtualized environments to leak memory outside the running virtual machine. It involves a flaw in "speculative execution" common in these processors where, in the right conditions, code can trick the processor in leaking data returned from other applications.
Categories: Security

TA18-004A: Meltdown and Spectre Side-Channel Vulnerability Guidance

US-CERT - Alerts - January 4, 2018 - 7:47pm
Original release date: January 04, 2018 | Last revised: January 10, 2018
Systems Affected

CPU hardware implementations


On January 3, 2018, the National Cybersecurity and Communications Integration Center (NCCIC) became aware of a set of security vulnerabilities—known as Meltdown and Spectre— that affect modern computer processors. Exploitation of these vulnerabilities could allow an attacker to obtain access to sensitive information.


CPU hardware implementations are vulnerable to side-channel attacks referred to as Meltdown and Spectre. These attacks are described in detail by CERT/CC’s Vulnerability Note VU#584653, the United Kingdom National Cyber Security Centre’s guidance on Meltdown and Spectre, Google Project Zero, and the Institute of Applied Information Processing and Communications (IAIK) at Graz University of Technology (TU Graz). The Linux kernel mitigations for this vulnerability are referred to as KAISER, and subsequently KPTI, which aim to improve separation of kernel and user memory pages.


Exploitation of these vulnerabilities could allow an attacker to obtain access to sensitive information.


NCCIC encourages users and administrators to refer to their hardware and software vendors for the most recent information. In the case of Spectre, the vulnerability exists in CPU architecture rather than in software, and is not easily patched; however, this vulnerability is more difficult to exploit. 


Microsoft has temporarily halted updates for AMD machines. More information can be found here:

For machines running Windows Server, a number of registry changes must be completed in addition to installation of the patches.  A list of registry changes can be found here:


Microsoft has recommended that third-party antivirus vendors add a change to the registry key of the machine that runs the antivirus software. Without it, that machine will not receive any of the following fixes from Microsoft:

  • Windows Update
  • Windows Server Update Services
  • System Center Configuration Manager 

More information can be found here:


The table provided below lists available advisories and patches. As patches and firmware updates continue to be released, it is important to check with your hardware and software vendors to verify that their corresponding patches can be applied, as some updates may result in unintended consequences. 

NCCIC recommends using a test environment to verify each patch before implementing.

After patching, performance impacts may vary, depending on use cases. Administrators should ensure that performance is monitored for critical applications and services, and work with their vendor(s) and service provider(s) to mitigate the effect, if possible.

Additionally, users and administrators who rely on cloud infrastructure should work with their CSP to mitigate and resolve any impacts resulting from host OS patching and mandatory rebooting.

The following table contains links to advisories and patches published in response to the vulnerabilities. This table will be updated as information becomes available.

Link to Vendor InformationDate AddedAmazonJanuary 4, 2018AMDJanuary 4, 2018AndroidJanuary 4, 2018AppleJanuary 4, 2018ARMJanuary 4, 2018CentOSJanuary 4, 2018ChromiumJanuary 4, 2018CiscoJanuary 10, 2018CitrixJanuary 4, 2018DebianJanuary 5, 2018DragonflyBSDJanuary 8, 2018F5January 4, 2018Fedora ProjectJanuary 5, 2018FortinetJanuary 5, 2018GoogleJanuary 4, 2018HuaweiJanuary 4, 2018IBMJanuary 5, 2018IntelJanuary 4, 2018JuniperJanuary 8, 2018LenovoJanuary 4, 2018LinuxJanuary 4, 2018LLVM: variant #2January 8, 2018LLVM: builtin_load_no_speculateJanuary 8, 2018LLVM: llvm.nospeculatedloadJanuary 8, 2018Microsoft AzureJanuary 4, 2018MicrosoftJanuary 4, 2018MozillaJanuary 4, 2018NetAppJanuary 8, 2018NutanixJanuary 10, 2018NVIDIAJanuary 4, 2018OpenSuSEJanuary 4, 2018QubesJanuary 8, 2018Red HatJanuary 4, 2018SuSEJanuary 4, 2018SynologyJanuary 8, 2018Trend MicroJanuary 4, 2018VMwareJanuary 4, 2018XenJanuary 4, 2018


References Revision History
  • January 4, 2018: Initial version
  • January 5, 2018: Updated vendor information links for Citrix, Mozilla, and IBM in the table and added links to Debian, Fedora Project, and Fortinet.
  • January 8, 2018: Added links to DragonflyBSD, Juniper, LLVM, NetApp, Qubes, and Synology.
  • January 9, 2018: Updated Solution Section
  • January 10, 2018: Added links to Cisco and Nutanix.

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: Security

Phishing to Rural America Leads to Six-figure Wire Fraud Losses, (Wed, Jan 3rd)

SANS Internet Storm Center - January 3, 2018 - 10:51pm
We often focus on malware and hacking in terms of the tools the criminals use, but often good old-fashioned deception is simple enough. A recent case I worked on involves phishing sent to rural real estate professionals (law firms, title companies, realtors, etc). It is particularly effective on targets that use the various web-mail / free e-mail services.
Categories: Security

PDF documents & URLs: video, (Tue, Jan 2nd)

SANS Internet Storm Center - January 3, 2018 - 12:50am
I received some questions about my diary entry "PDF documents & URLs: update", and to beter explain the analysis method, I created a video.
Categories: Security

All times are GMT +2. The time now is 19:01.

©2001-2017 - -