Very interesting port activity on this host as well. May want to look for traffic going to this one... While there appears to be a router on the remote end of this connection what is being allowed through on ports 14400-14499 should be of concern for sure...
Have a look for yourselves...
The purpose of this page is to provide awareness to individuals and organizations that are leaking information and the information of their customers. The entities listed on this site are verified to be leaking personal information sometimes without the company even being aware. SLC Security is now owned and operated by Jigsaw Security Enterprise. We are currently in process and as such this blog will eventually be taken offline and merged with Jigsaw Security resources.
Monday, June 29, 2015
PHISHING: Healthcare Related - 86.104.134.156
Looking through recent traffic we noted some very interesting packet data going to 86.104.134.156. We have noted a large amount of healthcare related sites but more importantly packet data shows PII being transferred to the IP in question.
Whois shows that the IP is in Romania. Just something to keep your eyes on.
Whois shows that the IP is in Romania. Just something to keep your eyes on.
Wednesday, June 24, 2015
Hey Harvard do you realize...
Hey Harvard to you realize your sending out millions of infected email messages. Dyre to be exact.
Source Host: 140.247.39.51
Source Host: 140.247.39.51
Tuesday, June 23, 2015
Adobe Zero Day Exploit - One Issue After Another
Adobe Systems Inc. today released an emergency update to fix a dangerous security hole in its widely-installed Flash Player browser plugin. The company warned that the vulnerability is already being exploited in targeted attacks, and urged users to update the program as quickly as possible.
In an advisory issued Tuesday morning, Adobe said the latest version of Flash — v. 18.0.0.194on Windows and Mac OS X — fixes a critical flaw (CVE-2015-3113) that is being actively exploited in “limited, targeted attacks.” The company said systems running Internet Explorer for Windows 7 and below, as well asFirefox on Windows XP, are known targets of these exploits.
Reported by Adobe and Krebs on Security
IMPORTANT NOTICE: If your a normal blog subscriber please read
If you would like to continue receiving information on this blog you will need to subscribe to the mailing list (it's free and to your right). We told you that we would be making changes last month and it's time to implement these changes. Below we are outlining exactly what will be changing.
What will be posted to the blog:
1. Breaches (publicly disclosed and available via OSINT)
2. Security Articles of Interest (Things we want to share)
What we will NOT be posting to the blog:
1. Indicators
2. Breaches that have not been acknowledged
3. Special Intelligence Information - Detailed Analysis
What we will post to the Mailing List:
1. Specific Intelligence to include indicators, TIPS, bulletins and similar security products.
2. Users can contribute to the list after approval and we highly encourage the sharing of intelligence information.
Members of the mailing list can import our PGP key and can receive intelligence directly via email (once you have been verified). Verification may take up to 24 hours.
So basically any meaty items are being moved to the mailing list. Thank you for your support of our efforts to bring awareness and have a great weekend.
What will be posted to the blog:
1. Breaches (publicly disclosed and available via OSINT)
2. Security Articles of Interest (Things we want to share)
What we will NOT be posting to the blog:
1. Indicators
2. Breaches that have not been acknowledged
3. Special Intelligence Information - Detailed Analysis
What we will post to the Mailing List:
1. Specific Intelligence to include indicators, TIPS, bulletins and similar security products.
2. Users can contribute to the list after approval and we highly encourage the sharing of intelligence information.
Members of the mailing list can import our PGP key and can receive intelligence directly via email (once you have been verified). Verification may take up to 24 hours.
So basically any meaty items are being moved to the mailing list. Thank you for your support of our efforts to bring awareness and have a great weekend.
Threat Intelligence Platform is Live
For those of you that have shown an interest you will be receiving a trial of our threat intelligence search platform within the next few weeks. The system is being rolled out in Beta. All that we ask is that you provide any feedback you may have if you find any bugs or issues. In addition we will be rolling out new features and visual tools over the next few weeks as well.
To obtain a trial account email your name, organization and email address to soc(a-t)slcsecurity.com and we will create your trial account.
To obtain a trial account email your name, organization and email address to soc(a-t)slcsecurity.com and we will create your trial account.
Tuesday, June 9, 2015
BREACH: Element Vehicle Management Services
Seeing indications that this entity is breached. Information has been posted to the Internet and is already hitting some underground chat services.
Monday, June 8, 2015
BREACH: army.mil breached by Syrian Electronic Army
Reports have been coming in that the Syrian Electronic Army has breached (www.army.mil) and DOD has put out noticed to staff to not access the site. That doesn't matter though because the site has been taken offline by DOD at this hour.
Reference: http://www.newsweek.com/syrian-electronic-army-claims-have-hacked-us-army-website-340874
Reference: http://www.newsweek.com/syrian-electronic-army-claims-have-hacked-us-army-website-340874
Thursday, June 4, 2015
BREACH: Shop T Wine
We noted usernames and passwords that could be confirmed being leaked today for the Shop T Wine website. The information first appeared in a hacking forum and then appears to have been posted to pastebin. As of the post time the information remains available on pastebin.