Category: SANS™ Internet Storm Center

Today our "First Seen" page displayed a number of simple URLs: /wp-backup.sh /submit.sh /stage-deploy.sh /scripts/driverenv.sh /s3.sh /run-deploy.sh /passwords.sh /m/index.php /library.sh /installer.sh /envvars.sh /driverenv.sh /driver.sh /docker/startup.sh /develop.sh /bucket.sh /aws_cli.sh /aws-env.sh These URLs are not associated with a

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Back in June of 2010, The Electronic Frontier Foundation (EFF) released the first beta release of the "HTTPS Everywhere" plugin [1]. Even then, most websites offered HTTPS. But unlike today, HTTP was often still the default,

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Over the last month, two hurricanes barely missed me. Luckily, neither caused me any significant inconvenience. Sadly, others were not as lucky, and I think this is a good time to do a little "Lessons Learned"

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

I noticed in my logs 2 weeks ago regular probe from a subnet in the Amazone cloud only scanning for TCP/8080 capture by the iptables of my DShield sensor. The scanning started on the 15 Aug -

Our list of "Top" ssh usernames and password is pretty static. Well known defaults, like "root" and "admin" are at the top of the list. But there are always some usernames and password in the list